Yes, nft_chain_nat_ipv6 is also affected by this, and needs the same adjustments as the nat module
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Aug 25 2020
Aug 20 2020
Aug 19 2020
Aug 17 2020
Merged
Aug 6 2020
PR Merged
Container fixed, closing this ticket
The CI is now extended to build arm containers by default. they are also exported to dockerhub. closing this ticket
Aug 3 2020
This could be closed in its current form, i'll open a new ticket om the missing parts
Jul 29 2020
Please consider using zeromq instead of pynng
Jul 27 2020
I have to say i agree with @c-po, i see no real reason for changing this. But it could be added as an optional executable but not changing our internal tools to use it. -1
Jul 26 2020
This s expected wireguard behavior.
Jul 21 2020
As i remember the lack of multicast replication was the reason this stopped up last time it was discussed... And as ospf and eigrp is the most used protocols run over dmvpn i think this is a showstopper for implementimg nhrpd
While you are working on this, there is a need for a render function that does return the template as an variable instead of saving it to a file.
could you extend your patch to also include such a function? if written correctly it could be used by the render() function to not duplicate code.
Jul 15 2020
Hi! This PR does the wrong approach for adding this command to the vyos system. As this is a utility that should be used from within the CLI it should be added to the cliwith the xml framework inside vyos-1x, and rhen should be a dependency of vyos-1x, and not to vyos-build
Jul 9 2020
After some benchmarking of this code i have i've gotten hold of a quite large test configuration that takes a waste amount of time to load into vyos.
Jul 8 2020
The same for ipv6 is available under set system ipv6 layer4-hashing
HI! On 1.3 layer4-hashing is activated by using the set system ip layer4-hashing command
Jul 6 2020
About is_changed, i see the need to have a function that tells if there are any changes in the path tree under the given path.. specified.
Good point, get_value_changed is a better name for this. As you want to distinguish between a returned value of False and a "Not Changed" using a two tuple (namedTuple?) returned with new and old value makes it easy to "see" the difference
Also, as everything set in python will render True, couldn't is_value_changed return the old and new value instead of just true/false? This will make get_value_changed redundant
What about providing a is_changed, that returns False, added, deleted or changed with the new value provided in the result? Added/deleted/changed can be of a enum type or something like that
Jul 3 2020
There are allready someone trying to make a guide for building vyos on arm and the pi3/4, i myself have made it work on the pi4 some time ago but did not save my work so i dont have all the steps to reproduce..
Jul 2 2020
Please open a new ticket or move your comment to an appropriate ticket, this ticket is not discussing your consernes.
Jun 28 2020
PR for FRR code in vyos-1x : https://github.com/vyos/vyos-1x/pull/483/files
Jun 27 2020
PR for fixing frr-reload: https://github.com/vyos/vyos-build/pull/111
I agree with @jack9603301 on this, as fastnetmon is not a ids solution, and only focuses on ddos protection it is best to avoid ids in the command syntax alltogether...
Jun 24 2020
Jun 11 2020
As a side-note, the kernel reacts correctly to this by rfc6145.
An IPv6 link has to have an MTU of 1280 bytes or greater. The corresponding limit for IPv4 is 68 bytes.
Jun 10 2020
i'm wondering if this is the right approach.
This works as a workaround, but this needs to be added to the ipaddrcheck validator as an allowed host-address and not be done in a shell script
Jun 5 2020
Yes, we need to try/except the apply section (the other should never fail but we could still catch errors to not leave the system in an unknown state) but when applying the reverse configuration (ie: invert effective and new and re-apply) one must then be careful if that fails too (we do not want a forever loop :p). The code already runs all the get_dict and all the verify first, so we will only apply if all is ok, but still issues could occur.
About rollback, i'm wondering about a try:expect loop around apply() that will catch faults and trigger a rollback() to restore old files etc.
The rollback won't be a 100% abort, because vyatta-cfg would not rollback subsystems that have allready been configured.. but we will get a pr. Subsystem rollback and thats a start :) to get a full rollback wee need to change the backend or the executor in the backend.
Here comes some suggestions from my part :)
May 31 2020
As the current "priority map" there aren't a loot of concurrent python blocks, but i think many of the remaining bash/perl scripts could be moved to new places. https://pastebin.com/z6ZvkJKB
I've created some proof of concept code that i think could help on this issue. https://github.com/runborg/vyos-1x/blob/main-cfg/src/conf_mode/main.py this is a conf-mode executor that handles multiple conf mode scripts. The reason i think this could seriously help on this issue is that as this is all running inside a single python tnterpreter, its able to load the config object once and pass it to all needed conf_mode scripts without a need for reinitialization.
May 18 2020
The dockerhub image is just an environment capable of generating the vyos image, it does not include any of the files needed to generate the image itself. These files are inside the vyos-build repository.
To clarify the hw-id tag. This is the only way VyOS scripts know what interface to give what name on bootup, as the boot-order of nics could be different on every reboot (potentially) vyos needs a way to identify the "correct" order of the nics when it boots. if you remove the hw-id tag from the interface the configuration script don't know what interface to give the configuration to, so you could potentially get nic-reordering on every single reboot.
What repository, and what errors? :)
May 10 2020
I've added an extra bulletpoint that needs to be fixed in the comment prior to this one.
VyOS dont provide the packages upstream to anyone, and a package is only installed at image create time and never upgraded. And as the changelog have up to now newer been used i dont see the point of over-complicating this. This will only make it harder to make a release image as more unnecessary (as i would call it) steps are added to the process.
Yes, i'm aware of these modifiers. But the issue here is not to generate newer then the upstream, because we are the upstream. these changes are to make the version visible in our upstream packages. the current solution with manually versioning does not work because the Debian version is "never" incremented. (there could be hundreds of commits between each version increase..) and in the mean time it is quite hard to identify exactly what changes are made to the package in the image. for this we automatically change the version tag on build-time and adds the most resent git version tag and the number of commits since that tag visible in the upstream version tag. as for the "downstream" part of the version tag we out the git commit id and info about the "state" of the repo on build-time. those we also could identify if the package build is indeed the upstream package or a custom package by the user. :)
upstream version will be in the format of : <git-version-tag> - <commits from tag> and downstream version: -g<commit-id>(+<dirty>)? an example : 1.3dev0-4 -g1234567 and 1.3.0-0 -g1234567
May 8 2020
May 3 2020
Apr 23 2020
"This is fine if used in conf_mode scripts that'll create it after that anyway" if the intention of the code was not to create the interdace this is not fine if you ask me. :)
thats correct @jjakob , when a mac is changed on a interface the ONLY place to find the original mac address for a interface is using the hw-id, this is because the kernel does not hold track of the original mac anywhere. for now on saving the config it reverts back to the original hw-id mac when the mac node is deleted witch should be quite fine to do. When the old boot interface mapping code is rewritten these pointers also need to match the new scripts. but thats another storry :)
Apr 18 2020
Actually, specifying wireguard peer as a hostname only worked on initial setup. The reason for this is that the hostname is resolved only on initial startup of the wireguard tunnel. On boot the ip stack is not fully operational resulting in wireguard beeing unable to resolve hostnames. (But this avtually could depend of the execution time of the initialization scripts) .. a better alternative to this is to make a initialization script that is delay'd and then resolves the hostname and inserts the correct ip in wireguard when the router is fully booted. This could be created using a custom script called from the post-bootup script or something like that.
Apr 13 2020
Apr 12 2020
Any comments @dmbaturin ?
Apr 11 2020
Apr 10 2020
Change description since last update:
Change description since original update.
versioning of 1.3dev-3-g1234567 will count as newer then 1.3dev3-3-g1234567 this means that all dev releases needs to have a initial index. i've added it indexed from zero.
for a full version list see here
Original order Sorted order Upstream Version 1.3dev-0-g1234567 - 1.3.1-2-g1234567 : 1.3.1-2 1.3dev0-0-g1234567 - 1.3.1 : 1.3.1 1.3.1-2-g1234567 - 1.3.0-7-g1234567 : 1.3.0-7 1.3.1 - 1.3.0-3-g1234567 : 1.3.0-3 1.3dev2-8-g12345671.3.0 - 1.3dev-4-g1234567 : 1.3dev-4 1.3.0-7-g1234567 - 1.3dev-0-g1234567 : 1.3dev-0 1.3dev - 1.3dev2-8-g12345671.3.0 : 1.3dev2-8 1.3dev-4-g1234567 - 1.3dev2 : 1.3dev2 1.3dev1 - 1.3dev1-4-g1234567 : 1.3dev1-4 1.3dev2 - 1.3dev1 : 1.3dev1 1.3dev1-4-g1234567 - 1.3dev0-1-g1234567 : 1.3dev0-1 1.3.0-3-g1234567 - 1.3dev0-0-g1234567 : 1.3dev0-0 1.3dev0-1-g1234567 - 1.3dev : 1.3dev
Apr 9 2020
Vrfs are for now not supported in dynamic routing protocols, only static routing is for now possible. Se also comment in T2257
For now only static routing supports vrf, bgp, ospf and rip does not support vrf for time beeing. Support for this is being workes on, but its quite a large rewrite required to add support for this in bgp.
Apr 2 2020
This is only for interfaces, T2175 is for all frr related daemons .. other features need a ticket
Mar 29 2020
Mar 20 2020
As the mtu on an ip network could exceed 1500b it is not so strange to allow larger than 1500b frames on the tunnel. But this could be adjusted to follow the max mtu values on ethernet interfaces. As taken from my head max mtu on ethernet is about 9000b
Feb 13 2020
Feb 12 2020
as discussed on slack, GRE is already supported: https://docs.vyos.io/en/latest/vpn/gre-ipsec.html , closing as invalid
Jan 22 2020
This also could be the same issue as described in T577
This issue is possibly fixed in current by ticket T1970, could you retry with the newest current rolling release?
Jan 20 2020
PR for this fix: https://github.com/vyos/vyatta-cfg/pull/20
Jan 1 2020
Dec 20 2019
This is a known fault, and is not easily fixable in the current implementation. This fault is because the vuos cli manually configures the frr process after it's started, and when the process dies/restarts it will read its config from the saved config file. This makes the process restart into an empty config as we have no way to save the config from the prior process.
Dec 8 2019
This looks like the same issue as described in T1846, can anyone confirm this?
Dec 5 2019
There have been some time since i've managed to work on this now, and in the mean-time the whole ethernet/bridge sertup have been rewritten into python, so i need to restart my work on this implementation , also the bridge membership part is moved around in the cli so information in this ticket is out-of-sync with the current implementation and needs to be rethinked
Dec 1 2019
as far as i know the content of the platform field is the first characters from sysdescr (20 characters?). on one of my devices this is
System Description: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE8, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2015 by Cisco Systems, Inc. Compiled Thu 14-May-15 02:39 by prod_rel_team
Oct 31 2019
To fix this inconsistancy the output of show int ethernet | json should be:
{ "eth0": { "address": "10.10.10.10/24" } }
Oct 27 2019
With this, will there also be possible to parse the same json into an json import? This to allow for a more programatic way to add things than via set commands
Oct 23 2019
Whats happening here is that the non-commit-able session is saved to disk. because of this BGP will fail on reload because of illegal configuration on the peer. What needs to be done here is to disallow the save command when there are non-commited work in the session.. or at least give a clear warning about this with a [y/N] answer. is this possible to incorporate into vbash? @dmbaturin