summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-07-15Merge branch 'curlrc' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'curlrc' of github.com:c-po/vyos-1x: http-client: T2651: support specifying source-interface/address for curl xml: T2651: provide general source-interface include file
2020-07-15http-client: T2651: support specifying source-interface/address for curlChristian Poessinger
Please note that either interface or address can be configured. system { options { http-client { source-interface eth0 source-address 1.1.1.1 } } }
2020-07-15xml: T2651: provide general source-interface include fileChristian Poessinger
2020-07-14Merge pull request #494 from jack9603301/currentChristian Poessinger
dns: T2675: fix recursor.vyos-hostsd.conf.lua
2020-07-13dns: T2675: fix recursor.vyos-hostsd.conf.luaJACK
When users use the standard fully qualified domain name writing method, there will be an extra point after the actual domain name. In order to ensure that the standard writing method is supported, it should not be mandatory to add this point in Lua script
2020-07-12snmp: T2687: replace 3rd party hash library with custom codeChristian Poessinger
The 3rd party library used for calculating the SNMP hashes in advance only worked for SHA and nod for MD5 as SHA was hardcoded [1]. The code has been replaced by a class-less implementation providing only the required functionality. [1]: https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues/2
2020-07-12vyos.snmpv3_hashgen: add license textChristian Poessinger
2020-07-12nat: T2699: fix exclusion rules for noNAT destinationsChristian Poessinger
2020-07-12nat: T2699: rename interface includeChristian Poessinger
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-11snmp: T2687: enforce beginning and end of string match for regexChristian Poessinger
Match the full input string in regex validation. Previosly "sha123456" was allowed by the validator but we only support "sha".
2020-07-08pppoe: T2585: use cleaner template expressionChristian Poessinger
2020-07-08pppoe: T2585: fix template for on-demand dialingChristian Poessinger
Commit 65fa21f5e ("ifconfig: T2653: move pppoe interface to get_config_dict()") directly takes the configuration keys from the CLI config and thus the keys used for template generation have not been updated appropriately.
2020-07-08Merge pull request #493 from jack9603301/currentChristian Poessinger
pppoe: ipv6: T2693: Fix a bug in dhcp6c for PPPoE
2020-07-08pppoe: ipv6: T2693: Fix a bug in dhcp6c for PPPoEJACK
Commit 03fb97 (pppoe: ipv6: T2681: script bugfix after get_config_dict() migration ) After the PPPoE link is reset, dhcp6c cannot be restarted, which may cause the prefix delegation of IPv6 to fail to restart. This submission will restart dhcp6c after the IPv6 of PPPoE is up again
2020-07-07ssh: T2691: bugfix loglevel config migrationChristian Poessinger
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear if the user specified "info" as loglevel instead of "INFO". There was no input validation done in 1.2 but this is now enforced in 1.3. In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If an invalid loglevel is found it will be set to info.
2020-07-05Merge pull request #490 from thomas-mangin/T2582-definitionChristian Poessinger
xml: T2582: rename xml tags
2020-07-05xml: T2582: rename xml tagsThomas Mangin
The current use of () does not allow to use found() Converting to [] like all other tags
2020-07-05pppoe: ipv6: T2681: script bugfix after get_config_dict() migrationChristian Poessinger
Commit 65fa21f5 ("ifconfig: T2653: move pppoe interface to get_config_dict()") did not rename the Jinja2 template vars as required as they are not retrieved directly as dict from the config backend.
2020-07-05Merge pull request #489 from DmitriyEshenko/fix-fnm-07042020Christian Poessinger
ids: T2659: Add priority after bgp for correct service starting
2020-07-05ids: T2659: Add priority after bgp for correct service startingDmitriyEshenko
2020-07-04ntp: vrf: T2682: support restart on failure indefinitelyChristian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04snmp: vrf: T2682: support restart on failure indefinitely.Christian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04ssh: vrf: T2682: support restart on failure indefinitelyChristian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04vrf: T31: lower startup priority to 60Christian Poessinger
VRFs should be created as early as possible.
2020-07-04ssh: T2682: simplify VRF bindingChristian Poessinger
2020-07-04cleanup: no need to call sudo for configuration mode scriptsChristian Poessinger
2020-07-04Merge pull request #488 from DmitriyEshenko/fix-fnm-07042020John Estabrook
ids: T2659: Add get_first_key to get_config_dict
2020-07-04ids: T2659: Add get_first_key to get_config_dictDmitriyEshenko
2020-07-04Merge pull request #487 from DmitriyEshenko/1x-impl-fnmDaniil Baturin
ids: T2659: Implement fastnetmon support
2020-07-03config_dict: update docstringJohn Estabrook
2020-07-03config_dict: T2670: remove dependency on show_configJohn Estabrook
2020-07-03ids: T2659: Implement fastnetmon supportDmitriyEshenko
2020-07-03ntp: T2676: mive to get_config_dict()Christian Poessinger
2020-07-03vyos.template: T2676: add custom Jinja2 filter for IP handlingChristian Poessinger
NTP configuration file requires the IP address and a netmask for client subnets but the CLI will only provide a prefix based ntoation. Use custom, reusable JInja2 template to transform a CIDR based prefix into its address and netmask portion for IPv4 and IPv6. Jinja2 custom filters are regular python functions - thus they can be re-used directly when e.g. verifying the configuration in vyos-smoketests.
2020-07-01config_dict: T2668: move keyword arg get_first_key into get_sub_dictJohn Estabrook
2020-07-01config_dict: T2667: clarify docstringJohn Estabrook
2020-07-01config: T2667: add missing flagJohn Estabrook
2020-07-01config: T2667: add missing checkJohn Estabrook
2020-07-01Merge pull request #486 from jestabro/sub_dictChristian Poessinger
2020-07-01config: T2667: adapt for refinements to get_config_dictJohn Estabrook
2020-07-01config: T2667: use get_sub_dict for get_config_dict(path, ...)John Estabrook
2020-07-01config: T2667: add utility function get_sub_dictJohn Estabrook
2020-07-01ifconfig: T2653: use better names for vyos.configverify functionsChristian Poessinger
2020-07-01ifconfig: T2653: move pppoe interface to get_config_dict()Christian Poessinger
2020-07-01Merge pull request #483 from runborg/frr-modChristian Poessinger
T2638: FRR: New framework for configuring FRR
2020-06-30Merge pull request #484 from thomas-mangin/T2649Christian Poessinger
tunnel: T2649: ConfigurationState, do not inherit from Config
2020-06-29tunnel: T2649: ConfigurationState, do not inherit from ConfigThomas Mangin
2020-06-29ids: T2659: Fastnetmon conf_modesever-sever
2020-06-28T2638: FRR: New framework for configuring FRRRunar Borge
This commit adds the python module vyos.frr that support reading and modifying the frr cofiguration. Functions get_configuration() : Collects the configuration from FRR and returns it as a string reload_configuration() : uses frr-reload.py to activate a new configuration. The configuration applied will overwrite the current configuration. mark_configuration() : Does syntax check/validation and add "end" tags to the configuration The marked configuration will be returned as a string A syntax fault will render an Exception execute() : Execute a command inside vtysh configure() : Executes a command in vtysh config mode replace_section() / _replace_section() : Adds the ability to replace a section of frr code remove_section() : Removes the specified configuration block from the config For now this supports replacing complete config sub-blocks of configuration and selecting the daemon to replace inside. This should work for most daemons, but static routing will still be an issue because this is not a separate sub-config mode