summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-03-05macvlan: T1635: ensure 'link' interface really existsChristian Poessinger
2020-03-05vxlan: T1636: ensure 'link' interface really existsChristian Poessinger
2020-03-04pppoe: T1318: IPv6 supportChristian Poessinger
2020-03-04vrf: T31: remove pass in exception handlerChristian Poessinger
2020-03-04banner: T2099: accept empty pre-/post-login bannerChristian Poessinger
2020-03-04Merge branch 't31-vrf' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 't31-vrf' of github.com:c-po/vyos-1x: vrf: T31: enable vrf support for dummy interface templates: T2099: make op-mode path completion helper working vrf: T31: reorder routing table lookups vrf: T31: adding unreachable routes to the routing tables vrf: T31: prior to the v4.8 kernel iif and oif rules are needed vrf: T31: create iproute2 table to name mapping reference vrf: T31: rename 'vrf disable-bind-to-all ipv4' to 'vrf bind-to-all' vrf: T31: support add/remove of interfaces from vrf vrf: T31: remove superfluous vyos.vrf library functions vrf: T31: reduce script complexity vrf: T31: no need to use sudo calls in vrf.py vrf: T31: make 'show vrf' command behave like other 'show interface commands' xml: include: description: adjust help message vrf: T31: improve help for routing table vrf: T31: reuse interface-description.xml.i for instance description vrf: T31: use embedded regex on 'vrf name' instead of python script vrf: T31: initial support for a VRF backend in XML/Python ifconfig: T2057: generic interface option setting
2020-03-04vrf: T31: enable vrf support for dummy interfaceChristian Poessinger
2020-03-04templates: T2099: make op-mode path completion helper workingChristian Poessinger
2020-03-04vrf: T31: reorder routing table lookupsChristian Poessinger
Linux routing uses rules to find tables - routing targets are then looked up in those tables. If the lookup got a matching route, the process ends. TL;DR; first table with a matching entry wins! You can see your routing table lookup rules using "ip rule", sadly the local lookup is hit before any VRF lookup. Pinging an addresses from the VRF will usually find a hit in the local table, and never reach the VRF routing table - this is usually not what you want. Thus we will re-arrange the tables and move the local lookup furhter down once VRFs are enabled.
2020-03-04vrf: T31: adding unreachable routes to the routing tablesChristian Poessinger
2020-03-04vrf: T31: prior to the v4.8 kernel iif and oif rules are neededChristian Poessinger
.. we run on 4.19 thus this is no longer needed.
2020-03-04vrf: T31: create iproute2 table to name mapping referenceChristian Poessinger
2020-03-04vrf: T31: rename 'vrf disable-bind-to-all ipv4' to 'vrf bind-to-all'Christian Poessinger
By default the scope of the port bindings for unbound sockets is limited to the default VRF. That is, it will not be matched by packets arriving on interfaces enslaved to an l3mdev and processes may bind to the same port if they bind to an l3mdev. TCP & UDP services running in the default VRF context (ie., not bound to any VRF device) can work across all VRF domains by enabling the 'vrf bind-to-all' option.
2020-03-04vrf: T31: support add/remove of interfaces from vrfChristian Poessinger
2020-03-04vrf: T31: remove superfluous vyos.vrf library functionsChristian Poessinger
vyos.vrf.list_vrfs() was only used in one function thus building a library is no longer needed. If it is needed in the future it should be placed into a library again.
2020-03-04vrf: T31: reduce script complexityChristian Poessinger
Keep it simple and stupid :)
2020-03-04vrf: T31: no need to use sudo calls in vrf.pyChristian Poessinger
All configuration mode scripts are already run with sudo.
2020-03-04vrf: T31: make 'show vrf' command behave like other 'show interface commands'Christian Poessinger
- remove the additional depth for querying discrete VRF names - retrieve available VRF names from via <path> from CLI rather then invoking an external script
2020-03-04xml: include: description: adjust help messageChristian Poessinger
2020-03-04vrf: T31: improve help for routing tableChristian Poessinger
2020-03-04vrf: T31: reuse interface-description.xml.i for instance descriptionChristian Poessinger
2020-03-04vrf: T31: use embedded regex on 'vrf name' instead of python scriptChristian Poessinger
2020-03-04vrf: T31: initial support for a VRF backend in XML/PythonThomas Mangin
This is a work in progress to complete T31 whoever thought it was less than 1 hour of work was ..... optimistic. Only VRF vreation and show is supported right now. No interface can be bound to any one VRF.
2020-03-04ifconfig: T2057: generic interface option settingThomas Mangin
this patch allows to get or change many interface options (mtu, arp settings, ...) using get_interface / set_interface functions
2020-03-04templates: T2098: fix wrong op-mode command for path completion helperChristian Poessinger
2020-03-04Merge pull request #240 from thomas-mangin/2057-strictChristian Poessinger
ifconfig: T2057: allow unknown config keys, and fix variable name ref.
2020-03-04ifconfig: T2057: allow unknown keys in the config, and fixThomas Mangin
2020-03-04Merge pull request #239 from thomas-mangin/2057-fixtimeChristian Poessinger
ifconfig: T2057: fix multiple issues with initial patch
2020-03-04ifconfig: T2057: fix various typosThomas Mangin
2020-03-04ifconfig: T2057: bugfix KeyErrorChristian Poessinger
Error introduced in commit b38dcaf ("ifconfig: T2057: generic interface option setting"). File "/usr/lib/python3/dist-packages/vyos/ifconfig.py", line 146, in _get_sysfs filename = self._sysfs_get[name]['location'].format(config) KeyError: 'ifname'
2020-03-04ifconfig: T2057: bugfix ValueErrorChristian Poessinger
Fixes error when creating bridge interfaces: ValueError: <module 'time' (built-in)> must be a number
2020-03-03Merge pull request #237 from thomas-mangin/interface-attributeChristian Poessinger
ifconfig: T2057: generic interface option setting
2020-03-03ifconfig: T2057: generic interface option settingThomas Mangin
this patch allows to get or change many interface options (mtu, arp settings, ...) using get_interface / set_interface functions
2020-03-03interfaces: T1579: fix c/p error when evaluating ↵Christian Poessinger
os.environ['VYOS_TAGNODE_VALUE'] This has been only a theoretical problem but then the error condition was triggered - only an error has been printed instead of raising an Exception.
2020-03-03Merge pull request #235 from Elbandi/fix-rfc3442-static-routeChristian Poessinger
dhcp-server: T2092: add default route to rfc3442-static-route option
2020-03-03Merge pull request #236 from DmitriyEshenko/docker-intfcChristian Poessinger
ifconfig: T2074: add check for sysfs files
2020-03-03ifconfig: T2074: add check for sysfs filesDmitriyEshenko
2020-03-03dhcp-server: T2092: add default route to rfc3442-static-route optionAndras Elso
2020-03-03Merge pull request #234 from Elbandi/fix-static-routeChristian Poessinger
dhcp-server: T2062: Fix static route bytes
2020-03-03dhcp-server: T2062: Fix static route bytesAndras Elso
2020-03-01syslog: T2086: do not log cron and su to regular syslogChristian Poessinger
2020-03-01login: radius: T2089: only query servers when uid matches ...Christian Poessinger
Do not query RADIUS servers when commit is running started from a non RADIUS user (localuser, root). This should reduce the overall system boot time.
2020-03-01vmware: T1028: readd static IP address after resumeChristian Poessinger
2020-03-01pppoe: T2087: enable unlimited connection attemptsChristian Poessinger
2020-03-01syslog: T2086: move sudo session open/close log entries to auth.logChristian Poessinger
2020-02-29Merge pull request #231 from thomas-mangin/T2082Christian Poessinger
ifconfig: T2082: fix checking of argument passed
2020-02-29ifconfig: T2082: fix checking of argument passedThomas Mangin
2020-02-27Merge pull request #227 from thomas-mangin/T2057Christian Poessinger
ifconfig: T2057: generalised Interface configuration
2020-02-27openvpn: T2075: add support for OpenVPN tls-crypt file optionChristian Poessinger
Encrypt and authenticate all control channel packets with the key from keyfile. Encrypting (and authenticating) control channel packets: * provides more privacy by hiding the certificate used for the TLS connection * makes it harder to identify OpenVPN traffic as such * provides "poor-man's" post-quantum security, against attackers who will never know the pre-shared key (i.e. no forward secrecy)
2020-02-27login: T2050: retrieve home directory for SSH keys from OS and not guess itChristian Poessinger
We should not rely on the home dir value stored in user['home_dir'] as if a crazy user will choose username root or any other system user this will fail. Should be deny using root at all?