summaryrefslogtreecommitdiff
path: root/python/vyos/configverify.py
AgeCommit message (Collapse)Author
2021-08-25vyos.configverify: add common verify_common_route_maps() functionChristian Poessinger
Partial backport of commit 421fa38445a, this is required to backport the complete IS-IS functionality from current.
2021-08-22vyos.configverify: use build-in functions for verify_interface_exists()Christian Poessinger
(cherry picked from commit ddff5eba85feea2a8d6d24e1914ce6d51ce2ea74)
2021-08-11accel-ppp: T3731: eliminate service name from error messageChristian Poessinger
VyOS will automatically append the subsystem name (pppoe-server or sstp) when something goes wrong. No need to hardcode this into the error string a second time. (cherry picked from commit 29463355e6ec98195ffd52e018bc775cd4199456)
2021-07-25ifconfig: backport ifconfig framework from 1.4 to support new tunnel optionsChristian Poessinger
It is easier to backport the entire vyos.ifconfig library from 1.4 instead of backporting single pieces which are required to add new feature to the tunnel interface section. In addition that both libraries are now back in sync it will become much easier to backport any other new feature introduced in VyOS 1.4!
2021-06-13pppoe: T3621: validate that both username and password are setChristian Poessinger
A validator is missing checking that if authentication is used on a PPPoE interface, both username and password are set.
2021-05-24pseudo-ethernet: T3575: verify parent interface MTUChristian Poessinger
(cherry picked from commit 38b3dff1ebdf8c26a28d0befa6dcf0b4f51f21be)
2021-05-23vyos.configverify: T3570: sub interface MTU must be less or equal to parent MTUSimon
(cherry picked from commit 5e1ed4086f96141611680892911dad82c28795ee)
2021-03-25vyos.configverify: T3344: verify_vrf() must handle "default" VRFChristian Poessinger
We can leak routes back to the default VRF, thus the check added by commit 9184dfb5 ("static: vrf: T3344: add target vrf verify()") must have a "bail out" option when one want's to leak routes into the default VRF. (cherry picked from commit 5adcc4ca30676338fca9a06409bbc72af4f68a1f)
2021-02-02vlan: T3018: vif/vif-s vlan id can not be re-usedChristian Poessinger
In the past it was possible to configure a vif-s interface and a vif interface both with the same VLAN ID. VyOS 1.2 reported a Kernel error: RTNETLINK answers: File exists Error creating VLAN device eth1.100 so this should not be possible at all in VyOS 1.3 (cherry picked from commit ccd516b4d10c518ea445928c01d6c7dc2770777b)
2021-01-29vif-c: verify: T3269: fix configuration verificationBrandon Stepler
(cherry picked from commit b8cddcdae36903feb84ee1807d6adb27337cf582)
2021-01-07vyos.configverify: provide generic helper to check for interface existenceChristian Poessinger
2021-01-06dhcpv6-pd: verify: T3193: detect conflict between auto-assigned and ↵Brandon Stepler
configured SLA-IDs "data/templates/dhcp-client/ipv6.tmpl" handles the auto-assigning of SLA-IDs on lines 39, 46, and 52.
2021-01-06dhcpv6-pd: verify: T3193: allow multiple auto-assigned SLA-IDsBrandon Stepler
"data/templates/dhcp-client/ipv6.tmpl" handles the auto-assigning of SLA-IDs on lines 39, 46, and 52.
2021-01-06dhcpv6-pd: verify: T3193: allow more than one VLAN interfaceBrandon Stepler
VLAN interfaces contain periods, which make them incompatible with dict_search().
2021-01-03mirror: add verify() check so we can not mirror back to our selfChristian Poessinger
2020-12-29ethernet: T1466: add EAPoL supportChristian Poessinger
2020-11-13T3060: Fixing a backwares check on dh lengthkroy
2020-11-13vyos.template: provide general is_ip(v4|v6) helpersChristian Poessinger
We had two places were the is_ip, is_ipv4 and is_ipv6 helpers had been defined. All places now have been converged into vyos.template as they are used both in the Jinja2 templates and also in our scripts.
2020-10-30openvpn: T2994: verify DH key lengthChristian Poessinger
2020-10-29verify: T2587: allow MTU < 1280 when IPv6 is disabled on an interfaceChristian Poessinger
2020-10-28vyos.util: T2995: rename vyos_dict_search() -> dict_search()Christian Poessinger
Renamed using snippet below: ---------------------------- for file in $(find . -name "*.py") do sed -i "s/vyos_dict_search/dict_search/" $file done
2020-10-05validate: ipv6: mtu: T2427: wireless interface MTU is not configurableChristian Poessinger
Commit 5db3d631 ("ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface") checked the "mtu" key for it's value and the test only passed if mtu was larger then the required 1280 bytes when IPv6 address have been configured on the link. wireless (WiFi) interfaces have no MTU node - thus this always resulted in a Python KeyError.
2020-10-04sstp: T2960: migrate to get_config_dict() and reusable templatesChristian Poessinger
2020-09-26ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interfaceChristian Poessinger
Using an MTU less then the required 1280 bytes (as per RFC) on an interface where IPv6 is not explicitly disabled by: - set interfaces ethernet eth1 ipv6 address no-default-link-local - not having any other IPv6 address configured Will now trigger a commit error via verify() instead of raising FileNotFoundError!
2020-09-25ifconfig: T2912: add helper to verify interface min/max supported MTUChristian Poessinger
Currently the MTU size of an interface is only checked when entered via CLI but if the interface supportes the configured MTU at all is not verified at all. New helper functions get_min_mtu(), get_max_mtu() and verify_mtu() have been added to provide a central API for validation.
2020-09-24dhcpv6-pd: verify: T2923: interface is required where the prefix is assignedChristian Poessinger
When configuring DHCPv6-PD it is mandatory to also specify at least one interface where the newly delegated prefix will be used. Without this setting DHCPv6-PD makes no sense at all.
2020-09-22ifconfig: T2653: bond: bridge: ensure member interface is not a source-interfaceChristian Poessinger
As we already check that a bond/bridge member interface is not a member of any other bridge or bond, the check must be extended. We also need to ensure that the bond member interface is not used as a source-interface to pppoe, macsec, tunnel, pseudo-ethernet, vxlan interfaces.
2020-08-23T2755: convert jmespath.search() to vyos_dict_search() for performanceChristian Poessinger
2020-08-23vyos.configverify: T2677: extend verify_dhcpv6() for non duplicate sla-idsChristian Poessinger
2020-08-15vyos.configverify: no need to call .keys() when searching dictChristian Poessinger
2020-08-01ifconfig: T2752: fix string format in verify_interface_exists()Christian Poessinger
We do not have a formatted string here thus the "f" keyword is wrong and triggered an exception.
2020-07-25vyos.configverify: T2653: fix some formatting issuesChristian Poessinger
2020-07-25ethernet: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for ethernet based interfaces which also supports 802.1q, 802.1ad VLANs. This commit migrates the existing codebase for an ethernet based interfaces and implements the missing parts for VLANs. Adding or migrating other interfaces (e.g. bridge or bond) will become much easier as they must reuse the entire functionality - we now walk towards a single codepath. Thanks for all who made this combined effort possible! Signed-off-by: Christian Poessinger <christian@poessinger.com>
2020-07-01ifconfig: T2653: use better names for vyos.configverify functionsChristian Poessinger
2020-07-01ifconfig: T2653: move pppoe interface to get_config_dict()Christian Poessinger
2020-06-27ifconfig: T2653: add vyos.configverify.verify_source_interface() helperChristian Poessinger
2020-06-26ifconfig: T2653: add common vyos.configverify helpersChristian Poessinger
While moving towards a general interface abstraction based on get_config_dict() and the use of vyos.ifconfig.Interfaces().update() it also makes sense, to split out common verification code to a common util file - instead of duplicating the code, which is infact one of the main forces drivind this transition. vyos.configverify will hold common functions called via verify() from our src/conf_mode scripts so we do not need to copy/paste general verifications methods.