summaryrefslogtreecommitdiff
path: root/python/vyos/configverify.py
AgeCommit message (Collapse)Author
2024-01-01configverify: T5880: raise exception if interfaces sourced form dynamic ↵Christian Breunig
interfaces Interfaces matching the following regex (ppp|pppoe|sstpc|l2tp|ipoe)[0-9]+ can not be used as source-interface for e.g. a tunnel. The main reason is that these are dynamic interfaces which come and go from a kernel point of view, thus it's not possible to bind an interface to them. (cherry picked from commit 5062f5d313548d6ebb9c07fee6b6d6be25b8f8f0)
2023-12-28accel-ppp: T5688: Standardized pool configuration in accel-pppaapostoliuk
Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different. (cherry picked from commit 422eb463d413da812eabc28706e507a9910d7b53)
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-06-22vyos.configverify: T5308: fix typo revealed by tagnode aware defaultsJohn Estabrook
The original implementation of defaults, and workaround required, would leave an entry {'dhcpv6_options': {'pd': {}}} in the interface_dict.
2023-02-18T5011: Set default values for min_mtu max_mtuViacheslav Hletenko
Some interface drivers don't support/provide min_mtu and max_mtu values For example VyOS in docker container with 'veth' driver on some platforms As a workarund add default values for min/max MTU for calculations and pass function "verify_mtu(config)"
2023-02-15T4971: Accel-ppp verify if client_ip_pool key exists in configViacheslav Hletenko
If 'client_ip_pool' not exists in config we cannot search it in the dictionary dict_search_recursive(config, 'gateway_address', ['client_ip_pool', 'name']) Add check
2023-02-10interfaces: T4995: rename user -> username CLI node for pppoe, wwan and ↵Christian Breunig
sstp-client
2023-02-07T4971: PPPoE server add named ip pool and attr Framed-PoolViacheslav Hletenko
Add a new feature to allow to use named pools Also it can be used with RADIUS attribute 'Framed-Pool' set service pppoe-server client-ip-pool name POOL1 gateway-address '192.0.2.1' set service pppoe-server client-ip-pool name POOL1 subnet '192.0.2.0/24'
2022-12-04T4804: Fix check for PPPoE server local-usersViacheslav Hletenko
We check if local_users is None Check also and empty dict {'access_concentrator': 'vyos-ac', 'authentication': {'local_users': {},
2022-09-21ipoe: T4678: T4703: rewrite to get_config_dict()Christian Poessinger
In addition to the rewrite to make use of get_config_dict() the CLI is slightly adjusted as specified in T4703. * Rename vlan-id and vlan-range to simply vlan * Rename network-mode to simply mode * Re-use existing common Jinja2 template for Accel-PPP which are shared with PPPoE and SSTP server. * Retrieve default values via defaultValue XML node
2022-08-24T4630: can not use same source-interface for macsec and pseudo-ethernetChristian Poessinger
A macsec interface requires a dedicated source interface, it can not be shared with another macsec or a pseudo-ethernet interface. set interfaces macsec macsec10 address '192.168.2.1/30' set interfaces macsec macsec10 security cipher 'gcm-aes-256' set interfaces macsec macsec10 security encrypt set interfaces macsec macsec10 security mka cak '232e44b7fda6f8e2d88a07bf78a7aff4232e44b7fda6f8e2d88a07bf78a7aff4' set interfaces macsec macsec10 security mka ckn '09924585a6f3010208cf5222ef24c821405b0e34f4b4f63b1f0ced474b9bb6e6' set interfaces macsec macsec10 source-interface 'eth1' commit set interfaces pseudo-ethernet peth0 source-interface eth1 commit Reuslts in FileNotFoundError: [Errno 2] failed to run command: ip link add peth0 link eth1 type macvlan mode private returned: exit code: 2 noteworthy: cmd 'ip link add peth0 link eth1 type macvlan mode private' returned (out): returned (err): RTNETLINK answers: Device or resource busy [[interfaces pseudo-ethernet peth0]] failed Commit failed
2022-08-04vyos.config.configdict: T4592: only print interface name, not interface dict ↵Christian Poessinger
on error
2022-08-01bridge: T4565: bugfix error message when member interface contains an addressChristian Poessinger
We should not print the entire dictionary - we only need the bridge interface name: Bug: Cannot assign address to interface "eth1" as it is a member of bridge "{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"! Fixed: Cannot assign address to interface "eth1" as it is a member of bridge "br0"!
2022-07-15interfaces: T4525: interfaces can not be member of a bridge/bond and a VRFChristian Poessinger
2022-04-23verify: T4386: Fix traffic-policy key in verify_mirrorViacheslav Hletenko
Fix logic for verify traffic-policy in def verify_mirror_redirect It checks just "traffic_policy.in" and should also checks if 'mirror' or 'redirect' exists in config
2022-04-07qos: T4284: verify mirror/redirect target interface existsChristian Poessinger
2022-04-07qos: T4284: support mirror and redirect on vlan subinterfacesChristian Poessinger
2022-04-07qos: T4284: support mirror and redirect on all interface typesChristian Poessinger
2022-03-21qos: T4284: initial XML interface definitions for rewriteChristian Poessinger
2022-02-17vyos.configverify: T4255: fix unexpected print of dictionary instead of keyChristian Poessinger
2022-02-14pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert nameAndrew Gunnerson
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2021-10-21tunnel: T3925: dhcp-interface was of no use - use source-interface insteadChristian Poessinger
(cherry picked from commit c1015d8ce0013719eb898b60b14ffec192b8141c)
2021-09-06pki: eapol: T3642: only add "pki" key to interface dict if pki is configuredChristian Poessinger
2021-09-06ifconfig: T3806: "ipv6 address no_default_link_local" required for MTU < 1280Christian Poessinger
This commit also extends the smoketest to verify that the exception for this error is raised.
2021-08-21vyos.configverify: use build-in functions for verify_interface_exists()Christian Poessinger
2021-08-11accel-ppp: T3731: eliminate service name from error messageChristian Poessinger
VyOS will automatically append the subsystem name (pppoe-server or sstp) when something goes wrong. No need to hardcode this into the error string a second time.
2021-07-20pki: eapol: T3642: Migrate EAPoL to use PKI configurationsarthurdev
2021-06-13pppoe: T3621: validate that both username and password are setChristian Poessinger
A validator is missing checking that if authentication is used on a PPPoE interface, both username and password are set. (cherry picked from commit 0361c3ac449f183476f7aee31439417d9f7f8012)
2021-05-24pseudo-ethernet: T3575: verify parent interface MTUChristian Poessinger
2021-05-23vyos.configverify: T3570: sub interface MTU must be less or equal to parent MTUSimon
2021-04-08protocols: T3464: proper handling of routing policy configurationChristian Poessinger
The introduction of key_mangling=('-', '_') when working with get_config_dict() caused more harm then good. This commit extends common helpers and adds new helpers when verifying the existence of route-maps, access-lists or prefix-lists.
2021-03-17vyos.configverify: T3344: verify_vrf() must handle "default" VRFChristian Poessinger
We can leak routes back to the default VRF, thus the check added by commit 9184dfb5 ("static: vrf: T3344: add target vrf verify()") must have a "bail out" option when one want's to leak routes into the default VRF.
2021-03-03tunnel: T2966: add ip6gretap encapsulation supportChristian Poessinger
2021-02-28tunnel: T3366: rename remote-ip to remoteChristian Poessinger
Streamline the CLI configuration where we try to use remote on other interfaces like vxlan, geneve.
2021-02-28tunnel: T3366: rename local-ip to source-addressChristian Poessinger
Streamline the CLI configuration where we try to use source-address when creating connections which are especially sourced from a discrete address.
2021-02-28tunnel: T3364: rename encapsulation mode "gre-bridge" to "gretap"Christian Poessinger
The following list shows the mapping of VyOS tunnel encapsulation modes to the corresponding Linux modes. VyOS Linux gre gre gre-bridge gretap ipip ipip ipip6 ipip6 ip6ip6 ip6ip6 ip6gre ip6gre sit sit Besides gre-bridge this is pretty consistent. As bridge interfaces are also called tap interfaces gre-bridge will be renamed to gretap to make the post-processing much easier. This means (in detail) that there are no more child classes of _Tunnel and there will be now one geneirc TunnelIf class handling all sorts of encapsulation.
2021-02-28vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config()Christian Poessinger
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
2021-02-04Merge pull request #620 from jack9603301/T3030Christian Poessinger
tunnel: T3030: Add erspan protocol support
2021-02-02vlan: T3018: vif/vif-s vlan id can not be re-usedChristian Poessinger
In the past it was possible to configure a vif-s interface and a vif interface both with the same VLAN ID. VyOS 1.2 reported a Kernel error: RTNETLINK answers: File exists Error creating VLAN device eth1.100 so this should not be possible at all in VyOS 1.3
2021-02-02tunnel: T3030: Modify the command line to streamline configuration (support ↵jack9603301
package type automatic detection)
2021-01-29vif-c: verify: T3269: fix configuration verificationBrandon Stepler
2021-01-24ospf(v3): T3236: T3244: adjust to route-map converted name (_ for -)Christian Poessinger
A hyphen in a route-map name will be converted to _, take care about this effect during validation.
2021-01-24ospf(v3): T3236: T3244: add verify() for used route-map existenceChristian Poessinger
2021-01-07vyos.configverify: provide generic helper to check for interface existenceChristian Poessinger
2021-01-06dhcpv6-pd: verify: T3193: detect conflict between auto-assigned and ↵Brandon Stepler
configured SLA-IDs "data/templates/dhcp-client/ipv6.tmpl" handles the auto-assigning of SLA-IDs on lines 39, 46, and 52.
2021-01-06dhcpv6-pd: verify: T3193: allow multiple auto-assigned SLA-IDsBrandon Stepler
"data/templates/dhcp-client/ipv6.tmpl" handles the auto-assigning of SLA-IDs on lines 39, 46, and 52.
2021-01-06dhcpv6-pd: verify: T3193: allow more than one VLAN interfaceBrandon Stepler
VLAN interfaces contain periods, which make them incompatible with dict_search().
2021-01-03mirror: add verify() check so we can not mirror back to our selfChristian Poessinger
2020-12-29ethernet: T1466: add EAPoL supportChristian Poessinger