summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2021-03-19bridge: T3415: add port isolation / private-vlan optionChristian Poessinger
Private VLAN, also known as port isolation, is a technique in computer networking where a VLAN contains switch ports that are restricted such that they can only communicate with a given "uplink". The restricted ports are called "private ports". Each private VLAN typically contains many private ports, and a single uplink. The uplink will typically be a port (or link aggregation group) connected to a router, firewall, server, provider network, or similar central resource. Q: https://en.wikipedia.org/wiki/Private_VLAN
2021-03-17vyos.configverify: T3344: verify_vrf() must handle "default" VRFChristian Poessinger
We can leak routes back to the default VRF, thus the check added by commit 9184dfb5 ("static: vrf: T3344: add target vrf verify()") must have a "bail out" option when one want's to leak routes into the default VRF.
2021-03-16Merge pull request #775 from erkin/currentChristian Poessinger
T3356: Generic download() and upload() for dynamically dispatching appropriate transfer procedure
2021-03-15Properly raise an error instead of exitingerkin
2021-03-15T3356: Generic download() and upload() for dynamically dispatching ↵erkin
appropriate transfer procedure
2021-03-14vyos.util: rename get_json_iface_options() -> get_interface_config()Christian Poessinger
2021-03-14vyos.util: add helper get_all_vrfs()Christian Poessinger
The helper will return a dict in form: {'red': {'table': 1000}, 'blue': {'table': 2000}}
2021-03-11config: T3356: Replace curl wrapper with (mostly) native remote file ↵erkin
transfer functions
2021-03-10syslog: T3396: Fix remote IPv6 hostsever-sever
2021-03-07T3357: Fix invoking TunnelIf() from op-modeChristian Poessinger
As we can also use the TunnelIf() class from op-mode we must ensure that read-only access to the class works even if required configuration keys as "encapsulation" are not passed to the class on invokation. This fixes an isse where "show interfaces tunnel" returned: Traceback (most recent call last): File "/usr/libexec/vyos/op_mode/show_interfaces.py", line 313, in <module> args.vrrp File "/usr/libexec/vyos/op_mode/show_interfaces.py", line 48, in handled_function function(*args, **kwargs) File "/usr/libexec/vyos/op_mode/show_interfaces.py", line 222, in run_show_intf_brief for interface in filtered_interfaces(ifnames, iftypes, vif, vrrp): File "/usr/libexec/vyos/op_mode/show_interfaces.py", line 77, in filtered_interfaces interface = klass(ifname, create=False, debug=False) File "/usr/lib/python3/dist-packages/vyos/ifconfig/tunnel.py", line 99, in __init__ if self.iftype in ['gretap', 'ip6gretap']: AttributeError: 'TunnelIf' object has no attribute 'iftype'
2021-03-07T3388: "show interfaces" op-mode command lacks PPPoE interfacesChristian Poessinger
Commit e5b335830ef ("vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config()") removed the PPPoEIf class as it seemed to be unused. It turns out it is required by the op-mode commands for e.g. "show interfaces".
2021-03-04Merge pull request #729 from bstepler/T3300Christian Poessinger
dhcp: T3300: add DHCP default route distance
2021-03-03tunnel: T2966: add ip6gretap encapsulation supportChristian Poessinger
2021-03-03geneve: T1799: add additional per tunnel optionsChristian Poessinger
Support setting additional options to the GENEVE tunnel like: - ttl - tos - do not fragment bit - ipv6 flowlabel
2021-03-03smoketest: vxlan: extend testcase to verify additional tunnel parametersChristian Poessinger
Verify proper configuration of VXLAN parameters for - source-interface - source-address - remote - vni - group Before it was only verified if the VXLAN tunnel interface was configured at all but not if the parameters are correct, too.
2021-02-28vif: T3349: use fixed ordering when enabling parent and child interfaceChristian Poessinger
When a VIF/VLAN interface is placed in admin down state but the lower interface, serving the vlan, is moved from admin down -> admin up, all its vlan interfaces will be placed in admin up state, too. This is bad as a VLAN interface will become admin up even if its specified as admin down after a reboot. To reproduce: set interfaces ethernet eth1 vif 20 disable set interfaces ethernet eth1 disable commit delete interfaces ethernet eth1 disable commit Now check the interface state and it returns UP,LOWER_UP 7: eth1.20@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:50:56:b3:09:07 brd ff:ff:ff:ff:ff:ff inet6 fe80::250:56ff:feb3:907/64 scope link valid_lft forever preferred_lft forever
2021-02-28vyos.util: provide single implementation for get_json_iface_options()Christian Poessinger
There had been four implementations of "ip -d -j link show interface" scattered accross the codebase. Those implementations have now been combined into a new helper: vyos.util.get_json_iface_options()
2021-02-28vxlan: T1513: add dont-fragment CLI optionChristian Poessinger
2021-02-28l2tpv3: T3366: migrate local-ip and remote-ip CLI optionsChristian Poessinger
Rename CLI options local-ip to source-address and remote-ip to remote to get a consistent CLI experience for the user.
2021-02-28tunnel: T3366: rename remote-ip to remoteChristian Poessinger
Streamline the CLI configuration where we try to use remote on other interfaces like vxlan, geneve.
2021-02-28tunnel: T3366: rename local-ip to source-addressChristian Poessinger
Streamline the CLI configuration where we try to use source-address when creating connections which are especially sourced from a discrete address.
2021-02-28tunnel: T3364: rename encapsulation mode "gre-bridge" to "gretap"Christian Poessinger
The following list shows the mapping of VyOS tunnel encapsulation modes to the corresponding Linux modes. VyOS Linux gre gre gre-bridge gretap ipip ipip ipip6 ipip6 ip6ip6 ip6ip6 ip6gre ip6gre sit sit Besides gre-bridge this is pretty consistent. As bridge interfaces are also called tap interfaces gre-bridge will be renamed to gretap to make the post-processing much easier. This means (in detail) that there are no more child classes of _Tunnel and there will be now one geneirc TunnelIf class handling all sorts of encapsulation.
2021-02-28vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config()Christian Poessinger
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on.
2021-02-24ethernet: T3163: fix typos in vyos.ethtool commentsChristian Poessinger
2021-02-24ethernet: T3163: not all NIC drivers support ring-buffer configurationChristian Poessinger
In addition to commit cf1156a60e ("ethernet: T3163: probe driver for maximum rx/tx ring-buffer size") this extends the logic in a way as not every driver supports setting the buffers at all so it will properly error out. When invoking "ethtool -g" both stdout and stderr are captured and no exception is raised if it's an unsupported driver feature. The verify() section will inform the user about the illegal operation.
2021-02-24route: static: T2450: add missing "dhcp-interface" route optionChristian Poessinger
As thought in the beginning the dhcp-interface route option can not be superseeded by the interface option. When a route is installed for a DHCP interface, that interface is usually a broadcast interface which can not be used for plain interface-based routes. The old Vyatta logic was migrated to Python where the current received next-hop address from the DHCP interface is installed as next-hop address.
2021-02-22vyos.ifconfig: extend debug option to print input dictChristian Poessinger
2021-02-21ethernet: T3163: probe driver for maximum rx/tx ring-buffer sizeChristian Poessinger
2021-02-20vyos.ethtool: import helper classChristian Poessinger
This helper class could be used to interact and retrieve information from ethtool. It is not used so far in production code.
2021-02-17configsession: T3259: avoid deadlock when data fills stdout pipeJohn Estabrook
If the subprocess is producing enough data (in this case showConfig on a large config file), then the construction: p = subprocess.Popen(.., stdout=subprocess.PIPE, ..) p.wait() will deadlock with the subprocess waiting for data to be consumed, while the Python process waits for its termination. So consume data, then wait for termination.
2021-02-15dhcp: T3300: add DHCP default route distanceBrandon Stepler
2021-02-11mirror: T3297: redirect stderr to /dev/nullJACK
2021-02-09T2638: Enable more debugging in the FRR libraryRunar Borge
This will enable more debugging on the frr reload library, changes: * Adds a /tmp/vyos.frr.debug hook to enable system wide vyos.frr debugging * Log the initial imported configs * Log the FRR config submitted to frr-reload * redirecting frr-reload output to the debug log.
2021-02-04Merge pull request #620 from jack9603301/T3030Christian Poessinger
tunnel: T3030: Add erspan protocol support
2021-02-02vlan: T3018: vif/vif-s vlan id can not be re-usedChristian Poessinger
In the past it was possible to configure a vif-s interface and a vif interface both with the same VLAN ID. VyOS 1.2 reported a Kernel error: RTNETLINK answers: File exists Error creating VLAN device eth1.100 so this should not be possible at all in VyOS 1.3
2021-02-02tunnel: T3030: Modify the command line to streamline configuration (support ↵jack9603301
package type automatic detection)
2021-02-02tunnel: T3030: Add erspan protocol supportjack9603301
2021-01-31Merge pull request #712 from erkin/currentChristian Poessinger
vyos: T3274: Handle EOF in ask_yes_no()
2021-01-31vyos: T3274: Handle EOF in ask_yes_no()erkin
2021-01-29vif-c: verify: T3269: fix configuration verificationBrandon Stepler
2021-01-27dhcpv6: T3262: don't run DHCPv6 client when only dhcpv6-options is configuredBrandon Stepler
If dhcpv6-options is configured without requesting a DHCPv6 address or PD, the dhcpv6pd variable is assigned an empty dict.
2021-01-24ospf(v3): T3236: T3244: adjust to route-map converted name (_ for -)Christian Poessinger
A hyphen in a route-map name will be converted to _, take care about this effect during validation.
2021-01-24ospf(v3): T3236: T3244: add verify() for used route-map existenceChristian Poessinger
2021-01-22frr: T2826: add additional debug output when loading new configChristian Poessinger
2021-01-20tunnel: T3173: bugfix nopmtu raw keyChristian Poessinger
The raw key was not copied into the class member variable. Also added a smoketest to ensure the configured parameters are always set.
2021-01-19nat: T2947: add many-many translationChristian Poessinger
Support a 1:1 or 1:n prefix translation. The following configuration will NAT source addresses from the 10.2.0.0/16 range to an address from 192.0.2.0/29. For this feature to work a Linux Kernel 5.8 or higher is required! vyos@vyos# show nat source { rule 100 { outbound-interface eth1 source { address 10.2.0.0/16 } translation { address 192.0.2.0/29 } } } This results in the nftables configuration: chain POSTROUTING { type nat hook postrouting priority srcnat; policy accept; oifname "eth1" counter packets 0 bytes 0 snat ip prefix to ip saddr map { 10.2.0.0/16 : 192.0.2.0/29 } comment "SRC-NAT-100" }
2021-01-17smoketest: bridge: T3226: Repair bridge smoke test damagejack9603301
2021-01-17bridge: T3137: Fix variable errors in VLAN sensor bridge configuration programjack9603301
2021-01-16vyos.configdict: node_changed() now accepts key mangling parameterChristian Poessinger
2021-01-16bridge: T3137: Support disable native VLANjack9603301