summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2023-09-11vxlan: T3700: Revert change to `vyos.utils.process.cmd`sarthurdev
(cherry picked from commit e46afa2c58eea2d81df84e2630a6f346f1f51c2a)
2023-09-09vxlan: T3700: support VLAN tunnel mapping of VLAN aware bridgesChristian Breunig
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI is configured against a container VXLAN interface which is referred to as a 'Single VXLAN device (SVD)'. Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI. Sample configuration of SVD with VLAN to VNI mappings is shown below. set interfaces bridge br0 member interface vxlan0 set interfaces vxlan vxlan0 external set interfaces vxlan vxlan0 source-interface 'dum0' set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010' set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011' set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030' set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031' (cherry picked from commit 7f6624f5a6f8bd1749b54103ea5ec9f010adf778)
2023-09-04T5533: Fix VRRP IPv6 group enters in FAULT stateViacheslav Hletenko
Checks if an IPv6 address on a specific network interface is in the tentative state. IPv6 tentative addresses are not fully configured and are undergoing Duplicate Address Detection (DAD) to ensure they are unique on the network. inet6 2001:db8::3/125 scope global tentative It tentative state the group enters in FAULT state. Fix it
2023-08-31Merge pull request #2190 from sarthurdev/T4782Christian Breunig
eapol: T4782: Support multiple CA chains
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-08-28T5519: Fix `vyos.utils.process.call` hangsYuxiang Zhu
See https://vyos.dev/T5519 for more information.
2023-08-25interface: T3509: Add per-interface IPv6 source validationsarthurdev
2023-08-23save-config: T4292: rewrite vyatta-save-config.pl to PythonJohn Estabrook
2023-08-23Merge pull request #2162 from nicolas-fort/T5472Christian Breunig
T5472: nat redirect: allow redirection without defining redirected port
2023-08-23vrf: T5428: move helpers to common vyos.utils.network moduleChristian Breunig
Helper functions can and will be re-use din different code places.
2023-08-23Merge pull request #2142 from nicolas-fort/T5450Christian Breunig
T5450: allow inverted matcher for interface and interface-group
2023-08-23T5472: nat redirect: allow redirection without defining redirected portNicolas Fort
2023-08-23T5450: update smoketest and interface definition in order to work with new ↵Nicolas Fort
firewall cli
2023-08-23Merge pull request #2156 from giga1699/T5447Christian Breunig
T5447: Initial support for MACsec static keys
2023-08-20T5447: Remove redundant self.set_admin_stateGiga Murphy
2023-08-20T5447: Update copyright yearsGiga Murphy
2023-08-20T5447: Corrected comment in _create headerGiga Murphy
2023-08-20T5447: Corrected comment for interface downGiga Murphy
2023-08-20T5447: Implement maintainer feedbackGiga Murphy
2023-08-18T5447: Initial support for MACsec static keysGiga Murphy
2023-08-17Merge pull request #2130 from aapostoliuk/T5409-sagittaChristian Breunig
wireguard: T5409: Added 'set interfaces wireguard wgX threaded'
2023-08-17wireguard: T5409: rename threaded CLI not to per-client-threadChristian Breunig
Using threaded as CLI node is a very deep term used by kernel threads. To make this more understandable to users, rename the node to per-client-thread. It's also not necessary to test if any one peer is configured and probing if the option is set. There is a base test which requires at least one peer to be configured.
2023-08-12Merge pull request #2117 from zdc/T5410-sagittaDaniil Baturin
utils: T5410: Extended supported types in `convert_data()`
2023-08-11ipv6: T5464: add support for per-interface dad (duplicate address detection) ↵Christian Breunig
setting
2023-08-11ipv6: T5464: use proper XML default for DAD transmitsChristian Breunig
This is only a cosmetic change so that the default value is properly retrieved from the defaultValue XML node.
2023-08-11T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵Nicolas Fort
firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip.
2023-08-11T5160: firewal refactor: fix tabulation for geo-ip parsing code. Typo fix in ↵Nicolas Fort
firewall smoketest
2023-08-11T5160: firewall refactor: change firewall ip to firewall ipv4Nicolas Fort
2023-08-11T5160: firewall refactor: re-add missing code in template.py which was ↵Nicolas Fort
accidentaly removed. Update smokestest: remove zone test and fix test_sysfs test
2023-08-11T5160: firewall refactor: new cli structure. Update jinja templates, python ↵Nicolas Fort
scripts and src firewall
2023-08-10T5434: use get_defaults instead of defaultsJohn Estabrook
2023-08-10T5434: remove unneeded importJohn Estabrook
2023-08-10T5434: replace import of component_versionJohn Estabrook
2023-08-10xml: T5218: fix typo in component_versionJohn Estabrook
2023-08-09pki: T5273: add a certificate fingerprint commandDaniil Baturin
2023-08-09xml: T5452: catch lib errors in generate_cacheJohn Estabrook
2023-08-09T5453: nat66: exclude checks for nat load-balance when using ipv6 while ↵Nicolas Fort
parsing nat rules.
2023-08-09Merge pull request #2136 from jestabro/with-defaultsChristian Breunig
T5319: remove workarounds for incorrect defaults in config-mode scripts
2023-08-08T4989: QoS fix policer match markViacheslav Hletenko
2023-08-08Merge pull request #2119 from nicolas-fort/T5014-dnatChristian Breunig
T5014: nat: add source and destination nat options for configuring lo…
2023-08-07dhcp(v6): T5428: add proper return statements in set_dhcp(v6) methodsChristian Breunig
2023-08-07wireguard: T5409: Added 'set interfaces wireguard wgX threaded'aapostoliuk
Added 'set interfaces wireguard wgX threaded' command. Process traffic from each peer in a dedicated thread.
2023-08-07config: T5443: add config merge_defaults methodJohn Estabrook
Drop low-level merge_defaults function in favor of Config method for a middle-grained level of control when merging defaults.
2023-08-07xml: T5435: utility function for default value at pathJohn Estabrook
2023-08-06T5195: move helpers from vyos.validate to vyos.utils packageChristian Breunig
2023-08-05vyos.configdict: T5308: remove obsolete T2665_set_dhcpv6pd_defaults functionChristian Breunig
2023-08-05T5266: QoS limit could be not configured for queue-type prioriyViacheslav Hletenko
Fix tc qdisc command that use 'limit None' if limit is not in config Limit xx sould be used only if it exists in the config
2023-08-05dhcpv6: T5428: client renewal fails when running inside VRFChristian Breunig
2023-08-04dhcp: T5428: client renewal fails when running inside VRFChristian Breunig
vyos@vyos# run show vrf MGMT processes 2282 sshd There is no dhclient process running in given VRF. dhclient complains it can not send out packets via the given interface (as it's not bound to that VRF) Aug 02 20:29:54 dhclient[1686]: send_packet: Network is unreachable Aug 02 20:29:54 dhclient[1686]: send_packet: please consult README file regarding broadcast address. Aug 02 20:29:54 dhclient[1686]: dhclient.c:3001: Failed to send 300 byte long packet over fallback interface.
2023-08-04dhcp: T5428: provide common direcotry path via vyos.defaults.directoriesChristian Breunig
Multiple scripts use the same hardcoded path for DHCP client leases in different direcotries - this can't be worse.