summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2022-02-17pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵Andrew Gunnerson
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-17vyos.configverify: T4255: fix unexpected print of dictionary instead of keyChristian Poessinger
2022-02-16xml: T3474: get component version dictionary from xml cache, not legacyJohn Estabrook
2022-02-16xml: T3474: add smoketest to check xml component versions are maintainedJohn Estabrook
Add smoketest to catch updates to a component version in legacy curver_DATA that is not present in xml syntaxVersion.
2022-02-16xml: T3474: add component version include filesJohn Estabrook
Add the include files containing the syntaxVersion element defining the version of the respective component; these files are included by the top level file 'xml-component-versions.xml.in'. Processing of these elements was previously added to the python xml lib in commit 40f5359d. This will replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy packages.
2022-02-16wireless: T4240: bugfix interface bridgingChristian Poessinger
VLAN isolation can not be "set" when interface is of type wifi.
2022-02-14pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert nameAndrew Gunnerson
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-13ethernet: T4242: speed/duplex can never be switched back to auto/autoChristian Poessinger
2022-02-13vyos.util: T4191: add new sysctl() helper functionChristian Poessinger
2022-02-08configtree: T4235: encapsulate config tree diff functionJohn Estabrook
2022-02-06config: T4228: is_member() must return all instances not only the last oneChristian Poessinger
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-02-03firewall: T4178: Fix only inverse matching on tcp flagssarthurdev
2022-01-31Merge pull request #1199 from sarthurdev/T4218Christian Poessinger
firewall: T4218: T4216: Add prefix to user defined chains, support negated groups, fixes
2022-01-31Merge pull request #1198 from vyos/force_to_listChristian Poessinger
T4221: add force_to_list Jinja2 filter
2022-01-31T4221: add force_to_list Jinja2 filterDaniil Baturin
2022-01-29firewall: T4216: Add support for negated firewall groupssarthurdev
2022-01-29firewall: T4218: Adds a prefix to all user defined chainssarthurdev
2022-01-29firewall: T4178: Fix dict_keys issue with tcp flagssarthurdev
2022-01-27firewall: T4178: Fix tcp flags output when `not` isn't usedsarthurdev
2022-01-26pki: T4212: Catch `install_into_config` errors and output for manual command ↵sarthurdev
entry
2022-01-20firewall: T2199: Add log prefix to match legacy perl behavioursarthurdev
Example syslog: [FWNAME-default-D] ... * Also clean-up firewall default-action
2022-01-18firewall: T3560: Add support for MAC address groupssarthurdev
2022-01-17firewall: policy: T4178: Migrate and refactor tcp flagssarthurdev
* Add support for ECN and CWR flags
2022-01-14firewall: T4178: Use lowercase for TCP flags and add an validatorsarthurdev
2022-01-12firewall: T4160: Fix support for inverse matchessarthurdev
2022-01-11remote: T3950: Gracefully handle chained exceptionserkin
2022-01-10frr: T4166: move log debug setting to init function for vyos-configdJohn Estabrook
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists; this check needs to be called within an init function, as frr.py will have already been loaded by vyos-configd before the /tmp/*.debug files are created by vyos-router, or by call to 'touch'.
2022-01-10Merge pull request #1151 from sarthurdev/firewallChristian Poessinger
firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node
2022-01-09policy: T4155: Fix using incorrect table variablesarthurdev
2022-01-05config: T3785: drop restriction to ascii in decodeJohn Estabrook
Following the update to vyos1x-config, commit 64263617, UTF-8 characters are supported within the config file, hence in the output of showConfig.
2022-01-05op-mode: T4142: Fix for show input ifbX interfacesViacheslav
Ability to see interface type "input" ifbX from op-mode
2022-01-05firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵sarthurdev
zone-policy
2022-01-04Merge pull request #1130 from sarthurdev/firewallChristian Poessinger
firewall: T4130: Fix firewall state-policy errors
2022-01-04firewall: T4130: Fix firewall state-policy errorssarthurdev
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-12-28ipsec: T4111: Fix for swanctl configuration IPV6 peersViacheslav
Peer name must not contain dots and colons, otherwise swanct can't generate correct configuration for swanctl.conf This is used in connection names and child SA names Add filter 'dot_colon_to_dash' which replace dots and colons
2021-12-21interface: T4056: Fix unexpected delete tc qdiscViacheslav
Traffic-policy rules are generated by old Perl code This commit prevents to unexpected override this code by python.
2021-12-19vxlan: T3700: add support for Generic Protocol extension (VXLAN-GPE)Christian Poessinger
2021-12-16remote: T3356: Remove incomplete HTTP upload progressbar supporterkin
2021-12-16Merge branch 'vyos:current' into currentLulu Cathrinus Grimalkin
2021-12-16Merge branch 'current' of https://github.com/erkin/vyos-1x into currenterkin
2021-12-16remote: T4037: Report the final URL when following redirectserkin
2021-12-13http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
2021-12-10vxlan: T3700: add support for external controlled FDBChristian Poessinger
Background information [1]. Specifies whether an external control plane (e.g. ip route encap/EVPN) or the internal FDB should be used. [1]: https://legacy.netdevconf.info/2.2/slides/prabhu-linuxbridge-tutorial.pdf
2021-12-10ConfigError: T4068: automatically wrap message at 72 charactersChristian Poessinger
2021-12-09vyos.configdict: T4064: bugfix for IP addresses not removed from KernelChristian Poessinger
Commit ee80d0aebd ("vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interface") addressed an issue with IP addresses added to interfaces by daemons and not by the CLI. The solution in this commit for IP address removal unfortunately did not cover VLAN (802.1q and 802.1ad) IP address removal in the same way as it is done for non VLAN interfaces. The code was missing. (cherry picked from commit 91898b8bd876af6b4d7fae54981e78400f57e008)
2021-12-09Merge pull request #1024 from lucasec/dns-authoritativeChristian Poessinger
T562: Config syntax for defining DNS forward authoritative zones
2021-12-08configquery: T4060: allow use before boot configuration is completeJohn Estabrook