summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2023-12-16image: T4516: support for interoperability of legacy/new image toolsJohn Estabrook
This commit allows management of system images with either new or legacy tools: 'add/delete/rename system image' and 'set default' are translated appropriately on booting between images with the old and new tools. Consequently, the warning of the initial commit of T4516 is dropped. (cherry picked from commit 96b65e90fbfa1fe63d97929ac86fc910abb0caa9)
2023-12-16image: T4516: improve format of 'show system image details'John Estabrook
(cherry picked from commit 8efab9ee8cdb0e65dddb9d3ba97de8ddcf3666dc)
2023-12-16image: T5195: vyos.util -> vyos.utils package refactoringJohn Estabrook
(cherry picked from commit fcded7930b5426193e8490c6df2a70e300a60e31)
2023-12-16image: T4516: remove unused file, replaced by vyos/system/image.pyJohn Estabrook
(cherry picked from commit 9e3b769f8402a816f6c7fa80ff12c9579c3f5243)
2023-12-16image: T4516: correct permissions on creation of config directoryJohn Estabrook
(cherry picked from commit 74b00c1f6961d1bd3a59768021f154bdb64c154e)
2023-12-16image: T4516: Added system image toolszsdc
This commit adds the whole set of system image tools written from the scratch in Python that allows performing all the operations on images: * check information * perform installation and deletion * versions management Also, it contains a new service that will update the GRUB menu and keep tracking its version in the future. WARNING: The commit contains non-reversible changes. Because of boot menu changes, it will not be possible to manage images from older VyOS versions after an update. (cherry picked from commit 8f94262e8fa2477700c50303ea6e2c6ddad72adb)
2023-12-15T5775: firewall: re-add state-policy to firewall. These commands are now ↵Nicolas Fort
included in <set firewall global-options state-policy> node.
2023-12-14T5749: Add a more scrict search for get_vrf methodViacheslav Hletenko
The current implementation is wrong as it searches `master` in the iproute2 JSON output. It is a worng as it could include bridges or bonding interfaces Add the more strict search `info_slave_kind == vrf` (cherry picked from commit 2ebac5af10a36668ed3b8cfa6e5a9f61cf5d1068)
2023-12-13T5774: fix regressions in remote.upload and use in config_mgmtJohn Estabrook
(cherry picked from commit 6b325962a4b8b3e67d7976bf161aed34a9fe6cce)
2023-12-12load-config: T5815: provide a variety of load config methodsJohn Estabrook
Collect in a module several versions of a 'load config' function. They have different use cases according to performance and error reporting, and allow comparison of non-legacy and legacy variants. (cherry picked from commit 7e4caa118692d9b6fd798783596bd018f805e5eb)
2023-12-11T5812: report actual number of revisions instead of maxJohn Estabrook
(cherry picked from commit ccbf03f1a87ac37eef78aeb29420ceea9a730a90)
2023-12-11T5812: Fix for rollback check max revision numberViacheslav Hletenko
(cherry picked from commit f019ed91b5444d2f446ca4f7332602c03a074190)
2023-12-09remote: T5773: Fix for broken config uploaderkin
(cherry picked from commit 63bbd1afdd21563cf673ee34b47156889bd5e349)
2023-12-08op-cmd: T5802: bug fix for "ping x.x.x.x interface" completion optionssrividya0208
(cherry picked from commit 020410a1e2009cb47d72bd18d360b9dc4b9c764f)
2023-12-01http-api: T5782: use single config-mode script for https and http-apiJohn Estabrook
2023-12-01http-api: T5768: remove auxiliary http-api.confJohn Estabrook
2023-11-27vyos.utils: T5749: fix get_vrf_members() call to iproute2Christian Breunig
The iproute2 master argument is used for both a VRF and a bridge device. Using this in the VRF context would retrieve and report back the wrong interfaces: Old implementation: =================== >>> from vyos.utils.network import get_vrf_members >>> get_vrf_members('br1') ['eth1', 'eth2', 'vxlan1'] >>> get_vrf_members('black') ['br1.3002', 'br1.4000', 'pim6reg10200'] The new implementation: ======================= >>> from vyos.utils.network import get_vrf_members >>> get_vrf_members('br1') [] >>> get_vrf_members('black') ['br1.3002', 'br1.4000', 'pim6reg10200'] (cherry picked from commit e02546655adefe1a6fb3660402e697f872d3ffe7)
2023-11-22vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069 (cherry picked from commit 35f6033d21053fa420e837f157cd9377a4ccd26a)
2023-11-22http: T5762: rename "virtual-host listen-port" -> "virtual-host port"Christian Breunig
This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components. (cherry picked from commit 0e885f1bf01424130b6876e769cc42612b19351b)
2023-11-22Merge pull request #2521 from vyos/mergify/bp/sagitta/pr-2516Daniil Baturin
T5767: HTTPS API add reboot and poweroff endpoints (backport #2516)
2023-11-22Merge pull request #2520 from vyos/mergify/bp/sagitta/pr-2518Daniil Baturin
T5770 Enable MACsec encryption stanza (backport #2518)
2023-11-21T5767: HTTPS API add reboot and poweroff endpointsViacheslav Hletenko
Add ability to reboot and poweroff the system via API curl -k --location --request POST 'https://vyos/reboot' \ --form data='{"op": "reboot", "path": ["now"]}' \ --form key='apikey' curl -k --location --request POST 'https://vyos/poweroff' \ --form data='{"op": "poweroff", "path": ["now"]}' \ --form key='apikey' (cherry picked from commit 36f3c329c2df0e78f2f5da933d9729a872fb2a11)
2023-11-21macsec: T5770: enable iproute2 "encrypt on" stanzaGiga Murphy
(cherry picked from commit a7a90e81ad03ec33acb32beeab71dbd5f27a2044)
2023-11-21T5419: firewall: backport firewall flowtable to Sagitta.Nicolas Fort
2023-11-19T2405: add Git support to commit-archiveYun Zheng Hu
(cherry picked from commit a89243cfbfc90854a8cddd53c0ffc987f75abcee)
2023-11-19Merge pull request #2498 from nicolas-fort/T4072-sagittaChristian Breunig
T4072: firewall: backport bridge firewall to sagitta
2023-11-16T4072: firewall: backport bridge firewall to sagittaNicolas Fort
2023-11-16tunnel: T3894: improve get_mac_synthetic() codeChristian Breunig
Remove stray whitespace in sed script and call Section.interfaces with vlan=False instead of a custom filter. This extends commit f19c92f25 ("tunnel: T3894: fix design when building synthetic MAC addresses") (cherry picked from commit c8ba5dccfa9b02533c6536903ecacd3ddb04351e)
2023-11-16Merge pull request #2489 from vyos/mergify/bp/sagitta/pr-2476Christian Breunig
pim(6): T5733: add missing FRR related features (backport #2476)
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D (cherry picked from commit dc3906f04fbfe8014531e092a77c1c8c2d10dfe0)
2023-11-15pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR. (cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c) # Conflicts: # python/vyos/frr.py # src/op_mode/restart_frr.py
2023-11-15Merge pull request #2474 from vyos/mergify/bp/sagitta/pr-2435Christian Breunig
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper) (backport #2435)
2023-11-15Merge pull request #2485 from vyos/mergify/bp/sagitta/pr-2483Christian Breunig
remote: T5726: Disable the progressbar if the shell is noninteractive or the terminal is missing capabilities (backport #2483)
2023-11-15remote: T5726: Disable the progressbar if the shell is noninteractive or the ↵erkin
terminal is missing capabilities (cherry picked from commit 59b432b97e361f3f5670302f51881ee596afe2f8)
2023-11-14T5729: T5590: T5616: backport to sagita fwall marks, fix on firewall logs ↵Nicolas Fort
parsing, and migration to valueless node for log and state matchers
2023-11-12T5658: add common methods interface_list() and vrf_list() to vyos.utils.networkChristian Breunig
Reduce amount of duplicated (3 times) code in op-mode scripts for ping, traceroute and mtr. (cherry picked from commit 7b27a20c8664460482301cc8d7554048f152485e)
2023-11-09T1797: Delete VPP from vyos-1x as it is implemented in addonViacheslav Hletenko
(cherry picked from commit 59c8d5febb2b1333643372f8956fa8f219d022cb)
2023-11-03wireguard: T5707: remove previously deconfigured peerChristian Breunig
Changing the public key of a peer (updating the key material) left the old WireGuard peer in place, as the key removal command used the new key. WireGuard only supports peer removal based on the configured public-key, by deleting the entire interface this is the shortcut instead of parsing out all peers and removing them one by one. Peer reconfiguration will always come with a short downtime while the WireGuard interface is recreated. (cherry picked from commit 2fc8738bc9c2fb6364a22d86079e8635cee91949)
2023-11-01T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵Nicolas Fort
firewal, nat and nat66. (cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6)
2023-10-31vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10 (cherry picked from commit ec9a95502daa88b9632af12524e7cefebf86bab6)
2023-10-30vxlan: T5699: migrate "external" CLI know to "parameters external"Christian Breunig
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well. (cherry picked from commit cc7ba8824a5e9ec818f0bbe7fb85e1713a591527)
2023-10-30Merge pull request #2400 from vyos/mergify/bp/sagitta/pr-2355Viacheslav Hletenko
T5643: nat: add interface-groups to nat. Use same cli structure for i… (backport #2355)
2023-10-24Merge pull request #2399 from nicolas-fort/T5637-sagittaDaniil Baturin
T5637: Firewall: add new rule at the end of base chains for default-a…
2023-10-24T5643: nat: add interface-groups to nat. Use same cli structure for ↵Nicolas Fort
interface-name|interface-group as in firewall. (cherry picked from commit 2f2c3fa22478c7ba2e116486d655e07df878cdf4)
2023-10-23T5637: Firewall: add new rule at the end of base chains for default-actions. ↵Nicolas Fort
This enables logs capabilities for default-action in base chains.
2023-10-23T5675: use addr_prefix instead of addr in NAT66 ruleAdam Smith
(cherry picked from commit 0c046a1f5a020af30c9522011aa5c86524874a47)
2023-10-22Merge pull request #2394 from vyos/mergify/bp/sagitta/pr-2391Christian Breunig
T5299: Add missed option ceiling for QoS shaper (backport #2391)
2023-10-22T5299: Add missed option ceiling for QoS shaperViacheslav Hletenko
Add missed option `ceil` for QoS class 'trafficshaper' (cherry picked from commit 5218241e6293317f8837b3f7c3893d653d960993)
2023-10-22bonding: T5254: Fixed changing ethernet when it is a bond memberaapostoliuk
If ethernet interface is a bond memeber: 1. Allow for changing only specific parameters which are specified in EthernetIf.get_bond_member_allowed_options function. 2. Added inheritable parameters from bond interface to ethernet interface which are scpecified in BondIf.get_inherit_bond_options. Users can change inheritable options under ethernet interface but in commit it will be copied from bond interface. 3. All other parameters are denied for changing. Added migration script. It deletes all denied parameters under ethernet interface if it is a bond member. (cherry picked from commit aa0282ceb379df1ab3cc93e4bd019134d37f0d89)
2023-10-19vyos.configdict: T5670: move from str to list when calling conf.exists()Christian Breunig
We have had a mix of both string and list arguments to conf.exists(), stremaline this to only make use of list calls. (cherry picked from commit 3f17de7c32621353b51f782ca889a83cad7a6cfd)