summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2023-11-22T5637: firewall: extend rule for default-action to firewall bridge, in order ↵Nicolas Fort
to be able to catch logs using separte rule for default-action
2023-11-16Merge pull request #1768 from zdc/T4516-sagittaJohn Estabrook
image: T4516: Added system image tools
2023-11-16tunnel: T3894: improve get_mac_synthetic() codeChristian Breunig
Remove stray whitespace in sed script and call Section.interfaces with vlan=False instead of a custom filter. This extends commit f19c92f25 ("tunnel: T3894: fix design when building synthetic MAC addresses")
2023-11-16image: T4516: add raid-1 install supportJohn Estabrook
2023-11-16image: T4516: ensure compatibility with legacy RAID 1 installsJohn Estabrook
2023-11-16image: T4516: restore select entry to set/delete imageJohn Estabrook
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D
2023-11-15image: T4516: support for interoperability of legacy/new image toolsJohn Estabrook
This commit allows management of system images with either new or legacy tools: 'add/delete/rename system image' and 'set default' are translated appropriately on booting between images with the old and new tools. Consequently, the warning of the initial commit of T4516 is dropped.
2023-11-15image: T4516: improve format of 'show system image details'John Estabrook
2023-11-15image: T5195: vyos.util -> vyos.utils package refactoringJohn Estabrook
2023-11-15image: T4516: remove unused file, replaced by vyos/system/image.pyJohn Estabrook
2023-11-15image: T4516: correct permissions on creation of config directoryJohn Estabrook
2023-11-15image: T4516: Added system image toolszsdc
This commit adds the whole set of system image tools written from the scratch in Python that allows performing all the operations on images: * check information * perform installation and deletion * versions management Also, it contains a new service that will update the GRUB menu and keep tracking its version in the future. WARNING: The commit contains non-reversible changes. Because of boot menu changes, it will not be possible to manage images from older VyOS versions after an update.
2023-11-15Merge pull request #2476 from c-po/frr-pim-T5733Christian Breunig
pim(6): T5733: add missing FRR related features
2023-11-15Merge pull request #2483 from erkin/noninteractiveChristian Breunig
remote: T5726: Disable the progressbar if the shell is noninteractive or the terminal is missing capabilities
2023-11-14remote: T5726: Disable the progressbar if the shell is noninteractive or the ↵erkin
terminal is missing capabilities
2023-11-13pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR.
2023-11-12Merge pull request #2435 from bbabich/currentChristian Breunig
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper)
2023-11-12T5658: add common methods interface_list() and vrf_list() to vyos.utils.networkChristian Breunig
Reduce amount of duplicated (3 times) code in op-mode scripts for ping, traceroute and mtr.
2023-11-10T5729: firewall: switch to valueless in order to remove unnecessary ↵Nicolas Fort
<enable|disable> commands; log and state moved to new syntax.
2023-11-02wireguard: T5707: remove previously deconfigured peerChristian Breunig
Changing the public key of a peer (updating the key material) left the old WireGuard peer in place, as the key removal command used the new key. WireGuard only supports peer removal based on the configured public-key, by deleting the entire interface this is the shortcut instead of parsing out all peers and removing them one by one. Peer reconfiguration will always come with a short downtime while the WireGuard interface is recreated.
2023-11-01Merge pull request #2370 from sever-sever/T1797Viacheslav Hletenko
T1797: Delete VPP from vyos-1x as it is implemented in addon
2023-10-31Merge pull request #2413 from c-po/t5668-vxlanChristian Breunig
vxlan: T5668: add CLI knob to enable ARP/ND suppression
2023-10-30vxlan: T5699: migrate "external" CLI know to "parameters external"Christian Breunig
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well.
2023-10-30vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10
2023-10-25T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵Nicolas Fort
(valid for interfaces and groups) in firewal, nat and nat66.
2023-10-24Merge pull request #2355 from nicolas-fort/T5643Christian Breunig
T5643: nat: add interface-groups to nat. Use same cli structure for i…
2023-10-22T5675: use addr_prefix instead of addr in NAT66 ruleAdam Smith
2023-10-22T5299: Add missed option ceiling for QoS shaperViacheslav Hletenko
Add missed option `ceil` for QoS class 'trafficshaper'
2023-10-19Merge pull request #2378 from c-po/bridge-t5670Christian Breunig
bridge: T5670: add missing constraint on "member interface" node
2023-10-19Merge pull request #2344 from nicolas-fort/T5637Christian Breunig
T5637: add new rule at the end of base chains for default-actions and log capabilities
2023-10-19vyos.configdict: T5670: move from str to list when calling conf.exists()Christian Breunig
We have had a mix of both string and list arguments to conf.exists(), stremaline this to only make use of list calls.
2023-10-17configdep: T5662: fix incorrect inspect.stack index of calling scriptJohn Estabrook
2023-10-17T1797: Delete VPP from vyos-1x as it is implemented in addonViacheslav Hletenko
2023-10-14Merge pull request #2359 from erkin/progressbarChristian Breunig
remote: T5650: Resize-aware progressbar implementation
2023-10-12remote: T5650: Resize-aware progressbar implementationerkin
2023-10-12Merge pull request #2277 from aapostoliuk/T5254-1-sagittaDaniil Baturin
bonding: T5254: Fixed changing ethernet when it is a bond member
2023-10-11T5643: nat: add interface-groups to nat. Use same cli structure for ↵Nicolas Fort
interface-name|interface-group as in firewall.
2023-10-06T5637: add new rule at the end of base chains for default-actions. This ↵Nicolas Fort
enables log capabilities for default-action in base chains. And of course, add option for enabling log for default-action
2023-10-05Merge pull request #2339 from jestabro/save-json-on-commitChristian Breunig
config: T5631: save copy of config in JSON format on commit
2023-10-05config: T5631: save copy of config in JSON format on commitJohn Estabrook
2023-10-04T4320: remove references to obsoleted legacy version filesJohn Estabrook
2023-10-03bonding: T5254: Fixed changing ethernet when it is a bond memberaapostoliuk
If ethernet interface is a bond memeber: 1. Allow for changing only specific parameters which are specified in EthernetIf.get_bond_member_allowed_options function. 2. Added inheritable parameters from bond interface to ethernet interface which are scpecified in BondIf.get_inherit_bond_options. Users can change inheritable options under ethernet interface but in commit it will be copied from bond interface. 3. All other parameters are denied for changing. Added migration script. It deletes all denied parameters under ethernet interface if it is a bond member.
2023-09-29T5616: firewall: add option to be able to match firewall marks in firewall ↵Nicolas Fort
filter and in policy route.
2023-09-28firewall: T5217: Synproxy bugfix and ct state conflict checkingsarthurdev
2023-09-28Merge pull request #2295 from sever-sever/T5217-synproxyChristian Breunig
T5217: Add firewall synproxy
2023-09-24firewall: T5614: Add support for matching on conntrack helpersarthurdev
2023-09-22Merge pull request #2298 from jestabro/disk-by-idChristian Breunig
smoketest: T5607: support getting SCSI device by drive-id
2023-09-21T5217: Add firewall synproxyViacheslav Hletenko
Add ability to SYNPROXY connections It is useful to protect against TCP SYN flood attacks and port-scanners set firewall global-options syn-cookies 'enable' set firewall ipv4 input filter rule 10 action 'synproxy' set firewall ipv4 input filter rule 10 destination port '22' set firewall ipv4 input filter rule 10 inbound-interface interface-name 'eth1' set firewall ipv4 input filter rule 10 protocol 'tcp' set firewall ipv4 input filter rule 10 synproxy tcp mss '1460' set firewall ipv4 input filter rule 10 synproxy tcp window-scale '7'
2023-09-21frr: T5591: cleanup of daemons fileApachez