summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2024-06-26interfaces: T6519: harden config migration if ethernet interface is missingChristian Breunig
During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator (cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)
2024-06-24vyos.utils: T6504: add interactive op-/configure mode support for ↵Christian Breunig
get_current_user() (cherry picked from commit 710bb184045baa85897d589ffbc8af14b0fce629)
2024-06-24T6489: add abstraction vyos.utils.configfs to work natively with the config ↵Christian Breunig
filesystem (cherry picked from commit d7a18a3da949bfa3df89661cc0871e8f23b18a10)
2024-06-24T6489: add abstraction vyos.utils.auth.get_current_user()Christian Breunig
(cherry picked from commit e1a34e661d3e5f0090550796ac266dac15e1e337)
2024-06-24T6489: add vyos_configdir to the dictionary of default directoriesChristian Breunig
(cherry picked from commit f0923acffbef04c1f8cf2a6c8a9e2afd66c4a494)
2024-06-21op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot (cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
2024-06-19macsec: T5447: fix error message syntax - there is no tx and rx key, only keyChristian Breunig
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
2024-06-10op-mode: T6471: add optimized get_config_dictJohn Estabrook
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.
2024-06-06grub: T6453: Fixed GRUB variables parsingzsdc
To parse variables with `=` a variable name should be limited by alphanumerical characters only.
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-06Merge pull request #3573 from talmakion/bugfix/T6401-2Daniil Baturin
vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need it
2024-06-05migration: T6006: add activation script dir and helper functionJohn Estabrook
2024-06-05migration: T6447: add module compose_configJohn Estabrook
2024-06-05migration: T6006: update config.boot.default and move to vyos-1xJohn Estabrook
2024-06-01vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need itAndrew Topp
`bridge vni show dev vxlanX` will exit with an error if no VNI filters are installed, but the getter is used even when we haven't installed any. This fix avoids fetching a list of VNI filters unless we know we've created some.
2024-05-30vyos.ifconfig: T6421: verify /etc/hostname exists before readingChristian Breunig
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com>
2024-05-27T5786: Add set/show system image to /image endpointkhramshinr
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-22Merge pull request #3502 from dmbaturin/T6385-yes-no-ctrl-cChristian Breunig
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no
2024-05-22vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_noDaniil Baturin
and return False if the user interrupts the prompt with Ctrl-C
2024-05-22rollback-soft: T6384: tell the user to compare or commitDaniil Baturin
after applying the diff
2024-05-21Merge pull request #3494 from HollyGurza/T6373Christian Breunig
T6373: QoS Policy Limiter - classes for marked traffic do not work
2024-05-21T6373: QoS Policy Limiter - classes for marked traffic do not workkhramshinr
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum>
2024-05-17T6354: do an explicit read from version file to avoid circular referenceJohn Estabrook
2024-05-17T6354: Get rid of the custom boot type check in version.pykhramshinr
2024-05-15T3900: add support for raw table in firewall.Nicolas Fort
2024-05-15op mode: T3355: remove the mention of legacy non-image installationsDaniil Baturin
They were never supported by VyOS, that was just for very old systens upgraded from Vyatta Core
2024-05-12suricata: T751: Initial support for suricataMaxime THIEBAUT
2024-05-10image-tools: T6327: prune, instead of ignore, menu entries with ttyUSBJohn Estabrook
2024-05-10image-tools: T6327: drop boot console type ttyUSBJohn Estabrook
2024-05-10Merge pull request #3410 from fett0/T6303Christian Breunig
Bond: T6303: add system mac address on interfaces bond
2024-05-10bond: T6303: must reset system-mac to 00:00:00:00:00:00 on deletionChristian Breunig
2024-05-10bond: T6303: system-mac is not allowed to be a multicast MAC addressChristian Breunig
2024-05-10bond: T6303: add system mac address on bondfett0
2024-05-08xml: T6319: add util for ancestor owner/priorityJohn Estabrook
2024-05-06vyos.template: T3664: use a module-level global variable for the default ↵Daniil Baturin
template directory as a more convenient and secure alternative to environment variable
2024-05-06T6298: Fix TPM incorrect path for rc_cmdViacheslav Hletenko
Fix import for `rc_cmd`
2024-05-02qos: T6225: Fix qos random-detect policykhramshinr
Fix default values for random-detect Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel
2024-04-26T6269: policy: ensure correct rule parsing when using, and when not using ↵Nicolas Fort
<set table> option in policy route.
2024-04-25Merge pull request #3316 from HollyGurza/T4248Daniil Baturin
qos: T4248: Allow to remove the only rule from the qos class
2024-04-25T6258: Add sysctl base-reachable-time for IPv6Viacheslav Hletenko
Add abiilty to change `base_reachable_time_ms` option /proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
2024-04-22PKI: T6259: Support RFC822 names in certificate generationAlex W
2024-04-21vyos.utils: T6244: add support for year timebase in seconds_to_human()Christian Breunig
We only supported calculating seconds to weeks but not seconds to years. This has been added. Testcase: from vyos.utils.convert import seconds_to_human minute = 60 hour = minute * 60 day = hour * 24 week = day * 7 year = day * 365.25 for separator in ['', ' ', '-', '/']: print(f'----- Using separator "{separator}" -----') print(seconds_to_human(10, separator)) print(seconds_to_human(5* minute, separator)) print(seconds_to_human(3* hour, separator)) print(seconds_to_human(4* day, separator)) print(seconds_to_human(7 * week, separator)) print(seconds_to_human(10 * year, separator)) print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator)) print() cpo@LR1.wue3:~$ ./foo.py ----- Using separator "" ----- 10s 5m 3h 4d 7w 10y 5y4w3d2h1m5s ----- Using separator " " ----- 10s 5m 3h 4d 7w 10y 5y 4w 3d 2h 1m 5s ----- Using separator "-" ----- 10s 5m 3h 4d 7w 10y 5y-4w-3d-2h-1m-5s ----- Using separator "/" ----- 10s 5m 3h 4d 7w 10y 5y/4w/3d/2h/1m/5s
2024-04-21vyos.utils: T6244: use list to build up result stringChristian Breunig
When handling optional separators rather build up a list and join the list with the requested delimiter to form the resulting human readable time string.
2024-04-17Merge pull request #3320 from nicolas-fort/T6191Christian Breunig
T6191: do not append action policy route|route6 when its not specified
2024-04-16image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
2024-04-16T6191: do not append action to firewall and policy route|route6 when its not ↵Nicolas Fort
specified, in order to ensure same behavior as in Equuleus