summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-22Merge pull request #3502 from dmbaturin/T6385-yes-no-ctrl-cChristian Breunig
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no
2024-05-22vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_noDaniil Baturin
and return False if the user interrupts the prompt with Ctrl-C
2024-05-22rollback-soft: T6384: tell the user to compare or commitDaniil Baturin
after applying the diff
2024-05-21Merge pull request #3494 from HollyGurza/T6373Christian Breunig
T6373: QoS Policy Limiter - classes for marked traffic do not work
2024-05-21T6373: QoS Policy Limiter - classes for marked traffic do not workkhramshinr
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum>
2024-05-17T6354: do an explicit read from version file to avoid circular referenceJohn Estabrook
2024-05-17T6354: Get rid of the custom boot type check in version.pykhramshinr
2024-05-15op mode: T3355: remove the mention of legacy non-image installationsDaniil Baturin
They were never supported by VyOS, that was just for very old systens upgraded from Vyatta Core
2024-05-12suricata: T751: Initial support for suricataMaxime THIEBAUT
2024-05-10image-tools: T6327: prune, instead of ignore, menu entries with ttyUSBJohn Estabrook
2024-05-10image-tools: T6327: drop boot console type ttyUSBJohn Estabrook
2024-05-10Merge pull request #3410 from fett0/T6303Christian Breunig
Bond: T6303: add system mac address on interfaces bond
2024-05-10bond: T6303: must reset system-mac to 00:00:00:00:00:00 on deletionChristian Breunig
2024-05-10bond: T6303: system-mac is not allowed to be a multicast MAC addressChristian Breunig
2024-05-10bond: T6303: add system mac address on bondfett0
2024-05-08xml: T6319: add util for ancestor owner/priorityJohn Estabrook
2024-05-06vyos.template: T3664: use a module-level global variable for the default ↵Daniil Baturin
template directory as a more convenient and secure alternative to environment variable
2024-05-06T6298: Fix TPM incorrect path for rc_cmdViacheslav Hletenko
Fix import for `rc_cmd`
2024-05-02qos: T6225: Fix qos random-detect policykhramshinr
Fix default values for random-detect Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel
2024-04-26T6269: policy: ensure correct rule parsing when using, and when not using ↵Nicolas Fort
<set table> option in policy route.
2024-04-25Merge pull request #3316 from HollyGurza/T4248Daniil Baturin
qos: T4248: Allow to remove the only rule from the qos class
2024-04-25T6258: Add sysctl base-reachable-time for IPv6Viacheslav Hletenko
Add abiilty to change `base_reachable_time_ms` option /proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms
2024-04-22PKI: T6259: Support RFC822 names in certificate generationAlex W
2024-04-21vyos.utils: T6244: add support for year timebase in seconds_to_human()Christian Breunig
We only supported calculating seconds to weeks but not seconds to years. This has been added. Testcase: from vyos.utils.convert import seconds_to_human minute = 60 hour = minute * 60 day = hour * 24 week = day * 7 year = day * 365.25 for separator in ['', ' ', '-', '/']: print(f'----- Using separator "{separator}" -----') print(seconds_to_human(10, separator)) print(seconds_to_human(5* minute, separator)) print(seconds_to_human(3* hour, separator)) print(seconds_to_human(4* day, separator)) print(seconds_to_human(7 * week, separator)) print(seconds_to_human(10 * year, separator)) print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator)) print() cpo@LR1.wue3:~$ ./foo.py ----- Using separator "" ----- 10s 5m 3h 4d 7w 10y 5y4w3d2h1m5s ----- Using separator " " ----- 10s 5m 3h 4d 7w 10y 5y 4w 3d 2h 1m 5s ----- Using separator "-" ----- 10s 5m 3h 4d 7w 10y 5y-4w-3d-2h-1m-5s ----- Using separator "/" ----- 10s 5m 3h 4d 7w 10y 5y/4w/3d/2h/1m/5s
2024-04-21vyos.utils: T6244: use list to build up result stringChristian Breunig
When handling optional separators rather build up a list and join the list with the requested delimiter to form the resulting human readable time string.
2024-04-17Merge pull request #3320 from nicolas-fort/T6191Christian Breunig
T6191: do not append action policy route|route6 when its not specified
2024-04-16image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
2024-04-16T6191: do not append action to firewall and policy route|route6 when its not ↵Nicolas Fort
specified, in order to ensure same behavior as in Equuleus
2024-04-16qos: T4248: Allow to remove the only rule from the qos classkhramshinr
2024-04-13Merge pull request #3297 from HollyGurza/T6035Daniil Baturin
qos: T6035: QoS policy shaper queue-type random-detect requires limit avpkt
2024-04-12qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy
2024-04-11T6222: VRRP show prefix for long rfc3768-compatibility interfacesViacheslav Hletenko
If we use rfc3768-compatibility with long interface names like eth1.100.200 it converts the VRRP interface name name to `<interface>v<VRID><IP version>` For example `eth2.100.200v10v4` The limit for interface name is 15 symbols and it causes that interface name is ignoring by keepalived VMAC interface name 'eth2.100.200v10v4' too long or invalid characters - ignoring And it uses the default prefix `vrrp` for such cases. It works fine, but such interfaces are not displayed in the op-mode Allow prefix `vrrp` for the op-mode for `show interfaces`
2024-04-07utils.io: T6207: allow default in select_entryJohn Estabrook
2024-04-06ethernet: T5862: default MTU is not acceptable in some environmentsChristian Breunig
There are cloud environments available where the maximum supported ethernet MTU is e.g. 1450 bytes, thus we clamp this to the adapters maximum MTU value or 1500 bytes - whatever is lower.
2024-04-05Merge pull request #3255 from jestabro/remove-xml-libChristian Breunig
T6203: remove obsoleted xml lib
2024-04-05T6203: remove obsoleted xml libJohn Estabrook
The vyos.xml functionality is replaced with vyos.xml_ref.
2024-04-05T6204: cleanup shebang lineskhramshinr
2024-04-04Merge pull request #3244 from aapostoliuk/T6197-circinusChristian Breunig
T6197: Fixed usage ipoe interface client-subnet without pools
2024-04-04Merge pull request #3214 from nicolas-fort/T6068-keaDaniil Baturin
T6068: dhcp-server: add command <set service dhcp-server high-availability mode>
2024-04-04T6197: Fixed usage ipoe interface client-subnet without poolsaapostoliuk
Allowed using ipoe interface client-subnet without client pools configuration.
2024-04-03T6068: dhcp-server: add command <set service dhcp-server high-availability ↵Nicolas Fort
mode> so user can define what type of ha use: active-active or active-passive
2024-04-03T6199: drop unused Python importsChristian Breunig
found using "git ls-files *.py | xargs pylint | grep W0611"
2024-04-03T6199: replace netifaces.interfaces() with common custom helpersChristian Breunig
* Use interface_exists() outside of verify() * Use verify_interface_exists() in verify() to drop common error message
2024-04-02Merge pull request #3236 from c-po/pki-verifyChristian Breunig
configverify: T6198: add common helper for PKI certificate validation
2024-04-02configverify: T6198: add common helper for PKI certificate validationChristian Breunig
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS.
2024-04-02Merge pull request #3229 from c-po/multi-vrfChristian Breunig
T6192: allow binding SSH to multiple VRF instances
2024-04-01vrf: T3655: always use full nft command name (e.g. --check over -c)Christian Breunig
2024-04-01firewall: T2199: always use full nft command name (e.g. --file over -f)Christian Breunig