summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2024-03-23vyos.configverify: T6131: verify_interface_exists() checks CLI interfaces, tooChristian Breunig
Extend the way how we determine if interfaces exist in VyOS. In the past we only validated if the interface in question really exists at the OS level. This has some drawbacks as services (like OSPF or OSPFv3) can also handle interfaces dynamically which appear or leaf the OS. This commit not only checks for OS interfaces but also if the interface in question was configured at the CLI level, this is proof enough to pass the check. If it does not exist at the CLI level, we continue searching it it's maybe a Kernel interface - useful for container networks. In addition we can now not only raise() an error but simply show a warning if an interface does not exist.
2024-03-21xml: T6146: add utils and helper to provide priority dataJohn Estabrook
2024-03-21Merge pull request #3157 from c-po/vti-T6085Daniil Baturin
vti: T6085: interface is always down and only enabled by IPSec daemon
2024-03-20bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad
2024-03-20vti: T6085: interface is always down and only enabled by IPSec daemonChristian Breunig
When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected. This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected. This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script. Error was introduced during the Perl -> Python migration and move to the generic vyos.ifconfig abstraction during the 1.4 development cycle.
2024-03-19Merge pull request #3131 from HollyGurza/T1871Christian Breunig
qos: T1871: add MTU option when configure limiter traffic-policy
2024-03-19Merge pull request #3035 from jestabro/replace-backslashJohn Estabrook
T5996: selectively escape and restore single backslashes in config
2024-03-18qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test
2024-03-17T6133: append domain-name to commit-archive if definedChristian Breunig
2024-03-13grub: T4548: Fixed configuration files orderzsdc
To iterate files on ext* file systems GRUB reads their inodes one by one, ignoring names. This breaks our configuration logic that relies on proper loading order. This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB configuration files are created. It recreates files, changing their inodes in a way where inodes order matches alphabetical order.
2024-03-09Merge pull request #3106 from sarthurdev/T6102Daniil Baturin
dhcp: T6102: Fix clear DHCP lease op-mode
2024-03-08dhcp: T3316: De-duplicate Kea control socket variablesarthurdev
2024-03-07Merge pull request #1740 from sarthurdev/tpm_luksDaniil Baturin
config: T4919: Add support for encrypted config with TPM
2024-03-07config: T4919: Add support for encrypted config file with TPMsarthurdev
2024-03-06dhcp: T6102: Fix clear DHCP lease op-modesarthurdev
* Add `clear dhcpv6-server lease` * Standardize using vyos.opmode
2024-03-06remote: T6104: fix logic of failure case in MissingHostKeyPolicyJohn Estabrook
2024-03-05T6061: fix rule parsing when connection-status is usedNicolas Fort
2024-03-04Merge pull request #3068 from natali-rs1985/T5646-currentDaniil Baturin
qos: T5646: Skip add filter for qos policy limiter class without match
2024-03-04Merge pull request #3077 from c-po/ethtoolDaniil Baturin
vyos.ethtool: T6083: use JSON input data #2
2024-03-04T6086: NAT: fix nat rules when using source-groups and translation address ↵Nicolas Fort
is a network.
2024-03-03vyos.ethtool: T6083: use JSON input data for ethernet interface flow-control ↵Christian Breunig
settings
2024-03-03vyos.ethtool: T6083: use JSON input data for ethernet driver feature detectionChristian Breunig
Feature detection is used to see if certain offload settings are available on the given NIC.
2024-03-02Merge pull request #3072 from c-po/ethtoolDaniil Baturin
vyos.ethtool: T6083: use JSON input data for ring-buffer methods
2024-03-01vyos.ethtool: T6083: use JSON input data for ring-buffer methodsChristian Breunig
2024-03-01qos: T6081: QoS policy shaper target and interval wrong calcuationsNataliia Solomko
2024-03-01T5646: Skip add filter for qos policy limiter class without matchNataliia Solomko
2024-02-29Merge pull request #2659 from jestabro/remove-trivial-redundanciesJohn Estabrook
configdep: T5839: remove trivially redundant config dependency calls
2024-02-29Merge pull request #3052 from up-n-atom/fix-ethtool-out-of-bounds-accessChristian Breunig
vyos.ethtool: T6070: fix EEE reading the incorrect status line
2024-02-28configdep: T5660: remove global redundancies under vyos-configdJohn Estabrook
2024-02-28configdep: T5839: remove trivially redundant config dependency callsJohn Estabrook
2024-02-27vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is ↵sarthurdev
required
2024-02-26vyos.ethtool: T6070: fix EEE reading the incorrect status lineup-n-atom
EEE enabled status is on the 2nd line of ethtool output and not the 3rd. Subsequently, reading the 3rd line was causing an out-of-bounds access for the bnx2x driver as well.
2024-02-25dhcp-server: T6063: Add `ignore-client-id` to relax client identifier checks ↵sarthurdev
for leases
2024-02-21T5996: selectively escape and restore single backslashes in configJohn Estabrook
2024-02-17image-tools: T6041: fix logic of is_live_boot to allow for PXE bootJohn Estabrook
2024-02-15Merge pull request #3004 from aapostoliuk/T6029-circinusDaniil Baturin
T6029: Rewritten Accel-PPP services to an identical feature set
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code.
2024-02-13Merge pull request #2998 from sarthurdev/T5992Christian Breunig
dhcpv6-server: T5992: Fix op-mode DHCP lease output + updates
2024-02-13Merge pull request #2988 from c-po/pki-rpki-t6034Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
2024-02-13dhcpv6-server: T5992: Fix op-mode Kea DHCP lease outputsarthurdev
Due to Kea's lease file cleanup, the CSV file content is inconsistent. This commit makes changes to use the Kea control socket to fetch current lease information.
2024-02-13dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally ↵sarthurdev
connected interfaces Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
2024-02-11pki: T6034: add OpenSSH key supportChristian Breunig
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa'
2024-02-09T6028: Fix QoS policy shaper wrong class_id_max and default_minor_idViacheslav Hletenko
The `class_id_max` is wrong due to `tmp.sort` of Strings If we have class 5 and class 10 we get sorted max value 5, expected 10 ``` >>> tmp = ['5', '10'] >>> tmp.sort() >>> tmp ['10', '5'] >>> >>> hex(5+1) '0x6' >>> >>> hex(10+1) '0xb' >>> ``` This way we get wrong default maximum class value: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6 ``` Expect: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b ``` Fix this converting Strings to Integers and get max value.
2024-02-08Merge pull request #2950 from aapostoliuk/T5960-circinusDaniil Baturin
T5960: Rewritten authentication node in PPTP to a single view
2024-02-08Merge pull request #2507 from erkin/image-toolsDaniil Baturin
op-mode: T4038: Python rewrite of image tools
2024-02-07Merge pull request #2959 from c-po/init-T2044-rpki-part-2Christian Breunig
init: T2044: only start rpki if cache is configured
2024-02-07init: T2044: only start rpki if cache is configuredChristian Breunig
This extends commit 9199c87cf ("init: T2044: always start/stop rpki during system boot") to check the bootup configuration if an RPKI cache is defined. Only start RPKI if this is the case.
2024-02-07T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication.
2024-02-07T6021: Fix QoS shaper r2q calculationViacheslav Hletenko
The current calculation `r2q` is wrong as it uses `Floor division` but expecting `division` This way `math.ceil` calculate wrong value as we expect round a number upward to its nearest integer For example for speed 710 mbits expected value `444` but we get `443` ``` from math import ceil MAXQUANTUM = 200000 speed = 710000000 speed_bps = int(speed) // 8 >>> speed_bps // MAXQUANTUM 443 >>> speed_bps / MAXQUANTUM 443.75 >>> >>> >>> ceil(speed_bps // MAXQUANTUM) 443 >>> ceil(speed_bps / MAXQUANTUM) 444 >>> ```
2024-02-05image-tools: T6016: wait for umount in cleanup functionJohn Estabrook