summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2022-07-20Merge pull request #1351 from dmbaturin/genopJohn Estabrook
T2719: prototype of an op mode command runner based on type hints and introspection
2022-07-20T2719: fix indentation in vyos.opmodeDaniil Baturin
2022-07-20T2719: fix a stray empty key in the CPU data dictDaniil Baturin
2022-07-19T2719: patch for general support for boolean optionsJohn Estabrook
Signed-off-by: Daniil Baturin <daniil@vyos.io>
2022-07-15interfaces: T4525: interfaces can not be member of a bridge/bond and a VRFChristian Poessinger
2022-07-15bond: T4525: fix adding member interface to bond after removing VRFChristian Poessinger
When removing a VRF from an ethernet interface and adding the interface to a bond in the same commit led to an OSError: [Errno 16] Device or resource busy!
2022-07-15vyos.configdict(): T4228: is_member() must return member interface config dictChristian Poessinger
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real" hardware interface") and returns the config dict of the used member interfaces.
2022-07-15bond: bridge: T4534: error out if member interface is assigned to a VRF instanceChristian Poessinger
It makes no sense to enslave an interface to a bond or a bridge device if it is bound to a given VRF. If VRFs should be used - the encapuslating/master interface should be part of the VRF. Error out if the member interface is part of a VRF.
2022-07-14interface: T4056: Fix unexpected delete tc qdiscDaniilHarun
2022-07-11vyos.configdict(): T4228: is_member() must split VLAN interfacesChristian Poessinger
Commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real" hardware interface") added a bugfix on calling is_member() to retrieve the real physical information about an interface. It did not include a code path to also split up VLAN interfaces. This has been fixed.
2022-07-10bond: T4522: add ability to specify mii monitor interval via CLIChristian Poessinger
Linux Kernel supports to specify the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The default value is 100. set interfaces bonding bond0 mii-mon-interval <n>
2022-07-10vyos.configdict(): T4228: is_member() must use the "real" hardware interfaceChristian Poessinger
When is_member() is inspecting the bridge/Bond member interfaces it must work with the real interface (e.g. eth1) under the "ethernet" node and not work on the "member interface eth1" CLI tree, that makes no sense at all.
2022-07-10bond: T1557: re-add miimon configuration - lost in translationChristian Poessinger
2022-07-10bond: T4521: ARP monitor interval is not configured despite set via CLIChristian Poessinger
The code path for changing the interval is never executed.
2022-07-09ip: T4517: add option to enable directed broadcast forwardingYuxiang Zhu
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
2022-07-05T2719: add general support for boolean options to generative op modeDaniil Baturin
Since Python as of 3.9 doesn't give us an option to look up argument's default value by its name, this implementation requires that all boolean options must default to false.
2022-07-04firewall: T4299: Add ability to inverse match country codessarthurdev
2022-07-01Merge pull request #1380 from sarthurdev/ovpn-multi-caChristian Poessinger
openvpn: T4485: Accept multiple tls ca-certificate values
2022-07-01vti: T2455: add link-local IPv6 address supportChristian Poessinger
Interface should receive an auto generated link-local IPv6 address as we do with all VyOS interfaces by default.
2022-06-29openvpn: T4485: Update PKI migrator to handle full CA chain migrationsarthurdev
* Also determines and maps to correct CA for migrated CRL
2022-06-29bridge: add option to enable/disable IGMP/MLD snoopingYuxiang Zhu
This PR adds an config option to enable/disable IGMP/MLD snooping. ``` set interfaces bridge brN igmp snooping ```
2022-06-29openvpn: T4485: Accept multiple `tls ca-certificate` valuessarthurdev
2022-06-25interfaces: dhcp: T4482: toggle of "dhcp-options no-default-route" has no effectChristian Poessinger
Error introduced by commit 85d6c8f7c ("vyos.configdict: T4391: enable get_interface_dict() ti be used with ConfigTreeQuery()"). Reason was the still in use relative path on calls to node_changed(), these got replaced with absolute config paths and the new implementation if is_node_changed().
2022-06-25dhcp: pppoe: T4384: bugfix not honoring no-default-route CLI optionChristian Poessinger
Commit a2ab95ff68b ("pppoe: T4384: replace default-route CLI option with common CLI nodes already present for DHCP") had an issue as the PPPoE interface options and also DHCP interface options did not honor the no-default-route option. This has been fixed.
2022-06-20T2719: use _is_show for detecting show functionsDaniil Baturin
2022-06-16vyos.ifconfig: T4384: fix file permission (664) on interface.pyChristian Poessinger
2022-06-16T2719: make re functions usage in vyos.opmode more consistentDaniil Baturin
2022-06-15T2719: correctly handle the raw argument for all show_* commandsDaniil Baturin
2022-06-15T2719: handle the case when script subcommand is not givenDaniil Baturin
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-06-10Firewall:T4458: Add ttl match option in firewallNicolas Fort
2022-06-10Merge pull request #1322 from nicolas-fort/T3907-fwall-logDaniil Baturin
Firewall: T3907: add log-level options in firewall
2022-06-09Merge pull request #1327 from sever-sever/T970Christian Poessinger
firewall: T970: Add firewall group domain-group
2022-06-09T2719: prototype of an op mode command runnerDaniil Baturin
based on type hints and introspection
2022-06-05firewall: T970: Maintain a domain state to fallback if resolution failssarthurdev
2022-05-31pki: T3642: Update conf scripts using changed PKI objectssarthurdev
2022-05-30pki: T3642: Add ability to import files into PKi configurationsarthurdev
2022-05-29vyos.frr: T2472: add wigrpd supportChristian Poessinger
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-05-27Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8Nicolas Fort
2022-05-25Merge pull request #1333 from sever-sever/T4442John Estabrook
http-api: T4442: Add action reset
2022-05-26http-api: T4442: Add action resetViacheslav Hletenko
Add action 'reset' (op-mode) for HTTP-API http://localhost/reset curl --unix-socket /run/api.sock -X POST -Fkey=mykey \ -Fdata='{"op": "reset", "path": ["ip", "bgp", "192.0.2.14"]}' \ http://localhost/reset
2022-05-25configtest: T4382: bgp migration scripts need to follow quagga scriptsJohn Estabrook
The configs bgp_bfd_communities and bgp_big_as_cloud reveal a counterexample to the independence of component migration scripts: quagga migration scripts must precede those of bgp; explicitly reorder from lexical order.
2022-05-19T4432: display load averages normalized for the number of CPU coresDaniil Baturin
2022-05-11Firewall: T3907: add log-level options in firewallNicolas Fort
2022-05-09Merge pull request #1279 from nicolas-fort/T990Christian Poessinger
Firewall: T990: Add snat and dnat connection status on firewall