summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2021-08-29vyos.ethtool: T3163: add check_speed_duplex() methodChristian Poessinger
Add a new method which supports checking if the desired speed and duplex setting is actually supported by the underlaying network interface card. >>> from vyos.ethtool import Ethtool >>> tmp = Ethtool('eth0') >>> tmp.check_speed_duplex('100', 'full') False >>> tmp.check_speed_duplex('1000', 'full') True
2021-08-29vyos.ethtool: T3163: prefix class internal data structures with _Christian Poessinger
2021-08-29vyos.ethtool: T3163: drop obsoleted is_fixed_lro() methodChristian Poessinger
Commit d22f97af ("vyos.ethtool: T3163: rename unused methods for offload validation") reworked the entire class on how data should be presented to the user, but forgot to drop the is_fixed_lro() method.
2021-08-29interfaces: T3777: Does not delete empty eui64 addressViacheslav
Check eui64_old value before deleting It can be empty or not ipv6 address. (cherry picked from commit 0de23064b9d575ce0569839e3b4453a0c2e9dc1c)
2021-08-28vyos.ifconfig: T3619: only set offloading options if supported by NICChristian Poessinger
In the past we always told ethtool to change the offloading settings, even if this was not supported by the underlaying driver. This commit will only change the offloading options if they differ from the current state of the NIC and only if it's supported by the NIC. If the NIC does not support setting the offloading options, a message will be displayed for the user: vyos@vyos# set interfaces ethernet eth2 offload gro vyos@vyos# commit [ interfaces ethernet eth2 ] Adapter does not support changing large-receive-offload settings!
2021-08-28vyos.ethtool: T3163: rename unused methods for offload validationChristian Poessinger
2021-08-28Merge pull request #980 from zdc/T3763-sagittaChristian Poessinger
wireguard: T3763: Added check for listening port availability
2021-08-27vyos.ifconfig: pppoe: T3778: bugfix assignemnt of cached configChristian Poessinger
We need to copy the configuration before this is done in super().update() as we utilize self.set_dhcpv6() before this is done by the base class.
2021-08-26vyos.util: T3763: Optimized the check_port_availability functionzsdc
`print` was removed or replaced to `ValueError`, where possible.
2021-08-26wireguard: T3763: Added check for listening port availabilityzsdc
Each wireguard interface requires a unique port for in and out connections. This commit adds the new `vyos.util` function - `check_port_availability`, and uses it to be sure that a port that is planned to be used for wireguard interface is truly available and not used by any other services (not only other wireguard interfaces).
2021-08-25ipsec: T3775: Diffie Hellman Group 21 uses NIST Elliptic Curve "ecp521"Christian Poessinger
... there was a type setting ecp512 instead of ecp521.
2021-08-24vyos.ifconfig: T3772: bugfix missing VRRP interfacesChristian Poessinger
When the interface name was stripped down from "eth0.201" to "eth" to determine the appropriate interface section, VRRP interfaces got left out on the call to rstrip(). VRRP interfaces now show up in "show interfaces" as they did in VyOS 1.2. vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address S/L Description --------- ---------- --- ----------- dum0 172.18.254.201/32 u/u eth0 - u/u eth0.10 172.16.33.8/24 u/u eth0.201 172.18.201.10/24 u/u eth1 10.1.1.2/24 u/u eth1v10 10.1.1.1/24 u/u eth2 - u/u lo 127.0.0.1/8 u/u ::1/128
2021-08-21vyos.configverify: use build-in functions for verify_interface_exists()Christian Poessinger
2021-08-21vyos.configdict: leaf_node_changed() must return empty dict when node is addedChristian Poessinger
vyos@vyos# show interfaces pppoe pppoe pppoe10 { + access-concentrator asdfg authentication { password bar user foo } default-route force no-peer-dns source-interface eth0.202 } vyos@vyos# python3 Python 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from vyos.config import Config >>> from vyos.configdict import get_interface_dict >>> from vyos.configdict import leaf_node_changed >>> conf = Config() >>> base = ['interfaces', 'pppoe'] >>> tmp = get_interface_dict(conf, base, 'pppoe10') >>> leaf_node_changed(conf, ['access-concentrator']) >>> ['']
2021-08-21pppoe: T3090: migrate to vyos.ifconfig library to use the full potentialChristian Poessinger
Now that MSS clamping is done on the "per-interface" level the entire PPPoE stuff would have needed to get a full copy in GNU BASH for this or, participate in the common library. Add a new PPP ip-up script named 99-vyos-pppoe-callback which will call the vyos.ifconfig.PPPoEIf.update() function to configure everything as done with all other interfaces. This removes duplicated code for VRF assignment and route installation when a PPPoE interface is brought up or down.
2021-08-21vyos.ifconfig: provide generic get_mac_synthetic() methodChristian Poessinger
WireGuard, Tunnel and also PPPoE all need a ways to calculate a synthetic MAC address used for the EUI64 link-local addresses. Instead of copying the code from Tunnel to WireGuard to PPPoE, use a generic implementation.
2021-08-21vyos.configdict: add note when using leaf_node_changed()Christian Poessinger
2021-08-21vyos.ifconfig: bridge: remove missleading comment in update()Christian Poessinger
2021-08-21interfaces: T3090: migrate adjust-mss from "firewall options" to "interface" ↵Christian Poessinger
level Getting rid of "set firewall options" and move it from: set firewall options interface ethX adjust-mss 1400 set firewall options interface ethX adjust-mss6 1400 to: set interfaces ethernet ethX ip adjust-mss 1400 set interfaces ethernet ethX ipv6 adjust-mss 1400 In addition add an extra option called clamp-mss-to-pmtu instead of a value.
2021-08-21T1950: fix permissions on component-versions.json fileJohn Estabrook
2021-08-20T1950: write component versions to json file during migrationJohn Estabrook
2021-08-19T3768: Revert "T1950: Add support for reading component versions ..."John Estabrook
This reverts commit 29e438755c8bd2b9598a2016a3c42891f0cbfa1d.
2021-08-19xml: T3474: add syntaxVersion processing to python xml libJohn Estabrook
2021-08-14vyos.util: T1503: use build in methods to determine current user for ↵Christian Poessinger
commit_in_progress()
2021-08-13vyos.util: "harden" is_systemd_service_running() functionChristian Poessinger
Inspired by the comments of https://unix.stackexchange.com/a/435317 use a more robust approach. A service can be "active" but not "running" (e.g. restarting with a configuration error). We can now test if a systemd unit is "activated" and if it is "running" at all. >>> from vyos.util import is_systemd_service_active >>> from vyos.util import is_systemd_service_running >>> is_systemd_service_active('ssh') True >>> is_systemd_service_running('sshd') False >>> is_systemd_service_running('ssh') True
2021-08-13xml: T3234: update instead of overwrite on repeated pathJohn Estabrook
2021-08-11accel-ppp: T3731: eliminate service name from error messageChristian Poessinger
VyOS will automatically append the subsystem name (pppoe-server or sstp) when something goes wrong. No need to hardcode this into the error string a second time.
2021-08-09ipsec: T3720: assigning vti secondary address caused interface in A/D stateChristian Poessinger
2021-08-06http-api: T2768: example using GraphQL for high-level config operationsJohn Estabrook
2021-08-06Revert "http-api: T2768: example using GraphQL for high-level config operations"John Estabrook
This reverts commit a2b959c50c96698da173b9c4720369a51442cc5c.
2021-08-06http-api: T2768: example using GraphQL for high-level config operationsJohn Estabrook
2021-08-06vyos.template: T2720: allow setting template directoryJohn Estabrook
2021-08-04configquery: T3402: remove restriction of query to active configJohn Estabrook
2021-08-04configquery: T3402: fix importsJohn Estabrook
2021-08-03configquery: T3402: add op-mode get_config_dictJohn Estabrook
2021-08-03configquery: T3402: add class using configtree to list tag node valuesJohn Estabrook
The class ConfigTreeActiveQuery uses configtree to access tag node values; note that this will only report saved configuration data.
2021-08-02l2tpv3: T1594: Fix timeout before set l2tpv3 interfaceViacheslav
In some cases, we need to wait until local address is assigned. And only then l2tpv3 tunnel can be configured. For example when ipv6 address is in "tentative" state or we wait for some routing daemon/route for a remote address.
2021-07-30vyos.util: drop custom implementations in favor of is_systemd_service_running()Christian Poessinger
Commit f520182b ("vyos.util: add is_systemd_service_running() helper function") added a new helper function that can be used to check if a systemd service is running. Drop all custom implementations in favor of this library call.
2021-07-30vyos.util: add is_systemd_service_running() helper functionChristian Poessinger
Test is a specified systemd service is actually running. Returns True if service is running, false otherwise.
2021-07-21pki: openvpn: T3642: Migrate OpenVPN to PKI and refactorsarthurdev
2021-07-20ipsec: T1210: add op-mode command for macOS and iOS profile generationChristian Poessinger
generate ipsec mac-ios-profile <connection> remote <ip|fqdn> will generate a matching IPSec profile which can be loaded on an iOS device.
2021-07-20pki: eapol: T3642: Migrate EAPoL to use PKI configurationsarthurdev
2021-07-19pki: wireguard: T3642: Migrate Wireguard private key directly into CLIsarthurdev
Also renames peer pubkey to public-key for consistency
2021-07-17Merge pull request #927 from zdc/T3655-sagittaChristian Poessinger
VRF: T3655: proper connection tracking for VRFs
2021-07-17VRF: T3655: proper connection tracking for VRFszsdc
Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones
2021-07-13T3679: Update the unexpected exception messageerkin
2021-07-13T3663: add a small sleep between polling for a new inotify event.Daniil Baturin
2021-07-13T3663: use inotify-based watching in "show vrrp".Daniil Baturin
2021-07-08T3663: add pre_hook argument to util.wait_for_inotifyDaniil Baturin
When waiting for processes that don't take long, we need add an inotify watcher _before_ starting that process. The pre-hook arguments allows the user to pass a () -> () anonymous function to be called before adding a watch.
2021-07-08T3663: fix the call to time.time() to match the new import scheme.Daniil Baturin