summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2022-01-04firewall: T4130: Fix firewall state-policy errorssarthurdev
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy
2021-12-06zone_policy: T3873: Implement intra-zone-filteringsarthurdev
2021-12-06policy: T2199: Migrate policy route to XML/Pythonsarthurdev
2021-12-06firewall: T2199: Migrate firewall to XML/Pythonsarthurdev
2021-12-02configquery: T3402: use vyatta-op-cmd-wrapper to provide environmentJohn Estabrook
2021-12-03T4035: correct the interface basename extraction logicDaniil Baturin
to avoid confusing 'v' in GENEVE interface prefix ('gnv') with a "vXXX" part of a VRRP interface
2021-12-02Merge pull request #1092 from erkin/currentChristian Poessinger
remote: T4037: Follow HTTP redirects
2021-12-02remote: T4037: Follow HTTP redirectserkin
2021-11-27frr: T3753: autosave config when calling commit_configuration()Christian Poessinger
2021-11-27frr: T3753: raise ConfigurationNotValid if commit loop counter is exceededChristian Poessinger
2021-11-27Merge pull request #1089 from c-po/t3753-frr8Christian Poessinger
T3753 - CLI adjustments for FRR8.1
2021-11-27frr: alwaws try to commit connfig 5 timesChristian Poessinger
As a result to some frr-reload bugs workarounded in commit 3800ea91 or fe0038c2 this commit adds the workaround in general.
2021-11-27vyos.frr: T3753: use "!" as replacement character over ""Christian Poessinger
2021-11-27frr: T3753: add default_add_before mnemonic for routing protocols to re-use codeChristian Poessinger
2021-11-27bfd: T3753: FRR 8 added support for bfdd when using frr-reload.pyChristian Poessinger
2021-11-24T3356: Rewrite remote.pyerkin
2021-11-19ethernet: T4011: deleting interface should place interface in admin down stateChristian Poessinger
Interface will still be visible to the operating system.
2021-11-19wwan: T3620: fix commend in remove()Christian Poessinger
Improve commend in WWANIf.remove() - remove() was implemented in commit d588a968 ("wwan: T3620: place interface in A/D state when removed").
2021-11-18wwan: T3620: place interface in A/D state when removedChristian Poessinger
(cherry picked from commit 61e4d75abb1129f63df5a47b9c9bf0553850d893)
2021-11-18wwan: T3795: make connect and disconnect op-mode commands aware to WWAN ↵Christian Poessinger
interfaces (cherry picked from commit a032d73f1d405f3bae269791e9064026faa491d9)
2021-11-11Merge pull request #1066 from sarthurdev/pki_installChristian Poessinger
pki: T3970: Allow op-mode PKI commands in a config session to install directly
2021-11-09pki: T3970: Allow op-mode PKI commands in a config session to install directlysarthurdev
2021-11-07protocols: static: T3680: fix indention and if branch logicChristian Poessinger
This fixes an indention bug and a wrong if-statememnt from commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes")
2021-11-07dhcp: T3680: fix lease filename for Vlan interfacesChristian Poessinger
2021-11-07protocols: static: T3680: do not delete DHCP received routesChristian Poessinger
An ISC DHCP hook script is used to install the received default route into FRR by simple calls to vtysh. By moving to frr-reload.py the DHCP default route was deleted as it was not found in the running config. This commit checks all interfaces if DHCP is enabled and if so - will dynamically add the route to the generated FRR configuration.
2021-11-05vyos.configdict: T3972: bugfix QinQ vif-c removal triggered KeyErrorChristian Poessinger
Generic get_removed_vlans() function replaced the entire config dict when any QinQ vif-c subinterface was deleted.
2021-11-03sstp: T2566: use XML defaultValue over Jinja2 hardcoded valueChristian Poessinger
(cherry picked from commit 01ed77040ec9493e4ca1cf868ff3c22847da4487)
2021-11-01interfaces: T2281: Ability to set static and DHCP addr on same interfaceViacheslav
There are not any reason to enable only DHCP or only static address on interface at the same time It is possible to have both.
2021-10-25Merge pull request #1040 from dmbaturin/T3937Christian Poessinger
T3937: rewrite the "show system memory" script in Python
2021-10-24vyos.ethtool: T3935: relax __init__() when driver name is not detectedChristian Poessinger
In addition to commit 0b414bcd ("vyos.ethtool: T3874: do not throw exception if adapter has issues with autoneg") we should also not care too strict when locating the driver name. This might cause false positives.
2021-10-24T3937: rewrite the "show system memory" script in PythonDaniil Baturin
2021-10-21tunnel: T3925: dhcp-interface was of no use - use source-interface insteadChristian Poessinger
(cherry picked from commit c1015d8ce0013719eb898b60b14ffec192b8141c)
2021-10-11vyos.configdict: T2653: do not merge in defaults when interface is deletedChristian Poessinger
It makes less to zero sense to blend in the default values of an interface when it is about to be deleted from the system anyways - this makes the entire dict just cleaner and easier to debug.
2021-10-09tunnel: T3894: fix design when building synthetic MAC addressesChristian Poessinger
It seems not all systems have eth0 - get a list of all available Ethernet interfaces on the system (without VLAN subinterfaces) and then take the first one.
2021-10-02vyos.ifconfig: T3883: bugfix VRF deletionChristian Poessinger
We can not pass None as VRF name, this raises an exception. OSError: [Errno 255] failed to run command: ip link set dev eth2 master None (cherry picked from commit e687502b1cf4a3e15c562a3662afcbe0776b1fe7)
2021-09-30vyos.ethtool: T3874: do not throw exception if adapter has issues with autonegChristian Poessinger
Instead of throwing an exception when an adapters autoneg capabilities can not be detected, just pretend it does not support autoneg.
2021-09-27interface-names: T3869: add /run/udev/vyos to defaultsJohn Estabrook
2021-09-26vyos.ifconfig: T3860: bugfix in get_mac_synthetic()Christian Poessinger
Commit 081e23996f (vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC") calculated a "stable" synthetic MAC address per the interface based on UUID and the interface name. The problem is that this calculation is too stable when run on multiple instances of VyOS on different hosts/hypervisors. Having R1 and R2 setup a connection both via "tun10" interface will become the same "synthetic" MAC address manifesting in the same link-local IPv6 address. This e.g. breaks OSPFv3 badly as both neighbors communicate using the same link-local address. As workaround one can: set interfaces tunnel tun1337 address 'fe80::1:1337/64' set interfaces tunnel tun1337 ipv6 address no-default-link-local This commit changes the way in how the synthetic MAC address is generated. It's based on the first 48 bits of a sha256 sum build from a CPU ID retrieved via DMI, the MAC address of eth0 and the interface name as used before. This should add enough entropy to get a stable pseudo MAC address.
2021-09-25vyos.ifconfig: dhcpv6: re-use systemd_service definition variableChristian Poessinger
2021-09-25vyos.ifconfig: dhcp: T3300: always re-start dhcp client instead of startChristian Poessinger
Commit dd2eb5e5686655 ("dhcp: T3300: add DHCP default route distance") changed the logic on how the DHCP process is going to be started. The systemd unit was always "started" even if it was already running. It should rather be re-started to track changes in e.g. the DHCP hostname setting.
2021-09-21vrrp: keepalived: T3847: migrate to get_config_dict()Christian Poessinger
2021-09-21vrrp: keepalived: T616: move configuration to volatile /run directoryChristian Poessinger
Move keepalived configuration from /etc/keepalived to /run/keepalived.
2021-09-20ifconfig: T2104: cleanup IPv6 EUI-64 handling in update()Christian Poessinger
2021-09-20vyos.ifconfig: get_mac_synthetic() must generate a stable "MAC"Christian Poessinger
Commit b7d30137b1 ("vyos.ifconfig: provide generic get_mac_synthetic() method") provided a common helper to generate MAC addresses used by EUI64 addresses for interfaces not having a layer2 interface (WireGuard or ip tunnel). The problem is that every call to the helper always yielded a new MAC address. This becomes problematic when IPv6 link-local addresses are generated and modified on the interface as multiple link-local (fe80::/64) addresses can easily be added to the interface leaving ... a mess. This commit changes the way how the "synthetic" MAC is generated, we generate a UUID which is stable as it is based on the interface name. We take out the last 48 bits of the UUID and form the "MAC" address.
2021-09-20vyos.ifconfig: T2738: can only read from a file when it existsChristian Poessinger
When IPv6 is disbaled on an interface also the sysfs files related to IPv6 for this interface vanish. We need to check if the file exists before we read it.
2021-09-19vyos.ifconfig: T2738: do not remove OS assigned IP addresses from interfaceChristian Poessinger
When using VRRP on any given interface and performing an action against that interface - be it even only changing the alias - will trigger a removal of the VRRP IP address. The issue is caused by: # determine IP addresses which are assigned to the interface and build a # list of addresses which are no longer in the dict so they can be removed cur_addr = self.get_addr() for addr in list_diff(cur_addr, new_addr): When the script calls into the library - we will drop all IP addresses set on the adapter but not available in the config dict. We should only remove the IP addresses marked by the CLI to be deleted!
2021-09-19vyos.configdict: bugfix: leaf_node_changed() must return empty dict when ↵Christian Poessinger
node is added Commit f476e456 ("vyos.configdict: leaf_node_changed() must return empty dict when node is added") returned [''] as "empty" dict - but this is not empty. >>> if ['']: ... print('foo') ... foo It should rather be: []
2021-09-19vyos.ifconfig: T2738: add delta check when changing interface parametersChristian Poessinger
There is no need to alter interface parameters if they have not changed at all.
2021-09-18ipsec: vti: T3831: avoid usinf xfrm if_id 0 - implement shift by oneChristian Poessinger
The key defaults to 0 and will match any policies which similarly do not have a lookup key configuration. This means that a vti0 named interface will pull in all traffic and others will stop working. Thus we simply shift the key by one to also support a vti0 interface.
2021-09-13ipsec: T3828: Use IKE dh-group when ESP dh-group is set to `enable`sarthurdev