summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2023-11-22http-api: T5768: remove auxiliary http-api.confJohn Estabrook
2023-11-22Merge pull request #2528 from nicolas-fort/T5637-Extend-bridgeChristian Breunig
T5637: firewall: extend rule for default-action to firewall bridge
2023-11-22T5637: firewall: extend rule for default-action to firewall bridge, in order ↵Nicolas Fort
to be able to catch logs using separte rule for default-action
2023-11-22Merge pull request #2499 from c-po/t5753-vxlan-vnifilterChristian Breunig
vxlan: T5753: add support for VNI filtering
2023-11-21Merge pull request #2519 from c-po/t5762-vhost-portJohn Estabrook
http: T5762: rename "virtual-host listen-port" -> "virtual-host port"
2023-11-21Merge pull request #2518 from giga1699/T5770Christian Breunig
T5770 Enable MACsec encryption stanza
2023-11-21macsec: T5770: enable iproute2 "encrypt on" stanzaGiga Murphy
2023-11-21http: T5762: rename "virtual-host listen-port" -> "virtual-host port"Christian Breunig
This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components.
2023-11-21T5767: HTTPS API add reboot and poweroff endpointsViacheslav Hletenko
Add ability to reboot and poweroff the system via API curl -k --location --request POST 'https://vyos/reboot' \ --form data='{"op": "reboot", "path": ["now"]}' \ --form key='apikey' curl -k --location --request POST 'https://vyos/poweroff' \ --form data='{"op": "poweroff", "path": ["now"]}' \ --form key='apikey'
2023-11-18T2405: add Git support to commit-archiveYun Zheng Hu
T2405: add Git support to commit-archive
2023-11-18vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069
2023-11-16Merge pull request #1768 from zdc/T4516-sagittaJohn Estabrook
image: T4516: Added system image tools
2023-11-16tunnel: T3894: improve get_mac_synthetic() codeChristian Breunig
Remove stray whitespace in sed script and call Section.interfaces with vlan=False instead of a custom filter. This extends commit f19c92f25 ("tunnel: T3894: fix design when building synthetic MAC addresses")
2023-11-16image: T4516: add raid-1 install supportJohn Estabrook
2023-11-16image: T4516: ensure compatibility with legacy RAID 1 installsJohn Estabrook
2023-11-16image: T4516: restore select entry to set/delete imageJohn Estabrook
2023-11-16T5747: op-mode add MAC and MTU for show interfaces summaryViacheslav Hletenko
Add op-mode "show interfaces summary" Add MAC, VRF and MTU options: vyos@r4# run show interfaces summary Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- dum0 203.0.113.1/32 96:44:ad:c5:a1:a5 default 1500 u/u eth0 192.168.122.14/24 52:54:00:f1:fd:77 default 1500 u/u WAN eth1 192.0.2.1/24 52:54:00:04:33:2b foo 1500 u/u LAN-eth1 eth2 - 52:54:00:40:2e:af default 1504 u/u LAN-eth2 eth3 - 52:54:00:09:a4:b4 default 1500 A/D
2023-11-15image: T4516: support for interoperability of legacy/new image toolsJohn Estabrook
This commit allows management of system images with either new or legacy tools: 'add/delete/rename system image' and 'set default' are translated appropriately on booting between images with the old and new tools. Consequently, the warning of the initial commit of T4516 is dropped.
2023-11-15image: T4516: improve format of 'show system image details'John Estabrook
2023-11-15image: T5195: vyos.util -> vyos.utils package refactoringJohn Estabrook
2023-11-15image: T4516: remove unused file, replaced by vyos/system/image.pyJohn Estabrook
2023-11-15image: T4516: correct permissions on creation of config directoryJohn Estabrook
2023-11-15image: T4516: Added system image toolszsdc
This commit adds the whole set of system image tools written from the scratch in Python that allows performing all the operations on images: * check information * perform installation and deletion * versions management Also, it contains a new service that will update the GRUB menu and keep tracking its version in the future. WARNING: The commit contains non-reversible changes. Because of boot menu changes, it will not be possible to manage images from older VyOS versions after an update.
2023-11-15Merge pull request #2476 from c-po/frr-pim-T5733Christian Breunig
pim(6): T5733: add missing FRR related features
2023-11-15Merge pull request #2483 from erkin/noninteractiveChristian Breunig
remote: T5726: Disable the progressbar if the shell is noninteractive or the terminal is missing capabilities
2023-11-14remote: T5726: Disable the progressbar if the shell is noninteractive or the ↵erkin
terminal is missing capabilities
2023-11-13pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR.
2023-11-12Merge pull request #2435 from bbabich/currentChristian Breunig
mtr: T5658: Add VRF support for mtr (+ op_mode wrapper)
2023-11-12T5658: add common methods interface_list() and vrf_list() to vyos.utils.networkChristian Breunig
Reduce amount of duplicated (3 times) code in op-mode scripts for ping, traceroute and mtr.
2023-11-10T5729: firewall: switch to valueless in order to remove unnecessary ↵Nicolas Fort
<enable|disable> commands; log and state moved to new syntax.
2023-11-02wireguard: T5707: remove previously deconfigured peerChristian Breunig
Changing the public key of a peer (updating the key material) left the old WireGuard peer in place, as the key removal command used the new key. WireGuard only supports peer removal based on the configured public-key, by deleting the entire interface this is the shortcut instead of parsing out all peers and removing them one by one. Peer reconfiguration will always come with a short downtime while the WireGuard interface is recreated.
2023-11-01Merge pull request #2370 from sever-sever/T1797Viacheslav Hletenko
T1797: Delete VPP from vyos-1x as it is implemented in addon
2023-10-31Merge pull request #2413 from c-po/t5668-vxlanChristian Breunig
vxlan: T5668: add CLI knob to enable ARP/ND suppression
2023-10-30vxlan: T5699: migrate "external" CLI know to "parameters external"Christian Breunig
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well.
2023-10-30vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10
2023-10-25T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵Nicolas Fort
(valid for interfaces and groups) in firewal, nat and nat66.
2023-10-24Merge pull request #2355 from nicolas-fort/T5643Christian Breunig
T5643: nat: add interface-groups to nat. Use same cli structure for i…
2023-10-22T5675: use addr_prefix instead of addr in NAT66 ruleAdam Smith
2023-10-22T5299: Add missed option ceiling for QoS shaperViacheslav Hletenko
Add missed option `ceil` for QoS class 'trafficshaper'
2023-10-19Merge pull request #2378 from c-po/bridge-t5670Christian Breunig
bridge: T5670: add missing constraint on "member interface" node
2023-10-19Merge pull request #2344 from nicolas-fort/T5637Christian Breunig
T5637: add new rule at the end of base chains for default-actions and log capabilities
2023-10-19vyos.configdict: T5670: move from str to list when calling conf.exists()Christian Breunig
We have had a mix of both string and list arguments to conf.exists(), stremaline this to only make use of list calls.
2023-10-17configdep: T5662: fix incorrect inspect.stack index of calling scriptJohn Estabrook
2023-10-17T1797: Delete VPP from vyos-1x as it is implemented in addonViacheslav Hletenko
2023-10-14Merge pull request #2359 from erkin/progressbarChristian Breunig
remote: T5650: Resize-aware progressbar implementation
2023-10-12remote: T5650: Resize-aware progressbar implementationerkin
2023-10-12Merge pull request #2277 from aapostoliuk/T5254-1-sagittaDaniil Baturin
bonding: T5254: Fixed changing ethernet when it is a bond member
2023-10-11T5643: nat: add interface-groups to nat. Use same cli structure for ↵Nicolas Fort
interface-name|interface-group as in firewall.
2023-10-06T5637: add new rule at the end of base chains for default-actions. This ↵Nicolas Fort
enables log capabilities for default-action in base chains. And of course, add option for enabling log for default-action
2023-10-05Merge pull request #2339 from jestabro/save-json-on-commitChristian Breunig
config: T5631: save copy of config in JSON format on commit