summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2022-03-08component_version: T4291: consolidate read/write functionsJohn Estabrook
2022-03-04interface: T4203: bugfix Q-in-Q interface parsingChristian Poessinger
Commit 0e23fc10 ("interface: T4203: switch to new recursive node_changed() implementation") switched to a new implementation to retrieve nested changes under a CLI node. Unfortunately the new API was not called - instead the old one was used.
2022-03-03interface: T4203: switch to new recursive node_changed() implementationChristian Poessinger
2022-03-02configdiff: T4260: add support for diff_tree classJohn Estabrook
Add support for the configtree diff algorithm. A new function ConfigDiff().is_node_changed(path) -> bool is added to recursively detect changes in the tree below the node at path; existing functions take the keyword argument 'recursive: bool' to apply the algorithm in place of the existing, non-recursive, comparison.
2022-02-28configtree: T4235: distinguish sub(-tract) tree from delete treeJohn Estabrook
The DiffTree class maintains both the 'sub'(-tract) configtree, containing all paths in the LHS of the comparison that are not in the RHS, and the 'delete' configtree: the delete tree is the minimal subtree containing only the first node of a path not present in the RHS. It is the delete tree that is needed to produce 'delete' commands for config mode, whereas the 'sub' tree contains full information, needed for recursively detecting changes to a node.
2022-02-28configtree: T4235: allow empty argumentsJohn Estabrook
2022-02-28configtree: T4235: simplification of diff_tree classJohn Estabrook
The return value of diff_tree is now a single config_tree, with initial children of names: ["add", "delete", "inter"] containing the config sub-trees of added paths; deleted paths; and intersection, respectively. The simplifies dumping to json, and checking existence of paths, hence, of node changes.
2022-02-28configtree: T4235: add utility get_subtreeJohn Estabrook
2022-02-22vyos.configdict: T4263: leaf_node_changed() must also honor valueLess CLI nodesChristian Poessinger
If a valueLess node is added or removed from the CLI, a call to leaf_node_changed() will not detect it. If node is valueLess, on change old or new (depending on addition or deletion) will be {} and is treated as None. Add handler for this special case where old or new is an instance of a dictionary but empty.
2022-02-21smoketest: vxlan: T4120: verify support for multiple remote addressesChristian Poessinger
2022-02-21vxlan: T4120: code cleanup for multiple remotesChristian Poessinger
2022-02-20vxlan: T4120: add ability to set multiple remotes (PR #1127)Andreas
VXLAN does support using multiple remotes but VyOS does not. Add the ability to set multiple remotes and add their flood lists using "bridge" command.
2022-02-20static: T4203: obey interface dhcp default route distanceChristian Poessinger
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes") added a bug whenever a static route is modified - the DHCP interface will always end up with metric 210 - if there was a default route over a DHCP interface.
2022-02-20interface: T4203: prevent DHCP client restart if not necessaryChristian Poessinger
In the past whenever a change happened to any interface and it was configured as a DHCP client, VyOS always had a breif outage as DHCP released the old lease and re-aquired a new one - bad! This commit changes the behavior that DHCP client is only restarted if any one of the possible options one can set for DHCP client under the "dhcp-options" node is altered.
2022-02-17pki: eapol: T4245: Add full CA and client cert chains to wpa_supplicant PEM ↵Andrew Gunnerson
files This commit updates the eapol code so that it writes the full certificate chains for both the specified CA and the client certificate to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively. The full CA chain is necessary for validating the incoming server certificate when it is signed by an intermediate CA and the intermediate CA cert is not included in the EAP-TLS ServerHello. In this scenario, wpa_supplicant needs to have both the intermediate CA and the root CA in its `ca_file`. Similarly, the full client certificate chain is needed when the ISP expects/requires that the client (wpa_supplicant) sends the client cert + the intermediate CA (or even + the root CA) as part of the EAP-TLS ClientHello. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-17vyos.configverify: T4255: fix unexpected print of dictionary instead of keyChristian Poessinger
2022-02-16xml: T3474: get component version dictionary from xml cache, not legacyJohn Estabrook
2022-02-16xml: T3474: add smoketest to check xml component versions are maintainedJohn Estabrook
Add smoketest to catch updates to a component version in legacy curver_DATA that is not present in xml syntaxVersion.
2022-02-16xml: T3474: add component version include filesJohn Estabrook
Add the include files containing the syntaxVersion element defining the version of the respective component; these files are included by the top level file 'xml-component-versions.xml.in'. Processing of these elements was previously added to the python xml lib in commit 40f5359d. This will replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy packages.
2022-02-16wireless: T4240: bugfix interface bridgingChristian Poessinger
VLAN isolation can not be "set" when interface is of type wifi.
2022-02-14pki: eapol: T4244: Fix KeyError when CA cert name differs from client cert nameAndrew Gunnerson
This commit fixes a small typo where the client cert name was being used to index the CA configuration dict. Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-02-13ethernet: T4242: speed/duplex can never be switched back to auto/autoChristian Poessinger
2022-02-13vyos.util: T4191: add new sysctl() helper functionChristian Poessinger
2022-02-08configtree: T4235: encapsulate config tree diff functionJohn Estabrook
2022-02-06config: T4228: is_member() must return all instances not only the last oneChristian Poessinger
2022-02-04firewall: T4209: Fix support for rule `recent` matchessarthurdev
2022-02-03firewall: T4178: Fix only inverse matching on tcp flagssarthurdev
2022-01-31Merge pull request #1199 from sarthurdev/T4218Christian Poessinger
firewall: T4218: T4216: Add prefix to user defined chains, support negated groups, fixes
2022-01-31Merge pull request #1198 from vyos/force_to_listChristian Poessinger
T4221: add force_to_list Jinja2 filter
2022-01-31T4221: add force_to_list Jinja2 filterDaniil Baturin
2022-01-29firewall: T4216: Add support for negated firewall groupssarthurdev
2022-01-29firewall: T4218: Adds a prefix to all user defined chainssarthurdev
2022-01-29firewall: T4178: Fix dict_keys issue with tcp flagssarthurdev
2022-01-27firewall: T4178: Fix tcp flags output when `not` isn't usedsarthurdev
2022-01-26pki: T4212: Catch `install_into_config` errors and output for manual command ↵sarthurdev
entry
2022-01-20firewall: T2199: Add log prefix to match legacy perl behavioursarthurdev
Example syslog: [FWNAME-default-D] ... * Also clean-up firewall default-action
2022-01-18firewall: T3560: Add support for MAC address groupssarthurdev
2022-01-17firewall: policy: T4178: Migrate and refactor tcp flagssarthurdev
* Add support for ECN and CWR flags
2022-01-14firewall: T4178: Use lowercase for TCP flags and add an validatorsarthurdev
2022-01-12firewall: T4160: Fix support for inverse matchessarthurdev
2022-01-11remote: T3950: Gracefully handle chained exceptionserkin
2022-01-10frr: T4166: move log debug setting to init function for vyos-configdJohn Estabrook
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists; this check needs to be called within an init function, as frr.py will have already been loaded by vyos-configd before the /tmp/*.debug files are created by vyos-router, or by call to 'touch'.
2022-01-10Merge pull request #1151 from sarthurdev/firewallChristian Poessinger
firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node
2022-01-09policy: T4155: Fix using incorrect table variablesarthurdev
2022-01-05config: T3785: drop restriction to ascii in decodeJohn Estabrook
Following the update to vyos1x-config, commit 64263617, UTF-8 characters are supported within the config file, hence in the output of showConfig.
2022-01-05op-mode: T4142: Fix for show input ifbX interfacesViacheslav
Ability to see interface type "input" ifbX from op-mode
2022-01-05firewall: zone-policy: T2199: T4130: Fixes for firewall, state-policy and ↵sarthurdev
zone-policy
2022-01-04Merge pull request #1130 from sarthurdev/firewallChristian Poessinger
firewall: T4130: Fix firewall state-policy errors
2022-01-04firewall: T4130: Fix firewall state-policy errorssarthurdev
Also fixes: * Issue with multiple state-policy rules being created on firewall updates * Prevents interface rules being inserted before state-policy
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python