summaryrefslogtreecommitdiff
path: root/python/vyos
AgeCommit message (Collapse)Author
2024-07-28ipsec: T6148: Fixed reset command by adding init after terminating (#3763)aapostoliuk
Strongswan does not initiate session after termination via vici. Added an CHILD SAs initialization on the initiator side of the tunnel.
2024-07-28firewall: T4694: Adding rt ipsec exists/missing match to firewall configs ↵talmakion
(#3616) * Change ipsec match-ipsec/none to match-ipsec-in and match-none-in for fw rules * Add ipsec match-ipsec-out and match-none-out * Change all the points where the match-ipsec.xml.i include was used before, making sure the new includes (match-ipsec-in/out.xml.i) are used appropriately. There were a handful of spots where match-ipsec.xml.i had snuck back in for output hooked chains already (the common-rule-* includes) * Add the -out generators to rendered templates * Heavy modification to firewall config validators: * I needed to check for ipsec-in matches no matter how deeply nested under an output-hook chain(via jump-target) - this always generates an error. * Ended up retrofitting the jump-targets validator from root chains and for named custom chains. It checks for recursive loops and improper IPsec matches. * Added "test_ipsec_metadata_match" and "test_cyclic_jump_validation" smoketests
2024-07-25Merge pull request #3857 from c-po/vrf-interface-part-2Christian Breunig
interface: T6592: remove interface from conntrack ct_iface_map on deletion
2024-07-24smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on ↵Christian Breunig
deletion Now that interfaces are deleted from ct_iface_map during deletion it's time to also add a smoketest ensuring there is no entry in the ct_iface_map once an interface was deleted from the CLI.
2024-07-24op_mode: T6593: Release DHCP interface does not workNataliia Solomko
2024-07-23interface: T6592: remove interface from conntrack ct_iface_map on deletionChristian Breunig
We always have had stale interface entries in the ct_iface_map of nftables/ conntrack for any interface that once belonged to a VRF. This commit will always clean the nftables interface map when the interface is deleted from the system.
2024-07-22Merge pull request #3833 from c-po/wifi-fixChristian Breunig
wireless: T6597: improve hostapd startup and corresponding smoketests
2024-07-20interfaces: T6592: moving an interface between VRF instances failedChristian Breunig
To reproduce: set vrf name mgmt table '150' set vrf name no-mgmt table '151' set interfaces ethernet eth2 vrf 'mgmt' commit set interfaces ethernet eth2 vrf no-mgmt commit This resulted in an error while interacting with nftables: [Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 } The reason is that the old mapping entry still exists and was not removed. This commit adds a new utility function get_vrf_tableid() and compares the current and new VRF table IDs assigned to an interface. If the IDs do not match, the nftables ct_iface_map entry is removed before the new entry is added.
2024-07-19utils: T5195: fix timeout commentChristian Breunig
2024-07-17op-mode: T6586: add a distinct exception for unconfigured objectsDaniil Baturin
as opposed to entire subsystems
2024-07-14configdep: T6559: use single dependency list with reset under configdJohn Estabrook
2024-07-14configdep: T6559: drop global redundancy removal to fix error reportingJohn Estabrook
2024-07-08vxlan: T6505: Support VXLAN VLAN-VNI range mapping in CLI (#3756)Nataliia S
2024-07-04migration: T6007: add missing check for None in utility functionJohn Estabrook
An empty component version string will trigger a full migration, however, the case of component_version is None was missed in a utility function. Fix comment formatting.
2024-07-03locking: T6544: Added locking utilzsdc
Sometimes we need a reliable way to lock an execution until some other operation is not done. This commit introduces locking util, which can be used as a common lock, even between different processes. Usage example: ``` from vyos.utils.locking import Lock lock = Lock('my_lock_id') lock.acquire(timeout=10) print(f'Lock acquired: {lock.is_locked}') lock.release() ```
2024-07-04T6546: unused import check permission update and fixVijayakumar A
2024-07-03op-mode: T6498: add machine-readable tech support report scriptDaniil Baturin
2024-06-28utils: T6530: add a helper for easily calling iproute2 commandsDaniil Baturin
2024-06-26migration: T6007: fix cosmetic issue of extra newlineJohn Estabrook
2024-06-26migration: T6007: drop restrictive perms, already set on config.bootJohn Estabrook
2024-06-26migration: T6007: remove obsoletedJohn Estabrook
2024-06-26migration: T6007: add util add_system_version to replace *_system_footerJohn Estabrook
2024-06-26migration: T6007: update load_config.pyJohn Estabrook
2024-06-26migration: T6007: write configtree operations to logJohn Estabrook
2024-06-26migration: T6007: update migration classJohn Estabrook
2024-06-26migration: T6007: add version object for config file and systemJohn Estabrook
2024-06-26migration: T6007: add exception in base for use by migration filesJohn Estabrook
2024-06-26migration: T6007: use load_as_module_source for files without extensionJohn Estabrook
2024-06-26migration: T6447: fix missing check before reset to checkpointJohn Estabrook
2024-06-26migration: T6447: add traceback on errorJohn Estabrook
2024-06-26vyos.utils.dict: T5195: fix syntax warningJohn Estabrook
2024-06-26interfaces: T6519: harden config migration if ethernet interface is missingChristian Breunig
During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator
2024-06-24Merge pull request #3718 from dmbaturin/T6514-system-storage-rawDaniil Baturin
op-mode: T6514: rework the "show system storage" code to handle live CD systems correctly
2024-06-24op-mode: T6514: rework the "show system storage" codeDaniil Baturin
to handle live CD systems correctly and allow reusing the functions from other scripts
2024-06-24Merge pull request #3701 from jestabro/configd-drop-env-sudoChristian Breunig
configd: T6504: send sudo_user on session init and set env variable
2024-06-24Merge pull request #3683 from dmbaturin/T6501-lsmod-on-steroidsJohn Estabrook
op mode: T6501: add "run show kernel modules"
2024-06-23vyos.utils: T6504: add interactive op-/configure mode support for ↵Christian Breunig
get_current_user()
2024-06-21Merge pull request #3684 from dmbaturin/T6498-uptime-helpersJohn Estabrook
op mode: T6498: move uptime helpers to vyos.utils.system
2024-06-21op mode: T6498: move uptime helpers to vyos.utils.systemDaniil Baturin
to be able to call them from the new tech-support script
2024-06-20Merge pull request #3654 from talmakion/bugfix/T5514John Estabrook
op-mode: T5514: Allow safe reboots to config defaults when config.boot is deleted
2024-06-19macsec: T5447: fix error message syntax - there is no tx and rx key, only keyChristian Breunig
2024-06-19op mode: T6501: add "run show kernel modules"Daniil Baturin
2024-06-19op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
2024-06-15T6489: add abstraction vyos.utils.configfs to work natively with the config ↵Christian Breunig
filesystem
2024-06-15T6489: add abstraction vyos.utils.auth.get_current_user()Christian Breunig
2024-06-15T6489: add vyos_configdir to the dictionary of default directoriesChristian Breunig
2024-06-10op-mode: T6471: add optimized get_config_dictJohn Estabrook
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.
2024-06-06grub: T6453: Fixed GRUB variables parsingzsdc
To parse variables with `=` a variable name should be limited by alphanumerical characters only.