summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)Author
2020-11-13bridge: T3042: Fix VLAN filter invalid workjack9603301
1. Due to the previous focus on the implementation of VLAN filter, it was not considered to include MTU settings, which will lead to MTU setting errors in some cases 2. In order to make VLAN aware of the work of the bridge, it is necessary to specify the allowed VLAN ID range for the bridge itself, and forget to join it before
2020-11-12l2tpv3: T3059: fix interface state which is permanently downernstjo
2020-11-10bridge: T3042: Support VLAN filter and VLAN sub-interface on the bridgejack9603301
2020-11-03ifconfig: T2985: fix wireless-bridge creationChristian Poessinger
2020-11-01vyos.template: consolidate is_ipv(4|6) functionalityChristian Poessinger
2020-11-01openvpn: T2994: re-add ifconfig-pool statement in server configChristian Poessinger
Re-organize the template code and add addtitional Jinja2 filters for processing the ifconfig-pool statement. This reverts the changes from commit 7e546be9 ("openvpn: T2994: temporary revert to 1.2 crux behavior for client pools").
2020-11-01openvpn: T2994: remove workarounds for individual ipv4 and ipv6 keysChristian Poessinger
Remove workaround which split (local|remote)_address and also subnet keys into individual keys for the assigned IP address family (4/6). During template rendering check IP version by introducing new ipv4 and ipv6 Jinja2 filters {% if foo | ipv4 %} or {% if bar | ipv6 %} options.
2020-10-30openvpn: T2994: verify DH key lengthChristian Poessinger
2020-10-30openvpn: T2994: migrate to get_config_dict()Christian Poessinger
2020-10-29verify: T2587: allow MTU < 1280 when IPv6 is disabled on an interfaceChristian Poessinger
2020-10-28vyos.util: T2995: rename vyos_dict_search() -> dict_search()Christian Poessinger
Renamed using snippet below: ---------------------------- for file in $(find . -name "*.py") do sed -i "s/vyos_dict_search/dict_search/" $file done
2020-10-27Merge pull request #581 from sever-sever/T2631Christian Poessinger
accel: T2631: Add option for radius disable-accounting
2020-10-27accel: T2631: Add option for radius disable-accountingsever-sever
2020-10-25test: vyos.template: add testcase for vyos_*_from_cidr() convertersChristian Poessinger
2020-10-24tunnel: T3010: add missing ttl option for GRETap / GRE bridge interfaceChristian Poessinger
2020-10-24vyos.util: drop obsolete function ifname_from_config()Christian Poessinger
2020-10-24vyos.util: drop obsolete function get_bridge_member_config()Christian Poessinger
2020-10-21configsession: T3004: add call to config load scriptJohn Estabrook
2020-10-19unittests: T2995: vyos_dict_search() must return None on non-existing keysChristian Poessinger
The current wversion unfortunately will raise a KeyError: >>> data = {} >>> vyos_dict_search('foo', data) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3/dist-packages/vyos/util.py", line 685, in vyos_dict_search return dict[path] KeyError: 'foo'
2020-10-18ifconfig: T2985: remove no longer available vyos.ifconfig.stp includeChristian Poessinger
almost every interface can be part of a bridge thus the code for changing STP cost is best part of the Interface() base class itself. Commit b5ef10cf ("ifconfig: T2985: support on demand bridge creation") implemented this change but the STP file was not removed on the test devices causing tests to pass.
2020-10-17ifconfig: T2985: support on demand bridge creationChristian Poessinger
The current implementation for bridge based interfaces has an issue which is caused by priority inheritance. We always assumed that the bridge interface will be created last, but this may not be true in all cases, where some interfaces will be created "on demand" - e.g. OpenVPN or late (VXLAN, GENEVE). As we already have a bunch of verify steps in place we should not see a bridge interface leak to the underlaying infrastructure code. This means, whenever an interface will be member of a bridge, and the bridge does yet not exist, we will create it in advance in the interface context, as the bridge code will be run in the same commit but maybe sooner or later. This will also be the solution for T2924.
2020-10-17sysctl-forwarding: T752: Add disable forwarding for ipv4sever-sever
2020-10-13pppoe-server: T2976: fix local-users default value retrieval from XMLChristian Poessinger
We must use XML node style (hyphen over underscore).
2020-10-05validate: ipv6: mtu: T2427: wireless interface MTU is not configurableChristian Poessinger
Commit 5db3d631 ("ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface") checked the "mtu" key for it's value and the test only passed if mtu was larger then the required 1280 bytes when IPv6 address have been configured on the link. wireless (WiFi) interfaces have no MTU node - thus this always resulted in a Python KeyError.
2020-10-04sstp: T2960: migrate to get_config_dict() and reusable templatesChristian Poessinger
2020-10-03vyos.xml: T2956: add support for list of defaultValuesChristian Poessinger
Sometimes (PPPoE server is one of them) a simple defaultValue in the XML is not enough - several values should be set. In order to support a list of defaultValues you can now simply list them as a whitespace separated string. Example: <defaultValue>pap chap mschap mschap-v2</defaultValue> will generate a Python list ['pap', 'chap', 'mschap', 'mschap-v2'] when retrieved by vyos.xml.defaults()
2020-10-01vlan: configdict: T2945: determine if vlan is part of bridgeChristian Poessinger
Every interface knows if it is part of a bridge or not - except a VLAN (VIF) interface. Also VLANs should be aware of its master bridge. Add a testcase to ensure when VIFs on an interface change the bridge does not loos one of it's members.
2020-10-01configdict: T2372: use config.exists() when probing for interface removalChristian Poessinger
We must use exists() as get_config_dict() will always return {} - even when an empty interface node like +macsec macsec1 { +} exists.
2020-09-26ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interfaceChristian Poessinger
Using an MTU less then the required 1280 bytes (as per RFC) on an interface where IPv6 is not explicitly disabled by: - set interfaces ethernet eth1 ipv6 address no-default-link-local - not having any other IPv6 address configured Will now trigger a commit error via verify() instead of raising FileNotFoundError!
2020-09-25ifconfig: T2912: add helper to verify interface min/max supported MTUChristian Poessinger
Currently the MTU size of an interface is only checked when entered via CLI but if the interface supportes the configured MTU at all is not verified at all. New helper functions get_min_mtu(), get_max_mtu() and verify_mtu() have been added to provide a central API for validation.
2020-09-25ifconfig: T2653: get_mtu() should return int() for easier comparisonChristian Poessinger
2020-09-25ifconfig: T2912: add helper to retrieve interface min/max supported MTUChristian Poessinger
>>> from vyos.ifconfig import Interface >>> tmp=Interface('eth0') >>> tmp.get_min_mtu() 60 >>> tmp.get_max_mtu() 9000
2020-09-24dhcpv6-pd: verify: T2923: interface is required where the prefix is assignedChristian Poessinger
When configuring DHCPv6-PD it is mandatory to also specify at least one interface where the newly delegated prefix will be used. Without this setting DHCPv6-PD makes no sense at all.
2020-09-24wireless: T2241: add "wds" CLI optionChristian Poessinger
2020-09-22ifconfig: T2653: bond: bridge: ensure member interface is not a source-interfaceChristian Poessinger
As we already check that a bond/bridge member interface is not a member of any other bridge or bond, the check must be extended. We also need to ensure that the bond member interface is not used as a source-interface to pppoe, macsec, tunnel, pseudo-ethernet, vxlan interfaces.
2020-09-22ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdictChristian Poessinger
2020-09-21bridge: ifconfig: T2653: only delete member interfaces which still existChristian Poessinger
When removing e.g. a macsec interface and also its associated member interface from the bridge, it will happen that the macsec interface instance is long gone before we reach the code in the bridge interface which will remove it from the bridge itself. When this is the case, we can not call BridgeIf.del_port() as it will throw an exception that the interface does not exist. We now only remove a bridge member if the interface in question is still available in the kernel.
2020-09-20ifconfig: T2653: remove duplicates of get_config()Christian Poessinger
A lot of derived classes from Interface implemented their own get_config() method which more or less was the same everywhere. We also hat different qualifiers like @staticmethod or @classmethod. This is now changed to only have the @classmethod in Interface base class which will return the necessary dictionary keys for the required interfaces. This change is a mid reduction in lines of code which is always a very nice thing!
2020-09-20vif-s: ifconfig: T2903: use explicit VLAN protocol over raw numbersChristian Poessinger
In the past we had to provide the ethertype value used for the VLAN protocol (0x88A8 -> 802.1ad or 0x8100 -> 802.1q). This should be changed to a more user friendly CLI node (protocol over ethertype) and 802.1ad over it's raw value 0x88A8. There is no need in presenting RAW information from the ethernet header to the user. Also iproute2 calls it protocol which makes way more sense over the "raw" value.
2020-09-20vyos.configdict: T2665: cleanup get_interface_dict() default dict handlingChristian Poessinger
2020-09-19wifi: ifconfig: T2875: add_to_bridge() must be called after starting servicesChristian Poessinger
hostapd/wpa_supplicant will control the admin state of an interface, thus we should re-add it to a bridge after we have launched those services.
2020-09-19ifconfig: T2653: cleanup VLAN interface commentsChristian Poessinger
2020-09-19ifconfig: T2653: convert VLAN interfaces do discrete classChristian Poessinger
Instead of using an Adapter pattern to make interfaces VLAN-aware, create a derived class named VLANIf to represent a VLAN. This change was necessary to eliminate mixed code in Interfaces class which was VLAN - free, but recently gained some VLAN specific code for set_admin_state(). In addition this "autoresolves" the issue in T2894 as a bond vlan interface will no longer change the lower interface.
2020-09-17ethernet: T2891: Add ethernet ring-buffer CLI commandsDmitriyEshenko
2020-09-15bonding: T2515: preserve interface admin state when removing from bondChristian Poessinger
Removing a member from a bond/LACP will turn the physical interface always in admin-down state. This is invalid, the interface should be placed into the state configured on the VyOS CLI. Smoketest on bond interfaces is extended to check this behavior.
2020-09-15vyos.configdict: T2515: leaf_node_changed() should return list or NoneChristian Poessinger
2020-09-13bonding: T2877: support configuration of minimum number of active linksChristian Poessinger
Specifies the minimum number of links that must be active before asserting carrier. It is similar to the Cisco EtherChannel min-links feature. This allows setting the minimum number of member ports that must be up (link-up state) before marking the bond device as up (carrier on). This is useful for situations where higher level services such as clustering want to ensure a minimum number of low bandwidth links are active before switchover. This option only affects 802.3ad mode. The default value is 0. This will cause carrier to be asserted (for 802.3ad mode) whenever there is an active aggregator, regardless of the number of available links in that aggregator. Note that, because an aggregator cannot be active without at least one available link, setting this option to 0 or to 1 has the exact same effect.
2020-09-13vyos.util: add missing ConfigError import in check_kmod()Christian Poessinger
2020-09-13ifconfig: T2863: only use IPv6 link-local address if interface has MAC addressChristian Poessinger
With VyOS 1.2 the default WireGuard behavior is used. This means that when a WireGuard interface is added to the system, there is no "MAC" address - also there is no IPv6 link-local address assigned by the Kernel to this particular interface. With implementation of T2653 all interfaces now receive an IPv6 address - which is also valid for WireGuard interfaces - unfortunately this logic relies on the interface MAC address - and as there is none, the link-local address will be always the same. The logic behind is coded here [1]. We generate an IPv6 link-local address even when there is no "MAC" address. The behavior/functionality (as with VyOS 1.2) must be restored to not have a link-local IPv6 address at all. Any user can add any IPv6 link-local address manually by issuing: set interfaces wireguard wg01 address fe80::ff:1/64. Change vyos.ifconfig.add_ipv6_eui64_address to only add the EUI64-based link-local address if a MAC address is available. [1] https://github.com/vyos/vyos-1x/blob/3077158391ceee4ce04c27dec33f629529727c36/python/vyos/ifconfig/interface.py#L468
2020-09-01xml: T2849: vyos.xml.defaults should return a list on multi nodesJohn Estabrook