Age | Commit message (Collapse) | Author |
|
Add support for the configtree diff algorithm. A new function
ConfigDiff().is_node_changed(path) -> bool
is added to recursively detect changes in the tree below the node at
path; existing functions take the keyword argument 'recursive: bool' to
apply the algorithm in place of the existing, non-recursive, comparison.
|
|
The DiffTree class maintains both the 'sub'(-tract) configtree,
containing all paths in the LHS of the comparison that are not in the
RHS, and the 'delete' configtree: the delete tree is the minimal subtree
containing only the first node of a path not present in the RHS. It is
the delete tree that is needed to produce 'delete' commands for config
mode, whereas the 'sub' tree contains full information, needed for
recursively detecting changes to a node.
|
|
|
|
The return value of diff_tree is now a single config_tree, with initial
children of names: ["add", "delete", "inter"] containing the config
sub-trees of added paths; deleted paths; and intersection, respectively.
The simplifies dumping to json, and checking existence of paths, hence,
of node changes.
|
|
|
|
If a valueLess node is added or removed from the CLI, a call to
leaf_node_changed() will not detect it.
If node is valueLess, on change old or new (depending on addition or deletion)
will be {} and is treated as None.
Add handler for this special case where old or new is an instance of a
dictionary but empty.
|
|
|
|
|
|
VXLAN does support using multiple remotes but VyOS does not. Add the ability
to set multiple remotes and add their flood lists using "bridge" command.
|
|
Commit 05aa22dc ("protocols: static: T3680: do not delete DHCP received routes")
added a bug whenever a static route is modified - the DHCP interface will
always end up with metric 210 - if there was a default route over a DHCP
interface.
|
|
In the past whenever a change happened to any interface and it was configured
as a DHCP client, VyOS always had a breif outage as DHCP released the old lease
and re-aquired a new one - bad!
This commit changes the behavior that DHCP client is only restarted if any one
of the possible options one can set for DHCP client under the "dhcp-options"
node is altered.
|
|
files
This commit updates the eapol code so that it writes the full
certificate chains for both the specified CA and the client certificate
to `<iface>_ca.pem` and `<iface>_cert.pem`, respectively.
The full CA chain is necessary for validating the incoming server
certificate when it is signed by an intermediate CA and the
intermediate CA cert is not included in the EAP-TLS ServerHello. In this
scenario, wpa_supplicant needs to have both the intermediate CA and the
root CA in its `ca_file`.
Similarly, the full client certificate chain is needed when the ISP
expects/requires that the client (wpa_supplicant) sends the client cert
+ the intermediate CA (or even + the root CA) as part of the EAP-TLS
ClientHello.
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
|
|
|
|
|
|
Add smoketest to catch updates to a component version in legacy
curver_DATA that is not present in xml syntaxVersion.
|
|
Add the include files containing the syntaxVersion element defining the
version of the respective component; these files are included by the top
level file 'xml-component-versions.xml.in'. Processing of these elements
was previously added to the python xml lib in commit 40f5359d. This will
replace the use of 'curver_DATA' in vyatta-cfg-system and other legacy
packages.
|
|
VLAN isolation can not be "set" when interface is of type wifi.
|
|
This commit fixes a small typo where the client cert name was being used
to index the CA configuration dict.
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
firewall: T4218: T4216: Add prefix to user defined chains, support negated groups, fixes
|
|
T4221: add force_to_list Jinja2 filter
|
|
|
|
|
|
|
|
|
|
|
|
entry
|
|
Example syslog: [FWNAME-default-D] ...
* Also clean-up firewall default-action
|
|
|
|
* Add support for ECN and CWR flags
|
|
|
|
|
|
|
|
frr.py debugging is set True if the file '/tmp/vyos.frr.debug' exists;
this check needs to be called within an init function, as frr.py will
have already been loaded by vyos-configd before the /tmp/*.debug files
are created by vyos-router, or by call to 'touch'.
|
|
firewall: policy: T4149: T4155: Fix incorrect table variable, fix handling of deleted base firewall node
|
|
|
|
Following the update to vyos1x-config, commit 64263617, UTF-8 characters
are supported within the config file, hence in the output of showConfig.
|
|
Ability to see interface type "input" ifbX from op-mode
|
|
zone-policy
|
|
firewall: T4130: Fix firewall state-policy errors
|
|
Also fixes:
* Issue with multiple state-policy rules being created on firewall updates
* Prevents interface rules being inserted before state-policy
|
|
* 'firewall' of https://github.com/sarthurdev/vyos-1x:
zone_policy: T3873: Implement intra-zone-filtering
policy: T2199: Migrate policy route op-mode to XML/Python
policy: T2199: Migrate policy route to XML/Python
zone-policy: T2199: Migrate zone-policy op-mode to XML/Python
zone-policy: T2199: Migrate zone-policy to XML/Python
firewall: T2199: Migrate firewall op-mode to XML/Python
firewall: T2199: Migrate firewall to XML/Python
|
|
|
|
Peer name must not contain dots and colons, otherwise
swanct can't generate correct configuration for swanctl.conf
This is used in connection names and child SA names
Add filter 'dot_colon_to_dash' which replace dots and colons
|
|
Traffic-policy rules are generated by old Perl code
This commit prevents to unexpected override this code by python.
|