summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)Author
2024-08-26xml: T5666: add with_tag keyword arg to ownerJohn Estabrook
(cherry picked from commit 57a0333c423f74ef733619f57dbfc608e513aa56)
2024-08-16utils: T6658: fix write_file check in case of empty directory path (#3993)mergify[bot]
(cherry picked from commit 58125b64c6678ea581998c9f83a19fae0cdbda12) Co-authored-by: John Estabrook <jestabro@vyos.io>
2024-08-15op_mode: T6651: Add a top level op mode word "execute"Nataliia Solomko
(cherry picked from commit 69ab44309d56d73d92c2f8a7b0b4ca3016e61ff6)
2024-08-14T6646: conntrack: in ignore rules, if protocols=all, do not append it to the ↵Nicolas Fort
rule (cherry picked from commit 2d953bedd0e416ead924f77ec612c997f950535a)
2024-08-13Merge pull request #3972 from vyos/mergify/bp/circinus/pr-3961Christian Breunig
configverify: T6642: verify_interface_exists requires config_dict arg (backport #3961)
2024-08-12Merge pull request #3959 from vyos/mergify/bp/circinus/pr-3955Christian Breunig
configd: T6640: enforce in_session returns False under configd (backport #3955)
2024-08-12configverify: T6642: verify_interface_exists requires config_dict argJohn Estabrook
The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances. (cherry picked from commit 5f23b7275564cfaa7c178d320868b5f5e86ae606)
2024-08-11T6643: firewall: fix ip address range parsing on firewall rules.Nicolas Fort
(cherry picked from commit ff58f3e5f30d3775487a6a3b561863aa37d11d43)
2024-08-09qos: T6638: require interface state existence in verify conditionalJohn Estabrook
(cherry picked from commit ed63c9d1896a218715e13e1799fc059f4561f75e)
2024-08-08configd: T6640: enforce in_session returns False under configdJohn Estabrook
The CStore in_session check is a false positive outside of a config session if a specific environment variable is set with an existing referent in unionfs. To allow extensions when running under configd and avoid confusion, enforce in_session returns False. (cherry picked from commit 6543f444c42ff45e8115366256643186bf1dd567)
2024-07-31Merge pull request #3908 from vyos/mergify/bp/circinus/pr-3763Christian Breunig
ipsec: T6148: Fixed reset command by adding init after terminating (backport #3763)
2024-07-30system: op-mode: T3334: replace some print() statements with Warning()Christian Breunig
Make it more obvious for the user aber the severity of his action. (cherry picked from commit b3b31153963cc4338e8229f9f94b339682dd73a0)
2024-07-30system: op-mode: T3334: allow delayed getty restart when configuring serial ↵Andrew Topp
ports * Created op-mode command "restart serial console" * Relocated service control to vyos.utils.serial helpers, used by conf- and op-mode serial console handling * Checking for logged-in serial sessions that may be affected by getty reconfig * Warning the user when changes are committed and serial sessions are active, otherwise restart services as normal. No prompts issued during commit, all config gen/commit steps still occur except for the service restarts (everything remains consistent) * To apply committed changes, user will need to run "restart serial console" to complete the process or reboot the whole router * Added additional flags and target filtering for generic use of helpers. (cherry picked from commit bc9049ebd76576d727fa87b10b96d1616950237c)
2024-07-30ipsec: T6148: Fixed reset command by adding init after terminating (#3763)aapostoliuk
Strongswan does not initiate session after termination via vici. Added an CHILD SAs initialization on the initiator side of the tunnel. (cherry picked from commit 8838b29180ccc26d2aca0c22c9c8ca5e274825b2)
2024-07-26vxlan: T6505: Support VXLAN VLAN-VNI range mapping in CLI (#3756)Nataliia S
(cherry picked from commit 115e99630a317cab62c6f99e0461f6ce2c1edaf3)
2024-07-24smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on ↵Christian Breunig
deletion Now that interfaces are deleted from ct_iface_map during deletion it's time to also add a smoketest ensuring there is no entry in the ct_iface_map once an interface was deleted from the CLI. (cherry picked from commit 1c42ee9d16dd49fff2cbde652bf24a38f364526c)
2024-07-24interface: T6592: remove interface from conntrack ct_iface_map on deletionChristian Breunig
We always have had stale interface entries in the ct_iface_map of nftables/ conntrack for any interface that once belonged to a VRF. This commit will always clean the nftables interface map when the interface is deleted from the system. (cherry picked from commit 17c12bde5c6f314311e7524842fd1ddc254009b4)
2024-07-24op_mode: T6593: Release DHCP interface does not workNataliia Solomko
(cherry picked from commit 92461c35c7ef131940c885aca894a2d8b3c89592)
2024-07-22utils: T5195: fix timeout commentChristian Breunig
(cherry picked from commit 11b273108d78ab1588be3c077f40b2ac876369a4)
2024-07-20interfaces: T6592: moving an interface between VRF instances failedChristian Breunig
To reproduce: set vrf name mgmt table '150' set vrf name no-mgmt table '151' set interfaces ethernet eth2 vrf 'mgmt' commit set interfaces ethernet eth2 vrf no-mgmt commit This resulted in an error while interacting with nftables: [Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 } The reason is that the old mapping entry still exists and was not removed. This commit adds a new utility function get_vrf_tableid() and compares the current and new VRF table IDs assigned to an interface. If the IDs do not match, the nftables ct_iface_map entry is removed before the new entry is added. (cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d)
2024-07-17configdep: T6559: use single dependency list with reset under configdJohn Estabrook
(cherry picked from commit 52d08b1ec5b2943744daac7123e35fd415f85db2)
2024-07-17configdep: T6559: drop global redundancy removal to fix error reportingJohn Estabrook
(cherry picked from commit 7249d10f1fbb3f90a4bdbcd0223926d0380ddd3a)
2024-06-26interfaces: T6519: harden config migration if ethernet interface is missingChristian Breunig
During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator (cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)
2024-06-24vyos.utils: T6504: add interactive op-/configure mode support for ↵Christian Breunig
get_current_user() (cherry picked from commit 710bb184045baa85897d589ffbc8af14b0fce629)
2024-06-24T6489: add abstraction vyos.utils.configfs to work natively with the config ↵Christian Breunig
filesystem (cherry picked from commit d7a18a3da949bfa3df89661cc0871e8f23b18a10)
2024-06-24T6489: add abstraction vyos.utils.auth.get_current_user()Christian Breunig
(cherry picked from commit e1a34e661d3e5f0090550796ac266dac15e1e337)
2024-06-24T6489: add vyos_configdir to the dictionary of default directoriesChristian Breunig
(cherry picked from commit f0923acffbef04c1f8cf2a6c8a9e2afd66c4a494)
2024-06-21op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot (cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
2024-06-19macsec: T5447: fix error message syntax - there is no tx and rx key, only keyChristian Breunig
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
2024-06-10op-mode: T6471: add optimized get_config_dictJohn Estabrook
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu
2024-06-09op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile.
2024-06-06grub: T6453: Fixed GRUB variables parsingzsdc
To parse variables with `=` a variable name should be limited by alphanumerical characters only.
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-06Merge pull request #3573 from talmakion/bugfix/T6401-2Daniil Baturin
vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need it
2024-06-05migration: T6006: add activation script dir and helper functionJohn Estabrook
2024-06-05migration: T6447: add module compose_configJohn Estabrook
2024-06-05migration: T6006: update config.boot.default and move to vyos-1xJohn Estabrook
2024-06-01vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need itAndrew Topp
`bridge vni show dev vxlanX` will exit with an error if no VNI filters are installed, but the getter is used even when we haven't installed any. This fix avoids fetching a list of VNI filters unless we know we've created some.
2024-05-30vyos.ifconfig: T6421: verify /etc/hostname exists before readingChristian Breunig
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com>
2024-05-27T5786: Add set/show system image to /image endpointkhramshinr
2024-05-23Merge pull request #3399 from 0xThiebaut/suricataChristian Breunig
suricata: T751: Initial support for suricata
2024-05-22Merge pull request #3502 from dmbaturin/T6385-yes-no-ctrl-cChristian Breunig
vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_no
2024-05-22vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_noDaniil Baturin
and return False if the user interrupts the prompt with Ctrl-C
2024-05-22rollback-soft: T6384: tell the user to compare or commitDaniil Baturin
after applying the diff
2024-05-21Merge pull request #3494 from HollyGurza/T6373Christian Breunig
T6373: QoS Policy Limiter - classes for marked traffic do not work
2024-05-21T6373: QoS Policy Limiter - classes for marked traffic do not workkhramshinr
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum>
2024-05-17T6354: do an explicit read from version file to avoid circular referenceJohn Estabrook
2024-05-17T6354: Get rid of the custom boot type check in version.pykhramshinr