summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)Author
2024-10-18pki: T4914: Rewrite the PKI op mode in the new styleNataliia Solomko
2024-10-09pki: T6766: Add support for ECDSA private keyssarthurdev
2024-10-08Merge pull request #4128 from jestabro/commit-confirm-soft-rollbackJohn Estabrook
config-mgmt: T5976: add option for commit-confirm to use 'soft' rollback
2024-10-08config-mgmt: T5976: display message when reverting to previous configJohn Estabrook
2024-10-07Merge pull request #4138 from natali-rs1985/T4318-currentJohn Estabrook
vyos.configtree: T4318: Allow set tag flag to true or false
2024-10-07vyos.configtree: T4318: Allow set tag flag to true or falseNataliia Solomko
2024-10-07Merge pull request #4124 from dmbaturin/T6740-set-to-config-converterJohn Estabrook
cli: T6740: add a converter from set commands to config
2024-10-07cli: T6740: set_tag on created paths and add parse step for orderingJohn Estabrook
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2024-10-05config-mgmt: T5976: add option for commit-confirm to use 'soft' rollbackJohn Estabrook
Commit-confirm will restore a previous configuration if a confirmation is not received in N minutes. Traditionally, this was restored by a reboot into the last configuration on disk; add a configurable option to reload the last completed commit without a reboot. The default setting is to reboot.
2024-10-05config-mgmt: T5976: normalize formattingJohn Estabrook
2024-10-04Merge pull request #4123 from nicolas-fort/fwall_set_commandsDaniil Baturin
T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset.
2024-10-03cli: T6740: add a converter from set commands to configDaniil Baturin
2024-10-03T6760: firewall: add packet modifications existing in policy route to ↵Nicolas Fort
regular firewall ruleset.
2024-10-03vyos.configtree: T6742: add bindings for create_node and is_leaf/set_leaf ↵Daniil Baturin
(#4109)
2024-09-30Merge pull request #4024 from nicolas-fort/T6687Daniil Baturin
T6687: add fqdn support to nat rules.
2024-09-21ethtool: T6729: drop text based feature parsing in favour of JSONChristian Breunig
Recent ethtool 6.10 supports JSON output for the base driver features. Remove our old text based processing code and use the machine readable output of ethtool.
2024-09-20op-mode: T4833: Include wireguard peer name in interface summary reportNataliia Solomko
2024-09-19wireless: T6709: fix missing wpa_supplicant configurationChristian Breunig
Commit 0ee8d5e35 ("ethernet: T6709: move EAPoL support to common framework") added support to also have EAPoL on other interface types then ethernet. This introduced a regression where the wireless interface wpa_supplicant configuration would get deleted.
2024-09-16Merge pull request #4020 from c-po/secure-bootChristian Breunig
T861: op-mode: initial parts for UEFI secure boot CLI
2024-09-16T861: op-mode: "show version" will display secure boot stateChristian Breunig
vyos@vyos:~$ show ver ... Architecture: x86_64 Boot via: installed image System type: KVM guest Secure Boot: enabled ...
2024-09-16T6687: add fqdn support to nat rules.Nicolas Fort
2024-09-14ethernet: T6709: move EAPoL support to common frameworkChristian Breunig
Instead of having EAPoL (Extensible Authentication Protocol over Local Area Network) support only available for ethernet interfaces, move this to common ground at vyos.ifconfig.interface making it available for all sorts of interfaces by simply including the XML portion #include <include/interface/eapol.xml.i>
2024-09-14T861: add dependency to enable UEFI secure boot supportChristian Breunig
2024-09-12Merge pull request #4021 from natali-rs1985/T6652-currentDaniil Baturin
openfabric: T6652: Add support for OpenFabric protocol
2024-09-11T6294: Service dns forwarding add the ability to configure ZonetoCachekhramshinr
2024-09-11Merge pull request #4023 from nvollmar/T6679Christian Breunig
T6679: add group option for nat66
2024-09-10T6698: firewall: add matcher for vlan type. (#4027)Nicolás Fort
2024-09-04openfabric: T6652: Add support for OpenFabric protocolNataliia Solomko
OpenFabric is a routing protocol providing link-state routing with efficient flooding for topologies like spine-leaf networks. FRR implements OpenFabric in a daemon called fabricd
2024-09-02T6679: add destination groupsNicolas Vollmar
2024-09-02Merge pull request #4018 from nicolas-fort/T6647Daniil Baturin
T6647: firewall. Introduce patch for accepting invalid ARP and DHCP
2024-08-28T6647: firewall. Introduce patch for accepting ARP and DHCP replies on ↵Nicolas Fort
stateful bridge firewall. This patch is needed because ARP and DHCP are marked as invalid connections. Also, add ehternet-type matcher in bridge firewall.
2024-08-25configdep: T6671: run dependency only if not scheduled by priorityJohn Estabrook
2024-08-25configdiff: T5666: provide list of scripts scheduled for proposed commitJohn Estabrook
2024-08-25xml: T5666: add with_tag keyword arg to ownerJohn Estabrook
2024-08-20Merge pull request #3977 from natali-rs1985/T5743-currentChristian Breunig
T5743: HTTPS API ability to import PKI certificates
2024-08-18xml: T6650: fix unused ArgumentTypeError imported from argparseChristian Breunig
2024-08-15utils: T6658: fix write_file check in case of empty directory pathJohn Estabrook
2024-08-14Merge pull request #3980 from natali-rs1985/T6651-currentChristian Breunig
op_mode: T6651: Add a top level op mode word "execute"
2024-08-14Merge pull request #3981 from nicolas-fort/T6646Daniil Baturin
T6646: conntrack: in ignore rules, if protocols=all, do not append it to the rule
2024-08-14Merge pull request #3971 from jestabro/op-mode-cacheDaniil Baturin
xml: T6650: add initial op-mode cache support
2024-08-14T6646: conntrack: in ignore rules, if protocols=all, do not append it to the ↵Nicolas Fort
rule
2024-08-14op_mode: T6651: Add a top level op mode word "execute"Nataliia Solomko
2024-08-13T5743: HTTPS API ability to import PKI certificatesNataliia Solomko
2024-08-12T6648: dhcpv6-server: align stateless DHCPv6 options with statefulLucas Christian
2024-08-12configverify: T6642: verify_interface_exists requires config_dict argJohn Estabrook
The function verify_interface_exists requires a reference to the ambient config_dict rather than creating an instance. As access is required to the 'interfaces' path, provide as attribute of class ConfigDict, so as not to confuse path searches of script-specific config_dict instances.
2024-08-12xml: T6650: add initial op-mode cache supportJohn Estabrook
2024-08-09T6643: firewall: fix ip address range parsing on firewall rules.Nicolas Fort
2024-08-08qos: T6638: require interface state existence in verify conditionalJohn Estabrook
2024-08-07configd: T6640: enforce in_session returns False under configdJohn Estabrook
The CStore in_session check is a false positive outside of a config session if a specific environment variable is set with an existing referent in unionfs. To allow extensions when running under configd and avoid confusion, enforce in_session returns False.
2024-08-04firewall: T4694: Adding GRE flags & fields matches to firewall rulesAndrew Topp
* Only matching flags and fields used by modern RFC2890 "extended GRE" - this is backwards-compatible, but does not match all possible flags. * There are no nftables helpers for the GRE key field, which is critical to match individual tunnel sessions (more detail in the forum post) * nft expression syntax is not flexible enough for multiple field matches in a single rule and the key offset changes depending on flags. * Thus, clumsy compromise in requiring an explicit match on the "checksum" flag if a key is present, so we know where key will be. In most cases, nobody uses the checksum, but assuming it to be off or automatically adding a "not checksum" match unless told otherwise would be confusing * The automatic "flags key" check when specifying a key doesn't have similar validation, I added it first and it makes sense. I would still like to find a workaround to the "checksum" offset problem. * If we could add 2 rules from 1 config definition, we could match both cases with appropriate offsets, but this would break existing FW generation logic, logging, etc. * Added a "test_gre_match" smoketest