Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-09-26 | ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface | Christian Poessinger | |
Using an MTU less then the required 1280 bytes (as per RFC) on an interface where IPv6 is not explicitly disabled by: - set interfaces ethernet eth1 ipv6 address no-default-link-local - not having any other IPv6 address configured Will now trigger a commit error via verify() instead of raising FileNotFoundError! | |||
2020-09-25 | ifconfig: T2653: get_mtu() should return int() for easier comparison | Christian Poessinger | |
2020-09-22 | ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdict | Christian Poessinger | |
2020-09-21 | macsec: T2788: source-interface must not be member of a bridge | Christian Poessinger | |
Add verify() step to ensure the macsec source-interface is not already part of a bridge interface. This should probably also be checked for bond interfaces. | |||
2020-09-20 | macsec: T2023: add missing mtu CLI option | Christian Poessinger | |
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come. | |||
2020-09-20 | ifconfig: T2653: remove duplicates of get_config() | Christian Poessinger | |
A lot of derived classes from Interface implemented their own get_config() method which more or less was the same everywhere. We also hat different qualifiers like @staticmethod or @classmethod. This is now changed to only have the @classmethod in Interface base class which will return the necessary dictionary keys for the required interfaces. This change is a mid reduction in lines of code which is always a very nice thing! | |||
2020-08-31 | configd: T2582: add scripts to include list for daemon | John Estabrook | |
2020-07-25 | ifconfig: T2653: make ifname an optional argument to get_interface_dict() | Christian Poessinger | |
Further reduce the boiler-plate code to determine interface tag node or not. It can be passed into get_interface_dict() if explicitly required - else it is taken from the environment. | |||
2020-07-25 | interfaces: ifconfig: T2653: migrate to get_interface_dict() API | Christian Poessinger | |
After switching from raw parsing of the interface options to get_config_dict() this utilizes another utility function which wraps get_config_dict() and adds other common and reused parameters (like deleted or bridge member). Overall this drops redundant code (again) and makes the rest more maintainable as we only utilize a single function. | |||
2020-07-01 | Merge pull request #486 from jestabro/sub_dict | Christian Poessinger | |
2020-07-01 | config: T2667: adapt for refinements to get_config_dict | John Estabrook | |
2020-07-01 | ifconfig: T2653: use better names for vyos.configverify functions | Christian Poessinger | |
2020-06-27 | xml: T2656: do not flatten dict by default | Christian Poessinger | |
2020-06-27 | ifconfig: T2653: macsec switch to default dictionary | Christian Poessinger | |
2020-06-27 | ifconfig: T2653: move macsec interface to get_config_dict() | Christian Poessinger | |
2020-05-29 | airbag: T2088: explicit enabling of the feature | Thomas Mangin | |
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing) | |||
2020-05-22 | macsec: T2491: add replay window protection | Christian Poessinger | |
2020-05-22 | macsec: T2023: flake8/autopep8 corrections | Christian Poessinger | |
2020-05-22 | macsec: T2023: fix wrong use or f-format string | Christian Poessinger | |
2020-05-22 | macsec: T2023: remove unused import | Christian Poessinger | |
2020-05-21 | macsec: T2023: delete wpa_supplicant config when interface is removed | Christian Poessinger | |
2020-05-21 | macsec: T2023: stop wpa_supplicant on interface deletion | Christian Poessinger | |
2020-05-21 | macsec: T2023: cleanup wpa_supplicant config file name | Christian Poessinger | |
2020-05-21 | macsec: T2023: improve verify() when encryption is enabled | Christian Poessinger | |
With enabled encryption keys must be configured. | |||
2020-05-21 | macsec: T2023: support MACsec Key Agreement protocol actor priority | Christian Poessinger | |
2020-05-21 | macsec: T2023: rename "security key" node to "security mka" | Christian Poessinger | |
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that. | |||
2020-05-21 | macsec: T2023: use wpa_supplicant for key management | Christian Poessinger | |
2020-05-21 | macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node | Christian Poessinger | |
This is best suited as a key is required, too. | |||
2020-05-21 | macsec: T2023: cipher suite is mandatory | Christian Poessinger | |
2020-05-21 | macsec: T2023: use list when working with Config() | Christian Poessinger | |
2020-05-21 | macsec: T2023: add optional encryption command | Christian Poessinger | |
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt | |||
2020-05-21 | macsec: T2023: add initial XML and Python interfaces | Christian Poessinger | |