Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-08-15 | macsec: T4537: support online ciper and source-interface re-configuration | Christian Poessinger | |
(cherry picked from commit 82d8494d349edd7707c3811a71ca0e9c0648204e) | |||
2022-08-13 | Fix missing dict_search import in interfaces-macsec.py | Daniil Baturin | |
2022-08-01 | macsec: T3368: check key length for gcm-aes-128/gcm-aes-256 | Christian Poessinger | |
(cherry picked from commit a09359828e38c5b51a4579af16b5ea263a98233f) | |||
2022-07-18 | interfaces: T4525: interfaces can not be member of a bridge/bond and a VRF | Christian Poessinger | |
(cherry picked from commit 81e0f4a8dece85da7169ba05448e870206aaf57b) | |||
2021-02-03 | xml: T3239: override default mtu values and remove workarounds | John Estabrook | |
(cherry picked from commit ea4c72ed0dbcee3f7e8f9693c5310190833651d8) | |||
2020-10-01 | macsec: T2023: use proper config path for source-interface on removal | Christian Poessinger | |
The config path is altered in get_interface_dict() to the base of the interface in question, e.g. 'interfaces macsec macsec1' - this must be reflected when calling othe methods of Config(). | |||
2020-09-30 | macsec: T2023: only remove interface when it exists | Christian Poessinger | |
If for whatever reason the macsec interface dropped out of the Kernel - only call .remove() when it still exists to avoid any exceptions at all. | |||
2020-09-26 | macsec: vxlan: T2653: bugfix in verify() on lower interface MTU size | Christian Poessinger | |
Introduced in commit 818a75c024e ("ifconfig: T2653: get_mtu() should return int() for easier comparison") where the variable used in the formatted string has not been adjusted. | |||
2020-09-26 | ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface | Christian Poessinger | |
Using an MTU less then the required 1280 bytes (as per RFC) on an interface where IPv6 is not explicitly disabled by: - set interfaces ethernet eth1 ipv6 address no-default-link-local - not having any other IPv6 address configured Will now trigger a commit error via verify() instead of raising FileNotFoundError! | |||
2020-09-25 | ifconfig: T2653: get_mtu() should return int() for easier comparison | Christian Poessinger | |
2020-09-22 | ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdict | Christian Poessinger | |
2020-09-21 | macsec: T2788: source-interface must not be member of a bridge | Christian Poessinger | |
Add verify() step to ensure the macsec source-interface is not already part of a bridge interface. This should probably also be checked for bond interfaces. | |||
2020-09-20 | macsec: T2023: add missing mtu CLI option | Christian Poessinger | |
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come. | |||
2020-09-20 | ifconfig: T2653: remove duplicates of get_config() | Christian Poessinger | |
A lot of derived classes from Interface implemented their own get_config() method which more or less was the same everywhere. We also hat different qualifiers like @staticmethod or @classmethod. This is now changed to only have the @classmethod in Interface base class which will return the necessary dictionary keys for the required interfaces. This change is a mid reduction in lines of code which is always a very nice thing! | |||
2020-08-31 | configd: T2582: add scripts to include list for daemon | John Estabrook | |
2020-07-25 | ifconfig: T2653: make ifname an optional argument to get_interface_dict() | Christian Poessinger | |
Further reduce the boiler-plate code to determine interface tag node or not. It can be passed into get_interface_dict() if explicitly required - else it is taken from the environment. | |||
2020-07-25 | interfaces: ifconfig: T2653: migrate to get_interface_dict() API | Christian Poessinger | |
After switching from raw parsing of the interface options to get_config_dict() this utilizes another utility function which wraps get_config_dict() and adds other common and reused parameters (like deleted or bridge member). Overall this drops redundant code (again) and makes the rest more maintainable as we only utilize a single function. | |||
2020-07-01 | Merge pull request #486 from jestabro/sub_dict | Christian Poessinger | |
2020-07-01 | config: T2667: adapt for refinements to get_config_dict | John Estabrook | |
2020-07-01 | ifconfig: T2653: use better names for vyos.configverify functions | Christian Poessinger | |
2020-06-27 | xml: T2656: do not flatten dict by default | Christian Poessinger | |
2020-06-27 | ifconfig: T2653: macsec switch to default dictionary | Christian Poessinger | |
2020-06-27 | ifconfig: T2653: move macsec interface to get_config_dict() | Christian Poessinger | |
2020-05-29 | airbag: T2088: explicit enabling of the feature | Thomas Mangin | |
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing) | |||
2020-05-22 | macsec: T2491: add replay window protection | Christian Poessinger | |
2020-05-22 | macsec: T2023: flake8/autopep8 corrections | Christian Poessinger | |
2020-05-22 | macsec: T2023: fix wrong use or f-format string | Christian Poessinger | |
2020-05-22 | macsec: T2023: remove unused import | Christian Poessinger | |
2020-05-21 | macsec: T2023: delete wpa_supplicant config when interface is removed | Christian Poessinger | |
2020-05-21 | macsec: T2023: stop wpa_supplicant on interface deletion | Christian Poessinger | |
2020-05-21 | macsec: T2023: cleanup wpa_supplicant config file name | Christian Poessinger | |
2020-05-21 | macsec: T2023: improve verify() when encryption is enabled | Christian Poessinger | |
With enabled encryption keys must be configured. | |||
2020-05-21 | macsec: T2023: support MACsec Key Agreement protocol actor priority | Christian Poessinger | |
2020-05-21 | macsec: T2023: rename "security key" node to "security mka" | Christian Poessinger | |
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that. | |||
2020-05-21 | macsec: T2023: use wpa_supplicant for key management | Christian Poessinger | |
2020-05-21 | macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node | Christian Poessinger | |
This is best suited as a key is required, too. | |||
2020-05-21 | macsec: T2023: cipher suite is mandatory | Christian Poessinger | |
2020-05-21 | macsec: T2023: use list when working with Config() | Christian Poessinger | |
2020-05-21 | macsec: T2023: add optional encryption command | Christian Poessinger | |
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt | |||
2020-05-21 | macsec: T2023: add initial XML and Python interfaces | Christian Poessinger | |