Age | Commit message (Collapse) | Author |
|
Allow setting ipv6-link-local addresses as peer address for
wireguard interfaces
Add validator "ipv6-link-local"
|
|
(cherry picked from commit 45d2429aa5d2ffafacdc5d9d00b7097169592427)
|
|
(cherry picked from commit c3471fe9d4cf0aab46feae94618925a95bcd5411)
|
|
(cherry picked from commit 001cc6655f1864a46b573dae13c8f33bbf224239)
|
|
Validator expects variable "script" for the Warning message
But it gets undeclared "path"
(cherry picked from commit b6fbe6d3a5e8de4f90aa9fba61ca7491f9959ed0)
|
|
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer")
introduced Python3 f'ormatted strings but missed the "f" keyword.
(cherry picked from commit dda9f655f94968b07043887a03e3bba176eb94d5)
|
|
SSH keys used for remote login are supplied as base64 encoded data on the CLI.
The key is not validated, thus an invalid copy/pasted key will render the login
useless. This commit adds a custom and re-usable validator which check if the
data is properly base64 encoded.
(cherry picked from commit 00efce716912680354d47a2dca9769cd8c5c89ae)
|
|
|
|
|
|
(cherry picked from commit c2a1c071e7d0a9ca754d7f5016eed7db188b3d1a)
|
|
The regex only validated interfaces according to the VyOS naming scheme, but
third party interfacs that are legit (e.g. exists within the kernel) failed
to validate.
The validator now also supports any kind of local interfaces attached to
the OS kernel.
(cherry picked from commit 911fe645928750f3ce38061a94c9b6db50db0749)
|
|
VyOS 1.2 (crux) rejected prefixes other then of site /64.
[ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ]
Error: Prefix lenght is 127. It must be 64.
Same should be done on VyOS 1.3 and newer
(cherry picked from commit 6f6cd6552384704700f08e9367e167796b1f7fde)
|
|
(cherry picked from commit 04724ed189553ce43f8504f68fef8024ef5796de)
|
|
(cherry picked from commit 25b86442d987bf57a801a607648527aaf6158d69)
|
|
(cherry picked from commit f67568bc2307706116f5509fca3a188dc4ab5d48)
|
|
|
|
(cherry picked from commit b23323922939a9ac3b43e0761b0af84dc9e3b47e)
|
|
This reverts commit 9541355433e202fade4692851bffa33ba9d48f44.
|
|
|
|
|
|
Since it's relatively rarely used, Python's startup time should't
be much of a problem.
|
|
|
|
|
|
It allows IP protocol numbers 0-255, protocol names e.g. tcp, ip, ipv6 and the
negated form with a leading "!".
|
|
Exclude validators are required to support the ! (not) operator on the CLI to
exclude addresses from NAT.
|
|
|
|
|
|
|
|
|
|
$ time for i in {1..1000}; do /usr/libexec/vyos/validators/numeric --range 1-9999 666; done
real 0m56.933s
user 0m48.045s
sys 0m9.064s
$ time for i in {1..1000}; do /usr/libexec/vyos/validators/numeric--range 1-9999 666; done
real 0m44.552s
user 0m37.760s
sys 0m6.989s
This is a performance improvement of 21%, running in an ESXi VM with Quad
Intel(R) Xeon(R) CPU E5-2630L v3 @ 1.80GHz.
|
|
- allow configuring IPv6 server addresses and push options
- add IPv6 server client IP pool
- add IPv6 push dhcp-option DNS6
- allow configuring IPv6 server client addresses
- allow configuring IPv6 site-to-site addresses
- validate all IPv6 options and addresses
- use protos that explicitely open an IPv6 listening socket
(tcp6-server, tcp6-client, udp6) as the default on Linux listens on
IPv4 only (https://community.openvpn.net/openvpn/ticket/360)
- add validator for any IPv6 address, host or network (used by pool)
|
|
|
|
Fix the regex to allow vrf instances like "eth0vrf" but not to allow
"eth0"
|
|
|
|
Every VRF that's created is not allowed to be named like any interface that
can be active on the system. This includes eth, lan, br, dum, lo ....
In theoriy this would work but as soon as such a regular interface is created
things will go sideways rather quick thus we limit the namespace which can
be used to create a VRF.
Appending an interface name is still possible like coolvrf-eth0.
|
|
|
|
The current node.def based implementtion should be migrated from
vyatta-cfg-system to vyos-1x. During the migration also provide a migration
script which transforms some ole timezones like "Los_Angeles" into a proper
IANA assigned timezone which should be "America/Los_Angeles".
|
|
|
|
Verify if a file exists or not on the system. Can be called by:
<constraint>
<validator name="file-exists" argument="--directory /config/auth"/>
</constraint>
The --directory option is used to ensure a given file path lies under this
(mandatory) directory. A directory can be mandatory when the optional argument
-e, --error is used. This will return '1' instead of '0'.
|
|
|
|
- added a validator for checking if the address is any cidr noted address
|
|
|
|
https://phabricator.vyos.net/T772
|
|
|
|
|
|
|
|
|
|
|