summaryrefslogtreecommitdiff
path: root/src/validators
AgeCommit message (Collapse)Author
2021-12-31Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into currentChristian Poessinger
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python
2021-12-12validator: T4036: validate if multicast address is single (no netmask)Christian Poessinger
2021-12-07T3006: add a range validatorDaniil Baturin
2021-12-06firewall: T2199: Migrate firewall to XML/Pythonsarthurdev
2021-12-06validators: T4053: Fix exit code for scriptViacheslav
2021-12-06validators: T4052: Fix for warn message in the validator scriptViacheslav
Validator expects variable "script" for the Warning message But it gets undeclared "path"
2021-12-04bgp: T4042: bugfix route-distinguisher value rangeChristian Poessinger
2021-12-04validators: T4042: rename bgp-route-target -> bgp-rd-rtChristian Poessinger
2021-10-12validators: T3868: Allow asterisk symbol in bgp-large-community-listViacheslav
2021-09-18validator: T2417: bugfix on Python3 f'ormat stringsChristian Poessinger
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword.
2021-08-31ssh: T3789: add custom validator for base64 encoded CLI dataChristian Poessinger
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded.
2021-08-24bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differChristian Poessinger
The "l2vpn evpn" address-family route-target command only accepts a single route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The "ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs support multiple, whitespace separated route-target values. This commit adds a new custom validator named "bgp-route-target" with a --single and a --multi option to pass one or more route-target values.
2021-08-24policy: T2425: rename validator large-community-list -> bgp-large-community-listChristian Poessinger
... as we will get another bgp route-target validator soon.
2021-08-18policy: T2425: import exact Perl match criteria for large-community-listChristian Poessinger
2021-08-17policy: T2425: add missing validator for large-community-listsChristian Poessinger
without the validators FRR commit errors would happen.
2021-07-17VRF: T3655: proper connection tracking for VRFszsdc
Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones
2021-06-13wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface treeChristian Poessinger
2021-05-25firewall: T3568: add XML definitions for firewallViacheslav Hletenko
Add XML for configuration mode firewall. Used for future rewriting it to Python style.
2021-05-20sysctl: T3565: initial implementation in XML and PythonChristian Poessinger
migrate from old vyatta-cfg-system / Perl implementation.
2021-05-14conntrack: T3535: migrate codebase from vyatta-conntrack-syncChristian Poessinger
2021-04-27container: T2216: Add binding for ports and volumessever-sever
2021-03-21validate: T3418: interface-name should also allow all local present interfacesChristian Poessinger
The regex only validated interfaces according to the VyOS naming scheme, but third party interfacs that are legit (e.g. exists within the kernel) failed to validate. The validator now also supports any kind of local interfaces attached to the OS kernel.
2021-03-17ipv6: eui64: T3413: add custom validatorChristian Poessinger
VyOS 1.2 (crux) rejected prefixes other then of site /64. [ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ] Error: Prefix lenght is 127. It must be 64. Same should be done on VyOS 1.3 and newer
2021-02-28validators: fqdn: T3370: support "private" or "local" domain namesChristian Poessinger
2021-02-24validators: interface-name script must also support VLAN interfacesChristian Poessinger
2021-02-18validator: T3326: add missing interfaces (e.g. ppp and l2tpv3)Christian Poessinger
2021-02-05xml: add new common "interface-name" validatorChristian Poessinger
2021-01-22dhcpv6: T3240: support per-interface client DUIDsBrandon Stepler
2021-01-16bridge: T3137: Improved verification logicjack9603301
2020-12-20Revert "dhcpv6: T3134: add missing duid support"Christian Poessinger
This reverts commit 9541355433e202fade4692851bffa33ba9d48f44.
2020-12-20dhcpv6: T3134: add missing duid supportChristian Poessinger
2020-11-06validator: ipv4-range: T3050: fix wrong exit code when no range was givenChristian Poessinger
2020-07-24T2727: add a dotted decimal validator.Daniil Baturin
Since it's relatively rarely used, Python's startup time should't be much of a problem.
2020-06-14wireless: T2354: add new validator for phy interfacesChristian Poessinger
2020-05-30vrf: T2530: instance name must be 15 characters or lessChristian Poessinger
2020-05-16nat: T2198: add common ip-protocol validatorChristian Poessinger
It allows IP protocol numbers 0-255, protocol names e.g. tcp, ip, ipv6 and the negated form with a leading "!".
2020-05-16nat: T2198: add ipv4-{address,prefix,rage}-exclude validatorsChristian Poessinger
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT.
2020-05-16nat: T2198: add new ipv4-range validatorChristian Poessinger
2020-05-08T2441: Fix parse errorkroy-the-rabbit
2020-05-09T2431: remove the numeric validator for it now lives in vyos-utils.Daniil Baturin
2020-05-06validator: T2417: try to make the code clearerThomas Mangin
2020-05-02validators: numeric: T2414: improve runtime performanceChristian Poessinger
$ time for i in {1..1000}; do /usr/libexec/vyos/validators/numeric --range 1-9999 666; done real 0m56.933s user 0m48.045s sys 0m9.064s $ time for i in {1..1000}; do /usr/libexec/vyos/validators/numeric--range 1-9999 666; done real 0m44.552s user 0m37.760s sys 0m6.989s This is a performance improvement of 21%, running in an ESXi VM with Quad Intel(R) Xeon(R) CPU E5-2630L v3 @ 1.80GHz.
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-06util: T2226: rewrite timezone validator to use cmdThomas Mangin
2020-04-03vrf: T31: Allow vrf name to look more like interface nameRunar Borge
Fix the regex to allow vrf instances like "eth0vrf" but not to allow "eth0"
2020-04-03validate: mac: autopep8Christian Poessinger
2020-04-03vrf: T31: name of isntance is not allowed to mimic an interface nameChristian Poessinger
Every VRF that's created is not allowed to be named like any interface that can be active on the system. This includes eth, lan, br, dum, lo .... In theoriy this would work but as soon as such a regular interface is created things will go sideways rather quick thus we limit the namespace which can be used to create a VRF. Appending an interface name is still possible like coolvrf-eth0.
2020-03-16syslog: T2131: add generic fqdn validatorChristian Poessinger
2019-12-26time-zone: T1906: migrate to XML/PythonChristian Poessinger
The current node.def based implementtion should be migrated from vyatta-cfg-system to vyos-1x. During the migration also provide a migration script which transforms some ole timezones like "Los_Angeles" into a proper IANA assigned timezone which should be "America/Los_Angeles".
2019-10-19T1749: support multiple ranges in the numeric validator.Daniil Baturin