diff options
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/firewall.py | 3 | ||||
| -rw-r--r-- | python/vyos/ifconfig/interface.py | 28 | ||||
| -rw-r--r-- | python/vyos/pki.py | 2 | ||||
| -rw-r--r-- | python/vyos/utils/convert.py | 23 | ||||
| -rw-r--r-- | python/vyos/utils/io.py | 5 |
5 files changed, 46 insertions, 15 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py index 946050a82..d9d605a9d 100644 --- a/python/vyos/firewall.py +++ b/python/vyos/firewall.py @@ -488,9 +488,6 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name): if synproxy_ws: output.append(f'wscale {synproxy_ws} timestamp sack-perm') - else: - output.append('return') - output.append(f'comment "{family}-{hook}-{fw_name}-{rule_id}"') return " ".join(output) diff --git a/python/vyos/ifconfig/interface.py b/python/vyos/ifconfig/interface.py index 1b86982c4..f0897bc21 100644 --- a/python/vyos/ifconfig/interface.py +++ b/python/vyos/ifconfig/interface.py @@ -1,4 +1,4 @@ -# Copyright 2019-2023 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2019-2024 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -193,6 +193,9 @@ class Interface(Control): 'validate': assert_positive, 'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits', }, + 'ipv6_cache_tmo': { + 'location': '/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms', + }, 'path_cost': { # XXX: we should set a maximum 'validate': assert_positive, @@ -261,6 +264,9 @@ class Interface(Control): 'ipv6_dad_transmits': { 'location': '/proc/sys/net/ipv6/conf/{ifname}/dad_transmits', }, + 'ipv6_cache_tmo': { + 'location': '/proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms', + }, 'proxy_arp': { 'location': '/proc/sys/net/ipv4/conf/{ifname}/proxy_arp', }, @@ -613,6 +619,21 @@ class Interface(Control): return None return self.set_interface('arp_cache_tmo', tmo) + def set_ipv6_cache_tmo(self, tmo): + """ + Set IPv6 cache timeout value in seconds. Internal Kernel representation + is in milliseconds. + + Example: + >>> from vyos.ifconfig import Interface + >>> Interface('eth0').set_ipv6_cache_tmo(40) + """ + tmo = str(int(tmo) * 1000) + tmp = self.get_interface('ipv6_cache_tmo') + if tmp == tmo: + return None + return self.set_interface('ipv6_cache_tmo', tmo) + def _cleanup_mss_rules(self, table, ifname): commands = [] results = self._cmd(f'nft -a list chain {table} VYOS_TCP_MSS').split("\n") @@ -1698,6 +1719,11 @@ class Interface(Control): for addr in tmp: self.add_ipv6_eui64_address(addr) + # Configure IPv6 base time in milliseconds - has default value + tmp = dict_search('ipv6.base_reachable_time', config) + value = tmp if (tmp != None) else '30' + self.set_ipv6_cache_tmo(value) + # re-add ourselves to any bridge we might have fallen out of if 'is_bridge_member' in config: tmp = config.get('is_bridge_member') diff --git a/python/vyos/pki.py b/python/vyos/pki.py index 3c577db4d..27fe793a8 100644 --- a/python/vyos/pki.py +++ b/python/vyos/pki.py @@ -146,7 +146,7 @@ def create_certificate_request(subject, private_key, subject_alt_names=[]): if isinstance(obj, ipaddress.IPv4Address) or isinstance(obj, ipaddress.IPv6Address): alt_names.append(x509.IPAddress(obj)) elif isinstance(obj, str): - alt_names.append(x509.DNSName(obj)) + alt_names.append(x509.RFC822Name(obj) if '@' in obj else x509.DNSName(obj)) if alt_names: builder = builder.add_extension(x509.SubjectAlternativeName(alt_names), critical=False) diff --git a/python/vyos/utils/convert.py b/python/vyos/utils/convert.py index c02f0071e..41e65081f 100644 --- a/python/vyos/utils/convert.py +++ b/python/vyos/utils/convert.py @@ -1,4 +1,4 @@ -# Copyright 2023 VyOS maintainers and contributors <maintainers@vyos.io> +# Copyright 2023-2024 VyOS maintainers and contributors <maintainers@vyos.io> # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -19,38 +19,43 @@ def seconds_to_human(s, separator=""): """ s = int(s) + year = 60 * 60 * 24 * 365.25 week = 60 * 60 * 24 * 7 day = 60 * 60 * 24 hour = 60 * 60 - remainder = 0 - result = "" + result = [] + + years = s // year + if years > 0: + result.append(f'{int(years)}y') + s = int(s % year) weeks = s // week if weeks > 0: - result = "{0}w".format(weeks) + result.append(f'{weeks}w') s = s % week days = s // day if days > 0: - result = "{0}{1}{2}d".format(result, separator, days) + result.append(f'{days}d') s = s % day hours = s // hour if hours > 0: - result = "{0}{1}{2}h".format(result, separator, hours) + result.append(f'{hours}h') s = s % hour minutes = s // 60 if minutes > 0: - result = "{0}{1}{2}m".format(result, separator, minutes) + result.append(f'{minutes}m') s = s % 60 seconds = s if seconds > 0: - result = "{0}{1}{2}s".format(result, separator, seconds) + result.append(f'{seconds}s') - return result + return separator.join(result) def bytes_to_human(bytes, initial_exponent=0, precision=2, int_below_exponent=0): diff --git a/python/vyos/utils/io.py b/python/vyos/utils/io.py index 7e6045291..a8c430f28 100644 --- a/python/vyos/utils/io.py +++ b/python/vyos/utils/io.py @@ -27,7 +27,7 @@ def print_error(str='', end='\n'): sys.stderr.flush() def ask_input(question, default='', numeric_only=False, valid_responses=[], - no_echo=False): + no_echo=False, non_empty=False): from getpass import getpass question_out = question if default: @@ -48,6 +48,9 @@ def ask_input(question, default='', numeric_only=False, valid_responses=[], if valid_responses and response not in valid_responses: print("Invalid value, try again.") continue + if non_empty and not response: + print("Non-empty value required; try again.") + continue break return response |