summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-07-25vyos.util: add common helper to load kernel modulesChristian Poessinger
l2tpv3, wireguard, wirelessmodem, nat all require additional Kernel modules to be present on the system. Each and every interface implemented their own way of loading a module - by copying code. Use a generic function, vyos.util.check_kmod() to load any arbitrary kernel module passed as string or list.
2020-07-24T2727: add a dotted decimal validator.Daniil Baturin
Since it's relatively rarely used, Python's startup time should't be much of a problem.
2020-07-22Merge pull request #481 from thomas-mangin/T2582John Estabrook
xml: T2582: use xml for is_tag and is_leaf
2020-07-22xml: T2582: use xml for is_tag and is_leafThomas Mangin
2020-07-22Merge pull request #499 from jestabro/config_sourceJohn Estabrook
T2707: allow alternative initialization data for config config: T2707: use ConfigSource and refactor Config methods load-config: subclass ConfigSourceSession instead of Config http-api: remove unneeded check for VyOSError config: T2707: add ConfigSource classes for alternative init data
2020-07-22config: T2707: use ConfigSource and refactor Config methodsJohn Estabrook
2020-07-22load-config: subclass ConfigSourceSession instead of ConfigJohn Estabrook
2020-07-22http-api: remove unneeded check for VyOSErrorJohn Estabrook
The only calls to config (return_value, return_values, exists) do not throw VyOSError; remove unneeded except.
2020-07-22config: T2707: add ConfigSource classes for alternative init dataJohn Estabrook
2020-07-22Merge pull request #516 from varesa/T2725-fix-system-loginDaniil Baturin
T2725: Fix config parse for users without passwords
2020-07-22T2725: Fix config parse for users without passwordsEsa Varemo
Fix for https://phabricator.vyos.net/T2725 T2492 / a07e22377ab83104ac925e13d1824f241f0f8d4a introduced a change which broke the initialization of the user dict. In case the config contained an user without an encrypted-password set, the property would be missing and the commit would crash with `KeyError: 'password_encrypted'`
2020-07-21Merge pull request #512 from sever-sever/T2658Daniil Baturin
interfaces: T2658: Fix description length
2020-07-21interfaces: T2658: Fix description lengthsever-sever
2020-07-21Merge pull request #511 from sever-sever/T2718Christian Poessinger
ntp: T2718: Change template for correct server names
2020-07-21ntp: T2718: Change template for correct server namessever-sever
2020-07-20Merge pull request #509 from efficiosoft/t2717_dhcp_pool_sizeChristian Poessinger
dhcp-server: T2717: Fix DHCP pool size in statistics
2020-07-20dhcp-server: T2717: Fix DHCP pool size in statisticsRobert Schindler
The calculated size of DHCP server address pools was not corrent. The fact that both boundaries of address ranges are inclusive wasn't accounted for, so the calculated size was too small by 1 address per range.
2020-07-19Merge pull request #507 from jjakob/nft-translation-address-T2709Christian Poessinger
nat: T2709: remove 'translation address' mandatory check
2020-07-19Merge pull request #506 from jjakob/broadcast-fix-T2519Christian Poessinger
interface: T2519: add broadcast address when adding IPv4 addresses
2020-07-19nat: T2709: remove 'translation address' mandatory checkJernej Jakob
Rules without a translation address are also valid, they'll modify just the port and leave the address intact. This also used to be a valid syntax and it caused an error on upgrade.
2020-07-19interface: T2519: add broadcast address when adding IPv4 addressesJernej Jakob
This adds the last IP of the subnet being added as the broadcast address. Example: adding 192.0.2.1/24 would yield: inet 192.0.2.1/24 brd 192.0.2.255 scope global dum0 Without this the broadcast address would be missing. Addidionally join two is_ipv4 calls into one.
2020-07-19Merge pull request #500 from dmbaturin/currentDaniil Baturin
Improve readability of the port validation. Also fixes T2708.
2020-07-19broadcast-relay: T2712: migrate to get_config_dict()Christian Poessinger
Add additional verify() stage to check that the relaying interface actually exists on the system.
2020-07-19monitor: ndp: T2706: properly rename XML definitionChristian Poessinger
Commit 3435b251 ("monitor: ndp: T2706: remove ability to send commands") flipped the filename and placed the tree in front of the subtree. Unfurtunately I mixed up NTP and NDP. This has been corrected.
2020-07-18Merge pull request #505 from jestabro/config_diffJohn Estabrook
configdiff: T2689: add configdiff class
2020-07-18configdiff: T2689: add configdiff classJohn Estabrook
The configdiff class provides: (1) An abstract representation of VyOS config state, for use in configuration mode scripts. (2) Methods to query the differences between the effective and session config.
2020-07-18monitor: ndp: T2706: remove ability to send commandsChristian Poessinger
The "monitor" operational mode tree is for listening in on logfiles, chatter on the wire or other things - it subscribes to the system. Hence it should under no circumstances - ever - generate data. Sending our those requests, same as e.g. calling ndisc6 should be placed under a different node. Which one? I yet have no idea.
2020-07-18vyos.ifconfig: T2673: Fix admin state if the mac address is changed for an ↵srividya0208
interface Changes are made in the interface.py script in order to bring the admin state to 'UP' after the mac is manually added in system config.The script is marking the interface from up to down state(as the MAC address can only be changed if interface is in 'down' state) but it is not bringing it up after the change
2020-07-18T2704: force newlines after listActiveNode output.Daniil Baturin
2020-07-18T2710: make most "run show interfaces $type" commands work again.Daniil Baturin
2020-07-17Merge pull request #496 from jack9603301/currentChristian Poessinger
ndptool: T2706: Support NDP protocol monitoring
2020-07-18ndptool: T2706: Support NDP protocol monitoringjack9603301
It supports NDP protocol monitoring. The submission supports the following features: - Support the monitoring of specified port or all ports - Supports monitoring of specific message types - Support sending specific NDP message
2020-07-17config: T2689: cache config_dictJohn Estabrook
This is a minor modification of the implementation by Thomas Mangin.
2020-07-16Merge pull request #501 from srividya0208/new_changeChristian Poessinger
pseudo-ethernet: T2626: Fix for changing interface mode
2020-07-16pseudo-ethernet: T2626: Fix for changing interface modesrividya0208
Since it is not impossible to change MACVLAN interface mode on the fly, this fix adds a new one trigger to recreate it from scratch if the mode changed in system config
2020-07-16Improve the readability of the port validation. Also fixes T2708.Daniil Baturin
2020-07-15xml: T2588: defaults should return gracefully on key errorJohn Estabrook
2020-07-16Merge pull request #497 from zdc/T2695Daniil Baturin
flow-accounting: T2695: Fixed crash on viewing flows with incomplete data
2020-07-15flow-accounting: T2695: Fixed crash on viewing flows with incomplete datazsdc
If flow records contain entries with skipped details, this does not allow preparing it for the output table. This fix use safe .get() function to return empty values instead crashing. Also, added several small formatting fixes.
2020-07-15Merge branch 'curlrc' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'curlrc' of github.com:c-po/vyos-1x: http-client: T2651: support specifying source-interface/address for curl xml: T2651: provide general source-interface include file
2020-07-15http-client: T2651: support specifying source-interface/address for curlChristian Poessinger
Please note that either interface or address can be configured. system { options { http-client { source-interface eth0 source-address 1.1.1.1 } } }
2020-07-15xml: T2651: provide general source-interface include fileChristian Poessinger
2020-07-14Merge pull request #494 from jack9603301/currentChristian Poessinger
dns: T2675: fix recursor.vyos-hostsd.conf.lua
2020-07-13dns: T2675: fix recursor.vyos-hostsd.conf.luaJACK
When users use the standard fully qualified domain name writing method, there will be an extra point after the actual domain name. In order to ensure that the standard writing method is supported, it should not be mandatory to add this point in Lua script
2020-07-12snmp: T2687: replace 3rd party hash library with custom codeChristian Poessinger
The 3rd party library used for calculating the SNMP hashes in advance only worked for SHA and nod for MD5 as SHA was hardcoded [1]. The code has been replaced by a class-less implementation providing only the required functionality. [1]: https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues/2
2020-07-12vyos.snmpv3_hashgen: add license textChristian Poessinger
2020-07-12nat: T2699: fix exclusion rules for noNAT destinationsChristian Poessinger
2020-07-12nat: T2699: rename interface includeChristian Poessinger
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-11snmp: T2687: enforce beginning and end of string match for regexChristian Poessinger
Match the full input string in regex validation. Previosly "sha123456" was allowed by the validator but we only support "sha".