Age | Commit message (Collapse) | Author |
|
Since it's relatively rarely used, Python's startup time should't
be much of a problem.
|
|
xml: T2582: use xml for is_tag and is_leaf
|
|
|
|
T2707: allow alternative initialization data for config
config: T2707: use ConfigSource and refactor Config methods
load-config: subclass ConfigSourceSession instead of Config
http-api: remove unneeded check for VyOSError
config: T2707: add ConfigSource classes for alternative init data
|
|
|
|
|
|
The only calls to config (return_value, return_values, exists) do not
throw VyOSError; remove unneeded except.
|
|
|
|
T2725: Fix config parse for users without passwords
|
|
Fix for https://phabricator.vyos.net/T2725
T2492 / a07e22377ab83104ac925e13d1824f241f0f8d4a
introduced a change which broke the initialization of
the user dict. In case the config contained an user
without an encrypted-password set, the property would
be missing and the commit would crash with
`KeyError: 'password_encrypted'`
|
|
interfaces: T2658: Fix description length
|
|
|
|
ntp: T2718: Change template for correct server names
|
|
|
|
dhcp-server: T2717: Fix DHCP pool size in statistics
|
|
The calculated size of DHCP server address pools was not corrent. The
fact that both boundaries of address ranges are inclusive wasn't
accounted for, so the calculated size was too small by 1 address
per range.
|
|
nat: T2709: remove 'translation address' mandatory check
|
|
interface: T2519: add broadcast address when adding IPv4 addresses
|
|
Rules without a translation address are also valid, they'll modify just
the port and leave the address intact.
This also used to be a valid syntax and it caused an error on upgrade.
|
|
This adds the last IP of the subnet being added as the broadcast address.
Example: adding 192.0.2.1/24 would yield:
inet 192.0.2.1/24 brd 192.0.2.255 scope global dum0
Without this the broadcast address would be missing.
Addidionally join two is_ipv4 calls into one.
|
|
Improve readability of the port validation. Also fixes T2708.
|
|
Add additional verify() stage to check that the relaying interface actually
exists on the system.
|
|
Commit 3435b251 ("monitor: ndp: T2706: remove ability to send commands") flipped
the filename and placed the tree in front of the subtree. Unfurtunately I mixed
up NTP and NDP. This has been corrected.
|
|
configdiff: T2689: add configdiff class
|
|
The configdiff class provides:
(1) An abstract representation of VyOS config state, for use in
configuration mode scripts.
(2) Methods to query the differences between the effective and session
config.
|
|
The "monitor" operational mode tree is for listening in on logfiles, chatter
on the wire or other things - it subscribes to the system. Hence it should under
no circumstances - ever - generate data. Sending our those requests, same as
e.g. calling ndisc6 should be placed under a different node.
Which one? I yet have no idea.
|
|
interface
Changes are made in the interface.py script in order to bring the admin state to 'UP' after the mac is manually added in system config.The script is marking the interface from up to down state(as the MAC address can only be changed if interface is in 'down' state) but it is not bringing it up after the change
|
|
|
|
|
|
ndptool: T2706: Support NDP protocol monitoring
|
|
It supports NDP protocol monitoring.
The submission supports the following features:
- Support the monitoring of specified port or all ports
- Supports monitoring of specific message types
- Support sending specific NDP message
|
|
This is a minor modification of the implementation by Thomas Mangin.
|
|
pseudo-ethernet: T2626: Fix for changing interface mode
|
|
Since it is not impossible to change MACVLAN interface mode on the fly, this fix adds a new one trigger to recreate it from scratch if the mode changed in system config
|
|
|
|
|
|
flow-accounting: T2695: Fixed crash on viewing flows with incomplete data
|
|
If flow records contain entries with skipped details, this does not allow preparing it for the output table. This fix use safe .get() function to return empty values instead crashing.
Also, added several small formatting fixes.
|
|
* 'curlrc' of github.com:c-po/vyos-1x:
http-client: T2651: support specifying source-interface/address for curl
xml: T2651: provide general source-interface include file
|
|
Please note that either interface or address can be configured.
system {
options {
http-client {
source-interface eth0
source-address 1.1.1.1
}
}
}
|
|
|
|
dns: T2675: fix recursor.vyos-hostsd.conf.lua
|
|
When users use the standard fully qualified domain name writing method,
there will be an extra point after the actual domain name.
In order to ensure that the standard writing method is supported,
it should not be mandatory to add this point in Lua script
|
|
The 3rd party library used for calculating the SNMP hashes in advance only
worked for SHA and nod for MD5 as SHA was hardcoded [1]. The code has been
replaced by a class-less implementation providing only the required
functionality.
[1]: https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues/2
|
|
|
|
|
|
|
|
As of now when adding new credentials for any SNMPv3 user we submit the
credential either plaintext or encrypted. A plaintext credential will be hashed
by SNMPd in the background and then passed back into the CLI so it's not stored
in cleartext. This feels like the wrong way in changing the CLI content with
data produced by a 3rd party daemon which implements the service.
It feels like the tail wiggles the entire dog.
This should be changed in the following way:
- After retrieving the plaintext password from CLI, use Python to hash the key
in advance
- Re-populate the encrypted key into the CLI and drop the plaintext one
- Generate service configuration and continue startup of SNMPd
This also fixes a race condition when SNMPd started up but not properly
provided the hasehd keys in the configuration resulting in a ConfigurationError.
Now as we also support binding SNMPd to a VRF this fixes a deadlock situation
on bootup as we can only bind late to the VRF and require up to 5 restarts of
the service - but the service will never start.
|
|
Match the full input string in regex validation. Previosly "sha123456" was
allowed by the validator but we only support "sha".
|
|
|