| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
This commit also extends the smoketest to verify that the exception for this
error is raised.
|
|
https: T2230: only support TLS1.2 and TLS1.3
|
|
|
|
data = {
'interfaces': {'dummy': {'dum0': {'address': ['192.0.2.17/29']}},
'ethernet': {'eth0': {'address': ['2001:db8::1/64', '192.0.2.1/29'],
'description': 'Test123',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:01',
'speed': 'auto'},
'eth1': {'address': ['192.0.2.9/29'],
'description': 'Test456',
'duplex': 'auto',
'hw_id': '00:00:00:00:00:02',
'speed': 'auto'}}}
}
dict_search_recursive(data, 'hw_id') will yield both '00:00:00:00:00:01' and
'00:00:00:00:00:02' as generator object.
|
|
implementations
|
|
|
|
|
|
message
|
|
T3804 changed how DHCP servers from DHCP interfaces are read in and passed to
the system. The config migrator is tested with this addition.
|
|
We have "set system name-server <ipv4|ipv6>" to specify a name-server IP
address we wan't to use. We also have "set system name-servers-dhcp <interface>"
which does the same, but the name-server in question is retrieved via DHCP.
Both CLI nodes are combined under "set system name-server <ipv4|ipv6|interface>"
to keep things as they are in real life - we need a name-server.
(cherry picked from commit 2ecf7a9f9cbe9359457bd23b4a0c45f3763123c7)
|
|
VyOS 1.3 equuleus now uses version 21 so we have to bump this by one.
|
|
T3803: add source-address option to the op mode ping CLI.
|
|
|
|
Commit 27e53fbc ("op-mode: T3619: bugfix "show interfaces" for VLANs") fixed
the op-mode command for the "show interfaces" operation, but if a user was
interested in all the ethernet or bridge interfaces, the command "show
interfaces <type> detail" did not yield any output.
The filtered_interfaces() function was further generalized to only operate on
base components and call itself recusively if required.
|
|
Commit 31169fa8a7 ("vyos.ifconfig: T3619: only set offloading options if
supported by NIC") always instantiated an object of the Ethtool class for an
ethernet object - this is right as a real ethernet interface is managed by
Ethtool.
Unfortunately the script used for "show interface" determindes the "base class"
for an interface by its name, so eth0 -> Ethernet, eth0.10 -> Ethernet. This
assumption is incorrect as a VLAN interface can not have the physical parameters
changed of its underlaying interface. This can only be done for eth0.
There is no need for the op-mode script to determine the implementation class
for an interface at this level, as we are only interested in the state of the
interface and it's IP addresses - which is a common operation valid for every
interface on VyOS.
|
|
|
|
Commit 5f1c1ae4 ("bgp: T3798: add support for neighbor local-as <n> replace-as")
added support for a new CLI option when the local-as is changed for a specified
neighbor or peer-group.
There was an error in the CLI / design as the "replace-as" option can only be
used when "no-prepend" is defined. Thus "no-prepend" became a <node> and
the new "replace-as" leafNode is now a child of "no-prepend".
|
|
login: T971 allow quoting in public-keys options
|
|
This patch allows the use of `"` in ssh public-key options which
unlocks the ability to set the `from` option in a way that sshd will
accept to limit what hosts a user can connect from.
|
|
|
|
rename t0 to drift
add subnemu for 2fa to make it more readable
|
|
|
|
|
|
|
|
|
|
tunnel: T3788: Add check keys for ipip and sit
|
|
Keys are not allowed with ipip and sit tunnels
|
|
|
|
While migrating to get_config_dict() in commit e8a1c291b1 ("login: radius:
T3192: migrate to get_config_dict()") the user-name was not excluded
from mangling (no_tag_node_value_mangle=True).
This resulted in a username "vyos-user" from CLI to be actually created as
"vyos_user" on the system.
This commit also adds respective Smoketests to prevent this in the future.
|
|
The workaround is no longer required, as the issue was resolved in
get_config_dict() so if it is a <multi/> node, a list is always returned.
|
|
Commit 9f20bee81c ("T1376: improve show_dhcp and show_dhcpv6") added the tab
completion helper to list the availbale IP pools to query. This was done by
calling a python script which then called cli-shell-api which resulted in a
penalty by the Python interpreter startup.
This can be solved by directly using the cli-shell-api wrapper available
as <path> in op-mode - as also seen for DHCPv6.
|
|
(cherry picked from commit 23388fe193f04ab05f270098123cbb3e5f0b9f75)
|
|
|
|
|
|
tunnel: T2920: Add checks tun with same source addr and keys
|
|
|
|
|
|
|
|
2 tunnels with the same local-address should has different keys
Check existing tunnels (source-address key) with new tunnel.
|
|
Commit 29082959 ("ethernet: T3163: only change ring-buffer settings if
required") added a delta-check code for the ring buffer values, unfortunately
this was never properly evaluated as str() and int() got compared resulting
always in an unequal result.
|
|
It makes no sense to have a parser for the ethtool values in ethtool.py
and ethernet.py - one instance ios more then enough!
|
|
|
|
Only update the RX/TX ring-buffer settings if they are different from the ones
currently programmed to the hardware. There is no need to write the same value
to the hardware again - this could cause traffic disruption on some NICs.
|
|
It makes no sense to have a parser for the ethtool value sin ethtool.py
and ethernet.py - one instance ios more then enough!
|
|
Not all interface drivers have the ability to change the speed and duplex
settings. Known drivers with this limitation are vmxnet3, virtio_net and
xen_netfront. If this driver is detected, an error will be presented to the
user.
|
|
This makes understanding the code easier what is "really" called without
opening the man page.
|
|
SSH keys used for remote login are supplied as base64 encoded data on the CLI.
The key is not validated, thus an invalid copy/pasted key will render the login
useless. This commit adds a custom and re-usable validator which check if the
data is properly base64 encoded.
|
