summaryrefslogtreecommitdiff
path: root/interface-definitions/snmp.xml.in
AgeCommit message (Collapse)Author
2023-11-07T5702: SNMP add interface-mib max-interfaces-number and prefixViacheslav Hletenko
- Allow to configure only required interface prefixes set service snmp mib interface 'eth' set service snmp mib interface 'bond' include_ifmib_iface_prefix eth bond Sets the interface name prefixes to include in the IF-MIB data collection. For servers with a large number of interfaces (ppp, dummy, bridge, etc) the IF-MIB processing will take a large chunk of CPU for ioctl calls. A set of space separated interface name prefixes will reduce the CPU load for IF-MIB processing. For example, configuring "include_ifmib_iface_prefix eth dummy lo" will include only interfaces with these prefixes and ignore all others for IF-MIB processing. - Allow to configure maximum interface number set service snmp mib interface-max '100' ifmib_max_num_ifaces NUM Sets the maximum number of interfaces included in IF-MIB data collection. For servers with a large number of interfaces (ppp, dummy, bridge, etc) the IF-MIB processing will take a large chunk of CPU for ioctl calls (on Linux). Setting a reasonable maximum for the CPU used will reduce the CPU load for IF-MIB processing. For example, configuring "ifmib_max_num_ifaces 500" will include only the first 500 interfaces based on ifindex and ignore all others for IF-MIB processing. (cherry picked from commit 30a05ee1d447c6f92627162a506225f833a80f8c)
2023-05-16T5226: Combine ipv4-address and ipv6-address validatorsIndrajit Raychaudhuri
Use a single ip-address validator to combine and replace ipv4-address and ipv6-address validators.
2023-05-08syslog: T2778: migrate to get_config_dict()Christian Breunig
2023-04-02xml: re-use generic-description.xml.i building block whenever possibleChristian Breunig
Remove redundant XML CLI node definitions for the common description node by referencing the common building block.
2023-02-10snmp: T4857: explicitly define default community networks 0.0.0.0/0 and ::/0Christian Breunig
After the RESTRICTED view was introduced snmpd requires a network to be specified. Before adding the RESTRICTED view snmpd always assumed the default network 0.0.0.0/0. This commit re-adds the build in default networks for IPv4 and IPv6 and exposes it as a proper default to the CLI so the user is informed about it: vyos@vyos# set service snmp community foooo Possible completions: authorization Authorization type (default: ro) + client IP address of SNMP client allowed to contact system + network Subnet of SNMP client(s) allowed to contact system (default: 0.0.0.0/0, ::/0)
2023-01-18T4857: change description in cli, and change word oid to uppercase OIDs in ↵Nicolas Fort
warning message
2023-01-18T4857: Cleaning prNicolas Fort
2022-10-30snmp: T4785: allow @, * and # in SNMP community nameChristian Poessinger
2022-10-29snmp: T4785: allow ! in community nameChristian Poessinger
2022-04-29xml: T4047: use full string match in the regex validatorChristian Poessinger
2022-02-24scripts: T4269: node.def generator should automatically add default valuesChristian Poessinger
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help.
2021-12-30snmp: T4124: migrate to get_config_dict()Christian Poessinger
2021-10-25snmp: T2763: Add protocol TCP for service snmpViacheslav
2021-08-20xml: remove superfluous "interface" prefix from interface includesChristian Poessinger
2021-08-10snmp: T3709: Allow enable oid ipCidrRouteTableViacheslav
2021-03-14xml: T1579: re-arrange xml interface include building blocksChristian Poessinger
As the amount of include files now has reached a certain amount, it is getting more and more crowsded, thuse introducing "per topic" subdirectories on the filesystem to keep a clean structure makes sense.
2021-01-13ssh: T3212: do not make /run/sshd directory disappear on failureChristian Poessinger
2020-12-28xml: completion-help: add helper for all local assigned IP addressesChristian Poessinger
This replaces the Python script by a bash variant which is much faster as the Python interpreter does not need to be launched on invocation.
2020-12-12xml: use "u32:" keyword when identifying port rangesChristian Poessinger
This will render the completion help more nicely.
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-11snmp: T2687: enforce beginning and end of string match for regexChristian Poessinger
Match the full input string in regex validation. Previosly "sha123456" was allowed by the validator but we only support "sha".
2020-06-13snmp: T2321: add VRF supportChristian Poessinger
2020-01-16snmpd: T1964: SNMP Script-extensions allows names with spaces,hagbard
but commit fails
2020-01-09service-snmp: T1955: snmp - cli config val_help missinghagbard
* set for trap-(source|target)
2019-12-26xml: remove leading carrot (^) from regex syntaxChristian Poessinger
... as the carrot is applied automatically when reading in the XML definition. Auto replaced by: $ find interface-definitions -type f | xargs sed -i 's/regex>^/regex>/'
2019-12-06T1843: run interface-definitions though GCC preprocessorChristian Poessinger
A lot of XML code is duplicated (VLAN, interface address) for instance. Such XML definitions should be moved to feature.xml.i files and then just pulled in via GCC preprocessor #include definition in e.g. bond or ethernet definitions. This will give us the ability to single-source repeating node definitions as: * Interface Address * Interface Description * Interface Disable * VLAN (both vif-s and vif-c) The .in suffix of the interface-definitions is a marker that those files are input files to the GCC preprocessor. They will be rendered into proper XML files in the build directory. Some node definitions have been reworder to remove escaped double quote occurances which would have been warned about by the GCC preprocessor.