vyos-1x.git - VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)

Age	Commit message (Collapse)	Author
2020-07-11	snmp: T2687: precalculate snmpv3 encrypted keys	Christian Poessinger
	As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-11	snmp: T2687: enforce beginning and end of string match for regex	Christian Poessinger
	Match the full input string in regex validation. Previosly "sha123456" was allowed by the validator but we only support "sha".
2020-06-13	snmp: T2321: add VRF support	Christian Poessinger

2020-01-16	snmpd: T1964: SNMP Script-extensions allows names with spaces,	hagbard
	but commit fails
2020-01-09	service-snmp: T1955: snmp - cli config val_help missing	hagbard
	* set for trap-(source\|target)
2019-12-26	xml: remove leading carrot (^) from regex syntax	Christian Poessinger
	... as the carrot is applied automatically when reading in the XML definition. Auto replaced by: $ find interface-definitions -type f \| xargs sed -i 's/regex>^/regex>/'
2019-12-06	T1843: run interface-definitions though GCC preprocessor	Christian Poessinger
	A lot of XML code is duplicated (VLAN, interface address) for instance. Such XML definitions should be moved to feature.xml.i files and then just pulled in via GCC preprocessor #include definition in e.g. bond or ethernet definitions. This will give us the ability to single-source repeating node definitions as: * Interface Address * Interface Description * Interface Disable * VLAN (both vif-s and vif-c) The .in suffix of the interface-definitions is a marker that those files are input files to the GCC preprocessor. They will be rendered into proper XML files in the build directory. Some node definitions have been reworder to remove escaped double quote occurances which would have been warned about by the GCC preprocessor.