summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)Author
2024-03-28op-mode: T6175: "renew dhcp interface <name>" does not check for DHCP interfaceChristian Breunig
The current op-mode script simply calls sudo systemctl restart "dhclient@$4.service" with no additional information about a client interface at all. This results in useless dhclient processes root 47812 4.7 0.0 5848 3584 ? Ss 00:30 0:00 /sbin/dhclient -4 -d root 48121 0.0 0.0 4188 3072 ? S 00:30 0:00 \_ /bin/sh /sbin/dhclient-script root 48148 50.0 0.2 18776 11264 ? R 00:30 0:00 \_ python3 - Which also assign client leases to all local interfaces, if we receive one valid DHCPOFFER vyos@vyos:~$ show interfaces Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down Interface IP Address MAC VRF MTU S/L Description ----------- ----------------- ----------------- ------- ----- ----- ------------- eth0 - 00:50:56:bf:c5:6d default 1500 u/u eth0.10 172.16.33.102/24 00:50:56:bf:c5:6d default 1500 u/u eth1 172.16.33.131/24 00:50:56:b3:38:c5 default 1500 u/u 172.16.33.102/24 and 172.16.33.131/24 are stray DHCP addresses. This commit moved the renew command to the DHCP op-mode script to properly validate if the interface we request a renew for, has actually a dhcp address configured. In additional this exposes the renew feature to the API.
2024-03-25T6171: migrate <set service dhcp-server failover> to <set service ↵Nicolas Fort
dhcp-server high-availability>.
2024-03-24Merge pull request #3177 from c-po/eee-T6152Christian Breunig
Revert "ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces"
2024-03-24Revert "ethernet: T5566: disable energy efficient ethernet (EEE) for interfaces"Christian Breunig
This reverts commit ab30509b25d54dac99294b76ba03fd49c3d2c946. As in T6152 there seem to be some NICs that have a non working implementation of reading the EEE registers. Remove this feature in the meantime until there is a less exploding solution hindering boards to boot. Return to Kernel defaults by removing this code path.
2024-03-23Merge pull request #3151 from HollyGurza/T6106Daniil Baturin
bgp: T6106: Valid commit error for route-reflector-client option defi…
2024-03-23vyos.configverify: T6131: verify_interface_exists() checks CLI interfaces, tooChristian Breunig
Extend the way how we determine if interfaces exist in VyOS. In the past we only validated if the interface in question really exists at the OS level. This has some drawbacks as services (like OSPF or OSPFv3) can also handle interfaces dynamically which appear or leaf the OS. This commit not only checks for OS interfaces but also if the interface in question was configured at the CLI level, this is proof enough to pass the check. If it does not exist at the CLI level, we continue searching it it's maybe a Kernel interface - useful for container networks. In addition we can now not only raise() an error but simply show a warning if an interface does not exist.
2024-03-21xml: T6146: add utils and helper to provide priority dataJohn Estabrook
2024-03-21Merge pull request #3157 from c-po/vti-T6085Daniil Baturin
vti: T6085: interface is always down and only enabled by IPSec daemon
2024-03-20bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad
2024-03-20vti: T6085: interface is always down and only enabled by IPSec daemonChristian Breunig
When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected. This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected. This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script. Error was introduced during the Perl -> Python migration and move to the generic vyos.ifconfig abstraction during the 1.4 development cycle.
2024-03-20bgp: T6106: Valid commit error for route-reflector-client option defined in ↵khramshinr
peer-group handle vtysh bgp error
2024-03-19Merge pull request #3131 from HollyGurza/T1871Christian Breunig
qos: T1871: add MTU option when configure limiter traffic-policy
2024-03-19Merge pull request #3035 from jestabro/replace-backslashJohn Estabrook
T5996: selectively escape and restore single backslashes in config
2024-03-18qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test
2024-03-17T6133: append domain-name to commit-archive if definedChristian Breunig
2024-03-13grub: T4548: Fixed configuration files orderzsdc
To iterate files on ext* file systems GRUB reads their inodes one by one, ignoring names. This breaks our configuration logic that relies on proper loading order. This commit adds a helper `sort_inodes()` that needs to be used whenever GRUB configuration files are created. It recreates files, changing their inodes in a way where inodes order matches alphabetical order.
2024-03-09Merge pull request #3106 from sarthurdev/T6102Daniil Baturin
dhcp: T6102: Fix clear DHCP lease op-mode
2024-03-08dhcp: T3316: De-duplicate Kea control socket variablesarthurdev
2024-03-07Merge pull request #1740 from sarthurdev/tpm_luksDaniil Baturin
config: T4919: Add support for encrypted config with TPM
2024-03-07config: T4919: Add support for encrypted config file with TPMsarthurdev
2024-03-06dhcp: T6102: Fix clear DHCP lease op-modesarthurdev
* Add `clear dhcpv6-server lease` * Standardize using vyos.opmode
2024-03-06remote: T6104: fix logic of failure case in MissingHostKeyPolicyJohn Estabrook
2024-03-05T6061: fix rule parsing when connection-status is usedNicolas Fort
2024-03-04Merge pull request #3068 from natali-rs1985/T5646-currentDaniil Baturin
qos: T5646: Skip add filter for qos policy limiter class without match
2024-03-04Merge pull request #3077 from c-po/ethtoolDaniil Baturin
vyos.ethtool: T6083: use JSON input data #2
2024-03-04T6086: NAT: fix nat rules when using source-groups and translation address ↵Nicolas Fort
is a network.
2024-03-03vyos.ethtool: T6083: use JSON input data for ethernet interface flow-control ↵Christian Breunig
settings
2024-03-03vyos.ethtool: T6083: use JSON input data for ethernet driver feature detectionChristian Breunig
Feature detection is used to see if certain offload settings are available on the given NIC.
2024-03-02Merge pull request #3072 from c-po/ethtoolDaniil Baturin
vyos.ethtool: T6083: use JSON input data for ring-buffer methods
2024-03-01vyos.ethtool: T6083: use JSON input data for ring-buffer methodsChristian Breunig
2024-03-01qos: T6081: QoS policy shaper target and interval wrong calcuationsNataliia Solomko
2024-03-01T5646: Skip add filter for qos policy limiter class without matchNataliia Solomko
2024-02-29Merge pull request #2659 from jestabro/remove-trivial-redundanciesJohn Estabrook
configdep: T5839: remove trivially redundant config dependency calls
2024-02-29Merge pull request #3052 from up-n-atom/fix-ethtool-out-of-bounds-accessChristian Breunig
vyos.ethtool: T6070: fix EEE reading the incorrect status line
2024-02-28configdep: T5660: remove global redundancies under vyos-configdJohn Estabrook
2024-02-28configdep: T5839: remove trivially redundant config dependency callsJohn Estabrook
2024-02-27vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is ↵sarthurdev
required
2024-02-26vyos.ethtool: T6070: fix EEE reading the incorrect status lineup-n-atom
EEE enabled status is on the 2nd line of ethtool output and not the 3rd. Subsequently, reading the 3rd line was causing an out-of-bounds access for the bnx2x driver as well.
2024-02-25dhcp-server: T6063: Add `ignore-client-id` to relax client identifier checks ↵sarthurdev
for leases
2024-02-21T5996: selectively escape and restore single backslashes in configJohn Estabrook
2024-02-17image-tools: T6041: fix logic of is_live_boot to allow for PXE bootJohn Estabrook
2024-02-15Merge pull request #3004 from aapostoliuk/T6029-circinusDaniil Baturin
T6029: Rewritten Accel-PPP services to an identical feature set
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code.
2024-02-13Merge pull request #2998 from sarthurdev/T5992Christian Breunig
dhcpv6-server: T5992: Fix op-mode DHCP lease output + updates
2024-02-13Merge pull request #2988 from c-po/pki-rpki-t6034Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem
2024-02-13dhcpv6-server: T5992: Fix op-mode Kea DHCP lease outputsarthurdev
Due to Kea's lease file cleanup, the CSV file content is inconsistent. This commit makes changes to use the Kea control socket to fetch current lease information.
2024-02-13dhcpv6-server: T5993: Add subnet `interface` node, link subnet to locally ↵sarthurdev
connected interfaces Prior dhcpd behaviour implicitly handled requests for locally connected subnets. Kea requires an explicit link between subnets and an interface.
2024-02-11pki: T6034: add OpenSSH key supportChristian Breunig
set pki openssh rpki private key ... set pki openssh rpki public key ... set pki openssh rpki public type 'ssh-rsa'
2024-02-09T6028: Fix QoS policy shaper wrong class_id_max and default_minor_idViacheslav Hletenko
The `class_id_max` is wrong due to `tmp.sort` of Strings If we have class 5 and class 10 we get sorted max value 5, expected 10 ``` >>> tmp = ['5', '10'] >>> tmp.sort() >>> tmp ['10', '5'] >>> >>> hex(5+1) '0x6' >>> >>> hex(10+1) '0xb' >>> ``` This way we get wrong default maximum class value: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default 6 ``` Expect: ``` tc qdisc replace dev eth1 root handle 1: htb r2q 444 default b ``` Fix this converting Strings to Integers and get max value.
2024-02-08Merge pull request #2950 from aapostoliuk/T5960-circinusDaniil Baturin
T5960: Rewritten authentication node in PPTP to a single view