summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)Author
2022-08-18firewall: T4622: Add TCP MSS optionViacheslav Hletenko
Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460'
2022-08-05Merge pull request #1459 from dmbaturin/genop-exnViacheslav Hletenko
T2719: add an exception hierarchy for op mode errors
2022-08-04T2719: add an exception hierarchy for op mode errorsDaniil Baturin
2022-08-04vyos.config.configdict: T4592: only print interface name, not interface dict ↵Christian Poessinger
on error
2022-08-01bridge: T4565: bugfix error message when member interface contains an addressChristian Poessinger
We should not print the entire dictionary - we only need the bridge interface name: Bug: Cannot assign address to interface "eth1" as it is a member of bridge "{'br0': {'allowed_vlan': ['5-50', '101'], 'native_vlan': '101'}}"! Fixed: Cannot assign address to interface "eth1" as it is a member of bridge "br0"!
2022-08-01mtu: T4572: Add DHCP-option MTU to get values from DHCP-serverViacheslav Hletenko
Ability to get MTU from DHCP-server and don't touch it per any interface change if interface 'dhcp-options mtu' is configured
2022-07-30bridge: T4565: is_member() must return the dict of the member interfaceChristian Poessinger
... otherwise functionality like bridge VLANs will loose configuration on membe rinterface update (e.g. description)
2022-07-30bridge: T4579: cleanup interface dict (remove empty keys)Christian Poessinger
2022-07-30bridge: T4579: remove duplicate code path already handled by base classChristian Poessinger
Interface() base class already takes care about VLAN creation/removal of newly added or no longer required interfaces. No need to code this logic again.
2022-07-30Revert "vyos.configdict(): T4228: is_member() must split VLAN interfaces"Christian Poessinger
This reverts commit fdeae251431cb747e8f60d96269b4365b7401807.
2022-07-28vyos.util: T4575: Add new wrapper "rc_cmd"Viacheslav Hletenko
It is useful to have both a return code and output of the command Add a new wrapper "rc_cmd" that returns both % rc_cmd('uname') (0, 'Linux') % rc_cmd('ip link show dev fake') (1, 'Device "fake" does not exist.')
2022-07-24graphql: T4413: add support for a system status queryJohn Estabrook
2022-07-24graphql: T3993: disable introspection unless set in CLIJohn Estabrook
2022-07-20Merge pull request #1351 from dmbaturin/genopJohn Estabrook
T2719: prototype of an op mode command runner based on type hints and introspection
2022-07-20T2719: fix indentation in vyos.opmodeDaniil Baturin
2022-07-20T2719: fix a stray empty key in the CPU data dictDaniil Baturin
2022-07-19T2719: patch for general support for boolean optionsJohn Estabrook
Signed-off-by: Daniil Baturin <daniil@vyos.io>
2022-07-15interfaces: T4525: interfaces can not be member of a bridge/bond and a VRFChristian Poessinger
2022-07-15bond: T4525: fix adding member interface to bond after removing VRFChristian Poessinger
When removing a VRF from an ethernet interface and adding the interface to a bond in the same commit led to an OSError: [Errno 16] Device or resource busy!
2022-07-15vyos.configdict(): T4228: is_member() must return member interface config dictChristian Poessinger
This extends commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real" hardware interface") and returns the config dict of the used member interfaces.
2022-07-15bond: bridge: T4534: error out if member interface is assigned to a VRF instanceChristian Poessinger
It makes no sense to enslave an interface to a bond or a bridge device if it is bound to a given VRF. If VRFs should be used - the encapuslating/master interface should be part of the VRF. Error out if the member interface is part of a VRF.
2022-07-14interface: T4056: Fix unexpected delete tc qdiscDaniilHarun
2022-07-11vyos.configdict(): T4228: is_member() must split VLAN interfacesChristian Poessinger
Commit 39157912 ("vyos.configdict(): T4228: is_member() must use the "real" hardware interface") added a bugfix on calling is_member() to retrieve the real physical information about an interface. It did not include a code path to also split up VLAN interfaces. This has been fixed.
2022-07-10bond: T4522: add ability to specify mii monitor interval via CLIChristian Poessinger
Linux Kernel supports to specify the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The default value is 100. set interfaces bonding bond0 mii-mon-interval <n>
2022-07-10vyos.configdict(): T4228: is_member() must use the "real" hardware interfaceChristian Poessinger
When is_member() is inspecting the bridge/Bond member interfaces it must work with the real interface (e.g. eth1) under the "ethernet" node and not work on the "member interface eth1" CLI tree, that makes no sense at all.
2022-07-10bond: T1557: re-add miimon configuration - lost in translationChristian Poessinger
2022-07-10bond: T4521: ARP monitor interval is not configured despite set via CLIChristian Poessinger
The code path for changing the interval is never executed.
2022-07-09ip: T4517: add option to enable directed broadcast forwardingYuxiang Zhu
Directed broadcast is described in rfc1812#section-5.3.5.2 and rfc2644. By default Linux kernel doesn't forward directed broadcast packets unless both of `/proc/sys/net/ipv4/conf/all/bc_forwarding` and `/proc/sys/net/ipv4/conf/$iface/bc_forwarding` are set to 1.
2022-07-05T2719: add general support for boolean options to generative op modeDaniil Baturin
Since Python as of 3.9 doesn't give us an option to look up argument's default value by its name, this implementation requires that all boolean options must default to false.
2022-07-04firewall: T4299: Add ability to inverse match country codessarthurdev
2022-07-01Merge pull request #1380 from sarthurdev/ovpn-multi-caChristian Poessinger
openvpn: T4485: Accept multiple tls ca-certificate values
2022-07-01vti: T2455: add link-local IPv6 address supportChristian Poessinger
Interface should receive an auto generated link-local IPv6 address as we do with all VyOS interfaces by default.
2022-06-29openvpn: T4485: Update PKI migrator to handle full CA chain migrationsarthurdev
* Also determines and maps to correct CA for migrated CRL
2022-06-29bridge: add option to enable/disable IGMP/MLD snoopingYuxiang Zhu
This PR adds an config option to enable/disable IGMP/MLD snooping. ``` set interfaces bridge brN igmp snooping ```
2022-06-29openvpn: T4485: Accept multiple `tls ca-certificate` valuessarthurdev
2022-06-25interfaces: dhcp: T4482: toggle of "dhcp-options no-default-route" has no effectChristian Poessinger
Error introduced by commit 85d6c8f7c ("vyos.configdict: T4391: enable get_interface_dict() ti be used with ConfigTreeQuery()"). Reason was the still in use relative path on calls to node_changed(), these got replaced with absolute config paths and the new implementation if is_node_changed().
2022-06-25dhcp: pppoe: T4384: bugfix not honoring no-default-route CLI optionChristian Poessinger
Commit a2ab95ff68b ("pppoe: T4384: replace default-route CLI option with common CLI nodes already present for DHCP") had an issue as the PPPoE interface options and also DHCP interface options did not honor the no-default-route option. This has been fixed.
2022-06-20T2719: use _is_show for detecting show functionsDaniil Baturin
2022-06-16vyos.ifconfig: T4384: fix file permission (664) on interface.pyChristian Poessinger
2022-06-16T2719: make re functions usage in vyos.opmode more consistentDaniil Baturin
2022-06-15T2719: correctly handle the raw argument for all show_* commandsDaniil Baturin
2022-06-15T2719: handle the case when script subcommand is not givenDaniil Baturin
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-10Merge pull request #1356 from sarthurdev/nested_groupsChristian Poessinger
firewall: T478: Add support for nesting groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-06-10Firewall:T4458: Add ttl match option in firewallNicolas Fort
2022-06-10Merge pull request #1322 from nicolas-fort/T3907-fwall-logDaniil Baturin
Firewall: T3907: add log-level options in firewall
2022-06-09Merge pull request #1327 from sever-sever/T970Christian Poessinger
firewall: T970: Add firewall group domain-group