summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)Author
2024-07-20interfaces: T6592: moving an interface between VRF instances failedChristian Breunig
To reproduce: set vrf name mgmt table '150' set vrf name no-mgmt table '151' set interfaces ethernet eth2 vrf 'mgmt' commit set interfaces ethernet eth2 vrf no-mgmt commit This resulted in an error while interacting with nftables: [Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 } The reason is that the old mapping entry still exists and was not removed. This commit adds a new utility function get_vrf_tableid() and compares the current and new VRF table IDs assigned to an interface. If the IDs do not match, the nftables ct_iface_map entry is removed before the new entry is added. (cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d) # Conflicts: # python/vyos/ifconfig/interface.py # python/vyos/utils/network.py
2024-07-17configdep: T6559: use single dependency list with reset under configdJohn Estabrook
(cherry picked from commit 52d08b1ec5b2943744daac7123e35fd415f85db2)
2024-07-17configdep: T6559: drop global redundancy removal to fix error reportingJohn Estabrook
(cherry picked from commit 7249d10f1fbb3f90a4bdbcd0223926d0380ddd3a)
2024-06-26interfaces: T6519: harden config migration if ethernet interface is missingChristian Breunig
During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator (cherry picked from commit e47d4fd385631236da6882233b09f6364cbb077b)
2024-06-22Merge pull request #3686 from vyos/mergify/bp/sagitta/pr-3685Daniil Baturin
macsec: T5447: fix error message syntax - there is no tx and rx key, only key (backport #3685)
2024-06-21op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot (cherry picked from commit 8281383a09f12da20a1c9b4864b38ac3f541b48f)
2024-06-19macsec: T5447: fix error message syntax - there is no tx and rx key, only keyChristian Breunig
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu (cherry picked from commit e318eb33446de47835480d4b8f1646b39fb5c388)
2024-06-10op-mode: T6424: ipsec: honor certificate CN and CA chain during profile ↵Christian Breunig
generation In e6fe6e50a5c ("op-mode: ipsec: T6407: fix profile generation") we fixed support for multiple CAs when dealing with the generation of Apple IOS profiles. This commit extends support to properly include the common name of the server certificate issuer and all it's paren't CAs. A list of parent CAs is automatically generated from the "PKI" subsystem content and embedded into the resulting profile. (cherry picked from commit d65f43589612c30dfaa5ce30aca5b8b48bf73211)
2024-06-09Merge pull request #3604 from vyos/mergify/bp/sagitta/pr-3592Christian Breunig
grub: T6453: Fixed GRUB variables parsing (backport #3592)
2024-06-09grub: T6453: Fixed GRUB variables parsingzsdc
To parse variables with `=` a variable name should be limited by alphanumerical characters only. (cherry picked from commit d3acecdf129cd940f8b2d1b229a6e2a343cab74b)
2024-06-09vxlan: T6401: Avoid calling get_vxlan_vni_filter() unless we need itAndrew Topp
`bridge vni show dev vxlanX` will exit with an error if no VNI filters are installed, but the getter is used even when we haven't installed any. This fix avoids fetching a list of VNI filters unless we know we've created some. (cherry picked from commit ac7ee2b36df23c3a4dd2be393132631556b6ef40)
2024-05-30vyos.ifconfig: T6421: verify /etc/hostname exists before readingChristian Breunig
Inspired-By: Brandon Zhi <Huiyuze_Zhi@protonmail.com> (cherry picked from commit cf07a55d183be1f4d28b8b50a0784513d91d6fe2)
2024-05-22vyos.utils.io: T6385: handle keyboard interrupts in ask_yes_noDaniil Baturin
and return False if the user interrupts the prompt with Ctrl-C (cherry picked from commit 5a5dda14fd3d472680568f1792e9fbdb030f3995)
2024-05-22rollback-soft: T6384: tell the user to compare or commitDaniil Baturin
after applying the diff (cherry picked from commit 7bba95c8052af5b0cc5908cb9e740caa01b44161)
2024-05-22Merge pull request #3495 from vyos/mergify/bp/sagitta/pr-3493Christian Breunig
T6375: Fix/Update NAT logging (backport #3493)
2024-05-21T6373: QoS Policy Limiter - classes for marked traffic do not workkhramshinr
(cherry picked from commit e50b7afc9d5b727d04933116ccf364a2b9a48c30)
2024-05-21T6375: Fix/Update NAT loggingl0crian1
Fixed broken logging for "show log nat" Added the following commands: show log nat source show log nat source rule <ruleNum> show log nat destination nat show log nat destination nat rule <ruleNum> show log nat static show log nat static rule <ruleNum> (cherry picked from commit 5cb9b84bd9ce909460d8da7f039d9371143ede6c)
2024-05-18T6354: do an explicit read from version file to avoid circular referenceJohn Estabrook
(cherry picked from commit e0105ef380f1575613982f3b43c8ea3856654208)
2024-05-17T6354: Get rid of the custom boot type check in version.pykhramshinr
(cherry picked from commit 783edc98f82f8718ccc856976d9a8f59bc6822e9)
2024-05-16op mode: T3355: remove the mention of legacy non-image installationsDaniil Baturin
They were never supported by VyOS, that was just for very old systens upgraded from Vyatta Core (cherry picked from commit d8223d50ab627d2b58e14101891bf8ffb8111234)
2024-05-11image-tools: T6327: prune, instead of ignore, menu entries with ttyUSBJohn Estabrook
(cherry picked from commit ecee10d0512daff3034499d1163463d1390e35d4)
2024-05-10image-tools: T6327: drop boot console type ttyUSBJohn Estabrook
(cherry picked from commit 32658e981babffb5b7149534bd50a64d11f7c74f)
2024-05-10bond: T6303: must reset system-mac to 00:00:00:00:00:00 on deletionChristian Breunig
(cherry picked from commit 314901e7b45782fb6266b35b0e788ab7ea1404b8)
2024-05-10bond: T6303: system-mac is not allowed to be a multicast MAC addressChristian Breunig
(cherry picked from commit d8ddd7191d3004e886fa45a2cf9bd8dd5e7f5e14)
2024-05-10bond: T6303: add system mac address on bondfett0
(cherry picked from commit 234f35d8bae71b5d33ad97cdabc236ec6b13c3a2)
2024-05-08vyos.system.grub: T3664: add chroot argument to the GRUB install functionDaniil Baturin
to faciliate running it outside of a VyOS installation (cherry picked from commit 90507681cfb39c5570f0afbf1542bd49feb5c0ab)
2024-05-06vyos.template: T3664: add a module-level variable for template directoryDaniil Baturin
to enable calling scripts outside of live VyOS systems
2024-05-03config-sync: T6185: combine data for sections/configs in one commandJohn Estabrook
Package path/section data in single command containing a tree (dict) of section paths and the accompanying config data. This drops the call to get_config_dict and the need for a list of commands in request. (cherry picked from commit 30a530839cdbd934ea62369e385dc33fa50ab6de)
2024-05-03configtree: T6180: add masking function mask_inclusiveJohn Estabrook
(cherry picked from commit b2248b68afac795ad391b7203117d6d40a7ba6ed)
2024-05-03xml: T6146: add utils and helper to provide priority dataJohn Estabrook
(cherry picked from commit e915900bfec8d24276afb73599c94ab93f3c24ee)
2024-05-02netns: T6295: disable incomplete support in VyOS 1.4 sagittaChristian Breunig
The netns support currently available on the VyOS CLI is only a proof-of-technology, we have no real support for any service behind it. In order to not confuse anyone on the LTS branch we decided to remove the netns option for interfaces until there is a proper usecase and implementation available.
2024-05-02Merge pull request #3394 from vyos/mergify/bp/sagitta/pr-3367Christian Breunig
T6269: policy: ensure correct rule parsing when using, and when not using <set table> option in policy route. (backport #3367)
2024-05-02qos: T6225: Fix qos random-detect policykhramshinr
Fix default values for random-detect Remove dsmakr qdisc from gred cofig because dsmark was deleted from kernel (cherry picked from commit 0b54c1bc411a21833ec573031cf5ad98fe709a2f)
2024-05-02T6269: policy: ensure correct rule parsing when using, and when not using ↵Nicolas Fort
<set table> option in policy route. (cherry picked from commit d518386d74ab09c7e75fdbf7f67e14839180f24b)
2024-04-28configdep: T5660: remove global redundancies under vyos-configdJohn Estabrook
(cherry picked from commit 70e1df1b5fcb3b1791cca320ed45b71e01e1ffda)
2024-04-28configdep: T5839: remove trivially redundant config dependency callsJohn Estabrook
(cherry picked from commit 5c173c5935eab3a8bd0f169759617c4296a92df7)
2024-04-28configdep: T5836: add boolean check whether script called as dependencyJohn Estabrook
(cherry picked from commit 80077eee89e4f0aa3af5dca1a4b2b5e1665bda6f)
2024-04-26Merge pull request #3365 from vyos/mergify/bp/sagitta/pr-3316Christian Breunig
qos: T4248: Allow to remove the only rule from the qos class (backport #3316)
2024-04-25qos: T4248: Allow to remove the only rule from the qos classkhramshinr
(cherry picked from commit da40bd2b2a826986de128354ea1bfc041ada0016)
2024-04-25T6258: Add sysctl base-reachable-time for IPv6Viacheslav Hletenko
Add abiilty to change `base_reachable_time_ms` option /proc/sys/net/ipv6/neigh/{ifname}/base_reachable_time_ms (cherry picked from commit 0bf4b570fe2d239b9fbabd3ae801ad3f04a06bde)
2024-04-22vyos.utils: T6244: add support for year timebase in seconds_to_human()Christian Breunig
We only supported calculating seconds to weeks but not seconds to years. This has been added. Testcase: from vyos.utils.convert import seconds_to_human minute = 60 hour = minute * 60 day = hour * 24 week = day * 7 year = day * 365.25 for separator in ['', ' ', '-', '/']: print(f'----- Using separator "{separator}" -----') print(seconds_to_human(10, separator)) print(seconds_to_human(5* minute, separator)) print(seconds_to_human(3* hour, separator)) print(seconds_to_human(4* day, separator)) print(seconds_to_human(7 * week, separator)) print(seconds_to_human(10 * year, separator)) print(seconds_to_human(5*year + 4*week + 3*day + 2*hour + minute + 5, separator)) print() cpo@LR1.wue3:~$ ./foo.py ----- Using separator "" ----- 10s 5m 3h 4d 7w 10y 5y4w3d2h1m5s ----- Using separator " " ----- 10s 5m 3h 4d 7w 10y 5y 4w 3d 2h 1m 5s ----- Using separator "-" ----- 10s 5m 3h 4d 7w 10y 5y-4w-3d-2h-1m-5s ----- Using separator "/" ----- 10s 5m 3h 4d 7w 10y 5y/4w/3d/2h/1m/5s (cherry picked from commit 8d8f3137d174a43a259cbe50dd12730805f0200c)
2024-04-22vyos.utils: T6244: use list to build up result stringChristian Breunig
When handling optional separators rather build up a list and join the list with the requested delimiter to form the resulting human readable time string. (cherry picked from commit 6e9cd8821ca028b5bc05c14b0b4e3454036da6da)
2024-04-19T5996: selectively escape and restore single backslashes in configJohn Estabrook
(cherry picked from commit b16c5fbbcb10b90341b97e25bcf51c440427ea42)
2024-04-17Merge pull request #3323 from vyos/mergify/bp/sagitta/pr-3192Daniil Baturin
image-tools: T6168: compat mode update should preserve console type (backport #3192)
2024-04-17T6191: do not append action to firewall and policy route|route6 when its not ↵Nicolas Fort
specified, in order to ensure same behavior as in Equuleus (cherry picked from commit 5ab8f9ac47d9d8d198f5ace0ffc4a0b26af098df)
2024-04-17image-tools: T6168: compat mode update should preserve console typeJohn Estabrook
Add system image in compatibility mode would set the default boot without reference to console_type; fix the translation of default to the correct index in compat grub.cfg. (cherry picked from commit 1cb05f47ec7e2af265fa6795653f27481dacc37f)
2024-04-17image-tools: T6154: installer prompts to confirm a non-default passwdJohn Estabrook
(cherry picked from commit f43edbd7cd36f52a0cd9c475b53f317882f4a6f9)
2024-04-13qos: T6035: QoS policy shaper queue-type random-detect requires limit avpktkhramshinr
Added params for configuration red on the shaper policy (cherry picked from commit 31cd75aec6d035b36537046ae0d034c03009a3fc)
2024-04-11T6222: VRRP show prefix for long rfc3768-compatibility interfacesViacheslav Hletenko
If we use rfc3768-compatibility with long interface names like eth1.100.200 it converts the VRRP interface name name to `<interface>v<VRID><IP version>` For example `eth2.100.200v10v4` The limit for interface name is 15 symbols and it causes that interface name is ignoring by keepalived VMAC interface name 'eth2.100.200v10v4' too long or invalid characters - ignoring And it uses the default prefix `vrrp` for such cases. It works fine, but such interfaces are not displayed in the op-mode Allow prefix `vrrp` for the op-mode for `show interfaces` (cherry picked from commit 29a20ce9f9792e23137be57358ca52ddee7ac54b)