| Age | Commit message (Collapse) | Author |
|---|
|
* This is the `policy local-route*` part of T6430, manipulating ip rules,
another PR covers firewall-backed `policy route*` for similar functionality
* Local PBR (policy local-route*) can only target table IDs up to 200 and
the previous PR to extend the range was rejected
* PBR with this PR can now also target VRFs directly by name, working around
targeting problems for VRF table IDs outside the overlapping 100-200 range
* Validation ensures rules can't target both a table ID and a VRF name
(internally they are handled the same)
* Relocated TestPolicyRoute.verify_rules() into VyOSUnitTestSHIM.TestCase,
extended to allow lookups in other address families (IPv6 in the new tests).
verify_rules() is used by original pbr and new lpbr smoketests in this PR.
|
|
* PBR can only target table IDs up to 200 and the previous PR to extend the
range was rejected
* PBR with this PR can now also target VRFs directly by name, working around
targeting problems for VRF table IDs outside the overlapping 100-200 range
* Validation ensures rules can't target both a table ID and a VRF name
(internally they are handled the same)
* Added a simple accessor (get_vrf_table_id) for runtime mapping a VRF name
to table ID, based on vyos.ifconfig.interface._set_vrf_ct_zone().
It does not replace that usage, as it deliberately does not handle non-VRF
interface lookups (would fail with a KeyError).
* Added route table ID lookup dict, global route table and VRF table defs
to vyos.defaults. Table ID references have been updated in code touched
by this PR.
* Added a simple smoketest to validate 'set vrf' usage in PBR rules
|
|
remove obsolete imports
|
|
One can now do `set policy route foo default-log` which will add log
to the policy route chain.
|
|
<enable|disable> commands; log and state moved to new syntax.
|
|
filter and in policy route.
|
|
should be added at the end of the rule, after all matchers and befora action. Also change 2 lines in policy_route smoketest, which suddenly wasn't working as expected
|
|
forward chain and few matchers. Should be extended in the future.
|
|
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process
* T5195: use read_file and write_file implementation from vyos.utils.file
Changed code automatically using:
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} +
find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} +
* T5195: move chmod* helpers to vyos.utils.permission
* T5195: use colon_separated_to_dict from vyos.utils.dict
* T5195: move is_systemd_service_* to vyos.utils.process
* T5195: fix boot issues with missing imports
* T5195: move dict_search_* helpers to vyos.utils.dict
* T5195: move network helpers to vyos.utils.network
* T5195: move commit_* helpers to vyos.utils.commit
* T5195: move user I/O helpers to vyos.utils.io
|
|
We cannot use some specific names like POSTROUTING/PREROUTING
as for PBR they overlaps with VyOS defined chains
Chains aftoconfigured by VyOS itself:
chain VYOS_PBR_PREROUTING
chain VYOS_PBR_POSTROUTING
If we try to use chain name "POSTROUTING" it generates 2 chains
with the same name "chain VYOS_PBR_POSTROUTING" one is
autoconfigured and the second defined by user
set policy route POSTROUTING rule 100
Add the user-defined (UD) prefix to separate user defined names
That allows to use any user-defined names
|
|
|
|
|
|
|
|
<name> interface <ifname>`
* Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup
* T4605: Rename mangle table to vyos_mangle
|
|
|
|
|
|
firewall and in policy route
|
|
Matching criteria added: ttl/hoplimit and packet-length
|
|
* Refactor nftables clean-up code
* Adds policy route test for using firewall groups
|
|
|
|
* Add support for ECN and CWR flags
|
|
* Migrates all policy route references from `ipv6-route` to `route6`
* Update test config `dialup-router-medium-vpn` to test migration of `ipv6-route` to `route6`
|
|
|
