Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-04-14 | macsec: T4353: fix Jinja2 linting errors | Christian Poessinger | |
2022-04-07 | qos: T4284: support mirror and redirect on all interface types | Christian Poessinger | |
2022-03-21 | qos: T4284: initial XML interface definitions for rewrite | Christian Poessinger | |
2021-02-28 | vyos.ifconfig: T1579: remove calls to vyos.ifconfig.Interface.get_config() | Christian Poessinger | |
Interface.get_config() was always a pure helper which exposed a "per interface type" dictionary which was then fed by the caller to create interfaces by iproute2 which required additional options during creation time. Such interfaces had been: * tunnel * vxlan * geneve * macsec * wifi * macvlan / pseudo-ethernet The code was always duplicated to convert from the VyOS CLI based get_config_dict() to a dict which can be used to feed iproute2. This path has been removed and we now always feed in the entire dictionary retrieved by get_config_dict() or in the interfaces case, it's high-level wrapper get_interface_dict() to the interface we wan't to create. This also adds the - personally long awaited - possibility to get rid of the derived tunnel classes for e.g. GRE, IPIP, IPIP6 and so on. | |||
2021-01-21 | xml: T3239: override default mtu values and remove workarounds | John Estabrook | |
2020-10-01 | macsec: T2023: use proper config path for source-interface on removal | Christian Poessinger | |
The config path is altered in get_interface_dict() to the base of the interface in question, e.g. 'interfaces macsec macsec1' - this must be reflected when calling othe methods of Config(). | |||
2020-09-30 | macsec: T2023: only remove interface when it exists | Christian Poessinger | |
If for whatever reason the macsec interface dropped out of the Kernel - only call .remove() when it still exists to avoid any exceptions at all. | |||
2020-09-26 | macsec: vxlan: T2653: bugfix in verify() on lower interface MTU size | Christian Poessinger | |
Introduced in commit 818a75c024e ("ifconfig: T2653: get_mtu() should return int() for easier comparison") where the variable used in the formatted string has not been adjusted. | |||
2020-09-26 | ifconfig: mtu: disallow MTU < 1280 bytes when IPv6 is enabled on the interface | Christian Poessinger | |
Using an MTU less then the required 1280 bytes (as per RFC) on an interface where IPv6 is not explicitly disabled by: - set interfaces ethernet eth1 ipv6 address no-default-link-local - not having any other IPv6 address configured Will now trigger a commit error via verify() instead of raising FileNotFoundError! | |||
2020-09-25 | ifconfig: T2653: get_mtu() should return int() for easier comparison | Christian Poessinger | |
2020-09-22 | ifconfig: T2653: move is_member() from vyos.vylidate to vyos.configdict | Christian Poessinger | |
2020-09-21 | macsec: T2788: source-interface must not be member of a bridge | Christian Poessinger | |
Add verify() step to ensure the macsec source-interface is not already part of a bridge interface. This should probably also be checked for bond interfaces. | |||
2020-09-20 | macsec: T2023: add missing mtu CLI option | Christian Poessinger | |
Base MTU for MACsec is 1468 bytes (encryption headers), but we leave room for 802.1ad and 802.1q VLAN tags, thus the limit is lowered to 1460 bytes to not make the user juggle with the MTU bytes if he enables VLAN support later on, which is yet to come. | |||
2020-09-20 | ifconfig: T2653: remove duplicates of get_config() | Christian Poessinger | |
A lot of derived classes from Interface implemented their own get_config() method which more or less was the same everywhere. We also hat different qualifiers like @staticmethod or @classmethod. This is now changed to only have the @classmethod in Interface base class which will return the necessary dictionary keys for the required interfaces. This change is a mid reduction in lines of code which is always a very nice thing! | |||
2020-08-31 | configd: T2582: add scripts to include list for daemon | John Estabrook | |
2020-07-25 | ifconfig: T2653: make ifname an optional argument to get_interface_dict() | Christian Poessinger | |
Further reduce the boiler-plate code to determine interface tag node or not. It can be passed into get_interface_dict() if explicitly required - else it is taken from the environment. | |||
2020-07-25 | interfaces: ifconfig: T2653: migrate to get_interface_dict() API | Christian Poessinger | |
After switching from raw parsing of the interface options to get_config_dict() this utilizes another utility function which wraps get_config_dict() and adds other common and reused parameters (like deleted or bridge member). Overall this drops redundant code (again) and makes the rest more maintainable as we only utilize a single function. | |||
2020-07-01 | Merge pull request #486 from jestabro/sub_dict | Christian Poessinger | |
2020-07-01 | config: T2667: adapt for refinements to get_config_dict | John Estabrook | |
2020-07-01 | ifconfig: T2653: use better names for vyos.configverify functions | Christian Poessinger | |
2020-06-27 | xml: T2656: do not flatten dict by default | Christian Poessinger | |
2020-06-27 | ifconfig: T2653: macsec switch to default dictionary | Christian Poessinger | |
2020-06-27 | ifconfig: T2653: move macsec interface to get_config_dict() | Christian Poessinger | |
2020-05-29 | airbag: T2088: explicit enabling of the feature | Thomas Mangin | |
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing) | |||
2020-05-22 | macsec: T2491: add replay window protection | Christian Poessinger | |
2020-05-22 | macsec: T2023: flake8/autopep8 corrections | Christian Poessinger | |
2020-05-22 | macsec: T2023: fix wrong use or f-format string | Christian Poessinger | |
2020-05-22 | macsec: T2023: remove unused import | Christian Poessinger | |
2020-05-21 | macsec: T2023: delete wpa_supplicant config when interface is removed | Christian Poessinger | |
2020-05-21 | macsec: T2023: stop wpa_supplicant on interface deletion | Christian Poessinger | |
2020-05-21 | macsec: T2023: cleanup wpa_supplicant config file name | Christian Poessinger | |
2020-05-21 | macsec: T2023: improve verify() when encryption is enabled | Christian Poessinger | |
With enabled encryption keys must be configured. | |||
2020-05-21 | macsec: T2023: support MACsec Key Agreement protocol actor priority | Christian Poessinger | |
2020-05-21 | macsec: T2023: rename "security key" node to "security mka" | Christian Poessinger | |
MACsec always talks about MKA (MACsec Key Agreement protocol) thus the node should reflect that. | |||
2020-05-21 | macsec: T2023: use wpa_supplicant for key management | Christian Poessinger | |
2020-05-21 | macsec: T2023: cli: move "cipher" and "encryption" under new "secutiry" node | Christian Poessinger | |
This is best suited as a key is required, too. | |||
2020-05-21 | macsec: T2023: cipher suite is mandatory | Christian Poessinger | |
2020-05-21 | macsec: T2023: use list when working with Config() | Christian Poessinger | |
2020-05-21 | macsec: T2023: add optional encryption command | Christian Poessinger | |
By default MACsec only authenticates traffic but has support for optional encryption. Encryption can now be enabled using: set interfaces macsec <interface> encrypt | |||
2020-05-21 | macsec: T2023: add initial XML and Python interfaces | Christian Poessinger | |