summaryrefslogtreecommitdiff
path: root/src/conf_mode
AgeCommit message (Collapse)Author
2020-08-15pppoe-server: T2796: at least one server interface must be definedChristian Poessinger
Add missing verify() check that at least one interface must be defined to listen to PPPoE data.
2020-08-13console-server: T2490: use get_first_key=True on get_config_dict()Christian Poessinger
2020-08-10host_name: T2784: remove unused importsJohn Estabrook
2020-08-10host_name: T2784: remove unused arg in verify, unneeded arg in get_configJohn Estabrook
2020-08-04ssh: T2651: add cli options for source addressChristian Poessinger
When running SSH from the VyOS system the source IP address can be set by: set system options ssh-client source-address x.x.x.x
2020-08-04router-advert: T2758: bugfix 'infinity' is not a valid integer numberChristian Poessinger
Problem was introduced in commit 740ace13 ("router-advert: T2609: add missing verify() for prefix lifetime"). The 'infinity' literal was not converted to its corresponding integer 0xffffffff (4294967295) for the check.
2020-08-03ssh: T1076: make configuration volatileChristian Poessinger
Move sshd_config file to /run so it must be generated on every boot and is not stored accidently.
2020-08-03ifconfig: T2740: pass config dict to DHCP class for IPv6Christian Poessinger
This removes additional code paths as we can instatly work with the input dict the same was as it was done for PPPoE. This fixes the entire DHCPv6-PD support on non PPPoE interfaces as this was lost in translation while processing T2653.
2020-08-02accel-ppp: T2756: make RADIUS accounting port configurableChristian Poessinger
Make the port used for RADIUS accounting user configurable. This is now valid for the following services which are based on Accel-PPP: * ipoe-server * pppoe-server * l2tp * pptp * sstp
2020-08-02ipoe-server: T2314: fix improper use of fail-time dictionary keyChristian Poessinger
2020-07-30router-advert: T2745: migrate to get_config_dict()Christian Poessinger
2020-07-29wireguard: T2743: move key migration from config script to migration scriptChristian Poessinger
Migration files on the storage should be done one time by a migration script instead of every time the configuration changes. Moving this to an older migration script is fine as this is around for a long time and all rolling releases are already up2date. It only affects updates from VyOS 1.2 series.
2020-07-29mdns-repeater: T2742: migrate to get_config_dict()Christian Poessinger
2020-07-26wireguard: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-26vxlan: ifconfig: T2653: move to get_interface_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25l2tpv3: ifconfig: T2653: move implementation to get_interface_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25ifconfig: T2653: make ifname an optional argument to get_interface_dict()Christian Poessinger
Further reduce the boiler-plate code to determine interface tag node or not. It can be passed into get_interface_dict() if explicitly required - else it is taken from the environment.
2020-07-25wireless: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25bonding: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25vyos.configdict: T2653: add new reusable helper node_changed()Christian Poessinger
This can be used to see if a tagNode has been changed. It will return a list of changed nodes.
2020-07-25geneve: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25interfaces: ifconfig: T2653: migrate to get_interface_dict() APIChristian Poessinger
After switching from raw parsing of the interface options to get_config_dict() this utilizes another utility function which wraps get_config_dict() and adds other common and reused parameters (like deleted or bridge member). Overall this drops redundant code (again) and makes the rest more maintainable as we only utilize a single function.
2020-07-25pseudo-ethernet: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for pdeudo-ethernet interfaces in the derived class.
2020-07-25bridge: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for bridge interfaces in the derived bridge class. Signed-off-by: Christian Poessinger <christian@poessinger.com>
2020-07-25ethernet: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for ethernet based interfaces which also supports 802.1q, 802.1ad VLANs. This commit migrates the existing codebase for an ethernet based interfaces and implements the missing parts for VLANs. Adding or migrating other interfaces (e.g. bridge or bond) will become much easier as they must reuse the entire functionality - we now walk towards a single codepath. Thanks for all who made this combined effort possible! Signed-off-by: Christian Poessinger <christian@poessinger.com>
2020-07-25vyos.util: add common helper to load kernel modulesChristian Poessinger
l2tpv3, wireguard, wirelessmodem, nat all require additional Kernel modules to be present on the system. Each and every interface implemented their own way of loading a module - by copying code. Use a generic function, vyos.util.check_kmod() to load any arbitrary kernel module passed as string or list.
2020-07-22T2725: Fix config parse for users without passwordsEsa Varemo
Fix for https://phabricator.vyos.net/T2725 T2492 / a07e22377ab83104ac925e13d1824f241f0f8d4a introduced a change which broke the initialization of the user dict. In case the config contained an user without an encrypted-password set, the property would be missing and the commit would crash with `KeyError: 'password_encrypted'`
2020-07-19nat: T2709: remove 'translation address' mandatory checkJernej Jakob
Rules without a translation address are also valid, they'll modify just the port and leave the address intact. This also used to be a valid syntax and it caused an error on upgrade.
2020-07-19broadcast-relay: T2712: migrate to get_config_dict()Christian Poessinger
Add additional verify() stage to check that the relaying interface actually exists on the system.
2020-07-16pseudo-ethernet: T2626: Fix for changing interface modesrividya0208
Since it is not impossible to change MACVLAN interface mode on the fly, this fix adds a new one trigger to recreate it from scratch if the mode changed in system config
2020-07-15http-client: T2651: support specifying source-interface/address for curlChristian Poessinger
Please note that either interface or address can be configured. system { options { http-client { source-interface eth0 source-address 1.1.1.1 } } }
2020-07-12snmp: T2687: replace 3rd party hash library with custom codeChristian Poessinger
The 3rd party library used for calculating the SNMP hashes in advance only worked for SHA and nod for MD5 as SHA was hardcoded [1]. The code has been replaced by a class-less implementation providing only the required functionality. [1]: https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues/2
2020-07-12nat: T2699: fix exclusion rules for noNAT destinationsChristian Poessinger
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-04snmp: vrf: T2682: support restart on failure indefinitely.Christian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04cleanup: no need to call sudo for configuration mode scriptsChristian Poessinger
2020-07-04ids: T2659: Add get_first_key to get_config_dictDmitriyEshenko
2020-07-04Merge pull request #487 from DmitriyEshenko/1x-impl-fnmDaniil Baturin
ids: T2659: Implement fastnetmon support
2020-07-03ids: T2659: Implement fastnetmon supportDmitriyEshenko
2020-07-03ntp: T2676: mive to get_config_dict()Christian Poessinger
2020-07-01config: T2667: add missing flagJohn Estabrook
2020-07-01Merge pull request #486 from jestabro/sub_dictChristian Poessinger
2020-07-01config: T2667: adapt for refinements to get_config_dictJohn Estabrook
2020-07-01ifconfig: T2653: use better names for vyos.configverify functionsChristian Poessinger
2020-07-01ifconfig: T2653: move pppoe interface to get_config_dict()Christian Poessinger
2020-06-29tunnel: T2649: ConfigurationState, do not inherit from ConfigThomas Mangin
2020-06-28wwan: T2660: remove workaround - use XML backed default dictChristian Poessinger
2020-06-27ifconfig: T2653: move wirelessmodem (WWAN) interface to get_config_dict()Christian Poessinger
2020-06-27xml: T2656: do not flatten dict by defaultChristian Poessinger
2020-06-27ifconfig: T2653: macsec switch to default dictionaryChristian Poessinger