summaryrefslogtreecommitdiff
path: root/src/helpers
AgeCommit message (Collapse)Author
2023-07-12T5195: move boot_* helpers to vyos.utils.bootChristian Breunig
2023-07-09T775: Config-sync bracketize IPv6 secondary addressViacheslav Hletenko
bracketize IPv6 remote address to avoid Failed to parse: https://2001:db8::2/configure-section
2023-06-30T775: Add service config-sync between 2 routersViacheslav Hletenko
Service config-sync allows synchronizing a section of the configuration. As PoC allow only nat, nat66 and firewall sections Rertreive the configuration for a section from self node and send this configuration to the section of the 'secondary' node. This feature adds a symlink from helper 'vyos_config_sync.py' to '/config/scripts/commit/post-hooks.d' and config that is located in '/run/config_sync_conf.conf' It will synchronyze the config only if the setcion was changed. set service config-sync secondary address 192.0.2.11 set service config-sync secondary key xxx set service config-sync section nat set service config-sync section nat66 set service config-sync section firewall set service config-sync mode load
2023-06-09T3472: Print warning when commit-confirm is run as regular usererkin
2023-04-21T1237: Failover route add policy for targets checkingViacheslav Hletenko
Add policy (any-available|all-available) for target checking for failover route set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check policy 'any-available' set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '192.168.122.1' set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '192.168.122.11' It depends if we need that all targets must be alive on just one target.
2023-04-07T1237: Failover route add checks for multiple targetsViacheslav Hletenko
There is only one target for checking ICMP/ARP Extend it for checking multiple targets set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '203.0.113.1' set protocols failover route 192.0.2.55/32 next-hop 192.168.122.1 check target '203.0.113.11' The route will be installed only if all targets are 'alive'
2023-01-04T1237: Fix failover route install route with diff metricsViacheslav Hletenko
If there is no route in the routing table (requires install route) it checks routing table and returns best route None But if we have 2 routes to the same dest ip but with different metrics it doesn't get None (not first route install) It cause that bast metric route cannot be installed (wrong logic) Add func "is_route_exists" and check route/gateway/metric for the required route
2022-12-17Merge pull request #1358 from sever-sever/T1237Christian Poessinger
routing: T1237: Add new feature failover route
2022-12-14routing: T1237: Add new feature failover routeViacheslav Hletenko
Failover route allows to install static routes to the kernel routing table only if required target or gateway is alive When target or gateway doesn't respond for ICMP/ARP checks this route deleted from the routing table Routes are marked as protocol 'failover' (rt_protos) cat /etc/iproute2/rt_protos.d/failover.conf 111 failover ip route add 203.0.113.1 metric 2 via 192.0.2.1 dev eth0 proto failover $ sudo ip route show proto failover 203.0.113.1 via 192.0.2.1 dev eth0 metric 1 So we can safely flush such routes
2022-11-11policy: T2199: T4605: Migrate policy route interface to `policy route|route6 ↵sarthurdev
<name> interface <ifname>` * Include refactor to policy route to allow for deletion of mangle table instead of complex cleanup * T4605: Rename mangle table to vyos_mangle
2022-11-03nat: T1877: T970: Add firewall groups to NATsarthurdev
2022-11-03firewall: T970: Refactor domain resolver, add firewall source/destination ↵sarthurdev
`fqdn` node
2022-10-28T4291: consolidate component version string read/write functionsJohn Estabrook
2022-06-14firewall: T970: Use set prefix to domain groupssarthurdev
2022-06-11firewall: T4299: Add support for GeoIP filteringsarthurdev
2022-06-05firewall: T970: Maintain a domain state to fallback if resolution failssarthurdev
2022-05-28firewall: T970: Add firewall group domain-groupViacheslav Hletenko
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } }
2022-03-10Revert "component_version: T4291: consolidate read/write functions"John Estabrook
This reverts commit 534f677d36285863decb2cdff179687b4fd690cb. Revert while investigating failure in vyos-configtest.
2022-03-10Revert "save-config: T4292: rewrite vyatta-save-config.pl to Python"John Estabrook
This reverts commit c4d389488970c8510200cac96a67182e9333b891. Revert while investigating failure in vyos-configtest.
2022-03-10Revert "load-config: T4295: use config_tree instead of legacy loadFile"John Estabrook
This reverts commit 2a4b45ba7fa4dabf7e592f499cfb06a7ae38cdea. Revert while investigating failure in vyos-configtest.
2022-03-09load-config: T4295: use config_tree instead of legacy loadFileJohn Estabrook
2022-03-08save-config: T4292: rewrite vyatta-save-config.pl to PythonJohn Estabrook
2022-03-08component_version: T4291: consolidate read/write functionsJohn Estabrook
2022-03-05conntrackd: T4259: fix daemon configuration pathChristian Poessinger
2022-02-16xml: T3474: get component version dictionary from xml cache, not legacyJohn Estabrook
2022-01-20interface-names: T3871: use tempfile during virtual migrationJohn Estabrook
Use tempfile to avoid race conditions during virtual migration.
2022-01-13strip-private: T4177: Fix for hiding private data token/url/bucketViacheslav
Add URL, token and bucket hidind data when is used function "strip-private"
2021-12-08vyos.util: T4061: add function to check for completion of boot configJohn Estabrook
2021-12-04wwan: T3795: move implementation to VbashOpRun()Christian Poessinger
After commit ae16a51506c ("configquery: T3402: use vyatta-op-cmd-wrapper to provide environment") we can now call VyOS op-mode commands from arbitrary Python scripts.
2021-11-18wwan: T3795: periodically check if WWAN connection needs a reconnectChristian Poessinger
(cherry picked from commit eb6247e4b464c36fa7441627b221d0db39429251)
2021-11-18interface-names: T3871: 'migrate' component string syntax as neededJohn Estabrook
With the rewrite of vyatta_net_name to Python using ConfigTree, one runs into the change in the syntax of the component version string when updating 1.2 --> 1.3/1.4, since the udev rule is run before the migration of the config file; add an explicit 'virtual' migration on configtree error.
2021-11-12interface-names: T3871: shift index to accommodate KVM behaviourJohn Estabrook
(on behalf of Dmitriy Eshenko)
2021-11-09interface-names: T3871: Add temporary interface names to properly renamingDmitriyEshenko
2021-10-21strip-private: T3926: strip cisco-authentication keyChristian Poessinger
2021-09-27interface-names: T3869: add vyos_net_nameJohn Estabrook
2021-09-27interface-names: T3869: add vyos_interface_rescanJohn Estabrook
2021-09-17T3823: Stop strip-private regexp from swallowing quoteserkin
2021-08-10pki: wireguard: T3642: strip private keyChristian Poessinger
Extend regex used by the "| strip-private" modifier to remove the WireGuard private key portion from stdout.
2021-07-18bridge: remove obsolete helper scriptChristian Poessinger
2021-05-15conntrack: T3535: add keepalived notifications for node transitionsChristian Poessinger
2021-04-17T3472: Move over commit-confirm-notify.py from vyatta-config-mgmterkin
2021-03-30T3354: Handle user break and prematurely closed stdinerkin
2021-03-22util: T3419: Handle IP addresses with netmasks and subnet prefixes in ↵erkin
strip-private
2021-03-15Add shebang line to strip-privateerkin
2021-03-15T3354: Add strip-private script in Pythonerkin
2020-10-21load-config: T2138: support loading gzipped (local) config filesJohn Estabrook
2020-07-22load-config: subclass ConfigSourceSession instead of ConfigJohn Estabrook
2020-05-07T2431: use native versions of validate-value and numeric validator.Daniil Baturin
2020-04-10util: T2253: fix translation to cmdJohn Estabrook
2020-04-10Revert "Revert "util: T2226: rewrite merge config to use cmd""John Estabrook
This reverts commit 6086b7fa718f502563a17569abc81d4ccb94818c.