Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-08-18 | policy: T2425: import exact Perl match criteria for large-community-list | Christian Poessinger | |
2021-08-17 | policy: T2425: add missing validator for large-community-lists | Christian Poessinger | |
without the validators FRR commit errors would happen. | |||
2021-07-17 | VRF: T3655: proper connection tracking for VRFs | zsdc | |
Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones | |||
2021-06-13 | wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface tree | Christian Poessinger | |
2021-05-25 | firewall: T3568: add XML definitions for firewall | Viacheslav Hletenko | |
Add XML for configuration mode firewall. Used for future rewriting it to Python style. | |||
2021-05-20 | sysctl: T3565: initial implementation in XML and Python | Christian Poessinger | |
migrate from old vyatta-cfg-system / Perl implementation. | |||
2021-05-14 | conntrack: T3535: migrate codebase from vyatta-conntrack-sync | Christian Poessinger | |
2021-04-27 | container: T2216: Add binding for ports and volumes | sever-sever | |
2021-03-21 | validate: T3418: interface-name should also allow all local present interfaces | Christian Poessinger | |
The regex only validated interfaces according to the VyOS naming scheme, but third party interfacs that are legit (e.g. exists within the kernel) failed to validate. The validator now also supports any kind of local interfaces attached to the OS kernel. | |||
2021-03-17 | ipv6: eui64: T3413: add custom validator | Christian Poessinger | |
VyOS 1.2 (crux) rejected prefixes other then of site /64. [ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ] Error: Prefix lenght is 127. It must be 64. Same should be done on VyOS 1.3 and newer | |||
2021-02-28 | validators: fqdn: T3370: support "private" or "local" domain names | Christian Poessinger | |
2021-02-24 | validators: interface-name script must also support VLAN interfaces | Christian Poessinger | |
2021-02-18 | validator: T3326: add missing interfaces (e.g. ppp and l2tpv3) | Christian Poessinger | |
2021-02-05 | xml: add new common "interface-name" validator | Christian Poessinger | |
2021-01-22 | dhcpv6: T3240: support per-interface client DUIDs | Brandon Stepler | |
2021-01-16 | bridge: T3137: Improved verification logic | jack9603301 | |
2020-12-20 | Revert "dhcpv6: T3134: add missing duid support" | Christian Poessinger | |
This reverts commit 9541355433e202fade4692851bffa33ba9d48f44. | |||
2020-12-20 | dhcpv6: T3134: add missing duid support | Christian Poessinger | |
2020-11-06 | validator: ipv4-range: T3050: fix wrong exit code when no range was given | Christian Poessinger | |
2020-07-24 | T2727: add a dotted decimal validator. | Daniil Baturin | |
Since it's relatively rarely used, Python's startup time should't be much of a problem. | |||
2020-06-14 | wireless: T2354: add new validator for phy interfaces | Christian Poessinger | |
2020-05-30 | vrf: T2530: instance name must be 15 characters or less | Christian Poessinger | |
2020-05-16 | nat: T2198: add common ip-protocol validator | Christian Poessinger | |
It allows IP protocol numbers 0-255, protocol names e.g. tcp, ip, ipv6 and the negated form with a leading "!". | |||
2020-05-16 | nat: T2198: add ipv4-{address,prefix,rage}-exclude validators | Christian Poessinger | |
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT. | |||
2020-05-16 | nat: T2198: add new ipv4-range validator | Christian Poessinger | |
2020-05-08 | T2441: Fix parse error | kroy-the-rabbit | |
2020-05-09 | T2431: remove the numeric validator for it now lives in vyos-utils. | Daniil Baturin | |
2020-05-06 | validator: T2417: try to make the code clearer | Thomas Mangin | |
2020-05-02 | validators: numeric: T2414: improve runtime performance | Christian Poessinger | |
$ time for i in {1..1000}; do /usr/libexec/vyos/validators/numeric --range 1-9999 666; done real 0m56.933s user 0m48.045s sys 0m9.064s $ time for i in {1..1000}; do /usr/libexec/vyos/validators/numeric--range 1-9999 666; done real 0m44.552s user 0m37.760s sys 0m6.989s This is a performance improvement of 21%, running in an ESXi VM with Quad Intel(R) Xeon(R) CPU E5-2630L v3 @ 1.80GHz. | |||
2020-04-16 | openvpn: T149: IPv6 support | Jernej Jakob | |
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool) | |||
2020-04-06 | util: T2226: rewrite timezone validator to use cmd | Thomas Mangin | |
2020-04-03 | vrf: T31: Allow vrf name to look more like interface name | Runar Borge | |
Fix the regex to allow vrf instances like "eth0vrf" but not to allow "eth0" | |||
2020-04-03 | validate: mac: autopep8 | Christian Poessinger | |
2020-04-03 | vrf: T31: name of isntance is not allowed to mimic an interface name | Christian Poessinger | |
Every VRF that's created is not allowed to be named like any interface that can be active on the system. This includes eth, lan, br, dum, lo .... In theoriy this would work but as soon as such a regular interface is created things will go sideways rather quick thus we limit the namespace which can be used to create a VRF. Appending an interface name is still possible like coolvrf-eth0. | |||
2020-03-16 | syslog: T2131: add generic fqdn validator | Christian Poessinger | |
2019-12-26 | time-zone: T1906: migrate to XML/Python | Christian Poessinger | |
The current node.def based implementtion should be migrated from vyatta-cfg-system to vyos-1x. During the migration also provide a migration script which transforms some ole timezones like "Los_Angeles" into a proper IANA assigned timezone which should be "America/Los_Angeles". | |||
2019-10-19 | T1749: support multiple ranges in the numeric validator. | Daniil Baturin | |
2019-08-07 | Validator: add file-exists as replacement to Vyatta check_file_in_config_dir | Christian Poessinger | |
Verify if a file exists or not on the system. Can be called by: <constraint> <validator name="file-exists" argument="--directory /config/auth"/> </constraint> The --directory option is used to ensure a given file path lies under this (mandatory) directory. A directory can be mandatory when the optional argument -e, --error is used. This will return '1' instead of '0'. | |||
2019-08-07 | Validator: rename cidr -> ip-cidr to match existing patterns | Christian Poessinger | |
2019-06-19 | [wireguard] T1425 - assign a /31 address on Wireguard interface | hagbard | |
- added a validator for checking if the address is any cidr noted address | |||
2019-03-11 | [arp] - T1288: python implemtation of 'set protocols static arp' | hagbard | |
2018-08-11 | T772 allow stow-away arguments in the script name field ↵ | Peri Diane Jones | |
https://phabricator.vyos.net/T772 | |||
2018-07-24 | Add a validator for scripts that are supposed to be in /config | Daniil Baturin | |
2018-07-10 | Add an option for validating positive (>= 0) numbers to the numeric validator. | Daniil Baturin | |
2018-05-16 | T642: add validators for common network address checking cases. | Daniil Baturin | |
2018-05-14 | Add some ipaddrcheck-based IP validators. | Daniil Baturin | |
2017-09-16 | T395: Implement a numeric value validator | Daniil Baturin | |