Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-11-03 | validators: T4795: migrate mac-address python validator to validate-value | Christian Poessinger | |
Instead of spawning the Python interpreter for every mac-address to validate, rather use the base validate-value OCaml implementation which is much faster. This removes redundant code and also makes the CLI more responsive. Validator is moved out to a dedicated file instead of using XML inlined <regex> for the reason of re-usability. So if that regex needs to be touched again - it can all happen in one single file. | |||
2022-11-03 | validators: T4795: drop unused Python validators | Christian Poessinger | |
2022-11-03 | xml: T4795: superseed allowed-vlan validator by numeric range validator | Christian Poessinger | |
Reduce CPU time when spawning the python interpreter. Same can be done by the numeric validator. | |||
2022-10-07 | Merge branch 'current' into radius-rate-limit-comp | Christian Poessinger | |
2022-10-03 | T4726: add completion help and validation for accel-ppp vendor option | Daniil Baturin | |
2022-10-03 | policy: T4660: Changed CLI syntax in route-map set community | aapostoliuk | |
Changed CLI syntax in route-map set community, set large-community, set extcommunity Allows to add multiple communities, large-communities and extcommunities in clear view. Added new well-known communities. Added non-transitive feature in extcommunities. Fixed community's validators. | |||
2022-09-16 | xml: T4698: drop validator name="range" and replace it with numeric | Christian Poessinger | |
After T4669 added support for range validation to the OCaml validator there is no need to keep the slow Python validator in place. Raplace all occurances of <validator name="range" argument="--min=1 --max=65535"/> with <validator name="numeric" argument="--range 1-65535"/>. | |||
2022-08-03 | validators: T4586: Add IPv6 exclude validators for address/prefix | Viacheslav Hletenko | |
Add IPV6 exclude validators: - ipv6-address-exclude - ipv6-prefix-exclude Will use in nat66 source/destination | |||
2022-05-05 | policy: T4414: add support for route-map "as-path prepend last-as x" | Christian Poessinger | |
2022-04-30 | firewall: T1230: fix validator for service alias names (e.g. ssmtp) | Christian Poessinger | |
2022-03-12 | Firewall: T4286: Correct ipv6-range validator | Nicolas Fort | |
2022-01-18 | firewall: T3560: Add support for MAC address groups | sarthurdev | |
2022-01-17 | firewall: T2199: Fix `port-range` validator to accept service names | sarthurdev | |
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-12 | firewall: T4160: Fix support for inverse matches | sarthurdev | |
2022-01-11 | firewall: validators: T4174: Correct upper port range boundary | Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs | |
2022-01-11 | validators: T4144: Add error messages to the majority of IP validators | sarthurdev | |
2022-01-10 | validators: Stricter checking on port-range validator | sarthurdev | |
2022-01-10 | validators: T4148: Add text output when validators fail | sarthurdev | |
2022-01-10 | firewall: validators: T2199: Improve port validation | sarthurdev | |
2022-01-03 | Merge pull request #1124 from sever-sever/T4110 | Christian Poessinger | |
listen-address: T4110: Ability to set IPv6 link-local addresses | |||
2022-01-03 | listen-address: T4110: Ability to set IPv6 link-local addresses | Viacheslav | |
Some services allows to set link-local IPv6 addresses as listen-address. Allow it and add a validator 'ipv6-link-local' and extend listen-address.xml.i to this validator | |||
2021-12-31 | Merge branch 'firewall' of https://github.com/sarthurdev/vyos-1x into current | Christian Poessinger | |
* 'firewall' of https://github.com/sarthurdev/vyos-1x: zone_policy: T3873: Implement intra-zone-filtering policy: T2199: Migrate policy route op-mode to XML/Python policy: T2199: Migrate policy route to XML/Python zone-policy: T2199: Migrate zone-policy op-mode to XML/Python zone-policy: T2199: Migrate zone-policy to XML/Python firewall: T2199: Migrate firewall op-mode to XML/Python firewall: T2199: Migrate firewall to XML/Python | |||
2021-12-12 | validator: T4036: validate if multicast address is single (no netmask) | Christian Poessinger | |
2021-12-07 | T3006: add a range validator | Daniil Baturin | |
2021-12-06 | firewall: T2199: Migrate firewall to XML/Python | sarthurdev | |
2021-12-06 | validators: T4053: Fix exit code for script | Viacheslav | |
2021-12-06 | validators: T4052: Fix for warn message in the validator script | Viacheslav | |
Validator expects variable "script" for the Warning message But it gets undeclared "path" | |||
2021-12-04 | bgp: T4042: bugfix route-distinguisher value range | Christian Poessinger | |
2021-12-04 | validators: T4042: rename bgp-route-target -> bgp-rd-rt | Christian Poessinger | |
2021-10-12 | validators: T3868: Allow asterisk symbol in bgp-large-community-list | Viacheslav | |
2021-09-18 | validator: T2417: bugfix on Python3 f'ormat strings | Christian Poessinger | |
Commit 3639a5610b590a ("validator: T2417: try to make the code clearer") introduced Python3 f'ormatted strings but missed the "f" keyword. | |||
2021-08-31 | ssh: T3789: add custom validator for base64 encoded CLI data | Christian Poessinger | |
SSH keys used for remote login are supplied as base64 encoded data on the CLI. The key is not validated, thus an invalid copy/pasted key will render the login useless. This commit adds a custom and re-usable validator which check if the data is properly base64 encoded. | |||
2021-08-24 | bgp: T3759: "l2vpn evpn" and ipv4/ipv6 safi route-targets differ | Christian Poessinger | |
The "l2vpn evpn" address-family route-target command only accepts a single route-target value consisting of (A.B.C.D:MN|EF:OPQR|GHJK:MN). The "ipv4-unicast or ipv6-unicast" address-family route-target command for VPNs support multiple, whitespace separated route-target values. This commit adds a new custom validator named "bgp-route-target" with a --single and a --multi option to pass one or more route-target values. | |||
2021-08-24 | policy: T2425: rename validator large-community-list -> bgp-large-community-list | Christian Poessinger | |
... as we will get another bgp route-target validator soon. | |||
2021-08-18 | policy: T2425: import exact Perl match criteria for large-community-list | Christian Poessinger | |
2021-08-17 | policy: T2425: add missing validator for large-community-lists | Christian Poessinger | |
without the validators FRR commit errors would happen. | |||
2021-07-17 | VRF: T3655: proper connection tracking for VRFs | zsdc | |
Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones | |||
2021-06-13 | wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface tree | Christian Poessinger | |
2021-05-25 | firewall: T3568: add XML definitions for firewall | Viacheslav Hletenko | |
Add XML for configuration mode firewall. Used for future rewriting it to Python style. | |||
2021-05-20 | sysctl: T3565: initial implementation in XML and Python | Christian Poessinger | |
migrate from old vyatta-cfg-system / Perl implementation. | |||
2021-05-14 | conntrack: T3535: migrate codebase from vyatta-conntrack-sync | Christian Poessinger | |
2021-04-27 | container: T2216: Add binding for ports and volumes | sever-sever | |
2021-03-21 | validate: T3418: interface-name should also allow all local present interfaces | Christian Poessinger | |
The regex only validated interfaces according to the VyOS naming scheme, but third party interfacs that are legit (e.g. exists within the kernel) failed to validate. The validator now also supports any kind of local interfaces attached to the OS kernel. | |||
2021-03-17 | ipv6: eui64: T3413: add custom validator | Christian Poessinger | |
VyOS 1.2 (crux) rejected prefixes other then of site /64. [ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ] Error: Prefix lenght is 127. It must be 64. Same should be done on VyOS 1.3 and newer | |||
2021-02-28 | validators: fqdn: T3370: support "private" or "local" domain names | Christian Poessinger | |
2021-02-24 | validators: interface-name script must also support VLAN interfaces | Christian Poessinger | |
2021-02-18 | validator: T3326: add missing interfaces (e.g. ppp and l2tpv3) | Christian Poessinger | |
2021-02-05 | xml: add new common "interface-name" validator | Christian Poessinger | |