summaryrefslogtreecommitdiff
path: root/src/validators
AgeCommit message (Collapse)Author
2021-07-17VRF: T3655: proper connection tracking for VRFszsdc
Currently, all VRFs share the same connection tracking table, which can lead to problems: - traffic leaks to a wrong VRF - improper NAT rules handling when multiple VRFs contain the same IP networks - stateful firewall rules issues The commit implements connection tracking zones support. Each VRF utilizes its own zone, so connections will never mix up. It also adds some restrictions to VRF names and assigned table numbers, because of nftables and conntrack requirements: - VRF name should always start from a letter (interfaces that start from numbers are not supported in nftables rules) - table number must be in the 100-65535 range because conntrack supports only 65535 zones
2021-06-13wwan: T3620: rename "wirelessmodem wlm" interfaces to new wwan interface treeChristian Poessinger
2021-05-25firewall: T3568: add XML definitions for firewallViacheslav Hletenko
Add XML for configuration mode firewall. Used for future rewriting it to Python style.
2021-05-20sysctl: T3565: initial implementation in XML and PythonChristian Poessinger
migrate from old vyatta-cfg-system / Perl implementation.
2021-05-14conntrack: T3535: migrate codebase from vyatta-conntrack-syncChristian Poessinger
2021-04-27container: T2216: Add binding for ports and volumessever-sever
2021-03-21validate: T3418: interface-name should also allow all local present interfacesChristian Poessinger
The regex only validated interfaces according to the VyOS naming scheme, but third party interfacs that are legit (e.g. exists within the kernel) failed to validate. The validator now also supports any kind of local interfaces attached to the OS kernel.
2021-03-17ipv6: eui64: T3413: add custom validatorChristian Poessinger
VyOS 1.2 (crux) rejected prefixes other then of site /64. [ interfaces ethernet eth0 ipv6 address eui64 2006:ab00:abe1::2/127 ] Error: Prefix lenght is 127. It must be 64. Same should be done on VyOS 1.3 and newer
2021-02-28validators: fqdn: T3370: support "private" or "local" domain namesChristian Poessinger
2021-02-24validators: interface-name script must also support VLAN interfacesChristian Poessinger
2021-02-18validator: T3326: add missing interfaces (e.g. ppp and l2tpv3)Christian Poessinger
2021-02-05xml: add new common "interface-name" validatorChristian Poessinger
2021-01-22dhcpv6: T3240: support per-interface client DUIDsBrandon Stepler
2021-01-16bridge: T3137: Improved verification logicjack9603301
2020-12-20Revert "dhcpv6: T3134: add missing duid support"Christian Poessinger
This reverts commit 9541355433e202fade4692851bffa33ba9d48f44.
2020-12-20dhcpv6: T3134: add missing duid supportChristian Poessinger
2020-11-06validator: ipv4-range: T3050: fix wrong exit code when no range was givenChristian Poessinger
2020-07-24T2727: add a dotted decimal validator.Daniil Baturin
Since it's relatively rarely used, Python's startup time should't be much of a problem.
2020-06-14wireless: T2354: add new validator for phy interfacesChristian Poessinger
2020-05-30vrf: T2530: instance name must be 15 characters or lessChristian Poessinger
2020-05-16nat: T2198: add common ip-protocol validatorChristian Poessinger
It allows IP protocol numbers 0-255, protocol names e.g. tcp, ip, ipv6 and the negated form with a leading "!".
2020-05-16nat: T2198: add ipv4-{address,prefix,rage}-exclude validatorsChristian Poessinger
Exclude validators are required to support the ! (not) operator on the CLI to exclude addresses from NAT.
2020-05-16nat: T2198: add new ipv4-range validatorChristian Poessinger
2020-05-08T2441: Fix parse errorkroy-the-rabbit
2020-05-09T2431: remove the numeric validator for it now lives in vyos-utils.Daniil Baturin
2020-05-06validator: T2417: try to make the code clearerThomas Mangin
2020-05-02validators: numeric: T2414: improve runtime performanceChristian Poessinger
$ time for i in {1..1000}; do /usr/libexec/vyos/validators/numeric --range 1-9999 666; done real 0m56.933s user 0m48.045s sys 0m9.064s $ time for i in {1..1000}; do /usr/libexec/vyos/validators/numeric--range 1-9999 666; done real 0m44.552s user 0m37.760s sys 0m6.989s This is a performance improvement of 21%, running in an ESXi VM with Quad Intel(R) Xeon(R) CPU E5-2630L v3 @ 1.80GHz.
2020-04-16openvpn: T149: IPv6 supportJernej Jakob
- allow configuring IPv6 server addresses and push options - add IPv6 server client IP pool - add IPv6 push dhcp-option DNS6 - allow configuring IPv6 server client addresses - allow configuring IPv6 site-to-site addresses - validate all IPv6 options and addresses - use protos that explicitely open an IPv6 listening socket (tcp6-server, tcp6-client, udp6) as the default on Linux listens on IPv4 only (https://community.openvpn.net/openvpn/ticket/360) - add validator for any IPv6 address, host or network (used by pool)
2020-04-06util: T2226: rewrite timezone validator to use cmdThomas Mangin
2020-04-03vrf: T31: Allow vrf name to look more like interface nameRunar Borge
Fix the regex to allow vrf instances like "eth0vrf" but not to allow "eth0"
2020-04-03validate: mac: autopep8Christian Poessinger
2020-04-03vrf: T31: name of isntance is not allowed to mimic an interface nameChristian Poessinger
Every VRF that's created is not allowed to be named like any interface that can be active on the system. This includes eth, lan, br, dum, lo .... In theoriy this would work but as soon as such a regular interface is created things will go sideways rather quick thus we limit the namespace which can be used to create a VRF. Appending an interface name is still possible like coolvrf-eth0.
2020-03-16syslog: T2131: add generic fqdn validatorChristian Poessinger
2019-12-26time-zone: T1906: migrate to XML/PythonChristian Poessinger
The current node.def based implementtion should be migrated from vyatta-cfg-system to vyos-1x. During the migration also provide a migration script which transforms some ole timezones like "Los_Angeles" into a proper IANA assigned timezone which should be "America/Los_Angeles".
2019-10-19T1749: support multiple ranges in the numeric validator.Daniil Baturin
2019-08-07Validator: add file-exists as replacement to Vyatta check_file_in_config_dirChristian Poessinger
Verify if a file exists or not on the system. Can be called by: <constraint> <validator name="file-exists" argument="--directory /config/auth"/> </constraint> The --directory option is used to ensure a given file path lies under this (mandatory) directory. A directory can be mandatory when the optional argument -e, --error is used. This will return '1' instead of '0'.
2019-08-07Validator: rename cidr -> ip-cidr to match existing patternsChristian Poessinger
2019-06-19[wireguard] T1425 - assign a /31 address on Wireguard interfacehagbard
- added a validator for checking if the address is any cidr noted address
2019-03-11[arp] - T1288: python implemtation of 'set protocols static arp'hagbard
2018-08-11T772 allow stow-away arguments in the script name field ↵Peri Diane Jones
https://phabricator.vyos.net/T772
2018-07-24Add a validator for scripts that are supposed to be in /configDaniil Baturin
2018-07-10Add an option for validating positive (>= 0) numbers to the numeric validator.Daniil Baturin
2018-05-16T642: add validators for common network address checking cases.Daniil Baturin
2018-05-14Add some ipaddrcheck-based IP validators.Daniil Baturin
2017-09-16T395: Implement a numeric value validatorDaniil Baturin
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-22 13:19:26 +0000