summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2020-08-04router-advert: T2758: bugfix 'infinity' is not a valid integer numberChristian Poessinger
Problem was introduced in commit 740ace13 ("router-advert: T2609: add missing verify() for prefix lifetime"). The 'infinity' literal was not converted to its corresponding integer 0xffffffff (4294967295) for the check.
2020-08-04cleanup: convert multiple files from DOS to UNIX line endingChristian Poessinger
2020-08-03op-mode: T2546: use inline shell code for "configure"Christian Poessinger
Commit 787879ba ("configure: op-mode: move XML here") migrated the op-mode command "configure" to vyos-1x. The used shell snipped in turn sometimes complained about: "_vyatta_op_do_key_bindings: command not found". This is now resolved by moving the code entirely into the node.def file.
2020-08-03ssh: T1076: make configuration volatileChristian Poessinger
Move sshd_config file to /run so it must be generated on every boot and is not stored accidently.
2020-08-03lldp: op-mode: T2323: "show lldp neighbors detail" only works when service runsChristian Poessinger
The problem exists when LLDP is not configured but one wants to run the detail command. Running "show lldp neighbors" is not possible when LLDP is not running. This case is already handled for "show lldp neighbors" and has been extended for "show lldp neighbors detail".
2020-08-03configure: op-mode: move XML hereChristian Poessinger
2020-08-03ifconfig: T2740: pass config dict to DHCP class for IPv6Christian Poessinger
This removes additional code paths as we can instatly work with the input dict the same was as it was done for PPPoE. This fixes the entire DHCPv6-PD support on non PPPoE interfaces as this was lost in translation while processing T2653.
2020-08-02accel-ppp: T2756: make RADIUS accounting port configurableChristian Poessinger
Make the port used for RADIUS accounting user configurable. This is now valid for the following services which are based on Accel-PPP: * ipoe-server * pppoe-server * l2tp * pptp * sstp
2020-08-02ipoe-server: T2314: fix improper use of fail-time dictionary keyChristian Poessinger
2020-07-30router-advert: T2745: migrate to get_config_dict()Christian Poessinger
2020-07-29wireguard: T2743: move key migration from config script to migration scriptChristian Poessinger
Migration files on the storage should be done one time by a migration script instead of every time the configuration changes. Moving this to an older migration script is fine as this is around for a long time and all rolling releases are already up2date. It only affects updates from VyOS 1.2 series.
2020-07-29mdns-repeater: T2742: migrate to get_config_dict()Christian Poessinger
2020-07-26wireguard: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-26vxlan: ifconfig: T2653: move to get_interface_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25l2tpv3: ifconfig: T2653: move implementation to get_interface_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25Revert "Merge pull request #423 from thomas-mangin/T2494"Christian Poessinger
This reverts commit bfbf51acb2d4b6b5fe2d22d39f7259686f98d2a0, reversing changes made to 1a85e758b105d493bb9d95916816bd206345bc5d.
2020-07-25Merge branch 'interface-rewrite' of github.com:c-po/vyos-1x into currentChristian Poessinger
* 'interface-rewrite' of github.com:c-po/vyos-1x: vyos.configverify: T2653: fix some formatting issues ifconfig: T2653: make ifname an optional argument to get_interface_dict() vyos.configdict: T2653: remove obsolete code from configdict and ifconfig_vlan wireless: ifconfig: T2653: move to get_config_dict() ifconfig: T2653: move get_ethertype() from configdict to interface vlan: ifconfig: T2653: move get_removed_vlans() to vyos.configdiff bonding: ifconfig: T2653: move to get_config_dict() ifconfig: T2653: move vlan configuration code to base class vyos.configdict: T2653: use dict_merge() over update() ifconfig: T2653: implement update() in derived classes for admin up/down vyos.configdict: T2653: add new reusable helper node_changed() geneve: ifconfig: T2653: move to get_config_dict() ifconfig: T2653: move bridge member check to base class interfaces: ifconfig: T2653: migrate to get_interface_dict() API pseudo-ethernet: ifconfig: T2653: move to get_config_dict() bridge: ifconfig: T2653: move to get_config_dict() vlan: ifconfig: T2653: only enable interface when lower interface is up ethernet: ifconfig: T2653: move to get_config_dict() ifconfig: T2653: set arp-cache-timeout default value of 30ms
2020-07-25Merge pull request #423 from thomas-mangin/T2494Christian Poessinger
systemd: T2494: allow to restart vyos-hostsd without consequence
2020-07-25ifconfig: T2653: make ifname an optional argument to get_interface_dict()Christian Poessinger
Further reduce the boiler-plate code to determine interface tag node or not. It can be passed into get_interface_dict() if explicitly required - else it is taken from the environment.
2020-07-25wireless: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25bonding: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25vyos.configdict: T2653: add new reusable helper node_changed()Christian Poessinger
This can be used to see if a tagNode has been changed. It will return a list of changed nodes.
2020-07-25geneve: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge.
2020-07-25interfaces: ifconfig: T2653: migrate to get_interface_dict() APIChristian Poessinger
After switching from raw parsing of the interface options to get_config_dict() this utilizes another utility function which wraps get_config_dict() and adds other common and reused parameters (like deleted or bridge member). Overall this drops redundant code (again) and makes the rest more maintainable as we only utilize a single function.
2020-07-25pseudo-ethernet: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for pdeudo-ethernet interfaces in the derived class.
2020-07-25bridge: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for bridge interfaces in the derived bridge class. Signed-off-by: Christian Poessinger <christian@poessinger.com>
2020-07-25ethernet: ifconfig: T2653: move to get_config_dict()Christian Poessinger
The current VyOS CLI parser code written in Python contains a ton of duplicates which I can also hold myself accountable for - or maybe mainly me - depends on the angle of judge. While providing a new update() method in vyos.ifconfig.interfaces() this is extended for ethernet based interfaces which also supports 802.1q, 802.1ad VLANs. This commit migrates the existing codebase for an ethernet based interfaces and implements the missing parts for VLANs. Adding or migrating other interfaces (e.g. bridge or bond) will become much easier as they must reuse the entire functionality - we now walk towards a single codepath. Thanks for all who made this combined effort possible! Signed-off-by: Christian Poessinger <christian@poessinger.com>
2020-07-25vyos.util: add common helper to load kernel modulesChristian Poessinger
l2tpv3, wireguard, wirelessmodem, nat all require additional Kernel modules to be present on the system. Each and every interface implemented their own way of loading a module - by copying code. Use a generic function, vyos.util.check_kmod() to load any arbitrary kernel module passed as string or list.
2020-07-24T2727: add a dotted decimal validator.Daniil Baturin
Since it's relatively rarely used, Python's startup time should't be much of a problem.
2020-07-22xml: T2582: use xml for is_tag and is_leafThomas Mangin
2020-07-22load-config: subclass ConfigSourceSession instead of ConfigJohn Estabrook
2020-07-22http-api: remove unneeded check for VyOSErrorJohn Estabrook
The only calls to config (return_value, return_values, exists) do not throw VyOSError; remove unneeded except.
2020-07-22T2725: Fix config parse for users without passwordsEsa Varemo
Fix for https://phabricator.vyos.net/T2725 T2492 / a07e22377ab83104ac925e13d1824f241f0f8d4a introduced a change which broke the initialization of the user dict. In case the config contained an user without an encrypted-password set, the property would be missing and the commit would crash with `KeyError: 'password_encrypted'`
2020-07-21interfaces: T2658: Fix description lengthsever-sever
2020-07-20dhcp-server: T2717: Fix DHCP pool size in statisticsRobert Schindler
The calculated size of DHCP server address pools was not corrent. The fact that both boundaries of address ranges are inclusive wasn't accounted for, so the calculated size was too small by 1 address per range.
2020-07-19Merge pull request #507 from jjakob/nft-translation-address-T2709Christian Poessinger
nat: T2709: remove 'translation address' mandatory check
2020-07-19nat: T2709: remove 'translation address' mandatory checkJernej Jakob
Rules without a translation address are also valid, they'll modify just the port and leave the address intact. This also used to be a valid syntax and it caused an error on upgrade.
2020-07-19Merge pull request #500 from dmbaturin/currentDaniil Baturin
Improve readability of the port validation. Also fixes T2708.
2020-07-19broadcast-relay: T2712: migrate to get_config_dict()Christian Poessinger
Add additional verify() stage to check that the relaying interface actually exists on the system.
2020-07-16pseudo-ethernet: T2626: Fix for changing interface modesrividya0208
Since it is not impossible to change MACVLAN interface mode on the fly, this fix adds a new one trigger to recreate it from scratch if the mode changed in system config
2020-07-16Improve the readability of the port validation. Also fixes T2708.Daniil Baturin
2020-07-15flow-accounting: T2695: Fixed crash on viewing flows with incomplete datazsdc
If flow records contain entries with skipped details, this does not allow preparing it for the output table. This fix use safe .get() function to return empty values instead crashing. Also, added several small formatting fixes.
2020-07-15http-client: T2651: support specifying source-interface/address for curlChristian Poessinger
Please note that either interface or address can be configured. system { options { http-client { source-interface eth0 source-address 1.1.1.1 } } }
2020-07-12snmp: T2687: replace 3rd party hash library with custom codeChristian Poessinger
The 3rd party library used for calculating the SNMP hashes in advance only worked for SHA and nod for MD5 as SHA was hardcoded [1]. The code has been replaced by a class-less implementation providing only the required functionality. [1]: https://github.com/TheMysteriousX/SNMPv3-Hash-Generator/issues/2
2020-07-12nat: T2699: fix exclusion rules for noNAT destinationsChristian Poessinger
2020-07-11snmp: T2687: precalculate snmpv3 encrypted keysChristian Poessinger
As of now when adding new credentials for any SNMPv3 user we submit the credential either plaintext or encrypted. A plaintext credential will be hashed by SNMPd in the background and then passed back into the CLI so it's not stored in cleartext. This feels like the wrong way in changing the CLI content with data produced by a 3rd party daemon which implements the service. It feels like the tail wiggles the entire dog. This should be changed in the following way: - After retrieving the plaintext password from CLI, use Python to hash the key in advance - Re-populate the encrypted key into the CLI and drop the plaintext one - Generate service configuration and continue startup of SNMPd This also fixes a race condition when SNMPd started up but not properly provided the hasehd keys in the configuration resulting in a ConfigurationError. Now as we also support binding SNMPd to a VRF this fixes a deadlock situation on bootup as we can only bind late to the VRF and require up to 5 restarts of the service - but the service will never start.
2020-07-07ssh: T2691: bugfix loglevel config migrationChristian Poessinger
When migrating the conf from VyOS 1.2 to 1.3 a configuration error could appear if the user specified "info" as loglevel instead of "INFO". There was no input validation done in 1.2 but this is now enforced in 1.3. In VyOS 1.3 loglevel will be always lowercase on the CLI and when migrating the config this is transformed. Also VyOS 1.2 accpeted any arbitrary loglevel. If an invalid loglevel is found it will be set to info.
2020-07-04snmp: vrf: T2682: support restart on failure indefinitely.Christian Poessinger
Linux tries to bind sshd to the VRF but it is yet not ready - for any arbitrary reason. After restarting SSH to often (rate-limiting) it is blocked by systemd. Using Restart/RestartSec is not enough - systemd services use start rate limiting (enabled by default). If service is started more than StartLimitBurst times in StartLimitIntervalSec seconds is it not permitted to start any more. Parameters are inherited from DefaultStartLimitIntervalSec (default 10s) and DefaultStartLimitBurst (default 5).
2020-07-04cleanup: no need to call sudo for configuration mode scriptsChristian Poessinger
2020-07-04ids: T2659: Add get_first_key to get_config_dictDmitriyEshenko