vyos-1x
vyos-1x copied to clipboard
vyos
vyos.client_server: T2854: Add classes for building client/server pairs
The classes in vyos.client_server should make building system daemons and associated clients a lot simpler. They care about all the low-level stuff such as message passing, data validation, sockets, logging, persistent state storage and CLI integration.
There also is vyos.ipsetd. For now, this mainly demonstrates how to use vyos.client_server. However, vyos.ipsetd is fully working, and it can probably be used as part of the firewall rewrite.
I had to rebase onto the current branch again because the state at which it originally diverted had a bug which made testing harder, so don't wonder about the extra commits.
I will echo Thomas' comment that this is very nice work; I am testing it in some current scenarios, and will update this PR with questions/feedback. Thank you!
One note: IPset will be irrelevant when we switch the firewall to nftables. We aren't planning to use IPset in the future.
I'll give the PR a deeper review, I think it's a good idea, but for the long term it will need an example other than IPsec...
@jestabro Thanks!
@dmbaturin
One note: IPset will be irrelevant when we switch the firewall to nftables. We aren't planning to use IPset in the future.
Ah, good to know. Never really "worked" with nftables so far. My original intention for this PR was T2719 which I already started fiddling with, so once that's implemented, it could serve as an example for using vyos.client_server. However, do you think we may keep vyos.ipsetd as reference for now?
This pull request has conflicts, please resolve those before we can evaluate the pull request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
As mentioned in the previous comment, we will not make use of this as is, but will remain informed by the ideas contained.