summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2021-02-28 00:54:59 +0100
committerGitHub <noreply@github.com>2021-02-28 00:54:59 +0100
commit9cf1651454895442d911e07120a2bfd9ae12a756 (patch)
treed5e05819a56869512a3c87d906e9f6d75d5c7e63 /smoketest
parent46af54fe7545913226585230dfffd7e722280d81 (diff)
parent5bcc549edeaeaa767d77a68b33751e834d467c34 (diff)
downloadvyos-1x-9cf1651454895442d911e07120a2bfd9ae12a756.tar.gz
vyos-1x-9cf1651454895442d911e07120a2bfd9ae12a756.zip
Merge pull request #747 from c-po/vxlan-tunnel-parameters
vyos.ifconfig: cleanup and tunnel refactoring
Diffstat (limited to 'smoketest')
-rw-r--r--smoketest/configs/tunnel-broker103
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_erspan.py61
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_macsec.py39
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_tunnel.py107
4 files changed, 216 insertions, 94 deletions
diff --git a/smoketest/configs/tunnel-broker b/smoketest/configs/tunnel-broker
new file mode 100644
index 000000000..54e63abda
--- /dev/null
+++ b/smoketest/configs/tunnel-broker
@@ -0,0 +1,103 @@
+interfaces {
+ dummy dum0 {
+ address 192.0.2.0/32
+ }
+ dummy dum1 {
+ address 192.0.2.1/32
+ }
+ dummy dum2 {
+ address 192.0.2.2/32
+ }
+ dummy dum3 {
+ address 192.0.2.3/32
+ }
+ dummy dum4 {
+ address 192.0.2.4/32
+ }
+ ethernet eth0 {
+ duplex auto
+ smp-affinity auto
+ speed auto
+ address 172.18.202.10/24
+ }
+ tunnel tun100 {
+ address 172.16.0.1/30
+ encapsulation gre-bridge
+ local-ip 192.0.2.0
+ remote-ip 192.0.2.100
+ }
+ tunnel tun200 {
+ address 172.16.0.5/30
+ encapsulation gre
+ local-ip 192.0.2.1
+ remote-ip 192.0.2.101
+ }
+ tunnel tun300 {
+ address 172.16.0.9/30
+ encapsulation ipip
+ local-ip 192.0.2.2
+ remote-ip 192.0.2.102
+ }
+ tunnel tun400 {
+ address 172.16.0.13/30
+ encapsulation gre-bridge
+ local-ip 192.0.2.3
+ remote-ip 192.0.2.103
+ }
+ tunnel tun500 {
+ address 172.16.0.17/30
+ encapsulation gre
+ local-ip 192.0.2.4
+ remote-ip 192.0.2.104
+ }
+}
+protocols {
+ static {
+ route 0.0.0.0/0 {
+ next-hop 172.18.202.1 {
+ distance 10
+ }
+ }
+ }
+}
+system {
+ config-management {
+ commit-revisions 100
+ }
+ console {
+ device ttyS0 {
+ speed 115200
+ }
+ }
+ host-name vyos
+ login {
+ user vyos {
+ authentication {
+ encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+ plaintext-password ""
+ }
+ }
+ }
+ ntp {
+ server 0.pool.ntp.org {
+ }
+ server 1.pool.ntp.org {
+ }
+ server 2.pool.ntp.org {
+ }
+ }
+ syslog {
+ global {
+ facility all {
+ level info
+ }
+ facility protocols {
+ level debug
+ }
+ }
+ }
+}
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@2:dhcp-server@5:dns-forwarding@1:firewall@5:ipsec@5:l2tp@1:mdns@1:nat@4:ntp@1:pptp@1:qos@1:quagga@6:snmp@1:ssh@1:system@10:vrrp@2:wanloadbalance@3:webgui@1:webproxy@1:webproxy@2:zone-policy@1" === */
+/* Release version: 1.2.6-S1 */
diff --git a/smoketest/scripts/cli/test_interfaces_erspan.py b/smoketest/scripts/cli/test_interfaces_erspan.py
index c180f0a34..d0814f2fb 100755
--- a/smoketest/scripts/cli/test_interfaces_erspan.py
+++ b/smoketest/scripts/cli/test_interfaces_erspan.py
@@ -27,51 +27,6 @@ mtu = 1500
def erspan_conf(interface):
tmp = cmd(f'ip -d -j link show {interface}')
- '''
- [
- {
- "ifindex": 17,
- "link": null,
- "ifname": "ersp0",
- "flags": [
- "BROADCAST",
- "MULTICAST"
- ],
- "mtu": 1450,
- "qdisc": "noop",
- "operstate": "DOWN",
- "linkmode": "DEFAULT",
- "group": "default",
- "txqlen": 1000,
- "link_type": "ether",
- "address": "22:27:14:7b:0d:79",
- "broadcast": "ff:ff:ff:ff:ff:ff",
- "promiscuity": 0,
- "min_mtu": 68,
- "max_mtu": 0,
- "linkinfo": {
- "info_kind": "erspan",
- "info_data": {
- "remote": "10.2.2.2",
- "local": "10.1.1.1",
- "ttl": 0,
- "pmtudisc": true,
- "ikey": "0.0.0.123",
- "okey": "0.0.0.123",
- "iseq": true,
- "oseq": true,
- "erspan_index": 0,
- "erspan_ver": 1
- }
- },
- "inet6_addr_gen_mode": "eui64",
- "num_tx_queues": 1,
- "num_rx_queues": 1,
- "gso_max_size": 65536,
- "gso_max_segs": 65535
- }
- ]
- '''
return json.loads(tmp)[0]
class ERSPanTunnelInterfaceTest(BasicInterfaceTest.BaseTest):
@@ -96,8 +51,8 @@ class ERSPanTunnelInterfaceTest(BasicInterfaceTest.BaseTest):
key = 123
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
- self.session.set(self._base_path + [interface, 'remote-ip', self.remote_v4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
+ self.session.set(self._base_path + [interface, 'remote', self.remote_v4])
self.session.set(self._base_path + [interface, 'parameters', 'ip' , 'key', str(key)])
self.session.commit()
@@ -107,8 +62,8 @@ class ERSPanTunnelInterfaceTest(BasicInterfaceTest.BaseTest):
self.assertEqual(encapsulation, conf['linkinfo']['info_kind'])
self.assertEqual(mtu, conf['mtu'])
- self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local'])
- self.assertEqual(self.remote_v4, conf['linkinfo']['info_data']['remote'])
+ self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local'])
+ self.assertEqual(self.remote_v4, conf['linkinfo']['info_data']['remote'])
def test_erspan_ipv6(self):
@@ -117,8 +72,8 @@ class ERSPanTunnelInterfaceTest(BasicInterfaceTest.BaseTest):
key = 123
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v6])
- self.session.set(self._base_path + [interface, 'remote-ip', self.remote_v6])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v6])
+ self.session.set(self._base_path + [interface, 'remote', self.remote_v6])
self.session.set(self._base_path + [interface, 'parameters', 'ip' , 'key', str(key)])
self.session.commit()
@@ -128,8 +83,8 @@ class ERSPanTunnelInterfaceTest(BasicInterfaceTest.BaseTest):
self.assertEqual(encapsulation, conf['linkinfo']['info_kind'])
self.assertEqual(mtu, conf['mtu'])
- self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local'])
- self.assertEqual(self.remote_v6, conf['linkinfo']['info_data']['remote'])
+ self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local'])
+ self.assertEqual(self.remote_v6, conf['linkinfo']['info_data']['remote'])
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py
index 3a3e7bff3..d6bef993a 100755
--- a/smoketest/scripts/cli/test_interfaces_macsec.py
+++ b/smoketest/scripts/cli/test_interfaces_macsec.py
@@ -14,6 +14,7 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import os
import re
import unittest
@@ -22,6 +23,7 @@ from netifaces import interfaces
from vyos.configsession import ConfigSessionError
from vyos.ifconfig import Section
+from vyos.util import cmd
from vyos.util import read_file
from vyos.util import process_named_running
@@ -30,6 +32,16 @@ def get_config_value(interface, key):
tmp = re.findall(r'\n?{}=(.*)'.format(key), tmp)
return tmp[0]
+def get_cipher(interface):
+ """ Returns the used encapsulation protocol for given interface.
+ If interface does not exist, None is returned.
+ """
+ if not os.path.exists(f'/sys/class/net/{interface}'):
+ return None
+ from json import loads
+ tmp = loads(cmd(f'ip -d -j link show {interface}'))[0]
+ return tmp['linkinfo']['info_data']['cipher_suite'].lower()
+
class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
@classmethod
def setUpClass(cls):
@@ -107,8 +119,30 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
# Check for running process
self.assertTrue(process_named_running('wpa_supplicant'))
- def test_macsec_mandatory_options(self):
+ def test_macsec_gcm_aes_128(self):
interface = 'macsec1'
+ cipher = 'gcm-aes-128'
+ self.session.set(self._base_path + [interface])
+
+ # check validate() - source interface is mandatory
+ with self.assertRaises(ConfigSessionError):
+ self.session.commit()
+ self.session.set(self._base_path + [interface, 'source-interface', 'eth0'])
+
+ # check validate() - cipher is mandatory
+ with self.assertRaises(ConfigSessionError):
+ self.session.commit()
+ self.session.set(self._base_path + [interface, 'security', 'cipher', cipher])
+
+ # final commit and verify
+ self.session.commit()
+ self.assertIn(interface, interfaces())
+ self.assertIn(interface, interfaces())
+ self.assertEqual(cipher, get_cipher(interface))
+
+ def test_macsec_gcm_aes_256(self):
+ interface = 'macsec4'
+ cipher = 'gcm-aes-256'
self.session.set(self._base_path + [interface])
# check validate() - source interface is mandatory
@@ -119,11 +153,12 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
# check validate() - cipher is mandatory
with self.assertRaises(ConfigSessionError):
self.session.commit()
- self.session.set(self._base_path + [interface, 'security', 'cipher', 'gcm-aes-128'])
+ self.session.set(self._base_path + [interface, 'security', 'cipher', cipher])
# final commit and verify
self.session.commit()
self.assertIn(interface, interfaces())
+ self.assertEqual(cipher, get_cipher(interface))
def test_macsec_source_interface(self):
# Ensure source-interface can bot be part of any other bond or bridge
diff --git a/smoketest/scripts/cli/test_interfaces_tunnel.py b/smoketest/scripts/cli/test_interfaces_tunnel.py
index a9250e3e5..cc8fbd527 100755
--- a/smoketest/scripts/cli/test_interfaces_tunnel.py
+++ b/smoketest/scripts/cli/test_interfaces_tunnel.py
@@ -20,6 +20,7 @@ import json
from vyos.configsession import ConfigSession
from vyos.configsession import ConfigSessionError
from vyos.util import cmd
+from vyos.template import inc_ip
from base_interfaces_test import BasicInterfaceTest
@@ -70,8 +71,8 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
cls.local_v4 = '192.0.2.1'
cls.local_v6 = '2001:db8::1'
cls._options = {
- 'tun10': ['encapsulation ipip', 'remote-ip 192.0.2.10', 'local-ip ' + cls.local_v4],
- 'tun20': ['encapsulation gre', 'remote-ip 192.0.2.20', 'local-ip ' + cls.local_v4],
+ 'tun10': ['encapsulation ipip', 'remote 192.0.2.10', 'source-address ' + cls.local_v4],
+ 'tun20': ['encapsulation gre', 'remote 192.0.2.20', 'source-address ' + cls.local_v4],
}
cls._interfaces = list(cls._options)
@@ -90,25 +91,25 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
interface = f'tun1000'
local_if_addr = f'10.10.200.1/24'
- for encapsulation in ['ipip', 'sit', 'gre', 'gre-bridge']:
+ for encapsulation in ['ipip', 'sit', 'gre', 'gretap']:
self.session.set(self._base_path + [interface, 'address', local_if_addr])
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v6])
- self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v6])
+ self.session.set(self._base_path + [interface, 'remote', remote_ip6])
- # Encapsulation mode requires IPv4 local-ip
+ # Encapsulation mode requires IPv4 source-address
with self.assertRaises(ConfigSessionError):
self.session.commit()
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
- # Encapsulation mode requires IPv4 local-ip
+ # Encapsulation mode requires IPv4 remote
with self.assertRaises(ConfigSessionError):
self.session.commit()
- self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
+ self.session.set(self._base_path + [interface, 'remote', remote_ip4])
self.session.set(self._base_path + [interface, 'source-interface', source_if])
- # Source interface can not be used with sit and gre-bridge
- if encapsulation in ['sit', 'gre-bridge']:
+ # Source interface can not be used with sit and gretap
+ if encapsulation in ['sit', 'gretap']:
with self.assertRaises(ConfigSessionError):
self.session.commit()
self.session.delete(self._base_path + [interface, 'source-interface'])
@@ -117,17 +118,14 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
self.session.commit()
conf = tunnel_conf(interface)
- self.assertEqual(interface, conf['ifname'])
- self.assertEqual(mtu, conf['mtu'])
-
- if encapsulation not in ['sit', 'gre-bridge']:
+ if encapsulation not in ['sit', 'gretap']:
self.assertEqual(source_if, conf['link'])
- self.assertEqual(encapsulation, conf['link_type'])
- elif encapsulation in ['gre-bridge']:
- self.assertEqual('ether', conf['link_type'])
+ self.assertEqual(interface, conf['ifname'])
+ self.assertEqual(mtu, conf['mtu'])
+ self.assertEqual(encapsulation, conf['linkinfo']['info_kind'])
self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local'])
- self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote'])
+ self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote'])
self.assertTrue(conf['linkinfo']['info_data']['pmtudisc'])
# cleanup this instance
@@ -143,18 +141,18 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
for encapsulation in ['ipip6', 'ip6ip6', 'ip6gre']:
self.session.set(self._base_path + [interface, 'address', local_if_addr])
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
- self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
+ self.session.set(self._base_path + [interface, 'remote', remote_ip4])
- # Encapsulation mode requires IPv6 local-ip
+ # Encapsulation mode requires IPv6 source-address
with self.assertRaises(ConfigSessionError):
self.session.commit()
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v6])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v6])
- # Encapsulation mode requires IPv6 local-ip
+ # Encapsulation mode requires IPv6 remote
with self.assertRaises(ConfigSessionError):
self.session.commit()
- self.session.set(self._base_path + [interface, 'remote-ip', remote_ip6])
+ self.session.set(self._base_path + [interface, 'remote', remote_ip6])
# Configure Tunnel Source interface
self.session.set(self._base_path + [interface, 'source-interface', source_if])
@@ -167,14 +165,15 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
self.assertEqual(mtu, conf['mtu'])
self.assertEqual(source_if, conf['link'])
- # remap encapsulation protocol(s)
- if encapsulation in ['ipip6', 'ip6ip6']:
- encapsulation = 'tunnel6'
- elif encapsulation in ['ip6gre']:
- encapsulation = 'gre6'
+ # Not applicable for ip6gre
+ if 'proto' in conf['linkinfo']['info_data']:
+ self.assertEqual(encapsulation, conf['linkinfo']['info_data']['proto'])
- self.assertEqual(encapsulation, conf['link_type'])
+ # remap encapsulation protocol(s) only for ipip6, ip6ip6
+ if encapsulation in ['ipip6', 'ip6ip6']:
+ encapsulation = 'ip6tnl'
+ self.assertEqual(encapsulation, conf['linkinfo']['info_kind'])
self.assertEqual(self.local_v6, conf['linkinfo']['info_data']['local'])
self.assertEqual(remote_ip6, conf['linkinfo']['info_data']['remote'])
@@ -183,18 +182,18 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
self.session.commit()
def test_tunnel_verify_local_dhcp(self):
- # We can not use local-ip and dhcp-interface at the same time
+ # We can not use source-address and dhcp-interface at the same time
interface = f'tun1020'
local_if_addr = f'10.0.0.1/24'
self.session.set(self._base_path + [interface, 'address', local_if_addr])
self.session.set(self._base_path + [interface, 'encapsulation', 'gre'])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
- self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
+ self.session.set(self._base_path + [interface, 'remote', remote_ip4])
self.session.set(self._base_path + [interface, 'dhcp-interface', 'eth0'])
- # local-ip and dhcp-interface can not be used at the same time
+ # source-address and dhcp-interface can not be used at the same time
with self.assertRaises(ConfigSessionError):
self.session.commit()
self.session.delete(self._base_path + [interface, 'dhcp-interface'])
@@ -209,8 +208,8 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
tos = '20'
self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
- self.session.set(self._base_path + [interface, 'local-ip', self.local_v4])
- self.session.set(self._base_path + [interface, 'remote-ip', remote_ip4])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
+ self.session.set(self._base_path + [interface, 'remote', remote_ip4])
self.session.set(self._base_path + [interface, 'parameters', 'ip', 'no-pmtu-discovery'])
self.session.set(self._base_path + [interface, 'parameters', 'ip', 'key', gre_key])
@@ -222,11 +221,41 @@ class TunnelInterfaceTest(BasicInterfaceTest.BaseTest):
conf = tunnel_conf(interface)
self.assertEqual(mtu, conf['mtu'])
self.assertEqual(interface, conf['ifname'])
- self.assertEqual(encapsulation, conf['link_type'])
+ self.assertEqual(encapsulation, conf['linkinfo']['info_kind'])
self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local'])
self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote'])
self.assertEqual(0, conf['linkinfo']['info_data']['ttl'])
self.assertFalse( conf['linkinfo']['info_data']['pmtudisc'])
+ def test_gretap_parameters_change(self):
+ interface = f'tun1040'
+ gre_key = '10'
+ encapsulation = 'gretap'
+ tos = '20'
+
+ self.session.set(self._base_path + [interface, 'encapsulation', encapsulation])
+ self.session.set(self._base_path + [interface, 'source-address', self.local_v4])
+ self.session.set(self._base_path + [interface, 'remote', remote_ip4])
+
+ # Check if commit is ok
+ self.session.commit()
+
+ conf = tunnel_conf(interface)
+ self.assertEqual(mtu, conf['mtu'])
+ self.assertEqual(interface, conf['ifname'])
+ self.assertEqual(encapsulation, conf['linkinfo']['info_kind'])
+ self.assertEqual(self.local_v4, conf['linkinfo']['info_data']['local'])
+ self.assertEqual(remote_ip4, conf['linkinfo']['info_data']['remote'])
+ self.assertEqual(0, conf['linkinfo']['info_data']['ttl'])
+
+ # Change remote ip address (inc host by 2
+ new_remote = inc_ip(remote_ip4, 2)
+ self.session.set(self._base_path + [interface, 'remote', new_remote])
+ # Check if commit is ok
+ self.session.commit()
+
+ conf = tunnel_conf(interface)
+ self.assertEqual(new_remote, conf['linkinfo']['info_data']['remote'])
+
if __name__ == '__main__':
- unittest.main(verbosity=2)
+ unittest.main(verbosity=2, failfast=True)