diff options
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_pppoe.py | 14 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_wirelessmodem.py | 83 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_policy.py | 27 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_protocols_bgp.py | 7 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_vpn_ipsec.py | 146 |
5 files changed, 177 insertions, 100 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py index b8682fe71..3412ebae0 100755 --- a/smoketest/scripts/cli/test_interfaces_pppoe.py +++ b/smoketest/scripts/cli/test_interfaces_pppoe.py @@ -179,5 +179,19 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase): tmp = re.findall(f'systemctl restart dhcp6c@{interface}.service', tmp) self.assertTrue(tmp) + def test_pppoe_authentication(self): + # When username or password is set - so must be the other + interface = 'pppoe0' + self.cli_set(base_path + [interface, 'authentication', 'user', 'vyos']) + self.cli_set(base_path + [interface, 'source-interface', self._source_interface]) + self.cli_set(base_path + [interface, 'ipv6', 'address', 'autoconf']) + + # check validate() - if user is set, so must be the password + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set(base_path + [interface, 'authentication', 'password', 'vyos']) + self.cli_commit() + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_interfaces_wirelessmodem.py b/smoketest/scripts/cli/test_interfaces_wirelessmodem.py deleted file mode 100755 index c36835ea7..000000000 --- a/smoketest/scripts/cli/test_interfaces_wirelessmodem.py +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2020-2021 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -import os -import unittest - -from psutil import process_iter -from base_vyostest_shim import VyOSUnitTestSHIM - -from vyos.configsession import ConfigSession -from vyos.configsession import ConfigSessionError - -config_file = '/etc/ppp/peers/{}' -base_path = ['interfaces', 'wirelessmodem'] - -def get_config_value(interface, key): - with open(config_file.format(interface), 'r') as f: - for line in f: - if line.startswith(key): - return list(line.split()) - return [] - -class WWANInterfaceTest(VyOSUnitTestSHIM.TestCase): - def setUp(self): - self._interfaces = ['wlm0', 'wlm1'] - - def tearDown(self): - self.cli_delete(base_path) - self.cli_commit() - - def test_wwan(self): - for interface in self._interfaces: - self.cli_set(base_path + [interface, 'no-peer-dns']) - self.cli_set(base_path + [interface, 'connect-on-demand']) - - # check validate() - APN must be configure - with self.assertRaises(ConfigSessionError): - self.cli_commit() - self.cli_set(base_path + [interface, 'apn', 'vyos.net']) - - # check validate() - device must be configure - with self.assertRaises(ConfigSessionError): - self.cli_commit() - self.cli_set(base_path + [interface, 'device', 'ttyS0']) - - # commit changes - self.cli_commit() - - # verify configuration file(s) - for interface in self._interfaces: - tmp = get_config_value(interface, 'ifname')[1] - self.assertTrue(interface in tmp) - - tmp = get_config_value(interface, 'demand')[0] - self.assertTrue('demand' in tmp) - - tmp = os.path.isfile(f'/etc/ppp/peers/chat.{interface}') - self.assertTrue(tmp) - - # Check if ppp process is running in the interface in question - running = False - for p in process_iter(): - if "pppd" in p.name(): - if interface in p.cmdline(): - running = True - - self.assertTrue(running) - -if __name__ == '__main__': - unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py index 59425b789..2d7b78048 100755 --- a/smoketest/scripts/cli/test_policy.py +++ b/smoketest/scripts/cli/test_policy.py @@ -773,6 +773,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): 'as-path-prepend' : '1234567890 987654321', 'atomic-aggregate' : '', 'distance' : '110', + 'extcommunity-bw' : '20000', + 'extcommunity-rt' : '123:456', + 'extcommunity-soo' : '456:789', 'ipv6-next-hop-global': '2001::1', 'ipv6-next-hop-local' : 'fe80::1', 'ip-next-hop' : '192.168.1.1', @@ -789,6 +792,18 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): }, }, }, + 'bandwidth-configuration' : { + 'rule' : { + '10' : { + 'action' : 'deny', + 'set' : { + 'as-path-prepend' : '100 100', + 'distance' : '200', + 'extcommunity-bw' : 'num-multipaths', + }, + }, + }, + }, } self.cli_set(['policy', 'access-list', access_list, 'rule', '10', 'action', 'permit']) @@ -896,6 +911,12 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): self.cli_set(path + ['rule', rule, 'set', 'atomic-aggregate']) if 'distance' in rule_config['set']: self.cli_set(path + ['rule', rule, 'set', 'distance', rule_config['set']['distance']]) + if 'extcommunity-bw' in rule_config['set']: + self.cli_set(path + ['rule', rule, 'set', 'extcommunity', 'bandwidth', rule_config['set']['extcommunity-bw']]) + if 'extcommunity-rt' in rule_config['set']: + self.cli_set(path + ['rule', rule, 'set', 'extcommunity', 'rt', rule_config['set']['extcommunity-rt']]) + if 'extcommunity-soo' in rule_config['set']: + self.cli_set(path + ['rule', rule, 'set', 'extcommunity', 'soo', rule_config['set']['extcommunity-soo']]) if 'ipv6-next-hop-global' in rule_config['set']: self.cli_set(path + ['rule', rule, 'set', 'ipv6-next-hop', 'global', rule_config['set']['ipv6-next-hop-global']]) if 'ipv6-next-hop-local' in rule_config['set']: @@ -1035,6 +1056,12 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): tmp += 'atomic-aggregate' elif 'distance' in rule_config['set']: tmp += 'distance ' + rule_config['set']['distance'] + elif 'extcommunity-bw' in rule_config['set']: + tmp += 'extcommunity bandwidth' + rule_config['set']['extcommunity-bw'] + elif 'extcommunity-rt' in rule_config['set']: + tmp += 'extcommunity rt' + rule_config['set']['extcommunity-rt'] + elif 'extcommunity-soo' in rule_config['set']: + tmp += 'extcommunity rt' + rule_config['set']['extcommunity-soo'] elif 'ip-next-hop' in rule_config['set']: tmp += 'ip next-hop ' + rule_config['set']['ip-next-hop'] elif 'ipv6-next-hop-global' in rule_config['set']: diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index 10adc06e1..c51d83875 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -224,6 +224,10 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ['parameters', 'graceful-shutdown']) self.cli_set(base_path + ['parameters', 'ebgp-requires-policy']) + self.cli_set(base_path + ['parameters', 'bestpath', 'as-path', 'multipath-relax']) + self.cli_set(base_path + ['parameters', 'bestpath', 'bandwidth', 'default-weight-for-missing']) + self.cli_set(base_path + ['parameters', 'bestpath', 'compare-routerid']) + # AFI maximum path support self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ebgp', max_path_v4]) self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ibgp', max_path_v4ibgp]) @@ -242,6 +246,9 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.assertIn(f' no bgp default ipv4-unicast', frrconfig) self.assertIn(f' bgp graceful-restart stalepath-time {stalepath_time}', frrconfig) self.assertIn(f' bgp graceful-shutdown', frrconfig) + self.assertIn(f' bgp bestpath as-path multipath-relax', frrconfig) + self.assertIn(f' bgp bestpath bandwidth default-weight-for-missing', frrconfig) + self.assertIn(f' bgp bestpath compare-routerid', frrconfig) self.assertNotIn(f'bgp ebgp-requires-policy', frrconfig) afiv4_config = self.getFRRconfig(' address-family ipv4 unicast') diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py index 4a3340ffb..b27ed3ca5 100755 --- a/smoketest/scripts/cli/test_vpn_ipsec.py +++ b/smoketest/scripts/cli/test_vpn_ipsec.py @@ -14,23 +14,63 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +import os import unittest from base_vyostest_shim import VyOSUnitTestSHIM from vyos.util import call, process_named_running, read_file +ethernet_path = ['interfaces', 'ethernet'] tunnel_path = ['interfaces', 'tunnel'] +vti_path = ['interfaces', 'vti'] nhrp_path = ['protocols', 'nhrp'] base_path = ['vpn', 'ipsec'] +dhcp_waiting_file = '/tmp/ipsec_dhcp_waiting' +swanctl_file = '/etc/swanctl/swanctl.conf' + class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): def tearDown(self): self.cli_delete(base_path) self.cli_delete(nhrp_path) self.cli_delete(tunnel_path) + self.cli_delete(vti_path) + self.cli_delete(ethernet_path) + self.cli_commit() + + def test_dhcp_fail_handling(self): + self.cli_delete(ethernet_path) + self.cli_delete(base_path) + + # Interface for dhcp-interface + self.cli_set(ethernet_path + ['eth0', 'vif', '100', 'address', 'dhcp']) # Use VLAN to avoid getting IP from qemu dhcp server + + # Set IKE/ESP Groups + self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "encryption", "aes128"]) + self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "hash", "sha1"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "dh-group", "2"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "encryption", "aes128"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "hash", "sha1"]) + + # Site to site + self.cli_set(base_path + ["ipsec-interfaces", "interface", "eth0.100"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "mode", "pre-shared-secret"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "pre-shared-secret", "MYSECRETKEY"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "ike-group", "MyIKEGroup"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "default-esp-group", "MyESPGroup"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "dhcp-interface", "eth0.100"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "protocol", "gre"]) + self.cli_commit() + self.assertTrue(os.path.exists(dhcp_waiting_file)) + + dhcp_waiting = read_file(dhcp_waiting_file) + self.assertIn('eth0.100', dhcp_waiting) # Ensure dhcp-failed interface was added for dhclient hook + + self.assertTrue(process_named_running('charon')) # Commit should've still succeeded and launched charon + def test_site_to_site(self): self.cli_delete(base_path) @@ -40,6 +80,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "dh-group", "2"]) self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "encryption", "aes128"]) self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "hash", "sha1"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "key-exchange", "ikev2"]) # Site to site self.cli_set(base_path + ["ipsec-interfaces", "interface", "eth0"]) @@ -48,33 +89,104 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase): self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "ike-group", "MyIKEGroup"]) self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "default-esp-group", "MyESPGroup"]) self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "local-address", "192.0.2.10"]) - self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "protocol", "gre"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "protocol", "tcp"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "prefix", "172.16.10.0/24"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "prefix", "172.16.11.0/24"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "port", "443"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "prefix", "172.17.10.0/24"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "prefix", "172.17.11.0/24"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "port", "443"]) self.cli_commit() - ipsec_conf_lines = [ - 'authby = secret', - 'ike = aes128-sha1-modp1024!', - 'esp = aes128-sha1-modp1024!', - 'left = 192.0.2.10', - 'right = 203.0.113.45', - 'type = tunnel' + swanctl_conf_lines = [ + 'version = 2', + 'auth = psk', + 'proposals = aes128-sha1-modp1024', + 'esp_proposals = aes128-sha1-modp1024', + 'local_addrs = 192.0.2.10 # dhcp:no', + 'remote_addrs = 203.0.113.45', + 'mode = tunnel', + 'local_ts = 172.16.10.0/24[tcp/443],172.16.11.0/24[tcp/443]', + 'remote_ts = 172.17.10.0/24[tcp/443],172.17.11.0/24[tcp/443]' + ] + + swanctl_secrets_lines = [ + 'id-local = 192.0.2.10 # dhcp:no', + 'id-remote = 203.0.113.45', + 'secret = "MYSECRETKEY"' ] - ipsec_secrets_lines = [ - '192.0.2.10 203.0.113.45 : PSK "MYSECRETKEY" # dhcp:no' + tmp_swanctl_conf = read_file(swanctl_file) + + for line in swanctl_conf_lines: + self.assertIn(line, tmp_swanctl_conf) + + for line in swanctl_secrets_lines: + self.assertIn(line, tmp_swanctl_conf) + + # Check for running process + self.assertTrue(process_named_running('charon')) + + def test_site_to_site_vti(self): + self.cli_delete(base_path) + self.cli_delete(vti_path) + + # VTI interface + self.cli_set(vti_path + ["vti10", "address", "10.1.1.1/24"]) + + # IKE/ESP Groups + self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "encryption", "aes128"]) + self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "hash", "sha1"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "dh-group", "2"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "encryption", "aes128"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "hash", "sha1"]) + self.cli_set(base_path + ["ike-group", "MyIKEGroup", "key-exchange", "ikev2"]) + + # Site to site + self.cli_set(base_path + ["ipsec-interfaces", "interface", "eth0"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "mode", "pre-shared-secret"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "pre-shared-secret", "MYSECRETKEY"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "ike-group", "MyIKEGroup"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "default-esp-group", "MyESPGroup"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "local-address", "192.0.2.10"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "prefix", "172.16.10.0/24"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "prefix", "172.16.11.0/24"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "prefix", "172.17.10.0/24"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "prefix", "172.17.11.0/24"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "vti", "bind", "vti10"]) + self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "vti", "esp-group", "MyESPGroup"]) + + self.cli_commit() + + swanctl_conf_lines = [ + 'version = 2', + 'auth = psk', + 'proposals = aes128-sha1-modp1024', + 'esp_proposals = aes128-sha1-modp1024', + 'local_addrs = 192.0.2.10 # dhcp:no', + 'remote_addrs = 203.0.113.45', + 'mode = tunnel', + 'local_ts = 172.16.10.0/24,172.16.11.0/24', + 'remote_ts = 172.17.10.0/24,172.17.11.0/24', + 'mark_in = 9437194', # 0x900000 + (vti)10 + 'mark_out = 9437194', + 'updown = "/etc/ipsec.d/vti-up-down vti10 no"' ] - tmp_ipsec_conf = read_file('/etc/ipsec.conf') + swanctl_secrets_lines = [ + 'id-local = 192.0.2.10 # dhcp:no', + 'id-remote = 203.0.113.45', + 'secret = "MYSECRETKEY"' + ] - for line in ipsec_conf_lines: - self.assertIn(line, tmp_ipsec_conf) + tmp_swanctl_conf = read_file(swanctl_file) - call('sudo chmod 644 /etc/ipsec.secrets') # Needs to be readable - tmp_ipsec_secrets = read_file('/etc/ipsec.secrets') + for line in swanctl_conf_lines: + self.assertIn(line, tmp_swanctl_conf) - for line in ipsec_secrets_lines: - self.assertIn(line, tmp_ipsec_secrets) + for line in swanctl_secrets_lines: + self.assertIn(line, tmp_swanctl_conf) # Check for running process self.assertTrue(process_named_running('charon')) |