summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest')
-rw-r--r--smoketest/configs/bgp-rpki7
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_pppoe.py14
-rwxr-xr-xsmoketest/scripts/cli/test_interfaces_wirelessmodem.py83
-rwxr-xr-xsmoketest/scripts/cli/test_policy.py27
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_bgp.py7
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_ipsec.py146
-rwxr-xr-xsmoketest/scripts/cli/test_vrf.py18
7 files changed, 202 insertions, 100 deletions
diff --git a/smoketest/configs/bgp-rpki b/smoketest/configs/bgp-rpki
index e11ec9e72..dffab4c69 100644
--- a/smoketest/configs/bgp-rpki
+++ b/smoketest/configs/bgp-rpki
@@ -34,6 +34,13 @@ policy {
local-preference 100
}
}
+ rule 40 {
+ action permit
+ set {
+ extcommunity-rt 192.0.2.100:100
+ extcommunity-soo 64500:100
+ }
+ }
}
}
protocols {
diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py
index b8682fe71..3412ebae0 100755
--- a/smoketest/scripts/cli/test_interfaces_pppoe.py
+++ b/smoketest/scripts/cli/test_interfaces_pppoe.py
@@ -179,5 +179,19 @@ class PPPoEInterfaceTest(VyOSUnitTestSHIM.TestCase):
tmp = re.findall(f'systemctl restart dhcp6c@{interface}.service', tmp)
self.assertTrue(tmp)
+ def test_pppoe_authentication(self):
+ # When username or password is set - so must be the other
+ interface = 'pppoe0'
+ self.cli_set(base_path + [interface, 'authentication', 'user', 'vyos'])
+ self.cli_set(base_path + [interface, 'source-interface', self._source_interface])
+ self.cli_set(base_path + [interface, 'ipv6', 'address', 'autoconf'])
+
+ # check validate() - if user is set, so must be the password
+ with self.assertRaises(ConfigSessionError):
+ self.cli_commit()
+
+ self.cli_set(base_path + [interface, 'authentication', 'password', 'vyos'])
+ self.cli_commit()
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_interfaces_wirelessmodem.py b/smoketest/scripts/cli/test_interfaces_wirelessmodem.py
deleted file mode 100755
index c36835ea7..000000000
--- a/smoketest/scripts/cli/test_interfaces_wirelessmodem.py
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2020-2021 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-import os
-import unittest
-
-from psutil import process_iter
-from base_vyostest_shim import VyOSUnitTestSHIM
-
-from vyos.configsession import ConfigSession
-from vyos.configsession import ConfigSessionError
-
-config_file = '/etc/ppp/peers/{}'
-base_path = ['interfaces', 'wirelessmodem']
-
-def get_config_value(interface, key):
- with open(config_file.format(interface), 'r') as f:
- for line in f:
- if line.startswith(key):
- return list(line.split())
- return []
-
-class WWANInterfaceTest(VyOSUnitTestSHIM.TestCase):
- def setUp(self):
- self._interfaces = ['wlm0', 'wlm1']
-
- def tearDown(self):
- self.cli_delete(base_path)
- self.cli_commit()
-
- def test_wwan(self):
- for interface in self._interfaces:
- self.cli_set(base_path + [interface, 'no-peer-dns'])
- self.cli_set(base_path + [interface, 'connect-on-demand'])
-
- # check validate() - APN must be configure
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
- self.cli_set(base_path + [interface, 'apn', 'vyos.net'])
-
- # check validate() - device must be configure
- with self.assertRaises(ConfigSessionError):
- self.cli_commit()
- self.cli_set(base_path + [interface, 'device', 'ttyS0'])
-
- # commit changes
- self.cli_commit()
-
- # verify configuration file(s)
- for interface in self._interfaces:
- tmp = get_config_value(interface, 'ifname')[1]
- self.assertTrue(interface in tmp)
-
- tmp = get_config_value(interface, 'demand')[0]
- self.assertTrue('demand' in tmp)
-
- tmp = os.path.isfile(f'/etc/ppp/peers/chat.{interface}')
- self.assertTrue(tmp)
-
- # Check if ppp process is running in the interface in question
- running = False
- for p in process_iter():
- if "pppd" in p.name():
- if interface in p.cmdline():
- running = True
-
- self.assertTrue(running)
-
-if __name__ == '__main__':
- unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py
index 59425b789..2d7b78048 100755
--- a/smoketest/scripts/cli/test_policy.py
+++ b/smoketest/scripts/cli/test_policy.py
@@ -773,6 +773,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
'as-path-prepend' : '1234567890 987654321',
'atomic-aggregate' : '',
'distance' : '110',
+ 'extcommunity-bw' : '20000',
+ 'extcommunity-rt' : '123:456',
+ 'extcommunity-soo' : '456:789',
'ipv6-next-hop-global': '2001::1',
'ipv6-next-hop-local' : 'fe80::1',
'ip-next-hop' : '192.168.1.1',
@@ -789,6 +792,18 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
},
},
},
+ 'bandwidth-configuration' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'deny',
+ 'set' : {
+ 'as-path-prepend' : '100 100',
+ 'distance' : '200',
+ 'extcommunity-bw' : 'num-multipaths',
+ },
+ },
+ },
+ },
}
self.cli_set(['policy', 'access-list', access_list, 'rule', '10', 'action', 'permit'])
@@ -896,6 +911,12 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
self.cli_set(path + ['rule', rule, 'set', 'atomic-aggregate'])
if 'distance' in rule_config['set']:
self.cli_set(path + ['rule', rule, 'set', 'distance', rule_config['set']['distance']])
+ if 'extcommunity-bw' in rule_config['set']:
+ self.cli_set(path + ['rule', rule, 'set', 'extcommunity', 'bandwidth', rule_config['set']['extcommunity-bw']])
+ if 'extcommunity-rt' in rule_config['set']:
+ self.cli_set(path + ['rule', rule, 'set', 'extcommunity', 'rt', rule_config['set']['extcommunity-rt']])
+ if 'extcommunity-soo' in rule_config['set']:
+ self.cli_set(path + ['rule', rule, 'set', 'extcommunity', 'soo', rule_config['set']['extcommunity-soo']])
if 'ipv6-next-hop-global' in rule_config['set']:
self.cli_set(path + ['rule', rule, 'set', 'ipv6-next-hop', 'global', rule_config['set']['ipv6-next-hop-global']])
if 'ipv6-next-hop-local' in rule_config['set']:
@@ -1035,6 +1056,12 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
tmp += 'atomic-aggregate'
elif 'distance' in rule_config['set']:
tmp += 'distance ' + rule_config['set']['distance']
+ elif 'extcommunity-bw' in rule_config['set']:
+ tmp += 'extcommunity bandwidth' + rule_config['set']['extcommunity-bw']
+ elif 'extcommunity-rt' in rule_config['set']:
+ tmp += 'extcommunity rt' + rule_config['set']['extcommunity-rt']
+ elif 'extcommunity-soo' in rule_config['set']:
+ tmp += 'extcommunity rt' + rule_config['set']['extcommunity-soo']
elif 'ip-next-hop' in rule_config['set']:
tmp += 'ip next-hop ' + rule_config['set']['ip-next-hop']
elif 'ipv6-next-hop-global' in rule_config['set']:
diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py
index 10adc06e1..c51d83875 100755
--- a/smoketest/scripts/cli/test_protocols_bgp.py
+++ b/smoketest/scripts/cli/test_protocols_bgp.py
@@ -224,6 +224,10 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['parameters', 'graceful-shutdown'])
self.cli_set(base_path + ['parameters', 'ebgp-requires-policy'])
+ self.cli_set(base_path + ['parameters', 'bestpath', 'as-path', 'multipath-relax'])
+ self.cli_set(base_path + ['parameters', 'bestpath', 'bandwidth', 'default-weight-for-missing'])
+ self.cli_set(base_path + ['parameters', 'bestpath', 'compare-routerid'])
+
# AFI maximum path support
self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ebgp', max_path_v4])
self.cli_set(base_path + ['address-family', 'ipv4-unicast', 'maximum-paths', 'ibgp', max_path_v4ibgp])
@@ -242,6 +246,9 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):
self.assertIn(f' no bgp default ipv4-unicast', frrconfig)
self.assertIn(f' bgp graceful-restart stalepath-time {stalepath_time}', frrconfig)
self.assertIn(f' bgp graceful-shutdown', frrconfig)
+ self.assertIn(f' bgp bestpath as-path multipath-relax', frrconfig)
+ self.assertIn(f' bgp bestpath bandwidth default-weight-for-missing', frrconfig)
+ self.assertIn(f' bgp bestpath compare-routerid', frrconfig)
self.assertNotIn(f'bgp ebgp-requires-policy', frrconfig)
afiv4_config = self.getFRRconfig(' address-family ipv4 unicast')
diff --git a/smoketest/scripts/cli/test_vpn_ipsec.py b/smoketest/scripts/cli/test_vpn_ipsec.py
index 4a3340ffb..b27ed3ca5 100755
--- a/smoketest/scripts/cli/test_vpn_ipsec.py
+++ b/smoketest/scripts/cli/test_vpn_ipsec.py
@@ -14,23 +14,63 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import os
import unittest
from base_vyostest_shim import VyOSUnitTestSHIM
from vyos.util import call, process_named_running, read_file
+ethernet_path = ['interfaces', 'ethernet']
tunnel_path = ['interfaces', 'tunnel']
+vti_path = ['interfaces', 'vti']
nhrp_path = ['protocols', 'nhrp']
base_path = ['vpn', 'ipsec']
+dhcp_waiting_file = '/tmp/ipsec_dhcp_waiting'
+swanctl_file = '/etc/swanctl/swanctl.conf'
+
class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
def tearDown(self):
self.cli_delete(base_path)
self.cli_delete(nhrp_path)
self.cli_delete(tunnel_path)
+ self.cli_delete(vti_path)
+ self.cli_delete(ethernet_path)
+ self.cli_commit()
+
+ def test_dhcp_fail_handling(self):
+ self.cli_delete(ethernet_path)
+ self.cli_delete(base_path)
+
+ # Interface for dhcp-interface
+ self.cli_set(ethernet_path + ['eth0', 'vif', '100', 'address', 'dhcp']) # Use VLAN to avoid getting IP from qemu dhcp server
+
+ # Set IKE/ESP Groups
+ self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "encryption", "aes128"])
+ self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "hash", "sha1"])
+ self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "dh-group", "2"])
+ self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "encryption", "aes128"])
+ self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "hash", "sha1"])
+
+ # Site to site
+ self.cli_set(base_path + ["ipsec-interfaces", "interface", "eth0.100"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "mode", "pre-shared-secret"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "pre-shared-secret", "MYSECRETKEY"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "ike-group", "MyIKEGroup"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "default-esp-group", "MyESPGroup"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "dhcp-interface", "eth0.100"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "protocol", "gre"])
+
self.cli_commit()
+ self.assertTrue(os.path.exists(dhcp_waiting_file))
+
+ dhcp_waiting = read_file(dhcp_waiting_file)
+ self.assertIn('eth0.100', dhcp_waiting) # Ensure dhcp-failed interface was added for dhclient hook
+
+ self.assertTrue(process_named_running('charon')) # Commit should've still succeeded and launched charon
+
def test_site_to_site(self):
self.cli_delete(base_path)
@@ -40,6 +80,7 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "dh-group", "2"])
self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "encryption", "aes128"])
self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "hash", "sha1"])
+ self.cli_set(base_path + ["ike-group", "MyIKEGroup", "key-exchange", "ikev2"])
# Site to site
self.cli_set(base_path + ["ipsec-interfaces", "interface", "eth0"])
@@ -48,33 +89,104 @@ class TestVPNIPsec(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "ike-group", "MyIKEGroup"])
self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "default-esp-group", "MyESPGroup"])
self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "local-address", "192.0.2.10"])
- self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "protocol", "gre"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "protocol", "tcp"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "prefix", "172.16.10.0/24"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "prefix", "172.16.11.0/24"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "port", "443"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "prefix", "172.17.10.0/24"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "prefix", "172.17.11.0/24"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "port", "443"])
self.cli_commit()
- ipsec_conf_lines = [
- 'authby = secret',
- 'ike = aes128-sha1-modp1024!',
- 'esp = aes128-sha1-modp1024!',
- 'left = 192.0.2.10',
- 'right = 203.0.113.45',
- 'type = tunnel'
+ swanctl_conf_lines = [
+ 'version = 2',
+ 'auth = psk',
+ 'proposals = aes128-sha1-modp1024',
+ 'esp_proposals = aes128-sha1-modp1024',
+ 'local_addrs = 192.0.2.10 # dhcp:no',
+ 'remote_addrs = 203.0.113.45',
+ 'mode = tunnel',
+ 'local_ts = 172.16.10.0/24[tcp/443],172.16.11.0/24[tcp/443]',
+ 'remote_ts = 172.17.10.0/24[tcp/443],172.17.11.0/24[tcp/443]'
+ ]
+
+ swanctl_secrets_lines = [
+ 'id-local = 192.0.2.10 # dhcp:no',
+ 'id-remote = 203.0.113.45',
+ 'secret = "MYSECRETKEY"'
]
- ipsec_secrets_lines = [
- '192.0.2.10 203.0.113.45 : PSK "MYSECRETKEY" # dhcp:no'
+ tmp_swanctl_conf = read_file(swanctl_file)
+
+ for line in swanctl_conf_lines:
+ self.assertIn(line, tmp_swanctl_conf)
+
+ for line in swanctl_secrets_lines:
+ self.assertIn(line, tmp_swanctl_conf)
+
+ # Check for running process
+ self.assertTrue(process_named_running('charon'))
+
+ def test_site_to_site_vti(self):
+ self.cli_delete(base_path)
+ self.cli_delete(vti_path)
+
+ # VTI interface
+ self.cli_set(vti_path + ["vti10", "address", "10.1.1.1/24"])
+
+ # IKE/ESP Groups
+ self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "encryption", "aes128"])
+ self.cli_set(base_path + ["esp-group", "MyESPGroup", "proposal", "1", "hash", "sha1"])
+ self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "dh-group", "2"])
+ self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "encryption", "aes128"])
+ self.cli_set(base_path + ["ike-group", "MyIKEGroup", "proposal", "1", "hash", "sha1"])
+ self.cli_set(base_path + ["ike-group", "MyIKEGroup", "key-exchange", "ikev2"])
+
+ # Site to site
+ self.cli_set(base_path + ["ipsec-interfaces", "interface", "eth0"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "mode", "pre-shared-secret"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "authentication", "pre-shared-secret", "MYSECRETKEY"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "ike-group", "MyIKEGroup"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "default-esp-group", "MyESPGroup"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "local-address", "192.0.2.10"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "prefix", "172.16.10.0/24"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "local", "prefix", "172.16.11.0/24"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "prefix", "172.17.10.0/24"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "tunnel", "1", "remote", "prefix", "172.17.11.0/24"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "vti", "bind", "vti10"])
+ self.cli_set(base_path + ["site-to-site", "peer", "203.0.113.45", "vti", "esp-group", "MyESPGroup"])
+
+ self.cli_commit()
+
+ swanctl_conf_lines = [
+ 'version = 2',
+ 'auth = psk',
+ 'proposals = aes128-sha1-modp1024',
+ 'esp_proposals = aes128-sha1-modp1024',
+ 'local_addrs = 192.0.2.10 # dhcp:no',
+ 'remote_addrs = 203.0.113.45',
+ 'mode = tunnel',
+ 'local_ts = 172.16.10.0/24,172.16.11.0/24',
+ 'remote_ts = 172.17.10.0/24,172.17.11.0/24',
+ 'mark_in = 9437194', # 0x900000 + (vti)10
+ 'mark_out = 9437194',
+ 'updown = "/etc/ipsec.d/vti-up-down vti10 no"'
]
- tmp_ipsec_conf = read_file('/etc/ipsec.conf')
+ swanctl_secrets_lines = [
+ 'id-local = 192.0.2.10 # dhcp:no',
+ 'id-remote = 203.0.113.45',
+ 'secret = "MYSECRETKEY"'
+ ]
- for line in ipsec_conf_lines:
- self.assertIn(line, tmp_ipsec_conf)
+ tmp_swanctl_conf = read_file(swanctl_file)
- call('sudo chmod 644 /etc/ipsec.secrets') # Needs to be readable
- tmp_ipsec_secrets = read_file('/etc/ipsec.secrets')
+ for line in swanctl_conf_lines:
+ self.assertIn(line, tmp_swanctl_conf)
- for line in ipsec_secrets_lines:
- self.assertIn(line, tmp_ipsec_secrets)
+ for line in swanctl_secrets_lines:
+ self.assertIn(line, tmp_swanctl_conf)
# Check for running process
self.assertTrue(process_named_running('charon'))
diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py
index 591630c46..f36d16344 100755
--- a/smoketest/scripts/cli/test_vrf.py
+++ b/smoketest/scripts/cli/test_vrf.py
@@ -119,6 +119,24 @@ class VRFTest(VyOSUnitTestSHIM.TestCase):
self.assertTrue(is_intf_addr_assigned(vrf, '127.0.0.1'))
self.assertTrue(is_intf_addr_assigned(vrf, '::1'))
+ def test_vrf_bind_all(self):
+ table = '2000'
+ for vrf in vrfs:
+ base = base_path + ['name', vrf]
+ self.cli_set(base + ['table', str(table)])
+ table = str(int(table) + 1)
+
+ self.cli_set(base_path + ['bind-to-all'])
+
+ # commit changes
+ self.cli_commit()
+
+ # Verify VRF configuration
+ tmp = read_file('/proc/sys/net/ipv4/tcp_l3mdev_accept')
+ self.assertIn(tmp, '1')
+ tmp = read_file('/proc/sys/net/ipv4/udp_l3mdev_accept')
+ self.assertIn(tmp, '1')
+
def test_vrf_table_id_is_unalterable(self):
# Linux Kernel prohibits the change of a VRF table on the fly.
# VRF must be deleted and recreated!
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 17:48:36 +0000