summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli
AgeCommit message (Collapse)Author
2023-11-22vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069 (cherry picked from commit 35f6033d21053fa420e837f157cd9377a4ccd26a)
2023-11-22http: T5762: rename "virtual-host listen-port" -> "virtual-host port"Christian Breunig
This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components. (cherry picked from commit 0e885f1bf01424130b6876e769cc42612b19351b)
2023-11-22Merge pull request #2520 from vyos/mergify/bp/sagitta/pr-2518Daniil Baturin
T5770 Enable MACsec encryption stanza (backport #2518)
2023-11-22Merge pull request #2517 from nicolas-fort/T5419-FT-SagittaDaniil Baturin
T5419: firewall: backport firewall flowtable to Sagitta.
2023-11-22Merge pull request #2510 from vyos/mergify/bp/sagitta/pr-2506Daniil Baturin
dhcp-client: T5760: add CLI option to pass user-class parameter (backport #2506)
2023-11-21smoketest: macsec: T5770: fix NameError: name 'cipher' is not definedChristian Breunig
(cherry picked from commit 02a3e26e88f0ac3c7368e288769bfed38b41df46)
2023-11-21macsec: T5770: enable iproute2 "encrypt on" stanzaGiga Murphy
(cherry picked from commit a7a90e81ad03ec33acb32beeab71dbd5f27a2044)
2023-11-21T5419: firewall: backport firewall flowtable to Sagitta.Nicolas Fort
2023-11-20http: T5762: api: make API socket backend communication the one and only defaultChristian Breunig
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy. (cherry picked from commit f5e43b1361fb59a9c260739bdb28729d5119507c)
2023-11-20dhcp-client: T5760: add CLI option to pass user-class parameterChristian Breunig
Example: set interfaces ethernet eth0 dhcp-options user-class VyOS or set interfaces ethernet eth0 dhcp-options user-class 56:79:4f:53 (cherry picked from commit 260645d0c6ff078cc89601f3a586195902f9c18e)
2023-11-20dhcp-client: T5760: add constraints for dhclient string optionsChristian Breunig
The string data type specifies either an NVT ASCII string enclosed in double quotes, or a series of octets specified in hexadecimal, separated by colons. For example: set interfaces ethernet eth0 dhcp-options client-id CLIENT-FOO or set interfaces ethernet eth0 dhcp-options client-id 43:4c:49:45:54:2d:46:4f:4f As of now there was no input validation performed. (cherry picked from commit bed1cd01904ef89b5d31bd47de0f230214900f16)
2023-11-19Merge pull request #2498 from nicolas-fort/T4072-sagittaChristian Breunig
T4072: firewall: backport bridge firewall to sagitta
2023-11-16T4072: firewall: backport bridge firewall to sagittaNicolas Fort
2023-11-16Merge pull request #2489 from vyos/mergify/bp/sagitta/pr-2476Christian Breunig
pim(6): T5733: add missing FRR related features (backport #2476)
2023-11-16smoketest: Extend HTTP-API testsViacheslav Hletenko
(cherry picked from commit 15b5ede2cdd65af441be6de89b8b1df6d186f874)
2023-11-15pim6: T5733: add missing FRR PIM6 related featuresChristian Breunig
(cherry picked from commit 403d2ffd6e46cb082b1d16ddf515e1784bee968c) # Conflicts: # data/templates/frr/pim6d.frr.j2 # interface-definitions/protocols-pim6.xml.in # smoketest/scripts/cli/test_protocols_pim6.py # src/conf_mode/protocols_pim6.py
2023-11-15pim: T5733: fix CLI level of global PIM commandsChristian Breunig
(cherry picked from commit dd13213ae94f071bc30cc17f5fabef02fbf95939)
2023-11-15igmp: T5736: migrate "protocols igmp" to "protocols pim"Christian Breunig
IGMP and PIM are two different but related things. FRR has both combined in pimd. As we use get_config_dict() and FRR reload it is better to have both centrally stored under the same CLI node (as FRR does, too) to just "fire and forget" the commit to the daemon. "set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp" (cherry picked from commit bc83fb097719f5c4c803808572f690fbc367b9e5)
2023-11-15pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR. (cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c) # Conflicts: # python/vyos/frr.py # src/op_mode/restart_frr.py
2023-11-14T5729: T5590: T5616: backport to sagita fwall marks, fix on firewall logs ↵Nicolas Fort
parsing, and migration to valueless node for log and state matchers
2023-11-07T5716: Fix smoketest for accel-ppp limiter tbfViacheslav Hletenko
Limiter in the commit cf92295 was changed to `tbf` Fix smoketest (cherry picked from commit d8ffbbe72c791ec5516d029e85619678b2841402)
2023-11-06bgp: T5698: add support for EVPN MultihomingChristian Breunig
(cherry picked from commit 1d67620e656766731ad6825fd8961140eb50d8a7)
2023-11-06bond: T5698: add support for EVPN MultihomingChristian Breunig
set interfaces bonding bond10 evpn es-df-pref '50' set interfaces bonding bond10 evpn es-id '10' set interfaces bonding bond10 evpn es-sys-mac '01:23:45:67:89:ab' set interfaces bonding bond10 member interface 'eth3' set interfaces bonding bond10 mode '802.3ad' (cherry picked from commit 937685608e61151275c4f60c6d00c0154f2ca06d)
2023-11-03wireguard: T5707: remove previously deconfigured peerChristian Breunig
Changing the public key of a peer (updating the key material) left the old WireGuard peer in place, as the key removal command used the new key. WireGuard only supports peer removal based on the configured public-key, by deleting the entire interface this is the shortcut instead of parsing out all peers and removing them one by one. Peer reconfiguration will always come with a short downtime while the WireGuard interface is recreated. (cherry picked from commit 2fc8738bc9c2fb6364a22d86079e8635cee91949)
2023-11-02T5705: rsyslog: fix error when level=all. Replace <all> with wildcard <*>, ↵Nicolas Fort
as it's done with facility. Create basic smoketest for syslog (cherry picked from commit c5ae7c9e2a141d92b8a716b3dbe3e5b41ee4aaba)
2023-11-01T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵Nicolas Fort
firewal, nat and nat66. (cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6)
2023-11-01smoketest: vxlan: T5699: fix "external" CLI optionChristian Breunig
After commit cc7ba8824 ('vxlan: T5699: migrate "external" CLI know to "parameters external"') We also need to adjust the testcase for ARP/ND suppression. (cherry picked from commit cb2f72dbd10a11f99913cc60044460f18381f770)
2023-10-31vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10 (cherry picked from commit ec9a95502daa88b9632af12524e7cefebf86bab6)
2023-10-30vxlan: T5699: migrate "external" CLI know to "parameters external"Christian Breunig
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well. (cherry picked from commit cc7ba8824a5e9ec818f0bbe7fb85e1713a591527)
2023-10-30Merge pull request #2400 from vyos/mergify/bp/sagitta/pr-2355Viacheslav Hletenko
T5643: nat: add interface-groups to nat. Use same cli structure for i… (backport #2355)
2023-10-25smoketest: T3829: rename netns test to match current branchChristian Breunig
2023-10-24T5643: nat: add interface-groups to nat. Use same cli structure for ↵Nicolas Fort
interface-name|interface-group as in firewall. (cherry picked from commit 2f2c3fa22478c7ba2e116486d655e07df878cdf4)
2023-10-23T5637: Firewall: add new rule at the end of base chains for default-actions. ↵Nicolas Fort
This enables logs capabilities for default-action in base chains.
2023-10-22T5299: Add missed option ceiling for QoS shaperViacheslav Hletenko
Add missed option `ceil` for QoS class 'trafficshaper' (cherry picked from commit 5218241e6293317f8837b3f7c3893d653d960993)
2023-10-21Merge pull request #2389 from vyos/mergify/bp/sagitta/pr-2385Christian Breunig
T5667: BGP label-unicast enable ecmp (backport #2385)
2023-10-21T5667: BGP label-uniscat enable ecmpfett0
(cherry picked from commit e7cdf855ddce7dfe45af8b4b75eeee9de09f2451)
2023-10-20T5541: firewall: re-add zone-based firewall.Nicolas Fort
2023-10-11T5165: Implement policy local-route source and destination portViacheslav Hletenko
Add `policy local-route` source and destination port set policy local-route rule 23 destination port '222' set policy local-route rule 23 protocol 'tcp' set policy local-route rule 23 set table '123' set policy local-route rule 23 source port '8888' % ip rule show prio 23 23: from all ipproto tcp sport 8888 dport 222 lookup 123 (cherry picked from commit ff43733074675b94ce4ead83fe63870b6cf953c5)
2023-10-07pppoe: T5630: verify MRU is less or equal then MTUChristian Breunig
(cherry picked from commit e357258e645cf85de0035d4ecfbf99db4dd90f7e)
2023-10-07pppoe: T5630: allow to specify MRU in addition to already configurable MTUChristian Breunig
Set the MRU (Maximum Receive Unit) value to n. PPPd will ask the peer to send packets of no more than n bytes. The value of n must be between 128 and 16384, the default was always 1492 to match PPPoE MTU. A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data). Note that for the IPv6 protocol, the MRU must be at least 1280. CLI: set interfaces pppoe pppoe0 mru 1280 (cherry picked from commit e062a8c11856f213983f5b41f50d4f9dbc0dde0f)
2023-10-05T4320: remove references to obsoleted legacy version filesJohn Estabrook
(cherry picked from commit aeb0138c9df73b57489eced152f026c0666d1ee5)
2023-10-02T5165: Migrate policy local-route rule x destination to addressViacheslav Hletenko
Migrate policy local-route <destination|source> to node address replace 'policy local-route{v6} rule <tag> destination|source <x.x.x.x>' => 'policy local-route{v6} rule <tag> destination|source address <x.x.x.x>' (cherry picked from commit 9f7a5f79200782f7849cab72f55a39dedf45f214)
2023-09-28mdns: T5615: Allow controlling IP version to use for mDNS repeaterIndrajit Raychaudhuri
This commit adds a new configuration option to the mDNS repeater service to allow controlling which IP version to use for mDNS repeater. Additionally, publishing AAAA record over IPv4 and A record over IPv6 is disabled as suggested. See: - https://github.com/lathiat/avahi/issues/117#issuecomment-1651475104 - https://bugzilla.redhat.com/show_bug.cgi?id=669627#c2 (cherry picked from commit e66f7075ee12ae3107d29efaf683442c3535e8b9)
2023-09-28Merge pull request #2319 from vyos/mergify/bp/sagitta/pr-2313Christian Breunig
T5165: Add option protocol for policy local-route (backport #2313)
2023-09-28firewall: T5614: Add support for matching on conntrack helpersarthurdev
(cherry picked from commit 81dee963a9ca3224ddbd54767a36efae5851a001)
2023-09-28T5165: Add option protocol for policy local-routeViacheslav Hletenko
Add option `protocol` for policy local-route set policy local-route rule 100 destination '192.0.2.12' set policy local-route rule 100 protocol 'tcp' set policy local-route rule 100 set table '100' (cherry picked from commit 96b8b38a3c17aa08fa964eef9141cf89f1c1d442)
2023-09-28ipsec: T5606: Add support for whole CA chainssarthurdev
Also includes an update to smoketest to verify (cherry picked from commit 1ac230548c86d3308ff5b479b79b0e64b75a0e8a)
2023-09-27conf-mode: T5412: move dependency check from smoketest to nosetestJohn Estabrook
(cherry picked from commit 12440ea1af8e60482a6a91c1cb04dcb86d7f4a68)
2023-09-22Merge pull request #2291 from vyos/mergify/bp/sagitta/pr-2284Christian Breunig
bgp: T5596: add new features from FRR 9 (backport #2284)
2023-09-21T5602: Reverse-proxy add option backup for backend serverViacheslav Hletenko
A `backup` server can be defined to take over in the case of all other backends failing set load-balancing reverse-proxy backend <tag> server <tag> address '192.0.2.3' set load-balancing reverse-proxy backend <tag> server <tag> port '8883' set load-balancing reverse-proxy backend <tag> server <tag> backup (cherry picked from commit cb297aea56da91144c53be1f396b64a26a8e5b04)