summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli
AgeCommit message (Collapse)Author
2024-03-24Merge pull request #3163 from vyos/mergify/bp/sagitta/pr-3157Viacheslav Hletenko
vti: T6085: bring VTI interfaces up only when the IPsec tunnel is up (backport #3157)
2024-03-22isis: T6160: NameError: name 'process' is not definedChristian Breunig
This is a leftover after commit 0e050cb35 (isis: T3417: drop artificial "domain" node identifying the IS-IS process name). Drop all references to "process" variable. Specifying: set protocols isis interface eth1 set protocols isis net '49.0001.1921.6825.5255.00' set protocols isis redistribute ipv4 bgp Triggered an exception Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 309, in <module> verify(c) File "/usr/libexec/vyos/conf_mode/protocols_isis.py", line 158, in verify f'"protocols isis {process} redistribute {afi} {proto}"!') ^^^^^^^ NameError: name 'process' is not defined (cherry picked from commit 78212414e085d6261a32015553eb3e407f77792f)
2024-03-21vti: T6085: interface is always down and only enabled by IPSec daemonChristian Breunig
When a VTI interface is just created, it is in ADMIN UP state by default, even if an IPSec peer is not connected. After the peer is disconnected the interface goes to DOWN state as expected. This breaks routing logic - for example, static routes through VTI interfaces will be active even if a peer is not connected. This changes to logic so ADMIN UP/DOWN state can only be changed by the vti-up-down helper script. Error was introduced during the Perl -> Python migration and move to the generic vyos.ifconfig abstraction during the 1.4 development cycle. (cherry picked from commit 9eb018c4935235d292d7c693ac15da5761be064a)
2024-03-21Merge pull request #3160 from vyos/mergify/bp/sagitta/pr-3159Christian Breunig
conntrack: T6147: Enable conntrack when firewall state-policy is defined (backport #3159)
2024-03-21bridge: T6125: support 802.1ad (ethertype 0x88a8) VLAN filteringChristian Breunig
Linux bridge uses EtherType 0x8100 by default. In some scenarios, an EtherType value of 0x88A8 is required. Reusing CLI command from VIF-S (QinQ) interfaces: set interfaces bridge br0 protocol 802.1ad (cherry picked from commit 9c9b1febff6863ccd3632a04d9e307909b3efe7a)
2024-03-21conntrack: T6147: Enable conntrack when firewall state-policy is definedsarthurdev
* Move global state-policy smoketest to it's own test, verify conntrack (cherry picked from commit 62bda3b082a79c2f31483dba5bfeb19464f6dbe2)
2024-03-20qos: T1871: add MTU option when configure limiter traffic-policykhramshinr
add mtu to default and specified class update smoke test (cherry picked from commit 84bbcdf5b7980f701aba6e158a2be4a05e7076d9)
2024-03-17policy: T6129: add route-map option "as-path exclude all"Christian Breunig
Remove all AS numbers from the AS_PATH of the BGP path's NLRI. set policy route-map <name> rule <rule> set as-path exclude all (cherry picked from commit 16395c902ff79fcb34019a6d499467488ed45849)
2024-03-13radvd: T6118: add nat64prefix support RFC8781Christian Breunig
Add support for pref64 option, as defined in RFC8781. The prefix valid lifetime must not be smaller than the "interface interval max" definition which defaults to 600. set service router-advert interface eth1 nat64prefix 64:ff9b::/96 (cherry picked from commit f1ead5c6a16aba00699b8a5b9c18ef6cffe8cc4d)
2024-03-12vrrp: T6020: vrrp health-check script not applied correctly in keepalived.confkhramshinr
Added health-check to sync-group in CLI Don't use instance health-check when instance in sync group member Disallow wrong healtch-check configurations New smoke test
2024-03-10xml: T5738: lower maximum description to 255 charactersChristian Breunig
e.g. Linux Kernel only supports 255 and not 256 characters for the ifalias field. (cherry picked from commit a72ededa0b29c25efaab52f2db170c34eba50248)
2024-03-07snmp: T2998: SNMP v3 oid "exclude" option fixNataliia Solomko
(cherry picked from commit 77a25e95da48549f2791b677f4ba187e547b1c6a)
2024-03-06T6061: fix rule parsing when connection-status is usedNicolas Fort
(cherry picked from commit 8f2534e9654b61b7db45788bb52ac6cf8017b054)
2024-03-04Merge pull request #3083 from vyos/mergify/bp/sagitta/pr-3078Christian Breunig
ospfv3: T6087: add support to redistribute IS-IS routes (backport #3078)
2024-03-04ospfv3: T6087: add support to redistribute IS-IS routesChristian Breunig
(cherry picked from commit 6a97fdfa1ba9b4135a51498ea5acabb804256b2c)
2024-03-04smoketest: T4977: ospf: include babel in redistribution testsChristian Breunig
(cherry picked from commit 256e939b2cd308e1e8be9dd72ccec6e87d58504b)
2024-03-04vyos.ethtool: T6083: use JSON input data for ethernet interface flow-control ↵Christian Breunig
settings (cherry picked from commit 5ee89f46096626ca8aac37da9237635e3d17766a)
2024-03-04T6086: NAT: fix nat rules when using source-groups and translation address ↵Nicolas Fort
is a network. (cherry picked from commit a7a0c90404d03f7deccb74a46d0fe1f99116907a)
2024-03-02ospfv3: T5717: allow metric and metric-type on redistributed routesChristian Breunig
Example: vyos@vyos# set protocols ospfv3 redistribute bgp Possible completions: metric OSPF default metric metric-type OSPF metric type for default routes (default: 2) route-map Specify route-map name to use (cherry picked from commit ed2c288c8a9031f91acf76d20b84e2002696981c)
2024-03-02vyos.ethtool: T6083: use JSON input data for ring-buffer methodsChristian Breunig
(cherry picked from commit b984cf8d179cf3d4b16e7f3e5cf94f822055cb04)
2024-02-29T5504: Added smoketest for multiple peer addressesNataliia Solomko
(cherry picked from commit 36883ebf0f820003ec86e14e7612ce113630def2)
2024-02-28vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is ↵sarthurdev
required (cherry picked from commit 6f7d1e15665655e37e8ca830e28d9650445c1217)
2024-02-28smoketest: T5160: Deduplicate nftables verify functions to testcase class, ↵sarthurdev
remove obsolete imports (cherry picked from commit bc9ccaeda54279022b73a806fa8aa77c523fbecc)
2024-02-22upnp: T3420: disable the UPnP CLI in Sagitta until bugs are fixedDaniil Baturin
2024-02-18smoketest: T6043: proper cleanup after testcaseChristian Breunig
This extends commit dbe8c613b ("bridge: T6043: do not call vxlan dependency if interface does not exist (yet)") with a proper cleanup of additional interfaces created during the testrun. (cherry picked from commit 4cb80868ab3ab35453d8609392ca470a02764fac)
2024-02-18bridge: T6043: do not call vxlan dependency if interface does not exist (yet)Christian Breunig
In order to keep the proper priority list during system startup and on initial setup/commit for this feature the dependent VXLAN code should not be called, if the interface in question does not exist (yet). (cherry picked from commit dbe8c613bb80bc8b714398825054ade5942ea75b)
2024-02-17login: T5972: add possibility to disable individual local user accountsChristian Breunig
* set system login user <name> disable (cherry picked from commit 6e0b146ed3b90da577c3ecba38836883fd435e7a)
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-default in VRF ↵Christian Breunig
context * set vrf name <name> ip nht no-resolve-via-default * set vrf name <name> ipv6 nht no-resolve-via-default (cherry picked from commit 0fafc4bcdb9efc03796ddab0832471b11ba1bbe0)
2024-02-16T6001: add option to disable next-hop-tracking resolve-via-defaultChristian Breunig
* set system ip nht no-resolve-via-default * set system ipv6 nht no-resolve-via-default (cherry picked from commit ece0e768f36e52f8964823d891264d7c187204ec)
2024-02-15T6029: Rewritten Accel-PPP services to an identical feature setaapostoliuk
Removed dhcp-interface option (l2tp) Added wins-server (sstp) Added description (ipoe, pppoe, sstp, pptp) Added exteded-script (l2tp, sstp, pptp) Added shaper (ipoe, pptp, sstp, l2tp) Added limits (ipoe, pptp, sstp, l2tp) Added snmp ( ipoe, pptp,sstp, l2tp) Refactoring and reformated code. (cherry picked from commit ac6a16f6c5ad7700789759e1ec093236c2e182a2)
2024-02-14Merge pull request #3009 from vyos/mergify/bp/sagitta/pr-2988Christian Breunig
rpki: T6034: move file based SSH keys for authentication to PKI subsystem (backport #2988)
2024-02-13pki: T6034: add dependencies to trigger rpki re-run on openssh key updateChristian Breunig
(cherry picked from commit 0f8bf6bd0fb29cfd638e9920674e7ad1d1d25350)
2024-02-13rpki: T6034: move SSH authentication keys to PKI subsystemChristian Breunig
(cherry picked from commit ac2d7dfac6073d0f232191ec494f78a8d12889e4)
2024-02-13T6019: Fix smoketest test_system_conntrack custom timeoutViacheslav Hletenko
After updateing netfilter in the commit https://github.com/vyos/vyos-build/commit/b31f5fe934bcb37534d49acdb5f7756bf05422e8 The nftables format for conntrack timeouts is different. Fix this. (cherry picked from commit 24860e092426bf0bb09c2d164d66330be13bcd77)
2024-02-13T5928: Smoketest change firewall flowtable test to use VLANViacheslav Hletenko
(cherry picked from commit ef87bd7320da2750de4d93c14314965704f3dfbd)
2024-02-13bgp: T6032: add EVPN MAC-VRF Site-of-Origin supportChristian Breunig
In some EVPN deployments it is useful to associate a logical VTEP's Layer 2 domain (MAC-VRF) with a Site-of-Origin "site" identifier. This provides a BGP topology-independent means of marking and import-filtering EVPN routes originated from a particular L2 domain. One situation where this is valuable is when deploying EVPN using anycast VTEPs set protocols bgp address-family l2vpn-evpn mac-vrf soo (cherry picked from commit f308df322bd62024e29dd458642cb6bcac8a5ad6)
2024-02-12T6019: fix smoketest after upgrading nftables and libnftnl packages.Nicolas Fort
(cherry picked from commit f3205d6dd1ea04adecbd8c857c80015ed53f2140)
2024-02-12Merge pull request #2990 from vyos/mergify/bp/sagitta/pr-2980Christian Breunig
srv6: T5849: add segment support to "protocols static route6" (backport #2980)
2024-02-11srv6: T5849: add segment support to "protocols static route6"Christian Breunig
* set protocols static route6 <prefix> next-hop <address> segments 'x:x::x:x/y:y::y/z::z' * set protocols static route6 <prefix> interface <interface> segments 'x:x::x:x/y:y::y/z::z' (cherry picked from commit b84f7de453f3951945298d95a8a27345ba7d28c3)
2024-02-11bgp: T6010: support setting multiple values for neighbor path-attributeChristian Breunig
(cherry picked from commit a22e0ee09ff4750de004090f1f55ee75a12dc821)
2024-02-09T5960: Rewritten authentication node in PPTP to a single viewaapostoliuk
Rewritten authentication node in accel-ppp services to a single view. In particular - PPTP authentication. (cherry picked from commit 018110200c9a82815dd5d0510f0732d7159c0d59)
2024-02-08rpki: T6023: add support for CLI knobs expire-interval and retry-intervalChristian Breunig
(cherry picked from commit 17894f6f5d97df7d3ac1cf37ce0e1a96b8fa8e8b)
2024-02-08Merge pull request #2964 from vyos/mergify/bp/sagitta/pr-2952Daniil Baturin
vrf: T5973: module is now statically compiled into the kernel (backport #2952)
2024-02-07vrf: T5973: module is now statically compiled into the kernelChristian Breunig
Always enable VRF strict_mode (cherry picked from commit 117fbcd6237b59f54f2c1c66986a8ce073808c84)
2024-02-07bgp: T6024: add additional missing FRR featuresChristian Breunig
* set protocols bgp parameters labeled-unicast <explicit-null | ipv4-explicit-null | ipv6-explicit-null> * set protocols bgp parameters allow-martian-nexthop * set protocols bgp parameters no-hard-administrative-reset" (cherry picked from commit fff6004d46c5b939800fc3e61fe2102224625c0d)
2024-02-07vpn: T3843: l2tp configuration not cleared after deletekhramshinr
vpn: T5926: IPSEC does not apply after l2tp configuration was changed added dependency between l2tp and ipsec conf added test for apply config to swanctl (cherry picked from commit e697ed1e7fd5c33f8082b2f4f96c42fc822ec9a5)
2024-02-06rpki: T6011: known-hosts-file is no longer supported by FRRChristian Breunig
(cherry picked from commit 586863bf3a9cb1dd1c0d74b628d00096b905740f)
2024-02-05T6018: adjust smoketest for update to FastAPI web frameworkJohn Estabrook
(cherry picked from commit e1b63b9b1704a55ccbf75e7131651c85dd318107)
2024-02-03ipsec: T5998: add replay-windows settingChristian Breunig
The replay_window for child SA will always be 32 (hence enabled). Add a CLI node to explicitly change this. * set vpn ipsec site-to-site peer <name> replay-window <0-2040> (cherry picked from commit 4d943d8fbf1253154897179b0e3ea2d93b898197)
2024-02-02smoketest: T5955: verify container uid/gid settingChristian Breunig
(cherry picked from commit faa4c87d93c7808c6a4edd8eddd29049ec8ec3fa)