summaryrefslogtreecommitdiff
path: root/smoketest
AgeCommit message (Collapse)Author
2024-01-12T5922: firewall: fix intra-zone filtering parsing rules; update firewall ↵Nicolas Fort
smoketest (cherry picked from commit 5c4c873f9c36459bc7bad73208450ee802440929)
2024-01-11Merge pull request #2794 from sarthurdev/T5787_sagittaChristian Breunig
dhcp: T5787: Prevent duplicate IP addresses on static mappings (backport)
2024-01-11Merge pull request #2793 from sarthurdev/T5550_sagittaChristian Breunig
interface: T5550: Interface source-validation priority over global value (backport)
2024-01-10dhcp: T5787: Prevent duplicate IP addresses on static mappingssarthurdev
2024-01-10bgp: T5913: allow peer-group support for ipv4|6-labeled-unicast SAFIChristian Breunig
(cherry picked from commit f1411240c6b11ec400ac0f66eb71982259204317)
2024-01-10Merge pull request #2783 from vyos/mergify/bp/sagitta/pr-2263Christian Breunig
T5530: isis: Adding loop free alternate feature (backport #2263)
2024-01-10T5530: isis: Adding loop free alternate featureCheeze_It
(cherry picked from commit 7a2b70bd73c8579a885348b93b8addfb20fb006c)
2024-01-10pki: T5911: fix service update algorithm if certificate name contains a ↵Christian Breunig
hyphen (-) When testing for changed PKI certificates using node_changed(), we should not use key_mangling=('-', '_'), as this will make certificate updates with a hypen not possible. (cherry picked from commit fc6926fdf32a7bdf9f943c7818ee6ea4a8131fba)
2024-01-10https: T5902: remove virtual-host configurationChristian Breunig
We have not seen the adoption of the https virtual-host CLI option. What it did? * Create multiple webservers each listening on a different IP/port (but in the same VRF) * All webservers shared one common document root * All webservers shared the same SSL certificates * All webservers could have had individual allow-client configurations * API could be enabled for a particular virtual-host but was always enabled on the default host This configuration tried to provide a full webserver via the CLI but VyOS is a router and the Webserver is there for an API or to serve files for a local-ui. Changes Remove support for virtual-hosts as it's an incomplete and thus mostly useless "thing". Migrate all allow-client statements to one top-level allow statement. (cherry picked from commit d0d3071e99eb65edb888c26ef2fdc9e038438887)
2024-01-08smoketest: T5905: always delete pki in ipsec test startupChristian Breunig
(cherry picked from commit 2095eb75a2326b8f493944aef07f65b150cfbc60)
2024-01-07smoketest: T5195: fix BasicInterfaceTest tearDown() timeout penaltyChristian Breunig
Commit ad9bdfc24 ("T5195: add timeout argument to process_named_running()") added a 2*10 seconds penalty for every interface test (dhcp and dhcpv6). This leads to long runs of "make test" after an ISO build. There is no need to wait 10 seconds for a test that checks for a process not running. The timeout is there to give the process some time to startup. (cherry picked from commit 041db49533d57cabfccd319492b85ee0bafdd40c)
2024-01-07T5195: add timeout argument to process_named_running()Christian Breunig
Smoketests heavily rely on process_named_running() so in order to "relax" system constraints during a test we will add a timeout of 10 seconds for every testcase provided by base_interfaces_test.py (cherry picked from commit ad9bdfc248cf47b3361bd0e5d7371d56131160a0)
2024-01-06Merge pull request #2763 from vyos/mergify/bp/sagitta/pr-1637Christian Breunig
openvpn: T3214: fix server-ipv6 and nopool handling (backport #1637)
2024-01-06smoketests: drop nopool/net30 from testcasesChristian Breunig
After commit 0ccbbca01b ("openvpn: T3214: specify nopool on --server line only if needed") that removed the net30 option and nopool smoketests needed a fix. (cherry picked from commit 455943cd7f759a5a3fc53d421b479044730d1f08)
2024-01-06dns: T5900: fix smoketests for serve-stale-extension and ↵Christian Breunig
exclude-throttle-address This fixes commit 199ceb1f0a ("dns: T5900: add dont-throttle-netmasks and serve-stale-extensions powerdns features") where after the latest review round the Jinja2 template was inconsitently changed and smoketests were not re-run. (cherry picked from commit 9baeafa890f7b1d3829df633322fb4288e9ea882)
2024-01-06dns: T5900: add dont-throttle-netmasks and serve-stale-extensions powerdns ↵fvlaicu
features (cherry picked from commit 199ceb1f0a820c838dea6862371a3121b3d9f3a9)
2024-01-04T5159: nat: add option to map network and ports. Feature used for large ↵Nicolás Fort
deployments in cgnat. (#2694) (cherry picked from commit 3fc76505d0642c32a3eae9c0ce6ab3dd2ec32dbd)
2024-01-04smoketests: T5887: remove IXGB driverChristian Breunig
From Kernel commit e485f3a6eae0 ("ixgb: Remove ixgb driver") There are likely no users of this driver as the hardware has been discontinued since 2010. Remove the driver and all references to it in documentation. (cherry picked from commit 8eabba331f2615a284348b70a9ef3dd49e15f76d)
2024-01-04configdict: T5894: add get_config_dict() flag with_pkiChristian Breunig
VyOS has several services relaying on the PKI CLI tree to retrieve certificates. Consuming services like ethernet, openvpn or ipsec all re-implemented the same code to retrieve the certificates from the CLI. This commit extends the signature of get_config_dict() with a new option with_pki that defaults to false. If this option is set, the PKI CLI tree will be blended into the resulting dictionary. (cherry picked from commit b152b52023ba0cf0d4919eae39e92de28a458917)
2024-01-03Merge pull request #2719 from c-po/sagitta-backports-accel-pppChristian Breunig
Backports for Accel-PPP based serviced T5801, T5842 and T5688
2024-01-03Merge pull request #2732 from vyos/mergify/bp/sagitta/pr-2728Christian Breunig
T5880: verify_source_interface() should not allow dynamic interfaces like ppp, l2tp, ipoe or sstpc client interfaces (backport #2728)
2024-01-02pki: T3642: add missing base64 constraint on PEM keysChristian Breunig
(cherry picked from commit 679be4c9742ffd5c317742c6c20a268a5e044f0c)
2024-01-01smoketest: remove base accel-ppp testcase function commentsChristian Breunig
Python unittest framework treads the comments as test names during execution: Example: test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool) Test accel-ppp IPv4 pool ... ok (cherry picked from commit e9883143310993d87ba2e0c8ec7ef3b9faf928b1)
2024-01-01smoketest: T5688: pppoe-server support multiple client-ip-pool subnetsChristian Breunig
(cherry picked from commit b0d0ac4a822b36e4f0cfae82db06ee71581de51f)
2024-01-01T5801: Rewritten L2TP to get_config_dictaapostoliuk
Rewritten L2TP to get_config_dict Rewritten L2TP xml to accel-ppp patterns Migrated 'idle' to 'ppp-options.lcp-echo-timeout' Migrated 'authentication.mppe' to 'ppp-options.mppe' Migrated 'authentication.radius.dae-server' to 'authentication.radius.dynamic-author' Migrated 'authentication.require' to 'authentication.protocol' Added 'authentication.radius.acct-interim-jitter' Added 'authentication.radius.preallocate-vif' Added 'authentication.radius.server.<IP>.acct-port' Added 'ppp-options.ipv4' Added smoke-tests Fixed 'preallocate-vif' in SSTP (cherry picked from commit 09e0a2ca035ee39a68a510b28cc74560669d0420)
2024-01-01tunnel: T5879: properly verify source-interface used for tunnelsChristian Breunig
A tunnel interface can not properly be sourced from a pppoe0 interface when such interface is not (yet) connected to the BRAS. It might work on a running system, but subsequent reboots will fail as the source-interface most likely does not yet exist. (cherry picked from commit 66ce19058b7b8597536ddf63bbca027add2ca8a1)
2024-01-01T5474: establish common file name pattern for XML conf mode commandsChristian Breunig
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)
2023-12-31Merge pull request #2725 from vyos/mergify/bp/sagitta/pr-2651Daniil Baturin
firewall: T5834: Rename 'enable-default-log' to 'default-log' (backport #2651)
2023-12-30T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.Lucas Christian
(cherry picked from commit 656934e85cee799dba5b495d143f6be445ac22d5)
2023-12-30firewall: T5834: Add support for default log for route policyIndrajit Raychaudhuri
One can now do `set policy route foo default-log` which will add log to the policy route chain. (cherry picked from commit 6278ce9b7cb2060c8226a60ccbdb580a0d8a3fb5)
2023-12-30firewall: T5834: Rename 'enable-default-log' to 'default-log'Indrajit Raychaudhuri
Rename chain level defaults log option from `enable-default-log` to `default-log` for consistency. (cherry picked from commit 245e758aa2ea8779186d0c92d79d33170d036992)
2023-12-30ipsec: T1210: extend remote-access smoketest with IP pool configurationChristian Breunig
This extends commit f9207ed4a ("ipsec: T1210: add smoketest for remote-access (road-warrior) users") in a way that also the IPv4 pool and its DNS servers get validated. There is no separate IPv6 test, as both address families behave the same way when configuring these. (cherry picked from commit 1e46cd606d9d87226fe0400bf3a53bda360808d8)
2023-12-30ipsec: T1210: add smoketest for remote-access (road-warrior) usersChristian Breunig
(cherry picked from commit 1a84c4d0e6ff88b650bcfc8ba81827af7fc079f3)
2023-12-30system: T5877: Update smoketests for domain-search and related configIndrajit Raychaudhuri
In addition to testing for shortening the domain-search path, add and improve tests for other resolv.conf entries. (cherry picked from commit 584c63f4473373a377db802c173f6252c8085fa3)
2023-12-29smoketest: T5867: extend container tests for IPv4 and IPv6 networksChristian Breunig
(cherry picked from commit 503e0d1836aa99e34542031fb6c401eb6877eff7)
2023-12-28T5859: Fixed format of pool range in the accel-ppp configaapostoliuk
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to 'x.x.x.x-y' (cherry picked from commit 714a6b1dd5e4de6c85911fa64f4b5f37b44979cf)
2023-12-28accel-ppp: T5688: Standardized pool configuration in accel-pppaapostoliuk
Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different. (cherry picked from commit 422eb463d413da812eabc28706e507a9910d7b53)
2023-12-26ddclient: T5791: Add smoketest for dynamic interface and cleanupIndrajit Raychaudhuri
2023-12-25snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"Christian Breunig
(cherry picked from commit a9201e77110ce0695e2ba879304aef41b7ac9a0c)
2023-12-21Merge pull request #2673 from vyos/mergify/bp/sagitta/pr-2665Christian Breunig
T2898: add ndp-proxy service (backport #2665)
2023-12-21T2898: add ndp-proxy serviceChristian Breunig
VyOS CLI command set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static' Will generate the following NDP proxy configuration $ cat /run/ndppd/ndppd.conf # autogenerated by service_ndp-proxy.py # This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route route-ttl 30000 # This sets up a listener, that will listen for any Neighbor Solicitation # messages, and respond to them according to a set of rules proxy eth0 { # Turn on or off the router flag for Neighbor Advertisements router no # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) timeout 500 # Control how long a valid or invalid entry remains in the cache (milliseconds) ttl 30000 # This is a rule that the target address is to match against. If no netmask # is provided, /128 is assumed. You may have several rule sections, and the # addresses may or may not overlap. rule 2001:db8::/64 { static } } (cherry picked from commit 4d721a58020971d00ab854c37b68e88359999f9c)
2023-12-21srv6: T591: enable SR enabled packet processing on defined interfacesChristian Breunig
The Linux Kernel needs to be told if IPv6 SR enabled packets whether should be processed or not. This is done using /proc/sys/net/conf/<iface>/seg6_* variables: seg6_enabled - BOOL Accept or drop SR-enabled IPv6 packets on this interface. Relevant packets are those with SRH present and DA = local. 0 - disabled (default) not 0 - enabled Or the VyOS CLI command: * set protocols segment-routing interface eth0 srv6 (cherry picked from commit 774cc97eda61eb0b91df820797fb3c705d0073d5)
2023-12-21vrf: T591: define sysctl setting for net.vrf.strict_modeChristian Breunig
Enable/Disable VRF strict mode, when net.vrf.strict_mode=0 (default) it is possible to associate multiple VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a table can be associated to a single VRF device. A VRF table can be used by the VyOS CLI only once (ensured by verify()), this simply adds an additional Kernel safety net, but a requirement for IPv6 segment routing headers. (cherry picked from commit 10701108fecb36f7be7eb7ef5f1e54e63da5fb4e)
2023-12-19smoketest: bgp: T4163: use explicit kill to respawn bgpd processChristian Breunig
(cherry picked from commit b873112dd7253b64d323e183758dbabaa0f28b6e)
2023-12-19smoketest: bgp: T4163: add explicit timeout when starting BMPChristian Breunig
(cherry picked from commit 259a3d637081fad9f86a8edb39814d8f0fbf7b95)
2023-12-18T4163: Add BGP Monitoring Protocol BMP featureViacheslav Hletenko
Add BMP feature. BMP (BGP Monitoring Protocol, RFC 7854) is used to send monitoring data from BGP routers to network management entities https://docs.frrouting.org/en/latest/bmp.html Example: set system frr bmp commit run restart bgp set protocols bgp system-as '65001' set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast set protocols bgp neighbor 192.0.2.11 remote-as '65001' set protocols bgp bmp mirror-buffer-limit '256000000' set protocols bgp bmp target foo address '127.0.0.1' set protocols bgp bmp target foo port '5000' set protocols bgp bmp target foo min-retry '1000' set protocols bgp bmp target foo max-retry '2000' set protocols bgp bmp target foo mirror set protocols bgp bmp target foo monitor ipv4-unicast post-policy set protocols bgp bmp target foo monitor ipv4-unicast pre-policy set protocols bgp bmp target foo monitor ipv6-unicast post-policy set protocols bgp bmp target foo monitor ipv6-unicast pre-policy (cherry picked from commit 5523fccf4f7d05444c36c568128e94cd7b08c34f)
2023-12-16ocserv: T5796: add smoketest for new "http-security-headers" featureChristian Breunig
(cherry picked from commit 1c82e661e04e0979e09e487a58a801ffa9f438e8)
2023-12-15T5775: firewall: re-add state-policy to firewall. These commands are now ↵Nicolas Fort
included in <set firewall global-options state-policy> node.
2023-12-15firewall: T4502: add offload to firewall table actionsBjarke Istrup Pedersen
2023-12-15frr: T4020: add option to define number of open file descriptorsChristian Breunig
This allows the operator to control the number of open file descriptors each daemon is allowed to start with. The current assumed value on most operating systems is 1024. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen. set system frr descriptors <n> (cherry picked from commit 892c28ccf634173d4c4952c248cb03974c560793)