summaryrefslogtreecommitdiff
path: root/smoketest
AgeCommit message (Collapse)Author
2023-12-16ocserv: T5796: add smoketest for new "http-security-headers" featureChristian Breunig
2023-12-15Merge pull request #2639 from c-po/frr-t4020Viacheslav Hletenko
frr: T4020: add option to define number of open file descriptors
2023-12-15frr: T4020: add option to define number of open file descriptorsChristian Breunig
This allows the operator to control the number of open file descriptors each daemon is allowed to start with. The current assumed value on most operating systems is 1024. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen. set system frr descriptors <n>
2023-12-15firewall: T4502: add ofload to firewall table actionsGurliGebis
2023-12-14T4163: Add BGP Monitoring Protocol BMP featureViacheslav Hletenko
Add BMP feature. BMP (BGP Monitoring Protocol, RFC 7854) is used to send monitoring data from BGP routers to network management entities https://docs.frrouting.org/en/latest/bmp.html Example: set system frr bmp commit run restart bgp set protocols bgp system-as '65001' set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast set protocols bgp neighbor 192.0.2.11 remote-as '65001' set protocols bgp bmp mirror-buffer-limit '256000000' set protocols bgp bmp target foo address '127.0.0.1' set protocols bgp bmp target foo port '5000' set protocols bgp bmp target foo min-retry '1000' set protocols bgp bmp target foo max-retry '2000' set protocols bgp bmp target foo mirror set protocols bgp bmp target foo monitor ipv4-unicast post-policy set protocols bgp bmp target foo monitor ipv4-unicast pre-policy set protocols bgp bmp target foo monitor ipv6-unicast post-policy set protocols bgp bmp target foo monitor ipv6-unicast pre-policy
2023-12-13Merge pull request #2606 from c-po/srv6Christian Breunig
SRv6: T591: initial implementation to support locator definition
2023-12-11ddclient: T5791: Add smoketest for dynamic interfaceIndrajit Raychaudhuri
2023-12-11ddclient: T5791: Cleanup smoketests and remove unnecessary importsIndrajit Raychaudhuri
2023-12-11srv6: T591: initial implementation to support locator definitionChristian Breunig
VyOS CLI set protocols segment-routing srv6 locator bar prefix '2001:b::/64' set protocols segment-routing srv6 locator foo behavior-usid set protocols segment-routing srv6 locator foo prefix '2001:a::/64' Will generate in FRR segment-routing srv6 locators locator bar prefix 2001:b::/64 block-len 40 node-len 24 func-bits 16 exit ! locator foo prefix 2001:a::/64 block-len 40 node-len 24 func-bits 16 behavior usid exit ! exit ! exit ! exit
2023-12-11bgp: T591: add SRv6 support from FRRChristian Breunig
set protocols bgp sid vpn per-vrf export '99' set protocols bgp srv6 locator 'foo' set protocols bgp system-as '100' Will generate in FRR config router bgp 100 no bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check ! segment-routing srv6 locator foo exit sid vpn per-vrf export 99 exit
2023-12-10Merge pull request #2600 from sever-sever/T5773-smoketestsViacheslav Hletenko
T5773: API add smoketest for load config via HTTP URL
2023-12-09T5773: API add smoketest for load config via HTTP URLViacheslav Hletenko
Use a custom NGINX config to load config via URL
2023-12-09Merge pull request #1960 from sarthurdev/keaChristian Breunig
dhcp: T3316: Migrate dhcp/dhcpv6 server to Kea
2023-12-08ddclient: T5791: use a fixed VRF table ID in smoketestsChristian Breunig
Fixes DEBUG - ====================================================================== DEBUG - ERROR: test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 302, in test_07_dyndns_vrf DEBUG - self.cli_set(['vrf', 'name', vrf_name, 'table', vrf_table]) DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 68, in cli_set DEBUG - self._session.set(config) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 154, in set DEBUG - self.__run_command([SET] + path + value) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 143, in __run_command DEBUG - raise ConfigSessionError(output) DEBUG - vyos.configsession.ConfigSessionError: Number is not in any of allowed ranges
2023-12-08smoketest: add a dialout router config with IPv6-PD and WireGuard from 1.3.4Christian Breunig
(cherry picked from commit 1f304a5b3b3698e11f3a497ca9c61b69ef94b26b)
2023-12-08dhcp: T3316: Add time-zone node for options 100 and 101sarthurdev
2023-12-08dhcp: T3316: Migrate dhcp/dhcpv6 server to Keasarthurdev
2023-12-07Merge pull request #2539 from nicolas-fort/T5775Daniil Baturin
T5775: firewall: re-add state-policy to firewall. These commands are …
2023-12-06T160: Rebase and fixes for NAT64Viacheslav Hletenko
- Update the base (rebase) - Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i - Delete unwanted `write_json`, use `write_file` instead - Remove unnecessary deleting of default values for tagNodes T2665 - Add smoketest Example: ``` set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth0 address '192.168.122.10/24' set interfaces ethernet eth2 address '2001:db8::1/64' set nat64 source rule 100 source prefix '64:ff9b::/96' set nat64 source rule 100 translation pool 10 address '192.168.122.10' set nat64 source rule 100 translation pool 10 port '1-65535' ```
2023-12-05Merge pull request #2574 from nicolas-fort/T5779Daniil Baturin
T5779: conntrack: Apply fixes to <set system conntrack timeout custom>
2023-12-05T5779: conntrack: Apply fixes to <set system conntrack timeout custom>. ↵Nicolas Fort
Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6.
2023-12-04Merge pull request #2501 from aapostoliuk/T5688-currentChristian Breunig
accel-ppp: T5688: Standardized pool configuration in accel-ppp
2023-12-04accel-ppp: T5688: Standardized pool configuration in accel-pppaapostoliuk
Standardized pool configuration for all accel-ppp services. 1. Only named pools are used now. 2. Allows all services to use range in x.x.x.x/mask and x.x.x.x-x.x.x.y format 3. next-pool can be used in all services 2. Allows to use in ipoe gw-ip-address without pool configuration which allows to use Fraimed-IP-Address attribute by radius. 3. Default pool name should be explicidly configured with default-pool. 4. In ipoe netmask and range subnet can be different.
2023-12-01Merge pull request #2554 from indrajitr/ddclient-update-20231128Christian Breunig
ddclient: T5791: Update dynamic dns configuration path for consistency
2023-12-01Merge pull request #2547 from aapostoliuk/T4704-circinusChristian Breunig
policy: T4704: Allowed to set metric (MED) to (+/-)rtt
2023-11-30ddclient: T5791: Update smoketest for dynamic dns config path changeIndrajit Raychaudhuri
2023-11-30policy: T4704: Allowed to set metric (MED) to (+/-)rttaapostoliuk
Allowed to set metric (MED) to (+/-)rtt in the route-map.
2023-11-28Merge pull request #2542 from jestabro/single-owner-https-configJohn Estabrook
http-api: T5782: use single config-mode script for https and http-api
2023-11-27smoketest: T31: remove VRF failfast unittest aargumentChristian Breunig
2023-11-26http-api: T5782: use single config-mode script for https and http-apiJohn Estabrook
2023-11-26smoketest: T5783: check for any abnormal daemon terminationChristian Breunig
We need to ensure when stressing FRR with the smoketests that no unexpected crash happens. We simply verify the PID of the individual FRR daemons.
2023-11-24T5775: firewall: re-add state-policy to firewall. These commands are now ↵Nicolas Fort
included in <set firewall global-options state-policy> node.
2023-11-22Merge pull request #2522 from dmbaturin/require-api-keysChristian Breunig
https api: T5772: check if keys are configured unless PAM auth is enabled for GraphQL
2023-11-22Merge pull request #2528 from nicolas-fort/T5637-Extend-bridgeChristian Breunig
T5637: firewall: extend rule for default-action to firewall bridge
2023-11-22Merge pull request #2527 from c-po/t5630-mru-part-2Christian Breunig
pppoe: T5630: make MRU default to MTU if unspecified
2023-11-22T5637: firewall: extend rule for default-action to firewall bridge, in order ↵Nicolas Fort
to be able to catch logs using separte rule for default-action
2023-11-22pppoe: T5630: make MRU default to MTU if unspecifiedChristian Breunig
This fixes the implementation in e062a8c11 ("pppoe: T5630: allow to specify MRU in addition to already configurable MTU") and restores the bahavior that MRU defaults to MTU if MRU is not explicitly set. This was the behavior in VyOS 1.3.3 and below before we added ability to define the MRU value.
2023-11-22vxlan: T5759: change default MTU from 1450 -> 1500 bytesChristian Breunig
Found an odd behavior on Linux and the VyOS CLI implementation. If adding VXLAN interfaces using iproute2 the MTU differs depending on the creation syntax: ip -4 link add vxlan100 type vxlan dstport 4789 external df unset tos inherit \ ttl 16 nolearning vnifilter local 172.16.33.201 ip -4 link add vxlan200 type vxlan id 200 dstport 4789 local 172.16.33.201 dev eth0 ip -6 link add vxlan300 type vxlan id 300 dstport 4789 local 2001:db8:1::1 dev eth0 132: vxlan300: <BROADCAST,MULTICAST> mtu 1430 qdisc noop state DOWN group default qlen 1000 link/ether 4e:fb:e3:f5:d9:59 brd ff:ff:ff:ff:ff:ff 133: vxlan200: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000 link/ether 0e:4e:f4:76:59:3f brd ff:ff:ff:ff:ff:ff 134: vxlan100: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether ba:b6:b7:0c:b1:37 brd ff:ff:ff:ff:ff:ff VyOS always sets a default MTU of 1450 bytes which is correct for IPv4 p2p links or multicast, but invalid for IPv6 p2p. Also this will break EVPN deployments as ethernet bridges with MTU < 1500 bytes are less fun. Increase default MTU to 1500 bytes. Migrate old configurations to use 1450 bytes if not specified otherwise on the CLI.
2023-11-22Merge pull request #2499 from c-po/t5753-vxlan-vnifilterChristian Breunig
vxlan: T5753: add support for VNI filtering
2023-11-21Merge pull request #2519 from c-po/t5762-vhost-portJohn Estabrook
http: T5762: rename "virtual-host listen-port" -> "virtual-host port"
2023-11-22https api: T5772: check if keys are configuredDaniil Baturin
unless PAM auth is enabled for GraphQL
2023-11-21smoketest: macsec: T5770: fix NameError: name 'cipher' is not definedChristian Breunig
2023-11-21macsec: T5770: enable iproute2 "encrypt on" stanzaGiga Murphy
2023-11-21http: T5762: rename "virtual-host listen-port" -> "virtual-host port"Christian Breunig
This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components.
2023-11-20Merge pull request #2508 from c-po/t5762-https-api-socketDaniil Baturin
http: T5762: api: make API socket backend communication the one and only default
2023-11-20http: T5762: api: make API socket backend communication the one and only defaultChristian Breunig
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy.
2023-11-19dhcp-client: T5760: add CLI option to pass user-class parameterChristian Breunig
Example: set interfaces ethernet eth0 dhcp-options user-class VyOS or set interfaces ethernet eth0 dhcp-options user-class 56:79:4f:53
2023-11-19dhcp-client: T5760: add constraints for dhclient string optionsChristian Breunig
The string data type specifies either an NVT ASCII string enclosed in double quotes, or a series of octets specified in hexadecimal, separated by colons. For example: set interfaces ethernet eth0 dhcp-options client-id CLIENT-FOO or set interfaces ethernet eth0 dhcp-options client-id 43:4c:49:45:54:2d:46:4f:4f As of now there was no input validation performed.
2023-11-18vxlan: T5753: add support for VNI filteringChristian Breunig
In a service provider network a service provider typically supports multiple bridge domains with overlapping vlans. One bridge domain per customer. Vlans in each bridge domain are mapped to globally unique VXLAN VNI ranges assigned to each customer. Without the ability of VNI filtering, we can not provide VXLAN tunnels with multiple tenants all requiring e.g. VLAN 10. To Test: set interfaces vxlan vxlan987 parameters external set interfaces vxlan vxlan987 source-interface eth0 set interfaces vxlan vxlan987 parameters vni-filter set interfaces vxlan vxlan987 vlan-to-vni 50 vni 10050 set interfaces vxlan vxlan987 vlan-to-vni 51 vni 10051 set interfaces vxlan vxlan987 vlan-to-vni 52 vni 10052 set interfaces vxlan vxlan987 vlan-to-vni 53 vni 10053 set interfaces vxlan vxlan987 vlan-to-vni 54 vni 10054 set interfaces vxlan vxlan987 vlan-to-vni 60 vni 10060 set interfaces vxlan vxlan987 vlan-to-vni 69 vni 10069 set interfaces bridge br0 member interface vxlan987 Add new op-mode command: show bridge vni Interface VNI ----------- ----------- vxlan987 10050-10054 vxlan987 10060 vxlan987 10069
2023-11-16Merge pull request #2481 from sever-sever/smoketest-apiChristian Breunig
smoketest: Extend HTTP-API tests