summaryrefslogtreecommitdiff
path: root/smoketest
AgeCommit message (Collapse)Author
2024-07-25vrf: T6602: verify supplied VRF name on all interface types (#3870)mergify[bot]
Only some (e.g. ethernet or wireguard) interfaces validate if the supplied VRF actually exists. If this is not validated, one can pass an invalid VRF to the system which generates an OSError exception. To reproduce set interfaces vxlan vxlan1 vni 1000 set interfaces vxlan vxlan1 remote 1.2.3.4 set interfaces vxlan vxlan1 vrf smoketest results in OSError: [Errno 255] failed to run command: ip link set dev vxlan1 master smoketest_mgmt This commit adds the missing verify_vrf() call to the missing interface types and an appropriate smoketest for all interfaces supporting VRF assignment. (cherry picked from commit dd0ebffa33728e452ac6e11737c2283f0e390359) Co-authored-by: Christian Breunig <christian@breunig.cc>
2024-07-24smoketest: T6600: ospf: enable MPLS LDP on dummy interfacesChristian Breunig
(cherry picked from commit 71926f64385d7ab66431c60afa1fc8554ad7e2dc)
2024-07-22smoketest: T6406: use check_kmod() helper over native call()Christian Breunig
(cherry picked from commit 8bf6687b5276589e64988c3c54dbf61a628ee2a0)
2024-07-22smoketest: T6597: add "commit" debug informationChristian Breunig
(cherry picked from commit f6485f7df8713298d81ec0d45c548417db111523)
2024-07-22wireless: T6320: add 802.11ax at 6GHzAlain Lamar
Authored-By: Alain Lamar <alain_lamar@yahoo.de> (cherry picked from commit d5e988ba2d0fa0189feff22374c9b46eb49e2e79)
2024-07-22wireless: T6425: adjust to latest country-code changesChristian Breunig
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide configuration") removed the per wifi interface setting for a country-code. This commit adjust the smoketests to the new design. (cherry picked from commit 312273c9569d973c510d871adb941709804d8868)
2024-07-22wireless: T6425: Add smoketests for VHT beamformingAlain Lamar
(cherry picked from commit 578fbe0eb436697132e5a738fec5a4ac61ced8da)
2024-07-22T6599: ipsec: fix incorect default behavior for dead-peer-detectionLucas Christian
(cherry picked from commit 23a3419d512139650cfe3dc76759b370b0c0c3d6)
2024-07-22T6599: ipsec: support disabling rekey of CHILD_SA.Lucas Christian
Also adds support for life_bytes, life_packets, and DPD for remote-access connections. Changes behavior of remote-access esp-group lifetime setting to have parity with site-to-site connections. (cherry picked from commit fd5d7ff0b4fd69b248ecb29c6ec1f3cf844c41cf)
2024-07-20utils: migrate to new get_vrf_tableid() helperChristian Breunig
Commit 452068ce7 ("interfaces: T6592: moving an interface between VRF instances failed") introduced a new helper to retrieve the VRF table ID from the Kernel. This commit migrates the old code path where the individual fields got queried to the new helper vyos.utils.network.get_vrf_tableid(). (cherry picked from commit 36f3791e0c15267483d59a3bb74465811d08df88)
2024-07-20interfaces: T6592: moving an interface between VRF instances failedChristian Breunig
To reproduce: set vrf name mgmt table '150' set vrf name no-mgmt table '151' set interfaces ethernet eth2 vrf 'mgmt' commit set interfaces ethernet eth2 vrf no-mgmt commit This resulted in an error while interacting with nftables: [Errno 1] failed to run command: nft add element inet vrf_zones ct_iface_map { "eth2" : 151 } The reason is that the old mapping entry still exists and was not removed. This commit adds a new utility function get_vrf_tableid() and compares the current and new VRF table IDs assigned to an interface. If the IDs do not match, the nftables ct_iface_map entry is removed before the new entry is added. (cherry picked from commit 452068ce78581bb6fba2df4dba197e95b9aeb33d)
2024-07-17configdep: T6559: add smoketest of dependency script errorJohn Estabrook
(cherry picked from commit ad43aa885a8ef689da212088d6ebb37c32d72883)
2024-07-03Merge pull request #3757 from natali-rs1985/T5487-currentChristian Breunig
openvpn: T5487: Remove deprecated option --cipher for server and client mode
2024-07-03ssh: T5878: Allow changing the PubkeyAcceptedAlgorithms optionkhramshinr
(cherry picked from commit 06e6e011cdf12e8d10cf1f6d4d848fd5db51720d)
2024-07-03openvpn: T5487: Remove deprecated option --cipher for server and client modeNataliia Solomko
2024-06-28T6477: Add telegraf loki output pluginViacheslav Hletenko
Add Loki plugin to telegraf set service monitoring telegraf loki url xxx (cherry picked from commit 3365eb7ab99fa9a259fe440eb51e82fc0a0a4dc6)
2024-06-24smoketest: T6510: ensure one cannot delete the current user in "system login"Christian Breunig
(cherry picked from commit 4c7719efa27d9d2966b70b924c90aa2c90022388)
2024-06-19macsec: T5447: fix error message syntax - there is no tx and rx key, only keyChristian Breunig
(cherry picked from commit f29caa824c02c833a3978b9236391e4277c1a6ba)
2024-06-13Merge pull request #3639 from natali-rs1985/T5487-currentDaniil Baturin
openvpn: T5487: Remove deprecated option --cipher for server and client mode
2024-06-11openvpn: T5487: Remove eprecated option --cipher for server and client modeNataliia Solomko
2024-06-11firewall: T3900: fix migration and smoketestsChristian Breunig
Commit 770edf016838523 ("T3900: T6394: extend functionalities in firewall") changed the position in the CLI for conntrack timeout. This lead to failing smoketests because of a regression in the migrator.
2024-06-10Merge pull request #3606 from c-po/utils-cpu-T5195Christian Breunig
vyos.utils: T5195: import vyos.cpu to this package
2024-06-10T6219: align with system sysctl and limit parameters to supportedNicolas Vollmar
2024-06-10container: T6219: Add support for container sysctl / kernel parametersBen Pilgrim
2024-06-10vyos.utils: T5195: import vyos.cpu to this packageChristian Breunig
The intention of vyos.utils package is to have a common ground for repeating actions/helpers. This is also true for number of CPUs and their respective core count. Move vyos.cpu to vyos.utils.cpu
2024-06-06Merge pull request #3578 from nicolas-fort/raw-hookDaniil Baturin
T3900: Add support for raw tables in firewall
2024-06-05Merge pull request #3571 from fett0/T6429Daniil Baturin
isis: T6429: fix isis metric-style configuration missing
2024-06-04ISIS: T6332: add smoketest optionfett0
2024-06-04T3900: T6394: extend functionalities in firewall; move netfilter sysctl ↵Nicolas Fort
timeout parameters defined in conntrack to firewall global-opton section.
2024-06-03reverse-proxy: T6434: Support additional healthcheck options (#3574)Alex W
2024-05-31Merge pull request #3557 from haimgel/T6422/allow-multiple-ns-recordsChristian Breunig
dns: T6422: allow multiple redundant NS records
2024-05-31T5307: QoS - traffic-class-map services (#3492)Roman Khramshin
added new syntax to work with class match filters in QoS policy
2024-05-30T6422: Smoke test for NS record configration in authoritative DNS, typo & ↵Haim Gelfenbeyn
style fixes
2024-05-30Merge pull request #3510 from HollyGurza/T4576Daniil Baturin
T4576: Accel-ppp logging level configuration
2024-05-30Merge pull request #3546 from c-po/haproxyChristian Breunig
reverse-proxy: T6419: build full CA chain when verifying backend server
2024-05-29reverse-proxy: T5231: better mark v4v6 listen any addressChristian Breunig
haproxy supports both ":::80 v4v6" and "[::]:80 v4v6" as listen statement, where the later one is more humand readable. Both act in the same way.
2024-05-29Merge pull request #3534 from sever-sever/T6411Daniil Baturin
T6411: CGNAT fix sequences for external address ranges
2024-05-29Merge pull request #3537 from fett0/T6332Christian Breunig
ISIS: T6332: Fix isis not working only ipv6
2024-05-29ISIS: T6332: Fix isis not working only ipv6fett0
2024-05-28Merge pull request #3529 from HollyGurza/T5786Christian Breunig
T5786: Add set/show system image to /image endpoint
2024-05-28T6411: CGNAT fix sequences for external address rangesViacheslav Hletenko
Fix the bug where address external alocation was not rely on sequences of the external IP addresses (if set)
2024-05-28T6406: rename cpus to cpuNicolas Vollmar
2024-05-28T6406: add container cpu limit optionNicolas Vollmar
2024-05-27T6406: check for required kernel configNicolas Vollmar
2024-05-27T5786: Add set/show system image to /image endpointkhramshinr
2024-05-27T4576: Accel-ppp logging level configurationkhramshinr
add ability to change logging level config for: * VPN L2TP * VPN PPTP * VPN SSTP * IPoE Server * PPPoE Serve
2024-05-26smoketest: T6395: check for VFIO options to be presentChristian Breunig
2024-05-23Merge pull request #3487 from Embezzle/T6370Christian Breunig
reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responses
2024-05-22nat: T6345: source NAT port mapping "fully-random" is superfluous in Kernel ↵Christian Breunig
>=5.0 random - In kernel 5.0 and newer this is the same as fully-random. In earlier kernels the port mapping will be randomized using a seeded MD5 hash mix using source and destination address and destination port. https://git.netfilter.org/nftables/commit/?id=fbe27464dee4588d906492749251454
2024-05-21reverse-proxy: T6370: Set custom HTTP headers in reverse-proxy responsesAlex W