diff options
author | Christian Breunig <christian@breunig.cc> | 2024-03-20 20:53:47 +0100 |
---|---|---|
committer | Mergify <37929162+mergify[bot]@users.noreply.github.com> | 2024-03-21 09:23:10 +0000 |
commit | c104f9aea60416dbff3bf8de994921069ee6a928 (patch) | |
tree | 451d395fa95b2584c1df017238d1999c9c1a6607 /smoketest | |
parent | f7a005ebecdfabc0a0af75ed9ad84b44ef1d6d5b (diff) | |
download | vyos-1x-c104f9aea60416dbff3bf8de994921069ee6a928.tar.gz vyos-1x-c104f9aea60416dbff3bf8de994921069ee6a928.zip |
vti: T6085: interface is always down and only enabled by IPSec daemon
When a VTI interface is just created, it is in ADMIN UP state by default, even
if an IPSec peer is not connected. After the peer is disconnected the interface
goes to DOWN state as expected.
This breaks routing logic - for example, static routes through VTI interfaces
will be active even if a peer is not connected.
This changes to logic so ADMIN UP/DOWN state can only be changed by the
vti-up-down helper script.
Error was introduced during the Perl -> Python migration and move to the generic
vyos.ifconfig abstraction during the 1.4 development cycle.
(cherry picked from commit 9eb018c4935235d292d7c693ac15da5761be064a)
Diffstat (limited to 'smoketest')
-rwxr-xr-x | smoketest/scripts/cli/test_interfaces_vti.py | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_interfaces_vti.py b/smoketest/scripts/cli/test_interfaces_vti.py index 7f13575a3..871ac650b 100755 --- a/smoketest/scripts/cli/test_interfaces_vti.py +++ b/smoketest/scripts/cli/test_interfaces_vti.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2023-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -18,6 +18,9 @@ import unittest from base_interfaces_test import BasicInterfaceTest +from vyos.ifconfig import Interface +from vyos.utils.network import is_intf_addr_assigned + class VTIInterfaceTest(BasicInterfaceTest.TestCase): @classmethod def setUpClass(cls): @@ -27,5 +30,19 @@ class VTIInterfaceTest(BasicInterfaceTest.TestCase): # call base-classes classmethod super(VTIInterfaceTest, cls).setUpClass() + def test_add_single_ip_address(self): + addr = '192.0.2.0/31' + for intf in self._interfaces: + self.cli_set(self._base_path + [intf, 'address', addr]) + for option in self._options.get(intf, []): + self.cli_set(self._base_path + [intf] + option.split()) + + self.cli_commit() + + # VTI interface are always down and only brought up by IPSec + for intf in self._interfaces: + self.assertTrue(is_intf_addr_assigned(intf, addr)) + self.assertEqual(Interface(intf).get_admin_state(), 'down') + if __name__ == '__main__': unittest.main(verbosity=2) |