diff options
| -rw-r--r-- | debian/control | 1 | ||||
| -rw-r--r-- | debian/vyos-1x.install | 1 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_interfaces_pppoe.py | 4 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_service_webproxy.py | 31 | ||||
| -rwxr-xr-x | smoketest/scripts/cli/test_system_login.py | 13 | ||||
| -rwxr-xr-x | src/etc/netplug/linkdown.d/dhclient | 65 | ||||
| -rwxr-xr-x | src/etc/netplug/linkup.d/dhclient | 64 |
7 files changed, 171 insertions, 8 deletions
diff --git a/debian/control b/debian/control index 5e9e708b4..89c7beb8a 100644 --- a/debian/control +++ b/debian/control @@ -61,6 +61,7 @@ Depends: lsscsi, mdns-repeater, mtr-tiny, + netplug, nftables (>= 0.9.3), nginx-light, ntp, diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install index 6d5026e91..e69d85b66 100644 --- a/debian/vyos-1x.install +++ b/debian/vyos-1x.install @@ -1,4 +1,5 @@ etc/dhcp +etc/netplug etc/ppp etc/rsyslog.d etc/systemd diff --git a/smoketest/scripts/cli/test_interfaces_pppoe.py b/smoketest/scripts/cli/test_interfaces_pppoe.py index ec256cb43..dc63a14a0 100755 --- a/smoketest/scripts/cli/test_interfaces_pppoe.py +++ b/smoketest/scripts/cli/test_interfaces_pppoe.py @@ -45,7 +45,7 @@ def get_dhcp6c_config_value(interface, key): class PPPoEInterfaceTest(unittest.TestCase): def setUp(self): self.session = ConfigSession(os.getpid()) - self._interfaces = ['pppoe0', 'pppoe50'] + self._interfaces = ['pppoe10', 'pppoe20', 'pppoe30'] self._source_interface = 'eth0' def tearDown(self): @@ -155,7 +155,7 @@ class PPPoEInterfaceTest(unittest.TestCase): # after the PPP interface gets a link to the ISP - but we can see if # it would be started by the scripts tmp = read_file(f'/etc/ppp/ipv6-up.d/1000-vyos-pppoe-{interface}') - tmp = re.findall(f'systemctl start dhcp6c@{interface}.service', tmp) + tmp = re.findall(f'systemctl restart dhcp6c@{interface}.service', tmp) self.assertTrue(tmp) if __name__ == '__main__': diff --git a/smoketest/scripts/cli/test_service_webproxy.py b/smoketest/scripts/cli/test_service_webproxy.py index 01716944d..ff7866a9a 100755 --- a/smoketest/scripts/cli/test_service_webproxy.py +++ b/smoketest/scripts/cli/test_service_webproxy.py @@ -173,7 +173,36 @@ class TestServiceWebProxy(unittest.TestCase): # Check for running process self.assertTrue(process_named_running(PROCESS_NAME)) - def test_04_basic_squidguard(self): + def test_04_cache_peer(self): + self.session.set(base_path + ['listen-address', listen_ip]) + + cache_peers = { + 'foo' : '192.0.2.1', + 'bar' : '192.0.2.2', + 'baz' : '192.0.2.3', + } + for peer in cache_peers: + self.session.set(base_path + ['cache-peer', peer, 'address', cache_peers[peer]]) + if peer == 'baz': + self.session.set(base_path + ['cache-peer', peer, 'type', 'sibling']) + + # commit changes + self.session.commit() + + config = read_file(PROXY_CONF) + self.assertIn('never_direct allow all', config) + + for peer in cache_peers: + address = cache_peers[peer] + if peer == 'baz': + self.assertIn(f'cache_peer {address} sibling 3128 0 no-query default', config) + else: + self.assertIn(f'cache_peer {address} parent 3128 0 no-query default', config) + + # Check for running process + self.assertTrue(process_named_running(PROCESS_NAME)) + + def test_05_basic_squidguard(self): default_cache = '100' local_block = ['192.0.0.1', '10.0.0.1', 'block.vyos.net'] diff --git a/smoketest/scripts/cli/test_system_login.py b/smoketest/scripts/cli/test_system_login.py index 48ae78ccf..d3324b8aa 100755 --- a/smoketest/scripts/cli/test_system_login.py +++ b/smoketest/scripts/cli/test_system_login.py @@ -19,6 +19,7 @@ import re import platform import unittest +from distutils.version import LooseVersion from platform import release as kernel_version from subprocess import Popen, PIPE @@ -72,11 +73,13 @@ class TestSystemLogin(unittest.TestCase): kernel = platform.release() kernel_config = read_file(f'/boot/config-{kernel}') - # T2886 - RADIUS authentication - check for statically compiled - # options (=y) - for option in ['CONFIG_AUDIT', 'CONFIG_HAVE_ARCH_AUDITSYSCALL', - 'CONFIG_AUDITSYSCALL', 'CONFIG_AUDIT_WATCH', - 'CONFIG_AUDIT_TREE', 'CONFIG_AUDIT_ARCH']: + # T2886 - RADIUS authentication - check for statically compiled options + options = ['CONFIG_AUDIT', 'CONFIG_AUDITSYSCALL', 'CONFIG_AUDIT_ARCH'] + if LooseVersion(kernel_version()) < LooseVersion('5.0'): + options.append('CONFIG_AUDIT_WATCH') + options.append('CONFIG_AUDIT_TREE') + + for option in options: self.assertIn(f'{option}=y', kernel_config) def test_radius_config(self): diff --git a/src/etc/netplug/linkdown.d/dhclient b/src/etc/netplug/linkdown.d/dhclient new file mode 100755 index 000000000..555ff9134 --- /dev/null +++ b/src/etc/netplug/linkdown.d/dhclient @@ -0,0 +1,65 @@ +#!/usr/bin/perl +# +# Module: dhclient +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# A copy of the GNU General Public License is available as +# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +# You can also obtain it by writing to the Free Software Foundation, +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: November 2008 +# Description: Script to release lease on link down +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use Vyatta::Config; +use Vyatta::Misc; + +use strict; +use warnings; + +sub stop_dhclient { + my $intf = shift; + my $dhcp_daemon = '/sbin/dhclient'; + my ($intf_config_file, $intf_process_id_file, $intf_leases_file) = Vyatta::Misc::generate_dhclient_intf_files($intf); + my $release_cmd = "sudo $dhcp_daemon -q -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file -r $intf 2> /dev/null;"; + $release_cmd .= "sudo rm -f $intf_process_id_file 2> /dev/null"; + system ($release_cmd); +} + + +# +# main +# + +my $dev=shift; + +# only do this if interface is configured to use dhcp for getting IP address +if (Vyatta::Misc::is_dhcp_enabled($dev, "outside_cli")) { + # do a dhcp lease release for interface + stop_dhclient($dev); +} + +exit 0; + +# end of file + diff --git a/src/etc/netplug/linkup.d/dhclient b/src/etc/netplug/linkup.d/dhclient new file mode 100755 index 000000000..8e50715fd --- /dev/null +++ b/src/etc/netplug/linkup.d/dhclient @@ -0,0 +1,64 @@ +#!/usr/bin/perl +# +# Module: dhclient +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# A copy of the GNU General Public License is available as +# `/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution +# or on the World Wide Web at `http://www.gnu.org/copyleft/gpl.html'. +# You can also obtain it by writing to the Free Software Foundation, +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, +# MA 02110-1301, USA. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2008 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Mohit Mehta +# Date: November 2008 +# Description: Script to renew lease on link up +# +# **** End License **** +# + +use lib "/opt/vyatta/share/perl5/"; +use Vyatta::Config; +use Vyatta::Misc; + +use strict; +use warnings; + +sub run_dhclient { + my $intf = shift; + my $dhcp_daemon = '/sbin/dhclient'; + my ($intf_config_file, $intf_process_id_file, $intf_leases_file) = Vyatta::Misc::generate_dhclient_intf_files($intf); + my $cmd = "sudo $dhcp_daemon -pf $intf_process_id_file -x $intf 2> /dev/null; sudo rm -f $intf_process_id_file 2> /dev/null;"; + $cmd .= "sudo $dhcp_daemon -q -nw -cf $intf_config_file -pf $intf_process_id_file -lf $intf_leases_file $intf 2> /dev/null &"; + system ($cmd); +} + +# +# main +# + +my $dev=shift; + +# only do this if interface is configured to use dhcp for getting IP address +if (Vyatta::Misc::is_dhcp_enabled($dev, "outside_cli")) { + # do a dhcp lease renew for interface + run_dhclient($dev); +} + +exit 0; + +# end of file + |