diff options
Diffstat (limited to 'smoketest')
20 files changed, 775 insertions, 149 deletions
diff --git a/smoketest/config-tests/container-simple b/smoketest/config-tests/container-simple index 299af64cb..cc80ef4cf 100644 --- a/smoketest/config-tests/container-simple +++ b/smoketest/config-tests/container-simple @@ -8,5 +8,6 @@ set container name c01 capability 'net-bind-service' set container name c01 capability 'net-raw' set container name c01 image 'busybox:stable' set container name c02 allow-host-networks +set container name c02 allow-host-pid set container name c02 capability 'sys-time' set container name c02 image 'busybox:stable' diff --git a/smoketest/config-tests/nat-basic b/smoketest/config-tests/nat-basic new file mode 100644 index 000000000..9fea08b02 --- /dev/null +++ b/smoketest/config-tests/nat-basic @@ -0,0 +1,85 @@ +set interfaces ethernet eth0 offload rps +set interfaces ethernet eth0 disable +set interfaces ethernet eth1 offload gro +set interfaces ethernet eth1 offload gso +set interfaces ethernet eth1 offload rps +set interfaces ethernet eth1 offload sg +set interfaces ethernet eth1 offload tso +set interfaces ethernet eth2 offload gro +set interfaces ethernet eth2 offload gso +set interfaces ethernet eth2 offload rps +set interfaces ethernet eth2 offload sg +set interfaces ethernet eth2 offload tso +set interfaces ethernet eth3 offload gro +set interfaces ethernet eth3 offload gso +set interfaces ethernet eth3 offload rps +set interfaces ethernet eth3 offload sg +set interfaces ethernet eth3 offload tso +set interfaces bonding bond10 hash-policy 'layer3+4' +set interfaces bonding bond10 member interface 'eth2' +set interfaces bonding bond10 member interface 'eth3' +set interfaces bonding bond10 mode '802.3ad' +set interfaces bonding bond10 vif 50 address '192.168.189.1/24' +set interfaces loopback lo +set interfaces pppoe pppoe7 authentication password 'vyos' +set interfaces pppoe pppoe7 authentication username 'vyos' +set interfaces pppoe pppoe7 dhcpv6-options pd 0 interface bond10.50 address '1' +set interfaces pppoe pppoe7 dhcpv6-options pd 0 length '56' +set interfaces pppoe pppoe7 ip adjust-mss '1452' +set interfaces pppoe pppoe7 ipv6 address autoconf +set interfaces pppoe pppoe7 ipv6 adjust-mss '1432' +set interfaces pppoe pppoe7 mtu '1492' +set interfaces pppoe pppoe7 no-peer-dns +set interfaces pppoe pppoe7 source-interface 'eth1' +set service lldp interface eth1 disable +set service ntp allow-client address '192.168.189.0/24' +set service ntp server time1.vyos.net +set service ntp server time2.vyos.net +set service ntp listen-address '192.168.189.1' +set service ssh dynamic-protection +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 lease '604800' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option default-router '192.168.189.1' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option domain-name 'vyos.net' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '1.1.1.1' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 option name-server '9.9.9.9' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 start '192.168.189.20' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 range 0 stop '192.168.189.254' +set service dhcp-server shared-network-name LAN subnet 192.168.189.0/24 subnet-id '1' +set service router-advert interface bond10.50 prefix ::/64 preferred-lifetime '2700' +set service router-advert interface bond10.50 prefix ::/64 valid-lifetime '5400' +set system config-management commit-revisions '100' +set system domain-name 'vyos.net' +set system host-name 'R1' +set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/' +set system login user vyos authentication plaintext-password '' +set system name-server '1.1.1.1' +set system name-server '9.9.9.9' +set system console device ttyS0 speed '115200' +set nat destination rule 1000 destination port '3389' +set nat destination rule 1000 inbound-interface name 'pppoe7' +set nat destination rule 1000 protocol 'tcp' +set nat destination rule 1000 translation address '192.168.189.5' +set nat destination rule 1000 translation port '3389' +set nat destination rule 10022 destination port '10022' +set nat destination rule 10022 inbound-interface name 'pppoe7' +set nat destination rule 10022 protocol 'tcp' +set nat destination rule 10022 translation address '192.168.189.2' +set nat destination rule 10022 translation port '22' +set nat destination rule 10300 destination port '10300' +set nat destination rule 10300 inbound-interface name 'pppoe7' +set nat destination rule 10300 protocol 'udp' +set nat destination rule 10300 translation address '192.168.189.2' +set nat destination rule 10300 translation port '10300' +set nat source rule 10 outbound-interface name 'eth1' +set nat source rule 10 source address '192.168.189.0/24' +set nat source rule 10 translation address 'masquerade' +set nat source rule 10 translation options port-mapping 'random' +set nat source rule 50 outbound-interface name 'pppoe7' +set nat source rule 50 protocol 'udp' +set nat source rule 50 source address '192.168.189.2' +set nat source rule 50 source port '10300' +set nat source rule 50 translation address 'masquerade' +set nat source rule 50 translation port '10300' +set nat source rule 100 outbound-interface name 'pppoe7' +set nat source rule 100 source address '192.168.189.0/24' +set nat source rule 100 translation address 'masquerade' diff --git a/smoketest/configs/container-simple b/smoketest/configs/container-simple index 05efe05e9..82983afb7 100644 --- a/smoketest/configs/container-simple +++ b/smoketest/configs/container-simple @@ -7,6 +7,7 @@ container { } name c02 { allow-host-networks + allow-host-pid cap-add sys-time image busybox:stable } diff --git a/smoketest/configs/nat-basic b/smoketest/configs/nat-basic new file mode 100644 index 000000000..52f369f34 --- /dev/null +++ b/smoketest/configs/nat-basic @@ -0,0 +1,256 @@ +interfaces { + bonding bond10 { + hash-policy "layer3+4" + member { + interface "eth2" + interface "eth3" + } + mode "802.3ad" + vif 50 { + address "192.168.189.1/24" + } + } + ethernet eth0 { + disable + offload { + gro + gso + rps + sg + tso + } + } + ethernet eth1 { + offload { + gro + gso + rps + sg + tso + } + } + ethernet eth2 { + offload { + gro + gso + rps + sg + tso + } + } + ethernet eth3 { + offload { + gro + gso + rps + sg + tso + } + } + loopback lo { + } + pppoe pppoe7 { + authentication { + password "vyos" + username "vyos" + } + dhcpv6-options { + pd 0 { + interface bond10.50 { + address "1" + } + length "56" + } + } + ip { + adjust-mss "1452" + } + ipv6 { + address { + autoconf + } + adjust-mss "1432" + } + mtu "1492" + no-peer-dns + source-interface "eth1" + } +} +nat { + destination { + rule 1000 { + destination { + port "3389" + } + inbound-interface { + name "pppoe7" + } + protocol "tcp" + translation { + address "192.168.189.5" + port "3389" + } + } + rule 10022 { + destination { + port "10022" + } + inbound-interface { + name "pppoe7" + } + protocol "tcp" + translation { + address "192.168.189.2" + port "22" + } + } + rule 10300 { + destination { + port "10300" + } + inbound-interface { + name "pppoe7" + } + protocol "udp" + translation { + address "192.168.189.2" + port "10300" + } + } + } + source { + rule 10 { + outbound-interface { + name "eth1" + } + source { + address "192.168.189.0/24" + } + translation { + address "masquerade" + options { + port-mapping fully-random + } + } + } + rule 50 { + outbound-interface { + name "pppoe7" + } + protocol "udp" + source { + address "192.168.189.2" + port "10300" + } + translation { + address "masquerade" + port "10300" + } + } + rule 100 { + outbound-interface { + name "pppoe7" + } + source { + address "192.168.189.0/24" + } + translation { + address "masquerade" + } + } + } +} +service { + dhcp-server { + shared-network-name LAN { + subnet 192.168.189.0/24 { + default-router "192.168.189.1" + domain-name "vyos.net" + lease "604800" + name-server "1.1.1.1" + name-server "9.9.9.9" + range 0 { + start "192.168.189.20" + stop "192.168.189.254" + } + } + } + } + lldp { + interface all { + } + interface eth1 { + disable + } + } + ntp { + allow-client { + address "192.168.189.0/24" + } + listen-address "192.168.189.1" + server time1.vyos.net { + } + server time2.vyos.net { + } + } + router-advert { + interface bond10.50 { + prefix ::/64 { + preferred-lifetime "2700" + valid-lifetime "5400" + } + } + } + ssh { + disable-host-validation + dynamic-protection { + } + } +} +system { + config-management { + commit-revisions "100" + } + conntrack { + modules { + ftp + h323 + nfs + pptp + sip + sqlnet + tftp + } + } + console { + device ttyS0 { + speed "115200" + } + } + domain-name "vyos.net" + host-name "R1" + login { + user vyos { + authentication { + encrypted-password $6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/ + plaintext-password "" + } + } + } + name-server "1.1.1.1" + name-server "9.9.9.9" + syslog { + global { + facility all { + level "info" + } + facility local7 { + level "debug" + } + } + } +} + +// Warning: Do not remove the following line. +// vyos-config-version: "bgp@5:broadcast-relay@1:cluster@2:config-management@1:conntrack@5:conntrack-sync@2:container@2:dhcp-relay@2:dhcp-server@8:dhcpv6-server@1:dns-dynamic@4:dns-forwarding@4:firewall@15:flow-accounting@1:https@6:ids@1:interfaces@32:ipoe-server@3:ipsec@13:isis@3:l2tp@9:lldp@2:mdns@1:monitoring@1:nat@7:nat66@3:ntp@3:openconnect@3:ospf@2:pim@1:policy@8:pppoe-server@10:pptp@5:qos@2:quagga@11:rip@1:rpki@2:salt@1:snmp@3:ssh@2:sstp@6:system@27:vrf@3:vrrp@4:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2" +// Release version: 1.4.0-epa3 diff --git a/smoketest/scripts/cli/base_accel_ppp_test.py b/smoketest/scripts/cli/base_accel_ppp_test.py index 383adc445..ab723e707 100644 --- a/smoketest/scripts/cli/base_accel_ppp_test.py +++ b/smoketest/scripts/cli/base_accel_ppp_test.py @@ -367,6 +367,27 @@ class BasicAccelPPPTest: ] ) + self.set( + [ + "authentication", + "radius", + "server", + radius_server, + "backup", + ] + ) + + self.set( + [ + "authentication", + "radius", + "server", + radius_server, + "priority", + "10", + ] + ) + # commit changes self.cli_commit() @@ -379,6 +400,8 @@ class BasicAccelPPPTest: self.assertEqual(f"acct-port=0", server[3]) self.assertEqual(f"req-limit=0", server[4]) self.assertEqual(f"fail-time=0", server[5]) + self.assertIn('weight=10', server) + self.assertIn('backup', server) def test_accel_ipv4_pool(self): self.basic_config(is_gateway=False, is_client_pool=False) diff --git a/smoketest/scripts/cli/test_cgnat.py b/smoketest/scripts/cli/test_cgnat.py new file mode 100755 index 000000000..c65c58820 --- /dev/null +++ b/smoketest/scripts/cli/test_cgnat.py @@ -0,0 +1,99 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2024 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import unittest + +from base_vyostest_shim import VyOSUnitTestSHIM +from vyos.configsession import ConfigSessionError + + +base_path = ['nat', 'cgnat'] +nftables_cgnat_config = '/run/nftables-cgnat.nft' + + +class TestCGNAT(VyOSUnitTestSHIM.TestCase): + @classmethod + def setUpClass(cls): + super(TestCGNAT, cls).setUpClass() + + # ensure we can also run this test on a live system - so lets clean + # out the current configuration :) + cls.cli_delete(cls, base_path) + + def tearDown(self): + self.cli_delete(base_path) + self.cli_commit() + self.assertFalse(os.path.exists(nftables_cgnat_config)) + + def test_cgnat(self): + internal_name = 'vyos-int-01' + external_name = 'vyos-ext-01' + internal_net = '100.64.0.0/29' + external_net = '192.0.2.1-192.0.2.2' + external_ports = '40000-60000' + ports_per_subscriber = '5000' + rule = '100' + + nftables_search = [ + ['map tcp_nat_map'], + ['map udp_nat_map'], + ['map icmp_nat_map'], + ['map other_nat_map'], + ['100.64.0.0 : 192.0.2.1 . 40000-44999'], + ['100.64.0.1 : 192.0.2.1 . 45000-49999'], + ['100.64.0.2 : 192.0.2.1 . 50000-54999'], + ['100.64.0.3 : 192.0.2.1 . 55000-59999'], + ['100.64.0.4 : 192.0.2.2 . 40000-44999'], + ['100.64.0.5 : 192.0.2.2 . 45000-49999'], + ['100.64.0.6 : 192.0.2.2 . 50000-54999'], + ['100.64.0.7 : 192.0.2.2 . 55000-59999'], + ['chain POSTROUTING'], + ['type nat hook postrouting priority srcnat'], + ['ip protocol tcp counter snat ip to ip saddr map @tcp_nat_map'], + ['ip protocol udp counter snat ip to ip saddr map @udp_nat_map'], + ['ip protocol icmp counter snat ip to ip saddr map @icmp_nat_map'], + ['counter snat ip to ip saddr map @other_nat_map'], + ] + + self.cli_set(base_path + ['pool', 'external', external_name, 'external-port-range', external_ports]) + self.cli_set(base_path + ['pool', 'external', external_name, 'range', external_net]) + + # allocation out of the available ports + with self.assertRaises(ConfigSessionError): + self.cli_set(base_path + ['pool', 'external', external_name, 'per-user-limit', 'port', '8000']) + self.cli_commit() + self.cli_set(base_path + ['pool', 'external', external_name, 'per-user-limit', 'port', ports_per_subscriber]) + + # internal pool not set + with self.assertRaises(ConfigSessionError): + self.cli_commit() + self.cli_set(base_path + ['pool', 'internal', internal_name, 'range', internal_net]) + + self.cli_set(base_path + ['rule', rule, 'source', 'pool', internal_name]) + # non-exist translation pool + with self.assertRaises(ConfigSessionError): + self.cli_set(base_path + ['rule', rule, 'translation', 'pool', 'fake-pool']) + self.cli_commit() + + self.cli_set(base_path + ['rule', rule, 'translation', 'pool', external_name]) + self.cli_commit() + + self.verify_nftables(nftables_search, 'ip cgnat', inverse=False, args='-s') + + +if __name__ == '__main__': + unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_interfaces_bonding.py b/smoketest/scripts/cli/test_interfaces_bonding.py index 419de774a..f436424b8 100755 --- a/smoketest/scripts/cli/test_interfaces_bonding.py +++ b/smoketest/scripts/cli/test_interfaces_bonding.py @@ -241,6 +241,34 @@ class BondingInterfaceTest(BasicInterfaceTest.TestCase): for member in self._members: self.assertIn(member, slaves) + def test_bonding_system_mac(self): + # configure member interfaces and system-mac + default_system_mac = '00:00:00:00:00:00' # default MAC is all zeroes + system_mac = '00:50:ab:cd:ef:11' + + for interface in self._interfaces: + for option in self._options.get(interface, []): + self.cli_set(self._base_path + [interface] + option.split()) + + self.cli_set(self._base_path + [interface, 'system-mac', system_mac]) + + self.cli_commit() + + # verify config + for interface in self._interfaces: + tmp = read_file(f'/sys/class/net/{interface}/bonding/ad_actor_system') + self.assertIn(tmp, system_mac) + + for interface in self._interfaces: + self.cli_delete(self._base_path + [interface, 'system-mac']) + + self.cli_commit() + + # verify default value + for interface in self._interfaces: + tmp = read_file(f'/sys/class/net/{interface}/bonding/ad_actor_system') + self.assertIn(tmp, default_system_mac) + def test_bonding_evpn_multihoming(self): id = '5' for interface in self._interfaces: diff --git a/smoketest/scripts/cli/test_interfaces_ethernet.py b/smoketest/scripts/cli/test_interfaces_ethernet.py index 8f387b23d..4843a40da 100755 --- a/smoketest/scripts/cli/test_interfaces_ethernet.py +++ b/smoketest/scripts/cli/test_interfaces_ethernet.py @@ -354,5 +354,15 @@ class EthernetInterfaceTest(BasicInterfaceTest.TestCase): out = loads(out) self.assertFalse(out[0]['autonegotiate']) + def test_ethtool_evpn_uplink_tarcking(self): + for interface in self._interfaces: + self.cli_set(self._base_path + [interface, 'evpn', 'uplink']) + + self.cli_commit() + + for interface in self._interfaces: + frrconfig = self.getFRRconfig(f'interface {interface}', daemon='zebra') + self.assertIn(f' evpn mh uplink', frrconfig) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index 83b00ac0c..b45754cae 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -236,6 +236,17 @@ class WirelessInterfaceTest(BasicInterfaceTest.TestCase): self.assertIn(interface, bridge_members) + # Now generate a VLAN on the bridge + self.cli_set(bridge_path + ['enable-vlan']) + self.cli_set(bridge_path + ['vif', '20', 'address', '10.0.0.1/24']) + + self.cli_commit() + + tmp = get_config_value(interface, 'bridge') + self.assertEqual(tmp, bridge) + tmp = get_config_value(interface, 'wds_sta') + self.assertEqual(tmp, '1') + self.cli_delete(bridge_path) def test_wireless_security_station_address(self): diff --git a/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py b/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py index c8b17316f..370a9276a 100755 --- a/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py +++ b/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py @@ -385,5 +385,26 @@ class TestLoadBalancingReverseProxy(VyOSUnitTestSHIM.TestCase): self.assertIn(f'mode {mode}', config) self.assertIn(f'server {bk_name} {bk_server}:{bk_server_port}', config) + def test_07_lb_reverse_proxy_http_response_headers(self): + # Setup base + self.configure_pki() + self.base_config() + + # Set example headers in both frontend and backend + self.cli_set(base_path + ['service', 'https_front', 'http-response-headers', 'Cache-Control', 'value', 'max-age=604800']) + self.cli_set(base_path + ['backend', 'bk-01', 'http-response-headers', 'Proxy-Backend-ID', 'value', 'bk-01']) + self.cli_commit() + + # Test headers are present in generated configuration file + config = read_file(HAPROXY_CONF) + self.assertIn('http-response set-header Cache-Control \'max-age=604800\'', config) + self.assertIn('http-response set-header Proxy-Backend-ID \'bk-01\'', config) + + # Test setting alongside modes other than http is blocked by validation conditions + self.cli_set(base_path + ['service', 'https_front', 'mode', 'tcp']) + with self.assertRaises(ConfigSessionError) as e: + self.cli_commit() + + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py index ee4445251..a0c6ab055 100755 --- a/smoketest/scripts/cli/test_policy.py +++ b/smoketest/scripts/cli/test_policy.py @@ -1923,6 +1923,66 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): self.assertEqual(sort_ip(tmp), sort_ip(original_second)) + def test_frr_individual_remove_T6283_T6250(self): + path = base_path + ['route-map'] + route_maps = ['RMAP-1', 'RMAP_2'] + seq = '10' + base_local_preference = 300 + base_table = 50 + + # T6250 + local_preference = base_local_preference + table = base_table + for route_map in route_maps: + self.cli_set(path + [route_map, 'rule', seq, 'action', 'permit']) + self.cli_set(path + [route_map, 'rule', seq, 'set', 'table', str(table)]) + self.cli_set(path + [route_map, 'rule', seq, 'set', 'local-preference', str(local_preference)]) + local_preference += 20 + table += 5 + + self.cli_commit() + + local_preference = base_local_preference + table = base_table + for route_map in route_maps: + config = self.getFRRconfig(f'route-map {route_map} permit {seq}', end='') + self.assertIn(f' set local-preference {local_preference}', config) + self.assertIn(f' set table {table}', config) + local_preference += 20 + table += 5 + + for route_map in route_maps: + self.cli_delete(path + [route_map, 'rule', '10', 'set', 'table']) + # we explicitly commit multiple times to be as vandal as possible to the system + self.cli_commit() + + local_preference = base_local_preference + for route_map in route_maps: + config = self.getFRRconfig(f'route-map {route_map} permit {seq}', end='') + self.assertIn(f' set local-preference {local_preference}', config) + local_preference += 20 + + # T6283 + seq = '20' + prepend = '100 100 100' + for route_map in route_maps: + self.cli_set(path + [route_map, 'rule', seq, 'action', 'permit']) + self.cli_set(path + [route_map, 'rule', seq, 'set', 'as-path', 'prepend', prepend]) + + self.cli_commit() + + for route_map in route_maps: + config = self.getFRRconfig(f'route-map {route_map} permit {seq}', end='') + self.assertIn(f' set as-path prepend {prepend}', config) + + for route_map in route_maps: + self.cli_delete(path + [route_map, 'rule', seq, 'set']) + # we explicitly commit multiple times to be as vandal as possible to the system + self.cli_commit() + + for route_map in route_maps: + config = self.getFRRconfig(f'route-map {route_map} permit {seq}', end='') + self.assertNotIn(f' set', config) def sort_ip(output): o = '\n'.join([' '.join(line.strip().split()) for line in output.strip().splitlines()]) diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py index 03daa34aa..ea2f561a4 100755 --- a/smoketest/scripts/cli/test_protocols_bgp.py +++ b/smoketest/scripts/cli/test_protocols_bgp.py @@ -1330,6 +1330,27 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase): self.assertIn(f'neighbor {ext_neighbors[1]} remote-as external', conf) self.assertIn(f'neighbor {ext_neighbors[1]} peer-group {ext_pg_name}', conf) + def test_bgp_29_peer_group_remote_as_equal_local_as(self): + self.cli_set(base_path + ['system-as', ASN]) + self.cli_set(base_path + ['peer-group', 'OVERLAY', 'local-as', f'{int(ASN) + 1}']) + self.cli_set(base_path + ['peer-group', 'OVERLAY', 'remote-as', f'{int(ASN) + 1}']) + self.cli_set(base_path + ['peer-group', 'OVERLAY', 'address-family', 'l2vpn-evpn']) + + self.cli_set(base_path + ['peer-group', 'UNDERLAY', 'address-family', 'ipv4-unicast']) + + self.cli_set(base_path + ['neighbor', '10.177.70.62', 'peer-group', 'UNDERLAY']) + self.cli_set(base_path + ['neighbor', '10.177.70.62', 'remote-as', 'external']) + + self.cli_set(base_path + ['neighbor', '10.177.75.1', 'peer-group', 'OVERLAY']) + self.cli_set(base_path + ['neighbor', '10.177.75.2', 'peer-group', 'OVERLAY']) + + self.cli_commit() + + conf = self.getFRRconfig(f'router bgp {ASN}') + + self.assertIn(f'neighbor OVERLAY remote-as {int(ASN) + 1}', conf) + self.assertIn(f'neighbor OVERLAY local-as {int(ASN) + 1}', conf) + def test_bgp_99_bmp(self): target_name = 'instance-bmp' target_address = '127.0.0.1' diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py index 1b9cc50fe..585c1dc89 100755 --- a/smoketest/scripts/cli/test_protocols_ospf.py +++ b/smoketest/scripts/cli/test_protocols_ospf.py @@ -16,6 +16,7 @@ import unittest +from time import sleep from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError @@ -480,6 +481,8 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase): # Commit main OSPF changes self.cli_commit() + sleep(10) + # Verify main OSPF changes frrconfig = self.getFRRconfig('router ospf', daemon=PROCESS_NAME) self.assertIn(f'router ospf', frrconfig) diff --git a/smoketest/scripts/cli/test_qos.py b/smoketest/scripts/cli/test_qos.py index fef1ff23a..5977b2f41 100755 --- a/smoketest/scripts/cli/test_qos.py +++ b/smoketest/scripts/cli/test_qos.py @@ -441,7 +441,6 @@ class TestQoS(VyOSUnitTestSHIM.TestCase): self.cli_commit() def test_08_random_detect(self): - self.skipTest('tc returns invalid JSON here - needs iproute2 fix') bandwidth = 5000 first = True @@ -467,8 +466,11 @@ class TestQoS(VyOSUnitTestSHIM.TestCase): bandwidth = 5000 for interface in self._interfaces: tmp = get_tc_qdisc_json(interface) - import pprint - pprint.pprint(tmp) + self.assertTrue('gred' in tmp.get('kind')) + self.assertEqual(8, len(tmp.get('options', {}).get('vqs'))) + self.assertEqual(8, tmp.get('options', {}).get('dp_cnt')) + self.assertEqual(0, tmp.get('options', {}).get('dp_default')) + self.assertTrue(tmp.get('options', {}).get('grio')) def test_09_rate_control(self): bandwidth = 5000 @@ -736,6 +738,27 @@ class TestQoS(VyOSUnitTestSHIM.TestCase): self.cli_commit() self.assertEqual('', cmd(f'tc filter show dev {interface}')) + def test_14_policy_limiter_marked_traffic(self): + policy_name = 'smoke_test' + base_policy_path = ['qos', 'policy', 'limiter', policy_name] + + self.cli_set(['qos', 'interface', self._interfaces[0], 'ingress', policy_name]) + self.cli_set(base_policy_path + ['class', '100', 'bandwidth', '20gbit']) + self.cli_set(base_policy_path + ['class', '100', 'burst', '3760k']) + self.cli_set(base_policy_path + ['class', '100', 'match', 'INTERNAL', 'mark', '100']) + self.cli_set(base_policy_path + ['class', '100', 'priority', '20']) + self.cli_set(base_policy_path + ['default', 'bandwidth', '1gbit']) + self.cli_set(base_policy_path + ['default', 'burst', '125000000b']) + self.cli_commit() + + tc_filters = cmd(f'tc filter show dev {self._interfaces[0]} ingress') + # class 100 + self.assertIn('filter parent ffff: protocol all pref 20 fw chain 0', tc_filters) + self.assertIn('action order 1: police 0x1 rate 20Gbit burst 3847500b mtu 2Kb action drop overhead 0b', tc_filters) + # default + self.assertIn('filter parent ffff: protocol all pref 255 basic chain 0', tc_filters) + self.assertIn('action order 1: police 0x2 rate 1Gbit burst 125000000b mtu 2Kb action drop overhead 0b', tc_filters) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_service_pppoe-server.py b/smoketest/scripts/cli/test_service_pppoe-server.py index 5a48b1f58..97c63d4cb 100755 --- a/smoketest/scripts/cli/test_service_pppoe-server.py +++ b/smoketest/scripts/cli/test_service_pppoe-server.py @@ -168,7 +168,14 @@ class TestServicePPPoEServer(BasicAccelPPPTest.TestCase): conf = ConfigParser(allow_no_value=True, delimiters='=') conf.read(self._config_file) - self.assertEqual(conf['pppoe']['pado-delay'], '10,20:200,-1:300') + self.assertEqual(conf['pppoe']['pado-delay'], '10,20:200,30:300') + + self.set(['pado-delay', 'disable', 'sessions', '400']) + self.cli_commit() + + conf = ConfigParser(allow_no_value=True, delimiters='=') + conf.read(self._config_file) + self.assertEqual(conf['pppoe']['pado-delay'], '10,20:200,30:300,-1:400') if __name__ == '__main__': diff --git a/smoketest/scripts/cli/test_service_upnp.py b/smoketest/scripts/cli/test_service_upnp.py deleted file mode 100755 index fd67b0ced..000000000 --- a/smoketest/scripts/cli/test_service_upnp.py +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2021-2024 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -import unittest - -from base_vyostest_shim import VyOSUnitTestSHIM - -from vyos.configsession import ConfigSessionError -from vyos.template import ip_from_cidr -from vyos.utils.file import read_file -from vyos.utils.process import process_named_running - -UPNP_CONF = '/run/upnp/miniupnp.conf' -DAEMON = 'miniupnpd' -interface = 'eth0' -base_path = ['service', 'upnp'] -address_base = ['interfaces', 'ethernet', interface, 'address'] - -ipv4_addr = '100.64.0.1/24' -ipv6_addr = '2001:db8::1/64' - -class TestServiceUPnP(VyOSUnitTestSHIM.TestCase): - @classmethod - def setUpClass(cls): - super(TestServiceUPnP, cls).setUpClass() - - # ensure we can also run this test on a live system - so lets clean - # out the current configuration :) - cls.cli_delete(cls, base_path) - - cls.cli_set(cls, address_base + [ipv4_addr]) - cls.cli_set(cls, address_base + [ipv6_addr]) - - @classmethod - def tearDownClass(cls): - cls.cli_delete(cls, address_base) - cls._session.commit() - - super(TestServiceUPnP, cls).tearDownClass() - - def tearDown(self): - # Check for running process - self.assertTrue(process_named_running(DAEMON)) - - self.cli_delete(base_path) - self.cli_commit() - - # Check for running process - self.assertFalse(process_named_running(DAEMON)) - - def test_ipv4_base(self): - self.cli_set(base_path + ['nat-pmp']) - self.cli_set(base_path + ['listen', interface]) - - # check validate() - WAN interface is mandatory - with self.assertRaises(ConfigSessionError): - self.cli_commit() - self.cli_set(base_path + ['wan-interface', interface]) - - self.cli_commit() - - config = read_file(UPNP_CONF) - self.assertIn(f'ext_ifname={interface}', config) - self.assertIn(f'listening_ip={interface}', config) - self.assertIn(f'enable_natpmp=yes', config) - self.assertIn(f'enable_upnp=yes', config) - - def test_ipv6_base(self): - v6_addr = ip_from_cidr(ipv6_addr) - - self.cli_set(base_path + ['nat-pmp']) - self.cli_set(base_path + ['listen', interface]) - self.cli_set(base_path + ['listen', v6_addr]) - - # check validate() - WAN interface is mandatory - with self.assertRaises(ConfigSessionError): - self.cli_commit() - self.cli_set(base_path + ['wan-interface', interface]) - - self.cli_commit() - - config = read_file(UPNP_CONF) - self.assertIn(f'ext_ifname={interface}', config) - self.assertIn(f'listening_ip={interface}', config) - self.assertIn(f'ipv6_listening_ip={v6_addr}', config) - self.assertIn(f'enable_natpmp=yes', config) - self.assertIn(f'enable_upnp=yes', config) - -if __name__ == '__main__': - unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_vpn_l2tp.py b/smoketest/scripts/cli/test_vpn_l2tp.py index 8c4e53895..07a7e2906 100755 --- a/smoketest/scripts/cli/test_vpn_l2tp.py +++ b/smoketest/scripts/cli/test_vpn_l2tp.py @@ -95,6 +95,29 @@ class TestVPNL2TPServer(BasicAccelPPPTest.TestCase): self.cli_set(base_path + ['authentication', 'protocols', 'chap']) self.cli_commit() + def test_l2tp_radius_server(self): + base_path = ['vpn', 'l2tp', 'remote-access'] + radius_server = "192.0.2.22" + radius_key = "secretVyOS" + + self.cli_set(base_path + ['authentication', 'mode', 'radius']) + self.cli_set(base_path + ['gateway-address', '192.0.2.1']) + self.cli_set(base_path + ['client-ip-pool', 'SIMPLE-POOL', 'range', '192.0.2.0/24']) + self.cli_set(base_path + ['default-pool', 'SIMPLE-POOL']) + self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'key', radius_key]) + self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'priority', '10']) + self.cli_set(base_path + ['authentication', 'radius', 'server', radius_server, 'backup']) + + # commit changes + self.cli_commit() + + # Validate configuration values + conf = ConfigParser(allow_no_value=True) + conf.read(self._config_file) + server = conf["radius"]["server"].split(",") + self.assertIn('weight=10', server) + self.assertIn('backup', server) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_vpn_sstp.py b/smoketest/scripts/cli/test_vpn_sstp.py index f0695d577..1a3e1df6e 100755 --- a/smoketest/scripts/cli/test_vpn_sstp.py +++ b/smoketest/scripts/cli/test_vpn_sstp.py @@ -75,6 +75,16 @@ class TestVPNSSTPServer(BasicAccelPPPTest.TestCase): config = read_file(self._config_file) self.assertIn(f'port={port}', config) + def test_sstp_host_name(self): + host_name = 'test.vyos.io' + self.set(['host-name', host_name]) + + self.basic_config() + self.cli_commit() + + config = read_file(self._config_file) + self.assertIn(f'host-name={host_name}', config) + if __name__ == '__main__': unittest.main(verbosity=2) diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py index f6e4181c0..243397dc2 100755 --- a/smoketest/scripts/cli/test_vrf.py +++ b/smoketest/scripts/cli/test_vrf.py @@ -18,7 +18,6 @@ import re import os import unittest -from netifaces import interfaces from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError @@ -27,6 +26,7 @@ from vyos.ifconfig import Section from vyos.utils.file import read_file from vyos.utils.network import get_interface_config from vyos.utils.network import is_intf_addr_assigned +from vyos.utils.network import interface_exists from vyos.utils.system import sysctl_read base_path = ['vrf'] @@ -60,7 +60,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): self.cli_delete(base_path) self.cli_commit() for vrf in vrfs: - self.assertNotIn(vrf, interfaces()) + self.assertFalse(interface_exists(vrf)) def test_vrf_vni_and_table_id(self): base_table = '1000' @@ -89,7 +89,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): iproute2_config = read_file('/etc/iproute2/rt_tables.d/vyos-vrf.conf') for vrf in vrfs: description = f'VyOS-VRF-{vrf}' - self.assertTrue(vrf in interfaces()) + self.assertTrue(interface_exists(vrf)) vrf_if = Interface(vrf) # validate proper interface description self.assertEqual(vrf_if.get_alias(), description) @@ -131,7 +131,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): loopbacks = ['127.0.0.1', '::1'] for vrf in vrfs: # Ensure VRF was created - self.assertIn(vrf, interfaces()) + self.assertTrue(interface_exists(vrf)) # Verify IP forwarding is 1 (enabled) self.assertEqual(sysctl_read(f'net.ipv4.conf.{vrf}.forwarding'), '1') self.assertEqual(sysctl_read(f'net.ipv6.conf.{vrf}.forwarding'), '1') @@ -171,7 +171,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): self.cli_commit() # Check if VRF has been created - self.assertTrue(vrf in interfaces()) + self.assertTrue(interface_exists(vrf)) table = str(int(table) + 1) self.cli_set(base + ['table', table]) @@ -228,7 +228,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): next_hop = f'192.0.{table}.1' prefix = f'10.0.{table}.0/24' - self.assertTrue(vrf in interfaces()) + self.assertTrue(interface_exists(vrf)) frrconfig = self.getFRRconfig(f'vrf {vrf}') self.assertIn(f' vni {table}', frrconfig) @@ -261,7 +261,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): # Apply VRF config self.cli_commit() # Ensure VRF got created - self.assertIn(vrf, interfaces()) + self.assertTrue(interface_exists(vrf)) # ... and IP addresses are still assigned for address in addresses: self.assertTrue(is_intf_addr_assigned(interface, address)) @@ -293,7 +293,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): loopbacks = ['127.0.0.1', '::1'] for vrf in vrfs: # Ensure VRF was created - self.assertIn(vrf, interfaces()) + self.assertTrue(interface_exists(vrf)) # Verify IP forwarding is 0 (disabled) self.assertEqual(sysctl_read(f'net.ipv4.conf.{vrf}.forwarding'), '0') self.assertEqual(sysctl_read(f'net.ipv6.conf.{vrf}.forwarding'), '0') @@ -425,7 +425,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): # Verify VRF configuration table = base_table for vrf in vrfs: - self.assertTrue(vrf in interfaces()) + self.assertTrue(interface_exists(vrf)) frrconfig = self.getFRRconfig(f'vrf {vrf}') self.assertIn(f' vni {table}', frrconfig) @@ -447,7 +447,7 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): # Verify VRF configuration table = base_table for vrf in vrfs: - self.assertTrue(vrf in interfaces()) + self.assertTrue(interface_exists(vrf)) frrconfig = self.getFRRconfig(f'vrf {vrf}') self.assertIn(f' vni {table}', frrconfig) @@ -470,13 +470,39 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): # Verify VRF configuration table = base_table for vrf in vrfs: - self.assertTrue(vrf in interfaces()) + self.assertTrue(interface_exists(vrf)) frrconfig = self.getFRRconfig(f'vrf {vrf}') self.assertIn(f' vni {table}', frrconfig) # Increment table ID for the next run table = str(int(table) + 2) + + # add a new VRF with VNI - this must not delete any existing VRF/VNI + purple = 'purple' + table = str(int(table) + 10) + self.cli_set(base_path + ['name', purple, 'table', table]) + self.cli_set(base_path + ['name', purple, 'vni', table]) + + # commit changes + self.cli_commit() + + # Verify VRF configuration + table = base_table + for vrf in vrfs: + self.assertTrue(interface_exists(vrf)) + + frrconfig = self.getFRRconfig(f'vrf {vrf}') + self.assertIn(f' vni {table}', frrconfig) + # Increment table ID for the next run + table = str(int(table) + 2) + + # Verify purple VRF/VNI + self.assertTrue(interface_exists(purple)) + table = str(int(table) + 10) + frrconfig = self.getFRRconfig(f'vrf {purple}') + self.assertIn(f' vni {table}', frrconfig) + # Now delete all the VNIs for vrf in vrfs: base = base_path + ['name', vrf] @@ -487,11 +513,16 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): # Verify no VNI is defined for vrf in vrfs: - self.assertTrue(vrf in interfaces()) + self.assertTrue(interface_exists(vrf)) frrconfig = self.getFRRconfig(f'vrf {vrf}') self.assertNotIn('vni', frrconfig) + # Verify purple VNI remains + self.assertTrue(interface_exists(purple)) + frrconfig = self.getFRRconfig(f'vrf {purple}') + self.assertIn(f' vni {table}', frrconfig) + def test_vrf_ip_ipv6_nht(self): table = '6910' diff --git a/smoketest/scripts/system/test_kernel_options.py b/smoketest/scripts/system/test_kernel_options.py index 0e3cbd0ed..18922d93d 100755 --- a/smoketest/scripts/system/test_kernel_options.py +++ b/smoketest/scripts/system/test_kernel_options.py @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2020-2023 VyOS maintainers and contributors +# Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,28 +14,38 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import gzip import re import os import platform import unittest -from vyos.utils.process import call -from vyos.utils.file import read_file - kernel = platform.release() -config = read_file(f'/boot/config-{kernel}') -CONFIG = '/proc/config.gz' class TestKernelModules(unittest.TestCase): """ VyOS makes use of a lot of Kernel drivers, modules and features. The required modules which are essential for VyOS should be tested that they are available in the Kernel that is run. """ + _config_data = None + + @classmethod + def setUpClass(cls): + import gzip + from vyos.utils.process import call + + super(TestKernelModules, cls).setUpClass() + CONFIG = '/proc/config.gz' + + if not os.path.isfile(CONFIG): + call('sudo modprobe configs') + + with gzip.open(CONFIG, 'rt') as f: + cls._config_data = f.read() + def test_bond_interface(self): # The bond/lacp interface must be enabled in the OS Kernel for option in ['CONFIG_BONDING']: - tmp = re.findall(f'{option}=(y|m)', config) + tmp = re.findall(f'{option}=(y|m)', self._config_data) self.assertTrue(tmp) def test_bridge_interface(self): @@ -43,7 +53,7 @@ class TestKernelModules(unittest.TestCase): for option in ['CONFIG_BRIDGE', 'CONFIG_BRIDGE_IGMP_SNOOPING', 'CONFIG_BRIDGE_VLAN_FILTERING']: - tmp = re.findall(f'{option}=(y|m)', config) + tmp = re.findall(f'{option}=(y|m)', self._config_data) self.assertTrue(tmp) def test_dropmon_enabled(self): @@ -53,47 +63,53 @@ class TestKernelModules(unittest.TestCase): 'CONFIG_BPF_EVENTS=y', 'CONFIG_TRACEPOINTS=y' ] - if not os.path.isfile(CONFIG): - call('sudo modprobe configs') - with gzip.open(CONFIG, 'rt') as f: - config_data = f.read() for option in options_to_check: - self.assertIn(option, config_data, - f"Option {option} is not present in /proc/config.gz") + self.assertIn(option, self._config_data) def test_synproxy_enabled(self): options_to_check = [ 'CONFIG_NFT_SYNPROXY', 'CONFIG_IP_NF_TARGET_SYNPROXY' ] - if not os.path.isfile(CONFIG): - call('sudo modprobe configs') - with gzip.open(CONFIG, 'rt') as f: - config_data = f.read() for option in options_to_check: - tmp = re.findall(f'{option}=(y|m)', config_data) + tmp = re.findall(f'{option}=(y|m)', self._config_data) self.assertTrue(tmp) def test_qemu_support(self): - for option in ['CONFIG_VIRTIO_BLK', 'CONFIG_SCSI_VIRTIO', - 'CONFIG_VIRTIO_NET', 'CONFIG_VIRTIO_CONSOLE', - 'CONFIG_VIRTIO', 'CONFIG_VIRTIO_PCI', - 'CONFIG_VIRTIO_BALLOON', 'CONFIG_CRYPTO_DEV_VIRTIO', - 'CONFIG_X86_PLATFORM_DEVICES']: - tmp = re.findall(f'{option}=(y|m)', config) + options_to_check = [ + 'CONFIG_VIRTIO_BLK', 'CONFIG_SCSI_VIRTIO', + 'CONFIG_VIRTIO_NET', 'CONFIG_VIRTIO_CONSOLE', + 'CONFIG_VIRTIO', 'CONFIG_VIRTIO_PCI', + 'CONFIG_VIRTIO_BALLOON', 'CONFIG_CRYPTO_DEV_VIRTIO', + 'CONFIG_X86_PLATFORM_DEVICES' + ] + for option in options_to_check: + tmp = re.findall(f'{option}=(y|m)', self._config_data) self.assertTrue(tmp) def test_vmware_support(self): for option in ['CONFIG_VMXNET3']: - tmp = re.findall(f'{option}=(y|m)', config) + tmp = re.findall(f'{option}=(y|m)', self._config_data) self.assertTrue(tmp) def test_container_cgroup_support(self): - for option in ['CONFIG_CGROUPS', 'CONFIG_MEMCG', 'CONFIG_CGROUP_PIDS', 'CONFIG_CGROUP_BPF']: - tmp = re.findall(f'{option}=(y|m)', config) + options_to_check = [ + 'CONFIG_CGROUPS', 'CONFIG_MEMCG', + 'CONFIG_CGROUP_PIDS', 'CONFIG_CGROUP_BPF' + ] + for option in options_to_check: + tmp = re.findall(f'{option}=(y|m)', self._config_data) + self.assertTrue(tmp) + + def test_ip_routing_support(self): + options_to_check = [ + 'CONFIG_IP_ADVANCED_ROUTER', 'CONFIG_IP_MULTIPLE_TABLES', + 'CONFIG_IP_ROUTE_MULTIPATH' + ] + for option in options_to_check: + tmp = re.findall(f'{option}=(y|m)', self._config_data) self.assertTrue(tmp) if __name__ == '__main__': unittest.main(verbosity=2) - |