summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest')
-rw-r--r--smoketest/configs/bgp-small-internet-exchange270
-rwxr-xr-xsmoketest/scripts/cli/test_policy.py681
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_bgp.py2
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_ospf.py4
-rwxr-xr-xsmoketest/scripts/cli/test_protocols_rip.py2
5 files changed, 955 insertions, 4 deletions
diff --git a/smoketest/configs/bgp-small-internet-exchange b/smoketest/configs/bgp-small-internet-exchange
index de6213b50..d51f87c4a 100644
--- a/smoketest/configs/bgp-small-internet-exchange
+++ b/smoketest/configs/bgp-small-internet-exchange
@@ -11,6 +11,100 @@ interfaces {
}
}
policy {
+ as-path-list bogon-asns {
+ rule 10 {
+ action permit
+ description "RFC 7607"
+ regex _0_
+ }
+ rule 20 {
+ action permit
+ description "RFC 4893"
+ regex _23456_
+ }
+ rule 30 {
+ action permit
+ description "RFC 5398/6996/7300"
+ regex _6449[6-9]_|_65[0-4][0-9][0-9]_|_655[0-4][0-9]_|_6555[0-1]_
+ }
+ rule 40 {
+ action permit
+ description "IANA reserved"
+ regex _6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_
+ }
+ }
+ prefix-list bogon-v4 {
+ rule 10 {
+ action permit
+ le 32
+ prefix 0.0.0.0/8
+ }
+ rule 20 {
+ action permit
+ le 32
+ prefix 10.0.0.0/8
+ }
+ rule 30 {
+ action permit
+ le 32
+ prefix 100.64.0.0/10
+ }
+ rule 40 {
+ action permit
+ le 32
+ prefix 127.0.0.0/8
+ }
+ rule 50 {
+ action permit
+ le 32
+ prefix 169.254.0.0/16
+ }
+ rule 60 {
+ action permit
+ le 32
+ prefix 172.16.0.0/12
+ }
+ rule 70 {
+ action permit
+ le 32
+ prefix 192.0.2.0/24
+ }
+ rule 80 {
+ action permit
+ le 32
+ prefix 192.88.99.0/24
+ }
+ rule 90 {
+ action permit
+ le 32
+ prefix 192.168.0.0/16
+ }
+ rule 100 {
+ action permit
+ le 32
+ prefix 198.18.0.0/15
+ }
+ rule 110 {
+ action permit
+ le 32
+ prefix 198.51.100.0/24
+ }
+ rule 120 {
+ action permit
+ le 32
+ prefix 203.0.113.0/24
+ }
+ rule 130 {
+ action permit
+ le 32
+ prefix 224.0.0.0/4
+ }
+ rule 140 {
+ action permit
+ le 32
+ prefix 240.0.0.0/4
+ }
+ }
prefix-list IX-out-v4 {
rule 10 {
action permit
@@ -21,6 +115,88 @@ policy {
prefix 10.0.128.0/23
}
}
+ prefix-list prefix-filter-v4 {
+ rule 10 {
+ action permit
+ ge 25
+ prefix 0.0.0.0/0
+ }
+ }
+ prefix-list6 bogon-v6 {
+ rule 10 {
+ action permit
+ description "RFC 4291 IPv4-compatible, loopback, et al"
+ le 128
+ prefix ::/8
+ }
+ rule 20 {
+ action permit
+ description "RFC 6666 Discard-Only"
+ le 128
+ prefix 0100::/64
+ }
+ rule 30 {
+ action permit
+ description "RFC 5180 BMWG"
+ le 128
+ prefix 2001:2::/48
+ }
+ rule 40 {
+ action permit
+ description "RFC 4843 ORCHID"
+ le 128
+ prefix 2001:10::/28
+ }
+ rule 50 {
+ action permit
+ description "RFC 3849 documentation"
+ le 128
+ prefix 2001:db8::/32
+ }
+ rule 60 {
+ action permit
+ description "RFC 7526 6to4 anycast relay"
+ le 128
+ prefix 2002::/16
+ }
+ rule 70 {
+ action permit
+ description "RFC 3701 old 6bone"
+ le 128
+ prefix 3ffe::/16
+ }
+ rule 80 {
+ action permit
+ description "RFC 4193 unique local unicast"
+ le 128
+ prefix fc00::/7
+ }
+ rule 90 {
+ action permit
+ description "RFC 4291 link local unicast"
+ le 128
+ prefix fe80::/10
+ }
+ rule 100 {
+ action permit
+ description "RFC 3879 old site local unicast"
+ le 128
+ prefix fec0::/10
+ }
+ rule 110 {
+ action permit
+ description "RFC 4291 multicast"
+ le 128
+ prefix ff00::/8
+ }
+ }
+ prefix-list6 prefix-filter-v6 {
+ rule 10 {
+ action permit
+ ge 49
+ prefix ::/0
+ }
+ }
prefix-list6 IX-out-v6 {
rule 10 {
action permit
@@ -31,6 +207,88 @@ policy {
prefix 2001:db8:200::/40
}
}
+ route-map eBGP-IN-v4 {
+ rule 10 {
+ action deny
+ match {
+ as-path bogon-asns
+ }
+ }
+ rule 20 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list bogon-v4
+ }
+ }
+ }
+ }
+ rule 30 {
+ action deny
+ match {
+ ip {
+ address {
+ prefix-list prefix-filter-v4
+ }
+ }
+ }
+ }
+ rule 40 {
+ action permit
+ set {
+ local-preference 100
+ metric 0
+ }
+ }
+ }
+ route-map eBGP-IN-v6 {
+ rule 10 {
+ action deny
+ match {
+ as-path bogon-asns
+ }
+ }
+ rule 20 {
+ action deny
+ match {
+ ipv6 {
+ address {
+ prefix-list bogon-v6
+ }
+ }
+ }
+ }
+ rule 30 {
+ action deny
+ match {
+ ipv6 {
+ address {
+ prefix-list prefix-filter-v6
+ }
+ }
+ }
+ }
+ rule 40 {
+ action permit
+ set {
+ local-preference 100
+ metric 0
+ }
+ }
+ }
+ route-map IX-in-v4 {
+ rule 5 {
+ action permit
+ call eBGP-IN-v4
+ on-match {
+ next
+ }
+ }
+ rule 10 {
+ action permit
+ }
+ }
route-map IX-out-v4 {
rule 10 {
action permit
@@ -43,6 +301,18 @@ policy {
}
}
}
+ route-map IX-in-v6 {
+ rule 5 {
+ action permit
+ call eBGP-IN-v6
+ on-match {
+ next
+ }
+ }
+ rule 10 {
+ action permit
+ }
+ }
route-map IX-out-v6 {
rule 10 {
action permit
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py
new file mode 100755
index 000000000..8efbab7e5
--- /dev/null
+++ b/smoketest/scripts/cli/test_policy.py
@@ -0,0 +1,681 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2021 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import unittest
+
+from vyos.util import cmd
+from vyos.configsession import ConfigSession
+from vyos.configsession import ConfigSessionError
+
+base_path = ['policy']
+
+def getFRRconfig(section):
+ return cmd(f'vtysh -c "show run" | sed -n "/^{section}/,/^!/p"')
+
+class TestPolicy(unittest.TestCase):
+ def setUp(self):
+ self.session = ConfigSession(os.getpid())
+
+ def tearDown(self):
+ self.session.delete(base_path)
+ self.session.commit()
+ del self.session
+
+ def test_access_list(self):
+ acls = {
+ '50' : {
+ 'rule' : {
+ '5' : {
+ 'action' : 'permit',
+ 'source' : { 'any' : '' },
+ },
+ '10' : {
+ 'action' : 'deny',
+ 'source' : { 'host' : '1.2.3.4' },
+ },
+ },
+ },
+ '150' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'source' : { 'any' : '' },
+ 'destination' : { 'host' : '2.2.2.2' },
+ },
+ '10' : {
+ 'action' : 'deny',
+ 'source' : { 'any' : '' },
+ 'destination' : { 'any' : '' },
+ },
+ },
+ },
+ '2000' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'destination' : { 'any' : '' },
+ 'source' : { 'network' : '10.0.0.0', 'inverse-mask' : '0.255.255.255' },
+ },
+ '20' : {
+ 'action' : 'permit',
+ 'destination' : { 'any' : '' },
+ 'source' : { 'network' : '172.16.0.0', 'inverse-mask' : '0.15.255.255' },
+ },
+ '30' : {
+ 'action' : 'permit',
+ 'destination' : { 'any' : '' },
+ 'source' : { 'network' : '192.168.0.0', 'inverse-mask' : '0.0.255.255' },
+ },
+ '50' : {
+ 'action' : 'permit',
+ 'destination' : { 'network' : '172.16.0.0', 'inverse-mask' : '0.15.255.255' },
+ 'source' : { 'network' : '10.0.0.0', 'inverse-mask' : '0.255.255.255' },
+ },
+ '60' : {
+ 'action' : 'deny',
+ 'destination' : { 'network' : '192.168.0.0', 'inverse-mask' : '0.0.255.255' },
+ 'source' : { 'network' : '172.16.0.0', 'inverse-mask' : '0.15.255.255' },
+ },
+ '70' : {
+ 'action' : 'deny',
+ 'destination' : { 'any' : '' },
+ 'source' : { 'any' : '' },
+ },
+ },
+ },
+ }
+
+ for acl, acl_config in acls.items():
+ path = base_path + ['access-list', acl]
+ self.session.set(path + ['description', f'VyOS-ACL-{acl}'])
+ if 'rule' not in acl_config:
+ continue
+
+ for rule, rule_config in acl_config['rule'].items():
+ self.session.set(path + ['rule', rule, 'action', rule_config['action']])
+ for direction in ['source', 'destination']:
+ if direction in rule_config:
+ if 'any' in rule_config[direction]:
+ self.session.set(path + ['rule', rule, direction, 'any'])
+ if 'host' in rule_config[direction]:
+ self.session.set(path + ['rule', rule, direction, 'host', rule_config[direction]['host']])
+ if 'network' in rule_config[direction]:
+ self.session.set(path + ['rule', rule, direction, 'network', rule_config[direction]['network']])
+ self.session.set(path + ['rule', rule, direction, 'inverse-mask', rule_config[direction]['inverse-mask']])
+
+ self.session.commit()
+
+ config = getFRRconfig('access-list')
+ for acl, acl_config in acls.items():
+ seq = '5'
+ for rule, rule_config in acl_config['rule'].items():
+ tmp = f'access-list {acl} seq {seq}'
+ if rule_config['action'] == 'permit':
+ tmp += ' permit'
+ else:
+ tmp += ' deny'
+
+ if {'source', 'destination'} <= set(rule_config):
+ tmp += ' ip'
+
+ for direction in ['source', 'destination']:
+ if direction in rule_config:
+ if 'any' in rule_config[direction]:
+ tmp += ' any'
+ if 'host' in rule_config[direction]:
+ tmp += ' ' + rule_config[direction]['host']
+ if 'network' in rule_config[direction]:
+ tmp += ' ' + rule_config[direction]['network'] + ' ' + rule_config[direction]['inverse-mask']
+
+ self.assertIn(tmp, config)
+ seq = int(seq) + 5
+
+ def test_access_list6(self):
+ acls = {
+ '50' : {
+ 'rule' : {
+ '5' : {
+ 'action' : 'permit',
+ 'source' : { 'any' : '' },
+ },
+ '10' : {
+ 'action' : 'deny',
+ 'source' : { 'network' : '2001:db8:10::/48', 'exact-match' : '' },
+ },
+ '10' : {
+ 'action' : 'deny',
+ 'source' : { 'network' : '2001:db8:20::/48' },
+ },
+ },
+ },
+ '100' : {
+ 'rule' : {
+ '5' : {
+ 'action' : 'deny',
+ 'source' : { 'network' : '2001:db8:10::/64', 'exact-match' : '' },
+ },
+ '10' : {
+ 'action' : 'deny',
+ 'source' : { 'network' : '2001:db8:20::/64', },
+ },
+ '15' : {
+ 'action' : 'deny',
+ 'source' : { 'network' : '2001:db8:30::/64', 'exact-match' : '' },
+ },
+ '20' : {
+ 'action' : 'deny',
+ 'source' : { 'network' : '2001:db8:40::/64', 'exact-match' : '' },
+ },
+ '100' : {
+ 'action' : 'deny',
+ 'source' : { 'any' : '' },
+ },
+ },
+ },
+ }
+
+ for acl, acl_config in acls.items():
+ path = base_path + ['access-list6', acl]
+ self.session.set(path + ['description', f'VyOS-ACL-{acl}'])
+ if 'rule' not in acl_config:
+ continue
+
+ for rule, rule_config in acl_config['rule'].items():
+ self.session.set(path + ['rule', rule, 'action', rule_config['action']])
+ for direction in ['source', 'destination']:
+ if direction in rule_config:
+ if 'any' in rule_config[direction]:
+ self.session.set(path + ['rule', rule, direction, 'any'])
+ if 'network' in rule_config[direction]:
+ self.session.set(path + ['rule', rule, direction, 'network', rule_config[direction]['network']])
+ if 'exact-match' in rule_config[direction]:
+ self.session.set(path + ['rule', rule, direction, 'exact-match'])
+
+ self.session.commit()
+
+ config = getFRRconfig('ipv6 access-list')
+ for acl, acl_config in acls.items():
+ seq = '5'
+ for rule, rule_config in acl_config['rule'].items():
+ tmp = f'ipv6 access-list {acl} seq {seq}'
+ if rule_config['action'] == 'permit':
+ tmp += ' permit'
+ else:
+ tmp += ' deny'
+
+ if {'source', 'destination'} <= set(rule_config):
+ tmp += ' ip'
+
+ for direction in ['source', 'destination']:
+ if direction in rule_config:
+ if 'any' in rule_config[direction]:
+ tmp += ' any'
+ if 'network' in rule_config[direction]:
+ tmp += ' ' + rule_config[direction]['network']
+ if 'exact-match' in rule_config[direction]:
+ tmp += ' exact-match'
+
+ self.assertIn(tmp, config)
+ seq = int(seq) + 5
+
+
+ def test_as_path_list(self):
+ test_data = {
+ 'VyOS' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'regex' : '^44501 64502$',
+ },
+ '20' : {
+ 'action' : 'permit',
+ 'regex' : '44501|44502|44503',
+ },
+ '30' : {
+ 'action' : 'permit',
+ 'regex' : '^44501_([0-9]+_)+',
+ },
+ },
+ },
+ 'Customers' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'regex' : '_10_',
+ },
+ '20' : {
+ 'action' : 'permit',
+ 'regex' : '_20_',
+ },
+ '30' : {
+ 'action' : 'permit',
+ 'regex' : '_30_',
+ },
+ '30' : {
+ 'action' : 'deny',
+ 'regex' : '_40_',
+ },
+ },
+ },
+ 'bogons' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'regex' : '_0_',
+ },
+ '20' : {
+ 'action' : 'permit',
+ 'regex' : '_23456_',
+ },
+ '30' : {
+ 'action' : 'permit',
+ 'regex' : '_6449[6-9]_|_65[0-4][0-9][0-9]_|_655[0-4][0-9]_|_6555[0-1]_',
+ },
+ '30' : {
+ 'action' : 'permit',
+ 'regex' : '_6555[2-9]_|_655[6-9][0-9]_|_65[6-9][0-9][0-9]_|_6[6-9][0-9][0-9][0-]_|_[7-9][0-9][0-9][0-9][0-9]_|_1[0-2][0-9][0-9][0-9][0-9]_|_130[0-9][0-9][0-9]_|_1310[0-6][0-9]_|_13107[01]_',
+ },
+ },
+ },
+ }
+
+ for as_path, as_path_config in test_data.items():
+ path = base_path + ['as-path-list', as_path]
+ self.session.set(path + ['description', f'VyOS-ASPATH-{as_path}'])
+ if 'rule' not in as_path_config:
+ continue
+
+ for rule, rule_config in as_path_config['rule'].items():
+ if 'action' in rule_config:
+ self.session.set(path + ['rule', rule, 'action', rule_config['action']])
+ if 'regex' in rule_config:
+ self.session.set(path + ['rule', rule, 'regex', rule_config['regex']])
+
+ self.session.commit()
+
+ config = getFRRconfig('bgp as-path access-list')
+ for as_path, as_path_config in test_data.items():
+ if 'rule' not in as_path_config:
+ continue
+
+ for rule, rule_config in as_path_config['rule'].items():
+ tmp = f'bgp as-path access-list {as_path}'
+ if rule_config['action'] == 'permit':
+ tmp += ' permit'
+ else:
+ tmp += ' deny'
+
+ tmp += ' ' + rule_config['regex']
+
+ self.assertIn(tmp, config)
+
+ def test_community_list(self):
+ test_data = {
+ '100' : {
+ 'rule' : {
+ '4' : {
+ 'action' : 'permit',
+ 'regex' : '.*',
+ },
+ },
+ },
+ '200' : {
+ 'rule' : {
+ '1' : {
+ 'action' : 'deny',
+ 'regex' : '^1:201$',
+ },
+ '2' : {
+ 'action' : 'deny',
+ 'regex' : '1:101$',
+ },
+ '3' : {
+ 'action' : 'deny',
+ 'regex' : '^1:100$',
+ },
+ },
+ },
+ }
+
+ for comm_list, comm_list_config in test_data.items():
+ path = base_path + ['community-list', comm_list]
+ self.session.set(path + ['description', f'VyOS-COMM-{comm_list}'])
+ if 'rule' not in comm_list_config:
+ continue
+
+ for rule, rule_config in comm_list_config['rule'].items():
+ if 'action' in rule_config:
+ self.session.set(path + ['rule', rule, 'action', rule_config['action']])
+ if 'regex' in rule_config:
+ self.session.set(path + ['rule', rule, 'regex', rule_config['regex']])
+
+ self.session.commit()
+
+ config = getFRRconfig('bgp community-list')
+ for comm_list, comm_list_config in test_data.items():
+ if 'rule' not in comm_list_config:
+ continue
+
+ seq = '5'
+ for rule, rule_config in comm_list_config['rule'].items():
+ tmp = f'bgp community-list {comm_list} seq {seq}'
+ if rule_config['action'] == 'permit':
+ tmp += ' permit'
+ else:
+ tmp += ' deny'
+
+ tmp += ' ' + rule_config['regex']
+
+ self.assertIn(tmp, config)
+ seq = int(seq) + 5
+
+ def test_extended_community_list(self):
+ test_data = {
+ 'foo' : {
+ 'rule' : {
+ '4' : {
+ 'action' : 'permit',
+ 'regex' : '.*',
+ },
+ },
+ },
+ '200' : {
+ 'rule' : {
+ '1' : {
+ 'action' : 'deny',
+ 'regex' : '^1:201$',
+ },
+ '2' : {
+ 'action' : 'deny',
+ 'regex' : '1:101$',
+ },
+ '3' : {
+ 'action' : 'deny',
+ 'regex' : '^1:100$',
+ },
+ },
+ },
+ }
+
+ for comm_list, comm_list_config in test_data.items():
+ path = base_path + ['extcommunity-list', comm_list]
+ self.session.set(path + ['description', f'VyOS-EXTCOMM-{comm_list}'])
+ if 'rule' not in comm_list_config:
+ continue
+
+ for rule, rule_config in comm_list_config['rule'].items():
+ if 'action' in rule_config:
+ self.session.set(path + ['rule', rule, 'action', rule_config['action']])
+ if 'regex' in rule_config:
+ self.session.set(path + ['rule', rule, 'regex', rule_config['regex']])
+
+ self.session.commit()
+
+ config = getFRRconfig('bgp extcommunity-list')
+ for comm_list, comm_list_config in test_data.items():
+ if 'rule' not in comm_list_config:
+ continue
+
+ seq = '5'
+ for rule, rule_config in comm_list_config['rule'].items():
+ # if the community is not a number but a name, the expanded
+ # keyword is used
+ expanded = ''
+ if not comm_list.isnumeric():
+ expanded = ' expanded'
+ tmp = f'bgp extcommunity-list{expanded} {comm_list} seq {seq}'
+
+ if rule_config['action'] == 'permit':
+ tmp += ' permit'
+ else:
+ tmp += ' deny'
+
+ tmp += ' ' + rule_config['regex']
+
+ self.assertIn(tmp, config)
+ seq = int(seq) + 5
+
+
+ def test_large_community_list(self):
+ test_data = {
+ 'foo' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'regex' : '667:123:100',
+ },
+ },
+ },
+ 'bar' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'regex' : '65000:120:10',
+ },
+ '20' : {
+ 'action' : 'permit',
+ 'regex' : '65000:120:20',
+ },
+ '30' : {
+ 'action' : 'permit',
+ 'regex' : '65000:120:30',
+ },
+ },
+ },
+ }
+
+ for comm_list, comm_list_config in test_data.items():
+ path = base_path + ['large-community-list', comm_list]
+ self.session.set(path + ['description', f'VyOS-LARGECOMM-{comm_list}'])
+ if 'rule' not in comm_list_config:
+ continue
+
+ for rule, rule_config in comm_list_config['rule'].items():
+ if 'action' in rule_config:
+ self.session.set(path + ['rule', rule, 'action', rule_config['action']])
+ if 'regex' in rule_config:
+ self.session.set(path + ['rule', rule, 'regex', rule_config['regex']])
+
+ self.session.commit()
+
+ config = getFRRconfig('bgp large-community-list')
+ for comm_list, comm_list_config in test_data.items():
+ if 'rule' not in comm_list_config:
+ continue
+
+ seq = '5'
+ for rule, rule_config in comm_list_config['rule'].items():
+ tmp = f'bgp large-community-list expanded {comm_list} seq {seq}'
+
+ if rule_config['action'] == 'permit':
+ tmp += ' permit'
+ else:
+ tmp += ' deny'
+
+ tmp += ' ' + rule_config['regex']
+
+ self.assertIn(tmp, config)
+ seq = int(seq) + 5
+
+
+ def test_prefix_list(self):
+ test_data = {
+ 'foo' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'prefix' : '10.0.0.0/8',
+ 'ge' : '16',
+ 'le' : '24',
+ },
+ '20' : {
+ 'action' : 'deny',
+ 'prefix' : '172.16.0.0/12',
+ 'ge' : '16',
+ },
+ '30' : {
+ 'action' : 'permit',
+ 'prefix' : '192.168.0.0/16',
+ },
+ },
+ },
+ 'bar' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'prefix' : '10.0.10.0/24',
+ 'ge' : '25',
+ 'le' : '26',
+ },
+ '20' : {
+ 'action' : 'deny',
+ 'prefix' : '10.0.20.0/24',
+ 'le' : '25',
+ },
+ '25' : {
+ 'action' : 'permit',
+ 'prefix' : '10.0.25.0/24',
+ },
+ },
+ },
+ }
+
+ for prefix_list, prefix_list_config in test_data.items():
+ path = base_path + ['prefix-list', prefix_list]
+ self.session.set(path + ['description', f'VyOS-PFX-LIST-{prefix_list}'])
+ if 'rule' not in prefix_list_config:
+ continue
+
+ for rule, rule_config in prefix_list_config['rule'].items():
+ if 'action' in rule_config:
+ self.session.set(path + ['rule', rule, 'action', rule_config['action']])
+ if 'prefix' in rule_config:
+ self.session.set(path + ['rule', rule, 'prefix', rule_config['prefix']])
+ if 'ge' in rule_config:
+ self.session.set(path + ['rule', rule, 'ge', rule_config['ge']])
+ if 'le' in rule_config:
+ self.session.set(path + ['rule', rule, 'le', rule_config['le']])
+
+ self.session.commit()
+
+ config = getFRRconfig('ip prefix-list')
+ for prefix_list, prefix_list_config in test_data.items():
+ if 'rule' not in prefix_list_config:
+ continue
+
+ for rule, rule_config in prefix_list_config['rule'].items():
+ tmp = f'ip prefix-list {prefix_list} seq {rule}'
+
+ if rule_config['action'] == 'permit':
+ tmp += ' permit'
+ else:
+ tmp += ' deny'
+
+ tmp += ' ' + rule_config['prefix']
+
+ if 'ge' in rule_config:
+ tmp += ' ge ' + rule_config['ge']
+ if 'le' in rule_config:
+ tmp += ' le ' + rule_config['le']
+
+ self.assertIn(tmp, config)
+
+
+ def test_prefix_list6(self):
+ test_data = {
+ 'foo' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'prefix' : '2001:db8::/32',
+ 'ge' : '40',
+ 'le' : '48',
+ },
+ '20' : {
+ 'action' : 'deny',
+ 'prefix' : '2001:db8::/32',
+ 'ge' : '48',
+ },
+ '30' : {
+ 'action' : 'permit',
+ 'prefix' : '2001:db8:1000::/64',
+ },
+ },
+ },
+ 'bar' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'prefix' : '2001:db8:100::/40',
+ 'ge' : '48',
+ },
+ '20' : {
+ 'action' : 'permit',
+ 'prefix' : '2001:db8:200::/40',
+ 'ge' : '48',
+ },
+ '25' : {
+ 'action' : 'deny',
+ 'prefix' : '2001:db8:300::/40',
+ 'le' : '64',
+ },
+ },
+ },
+ }
+
+ for prefix_list, prefix_list_config in test_data.items():
+ path = base_path + ['prefix-list6', prefix_list]
+ self.session.set(path + ['description', f'VyOS-PFX-LIST-{prefix_list}'])
+ if 'rule' not in prefix_list_config:
+ continue
+
+ for rule, rule_config in prefix_list_config['rule'].items():
+ if 'action' in rule_config:
+ self.session.set(path + ['rule', rule, 'action', rule_config['action']])
+ if 'prefix' in rule_config:
+ self.session.set(path + ['rule', rule, 'prefix', rule_config['prefix']])
+ if 'ge' in rule_config:
+ self.session.set(path + ['rule', rule, 'ge', rule_config['ge']])
+ if 'le' in rule_config:
+ self.session.set(path + ['rule', rule, 'le', rule_config['le']])
+
+ self.session.commit()
+
+ config = getFRRconfig('ipv6 prefix-list')
+ for prefix_list, prefix_list_config in test_data.items():
+ if 'rule' not in prefix_list_config:
+ continue
+
+ for rule, rule_config in prefix_list_config['rule'].items():
+ tmp = f'ipv6 prefix-list {prefix_list} seq {rule}'
+
+ if rule_config['action'] == 'permit':
+ tmp += ' permit'
+ else:
+ tmp += ' deny'
+
+ tmp += ' ' + rule_config['prefix']
+
+ if 'ge' in rule_config:
+ tmp += ' ge ' + rule_config['ge']
+ if 'le' in rule_config:
+ tmp += ' le ' + rule_config['le']
+
+ self.assertIn(tmp, config)
+
+if __name__ == '__main__':
+ unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py
index f8c1f6a57..607dfc116 100755
--- a/smoketest/scripts/cli/test_protocols_bgp.py
+++ b/smoketest/scripts/cli/test_protocols_bgp.py
@@ -390,7 +390,7 @@ class TestProtocolsBGP(unittest.TestCase):
}
# We want to redistribute ...
- redistributes = ['connected', 'kernel', 'ospf', 'rip', 'static']
+ redistributes = ['connected', 'isis', 'kernel', 'ospf', 'rip', 'static']
for redistribute in redistributes:
self.session.set(base_path + ['address-family', 'ipv4-unicast',
'redistribute', redistribute])
diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py
index ce30f6a7d..0ca8bb3bd 100755
--- a/smoketest/scripts/cli/test_protocols_ospf.py
+++ b/smoketest/scripts/cli/test_protocols_ospf.py
@@ -88,7 +88,7 @@ class TestProtocolsOSPF(unittest.TestCase):
def test_ospf_03_access_list(self):
acl = '100'
seq = '10'
- protocols = ['bgp', 'connected', 'kernel', 'rip', 'static']
+ protocols = ['bgp', 'connected', 'isis', 'kernel', 'rip', 'static']
self.session.set(['policy', 'access-list', acl, 'rule', seq, 'action', 'permit'])
self.session.set(['policy', 'access-list', acl, 'rule', seq, 'source', 'any'])
@@ -215,7 +215,7 @@ class TestProtocolsOSPF(unittest.TestCase):
def test_ospf_08_redistribute(self):
metric = '15'
metric_type = '1'
- redistribute = ['bgp', 'connected', 'kernel', 'rip', 'static']
+ redistribute = ['bgp', 'connected', 'isis', 'kernel', 'rip', 'static']
for protocol in redistribute:
self.session.set(base_path + ['redistribute', protocol, 'metric', metric])
diff --git a/smoketest/scripts/cli/test_protocols_rip.py b/smoketest/scripts/cli/test_protocols_rip.py
index 2c5c9030a..f42ea0c0a 100755
--- a/smoketest/scripts/cli/test_protocols_rip.py
+++ b/smoketest/scripts/cli/test_protocols_rip.py
@@ -71,7 +71,7 @@ class TestProtocolsRIP(unittest.TestCase):
interfaces = Section.interfaces('ethernet')
neighbors = ['1.2.3.4', '1.2.3.5', '1.2.3.6']
networks = ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']
- redistribute = ['bgp', 'connected', 'kernel', 'ospf', 'static']
+ redistribute = ['bgp', 'connected', 'isis', 'kernel', 'ospf', 'static']
timer_garbage = '888'
timer_timeout = '1000'
timer_update = '90'