7 files changed, 293 insertions, 107 deletions

diff --git a/smoketest/config-tests/basic-vyos-no-ntp b/smoketest/config-tests/basic-vyos-no-ntp
new file mode 100644
index 000000000..a18260108
--- /dev/null
+++ b/smoketest/config-tests/basic-vyos-no-ntp
@@ -0,0 +1,53 @@
+set interfaces dummy dum0 address '172.18.254.203/32'
+set interfaces ethernet eth0 duplex 'auto'
+set interfaces ethernet eth0 offload gro
+set interfaces ethernet eth0 offload gso
+set interfaces ethernet eth0 offload sg
+set interfaces ethernet eth0 offload tso
+set interfaces ethernet eth0 speed 'auto'
+set interfaces ethernet eth0 vif 203 address '172.18.203.10/24'
+set interfaces ethernet eth1 duplex 'auto'
+set interfaces ethernet eth1 offload gro
+set interfaces ethernet eth1 offload gso
+set interfaces ethernet eth1 offload sg
+set interfaces ethernet eth1 offload tso
+set interfaces ethernet eth1 speed 'auto'
+set interfaces ethernet eth2 offload gro
+set interfaces ethernet eth2 offload gso
+set interfaces ethernet eth2 offload sg
+set interfaces ethernet eth2 offload tso
+set interfaces ethernet eth3 offload gro
+set interfaces ethernet eth3 offload gso
+set interfaces ethernet eth3 offload sg
+set interfaces ethernet eth3 offload tso
+set protocols ospf area 0 network '172.18.203.0/24'
+set protocols ospf area 0 network '172.18.254.203/32'
+set protocols ospf interface eth0.203 authentication md5 key-id 10 md5-key 'vyos'
+set protocols ospf interface eth0.203 dead-interval '40'
+set protocols ospf interface eth0.203 hello-interval '10'
+set protocols ospf interface eth0.203 passive disable
+set protocols ospf interface eth0.203 priority '1'
+set protocols ospf interface eth0.203 retransmit-interval '5'
+set protocols ospf interface eth0.203 transmit-delay '1'
+set protocols ospf log-adjacency-changes detail
+set protocols ospf parameters abr-type 'cisco'
+set protocols ospf parameters router-id '172.18.254.203'
+set protocols ospf passive-interface 'default'
+set protocols ospf redistribute connected metric-type '2'
+set system config-management commit-revisions '50'
+set system conntrack modules ftp
+set system conntrack modules h323
+set system conntrack modules nfs
+set system conntrack modules pptp
+set system conntrack modules sip
+set system conntrack modules sqlnet
+set system conntrack modules tftp
+set system console device ttyS0 speed '115200'
+set system domain-name 'vyos.ci.net'
+set system host-name 'no-ntp'
+set system login user vyos authentication encrypted-password '$6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0'
+set system login user vyos authentication plaintext-password ''
+set system name-server '172.16.254.30'
+set system syslog global facility all level 'debug'
+set system syslog global facility local7 level 'debug'
+set system time-zone 'Europe/Berlin'
diff --git a/smoketest/config-tests/bgp-big-as-cloud b/smoketest/config-tests/bgp-big-as-cloud
index 03efef868..d6c17b3d2 100644
--- a/smoketest/config-tests/bgp-big-as-cloud
+++ b/smoketest/config-tests/bgp-big-as-cloud
@@ -836,7 +836,6 @@ set system flow-accounting interface 'eth0.4089'
 set system flow-accounting netflow engine-id '1'
 set system flow-accounting netflow server 192.0.2.55 port '2055'
 set system flow-accounting netflow version '9'
-set system flow-accounting sflow server 1.2.3.4 port '1234'
 set system flow-accounting syslog-facility 'daemon'
 set system host-name 'vyos'
 set system login user vyos authentication encrypted-password '$6$2Ta6TWHd/U$NmrX0x9kexCimeOcYK1MfhMpITF9ELxHcaBU/znBq.X2ukQOj61fVI2UYP/xBzP4QtiTcdkgs7WOQMHWsRymO/'
@@ -845,6 +844,9 @@ set system name-server '2001:db8::1'
 set system name-server '2001:db8::2'
 set system name-server '192.0.2.1'
 set system name-server '192.0.2.2'
+set system sflow interface 'eth0.4088'
+set system sflow interface 'eth0.4089'
+set system sflow server 1.2.3.4 port '1234'
 set system syslog global facility all level 'all'
 set system syslog global preserve-fqdn
 set system time-zone 'Europe/Zurich'
diff --git a/smoketest/configs/basic-vyos-no-ntp b/smoketest/configs/basic-vyos-no-ntp
new file mode 100644
index 000000000..6fb8f384f
--- /dev/null
+++ b/smoketest/configs/basic-vyos-no-ntp
@@ -0,0 +1,132 @@
+interfaces {
+    dummy dum0 {
+        address 172.18.254.203/32
+    }
+    ethernet eth0 {
+        duplex auto
+        offload {
+            gro
+            gso
+            sg
+            tso
+        }
+        speed auto
+        vif 203 {
+            address 172.18.203.10/24
+            ip {
+                ospf {
+                    authentication {
+                        md5 {
+                            key-id 10 {
+                                md5-key vyos
+                            }
+                        }
+                    }
+                    dead-interval 40
+                    hello-interval 10
+                    priority 1
+                    retransmit-interval 5
+                    transmit-delay 1
+                }
+            }
+        }
+    }
+    ethernet eth1 {
+        duplex auto
+        offload {
+            gro
+            gso
+            sg
+            tso
+        }
+        speed auto
+    }
+    ethernet eth2 {
+        offload {
+            gro
+            gso
+            sg
+            tso
+        }
+    }
+    ethernet eth3 {
+        offload {
+            gro
+            gso
+            sg
+            tso
+        }
+    }
+}
+protocols {
+    ospf {
+        area 0 {
+            network 172.18.203.0/24
+            network 172.18.254.203/32
+        }
+        log-adjacency-changes {
+            detail
+        }
+        parameters {
+            abr-type cisco
+            router-id 172.18.254.203
+        }
+        passive-interface default
+        passive-interface-exclude eth0.203
+        redistribute {
+            connected {
+                metric-type 2
+            }
+        }
+    }
+}
+system {
+    config-management {
+        commit-revisions 50
+    }
+    conntrack {
+        modules {
+            ftp
+            h323
+            nfs
+            pptp
+            sip
+            sqlnet
+            tftp
+        }
+    }
+    domain-name vyos.ci.net
+    console {
+        device ttyS0 {
+            speed 115200
+        }
+    }
+    host-name no-ntp
+    login {
+        user vyos {
+            authentication {
+                encrypted-password $6$r/Yw/07NXNY$/ZB.Rjf9jxEV.BYoDyLdH.kH14rU52pOBtrX.4S34qlPt77chflCHvpTCq9a6huLzwaMR50rEICzA5GoIRZlM0
+                plaintext-password ""
+            }
+        }
+    }
+    name-server 172.16.254.30
+    ntp {
+    }
+    syslog {
+        global {
+            facility all {
+                level debug
+            }
+            facility protocols {
+                level debug
+            }
+        }
+    }
+    time-zone Europe/Berlin
+}
+
+
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:container@1:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@23:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3.8
diff --git a/smoketest/scripts/cli/test_service_monitoring_network_event.py b/smoketest/scripts/cli/test_service_monitoring_network_event.py
new file mode 100644
index 000000000..3c9b4bf7f
--- /dev/null
+++ b/smoketest/scripts/cli/test_service_monitoring_network_event.py
@@ -0,0 +1,65 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import unittest
+from base_vyostest_shim import VyOSUnitTestSHIM
+from vyos.utils.file import read_json
+
+
+base_path = ['service', 'monitoring', 'network-event']
+
+
+def get_logger_config():
+    return read_json('/run/vyos-network-event-logger.conf')
+
+
+class TestMonitoringNetworkEvent(VyOSUnitTestSHIM.TestCase):
+    @classmethod
+    def setUpClass(cls):
+        super(TestMonitoringNetworkEvent, cls).setUpClass()
+
+        # ensure we can also run this test on a live system - so lets clean
+        # out the current configuration :)
+        cls.cli_delete(cls, base_path)
+
+    def tearDown(self):
+        self.cli_delete(base_path)
+        self.cli_commit()
+
+    def test_network_event_log(self):
+        expected_config = {
+            'event': {
+                'route': {},
+                'link': {},
+                'addr': {},
+                'neigh': {},
+                'rule': {},
+            },
+            'queue_size': '10000'
+        }
+
+        self.cli_set(base_path + ['event', 'route'])
+        self.cli_set(base_path + ['event', 'link'])
+        self.cli_set(base_path + ['event', 'addr'])
+        self.cli_set(base_path + ['event', 'neigh'])
+        self.cli_set(base_path + ['event', 'rule'])
+        self.cli_set(base_path + ['queue-size', '10000'])
+        self.cli_commit()
+        self.assertEqual(expected_config, get_logger_config())
+
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_system_flow-accounting.py b/smoketest/scripts/cli/test_system_flow-accounting.py
index 515134220..9d7942789 100755
--- a/smoketest/scripts/cli/test_system_flow-accounting.py
+++ b/smoketest/scripts/cli/test_system_flow-accounting.py
@@ -97,111 +97,6 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
         self.assertIn(f'syslog: {syslog}', uacctd)
         self.assertIn(f'plugins: memory', uacctd)
 
-    def test_sflow(self):
-        sampling_rate = '4000'
-        source_address = '192.0.2.1'
-        dummy_if = 'dum3841'
-        agent_address = '192.0.2.2'
-
-        sflow_server = {
-            '1.2.3.4' : { },
-            '5.6.7.8' : { 'port' : '6000' },
-        }
-
-        self.cli_set(['interfaces', 'dummy', dummy_if, 'address', agent_address + '/32'])
-        self.cli_set(['interfaces', 'dummy', dummy_if, 'address', source_address + '/32'])
-        self.cli_set(base_path + ['disable-imt'])
-
-        # You need to configure at least one interface for flow-accounting
-        with self.assertRaises(ConfigSessionError):
-            self.cli_commit()
-        for interface in Section.interfaces('ethernet'):
-            self.cli_set(base_path + ['interface', interface])
-
-
-        # You need to configure at least one sFlow or NetFlow protocol, or not
-        # set "disable-imt" for flow-accounting
-        with self.assertRaises(ConfigSessionError):
-            self.cli_commit()
-
-        self.cli_set(base_path + ['sflow', 'agent-address', agent_address])
-        self.cli_set(base_path + ['sflow', 'sampling-rate', sampling_rate])
-        self.cli_set(base_path + ['sflow', 'source-address', source_address])
-        for server, server_config in sflow_server.items():
-            self.cli_set(base_path + ['sflow', 'server', server])
-            if 'port' in server_config:
-                self.cli_set(base_path + ['sflow', 'server', server, 'port', server_config['port']])
-
-        # commit changes
-        self.cli_commit()
-
-        uacctd = read_file(uacctd_conf)
-
-        # when 'disable-imt' is not configured on the CLI it must be present
-        self.assertNotIn(f'imt_path: /tmp/uacctd.pipe', uacctd)
-        self.assertNotIn(f'imt_mem_pools_number: 169', uacctd)
-        self.assertNotIn(f'plugins: memory', uacctd)
-
-        for server, server_config in sflow_server.items():
-            plugin_name = server.replace('.', '-')
-            if 'port' in server_config:
-                self.assertIn(f'sfprobe_receiver[sf_{plugin_name}]: {server}', uacctd)
-            else:
-                self.assertIn(f'sfprobe_receiver[sf_{plugin_name}]: {server}:6343', uacctd)
-
-            self.assertIn(f'sfprobe_agentip[sf_{plugin_name}]: {agent_address}', uacctd)
-            self.assertIn(f'sampling_rate[sf_{plugin_name}]: {sampling_rate}', uacctd)
-            self.assertIn(f'sfprobe_source_ip[sf_{plugin_name}]: {source_address}', uacctd)
-
-        self.cli_delete(['interfaces', 'dummy', dummy_if])
-
-    def test_sflow_ipv6(self):
-        sampling_rate = '100'
-        sflow_server = {
-            '2001:db8::1' : { },
-            '2001:db8::2' : { 'port' : '6000' },
-        }
-
-        self.cli_set(base_path + ['disable-imt'])
-
-        # You need to configure at least one interface for flow-accounting
-        with self.assertRaises(ConfigSessionError):
-            self.cli_commit()
-        for interface in Section.interfaces('ethernet'):
-            self.cli_set(base_path + ['interface', interface])
-
-
-        # You need to configure at least one sFlow or NetFlow protocol, or not
-        # set "disable-imt" for flow-accounting
-        with self.assertRaises(ConfigSessionError):
-            self.cli_commit()
-
-        self.cli_set(base_path + ['sflow', 'sampling-rate', sampling_rate])
-        for server, server_config in sflow_server.items():
-            self.cli_set(base_path + ['sflow', 'server', server])
-            if 'port' in server_config:
-                self.cli_set(base_path + ['sflow', 'server', server, 'port', server_config['port']])
-
-        # commit changes
-        self.cli_commit()
-
-        uacctd = read_file(uacctd_conf)
-
-        # when 'disable-imt' is not configured on the CLI it must be present
-        self.assertNotIn(f'imt_path: /tmp/uacctd.pipe', uacctd)
-        self.assertNotIn(f'imt_mem_pools_number: 169', uacctd)
-        self.assertNotIn(f'plugins: memory', uacctd)
-
-        for server, server_config in sflow_server.items():
-            tmp_srv = server
-            tmp_srv = tmp_srv.replace(':', '-')
-
-            if 'port' in server_config:
-                self.assertIn(f'sfprobe_receiver[sf_{tmp_srv}]: {bracketize_ipv6(server)}', uacctd)
-            else:
-                self.assertIn(f'sfprobe_receiver[sf_{tmp_srv}]: {bracketize_ipv6(server)}:6343', uacctd)
-            self.assertIn(f'sampling_rate[sf_{tmp_srv}]: {sampling_rate}', uacctd)
-
     def test_netflow(self):
         engine_id = '33'
         max_flows = '667'
@@ -288,8 +183,8 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
 
             self.assertIn(f'nfprobe_timeouts[nf_{tmp_srv}]: expint={tmo_expiry}:general={tmo_flow}:icmp={tmo_icmp}:maxlife={tmo_max}:tcp.fin={tmo_tcp_fin}:tcp={tmo_tcp_generic}:tcp.rst={tmo_tcp_rst}:udp={tmo_udp}', uacctd)
 
-
         self.cli_delete(['interfaces', 'dummy', dummy_if])
 
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_system_sflow.py b/smoketest/scripts/cli/test_system_sflow.py
index 74c065473..700253e2b 100755
--- a/smoketest/scripts/cli/test_system_sflow.py
+++ b/smoketest/scripts/cli/test_system_sflow.py
@@ -96,6 +96,39 @@ class TestSystemFlowAccounting(VyOSUnitTestSHIM.TestCase):
         for interface in Section.interfaces('ethernet'):
             self.assertIn(f'pcap {{ dev={interface} }}', hsflowd)
 
+    def test_sflow_ipv6(self):
+        sampling_rate = '100'
+        default_polling = '30'
+        default_port = '6343'
+        sflow_server = {
+            '2001:db8::1': {},
+            '2001:db8::2': {'port': '8023'},
+        }
+
+        for interface in Section.interfaces('ethernet'):
+            self.cli_set(base_path + ['interface', interface])
+
+        self.cli_set(base_path + ['sampling-rate', sampling_rate])
+        for server, server_config in sflow_server.items():
+            self.cli_set(base_path + ['server', server])
+            if 'port' in server_config:
+                self.cli_set(base_path + ['server', server, 'port', server_config['port']])
+
+        # commit changes
+        self.cli_commit()
+
+        # verify configuration
+        hsflowd = read_file(hsflowd_conf)
+
+        self.assertIn(f'sampling={sampling_rate}', hsflowd)
+        self.assertIn(f'polling={default_polling}', hsflowd)
+
+        for server, server_config in sflow_server.items():
+            if 'port' in server_config:
+                self.assertIn(f'collector {{ ip = {server} udpport = {server_config["port"]} }}', hsflowd)
+            else:
+                self.assertIn(f'collector {{ ip = {server} udpport = {default_port} }}', hsflowd)
+
     def test_vrf(self):
         interface = 'eth0'
         server = '192.0.2.1'
diff --git a/smoketest/scripts/system/test_kernel_options.py b/smoketest/scripts/system/test_kernel_options.py
index 700e4cec7..b51b0be1d 100755
--- a/smoketest/scripts/system/test_kernel_options.py
+++ b/smoketest/scripts/system/test_kernel_options.py
@@ -128,5 +128,11 @@ class TestKernelModules(unittest.TestCase):
             tmp = re.findall(f'{option}=(y|m)', self._config_data)
             self.assertTrue(tmp)
 
+    def test_psample_enabled(self):
+        # Psample must be enabled in the OS Kernel to enable egress flow for hsflowd
+        for option in ['CONFIG_PSAMPLE']:
+            tmp = re.findall(f'{option}=y', self._config_data)
+            self.assertTrue(tmp)
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)