summaryrefslogtreecommitdiff
path: root/smoketest/scripts/cli
AgeCommit message (Collapse)Author
2025-08-11bond: T7571: fix inconsistent MAC address behaviourChristian Breunig
After upgrading from VyOS 1.3 to 1.4, there is an inconsistent behavior with MAC address assignment on bonded interfaces. In VyOS 1.3, bond interfaces used a hardware MAC address from one of the member interfaces. In 1.4, a synthetic MAC is used by default - generated by the Linux Kernel. Oddly, setting mode 802.3ad (which is also the default) temporarily causes the hardware MAC to be used again - until a reboot, after which the synthetic MAC returns. Deleting the mode config again causes the hardware MAC to be used. This inconsistent behavior has caused issues with MAC-based filtering in networks. The fix is to retrive the hardware MAC address from the first bond member interface and use set it explicitly for the bond interface.
2025-08-07T7697: Remove year from copyrightViacheslav
2025-08-07T7697: Merge remote-tracking branch 'vpp/current' into vyos-1xViacheslav
2025-08-05Merge pull request #4643 from MattKobayashi/T7685Daniil Baturin
T7685: load-balancing: fix rules with multiple ports
2025-08-04T7685: load-balancing: fix rules with multiple portsMatthew Kobayashi
2025-08-02conntrack: T7482: Fix custom timeoutsRyan Zuwala
Fix custom conntrack timeout rules and add smoketests
2025-08-02smoketest: T7676: improve dhcp-server smoketest logic reliabilitycblackburn-igl
Improve smoketest reliability by preventing false failures and making errors more informative.
2025-07-31VPP: T7175: Add sFlow conf mode CLI and startup template (#32)KyleM
* VPP: T7175 Added conf mode CLI for VPP sflow plugin and updated VPP template to include plugin. * VPP: T7175: Conf mode CLI and startup template. * T7175: VPP fix sFlow verify use vpp enstead of enable_vpp * T7175: VPP add sFlow smoketest * T7175: VPP remove unused config_changed variable --------- Co-authored-by: Viacheslav <v.gletenko@vyos.io>
2025-07-31T7667: Fix smoketest IPsec DPD tests (#4633)Alex Kudentsov
* T7667: Smoke test cli/test_vpn_ipsec.py typo makes DPD check always pass * Update smoketest/scripts/cli/test_vpn_ipsec.py Co-authored-by: Alexandr K. <alexandrk95@gmail.com> --------- Co-authored-by: Daniil Baturin <daniil@baturin.org> Co-authored-by: Alexandr K. <alexandrk95@gmail.com>
2025-07-28isis: T7639: add SRv6 locator supportfett0
2025-07-28ipsec: T7593: Add dynamic prefix for local and remote traffic selectorsOleksandr Kuchmystyi
In case when there is no local/remote prefix configured in a tunnel settings, a protocol configured for such tunnel is ignored. The correct way to generate the configuration is to set the prefix to `dynamic` if it was not set. The correct config for the described case is: ``` local_ts = dynamic[gre/] remote_ts = dynamic[gre/] ```
2025-07-28ipsec: T7581: Fix unsupported 'all' protocol in site-to-site tunnels after ↵Oleksandr Kuchmystyi
upgrade to 1.4.x Upgrading from VyOS 1.3.8 (strongSwan 5.7.2) to 1.4.x (strongSwan 5.9.11) caused the IPsec service to fail if the configuration contained: ``` set vpn ipsec site-to-site peer <peer> tunnel <id> protocol 'all' ``` In 1.3.8, 'all' was supported in the CLI for protocol and converted internally to '%any' in ipsec.conf traffic selectors, allowing the tunnel to match all protocols. However, in 1.4.x and strongSwan 5.9.11+, the '[all/]' syntax is no longer supported, and use of 'protocol all' produces an invalid traffic selector (e.g., 'x.x.x.0/24[all/]'), causing the strongSwan service to fail on reload. This fix ensures that 'protocol all' is converted to just the subnet notation (e.g., 'x.x.x.0/24') in the generated traffic selector, restoring previous behavior and allowing seamless service startup after upgrade.
2025-07-22Merge pull request #4601 from aapostoliuk/T7504-currentDaniil Baturin
ipsec: T7504: Added IKEv2 retransmission options
2025-07-18ipsec: T7504: Added IKEv2 retransmission optionsaapostoliuk
Added IKEv2 retransmission options (base, tries, timeout).
2025-07-15T7625: smoketest: test limit config separatelyMatthew Kobayashi
2025-07-13Merge pull request #4598 from nobidev/features/add-test-route-static-dhcpViacheslav Hletenko
T7623: Add test route static dhcp in VRF
2025-07-13T7623: smoketest: Add test dhcp default route for VRFNobi
2025-07-12Merge pull request #4597 from nobidev/features/fix-typingChristian Breunig
T7624: smoketest: Fix typing QEMU in test_protocols_static.py
2025-07-10smoketest: Fix typing QEMU in test_protocols_static.pyNobi
2025-07-08T7611: VPP Rewrite check for CPUs and memory (#44)Nataliia S.
2025-07-08Merge pull request #4592 from abhisheksafui/T7584_wan_lb_default_snatDaniil Baturin
wan-load-balancing: T7584: Default SNAT behaviour fixed to effect loa…
2025-07-05wan-load-balancing: T7584: Default SNAT behaviour fixed to effect load ↵Abhishek Safui
balanced packets only Updated smoketest to match the updated nftable rule
2025-07-03Merge pull request #4585 from c-po/copyright-noticeDaniil Baturin
T7591: remove copyright years from source files
2025-06-30firewall: T7452: update rule generation for Zone-based firewallDavid Vølker
2025-06-29T7589: Add no-split-gso and ack-filter for CAKEfactor2431
2025-06-28T7591: remove copyright years from source filesChristian Breunig
The legal team says years are not necessary so we can go ahead with it, since it will simplify backporting. Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \ 's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g' In addition we will error-out during "make" if someone re-adds a legacy copyright notice
2025-06-24T7424: Refactor resource validation and broaden cases (#38)Nataliia S.
* T7424: Refactor and extend resource usage verification on commit for VPP CLI T7424: Fix ruff errors * T7424: Implement check for smoke tests runtime; reduce resource requirements for test environments T7424: Fix errors in calculating the skipped and reserved CPU cores; Adjust default main heap size value. * T7424: Refactor the CPU checks logic; Add total CPU usage check T7424: Fix CPU reserve and skip cores calculations; Add total CPU usage check T7424: Refactor smoketests to reflect new logic * T7424: Refactor the CPU and memory checks logic --------- Co-authored-by: oniko94 <onikolaiev94@outlook.com>
2025-06-20T7531: Add FRR no bgp ipv6-auto-ra optionfactor2431
2025-06-19Merge pull request #4558 from natali-rs1985/T6951Daniil Baturin
firewall: T6951: Add a configuration command for ethertypes that bridge firewalls should always accept
2025-06-17firewall: T6951: Add a configuration command for ethertypes that bridge ↵Nataliia Solomko
firewalls should always accept
2025-06-17container: T7473: fix show/monitor container log failed when log-driver is ↵opswill
journald
2025-06-12Merge pull request #4497 from yzguy/T7432Daniil Baturin
T7432: RPKI VRF Support
2025-06-12Merge pull request #4546 from sarthurdev/T7056Daniil Baturin
openvpn: T7056: Raise error if non-TAP device is bridged
2025-06-10Merge pull request #4536 from ig0rb/fix/T7510-ospf-nssa-translation-errorDaniil Baturin
T7510: ospfd.frr.j2 ospf nssa translation error - fix template
2025-06-09Merge pull request #4548 from c-po/T7202-conntrackDaniil Baturin
conntrack: T7208: nf_conntrack_buckets defaults and behavior
2025-06-08T7510: add smoketests for OSPF nssa translationChristian Breunig
2025-06-07conntrack: T7208: nf_conntrack_buckets defaults and behaviorChristian Breunig
Previously, we used a lower limit of 1 and a default value of 32768 for the nf_conntrack_buckets (conntrack hash-size) sysctl option. However, the Linux kernel enforces an internal minimum of 1024. A configuration migrator will now adjust the lower limit to 1024 if necessary. The former default value of 32768 was passed as a kernel module option, which only took effect after the second system reboot. This was due to the option being rendered but not applied during the first boot. This behavior has been changed so that the value is now configurable at runtime and takes effect immediately. Additionally, since VyOS 1.4 increased the hardware requirements to 4GB of RAM, we now align the default value of nf_conntrack_buckets with the kernel's default for systems with more than 1GB of RAM to 65536 entries. Previously, we only supported half that amount.
2025-06-05openvpn: T7056: Raise error if non-TAP device is bridgedsarthurdev
2025-06-05T7515: Fix VPP NAT44 timeoutsNataliia Solomko
2025-06-05T7523: firewall: Accepting invalid traffic for pppoe discovery and wolopswill
2025-06-03T7503: Add VPP smoketest of NAT44 and CGNAT (#35)Viacheslav Hletenko
2025-06-03T7514: Fix smoketest QoS burst bytes replaced with kilobytesViacheslav Hletenko
The `tc` output burst size was changed from bytes to kilobytes
2025-06-01T7512: Update smoketest for invalid traffic for VLAN aware bridgeIndrajit Raychaudhuri
2025-05-29Merge pull request #4266 from takehaya/T6013-trusted-ca-keysChristian Breunig
T6013: Add support for AuthorizedPrincipalsFile to trusted_user_ca_key
2025-05-29zebra: T7349: Added importing routes from non to the kernel routing tableaapostoliuk
* zebra: T7349: Added importing routes from non to the kernel routing table Added importing routes from non to the kernel routing table. --------- Co-authored-by: Christian Breunig <christian@breunig.cc>
2025-05-29ssh: T6013: rename trusted-user-ca-key -> truster-user-caChristian Breunig
The current implementation for SSH CA based authentication uses "set service ssh trusted-user-ca-key ca-certificate <foo>" to define an X.509 certificate from "set pki ca <foo> ..." - fun fact, native OpenSSH does not support X.509 certificates and only runs with OpenSSH ssh-keygen generated RSA or EC keys. This commit changes the bahavior to support antive certificates generated using ssh-keygen and loaded to our PKI tree. As the previous implementation did not work at all, no migrations cript is used.
2025-05-29ssh: T6013: support SSH AuthorizedPrincipalsFile in use with trusted-user-ca-keyTakeru Hayasaka
Thisc omplements commit e7cab89f9f81 ("T6013: Add support for configuring TrustedUserCAKeys in SSH service with local and remote CA keys"). It introduces a new CLI node per user to support defining the authorized principals used by any given PKI certificate. It is now possible to associate SSH login users with their respective principals. Authored-by: Takeru Hayasaka <hayatake396@gmail.com>
2025-05-28T7432: smoketests for RPKI VRF supportAdam Smith
2025-05-27Merge pull request #4524 from sarthurdev/T7350Daniil Baturin
flowtable: T7350: Prevent interface deletion if referenced on flowtable
2025-05-27Merge pull request #4496 from l0crian1/add-root-bpdu-guardDaniil Baturin
Bridge: T7430: Add BPDU Guard and Root Guard support