summaryrefslogtreecommitdiff
path: root/smoketest/scripts
AgeCommit message (Collapse)Author
2024-01-04T5159: nat: add option to map network and ports. Feature used for large ↵Nicolás Fort
deployments in cgnat. (#2694)
2024-01-04configdict: T5894: add get_config_dict() flag with_pkiChristian Breunig
VyOS has several services relaying on the PKI CLI tree to retrieve certificates. Consuming services like ethernet, openvpn or ipsec all re-implemented the same code to retrieve the certificates from the CLI. This commit extends the signature of get_config_dict() with a new option with_pki that defaults to false. If this option is set, the PKI CLI tree will be blended into the resulting dictionary.
2024-01-02pki: T3642: add missing base64 constraint on PEM keysChristian Breunig
2024-01-01tunnel: T5879: properly verify source-interface used for tunnelsChristian Breunig
A tunnel interface can not properly be sourced from a pppoe0 interface when such interface is not (yet) connected to the BRAS. It might work on a running system, but subsequent reboots will fail as the source-interface most likely does not yet exist.
2023-12-31T5474: establish common file name pattern for XML conf mode commandsChristian Breunig
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in
2023-12-30T5870: ipsec remote access VPN: add x509 ("pubkey") authentication.Lucas Christian
2023-12-30ipsec: T1210: extend remote-access smoketest with IP pool configurationChristian Breunig
This extends commit 1a84c4d0e ("ipsec: T1210: add smoketest for remote-access (road-warrior) users") in a way that also the IPv4 pool and its DNS servers get validated. There is no separate IPv6 test, as both address families behave the same way when configuring these.
2023-12-30Merge pull request #2722 from c-po/t1210-ipsec-smoketestViacheslav Hletenko
ipsec: T1210: add smoketest for remote-access (road-warrior) users
2023-12-30ipsec: T1210: add smoketest for remote-access (road-warrior) usersChristian Breunig
2023-12-30Merge pull request #2718 from indrajitr/shorten-domain-search-pathChristian Breunig
system: T5877: Shorten system domain-search config path
2023-12-30smoketest: remove base accel-ppp testcase function commentsChristian Breunig
Python unittest framework treads the comments as test names during execution: Example: test_accel_ipv4_pool (__main__.TestVPNPPTPServer.test_accel_ipv4_pool) Test accel-ppp IPv4 pool ... ok
2023-12-29system: T5877: Update smoketests for domain-search and related configIndrajit Raychaudhuri
In addition to testing for shortening the domain-search path, add and improve tests for other resolv.conf entries.
2023-12-29smoketest: T5867: extend container tests for IPv4 and IPv6 networksChristian Breunig
2023-12-28Merge pull request #2658 from aapostoliuk/T5801-circinusChristian Breunig
T5801: Rewritten L2TP to get_config_dict
2023-12-28Merge pull request #2650 from indrajitr/kea-reservation-fixChristian Breunig
dhcp: T3316: Support hostname, DUID and MAC address in reservation
2023-12-27Merge pull request #2693 from aapostoliuk/T5859-circinusChristian Breunig
T5859: Fixed format of pool range in the accel-ppp config
2023-12-27T5859: Fixed format of pool range in the accel-ppp configaapostoliuk
Fixed format of ipv4 pool range from 'x.x.x.x-x.x.x.y' to 'x.x.x.x-y'
2023-12-26firewall: T5834: Add support for default log for route policyIndrajit Raychaudhuri
One can now do `set policy route foo default-log` which will add log to the policy route chain.
2023-12-26firewall: T5834: Rename 'enable-default-log' to 'default-log'Indrajit Raychaudhuri
Rename chain level defaults log option from `enable-default-log` to `default-log` for consistency.
2023-12-25snmp: T5855: migrate "set service lldp snmp enable" to "set service lldp snmp"Christian Breunig
2023-12-21dhcp: T3316: Update smoketest for hostname, DUID, MAC in reservationIndrajit Raychaudhuri
Also, have the smoketest start with a clean CLI instance.
2023-12-21Merge pull request #2663 from c-po/srv6-part2Christian Breunig
srv6: T591: enable SR enabled packet processing on defined interfaces
2023-12-20T2898: add ndp-proxy serviceChristian Breunig
VyOS CLI command set service ndp-proxy interface eth0 prefix 2001:db8::/64 mode 'static' Will generate the following NDP proxy configuration $ cat /run/ndppd/ndppd.conf # autogenerated by service_ndp-proxy.py # This tells 'ndppd' how often to reload the route file /proc/net/ipv6_route route-ttl 30000 # This sets up a listener, that will listen for any Neighbor Solicitation # messages, and respond to them according to a set of rules proxy eth0 { # Turn on or off the router flag for Neighbor Advertisements router no # Control how long to wait for a Neighbor Advertisment message before invalidating the entry (milliseconds) timeout 500 # Control how long a valid or invalid entry remains in the cache (milliseconds) ttl 30000 # This is a rule that the target address is to match against. If no netmask # is provided, /128 is assumed. You may have several rule sections, and the # addresses may or may not overlap. rule 2001:db8::/64 { static } }
2023-12-20srv6: T591: enable SR enabled packet processing on defined interfacesChristian Breunig
The Linux Kernel needs to be told if IPv6 SR enabled packets whether should be processed or not. This is done using /proc/sys/net/conf/<iface>/seg6_* variables: seg6_enabled - BOOL Accept or drop SR-enabled IPv6 packets on this interface. Relevant packets are those with SRH present and DA = local. 0 - disabled (default) not 0 - enabled Or the VyOS CLI command: * set protocols segment-routing interface eth0 srv6
2023-12-20vrf: T591: define sysctl setting for net.vrf.strict_modeChristian Breunig
Enable/Disable VRF strict mode, when net.vrf.strict_mode=0 (default) it is possible to associate multiple VRF devices to the same table. Conversely, when net.vrf.strict_mode=1 a table can be associated to a single VRF device. A VRF table can be used by the VyOS CLI only once (ensured by verify()), this simply adds an additional Kernel safety net, but a requirement for IPv6 segment routing headers.
2023-12-20T5801: Rewritten L2TP to get_config_dictaapostoliuk
Rewritten L2TP to get_config_dict Rewritten L2TP xml to accel-ppp patterns Migrated 'idle' to 'ppp-options.lcp-echo-timeout' Migrated 'authentication.mppe' to 'ppp-options.mppe' Migrated 'authentication.radius.dae-server' to 'authentication.radius.dynamic-author' Migrated 'authentication.require' to 'authentication.protocol' Added 'authentication.radius.acct-interim-jitter' Added 'authentication.radius.preallocate-vif' Added 'authentication.radius.server.<IP>.acct-port' Added 'ppp-options.ipv4' Added smoke-tests Fixed 'preallocate-vif' in SSTP
2023-12-19smoketest: bgp: T4163: use explicit kill to respawn bgpd processChristian Breunig
2023-12-19smoketest: bgp: T4163: add explicit timeout when starting BMPChristian Breunig
2023-12-19Revert "smoketest: bgp: temporary disable BMP test"Christian Breunig
This reverts commit 7036c761e74bcd48e3ba714dec4545208ee0e313.
2023-12-17smoketesT: bgp: temporary disable BMP testChristian Breunig
2023-12-16ocserv: T5796: add smoketest for new "http-security-headers" featureChristian Breunig
2023-12-15Merge pull request #2639 from c-po/frr-t4020Viacheslav Hletenko
frr: T4020: add option to define number of open file descriptors
2023-12-15frr: T4020: add option to define number of open file descriptorsChristian Breunig
This allows the operator to control the number of open file descriptors each daemon is allowed to start with. The current assumed value on most operating systems is 1024. If the operator plans to run bgp with several thousands of peers then this is where we would modify FRR to allow this to happen. set system frr descriptors <n>
2023-12-15firewall: T4502: add ofload to firewall table actionsGurliGebis
2023-12-14T4163: Add BGP Monitoring Protocol BMP featureViacheslav Hletenko
Add BMP feature. BMP (BGP Monitoring Protocol, RFC 7854) is used to send monitoring data from BGP routers to network management entities https://docs.frrouting.org/en/latest/bmp.html Example: set system frr bmp commit run restart bgp set protocols bgp system-as '65001' set protocols bgp neighbor 192.0.2.11 address-family ipv4-unicast set protocols bgp neighbor 192.0.2.11 remote-as '65001' set protocols bgp bmp mirror-buffer-limit '256000000' set protocols bgp bmp target foo address '127.0.0.1' set protocols bgp bmp target foo port '5000' set protocols bgp bmp target foo min-retry '1000' set protocols bgp bmp target foo max-retry '2000' set protocols bgp bmp target foo mirror set protocols bgp bmp target foo monitor ipv4-unicast post-policy set protocols bgp bmp target foo monitor ipv4-unicast pre-policy set protocols bgp bmp target foo monitor ipv6-unicast post-policy set protocols bgp bmp target foo monitor ipv6-unicast pre-policy
2023-12-13Merge pull request #2606 from c-po/srv6Christian Breunig
SRv6: T591: initial implementation to support locator definition
2023-12-11ddclient: T5791: Add smoketest for dynamic interfaceIndrajit Raychaudhuri
2023-12-11ddclient: T5791: Cleanup smoketests and remove unnecessary importsIndrajit Raychaudhuri
2023-12-11srv6: T591: initial implementation to support locator definitionChristian Breunig
VyOS CLI set protocols segment-routing srv6 locator bar prefix '2001:b::/64' set protocols segment-routing srv6 locator foo behavior-usid set protocols segment-routing srv6 locator foo prefix '2001:a::/64' Will generate in FRR segment-routing srv6 locators locator bar prefix 2001:b::/64 block-len 40 node-len 24 func-bits 16 exit ! locator foo prefix 2001:a::/64 block-len 40 node-len 24 func-bits 16 behavior usid exit ! exit ! exit ! exit
2023-12-11bgp: T591: add SRv6 support from FRRChristian Breunig
set protocols bgp sid vpn per-vrf export '99' set protocols bgp srv6 locator 'foo' set protocols bgp system-as '100' Will generate in FRR config router bgp 100 no bgp ebgp-requires-policy no bgp default ipv4-unicast no bgp network import-check ! segment-routing srv6 locator foo exit sid vpn per-vrf export 99 exit
2023-12-10Merge pull request #2600 from sever-sever/T5773-smoketestsViacheslav Hletenko
T5773: API add smoketest for load config via HTTP URL
2023-12-09T5773: API add smoketest for load config via HTTP URLViacheslav Hletenko
Use a custom NGINX config to load config via URL
2023-12-09Merge pull request #1960 from sarthurdev/keaChristian Breunig
dhcp: T3316: Migrate dhcp/dhcpv6 server to Kea
2023-12-08ddclient: T5791: use a fixed VRF table ID in smoketestsChristian Breunig
Fixes DEBUG - ====================================================================== DEBUG - ERROR: test_07_dyndns_vrf (__main__.TestServiceDDNS.test_07_dyndns_vrf) DEBUG - ---------------------------------------------------------------------- DEBUG - Traceback (most recent call last): DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/test_service_dns_dynamic.py", line 302, in test_07_dyndns_vrf DEBUG - self.cli_set(['vrf', 'name', vrf_name, 'table', vrf_table]) DEBUG - File "/usr/libexec/vyos/tests/smoke/cli/base_vyostest_shim.py", line 68, in cli_set DEBUG - self._session.set(config) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 154, in set DEBUG - self.__run_command([SET] + path + value) DEBUG - File "/usr/lib/python3/dist-packages/vyos/configsession.py", line 143, in __run_command DEBUG - raise ConfigSessionError(output) DEBUG - vyos.configsession.ConfigSessionError: Number is not in any of allowed ranges
2023-12-08dhcp: T3316: Add time-zone node for options 100 and 101sarthurdev
2023-12-08dhcp: T3316: Migrate dhcp/dhcpv6 server to Keasarthurdev
2023-12-07Merge pull request #2539 from nicolas-fort/T5775Daniil Baturin
T5775: firewall: re-add state-policy to firewall. These commands are …
2023-12-06T160: Rebase and fixes for NAT64Viacheslav Hletenko
- Update the base (rebase) - Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i - Delete unwanted `write_json`, use `write_file` instead - Remove unnecessary deleting of default values for tagNodes T2665 - Add smoketest Example: ``` set interfaces ethernet eth0 address '192.168.122.14/24' set interfaces ethernet eth0 address '192.168.122.10/24' set interfaces ethernet eth2 address '2001:db8::1/64' set nat64 source rule 100 source prefix '64:ff9b::/96' set nat64 source rule 100 translation pool 10 address '192.168.122.10' set nat64 source rule 100 translation pool 10 port '1-65535' ```
2023-12-05Merge pull request #2574 from nicolas-fort/T5779Daniil Baturin
T5779: conntrack: Apply fixes to <set system conntrack timeout custom>
2023-12-05T5779: conntrack: Apply fixes to <set system conntrack timeout custom>. ↵Nicolas Fort
Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6.