summaryrefslogtreecommitdiff
path: root/smoketest
AgeCommit message (Collapse)Author
2023-11-20http: T5762: api: make API socket backend communication the one and only defaultChristian Breunig
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy. (cherry picked from commit f5e43b1361fb59a9c260739bdb28729d5119507c)
2023-11-19Merge pull request #2498 from nicolas-fort/T4072-sagittaChristian Breunig
T4072: firewall: backport bridge firewall to sagitta
2023-11-16T4072: firewall: backport bridge firewall to sagittaNicolas Fort
2023-11-16Merge pull request #2489 from vyos/mergify/bp/sagitta/pr-2476Christian Breunig
pim(6): T5733: add missing FRR related features (backport #2476)
2023-11-16smoketest: Extend HTTP-API testsViacheslav Hletenko
(cherry picked from commit 15b5ede2cdd65af441be6de89b8b1df6d186f874)
2023-11-15pim6: T5733: add missing FRR PIM6 related featuresChristian Breunig
(cherry picked from commit 403d2ffd6e46cb082b1d16ddf515e1784bee968c) # Conflicts: # data/templates/frr/pim6d.frr.j2 # interface-definitions/protocols-pim6.xml.in # smoketest/scripts/cli/test_protocols_pim6.py # src/conf_mode/protocols_pim6.py
2023-11-15pim: T5733: fix CLI level of global PIM commandsChristian Breunig
(cherry picked from commit dd13213ae94f071bc30cc17f5fabef02fbf95939)
2023-11-15igmp: T5736: migrate "protocols igmp" to "protocols pim"Christian Breunig
IGMP and PIM are two different but related things. FRR has both combined in pimd. As we use get_config_dict() and FRR reload it is better to have both centrally stored under the same CLI node (as FRR does, too) to just "fire and forget" the commit to the daemon. "set protocols igmp interface eth1" -> "set protocols pim interface eth1 igmp" (cherry picked from commit bc83fb097719f5c4c803808572f690fbc367b9e5)
2023-11-15pim: T5733: add missing FRR PIM related featuresChristian Breunig
Migrate CLI configuration retrival to common get_config_dict(). In addition add new functionality to VyOS that is PIM related and already available in FRR. (cherry picked from commit 9abc02edcc237760f1f8aa1b3f08d7f4d18f866c) # Conflicts: # python/vyos/frr.py # src/op_mode/restart_frr.py
2023-11-14T5729: T5590: T5616: backport to sagita fwall marks, fix on firewall logs ↵Nicolas Fort
parsing, and migration to valueless node for log and state matchers
2023-11-07T5716: Fix smoketest for accel-ppp limiter tbfViacheslav Hletenko
Limiter in the commit cf92295 was changed to `tbf` Fix smoketest (cherry picked from commit d8ffbbe72c791ec5516d029e85619678b2841402)
2023-11-06bgp: T5698: add support for EVPN MultihomingChristian Breunig
(cherry picked from commit 1d67620e656766731ad6825fd8961140eb50d8a7)
2023-11-06bond: T5698: add support for EVPN MultihomingChristian Breunig
set interfaces bonding bond10 evpn es-df-pref '50' set interfaces bonding bond10 evpn es-id '10' set interfaces bonding bond10 evpn es-sys-mac '01:23:45:67:89:ab' set interfaces bonding bond10 member interface 'eth3' set interfaces bonding bond10 mode '802.3ad' (cherry picked from commit 937685608e61151275c4f60c6d00c0154f2ca06d)
2023-11-03wireguard: T5707: remove previously deconfigured peerChristian Breunig
Changing the public key of a peer (updating the key material) left the old WireGuard peer in place, as the key removal command used the new key. WireGuard only supports peer removal based on the configured public-key, by deleting the entire interface this is the shortcut instead of parsing out all peers and removing them one by one. Peer reconfiguration will always come with a short downtime while the WireGuard interface is recreated. (cherry picked from commit 2fc8738bc9c2fb6364a22d86079e8635cee91949)
2023-11-02T5705: rsyslog: fix error when level=all. Replace <all> with wildcard <*>, ↵Nicolas Fort
as it's done with facility. Create basic smoketest for syslog (cherry picked from commit c5ae7c9e2a141d92b8a716b3dbe3e5b41ee4aaba)
2023-11-01T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵Nicolas Fort
firewal, nat and nat66. (cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6)
2023-11-01smoketest: vxlan: T5699: fix "external" CLI optionChristian Breunig
After commit cc7ba8824 ('vxlan: T5699: migrate "external" CLI know to "parameters external"') We also need to adjust the testcase for ARP/ND suppression. (cherry picked from commit cb2f72dbd10a11f99913cc60044460f18381f770)
2023-10-31vxlan: T5668: add CLI knob to enable ARP/ND suppressionChristian Breunig
In order to minimize the flooding of ARP and ND messages in the VXLAN network, EVPN includes provisions [1] that allow participating VTEPs to suppress such messages in case they know the MAC-IP binding and can reply on behalf of the remote host. In Linux, the above is implemented in the bridge driver using a per-port option called "neigh_suppress" that was added in kernel version 4.15. [1] https://www.rfc-editor.org/rfc/rfc7432#section-10 (cherry picked from commit ec9a95502daa88b9632af12524e7cefebf86bab6)
2023-10-30vxlan: T5699: migrate "external" CLI know to "parameters external"Christian Breunig
As we have a bunch of options under "paramteres" already and "external" is clearly one of them it should be migrated under that node as well. (cherry picked from commit cc7ba8824a5e9ec818f0bbe7fb85e1713a591527)
2023-10-30Merge pull request #2400 from vyos/mergify/bp/sagitta/pr-2355Viacheslav Hletenko
T5643: nat: add interface-groups to nat. Use same cli structure for i… (backport #2355)
2023-10-25smoketest: T3829: rename netns test to match current branchChristian Breunig
2023-10-24T5643: nat: add interface-groups to nat. Use same cli structure for ↵Nicolas Fort
interface-name|interface-group as in firewall. (cherry picked from commit 2f2c3fa22478c7ba2e116486d655e07df878cdf4)
2023-10-23T5637: Firewall: add new rule at the end of base chains for default-actions. ↵Nicolas Fort
This enables logs capabilities for default-action in base chains.
2023-10-22Merge pull request #2394 from vyos/mergify/bp/sagitta/pr-2391Christian Breunig
T5299: Add missed option ceiling for QoS shaper (backport #2391)
2023-10-22T5299: Add missed option ceiling for QoS shaperViacheslav Hletenko
Add missed option `ceil` for QoS class 'trafficshaper' (cherry picked from commit 5218241e6293317f8837b3f7c3893d653d960993)
2023-10-22vxlan: T5671: change port to IANA assigned default portChristian Breunig
Currently VyOS VXLAN implementation uses the Linux assigned port 8472 that predates the IANA assignment. As Most other vendors use the IANA assigned port, follow this guideline and use the new default port 4789. Existing configuration not defining an explicit port number will be migrated to the old default port number of 8472, keeping existing configurations work! (cherry picked from commit 6db8d3ded19f652b99231be0d705d76b598ac72a) # Conflicts: # interface-definitions/include/version/interfaces-version.xml.i
2023-10-21Merge pull request #2389 from vyos/mergify/bp/sagitta/pr-2385Christian Breunig
T5667: BGP label-unicast enable ecmp (backport #2385)
2023-10-21T5667: BGP label-uniscat enable ecmpfett0
(cherry picked from commit e7cdf855ddce7dfe45af8b4b75eeee9de09f2451)
2023-10-20T5541: firewall: re-add zone-based firewall.Nicolas Fort
2023-10-11T5165: Implement policy local-route source and destination portViacheslav Hletenko
Add `policy local-route` source and destination port set policy local-route rule 23 destination port '222' set policy local-route rule 23 protocol 'tcp' set policy local-route rule 23 set table '123' set policy local-route rule 23 source port '8888' % ip rule show prio 23 23: from all ipproto tcp sport 8888 dport 222 lookup 123 (cherry picked from commit ff43733074675b94ce4ead83fe63870b6cf953c5)
2023-10-07pppoe: T5630: verify MRU is less or equal then MTUChristian Breunig
(cherry picked from commit e357258e645cf85de0035d4ecfbf99db4dd90f7e)
2023-10-07pppoe: T5630: allow to specify MRU in addition to already configurable MTUChristian Breunig
Set the MRU (Maximum Receive Unit) value to n. PPPd will ask the peer to send packets of no more than n bytes. The value of n must be between 128 and 16384, the default was always 1492 to match PPPoE MTU. A value of 296 works well on very slow links (40 bytes for TCP/IP header + 256 bytes of data). Note that for the IPv6 protocol, the MRU must be at least 1280. CLI: set interfaces pppoe pppoe0 mru 1280 (cherry picked from commit e062a8c11856f213983f5b41f50d4f9dbc0dde0f)
2023-10-05T4320: remove references to obsoleted legacy version filesJohn Estabrook
(cherry picked from commit aeb0138c9df73b57489eced152f026c0666d1ee5)
2023-10-02T5165: Migrate policy local-route rule x destination to addressViacheslav Hletenko
Migrate policy local-route <destination|source> to node address replace 'policy local-route{v6} rule <tag> destination|source <x.x.x.x>' => 'policy local-route{v6} rule <tag> destination|source address <x.x.x.x>' (cherry picked from commit 9f7a5f79200782f7849cab72f55a39dedf45f214)
2023-09-28mdns: T5615: Allow controlling IP version to use for mDNS repeaterIndrajit Raychaudhuri
This commit adds a new configuration option to the mDNS repeater service to allow controlling which IP version to use for mDNS repeater. Additionally, publishing AAAA record over IPv4 and A record over IPv6 is disabled as suggested. See: - https://github.com/lathiat/avahi/issues/117#issuecomment-1651475104 - https://bugzilla.redhat.com/show_bug.cgi?id=669627#c2 (cherry picked from commit e66f7075ee12ae3107d29efaf683442c3535e8b9)
2023-09-28Merge pull request #2319 from vyos/mergify/bp/sagitta/pr-2313Christian Breunig
T5165: Add option protocol for policy local-route (backport #2313)
2023-09-28firewall: T5614: Add support for matching on conntrack helpersarthurdev
(cherry picked from commit 81dee963a9ca3224ddbd54767a36efae5851a001)
2023-09-28T5165: Add option protocol for policy local-routeViacheslav Hletenko
Add option `protocol` for policy local-route set policy local-route rule 100 destination '192.0.2.12' set policy local-route rule 100 protocol 'tcp' set policy local-route rule 100 set table '100' (cherry picked from commit 96b8b38a3c17aa08fa964eef9141cf89f1c1d442)
2023-09-28ipsec: T5606: Add support for whole CA chainssarthurdev
Also includes an update to smoketest to verify (cherry picked from commit 1ac230548c86d3308ff5b479b79b0e64b75a0e8a)
2023-09-27conf-mode: T5412: move dependency check from smoketest to nosetestJohn Estabrook
(cherry picked from commit 12440ea1af8e60482a6a91c1cb04dcb86d7f4a68)
2023-09-22Merge pull request #2291 from vyos/mergify/bp/sagitta/pr-2284Christian Breunig
bgp: T5596: add new features from FRR 9 (backport #2284)
2023-09-21T5602: Reverse-proxy add option backup for backend serverViacheslav Hletenko
A `backup` server can be defined to take over in the case of all other backends failing set load-balancing reverse-proxy backend <tag> server <tag> address '192.0.2.3' set load-balancing reverse-proxy backend <tag> server <tag> port '8883' set load-balancing reverse-proxy backend <tag> server <tag> backup (cherry picked from commit cb297aea56da91144c53be1f396b64a26a8e5b04)
2023-09-19bgp: T5596: add new features from FRR 9Christian Breunig
* Add BGP Software Version capability (draft-abraitis-bgp-version-capability) set protocols bgp neighbor 192.0.2.1 capability software-version * Add BGP neighbor path-attribute treat-as-withdraw command set protocols bgp neighbor 192.0.2.1 path-attribute treat-as-withdraw (cherry picked from commit d285355716708a46767c18661976906812da8a3c)
2023-09-19isis: T5597: add new features from FRR 9Christian Breunig
* Add support for IS-IS advertise-high-metrics set protocols isis advertise-high-metrics * Add support for IS-IS advertise-passive-only set protocols isis advertise-passive-only (cherry picked from commit f7d35c15256ea74ab32c9b978a5c6fdbd659a7a0)
2023-09-14T5561: nat: defining inbound|outbound interface should not be mandatory ↵Nicolas Fort
while configuring dNAT|sNAT rule (cherry picked from commit ec5437913e489f40fea6bab89a6bb5f565cd1ab7)
2023-09-12T5562: Cleanup netns for smoketest load-balancing wanViacheslav Hletenko
Cleanup nets for the smoketest load-balancing Remove deleting container interfaces from default netns as those interfaces leave inly in netns. (cherry picked from commit 849499f44f6e50c591e250cf40b5ab0115839b53)
2023-09-09vxlan: T3700: support VLAN tunnel mapping of VLAN aware bridgesChristian Breunig
FRR supports a new way of configuring VLAN-to-VNI mappings for EVPN-VXLAN, when working with the Linux kernel. In this new way, the mapping of a VLAN to a VNI is configured against a container VXLAN interface which is referred to as a 'Single VXLAN device (SVD)'. Multiple VLAN to VNI mappings can be configured against the same SVD. This allows for a significant scaling of the number of VNIs since a separate VXLAN interface is no longer required for each VNI. Sample configuration of SVD with VLAN to VNI mappings is shown below. set interfaces bridge br0 member interface vxlan0 set interfaces vxlan vxlan0 external set interfaces vxlan vxlan0 source-interface 'dum0' set interfaces vxlan vxlan0 vlan-to-vni 10 vni '10010' set interfaces vxlan vxlan0 vlan-to-vni 11 vni '10011' set interfaces vxlan vxlan0 vlan-to-vni 30 vni '10030' set interfaces vxlan vxlan0 vlan-to-vni 31 vni '10031' (cherry picked from commit 7f6624f5a6f8bd1749b54103ea5ec9f010adf778)
2023-09-03wireless: T5540: fix smoketests after adjusting VHT channel widthChristian Breunig
Commit 6896aabb6 ("wireless: T5540: fix VHT capability settings for 802.11ac" changed how the VHT channel-sidth is configured in hostapd - but smoketests did not get adjusted.
2023-08-31eapol: T4782: Support multiple CA chainssarthurdev
2023-08-26firewall: T5080: Disable conntrack unless required by rulessarthurdev