From e64ab9ec34ce8cb221f3c82787d3641efa30aac0 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 20 Sep 2020 13:12:16 +0200
Subject: smoketest: T2903: test 802.1ad (Q-in-Q) ethertype

---
 smoketest/scripts/cli/base_interfaces_test.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'smoketest/scripts')

diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py
index 14ec7e137..047c19dd0 100644
--- a/smoketest/scripts/cli/base_interfaces_test.py
+++ b/smoketest/scripts/cli/base_interfaces_test.py
@@ -14,12 +14,15 @@
 
 import os
 import unittest
+import json
 
 from netifaces import ifaddresses, AF_INET, AF_INET6
 
 from vyos.configsession import ConfigSession
 from vyos.ifconfig import Interface
 from vyos.util import read_file
+from vyos.util import cmd
+from vyos.util import vyos_dict_search
 from vyos.validate import is_intf_addr_assigned, is_ipv6_link_local
 
 class BasicInterfaceTest:
@@ -212,8 +215,12 @@ class BasicInterfaceTest:
                             self.session.set(base + ['address', address])
 
             self.session.commit()
+
             for interface in self._interfaces:
                 for vif_s in self._qinq_range:
+                    tmp = json.loads(cmd(f'ip -d -j link show dev {interface}.{vif_s}'))[0]
+                    self.assertEqual(vyos_dict_search('linkinfo.info_data.protocol', tmp), '802.1ad')
+
                     for vif_c in self._vlan_range:
                         vif = f'{interface}.{vif_s}.{vif_c}'
                         for address in self._test_addr:
-- 
cgit v1.2.3


From 993f6873c02f3f79013acedfe61ce705bdb3a4d0 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 20 Sep 2020 13:53:55 +0200
Subject: wwan: ifconfig: T2905: sync CLI nodes in dialup interfaces

Both PPPoE and WWAN interfaces are dialer interfaces handled by ppp, but use
different CLI nodes for the same functionality. PPPoE has "connect-on-demand"
to initiate an "on-demand" dialing and WWAN uses "ondemand" for this purpose.

Rename WWAN "ondemand" node to "connect-on-demand".
---
 data/templates/wwan/peer.tmpl                              |  2 +-
 .../include/interface-dial-on-demand.xml.i                 |  6 ++++++
 interface-definitions/interfaces-pppoe.xml.in              |  7 +------
 interface-definitions/interfaces-wirelessmodem.xml.in      |  7 +------
 smoketest/scripts/cli/test_interfaces_wirelessmodem.py     |  2 +-
 src/migration-scripts/interfaces/12-to-13                  | 14 ++++++++++++++
 6 files changed, 24 insertions(+), 14 deletions(-)
 create mode 100644 interface-definitions/include/interface-dial-on-demand.xml.i

(limited to 'smoketest/scripts')

diff --git a/data/templates/wwan/peer.tmpl b/data/templates/wwan/peer.tmpl
index aa759f741..e23881bf8 100644
--- a/data/templates/wwan/peer.tmpl
+++ b/data/templates/wwan/peer.tmpl
@@ -21,7 +21,7 @@ noauth
 crtscts
 lock
 persist
-{{ "demand" if ondemand is defined }}
+{{ "demand" if connect_on_demand is defined }}
 
 connect '/usr/sbin/chat -v -t6 -f /etc/ppp/peers/chat.{{ ifname }}'
 
diff --git a/interface-definitions/include/interface-dial-on-demand.xml.i b/interface-definitions/include/interface-dial-on-demand.xml.i
new file mode 100644
index 000000000..c14ddf6f5
--- /dev/null
+++ b/interface-definitions/include/interface-dial-on-demand.xml.i
@@ -0,0 +1,6 @@
+<leafNode name="connect-on-demand">
+  <properties>
+    <help>Establishment connection automatically when traffic is sent</help>
+    <valueless/>
+  </properties>
+</leafNode>
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in
index 8a6c61312..b6208e0b9 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces-pppoe.xml.in
@@ -42,12 +42,7 @@
               </leafNode>
             </children>
           </node>
-          <leafNode name="connect-on-demand">
-            <properties>
-              <help>Automatic establishment of PPPOE connection when traffic is sent</help>
-              <valueless/>
-            </properties>
-          </leafNode>
+          #include <include/interface-dial-on-demand.xml.i>
           <leafNode name="default-route">
             <properties>
               <help>Default route insertion behaviour (default: auto)</help>
diff --git a/interface-definitions/interfaces-wirelessmodem.xml.in b/interface-definitions/interfaces-wirelessmodem.xml.in
index d375b808d..96604ff00 100644
--- a/interface-definitions/interfaces-wirelessmodem.xml.in
+++ b/interface-definitions/interfaces-wirelessmodem.xml.in
@@ -80,12 +80,7 @@
               <valueless/>
             </properties>
           </leafNode>
-          <leafNode name="ondemand">
-            <properties>
-              <help>Only dial when traffic is available</help>
-              <valueless/>
-            </properties>
-          </leafNode>
+          #include <include/interface-dial-on-demand.xml.i>
         </children>
       </tagNode>
     </children>
diff --git a/smoketest/scripts/cli/test_interfaces_wirelessmodem.py b/smoketest/scripts/cli/test_interfaces_wirelessmodem.py
index 40cd03b93..efc9c0e98 100755
--- a/smoketest/scripts/cli/test_interfaces_wirelessmodem.py
+++ b/smoketest/scripts/cli/test_interfaces_wirelessmodem.py
@@ -43,7 +43,7 @@ class WWANInterfaceTest(unittest.TestCase):
     def test_wlm_1(self):
         for interface in self._interfaces:
             self.session.set(base_path + [interface, 'no-peer-dns'])
-            self.session.set(base_path + [interface, 'ondemand'])
+            self.session.set(base_path + [interface, 'connect-on-demand'])
 
             # check validate() - APN must be configure
             with self.assertRaises(ConfigSessionError):
diff --git a/src/migration-scripts/interfaces/12-to-13 b/src/migration-scripts/interfaces/12-to-13
index 17d1d0b0a..f866ca9a6 100755
--- a/src/migration-scripts/interfaces/12-to-13
+++ b/src/migration-scripts/interfaces/12-to-13
@@ -17,6 +17,8 @@
 # - T2903: Change vif-s ethertype from numeric number to literal
 #   - 0x88a8 -> 802.1ad
 #   - 0x8100 -> 802.1q
+# - T2905: Change WWAN "ondemand" node to "connect-on-demand" to have identical
+#   CLI nodes for both types of dialer interfaces
 
 from sys import exit, argv
 from vyos.configtree import ConfigTree
@@ -32,6 +34,9 @@ if __name__ == '__main__':
 
     config = ConfigTree(config_file)
 
+    #
+    # T2903
+    #
     for type in config.list_nodes(['interfaces']):
         for interface in config.list_nodes(['interfaces', type]):
             if not config.exists(['interfaces', type, interface, 'vif-s']):
@@ -48,6 +53,15 @@ if __name__ == '__main__':
                     config.set(base_path + ['protocol'], value=protocol)
                     config.delete(base_path + ['ethertype'])
 
+    #
+    # T2905
+    #
+    wwan_base = ['interfaces', 'wirelessmodem']
+    if config.exists(wwan_base):
+        for interface in config.list_nodes(wwan_base):
+            if config.exists(wwan_base + [interface, 'ondemand']):
+                config.rename(wwan_base + [interface, 'ondemand'], 'connect-on-demand')
+
     try:
         with open(file_name, 'w') as f:
             f.write(config.to_string())
-- 
cgit v1.2.3


From 7ea3802aa3de99ec78fbe0cf24a8527b80c927db Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 21 Sep 2020 17:30:27 +0200
Subject: smoketest: macsec: T2023: test MTU setting

---
 data/templates/macsec/wpa_supplicant.conf.tmpl  |  2 +-
 smoketest/scripts/cli/test_interfaces_macsec.py | 39 +++++++++++++++----------
 2 files changed, 25 insertions(+), 16 deletions(-)

(limited to 'smoketest/scripts')

diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index 1731bf160..5b353def8 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -1,4 +1,4 @@
-# autogenerated by interfaces-macsec.py
+### Autogenerated by interfaces-macsec.py ###
 
 # see full documentation:
 # https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py
index 0f1b6486d..30b040b97 100755
--- a/smoketest/scripts/cli/test_interfaces_macsec.py
+++ b/smoketest/scripts/cli/test_interfaces_macsec.py
@@ -23,8 +23,8 @@ from base_interfaces_test import BasicInterfaceTest
 from vyos.configsession import ConfigSessionError
 from vyos.util import read_file
 
-def get_config_value(intf, key):
-    tmp = read_file(f'/run/wpa_supplicant/{intf}.conf')
+def get_config_value(interface, key):
+    tmp = read_file(f'/run/wpa_supplicant/{interface}.conf')
     tmp = re.findall(r'\n?{}=(.*)'.format(key), tmp)
     return tmp[0]
 
@@ -49,52 +49,61 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
         mode - both using different mandatory settings, lets test
         encryption as the basic authentication test has been performed
         using the base class tests """
-        intf = 'macsec0'
-        src_intf = 'eth0'
+        interface = 'macsec0'
+        src_interface = 'eth0'
         mak_cak = '232e44b7fda6f8e2d88a07bf78a7aff4'
         mak_ckn = '40916f4b23e3d548ad27eedd2d10c6f98c2d21684699647d63d41b500dfe8836'
         replay_window = '64'
-        self.session.set(self._base_path + [intf, 'security', 'encrypt'])
+        self.session.set(self._base_path + [interface, 'security', 'encrypt'])
 
         # check validate() - Cipher suite must be set for MACsec
         with self.assertRaises(ConfigSessionError):
             self.session.commit()
-        self.session.set(self._base_path + [intf, 'security', 'cipher', 'gcm-aes-128'])
+        self.session.set(self._base_path + [interface, 'security', 'cipher', 'gcm-aes-128'])
 
         # check validate() - Physical source interface must be set for MACsec
         with self.assertRaises(ConfigSessionError):
             self.session.commit()
-        self.session.set(self._base_path + [intf, 'source-interface', src_intf])
+        self.session.set(self._base_path + [interface, 'source-interface', src_interface])
+
+        # check validate() - Physical source interface MTU must be higher then our MTU
+        self.session.set(self._base_path + [interface, 'mtu', '1500'])
+        with self.assertRaises(ConfigSessionError):
+            self.session.commit()
+        self.session.delete(self._base_path + [interface, 'mtu'])
 
         # check validate() - MACsec security keys mandartory when encryption is enabled
         with self.assertRaises(ConfigSessionError):
             self.session.commit()
-        self.session.set(self._base_path + [intf, 'security', 'mka', 'cak', mak_cak])
+        self.session.set(self._base_path + [interface, 'security', 'mka', 'cak', mak_cak])
 
         # check validate() - MACsec security keys mandartory when encryption is enabled
         with self.assertRaises(ConfigSessionError):
             self.session.commit()
-        self.session.set(self._base_path + [intf, 'security', 'mka', 'ckn', mak_ckn])
+        self.session.set(self._base_path + [interface, 'security', 'mka', 'ckn', mak_ckn])
 
-        self.session.set(self._base_path + [intf, 'security', 'replay-window', replay_window])
+        self.session.set(self._base_path + [interface, 'security', 'replay-window', replay_window])
         self.session.commit()
 
-        tmp = get_config_value(src_intf, 'macsec_integ_only')
+        tmp = get_config_value(src_interface, 'macsec_integ_only')
         self.assertTrue("0" in tmp)
 
-        tmp = get_config_value(src_intf, 'mka_cak')
+        tmp = get_config_value(src_interface, 'mka_cak')
         self.assertTrue(mak_cak in tmp)
 
-        tmp = get_config_value(src_intf, 'mka_ckn')
+        tmp = get_config_value(src_interface, 'mka_ckn')
         self.assertTrue(mak_ckn in tmp)
 
         # check that the default priority of 255 is programmed
-        tmp = get_config_value(src_intf, 'mka_priority')
+        tmp = get_config_value(src_interface, 'mka_priority')
         self.assertTrue("255" in tmp)
 
-        tmp = get_config_value(src_intf, 'macsec_replay_window')
+        tmp = get_config_value(src_interface, 'macsec_replay_window')
         self.assertTrue(replay_window in tmp)
 
+        tmp = read_file(f'/sys/class/net/{interface}/mtu')
+        self.assertEqual(tmp, '1460')
+
         # Check for running process
         self.assertTrue("wpa_supplicant" in (p.name() for p in process_iter()))
 
-- 
cgit v1.2.3


From 4ce3720109cdd6648e5251da98bf11902c443e2e Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Mon, 21 Sep 2020 17:30:53 +0200
Subject: smoketest: kernel: check for mandatory bond/lacp and bridge options

---
 smoketest/scripts/system/test_kernel_options.py | 47 +++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100755 smoketest/scripts/system/test_kernel_options.py

(limited to 'smoketest/scripts')

diff --git a/smoketest/scripts/system/test_kernel_options.py b/smoketest/scripts/system/test_kernel_options.py
new file mode 100755
index 000000000..6316521f6
--- /dev/null
+++ b/smoketest/scripts/system/test_kernel_options.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+import platform
+import unittest
+
+from vyos.util import read_file
+
+kernel = platform.release()
+config = read_file(f'/boot/config-{kernel}')
+
+class TestKernelModules(unittest.TestCase):
+    """ VyOS makes use of a lot of Kernel drivers, modules and features. The
+    required modules which are essential for VyOS should be tested that they are
+    available in the Kernel that is run. """
+
+    def test_bond_interface(self):
+        """ The bond/lacp interface must be enabled in the OS Kernel """
+        for option in ['CONFIG_BONDING']:
+            tmp = re.findall(f'{option}=(y|m)', config)
+            self.assertTrue(tmp)
+
+    def test_bridge_interface(self):
+        """ The bridge interface must be enabled in the OS Kernel """
+        for option in ['CONFIG_BRIDGE',
+                       'CONFIG_BRIDGE_IGMP_SNOOPING',
+                       'CONFIG_BRIDGE_VLAN_FILTERING']:
+            tmp = re.findall(f'{option}=(y|m)', config)
+            self.assertTrue(tmp)
+
+if __name__ == '__main__':
+    unittest.main()
+
-- 
cgit v1.2.3


From feb491584d84636883000634bd4bba9b014b2c83 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Tue, 22 Sep 2020 18:43:34 +0200
Subject: smoketest: macsec: T2023: check that source-interface is not used by
 any other interface

---
 smoketest/scripts/cli/test_interfaces_macsec.py | 137 ++++++++++++++++--------
 1 file changed, 91 insertions(+), 46 deletions(-)

(limited to 'smoketest/scripts')

diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py
index 30b040b97..fab5433de 100755
--- a/smoketest/scripts/cli/test_interfaces_macsec.py
+++ b/smoketest/scripts/cli/test_interfaces_macsec.py
@@ -16,10 +16,12 @@
 
 import re
 import unittest
+
 from psutil import process_iter
+from base_interfaces_test import BasicInterfaceTest
+from netifaces import interfaces
 
 from vyos.ifconfig import Section
-from base_interfaces_test import BasicInterfaceTest
 from vyos.configsession import ConfigSessionError
 from vyos.util import read_file
 
@@ -32,80 +34,123 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
     def setUp(self):
          super().setUp()
          self._base_path = ['interfaces', 'macsec']
-         self._options = {
-             'macsec0': ['source-interface eth0',
-                         'security cipher gcm-aes-128']
-         }
+         self._options = { 'macsec0': ['source-interface eth0', 'security cipher gcm-aes-128'] }
 
          # if we have a physical eth1 interface, add a second macsec instance
          if 'eth1' in Section.interfaces("ethernet"):
-             macsec = { 'macsec1': ['source-interface eth1', 'security cipher gcm-aes-128'] }
+             macsec = { 'macsec1': [f'source-interface eth1', 'security cipher gcm-aes-128'] }
              self._options.update(macsec)
 
          self._interfaces = list(self._options)
 
     def test_encryption(self):
-        """ MACsec can be operating in authentication and encryption
-        mode - both using different mandatory settings, lets test
-        encryption as the basic authentication test has been performed
-        using the base class tests """
-        interface = 'macsec0'
-        src_interface = 'eth0'
+        """ MACsec can be operating in authentication and encryption mode - both
+        using different mandatory settings, lets test encryption as the basic
+        authentication test has been performed using the base class tests """
+
         mak_cak = '232e44b7fda6f8e2d88a07bf78a7aff4'
         mak_ckn = '40916f4b23e3d548ad27eedd2d10c6f98c2d21684699647d63d41b500dfe8836'
         replay_window = '64'
-        self.session.set(self._base_path + [interface, 'security', 'encrypt'])
 
-        # check validate() - Cipher suite must be set for MACsec
-        with self.assertRaises(ConfigSessionError):
-            self.session.commit()
-        self.session.set(self._base_path + [interface, 'security', 'cipher', 'gcm-aes-128'])
+        for interface, option_value in self._options.items():
+            for option in option_value:
+                if option.split()[0] == 'source-interface':
+                    src_interface = option.split()[1]
 
-        # check validate() - Physical source interface must be set for MACsec
-        with self.assertRaises(ConfigSessionError):
-            self.session.commit()
-        self.session.set(self._base_path + [interface, 'source-interface', src_interface])
+                self.session.set(self._base_path + [interface] + option.split())
 
-        # check validate() - Physical source interface MTU must be higher then our MTU
-        self.session.set(self._base_path + [interface, 'mtu', '1500'])
-        with self.assertRaises(ConfigSessionError):
+            # Encrypt link
+            self.session.set(self._base_path + [interface, 'security', 'encrypt'])
+
+            # check validate() - Physical source interface MTU must be higher then our MTU
+            self.session.set(self._base_path + [interface, 'mtu', '1500'])
+            with self.assertRaises(ConfigSessionError):
+                self.session.commit()
+            self.session.delete(self._base_path + [interface, 'mtu'])
+
+            # check validate() - MACsec security keys mandartory when encryption is enabled
+            with self.assertRaises(ConfigSessionError):
+                self.session.commit()
+            self.session.set(self._base_path + [interface, 'security', 'mka', 'cak', mak_cak])
+
+            # check validate() - MACsec security keys mandartory when encryption is enabled
+            with self.assertRaises(ConfigSessionError):
+                self.session.commit()
+            self.session.set(self._base_path + [interface, 'security', 'mka', 'ckn', mak_ckn])
+
+            self.session.set(self._base_path + [interface, 'security', 'replay-window', replay_window])
+
+            # final commit of settings
             self.session.commit()
-        self.session.delete(self._base_path + [interface, 'mtu'])
 
-        # check validate() - MACsec security keys mandartory when encryption is enabled
+            tmp = get_config_value(src_interface, 'macsec_integ_only')
+            self.assertTrue("0" in tmp)
+
+            tmp = get_config_value(src_interface, 'mka_cak')
+            self.assertTrue(mak_cak in tmp)
+
+            tmp = get_config_value(src_interface, 'mka_ckn')
+            self.assertTrue(mak_ckn in tmp)
+
+            # check that the default priority of 255 is programmed
+            tmp = get_config_value(src_interface, 'mka_priority')
+            self.assertTrue("255" in tmp)
+
+            tmp = get_config_value(src_interface, 'macsec_replay_window')
+            self.assertTrue(replay_window in tmp)
+
+            tmp = read_file(f'/sys/class/net/{interface}/mtu')
+            self.assertEqual(tmp, '1460')
+
+            # Check for running process
+            self.assertTrue("wpa_supplicant" in (p.name() for p in process_iter()))
+
+    def test_mandatory_toptions(self):
+        interface = 'macsec1'
+        self.session.set(self._base_path + [interface])
+
+        # check validate() - source interface is mandatory
         with self.assertRaises(ConfigSessionError):
             self.session.commit()
-        self.session.set(self._base_path + [interface, 'security', 'mka', 'cak', mak_cak])
+        self.session.set(self._base_path + [interface, 'source-interface', 'eth0'])
 
-        # check validate() - MACsec security keys mandartory when encryption is enabled
+        # check validate() - cipher is mandatory
         with self.assertRaises(ConfigSessionError):
             self.session.commit()
-        self.session.set(self._base_path + [interface, 'security', 'mka', 'ckn', mak_ckn])
+        self.session.set(self._base_path + [interface, 'security', 'cipher', 'gcm-aes-128'])
 
-        self.session.set(self._base_path + [interface, 'security', 'replay-window', replay_window])
+        # final commit and verify
         self.session.commit()
+        self.assertIn(interface, interfaces())
 
-        tmp = get_config_value(src_interface, 'macsec_integ_only')
-        self.assertTrue("0" in tmp)
+    def test_source_interface(self):
+        """ Ensure source-interface can bot be part of any other bond or bridge """
 
-        tmp = get_config_value(src_interface, 'mka_cak')
-        self.assertTrue(mak_cak in tmp)
+        base_bridge = ['interfaces', 'bridge', 'br200']
+        base_bond = ['interfaces', 'bonding', 'bond200']
 
-        tmp = get_config_value(src_interface, 'mka_ckn')
-        self.assertTrue(mak_ckn in tmp)
+        for interface, option_value in self._options.items():
+            for option in option_value:
+                self.session.set(self._base_path + [interface] + option.split())
+                if option.split()[0] == 'source-interface':
+                    src_interface = option.split()[1]
 
-        # check that the default priority of 255 is programmed
-        tmp = get_config_value(src_interface, 'mka_priority')
-        self.assertTrue("255" in tmp)
+            self.session.set(base_bridge + ['member', 'interface', src_interface])
+            # check validate() - Source interface must not already be a member of a bridge
+            with self.assertRaises(ConfigSessionError):
+                self.session.commit()
+            self.session.delete(base_bridge)
 
-        tmp = get_config_value(src_interface, 'macsec_replay_window')
-        self.assertTrue(replay_window in tmp)
+            self.session.set(base_bond + ['member', 'interface', src_interface])
+            # check validate() - Source interface must not already be a member of a bridge
+            with self.assertRaises(ConfigSessionError):
+                self.session.commit()
+            self.session.delete(base_bond)
 
-        tmp = read_file(f'/sys/class/net/{interface}/mtu')
-        self.assertEqual(tmp, '1460')
-
-        # Check for running process
-        self.assertTrue("wpa_supplicant" in (p.name() for p in process_iter()))
+            # final commit and verify
+            self.session.commit()
+            self.assertIn(interface, interfaces())
 
 if __name__ == '__main__':
     unittest.main()
+
-- 
cgit v1.2.3


From 4db00f1cd820f4fc462ce3537d692694224e02a4 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 24 Sep 2020 18:23:08 +0200
Subject: smoketest: dns: forwarding: T2921: add initial testcases

---
 .../scripts/cli/test_service_dns_forwarding.py     | 163 +++++++++++++++++++++
 1 file changed, 163 insertions(+)
 create mode 100755 smoketest/scripts/cli/test_service_dns_forwarding.py

(limited to 'smoketest/scripts')

diff --git a/smoketest/scripts/cli/test_service_dns_forwarding.py b/smoketest/scripts/cli/test_service_dns_forwarding.py
new file mode 100755
index 000000000..0ae27a4d4
--- /dev/null
+++ b/smoketest/scripts/cli/test_service_dns_forwarding.py
@@ -0,0 +1,163 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019-2020 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import re
+import os
+import unittest
+
+from psutil import process_iter
+
+from vyos.configsession import ConfigSession, ConfigSessionError
+from vyos.util import read_file
+from vyos.util import process_named_running
+
+CONFIG_FILE = '/run/powerdns/recursor.conf'
+FORWARD_FILE = '/run/powerdns/recursor.forward-zones.conf'
+PROCESS_NAME= 'pdns-r/worker'
+
+base_path = ['service', 'dns', 'forwarding']
+
+allow_from = ['192.0.2.0/24', '2001:db8::/32']
+listen_adress = ['127.0.0.1', '::1']
+
+def get_config_value(key, file=CONFIG_FILE):
+    tmp = read_file(file)
+    tmp = re.findall(r'\n{}=+(.*)'.format(key), tmp)
+    return tmp[0]
+
+class TestServicePowerDNS(unittest.TestCase):
+    def setUp(self):
+        self.session = ConfigSession(os.getpid())
+
+    def tearDown(self):
+        # Delete DNS forwarding configuration
+        self.session.delete(base_path)
+        self.session.commit()
+        del self.session
+
+    def test_basic_forwarding(self):
+        """ Check basic DNS forwarding settings """
+        cache_size = '20'
+        negative_ttl = '120'
+
+        self.session.set(base_path + ['cache-size', cache_size])
+        self.session.set(base_path + ['negative-ttl', negative_ttl])
+
+        # check validate() - allow from must be defined
+        with self.assertRaises(ConfigSessionError):
+            self.session.commit()
+        for network in allow_from:
+            self.session.set(base_path + ['allow-from', network])
+
+        # check validate() - listen-address must be defined
+        with self.assertRaises(ConfigSessionError):
+            self.session.commit()
+        for address in listen_adress:
+            self.session.set(base_path + ['listen-address', address])
+
+        # configure DNSSEC
+        self.session.set(base_path + ['dnssec', 'validate'])
+
+        # commit changes
+        self.session.commit()
+
+        # Check configured cache-size
+        tmp = get_config_value('max-cache-entries')
+        self.assertEqual(tmp, cache_size)
+
+        # Networks allowed to query this server
+        tmp = get_config_value('allow-from')
+        self.assertEqual(tmp, ','.join(allow_from))
+
+        # Addresses to listen for DNS queries
+        tmp = get_config_value('local-address')
+        self.assertEqual(tmp, ','.join(listen_adress))
+
+        # Maximum amount of time negative entries are cached
+        tmp = get_config_value('max-negative-ttl')
+        self.assertEqual(tmp, negative_ttl)
+
+        # Check for running process
+        self.assertTrue(process_named_running(PROCESS_NAME))
+
+    def test_dnssec(self):
+        """ DNSSEC option testing """
+
+        for network in allow_from:
+            self.session.set(base_path + ['allow-from', network])
+        for address in listen_adress:
+            self.session.set(base_path + ['listen-address', address])
+
+        options = ['off', 'process-no-validate', 'process', 'log-fail', 'validate']
+        for option in options:
+            self.session.set(base_path + ['dnssec', option])
+
+            # commit changes
+            self.session.commit()
+
+            tmp = get_config_value('dnssec')
+            self.assertEqual(tmp, option)
+
+            # Check for running process
+            self.assertTrue(process_named_running(PROCESS_NAME))
+
+    def test_external_nameserver(self):
+        """ Externe Domain Name Servers (DNS) addresses """
+
+        for network in allow_from:
+            self.session.set(base_path + ['allow-from', network])
+        for address in listen_adress:
+            self.session.set(base_path + ['listen-address', address])
+
+        nameservers = ['192.0.2.1', '192.0.2.2']
+        for nameserver in nameservers:
+            self.session.set(base_path + ['name-server', nameserver])
+
+        # commit changes
+        self.session.commit()
+
+        tmp = get_config_value(r'\+.', file=FORWARD_FILE)
+        self.assertEqual(tmp, ', '.join(nameservers))
+
+        # Check for running process
+        self.assertTrue(process_named_running(PROCESS_NAME))
+
+    def test_domain_forwarding(self):
+        """ Externe Domain Name Servers (DNS) addresses """
+
+        for network in allow_from:
+            self.session.set(base_path + ['allow-from', network])
+        for address in listen_adress:
+            self.session.set(base_path + ['listen-address', address])
+
+        domains = ['vyos.io', 'vyos.net']
+        nameservers = ['192.0.2.1', '192.0.2.2']
+        for domain in domains:
+            for nameserver in nameservers:
+                self.session.set(base_path + ['domain', domain, 'server', nameserver])
+
+        # commit changes
+        self.session.commit()
+
+        for domain in domains:
+            tmp = get_config_value(domain, file=FORWARD_FILE)
+            self.assertEqual(tmp, ', '.join(nameservers))
+
+        # Check for running process
+        self.assertTrue(process_named_running(PROCESS_NAME))
+
+if __name__ == '__main__':
+    unittest.main()
-- 
cgit v1.2.3


From 58ead7415a3fe8d786bdb6fd2a99d0a57770dbd7 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 24 Sep 2020 19:54:15 +0200
Subject: smoketest: (re-)use process_named_running() from vyos.util

---
 smoketest/scripts/cli/test_interfaces_macsec.py     |  6 +++---
 smoketest/scripts/cli/test_interfaces_wireless.py   | 10 ++++------
 smoketest/scripts/cli/test_service_dns_dynamic.py   | 21 +++++----------------
 .../scripts/cli/test_service_dns_forwarding.py      |  2 --
 smoketest/scripts/cli/test_service_mdns-repeater.py |  4 ++--
 smoketest/scripts/cli/test_service_pppoe-server.py  |  8 ++++----
 smoketest/scripts/cli/test_service_router-advert.py |  6 ++----
 smoketest/scripts/cli/test_service_snmp.py          | 14 ++++++++------
 smoketest/scripts/cli/test_service_ssh.py           | 15 +++++++--------
 smoketest/scripts/cli/test_system_lcd.py            |  9 +++++----
 smoketest/scripts/cli/test_system_ntp.py            | 13 ++++++++-----
 smoketest/scripts/cli/test_vpn_openconnect.py       |  8 +++-----
 12 files changed, 51 insertions(+), 65 deletions(-)

(limited to 'smoketest/scripts')

diff --git a/smoketest/scripts/cli/test_interfaces_macsec.py b/smoketest/scripts/cli/test_interfaces_macsec.py
index fab5433de..6d1be86ba 100755
--- a/smoketest/scripts/cli/test_interfaces_macsec.py
+++ b/smoketest/scripts/cli/test_interfaces_macsec.py
@@ -17,13 +17,13 @@
 import re
 import unittest
 
-from psutil import process_iter
 from base_interfaces_test import BasicInterfaceTest
 from netifaces import interfaces
 
-from vyos.ifconfig import Section
 from vyos.configsession import ConfigSessionError
+from vyos.ifconfig import Section
 from vyos.util import read_file
+from vyos.util import process_named_running
 
 def get_config_value(interface, key):
     tmp = read_file(f'/run/wpa_supplicant/{interface}.conf')
@@ -103,7 +103,7 @@ class MACsecInterfaceTest(BasicInterfaceTest.BaseTest):
             self.assertEqual(tmp, '1460')
 
             # Check for running process
-            self.assertTrue("wpa_supplicant" in (p.name() for p in process_iter()))
+            self.assertTrue(process_named_running('wpa_supplicant'))
 
     def test_mandatory_toptions(self):
         interface = 'macsec1'
diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py
index 691f633b7..0e93b6432 100755
--- a/smoketest/scripts/cli/test_interfaces_wireless.py
+++ b/smoketest/scripts/cli/test_interfaces_wireless.py
@@ -19,8 +19,7 @@ import re
 import unittest
 
 from base_interfaces_test import BasicInterfaceTest
-from psutil import process_iter
-
+from vyos.util import process_named_running
 from vyos.util import check_kmod
 from vyos.util import read_file
 
@@ -54,10 +53,10 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest):
         for option, option_value in self._options.items():
             if 'type access-point' in option_value:
                 # Check for running process
-                self.assertIn('hostapd', (p.name() for p in process_iter()))
+                self.assertTrue(process_named_running('hostapd'))
             elif 'type station' in option_value:
                 # Check for running process
-                self.assertIn('wpa_supplicant', (p.name() for p in process_iter()))
+                self.assertTrue(process_named_running('wpa_supplicant'))
             else:
                 self.assertTrue(False)
 
@@ -137,8 +136,7 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest):
             self.assertIn(value, tmp)
 
         # Check for running process
-        self.assertIn('hostapd', (p.name() for p in process_iter()))
-
+        self.assertTrue(process_named_running('hostapd'))
 
 if __name__ == '__main__':
     check_kmod('mac80211_hwsim')
diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py
index be52360ed..51fa38912 100755
--- a/smoketest/scripts/cli/test_service_dns_dynamic.py
+++ b/smoketest/scripts/cli/test_service_dns_dynamic.py
@@ -19,10 +19,11 @@ import os
 import unittest
 
 from getpass import getuser
-from psutil import process_iter
-from vyos.configsession import ConfigSession, ConfigSessionError
+from vyos.configsession import ConfigSession
+from vyos.configsession import ConfigSessionError
 from vyos.util import read_file
 
+PROCESS_NAME = 'ddclient'
 DDCLIENT_CONF = '/run/ddclient/ddclient.conf'
 base_path = ['service', 'dns', 'dynamic']
 
@@ -32,17 +33,6 @@ def get_config_value(key):
     tmp = tmp[0].rstrip(',')
     return tmp
 
-def check_process():
-    """
-    Check for running process, process name changes dynamically e.g.
-    "ddclient - sleeping for 270 seconds", thus we need a different approach
-    """
-    running = False
-    for p in process_iter():
-        if "ddclient" in p.name():
-            running = True
-    return running
-
 class TestServiceDDNS(unittest.TestCase):
     def setUp(self):
         self.session = ConfigSession(os.getpid())
@@ -104,8 +94,7 @@ class TestServiceDDNS(unittest.TestCase):
                 self.assertTrue(pwd == "'" + password + "'")
 
             # Check for running process
-            self.assertTrue(check_process())
-
+            self.assertTrue(process_named_running(PROCESS_NAME))
 
     def test_rfc2136(self):
         """ Check if DDNS service can be configured and runs """
@@ -135,7 +124,7 @@ class TestServiceDDNS(unittest.TestCase):
         # TODO: inspect generated configuration file
 
         # Check for running process
-        self.assertTrue(check_process())
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/smoketest/scripts/cli/test_service_dns_forwarding.py b/smoketest/scripts/cli/test_service_dns_forwarding.py
index 0ae27a4d4..717b5b56d 100755
--- a/smoketest/scripts/cli/test_service_dns_forwarding.py
+++ b/smoketest/scripts/cli/test_service_dns_forwarding.py
@@ -18,8 +18,6 @@ import re
 import os
 import unittest
 
-from psutil import process_iter
-
 from vyos.configsession import ConfigSession, ConfigSessionError
 from vyos.util import read_file
 from vyos.util import process_named_running
diff --git a/smoketest/scripts/cli/test_service_mdns-repeater.py b/smoketest/scripts/cli/test_service_mdns-repeater.py
index 18900b6d2..de73b9914 100755
--- a/smoketest/scripts/cli/test_service_mdns-repeater.py
+++ b/smoketest/scripts/cli/test_service_mdns-repeater.py
@@ -17,8 +17,8 @@
 import os
 import unittest
 
-from psutil import process_iter
 from vyos.configsession import ConfigSession
+from vyos.util import process_named_running
 
 base_path = ['service', 'mdns', 'repeater']
 intf_base = ['interfaces', 'dummy']
@@ -45,7 +45,7 @@ class TestServiceMDNSrepeater(unittest.TestCase):
         self.session.commit()
 
         # Check for running process
-        self.assertTrue("mdns-repeater" in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running('mdns-repeater'))
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/smoketest/scripts/cli/test_service_pppoe-server.py b/smoketest/scripts/cli/test_service_pppoe-server.py
index 901ca792d..3a6b12ef4 100755
--- a/smoketest/scripts/cli/test_service_pppoe-server.py
+++ b/smoketest/scripts/cli/test_service_pppoe-server.py
@@ -14,15 +14,15 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import re
 import os
 import unittest
 
 from configparser import ConfigParser
-from psutil import process_iter
 from vyos.configsession import ConfigSession
 from vyos.configsession import ConfigSessionError
+from vyos.util import process_named_running
 
+process_name = 'accel-pppd'
 base_path = ['service', 'pppoe-server']
 local_if = ['interfaces', 'dummy', 'dum667']
 pppoe_conf = '/run/accel-pppd/pppoe.conf'
@@ -116,7 +116,7 @@ class TestServicePPPoEServer(unittest.TestCase):
         self.assertEqual(conf['connlimit']['limit'], '20/min')
 
         # Check for running process
-        self.assertTrue('accel-pppd' in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running(process_name))
 
     def test_radius_auth(self):
         """ Test configuration of RADIUS authentication for PPPoE server """
@@ -161,7 +161,7 @@ class TestServicePPPoEServer(unittest.TestCase):
         self.assertFalse(conf['ppp'].getboolean('ccp'))
 
         # Check for running process
-        self.assertTrue('accel-pppd' in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running(process_name))
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/smoketest/scripts/cli/test_service_router-advert.py b/smoketest/scripts/cli/test_service_router-advert.py
index ec2110c8a..238f59e6d 100755
--- a/smoketest/scripts/cli/test_service_router-advert.py
+++ b/smoketest/scripts/cli/test_service_router-advert.py
@@ -18,9 +18,9 @@ import re
 import os
 import unittest
 
-from psutil import process_iter
 from vyos.configsession import ConfigSession
 from vyos.util import read_file
+from vyos.util import process_named_running
 
 RADVD_CONF = '/run/radvd/radvd.conf'
 
@@ -90,10 +90,8 @@ class TestServiceRADVD(unittest.TestCase):
         tmp = get_config_value('AdvOnLink')
         self.assertEqual(tmp, 'off')
 
-
-
         # Check for running process
-        self.assertTrue('radvd' in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running('radvd'))
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/smoketest/scripts/cli/test_service_snmp.py b/smoketest/scripts/cli/test_service_snmp.py
index fb5f5393f..067a3c76b 100755
--- a/smoketest/scripts/cli/test_service_snmp.py
+++ b/smoketest/scripts/cli/test_service_snmp.py
@@ -19,12 +19,15 @@ import re
 import unittest
 
 from vyos.validate import is_ipv4
-from psutil import process_iter
 
-from vyos.configsession import ConfigSession, ConfigSessionError
+from vyos.configsession import ConfigSession
+from vyos.configsession import ConfigSessionError
 from vyos.util import read_file
+from vyos.util import process_named_running
 
+PROCESS_NAME = 'snmpd'
 SNMPD_CONF = '/etc/snmp/snmpd.conf'
+
 base_path = ['service', 'snmp']
 
 def get_config_value(key):
@@ -78,7 +81,7 @@ class TestSNMPService(unittest.TestCase):
         self.assertTrue(expected in config)
 
         # Check for running process
-        self.assertTrue("snmpd" in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
 
     def test_snmpv3_sha(self):
@@ -113,7 +116,7 @@ class TestSNMPService(unittest.TestCase):
         # TODO: read in config file and check values
 
         # Check for running process
-        self.assertTrue("snmpd" in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
     def test_snmpv3_md5(self):
         """ Check if SNMPv3 can be configured with MD5 authentication and service runs"""
@@ -147,8 +150,7 @@ class TestSNMPService(unittest.TestCase):
         # TODO: read in config file and check values
 
         # Check for running process
-        self.assertTrue("snmpd" in (p.name() for p in process_iter()))
-
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/smoketest/scripts/cli/test_service_ssh.py b/smoketest/scripts/cli/test_service_ssh.py
index 79850fe44..0cd00ccce 100755
--- a/smoketest/scripts/cli/test_service_ssh.py
+++ b/smoketest/scripts/cli/test_service_ssh.py
@@ -18,10 +18,12 @@ import re
 import os
 import unittest
 
-from psutil import process_iter
-from vyos.configsession import ConfigSession, ConfigSessionError
+from vyos.configsession import ConfigSession
+from vyos.configsession import ConfigSessionError
 from vyos.util import read_file
+from vyos.util import process_named_running
 
+PROCESS_NAME = 'sshd'
 SSHD_CONF = '/run/ssh/sshd_config'
 base_path = ['service', 'ssh']
 
@@ -30,9 +32,6 @@ def get_config_value(key):
     tmp = re.findall(f'\n?{key}\s+(.*)', tmp)
     return tmp
 
-def is_service_running():
-    return 'sshd' in (p.name() for p in process_iter())
-
 class TestServiceSSH(unittest.TestCase):
     def setUp(self):
         self.session = ConfigSession(os.getpid())
@@ -62,7 +61,7 @@ class TestServiceSSH(unittest.TestCase):
         self.assertEqual('22', port)
 
         # Check for running process
-        self.assertTrue(is_service_running())
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
     def test_ssh_single(self):
         """ Check if SSH service can be configured and runs """
@@ -101,7 +100,7 @@ class TestServiceSSH(unittest.TestCase):
         self.assertTrue("100" in keepalive)
 
         # Check for running process
-        self.assertTrue(is_service_running())
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
     def test_ssh_multi(self):
         """ Check if SSH service can be configured and runs with multiple
@@ -128,7 +127,7 @@ class TestServiceSSH(unittest.TestCase):
             self.assertIn(address, tmp)
 
         # Check for running process
-        self.assertTrue(is_service_running())
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/smoketest/scripts/cli/test_system_lcd.py b/smoketest/scripts/cli/test_system_lcd.py
index 931a91c53..9385799b0 100755
--- a/smoketest/scripts/cli/test_system_lcd.py
+++ b/smoketest/scripts/cli/test_system_lcd.py
@@ -18,9 +18,10 @@ import os
 import unittest
 
 from configparser import ConfigParser
-from psutil import process_iter
 from vyos.configsession import ConfigSession
+from vyos.util import process_named_running
 
+config_file = '/run/LCDd/LCDd.conf'
 base_path = ['system', 'lcd']
 
 class TestSystemLCD(unittest.TestCase):
@@ -42,13 +43,13 @@ class TestSystemLCD(unittest.TestCase):
 
         # load up ini-styled LCDd.conf
         conf = ConfigParser()
-        conf.read('/run/LCDd/LCDd.conf')
+        conf.read(config_file)
 
         self.assertEqual(conf['CFontzPacket']['Model'], '533')
         self.assertEqual(conf['CFontzPacket']['Device'], '/dev/ttyS1')
 
-        # both processes running
-        self.assertTrue('LCDd' in (p.name() for p in process_iter()))
+        # Check for running process
+        self.assertTrue(process_named_running('LCDd'))
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/smoketest/scripts/cli/test_system_ntp.py b/smoketest/scripts/cli/test_system_ntp.py
index 856a28916..2a7c64870 100755
--- a/smoketest/scripts/cli/test_system_ntp.py
+++ b/smoketest/scripts/cli/test_system_ntp.py
@@ -18,11 +18,14 @@ import re
 import os
 import unittest
 
-from psutil import process_iter
-from vyos.configsession import ConfigSession, ConfigSessionError
-from vyos.template import vyos_address_from_cidr, vyos_netmask_from_cidr
+from vyos.configsession import ConfigSession
+from vyos.configsession import ConfigSessionError
+from vyos.template import vyos_address_from_cidr
+from vyos.template import vyos_netmask_from_cidr
 from vyos.util import read_file
+from vyos.util import process_named_running
 
+PROCESS_NAME = 'ntpd'
 NTP_CONF = '/etc/ntp.conf'
 base_path = ['system', 'ntp']
 
@@ -63,7 +66,7 @@ class TestSystemNTP(unittest.TestCase):
             self.assertTrue(test in tmp)
 
         # Check for running process
-        self.assertTrue("ntpd" in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
     def test_ntp_clients(self):
         """ Test the allowed-networks statement """
@@ -102,7 +105,7 @@ class TestSystemNTP(unittest.TestCase):
         self.assertEqual(tmp, test)
 
         # Check for running process
-        self.assertTrue("ntpd" in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running(PROCESS_NAME))
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index d2b82d686..2ba6aabf9 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -14,13 +14,11 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import re
 import os
 import unittest
 
-from psutil import process_iter
-from vyos.configsession import ConfigSession, ConfigSessionError
-from vyos.util import read_file
+from vyos.configsession import ConfigSession
+from vyos.util import process_named_running
 
 OCSERV_CONF = '/run/ocserv/ocserv.conf'
 base_path = ['vpn', 'openconnect']
@@ -52,7 +50,7 @@ class TestVpnOpenconnect(unittest.TestCase):
         self.session.commit()
 
         # Check for running process
-        self.assertTrue("ocserv-main" in (p.name() for p in process_iter()))
+        self.assertTrue(process_named_running('ocserv-main'))
 
 if __name__ == '__main__':
     unittest.main()
-- 
cgit v1.2.3


From 44698fb03cf2017e56adbd161c66be585822b87a Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 24 Sep 2020 20:35:25 +0200
Subject: smoketest: dns: dynamic: add missing import statement

Commit 58ead741 ("smoketest: (re-)use process_named_running() from vyos.util")
missed an import statement for process_named_running(). This has been fixed.
---
 smoketest/scripts/cli/test_service_dns_dynamic.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'smoketest/scripts')

diff --git a/smoketest/scripts/cli/test_service_dns_dynamic.py b/smoketest/scripts/cli/test_service_dns_dynamic.py
index 51fa38912..c7ac87135 100755
--- a/smoketest/scripts/cli/test_service_dns_dynamic.py
+++ b/smoketest/scripts/cli/test_service_dns_dynamic.py
@@ -22,6 +22,7 @@ from getpass import getuser
 from vyos.configsession import ConfigSession
 from vyos.configsession import ConfigSessionError
 from vyos.util import read_file
+from vyos.util import process_named_running
 
 PROCESS_NAME = 'ddclient'
 DDCLIENT_CONF = '/run/ddclient/ddclient.conf'
-- 
cgit v1.2.3


From f39f5dde342aa5e14d1fb4155920c61ac5fd11b1 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 25 Sep 2020 19:21:36 +0200
Subject: dns: forwarding: T2921: migrate to get_config_dict()

---
 data/configd-include.json                          |   1 +
 data/templates/dns-forwarding/recursor.conf.tmpl   |   2 +-
 .../recursor.forward-zones.conf.tmpl               |   4 +-
 .../recursor.vyos-hostsd.conf.lua.tmpl             |   4 +-
 interface-definitions/dns-forwarding.xml.in        |  11 +-
 .../scripts/cli/test_service_dns_forwarding.py     |  35 ++++-
 src/conf_mode/dns_forwarding.py                    | 172 ++++++++-------------
 src/services/vyos-hostsd                           |  21 +--
 src/utils/vyos-hostsd-client                       |   6 +-
 9 files changed, 122 insertions(+), 134 deletions(-)

(limited to 'smoketest/scripts')

diff --git a/data/configd-include.json b/data/configd-include.json
index 0c75657e0..2711a29b8 100644
--- a/data/configd-include.json
+++ b/data/configd-include.json
@@ -2,6 +2,7 @@
 "bcast_relay.py",
 "dhcp_relay.py",
 "dhcpv6_relay.py",
+"dns_forwarding.py",
 "dynamic_dns.py",
 "firewall_options.py",
 "host_name.py",
diff --git a/data/templates/dns-forwarding/recursor.conf.tmpl b/data/templates/dns-forwarding/recursor.conf.tmpl
index d233b8abc..b0ae3cc61 100644
--- a/data/templates/dns-forwarding/recursor.conf.tmpl
+++ b/data/templates/dns-forwarding/recursor.conf.tmpl
@@ -21,7 +21,7 @@ max-cache-entries={{ cache_size }}
 max-negative-ttl={{ negative_ttl }}
 
 # ignore-hosts-file
-export-etc-hosts={{ export_hosts_file }}
+export-etc-hosts={{ 'no' if ignore_hosts_file is defined else 'yes' }}
 
 # listen-address
 local-address={{ listen_address | join(',') }}
diff --git a/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl b/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl
index e62b9bb81..90f35ae1c 100644
--- a/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl
+++ b/data/templates/dns-forwarding/recursor.forward-zones.conf.tmpl
@@ -19,10 +19,10 @@
 +.={{ n.dot_zone_ns }}
 {% endif %}
 
-{% if forward_zones %}
+{% if forward_zones is defined %}
 # zones added via 'service dns forwarding domain'
 {%   for zone, zonedata in forward_zones.items() %}
-{%     if zonedata['recursion-desired'] %}+{% endif %}{{ zone }}={{ zonedata['nslist']|join(', ') }}
+{{ "+" if zonedata['recursion_desired'] is defined }}{{ zone }}={{ zonedata['server']|join(', ') }}
 {%   endfor %}
 {% endif %}
 
diff --git a/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl b/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
index 8fefae0b2..784d5c360 100644
--- a/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
+++ b/data/templates/dns-forwarding/recursor.vyos-hostsd.conf.lua.tmpl
@@ -13,10 +13,10 @@ addNTA("{{ a }}.", "{{ tag }} alias")
 {%   endfor %}
 {% endif %}
 
-{% if forward_zones %}
+{% if forward_zones is defined %}
 -- from 'service dns forwarding domain'
 {%   for zone, zonedata in forward_zones.items() %}
-{%     if zonedata['addNTA'] %}
+{%     if zonedata['addnta'] is defined %}
 addNTA("{{ zone }}", "static")
 {%     endif %}
 {%   endfor %}
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index aaf8bb27d..07e63d54a 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -16,7 +16,7 @@
             <children>
               <leafNode name="cache-size">
                 <properties>
-                  <help>DNS forwarding cache size</help>
+                  <help>DNS forwarding cache size (default: 10000)</help>
                   <valueHelp>
                     <format>0-10000</format>
                     <description>DNS forwarding cache size</description>
@@ -25,6 +25,7 @@
                     <validator name="numeric" argument="--range 0-10000"/>
                   </constraint>
                 </properties>
+                <defaultValue>10000</defaultValue>
               </leafNode>
               <leafNode name="dhcp">
                 <properties>
@@ -37,7 +38,7 @@
               </leafNode>
               <leafNode name="dnssec">
                 <properties>
-                  <help>DNSSEC mode</help>
+                  <help>DNSSEC mode (default: process-no-validate)</help>
                   <completionHelp>
                     <list>off process-no-validate process log-fail validate</list>
                   </completionHelp>
@@ -62,9 +63,10 @@
                     <description>Full blown DNSSEC validation. Send SERVFAIL to clients on bogus responses.</description>
                   </valueHelp>
                   <constraint>
-                    <regex>(off|process-no-validate|process|log-fail|validate)</regex>
+                    <regex>^(off|process-no-validate|process|log-fail|validate)$</regex>
                   </constraint>
                 </properties>
+                <defaultValue>process-no-validate</defaultValue>
               </leafNode>
               <tagNode name="domain">
                 <properties>
@@ -146,7 +148,7 @@
               </leafNode>
               <leafNode name="negative-ttl">
                 <properties>
-                  <help>Maximum amount of time negative entries are cached</help>
+                  <help>Maximum amount of time negative entries are cached (default: 3600)</help>
                   <valueHelp>
                     <format>0-7200</format>
                     <description>Seconds to cache NXDOMAIN entries</description>
@@ -155,6 +157,7 @@
                     <validator name="numeric" argument="--range 0-7200"/>
                   </constraint>
                 </properties>
+                <defaultValue>3600</defaultValue>
               </leafNode>
               <leafNode name="name-server">
                 <properties>
diff --git a/smoketest/scripts/cli/test_service_dns_forwarding.py b/smoketest/scripts/cli/test_service_dns_forwarding.py
index 717b5b56d..5e2f3dfbd 100755
--- a/smoketest/scripts/cli/test_service_dns_forwarding.py
+++ b/smoketest/scripts/cli/test_service_dns_forwarding.py
@@ -24,6 +24,7 @@ from vyos.util import process_named_running
 
 CONFIG_FILE = '/run/powerdns/recursor.conf'
 FORWARD_FILE = '/run/powerdns/recursor.forward-zones.conf'
+HOSTSD_FILE = '/run/powerdns/recursor.vyos-hostsd.conf.lua'
 PROCESS_NAME= 'pdns-r/worker'
 
 base_path = ['service', 'dns', 'forwarding']
@@ -69,6 +70,9 @@ class TestServicePowerDNS(unittest.TestCase):
         # configure DNSSEC
         self.session.set(base_path + ['dnssec', 'validate'])
 
+        # Do not use local /etc/hosts file in name resolution
+        self.session.set(base_path + ['ignore-hosts-file'])
+
         # commit changes
         self.session.commit()
 
@@ -88,6 +92,10 @@ class TestServicePowerDNS(unittest.TestCase):
         tmp = get_config_value('max-negative-ttl')
         self.assertEqual(tmp, negative_ttl)
 
+        # Do not use local /etc/hosts file in name resolution
+        tmp = get_config_value('export-etc-hosts')
+        self.assertEqual(tmp, 'no')
+
         # Check for running process
         self.assertTrue(process_named_running(PROCESS_NAME))
 
@@ -130,6 +138,11 @@ class TestServicePowerDNS(unittest.TestCase):
         tmp = get_config_value(r'\+.', file=FORWARD_FILE)
         self.assertEqual(tmp, ', '.join(nameservers))
 
+        # Do not use local /etc/hosts file in name resolution
+        # default: yes
+        tmp = get_config_value('export-etc-hosts')
+        self.assertEqual(tmp, 'yes')
+
         # Check for running process
         self.assertTrue(process_named_running(PROCESS_NAME))
 
@@ -141,21 +154,39 @@ class TestServicePowerDNS(unittest.TestCase):
         for address in listen_adress:
             self.session.set(base_path + ['listen-address', address])
 
-        domains = ['vyos.io', 'vyos.net']
+        domains = ['vyos.io', 'vyos.net', 'vyos.com']
         nameservers = ['192.0.2.1', '192.0.2.2']
         for domain in domains:
             for nameserver in nameservers:
                 self.session.set(base_path + ['domain', domain, 'server', nameserver])
 
+            # Test 'recursion-desired' flag for only one domain
+            if domain == domains[0]:
+                self.session.set(base_path + ['domain', domain, 'recursion-desired'])
+
+            # Test 'negative trust anchor' flag for the second domain only
+            if domain == domains[1]:
+                self.session.set(base_path + ['domain', domain, 'addnta'])
+
         # commit changes
         self.session.commit()
 
+        # Test configured name-servers
+        hosts_conf = read_file(HOSTSD_FILE)
         for domain in domains:
-            tmp = get_config_value(domain, file=FORWARD_FILE)
+            # Test 'recursion-desired' flag for the first domain only
+            if domain == domains[0]: key =f'\+{domain}'
+            else: key =f'{domain}'
+            tmp = get_config_value(key, file=FORWARD_FILE)
             self.assertEqual(tmp, ', '.join(nameservers))
 
+            # Test 'negative trust anchor' flag for the second domain only
+            if domain == domains[1]:
+                self.assertIn(f'addNTA("{domain}", "static")', hosts_conf)
+
         # Check for running process
         self.assertTrue(process_named_running(PROCESS_NAME))
 
 if __name__ == '__main__':
     unittest.main()
+
diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index d6eb76d91..5101c1e79 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -17,14 +17,17 @@
 import os
 
 from sys import exit
-from copy import deepcopy
 
 from vyos.config import Config
+from vyos.configdict import dict_merge
 from vyos.hostsd_client import Client as hostsd_client
-from vyos import ConfigError
-from vyos.util import call, chown
+from vyos.util import call
+from vyos.util import chown
+from vyos.util import vyos_dict_search
 from vyos.template import render
+from vyos.xml import defaults
 
+from vyos import ConfigError
 from vyos import airbag
 airbag.enable()
 
@@ -35,116 +38,63 @@ pdns_rec_hostsd_lua_conf_file = f'{pdns_rec_run_dir}/recursor.vyos-hostsd.conf.l
 pdns_rec_hostsd_zones_file = f'{pdns_rec_run_dir}/recursor.forward-zones.conf'
 pdns_rec_config_file = f'{pdns_rec_run_dir}/recursor.conf'
 
-default_config_data = {
-    'allow_from': [],
-    'cache_size': 10000,
-    'export_hosts_file': 'yes',
-    'listen_address': [],
-    'name_servers': [],
-    'negative_ttl': 3600,
-    'system': False,
-    'domains': {},
-    'dnssec': 'process-no-validate',
-    'dhcp_interfaces': []
-}
-
 hostsd_tag = 'static'
 
-def get_config(conf):
-    dns = deepcopy(default_config_data)
+def get_config(config=None):
+    if config:
+        conf = config
+    else:
+        conf = Config()
     base = ['service', 'dns', 'forwarding']
-
     if not conf.exists(base):
         return None
 
-    conf.set_level(base)
-
-    if conf.exists(['allow-from']):
-        dns['allow_from'] = conf.return_values(['allow-from'])
-
-    if conf.exists(['cache-size']):
-        cache_size = conf.return_value(['cache-size'])
-        dns['cache_size'] = cache_size
-
-    if conf.exists('negative-ttl'):
-        negative_ttl = conf.return_value(['negative-ttl'])
-        dns['negative_ttl'] = negative_ttl
-
-    if conf.exists(['domain']):
-        for domain in conf.list_nodes(['domain']):
-            conf.set_level(base + ['domain', domain])
-            entry = {
-                'nslist': bracketize_ipv6_addrs(conf.return_values(['server'])),
-                'addNTA': conf.exists(['addnta']),
-                'recursion-desired': conf.exists(['recursion-desired'])
-            }
-            dns['domains'][domain] = entry
-
-        conf.set_level(base)
+    dns = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True)
+    # We have gathered the dict representation of the CLI, but there are default
+    # options which we need to update into the dictionary retrived.
+    default_values = defaults(base)
+    dns = dict_merge(default_values, dns)
 
-    if conf.exists(['ignore-hosts-file']):
-        dns['export_hosts_file'] = "no"
+    # some additions to the default dictionary
+    if 'system' in dns:
+        base_nameservers = ['system', 'name-server']
+        if conf.exists(base_nameservers):
+            dns.update({'system_name_server': conf.return_values(base_nameservers)})
 
-    if conf.exists(['name-server']):
-        dns['name_servers'] = bracketize_ipv6_addrs(
-                conf.return_values(['name-server']))
-
-    if conf.exists(['system']):
-        dns['system'] = True
-
-    if conf.exists(['listen-address']):
-        dns['listen_address'] = conf.return_values(['listen-address'])
-
-    if conf.exists(['dnssec']):
-        dns['dnssec'] = conf.return_value(['dnssec'])
-
-    if conf.exists(['dhcp']):
-        dns['dhcp_interfaces'] = conf.return_values(['dhcp'])
+        base_nameservers_dhcp = ['system', 'name-servers-dhcp']
+        if conf.exists(base_nameservers_dhcp):
+            dns.update({'system_name_server_dhcp': conf.return_values(base_nameservers_dhcp)})
 
     return dns
 
-def bracketize_ipv6_addrs(addrs):
-    """Wraps each IPv6 addr in addrs in [], leaving IPv4 addrs untouched."""
-    return ['[{0}]'.format(a) if a.count(':') > 1 else a for a in addrs]
-
-def verify(conf, dns):
+def verify(dns):
     # bail out early - looks like removal from running config
-    if dns is None:
+    if not dns:
         return None
 
-    if not dns['listen_address']:
-        raise ConfigError(
-            "Error: DNS forwarding requires a listen-address")
-
-    if not dns['allow_from']:
-        raise ConfigError(
-                "Error: DNS forwarding requires an allow-from network")
-
-    if dns['domains']:
-        for domain in dns['domains']:
-            if not dns['domains'][domain]['nslist']:
-                raise ConfigError((
-                    f'Error: No server configured for domain {domain}'))
-
-    no_system_nameservers = False
-    conf.set_level([])
-    if dns['system'] and not (
-            conf.exists(['system', 'name-server']) or
-            conf.exists(['system', 'name-servers-dhcp']) ):
-        no_system_nameservers = True
-        print(("DNS forwarding warning: No 'system name-server' or "
-                "'system name-servers-dhcp' set\n"))
-
-    if (no_system_nameservers or not dns['system']) and not (
-            dns['name_servers'] or dns['dhcp_interfaces']):
-        print(("DNS forwarding warning: No 'dhcp', 'name-server' or 'system' "
-            "nameservers set. Forwarding will operate as a recursor.\n"))
+    if 'listen_address' not in dns:
+        raise ConfigError('DNS forwarding requires a listen-address')
+
+    if 'allow_from' not in dns:
+        raise ConfigError('DNS forwarding requires an allow-from network')
+
+    # we can not use vyos_dict_search() when testing for domain servers
+    # as a domain will contains dot's which is out dictionary delimiter.
+    if 'domain' in dns:
+        for domain in dns['domain']:
+            if 'server' not in dns['domain'][domain]:
+                raise ConfigError(f'No server configured for domain {domain}!')
+
+    if 'system' in dns:
+        if not ('system_name_server' in dns or 'system_name_server_dhcp' in dns):
+            print("Warning: No 'system name-server' or 'system " \
+                  "name-servers-dhcp' configured")
 
     return None
 
 def generate(dns):
     # bail out early - looks like removal from running config
-    if dns is None:
+    if not dns:
         return None
 
     render(pdns_rec_config_file, 'dns-forwarding/recursor.conf.tmpl',
@@ -154,17 +104,18 @@ def generate(dns):
             dns, trim_blocks=True, user=pdns_rec_user, group=pdns_rec_group)
 
     # if vyos-hostsd didn't create its files yet, create them (empty)
-    for f in [pdns_rec_hostsd_lua_conf_file, pdns_rec_hostsd_zones_file]:
-        with open(f, 'a'):
+    for file in [pdns_rec_hostsd_lua_conf_file, pdns_rec_hostsd_zones_file]:
+        with open(file, 'a'):
             pass
-        chown(f, user=pdns_rec_user, group=pdns_rec_group)
+        chown(file, user=pdns_rec_user, group=pdns_rec_group)
 
     return None
 
 def apply(dns):
-    if dns is None:
+    if not dns:
         # DNS forwarding is removed in the commit
-        call("systemctl stop pdns-recursor.service")
+        call('systemctl stop pdns-recursor.service')
+
         if os.path.isfile(pdns_rec_config_file):
             os.unlink(pdns_rec_config_file)
     else:
@@ -174,8 +125,8 @@ def apply(dns):
         # add static nameservers to hostsd so they can be joined with other
         # sources
         hc.delete_name_servers([hostsd_tag])
-        if dns['name_servers']:
-            hc.add_name_servers({hostsd_tag: dns['name_servers']})
+        if 'name_server' in dns:
+            hc.add_name_servers({hostsd_tag: dns['name_server']})
 
         # delete all nameserver tags
         hc.delete_name_server_tags_recursor(hc.get_name_server_tags_recursor())
@@ -184,32 +135,33 @@ def apply(dns):
         # our own tag (static)
         hc.add_name_server_tags_recursor([hostsd_tag])
 
-        if dns['system']:
+        if 'system' in dns:
             hc.add_name_server_tags_recursor(['system'])
         else:
             hc.delete_name_server_tags_recursor(['system'])
 
         # add dhcp nameserver tags for configured interfaces
-        for intf in dns['dhcp_interfaces']:
-            hc.add_name_server_tags_recursor(['dhcp-' + intf, 'dhcpv6-' + intf ])
+        if 'system_name_server_dhcp' in dns:
+            for interface in dns['system_name_server_dhcp']:
+                hc.add_name_server_tags_recursor(['dhcp-' + interface,
+                                                  'dhcpv6-' + interface ])
 
         # hostsd will generate the forward-zones file
         # the list and keys() are required as get returns a dict, not list
         hc.delete_forward_zones(list(hc.get_forward_zones().keys()))
-        if dns['domains']:
-            hc.add_forward_zones(dns['domains'])
+        if 'domain' in dns:
+            hc.add_forward_zones(dns['domain'])
 
         # call hostsd to generate forward-zones and its lua-config-file
         hc.apply()
 
         ### finally (re)start pdns-recursor
-        call("systemctl restart pdns-recursor.service")
+        call('systemctl restart pdns-recursor.service')
 
 if __name__ == '__main__':
     try:
-        conf = Config()
-        c = get_config(conf)
-        verify(conf, c)
+        c = get_config()
+        verify(c)
         generate(c)
         apply(c)
     except ConfigError as e:
diff --git a/src/services/vyos-hostsd b/src/services/vyos-hostsd
index 0079f7e5c..59dbeda17 100755
--- a/src/services/vyos-hostsd
+++ b/src/services/vyos-hostsd
@@ -107,16 +107,17 @@
 #
 ### forward_zones
 ## Additional zones added to pdns-recursor forward-zones-file.
-## If recursion-desired is true, '+' will be prepended to the zone line.
-## If addNTA is true, a NTA will be added via lua-config-file.
+## If recursion_desired is true, '+' will be prepended to the zone line.
+## If addnta is true, a NTA (Negative Trust Anchor) will be added via
+## lua-config-file.
 #
 # { 'type': 'forward_zones',
 #   'op': 'add',
 #   'data': {
 #       '<str zone>': {
-#           'nslist': ['<str nameserver>', ...],
-#           'addNTA': <bool>,
-#           'recursion-desired': <bool>
+#           'server': ['<str nameserver>', ...],
+#           'addnta': <bool>,
+#           'recursion_desired': <bool>
 #         }
 #       ...
 #     }
@@ -305,12 +306,12 @@ tag_regex_schema = op_type_schema.extend({
 forward_zone_add_schema = op_type_schema.extend({
     'data': {
         str: {
-            'nslist': [str],
-            'addNTA': bool,
-            'recursion-desired': bool
+            'server': [str],
+            'addnta': Any({}, None),
+            'recursion_desired': Any({}, None),
             }
         }
-    }, required=True)
+    }, required=False)
 
 hosts_add_schema = op_type_schema.extend({
     'data': {
@@ -586,7 +587,7 @@ if __name__ == '__main__':
 
     context = zmq.Context()
     socket = context.socket(zmq.REP)
-    
+
     # Set the right permissions on the socket, then change it back
     o_mask = os.umask(0o007)
     socket.bind(SOCKET_PATH)
diff --git a/src/utils/vyos-hostsd-client b/src/utils/vyos-hostsd-client
index 48ebc83f7..d4d38315a 100755
--- a/src/utils/vyos-hostsd-client
+++ b/src/utils/vyos-hostsd-client
@@ -99,9 +99,9 @@ try:
             raise ValueError("--nameservers is required for this operation")
         client.add_forward_zones(
                 { args.add_forward_zone: {
-                    'nslist': args.nameservers,
-                    'addNTA': args.addnta,
-                    'recursion-desired': args.recursion_desired
+                    'server': args.nameservers,
+                    'addnta': args.addnta,
+                    'recursion_desired': args.recursion_desired
                     }
                 })
     elif args.delete_forward_zones:
-- 
cgit v1.2.3


From dfa949c5b758e2954ed5c6ad455fe586965cd156 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sat, 26 Sep 2020 10:06:27 +0200
Subject: smoketest: platform: check for required virtio/vmxnet drivers

---
 smoketest/scripts/system/test_kernel_options.py | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'smoketest/scripts')

diff --git a/smoketest/scripts/system/test_kernel_options.py b/smoketest/scripts/system/test_kernel_options.py
index 6316521f6..043567c4f 100755
--- a/smoketest/scripts/system/test_kernel_options.py
+++ b/smoketest/scripts/system/test_kernel_options.py
@@ -42,6 +42,22 @@ class TestKernelModules(unittest.TestCase):
             tmp = re.findall(f'{option}=(y|m)', config)
             self.assertTrue(tmp)
 
+    def test_qemu_support(self):
+        """ The bond/lacp interface must be enabled in the OS Kernel """
+        for option in ['CONFIG_VIRTIO_BLK', 'CONFIG_SCSI_VIRTIO',
+                       'CONFIG_VIRTIO_NET', 'CONFIG_VIRTIO_CONSOLE',
+                       'CONFIG_VIRTIO', 'CONFIG_VIRTIO_PCI',
+                       'CONFIG_VIRTIO_BALLOON', 'CONFIG_CRYPTO_DEV_VIRTIO',
+                       'CONFIG_X86_PLATFORM_DEVICES']:
+            tmp = re.findall(f'{option}=(y|m)', config)
+            self.assertTrue(tmp)
+
+    def test_vmware_support(self):
+        """ The bond/lacp interface must be enabled in the OS Kernel """
+        for option in ['CONFIG_VMXNET3']:
+            tmp = re.findall(f'{option}=(y|m)', config)
+            self.assertTrue(tmp)
+
 if __name__ == '__main__':
     unittest.main()
 
-- 
cgit v1.2.3