#!/usr/bin/env python3 # # Copyright (C) 2020-2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as # published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import vyos.template from vyos.utils.network import interface_exists from ipaddress import ip_network from unittest import TestCase import json import os class TestVyOSTemplate(TestCase): def setUp(self): pass def test_is_interface(self): for interface in ['lo', 'eth0']: if interface_exists(interface): self.assertTrue(vyos.template.is_interface(interface)) else: self.assertFalse(vyos.template.is_interface(interface)) self.assertFalse(vyos.template.is_interface('non-existent')) def test_is_ip(self): self.assertTrue(vyos.template.is_ip('192.0.2.1')) self.assertTrue(vyos.template.is_ip('2001:db8::1')) self.assertFalse(vyos.template.is_ip('VyOS')) def test_is_ipv4(self): self.assertTrue(vyos.template.is_ipv4('192.0.2.1')) self.assertTrue(vyos.template.is_ipv4('192.0.2.0/24')) self.assertTrue(vyos.template.is_ipv4('192.0.2.1/32')) self.assertFalse(vyos.template.is_ipv4('2001:db8::1')) self.assertFalse(vyos.template.is_ipv4('2001:db8::/64')) self.assertFalse(vyos.template.is_ipv4('VyOS')) def test_is_ipv6(self): self.assertTrue(vyos.template.is_ipv6('2001:db8::1')) self.assertTrue(vyos.template.is_ipv6('2001:db8::/64')) self.assertTrue(vyos.template.is_ipv6('2001:db8::1/64')) self.assertFalse(vyos.template.is_ipv6('192.0.2.1')) self.assertFalse(vyos.template.is_ipv6('192.0.2.0/24')) self.assertFalse(vyos.template.is_ipv6('192.0.2.1/32')) self.assertFalse(vyos.template.is_ipv6('VyOS')) def test_address_from_cidr(self): self.assertEqual(vyos.template.address_from_cidr('192.0.2.0/24'), '192.0.2.0') self.assertEqual(vyos.template.address_from_cidr('2001:db8::/48'), '2001:db8::') with self.assertRaises(ValueError): # ValueError: 192.0.2.1/24 has host bits set self.assertEqual(vyos.template.address_from_cidr('192.0.2.1/24'), '192.0.2.1') with self.assertRaises(ValueError): # ValueError: 2001:db8::1/48 has host bits set self.assertEqual(vyos.template.address_from_cidr('2001:db8::1/48'), '2001:db8::1') network_v4 = '192.0.2.0/26' self.assertEqual(vyos.template.address_from_cidr(network_v4), str(ip_network(network_v4).network_address)) def test_netmask_from_cidr(self): self.assertEqual(vyos.template.netmask_from_cidr('192.0.2.0/24'), '255.255.255.0') self.assertEqual(vyos.template.netmask_from_cidr('192.0.2.128/25'), '255.255.255.128') self.assertEqual(vyos.template.netmask_from_cidr('2001:db8::/48'), 'ffff:ffff:ffff::') with self.assertRaises(ValueError): # ValueError: 192.0.2.1/24 has host bits set self.assertEqual(vyos.template.netmask_from_cidr('192.0.2.1/24'), '255.255.255.0') with self.assertRaises(ValueError): # ValueError: 2001:db8:1:/64 has host bits set self.assertEqual(vyos.template.netmask_from_cidr('2001:db8:1:/64'), 'ffff:ffff:ffff:ffff::') network_v4 = '192.0.2.0/26' self.assertEqual(vyos.template.netmask_from_cidr(network_v4), str(ip_network(network_v4).netmask)) def test_first_host_address(self): self.assertEqual(vyos.template.first_host_address('10.0.0.0/24'), '10.0.0.1') self.assertEqual(vyos.template.first_host_address('10.0.0.10/24'), '10.0.0.1') self.assertEqual(vyos.template.first_host_address('10.0.0.255/24'), '10.0.0.1') self.assertEqual(vyos.template.first_host_address('10.0.0.128/25'), '10.0.0.129') self.assertEqual(vyos.template.first_host_address('2001:db8::/64'), '2001:db8::1') self.assertEqual(vyos.template.first_host_address('2001:db8::1000/64'), '2001:db8::1') self.assertEqual(vyos.template.first_host_address('2001:db8::ffff:ffff:ffff:ffff/64'), '2001:db8::1') def test_last_host_address(self): self.assertEqual(vyos.template.last_host_address('10.0.0.0/24'), '10.0.0.254') self.assertEqual(vyos.template.last_host_address('10.0.0.128/25'), '10.0.0.254') self.assertEqual(vyos.template.last_host_address('2001:db8::/64'), '2001:db8::ffff:ffff:ffff:ffff') def test_increment_ip(self): self.assertEqual(vyos.template.inc_ip('10.0.0.0/24', '2'), '10.0.0.2') self.assertEqual(vyos.template.inc_ip('10.0.0.0', '2'), '10.0.0.2') self.assertEqual(vyos.template.inc_ip('10.0.0.0', '10'), '10.0.0.10') self.assertEqual(vyos.template.inc_ip('2001:db8::/64', '2'), '2001:db8::2') self.assertEqual(vyos.template.inc_ip('2001:db8::', '10'), '2001:db8::a') def test_decrement_ip(self): self.assertEqual(vyos.template.dec_ip('10.0.0.100/24', '1'), '10.0.0.99') self.assertEqual(vyos.template.dec_ip('10.0.0.90', '10'), '10.0.0.80') self.assertEqual(vyos.template.dec_ip('2001:db8::b/64', '10'), '2001:db8::1') self.assertEqual(vyos.template.dec_ip('2001:db8::f', '5'), '2001:db8::a') def test_is_network(self): self.assertFalse(vyos.template.is_ip_network('192.0.2.0')) self.assertFalse(vyos.template.is_ip_network('192.0.2.1/24')) self.assertTrue(vyos.template.is_ip_network('192.0.2.0/24')) self.assertFalse(vyos.template.is_ip_network('2001:db8::')) self.assertFalse(vyos.template.is_ip_network('2001:db8::ffff')) self.assertTrue(vyos.template.is_ip_network('2001:db8::/48')) self.assertTrue(vyos.template.is_ip_network('2001:db8:1000::/64')) def test_is_network(self): self.assertTrue(vyos.template.compare_netmask('10.0.0.0/8', '20.0.0.0/8')) self.assertTrue(vyos.template.compare_netmask('10.0.0.0/16', '20.0.0.0/16')) self.assertFalse(vyos.template.compare_netmask('10.0.0.0/8', '20.0.0.0/16')) self.assertFalse(vyos.template.compare_netmask('10.0.0.1', '20.0.0.0/16')) self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/48')) self.assertTrue(vyos.template.compare_netmask('2001:db8:1000::/64', '2001:db8:2000::/64')) self.assertFalse(vyos.template.compare_netmask('2001:db8:1000::/48', '2001:db8:2000::/64')) def test_cipher_to_string(self): ESP_DEFAULT = 'aes256gcm128-sha256-ecp256,aes128ccm64-sha256-ecp256' IKEv2_DEFAULT = 'aes256gcm128-sha256-ecp256,aes128ccm128-md5_128-modp1024' data = { 'esp_group': { 'ESP_DEFAULT': { 'compression': 'disable', 'lifetime': '3600', 'mode': 'tunnel', 'pfs': 'dh-group19', 'proposal': { '10': { 'encryption': 'aes256gcm128', 'hash': 'sha256', }, '20': { 'encryption': 'aes128ccm64', 'hash': 'sha256', } } } }, 'ike_group': { 'IKEv2_DEFAULT': { 'close_action': 'none', 'dead_peer_detection': { 'action': 'hold', 'interval': '30', 'timeout': '120' }, 'ikev2_reauth': 'no', 'key_exchange': 'ikev2', 'lifetime': '10800', 'mobike': 'disable', 'proposal': { '10': { 'dh_group': '19', 'encryption': 'aes256gcm128', 'hash': 'sha256' }, '20': { 'dh_group': '2', 'encryption': 'aes128ccm128', 'hash': 'md5_128' }, } } }, } for group_name, group_config in data['esp_group'].items(): ciphers = vyos.template.get_esp_ike_cipher(group_config) self.assertIn(ESP_DEFAULT, ','.join(ciphers)) for group_name, group_config in data['ike_group'].items(): ciphers = vyos.template.get_esp_ike_cipher(group_config) self.assertIn(IKEv2_DEFAULT, ','.join(ciphers))