diff options
Diffstat (limited to 'smoketest/scripts/cli/test_nat.py')
| -rwxr-xr-x | smoketest/scripts/cli/test_nat.py | 30 |
1 files changed, 12 insertions, 18 deletions
diff --git a/smoketest/scripts/cli/test_nat.py b/smoketest/scripts/cli/test_nat.py index 1e6435df8..43e374398 100755 --- a/smoketest/scripts/cli/test_nat.py +++ b/smoketest/scripts/cli/test_nat.py @@ -21,8 +21,6 @@ import unittest from base_vyostest_shim import VyOSUnitTestSHIM from vyos.configsession import ConfigSessionError -from vyos.utils.process import cmd -from vyos.utils.dict import dict_search base_path = ['nat'] src_path = base_path + ['source'] @@ -47,17 +45,6 @@ class TestNAT(VyOSUnitTestSHIM.TestCase): self.assertFalse(os.path.exists(nftables_nat_config)) self.assertFalse(os.path.exists(nftables_static_nat_conf)) - def verify_nftables(self, nftables_search, table, inverse=False, args=''): - nftables_output = cmd(f'sudo nft {args} list table {table}') - - for search in nftables_search: - matched = False - for line in nftables_output.split("\n"): - if all(item in line for item in search): - matched = True - break - self.assertTrue(not matched if inverse else matched, msg=search) - def wait_for_domain_resolver(self, table, set_name, element, max_wait=10): # Resolver no longer blocks commit, need to wait for daemon to populate set count = 0 @@ -100,21 +87,28 @@ class TestNAT(VyOSUnitTestSHIM.TestCase): address_group_member = '192.0.2.1' interface_group = 'smoketest_ifaces' interface_group_member = 'bond.99' - rule = '100' self.cli_set(['firewall', 'group', 'address-group', address_group, 'address', address_group_member]) self.cli_set(['firewall', 'group', 'interface-group', interface_group, 'interface', interface_group_member]) - self.cli_set(src_path + ['rule', rule, 'source', 'group', 'address-group', address_group]) - self.cli_set(src_path + ['rule', rule, 'outbound-interface', 'group', interface_group]) - self.cli_set(src_path + ['rule', rule, 'translation', 'address', 'masquerade']) + self.cli_set(src_path + ['rule', '100', 'source', 'group', 'address-group', address_group]) + self.cli_set(src_path + ['rule', '100', 'outbound-interface', 'group', interface_group]) + self.cli_set(src_path + ['rule', '100', 'translation', 'address', 'masquerade']) + + self.cli_set(src_path + ['rule', '110', 'source', 'group', 'address-group', address_group]) + self.cli_set(src_path + ['rule', '110', 'translation', 'address', '203.0.113.1']) + + self.cli_set(src_path + ['rule', '120', 'source', 'group', 'address-group', address_group]) + self.cli_set(src_path + ['rule', '120', 'translation', 'address', '203.0.113.111/32']) self.cli_commit() nftables_search = [ [f'set A_{address_group}'], [f'elements = {{ {address_group_member} }}'], - [f'ip saddr @A_{address_group}', f'oifname @I_{interface_group}', 'masquerade'] + [f'ip saddr @A_{address_group}', f'oifname @I_{interface_group}', 'masquerade'], + [f'ip saddr @A_{address_group}', 'snat to 203.0.113.1'], + [f'ip saddr @A_{address_group}', 'snat prefix to 203.0.113.111/32'] ] self.verify_nftables(nftables_search, 'ip vyos_nat') |