From 2ee8d0eef88acab60b42d0424c034414de47bddd Mon Sep 17 00:00:00 2001 From: sarthurdev <965089+sarthurdev@users.noreply.github.com> Date: Tue, 5 Sep 2023 14:51:16 +0200 Subject: interface: T5550: Interface source-validation priority over global value - Migrate IPv4 source-validation to nftables - Interface source-validation value takes priority, fallback to global value --- smoketest/scripts/cli/base_interfaces_test.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'smoketest') diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index 820024dc9..51ccbc9e6 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -834,8 +834,12 @@ class BasicInterfaceTest: self.assertEqual('1', tmp) if cli_defined(self._base_path + ['ip'], 'source-validation'): - tmp = read_file(f'{proc_base}/rp_filter') - self.assertEqual('2', tmp) + base_options = f'iifname "{interface}"' + out = cmd('sudo nft list chain ip raw vyos_rpfilter') + for line in out.splitlines(): + if line.startswith(base_options): + self.assertIn('fib saddr oif 0', line) + self.assertIn('drop', line) def test_interface_ipv6_options(self): if not self._test_ipv6: -- cgit v1.2.3