diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-07-24 11:19:16 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-07-25 19:29:18 +0200 |
| commit | 33f998926fbbd4cd60567d61ffe2cff21fd9a110 (patch) | |
| tree | bf9cc96d752f83f6ce786fe65d9883da0d04d996 | |
| parent | 6d60f88fef6edeb06a0efe1974c662f75c40640f (diff) | |
| download | vyos-1x-33f998926fbbd4cd60567d61ffe2cff21fd9a110.tar.gz vyos-1x-33f998926fbbd4cd60567d61ffe2cff21fd9a110.zip | |
smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on deletionmergify/bp/sagitta/pr-3857
Now that interfaces are deleted from ct_iface_map during deletion it's time to
also add a smoketest ensuring there is no entry in the ct_iface_map once an
interface was deleted from the CLI.
(cherry picked from commit 1c42ee9d16dd49fff2cbde652bf24a38f364526c)
| -rw-r--r-- | python/vyos/utils/network.py | 28 | ||||
| -rw-r--r-- | smoketest/scripts/cli/base_interfaces_test.py | 10 |
2 files changed, 35 insertions, 3 deletions
diff --git a/python/vyos/utils/network.py b/python/vyos/utils/network.py index 8befe370f..55798651f 100644 --- a/python/vyos/utils/network.py +++ b/python/vyos/utils/network.py @@ -530,3 +530,31 @@ def get_vxlan_vni_filter(interface: str) -> list: os_configured_vnis.append(str(vniStart)) return os_configured_vnis + +def get_nft_vrf_zone_mapping() -> dict: + """ + Retrieve current nftables conntrack mapping list from Kernel + + returns: [{'interface': 'red', 'vrf_tableid': 1000}, + {'interface': 'eth2', 'vrf_tableid': 1000}, + {'interface': 'blue', 'vrf_tableid': 2000}] + """ + from json import loads + from jmespath import search + from vyos.utils.process import cmd + output = [] + tmp = loads(cmd('sudo nft -j list table inet vrf_zones')) + # {'nftables': [{'metainfo': {'json_schema_version': 1, + # 'release_name': 'Old Doc Yak #3', + # 'version': '1.0.9'}}, + # {'table': {'family': 'inet', 'handle': 6, 'name': 'vrf_zones'}}, + # {'map': {'elem': [['eth0', 666], + # ['dum0', 666], + # ['wg500', 666], + # ['bond10.666', 666]], + vrf_list = search('nftables[].map.elem | [0]', tmp) + if not vrf_list: + return output + for (vrf_name, vrf_id) in vrf_list: + output.append({'interface' : vrf_name, 'vrf_tableid' : vrf_id}) + return output diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py index 66b789e94..e7e29387f 100644 --- a/smoketest/scripts/cli/base_interfaces_test.py +++ b/smoketest/scripts/cli/base_interfaces_test.py @@ -15,7 +15,6 @@ from netifaces import AF_INET from netifaces import AF_INET6 from netifaces import ifaddresses -from netifaces import interfaces from base_vyostest_shim import VyOSUnitTestSHIM @@ -25,13 +24,15 @@ from vyos.ifconfig import Interface from vyos.ifconfig import Section from vyos.utils.file import read_file from vyos.utils.dict import dict_search +from vyos.utils.process import cmd from vyos.utils.process import process_named_running from vyos.utils.network import get_interface_config from vyos.utils.network import get_interface_vrf from vyos.utils.network import get_vrf_tableid -from vyos.utils.process import cmd +from vyos.utils.network import interface_exists from vyos.utils.network import is_intf_addr_assigned from vyos.utils.network import is_ipv6_link_local +from vyos.utils.network import get_nft_vrf_zone_mapping from vyos.xml_ref import cli_defined dhclient_base_dir = directories['isc_dhclient_dir'] @@ -117,8 +118,11 @@ class BasicInterfaceTest: self.cli_commit() # Verify that no previously interface remained on the system + ct_map = get_nft_vrf_zone_mapping() for intf in self._interfaces: - self.assertNotIn(intf, interfaces()) + self.assertFalse(interface_exists(intf)) + for map_entry in ct_map: + self.assertNotEqual(intf, map_entry['interface']) # No daemon started during tests should remain running for daemon in ['dhcp6c', 'dhclient']: |