conntrack: T5217: Add tcp flag matching to `system conntrack ignore`

- Moves MSS node out of `tcp-flags.xml.i` and into `tcp-mss.xml.i` - Update smoketest to verify TCP flag matching
author: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2023-09-18 20:24:22 +0200
committer: sarthurdev <965089+sarthurdev@users.noreply.github.com> 2023-09-18 20:26:51 +0200
commit: fb3ef9af5e394aa25692003fb3c185bfedefe3cb (patch)
tree: 377a5dd42a9bc0b4c1ee4c3e0670c1cf733f3731 /python
parent: 4c9c2e372aa57aba298915d5d2702ebaf0b7db91 (diff)
download: vyos-1x-fb3ef9af5e394aa25692003fb3c185bfedefe3cb.tar.gz
vyos-1x-fb3ef9af5e394aa25692003fb3c185bfedefe3cb.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/python/vyos/template.py b/python/vyos/template.py
index add4d3ce5..3be486cc4 100644
--- a/python/vyos/template.py
+++ b/python/vyos/template.py
@@ -678,6 +678,11 @@ def conntrack_ignore_rule(rule_conf, rule_id, ipv6=False):
         proto = rule_conf['protocol']
         output.append(f'meta l4proto {proto}')
 
+    tcp_flags = dict_search_args(rule_conf, 'tcp', 'flags')
+    if tcp_flags:
+        from vyos.firewall import parse_tcp_flags
+        output.append(parse_tcp_flags(tcp_flags))
+
     for side in ['source', 'destination']:
         if side in rule_conf:
             side_conf = rule_conf[side]
author	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2023-09-18 20:24:22 +0200
committer	sarthurdev <965089+sarthurdev@users.noreply.github.com>	2023-09-18 20:26:51 +0200
commit	fb3ef9af5e394aa25692003fb3c185bfedefe3cb (patch)
tree	377a5dd42a9bc0b4c1ee4c3e0670c1cf733f3731 /python
parent	4c9c2e372aa57aba298915d5d2702ebaf0b7db91 (diff)
download	vyos-1x-fb3ef9af5e394aa25692003fb3c185bfedefe3cb.tar.gz vyos-1x-fb3ef9af5e394aa25692003fb3c185bfedefe3cb.zip