smoketest: T6592: verify no interface stalls in conntrack ct_iface_map on deletionmergify/bp/sagitta/pr-3857

Now that interfaces are deleted from ct_iface_map during deletion it's time to
also add a smoketest ensuring there is no entry in the ct_iface_map once an
interface was deleted from the CLI.

(cherry picked from commit 1c42ee9d16dd49fff2cbde652bf24a38f364526c)

1 files changed, 28 insertions, 0 deletions

diff --git a/python/vyos/utils/network.py b/python/vyos/utils/network.py
index 8befe370f..55798651f 100644
--- a/python/vyos/utils/network.py
+++ b/python/vyos/utils/network.py
@@ -530,3 +530,31 @@ def get_vxlan_vni_filter(interface: str) -> list:
             os_configured_vnis.append(str(vniStart))
 
     return os_configured_vnis
+
+def get_nft_vrf_zone_mapping() -> dict:
+    """
+    Retrieve current nftables conntrack mapping list from Kernel
+
+    returns: [{'interface': 'red', 'vrf_tableid': 1000},
+              {'interface': 'eth2', 'vrf_tableid': 1000},
+              {'interface': 'blue', 'vrf_tableid': 2000}]
+    """
+    from json import loads
+    from jmespath import search
+    from vyos.utils.process import cmd
+    output = []
+    tmp = loads(cmd('sudo nft -j list table inet vrf_zones'))
+    # {'nftables': [{'metainfo': {'json_schema_version': 1,
+    #                     'release_name': 'Old Doc Yak #3',
+    #                     'version': '1.0.9'}},
+    #       {'table': {'family': 'inet', 'handle': 6, 'name': 'vrf_zones'}},
+    #       {'map': {'elem': [['eth0', 666],
+    #                         ['dum0', 666],
+    #                         ['wg500', 666],
+    #                         ['bond10.666', 666]],
+    vrf_list = search('nftables[].map.elem | [0]', tmp)
+    if not vrf_list:
+        return output
+    for (vrf_name, vrf_id) in vrf_list:
+        output.append({'interface' : vrf_name, 'vrf_tableid' : vrf_id})
+    return output