diff options
author | Christian Breunig <christian@breunig.cc> | 2023-09-19 18:48:09 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-09-19 18:48:09 +0200 |
commit | e570044ff8a81cbcfc340df5c8a33763a6962af3 (patch) | |
tree | 1ba3123b08fdb08dfc45295091a461cc39046dc0 /smoketest/scripts/cli/test_firewall.py | |
parent | 38cab26959ded78a737db2272fe25106a2de47b0 (diff) | |
parent | 0984a36f6d6427bb6cb665002be3e67c4a72ff9d (diff) | |
download | vyos-1x-e570044ff8a81cbcfc340df5c8a33763a6962af3.tar.gz vyos-1x-e570044ff8a81cbcfc340df5c8a33763a6962af3.zip |
Merge pull request #2288 from sarthurdev/flowtable
firewall: T4502: Update to flowtable CLI
Diffstat (limited to 'smoketest/scripts/cli/test_firewall.py')
-rwxr-xr-x | smoketest/scripts/cli/test_firewall.py | 34 |
1 files changed, 28 insertions, 6 deletions
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py index 75d6e9bb1..72e04847a 100755 --- a/smoketest/scripts/cli/test_firewall.py +++ b/smoketest/scripts/cli/test_firewall.py @@ -603,17 +603,39 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): with open(path, 'r') as f: self.assertNotEqual(f.read().strip(), conf['default'], msg=path) - def test_flow_offload_software(self): - self.cli_set(['firewall', 'global-options', 'flow-offload', 'software', 'interface', 'eth0']) + def test_flow_offload(self): + self.cli_set(['firewall', 'flowtable', 'smoketest', 'interface', 'eth0']) + self.cli_set(['firewall', 'flowtable', 'smoketest', 'offload', 'hardware']) + + # QEMU virtual NIC does not support hw-tc-offload + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set(['firewall', 'flowtable', 'smoketest', 'offload', 'software']) + + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'action', 'offload']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'offload-target', 'smoketest']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp_udp']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'state', 'established', 'enable']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'state', 'related', 'enable']) + + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'action', 'offload']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'offload-target', 'smoketest']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp_udp']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'state', 'established', 'enable']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'state', 'related', 'enable']) + self.cli_commit() + nftables_search = [ - ['flowtable VYOS_FLOWTABLE_software'], - ['hook ingress priority filter - 1'], + ['flowtable VYOS_FLOWTABLE_smoketest'], + ['hook ingress priority filter'], ['devices = { eth0 }'], - ['flow add @VYOS_FLOWTABLE_software'], + ['ct state { established, related }', 'meta l4proto { tcp, udp }', 'flow add @VYOS_FLOWTABLE_smoketest'], ] - self.verify_nftables(nftables_search, 'inet vyos_offload') + self.verify_nftables(nftables_search, 'ip vyos_filter') + self.verify_nftables(nftables_search, 'ip6 vyos_filter') if __name__ == '__main__': unittest.main(verbosity=2) |