diff options
| author | Ryan Zuwala <ryanzuwala@gmail.com> | 2025-04-29 00:53:53 -0400 |
|---|---|---|
| committer | Ryan Zuwala <ryanzuwala@gmail.com> | 2025-04-29 19:31:09 -0400 |
| commit | 43554efc27fcea6703b3b31674a38252434a0f2f (patch) | |
| tree | bb81daf3feb59d3c43846243dc3c1bd5418fca92 /smoketest/scripts/cli/test_nat66.py | |
| parent | e6909ffe8fc474e181e9b711f1b08974e152a0a7 (diff) | |
| download | vyos-1x-43554efc27fcea6703b3b31674a38252434a0f2f.tar.gz vyos-1x-43554efc27fcea6703b3b31674a38252434a0f2f.zip | |
nat66: T7051: add group config node
Add CLI config node for "group" when configuring NAT66 source
Ensure there is only one group in NAT66 source rule config
Add smoketest to cover new group usage in source NAT66 rules
Diffstat (limited to 'smoketest/scripts/cli/test_nat66.py')
| -rwxr-xr-x | smoketest/scripts/cli/test_nat66.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_nat66.py b/smoketest/scripts/cli/test_nat66.py index 52ad8e3ef..d4b5d6aa4 100755 --- a/smoketest/scripts/cli/test_nat66.py +++ b/smoketest/scripts/cli/test_nat66.py @@ -227,6 +227,35 @@ class TestNAT66(VyOSUnitTestSHIM.TestCase): self.verify_nftables(nftables_search, 'ip6 vyos_nat') + def test_source_nat66_network_group(self): + address_group = 'smoketest_addr' + address_group_member = 'fc00::1' + network_group = 'smoketest_net' + network_group_member = 'fc00::/64' + translation_prefix = 'fc01::/64' + + self.cli_set(['firewall', 'group', 'ipv6-address-group', address_group, 'address', address_group_member]) + self.cli_set(['firewall', 'group', 'ipv6-network-group', network_group, 'network', network_group_member]) + + self.cli_set(src_path + ['rule', '1', 'destination', 'group', 'address-group', address_group]) + self.cli_set(src_path + ['rule', '1', 'translation', 'address', translation_prefix]) + + self.cli_set(src_path + ['rule', '2', 'destination', 'group', 'network-group', network_group]) + self.cli_set(src_path + ['rule', '2', 'translation', 'address', translation_prefix]) + + self.cli_commit() + + nftables_search = [ + [f'set A6_{address_group}'], + [f'elements = {{ {address_group_member} }}'], + [f'set N6_{network_group}'], + [f'elements = {{ {network_group_member} }}'], + ['ip6 daddr', f'@A6_{address_group}', 'snat prefix to fc01::/64'], + ['ip6 daddr', f'@N6_{network_group}', 'snat prefix to fc01::/64'] + ] + + self.verify_nftables(nftables_search, 'ip6 vyos_nat') + def test_nat66_no_rules(self): # T3206: deleting all rules but keep the direction 'destination' or # 'source' resulteds in KeyError: 'rule'. |