diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-15 12:48:48 +0100 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2022-01-17 12:28:12 +0100 |
| commit | 64668771d5f14fc4b68fff382d166238c164bdde (patch) | |
| tree | 8138b4ae97d8edaf0ddf227b20cabb5c28af57f2 /smoketest/scripts/cli/test_policy_route.py | |
| parent | df5a862beb84145dfc8434efde7d7fee783199cf (diff) | |
| download | vyos-1x-64668771d5f14fc4b68fff382d166238c164bdde.tar.gz vyos-1x-64668771d5f14fc4b68fff382d166238c164bdde.zip | |
firewall: policy: T4178: Migrate and refactor tcp flags
* Add support for ECN and CWR flags
Diffstat (limited to 'smoketest/scripts/cli/test_policy_route.py')
| -rwxr-xr-x | smoketest/scripts/cli/test_policy_route.py | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py index 4463a2255..9035f0832 100755 --- a/smoketest/scripts/cli/test_policy_route.py +++ b/smoketest/scripts/cli/test_policy_route.py @@ -63,8 +63,10 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): self.assertTrue(matched) def test_pbr_table(self): - self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'protocol', 'tcp_udp']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'protocol', 'tcp']) self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'destination', 'port', '8888']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'tcp', 'flags', 'syn']) + self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'tcp', 'flags', 'not', 'ack']) self.cli_set(['policy', 'route', 'smoketest', 'rule', '1', 'set', 'table', table_id]) self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'protocol', 'tcp_udp']) self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '1', 'destination', 'port', '8888']) @@ -81,7 +83,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase): nftables_search = [ ['iifname "eth0"', 'jump VYOS_PBR_smoketest'], - ['meta l4proto { tcp, udp }', 'th dport { 8888 }', 'meta mark set ' + mark_hex] + ['tcp flags & (syn | ack) == syn', 'tcp dport { 8888 }', 'meta mark set ' + mark_hex] ] nftables_output = cmd('sudo nft list table ip mangle') |