summaryrefslogtreecommitdiff
path: root/smoketest/scripts
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2023-09-15 18:31:17 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2023-09-19 13:08:20 +0200
commit41133869c50cd691735a141722dbca72827191e5 (patch)
tree9bbb7a59bcf803688c6393eb5c19e4616121405b /smoketest/scripts
parent38cab26959ded78a737db2272fe25106a2de47b0 (diff)
downloadvyos-1x-41133869c50cd691735a141722dbca72827191e5.tar.gz
vyos-1x-41133869c50cd691735a141722dbca72827191e5.zip
firewall: T4502: Update to flowtable CLI
`set firewall flowtable <name> interface <ifname>` `set firewall flowtable <name> offload [software|hardware]` `set firewall [ipv4|ipv6] forward filter rule N action offload` `set firewall [ipv4|ipv6] forward filter rule N offload-target <name>`
Diffstat (limited to 'smoketest/scripts')
-rwxr-xr-xsmoketest/scripts/cli/test_firewall.py26
1 files changed, 21 insertions, 5 deletions
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index 75d6e9bb1..75fdec207 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -604,16 +604,32 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
self.assertNotEqual(f.read().strip(), conf['default'], msg=path)
def test_flow_offload_software(self):
- self.cli_set(['firewall', 'global-options', 'flow-offload', 'software', 'interface', 'eth0'])
+ self.cli_set(['firewall', 'flowtable', 'smoketest', 'interface', 'eth0'])
+ self.cli_set(['firewall', 'flowtable', 'smoketest', 'offload', 'software'])
+
+ self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'action', 'offload'])
+ self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'offload-target', 'smoketest'])
+ self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp_udp'])
+ self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'state', 'established', 'enable'])
+ self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'state', 'related', 'enable'])
+
+ self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'action', 'offload'])
+ self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'offload-target', 'smoketest'])
+ self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp_udp'])
+ self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'state', 'established', 'enable'])
+ self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'state', 'related', 'enable'])
+
self.cli_commit()
+
nftables_search = [
- ['flowtable VYOS_FLOWTABLE_software'],
- ['hook ingress priority filter - 1'],
+ ['flowtable VYOS_FLOWTABLE_smoketest'],
+ ['hook ingress priority filter'],
['devices = { eth0 }'],
- ['flow add @VYOS_FLOWTABLE_software'],
+ ['ct state { established, related }', 'meta l4proto { tcp, udp }', 'flow add @VYOS_FLOWTABLE_smoketest'],
]
- self.verify_nftables(nftables_search, 'inet vyos_offload')
+ self.verify_nftables(nftables_search, 'ip vyos_filter')
+ self.verify_nftables(nftables_search, 'ip6 vyos_filter')
if __name__ == '__main__':
unittest.main(verbosity=2)