diff options
| author | Daniil Baturin <daniil@vyos.io> | 2023-11-22 00:09:33 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-22 00:09:33 +0000 |
| commit | c87edc8f1f61dda36ece893dc523fa73e69307df (patch) | |
| tree | 9048cc2d1cfcc6cfc76e3154bd9bf427dc69264c /smoketest/scripts | |
| parent | d1750790419d9db3e4d71974005190752c7928e0 (diff) | |
| parent | 4e8839b6d78c7629cd2c1daee0438472c96365a4 (diff) | |
| download | vyos-1x-c87edc8f1f61dda36ece893dc523fa73e69307df.tar.gz vyos-1x-c87edc8f1f61dda36ece893dc523fa73e69307df.zip | |
Merge pull request #2517 from nicolas-fort/T5419-FT-Sagitta
T5419: firewall: backport firewall flowtable to Sagitta.
Diffstat (limited to 'smoketest/scripts')
| -rwxr-xr-x | smoketest/scripts/cli/test_firewall.py | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py index e6c928ad7..18940c04d 100755 --- a/smoketest/scripts/cli/test_firewall.py +++ b/smoketest/scripts/cli/test_firewall.py @@ -653,5 +653,43 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): break self.assertTrue(matched) + def test_flow_offload(self): + self.cli_set(['firewall', 'flowtable', 'smoketest', 'interface', 'eth0']) + self.cli_set(['firewall', 'flowtable', 'smoketest', 'offload', 'hardware']) + + # QEMU virtual NIC does not support hw-tc-offload + with self.assertRaises(ConfigSessionError): + self.cli_commit() + + self.cli_set(['firewall', 'flowtable', 'smoketest', 'offload', 'software']) + + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'action', 'offload']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'offload-target', 'smoketest']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp_udp']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'state', 'established']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'state', 'related']) + + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'action', 'offload']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'offload-target', 'smoketest']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp_udp']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'state', 'established']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'state', 'related']) + + self.cli_commit() + + nftables_search = [ + ['flowtable VYOS_FLOWTABLE_smoketest'], + ['hook ingress priority filter'], + ['devices = { eth0 }'], + ['ct state { established, related }', 'meta l4proto { tcp, udp }', 'flow add @VYOS_FLOWTABLE_smoketest'], + ] + + self.verify_nftables(nftables_search, 'ip vyos_filter') + self.verify_nftables(nftables_search, 'ip6 vyos_filter') + + # Check conntrack + #self.verify_nftables_chain([['accept']], 'ip vyos_conntrack', 'FW_CONNTRACK') + #self.verify_nftables_chain([['accept']], 'ip6 vyos_conntrack', 'FW_CONNTRACK') + if __name__ == '__main__': unittest.main(verbosity=2) |