diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-15 18:31:17 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-19 13:08:20 +0200 |
| commit | 41133869c50cd691735a141722dbca72827191e5 (patch) | |
| tree | 9bbb7a59bcf803688c6393eb5c19e4616121405b /smoketest | |
| parent | 38cab26959ded78a737db2272fe25106a2de47b0 (diff) | |
| download | vyos-1x-41133869c50cd691735a141722dbca72827191e5.tar.gz vyos-1x-41133869c50cd691735a141722dbca72827191e5.zip | |
firewall: T4502: Update to flowtable CLI
`set firewall flowtable <name> interface <ifname>`
`set firewall flowtable <name> offload [software|hardware]`
`set firewall [ipv4|ipv6] forward filter rule N action offload`
`set firewall [ipv4|ipv6] forward filter rule N offload-target <name>`
Diffstat (limited to 'smoketest')
| -rwxr-xr-x | smoketest/scripts/cli/test_firewall.py | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py index 75d6e9bb1..75fdec207 100755 --- a/smoketest/scripts/cli/test_firewall.py +++ b/smoketest/scripts/cli/test_firewall.py @@ -604,16 +604,32 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase): self.assertNotEqual(f.read().strip(), conf['default'], msg=path) def test_flow_offload_software(self): - self.cli_set(['firewall', 'global-options', 'flow-offload', 'software', 'interface', 'eth0']) + self.cli_set(['firewall', 'flowtable', 'smoketest', 'interface', 'eth0']) + self.cli_set(['firewall', 'flowtable', 'smoketest', 'offload', 'software']) + + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'action', 'offload']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'offload-target', 'smoketest']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp_udp']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'state', 'established', 'enable']) + self.cli_set(['firewall', 'ipv4', 'forward', 'filter', 'rule', '1', 'state', 'related', 'enable']) + + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'action', 'offload']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'offload-target', 'smoketest']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'protocol', 'tcp_udp']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'state', 'established', 'enable']) + self.cli_set(['firewall', 'ipv6', 'forward', 'filter', 'rule', '1', 'state', 'related', 'enable']) + self.cli_commit() + nftables_search = [ - ['flowtable VYOS_FLOWTABLE_software'], - ['hook ingress priority filter - 1'], + ['flowtable VYOS_FLOWTABLE_smoketest'], + ['hook ingress priority filter'], ['devices = { eth0 }'], - ['flow add @VYOS_FLOWTABLE_software'], + ['ct state { established, related }', 'meta l4proto { tcp, udp }', 'flow add @VYOS_FLOWTABLE_smoketest'], ] - self.verify_nftables(nftables_search, 'inet vyos_offload') + self.verify_nftables(nftables_search, 'ip vyos_filter') + self.verify_nftables(nftables_search, 'ip6 vyos_filter') if __name__ == '__main__': unittest.main(verbosity=2) |