summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
authorsarthurdev <965089+sarthurdev@users.noreply.github.com>2023-09-18 20:24:22 +0200
committersarthurdev <965089+sarthurdev@users.noreply.github.com>2023-09-18 20:26:51 +0200
commitfb3ef9af5e394aa25692003fb3c185bfedefe3cb (patch)
tree377a5dd42a9bc0b4c1ee4c3e0670c1cf733f3731 /smoketest
parent4c9c2e372aa57aba298915d5d2702ebaf0b7db91 (diff)
downloadvyos-1x-fb3ef9af5e394aa25692003fb3c185bfedefe3cb.tar.gz
vyos-1x-fb3ef9af5e394aa25692003fb3c185bfedefe3cb.zip
conntrack: T5217: Add tcp flag matching to `system conntrack ignore`
- Moves MSS node out of `tcp-flags.xml.i` and into `tcp-mss.xml.i` - Update smoketest to verify TCP flag matching
Diffstat (limited to 'smoketest')
-rwxr-xr-xsmoketest/scripts/cli/test_system_conntrack.py3
1 files changed, 2 insertions, 1 deletions
diff --git a/smoketest/scripts/cli/test_system_conntrack.py b/smoketest/scripts/cli/test_system_conntrack.py
index e0de5da93..c9f184558 100755
--- a/smoketest/scripts/cli/test_system_conntrack.py
+++ b/smoketest/scripts/cli/test_system_conntrack.py
@@ -256,6 +256,7 @@ class TestSystemConntrack(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '1', 'destination', 'address', '192.0.2.2'])
self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '1', 'destination', 'port', '22'])
self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '1', 'protocol', 'tcp'])
+ self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '1', 'tcp', 'flags', 'syn'])
self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '2', 'source', 'address', '192.0.2.1'])
self.cli_set(base_path + ['ignore', 'ipv4', 'rule', '2', 'destination', 'group', 'address-group', address_group])
@@ -274,7 +275,7 @@ class TestSystemConntrack(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
nftables_search = [
- ['ip saddr 192.0.2.1', 'ip daddr 192.0.2.2', 'tcp dport 22', 'notrack'],
+ ['ip saddr 192.0.2.1', 'ip daddr 192.0.2.2', 'tcp dport 22', 'tcp flags & syn == syn', 'notrack'],
['ip saddr 192.0.2.1', 'ip daddr @A_conntracktest', 'notrack']
]