diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-02-27 21:38:24 +0100 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2024-02-27 22:35:11 +0100 |
| commit | 6f7d1e15665655e37e8ca830e28d9650445c1217 (patch) | |
| tree | 726b651ce6862075052515ff9c0b994c9783d44b /smoketest | |
| parent | bc9ccaeda54279022b73a806fa8aa77c523fbecc (diff) | |
| download | vyos-1x-6f7d1e15665655e37e8ca830e28d9650445c1217.tar.gz vyos-1x-6f7d1e15665655e37e8ca830e28d9650445c1217.zip | |
vrf: conntrack: T6073: Populate VRF zoning chains only while conntrack is required
Diffstat (limited to 'smoketest')
| -rwxr-xr-x | smoketest/scripts/cli/test_vrf.py | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py index 438387f2d..c96b8e374 100755 --- a/smoketest/scripts/cli/test_vrf.py +++ b/smoketest/scripts/cli/test_vrf.py @@ -529,5 +529,28 @@ class VRFTest(VyOSUnitTestSHIM.TestCase): self.assertNotIn(f' no ip nht resolve-via-default', frrconfig) self.assertNotIn(f' no ipv6 nht resolve-via-default', frrconfig) + def test_vrf_conntrack(self): + table = '1000' + nftables_rules = { + 'vrf_zones_ct_in': ['ct original zone set iifname map @ct_iface_map'], + 'vrf_zones_ct_out': ['ct original zone set oifname map @ct_iface_map'] + } + + self.cli_set(base_path + ['name', 'blue', 'table', table]) + self.cli_commit() + + # Conntrack rules should not be present + for chain, rule in nftables_rules.items(): + self.verify_nftables_chain(rule, 'inet vrf_zones', chain, inverse=True) + + self.cli_set(['nat']) + self.cli_commit() + + # Conntrack rules should now be present + for chain, rule in nftables_rules.items(): + self.verify_nftables_chain(rule, 'inet vrf_zones', chain, inverse=False) + + self.cli_delete(['nat']) + if __name__ == '__main__': unittest.main(verbosity=2) |