T5779: conntrack: Apply fixes to <set system conntrack timeout custom>. Remove what was not working on 1.3, migrate what was working to new syntax and extend feature for ipv6.

1 files changed, 7 insertions, 0 deletions

diff --git a/src/conf_mode/conntrack.py b/src/conf_mode/conntrack.py
index 4cece6921..7f6c71440 100755
--- a/src/conf_mode/conntrack.py
+++ b/src/conf_mode/conntrack.py
@@ -159,6 +159,13 @@ def verify(conntrack):
                                     if not group_obj:
                                         Warning(f'{error_group} "{group_name}" has no members!')
 
+        if dict_search_args(conntrack, 'timeout', 'custom', inet, 'rule') != None:
+            for rule, rule_config in conntrack['timeout']['custom'][inet]['rule'].items():
+                if 'protocol' not in rule_config:
+                    raise ConfigError(f'Conntrack custom timeout rule {rule} requires protocol tcp or udp')
+                else:
+                    if 'tcp' in rule_config['protocol'] and 'udp' in rule_config['protocol']:
+                        raise ConfigError(f'conntrack custom timeout rule {rule} - Cant use both tcp and udp protocol')
     return None
 
 def generate(conntrack):