From b6f742716da5f89c7f3f3501220e0f3ae1df45d8 Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Fri, 25 Aug 2023 13:54:47 +0200
Subject: interface: T3509: Add per-interface IPv6 source validation
---
smoketest/scripts/cli/base_interfaces_test.py | 12 ++++++++++++
1 file changed, 12 insertions(+)
(limited to 'smoketest/scripts')
diff --git a/smoketest/scripts/cli/base_interfaces_test.py b/smoketest/scripts/cli/base_interfaces_test.py
index b5b65e253..820024dc9 100644
--- a/smoketest/scripts/cli/base_interfaces_test.py
+++ b/smoketest/scripts/cli/base_interfaces_test.py
@@ -844,6 +844,7 @@ class BasicInterfaceTest:
mss = '1400'
dad_transmits = '10'
accept_dad = '0'
+ source_validation = 'strict'
for interface in self._interfaces:
path = self._base_path + [interface]
@@ -863,6 +864,9 @@ class BasicInterfaceTest:
if cli_defined(self._base_path + ['ipv6'], 'disable-forwarding'):
self.cli_set(path + ['ipv6', 'disable-forwarding'])
+ if cli_defined(self._base_path + ['ipv6'], 'source-validation'):
+ self.cli_set(path + ['ipv6', 'source-validation', source_validation])
+
self.cli_commit()
for interface in self._interfaces:
@@ -886,6 +890,14 @@ class BasicInterfaceTest:
tmp = read_file(f'{proc_base}/forwarding')
self.assertEqual('0', tmp)
+ if cli_defined(self._base_path + ['ipv6'], 'source-validation'):
+ base_options = f'iifname "{interface}"'
+ out = cmd('sudo nft list chain ip6 raw vyos_rpfilter')
+ for line in out.splitlines():
+ if line.startswith(base_options):
+ self.assertIn('fib saddr . iif oif 0', line)
+ self.assertIn('drop', line)
+
def test_dhcpv6_client_options(self):
if not self._test_ipv6_dhcpc6:
self.skipTest('not supported')
--
cgit v1.2.3