From 599c5405e7ff5b76aa774b8cc97a82fbc053d46c Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Thu, 30 Mar 2023 12:55:30 +0000
Subject: T5128: Policy Route: allow wildcard on interface

---
 smoketest/scripts/cli/test_policy_route.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'smoketest')

diff --git a/smoketest/scripts/cli/test_policy_route.py b/smoketest/scripts/cli/test_policy_route.py
index 4be36b134..a3df6bf4d 100755
--- a/smoketest/scripts/cli/test_policy_route.py
+++ b/smoketest/scripts/cli/test_policy_route.py
@@ -26,6 +26,7 @@ conn_mark_set = '111'
 table_mark_offset = 0x7fffffff
 table_id = '101'
 interface = 'eth0'
+interface_wc = 'ppp*'
 interface_ip = '172.16.10.1/24'
 
 class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
@@ -236,7 +237,8 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['policy', 'route6', 'smoketest6', 'rule', '5', 'set', 'table', table_id])
 
         self.cli_set(['policy', 'route', 'smoketest', 'interface', interface])
-        self.cli_set(['policy', 'route6', 'smoketest6', 'interface', interface])
+        self.cli_set(['policy', 'route', 'smoketest', 'interface', interface_wc])
+        self.cli_set(['policy', 'route6', 'smoketest6', 'interface', interface_wc])
 
         self.cli_commit()
 
@@ -244,7 +246,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
 
         # IPv4
         nftables_search = [
-            [f'iifname "{interface}"', 'jump VYOS_PBR_smoketest'],
+            ['iifname { "' + interface + '", "' + interface_wc + '" }', 'jump VYOS_PBR_smoketest'],
             ['meta l4proto udp', 'drop'],
             ['tcp flags syn / syn,ack', 'meta mark set ' + mark_hex],
             ['ct state new', 'tcp dport 22', 'ip saddr 198.51.100.0/24', 'ip ttl > 2', 'meta mark set ' + mark_hex],
@@ -256,7 +258,7 @@ class TestPolicyRoute(VyOSUnitTestSHIM.TestCase):
 
         # IPv6
         nftables6_search = [
-            [f'iifname "{interface}"', 'jump VYOS_PBR6_smoketest'],
+            [f'iifname "{interface_wc}"', 'jump VYOS_PBR6_smoketest'],
             ['meta l4proto udp', 'drop'],
             ['tcp flags syn / syn,ack', 'meta mark set ' + mark_hex],
             ['ct state new', 'tcp dport 22', 'ip6 saddr 2001:db8::/64', 'ip6 hoplimit > 2', 'meta mark set ' + mark_hex],
-- 
cgit v1.2.3


From c41af9698abaeb1dc656933570c14fc9d75c9ce5 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Fri, 31 Mar 2023 13:05:50 +0000
Subject: T5128: Add contraint for firewall interface. Also update smoketest to
 include at least one wildcarded interface

---
 interface-definitions/firewall.xml.in  | 3 +++
 smoketest/scripts/cli/test_firewall.py | 3 +++
 2 files changed, 6 insertions(+)

(limited to 'smoketest')

diff --git a/interface-definitions/firewall.xml.in b/interface-definitions/firewall.xml.in
index 624d61759..edbf1e03a 100644
--- a/interface-definitions/firewall.xml.in
+++ b/interface-definitions/firewall.xml.in
@@ -349,6 +349,9 @@
           <completionHelp>
             <script>${vyos_completion_dir}/list_interfaces</script>
           </completionHelp>
+          <constraint>
+            #include <include/constraint/interface-name-with-wildcard.xml.in>
+          </constraint>
         </properties>
         <children>
           <node name="in">
diff --git a/smoketest/scripts/cli/test_firewall.py b/smoketest/scripts/cli/test_firewall.py
index e071b7df9..99d3b3ca1 100755
--- a/smoketest/scripts/cli/test_firewall.py
+++ b/smoketest/scripts/cli/test_firewall.py
@@ -198,6 +198,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
     def test_ipv4_basic_rules(self):
         name = 'smoketest'
         interface = 'eth0'
+        interface_wc = 'l2tp*'
         mss_range = '501-1460'
         conn_mark = '555'
 
@@ -240,6 +241,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
         self.cli_set(['firewall', 'name', name, 'rule', '6', 'connection-mark', conn_mark])
 
         self.cli_set(['firewall', 'interface', interface, 'in', 'name', name])
+        self.cli_set(['firewall', 'interface', interface_wc, 'in', 'name', name])
 
         self.cli_commit()
 
@@ -247,6 +249,7 @@ class TestFirewall(VyOSUnitTestSHIM.TestCase):
 
         nftables_search = [
             [f'iifname "{interface}"', f'jump NAME_{name}'],
+            [f'iifname "{interface_wc}"', f'jump NAME_{name}'],
             ['saddr 172.16.20.10', 'daddr 172.16.10.10', 'log prefix "[smoketest-1-A]" log level debug', 'ip ttl 15', 'return'],
             ['tcp flags syn / syn,ack', 'tcp dport 8888', 'log prefix "[smoketest-2-R]" log level err', 'ip ttl > 102', 'reject'],
             ['tcp dport 22', 'limit rate 5/minute', 'return'],
-- 
cgit v1.2.3