From 24a1a70596fafdd35d88506159e6cb9cd94e7a66 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Tue, 5 Dec 2023 10:36:14 +0000
Subject: T5779: conntrack: Apply fixes to <set system conntrack timeout
 custom>. Remove what was not working on 1.3, migrate what was working to new
 syntax and extend feature for ipv6.

---
 src/conf_mode/conntrack.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/conf_mode/conntrack.py')

diff --git a/src/conf_mode/conntrack.py b/src/conf_mode/conntrack.py
index 4cece6921..7f6c71440 100755
--- a/src/conf_mode/conntrack.py
+++ b/src/conf_mode/conntrack.py
@@ -159,6 +159,13 @@ def verify(conntrack):
                                     if not group_obj:
                                         Warning(f'{error_group} "{group_name}" has no members!')
 
+        if dict_search_args(conntrack, 'timeout', 'custom', inet, 'rule') != None:
+            for rule, rule_config in conntrack['timeout']['custom'][inet]['rule'].items():
+                if 'protocol' not in rule_config:
+                    raise ConfigError(f'Conntrack custom timeout rule {rule} requires protocol tcp or udp')
+                else:
+                    if 'tcp' in rule_config['protocol'] and 'udp' in rule_config['protocol']:
+                        raise ConfigError(f'conntrack custom timeout rule {rule} - Cant use both tcp and udp protocol')
     return None
 
 def generate(conntrack):
-- 
cgit v1.2.3