From bbfe6b54b58b68768f6427496d8ac3c1ef38da93 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Mon, 27 Feb 2023 20:11:35 +0000
Subject: T5037: Firewall: Add queue action and options to firewall

---
 src/conf_mode/firewall.py | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src')

diff --git a/src/conf_mode/firewall.py b/src/conf_mode/firewall.py
index 20cf1ead1..b63ed4eb9 100755
--- a/src/conf_mode/firewall.py
+++ b/src/conf_mode/firewall.py
@@ -197,6 +197,15 @@ def verify_rule(firewall, rule_conf, ipv6):
             if target not in dict_search_args(firewall, 'ipv6_name'):
                 raise ConfigError(f'Invalid jump-target. Firewall ipv6-name {target} does not exist on the system')
 
+    if 'queue_options' in rule_conf:
+        if 'queue' not in rule_conf['action']:
+            raise ConfigError('queue-options defined, but action queue needed and it is not defined')
+        if 'fanout' in rule_conf['queue_options'] and ('queue' not in rule_conf or '-' not in rule_conf['queue']):
+            raise ConfigError('queue-options fanout defined, then queue needs to be defined as a range')
+
+    if 'queue' in rule_conf and 'queue' not in rule_conf['action']:
+        raise ConfigError('queue defined, but action queue needed and it is not defined')
+
     if 'fragment' in rule_conf:
         if {'match_frag', 'match_non_frag'} <= set(rule_conf['fragment']):
             raise ConfigError('Cannot specify both "match-frag" and "match-non-frag"')
-- 
cgit v1.2.3