Change in osmo-upf[master]: nft: append 'accept' to each rule

8 Dec 2022

neels has uploaded this change for review. ( https://gerrit.osmocom.org/c/osmo-upf/+/30501
)


Change subject: nft: append 'accept' to each rule
......................................................................

nft: append 'accept' to each rule

This 'accept' is not an optional addition, it should always be present.
(Just saying because previous patch added a VTY command to configure
additions to the rules, and this patch is orthogonal to that.)

Related: OS#5810
Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825
---
M src/osmo-upf/upf_nft.c
M tests/nft-rule.vty
2 files changed, 11 insertions(+), 10 deletions(-)



  git pull ssh://gerrit.osmocom.org:29418/osmo-upf refs/changes/01/30501/1

diff --git a/src/osmo-upf/upf_nft.c b/src/osmo-upf/upf_nft.c
index bf5d2c7..54ba32f 100644
--- a/src/osmo-upf/upf_nft.c
+++ b/src/osmo-upf/upf_nft.c
@@ -162,6 +162,7 @@
 			OSMO_STRBUF_PRINTF(sb, " %s", i->str);
 	}
 
+	OSMO_STRBUF_PRINTF(sb, " accept");
 	OSMO_STRBUF_PRINTF(sb, ";\n");
 
 	return sb.chars_needed;
diff --git a/tests/nft-rule.vty b/tests/nft-rule.vty
index 7e8952b..c52ef0e 100644
--- a/tests/nft-rule.vty
+++ b/tests/nft-rule.vty
@@ -6,16 +6,16 @@
  no nft-rule tunmap append
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter accept;
 
 OsmoUPF(config-tunmap)# nft-rule tunmap append meta nftrace set 1
 OsmoUPF(config-tunmap)# show nft-rule tunmap append
  nft-rule tunmap append meta nftrace set 1
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace
set 1;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace
set 1;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace
set 1 accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace
set 1 accept;
 
 OsmoUPF(config-tunmap)# nft-rule tunmap append foo
 OsmoUPF(config-tunmap)# show nft-rule tunmap append
@@ -23,8 +23,8 @@
  nft-rule tunmap append foo
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace
set 1 foo;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace
set 1 foo;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace
set 1 foo accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace
set 1 foo accept;
 
 OsmoUPF(config-tunmap)# nft-rule tunmap append bar
 OsmoUPF(config-tunmap)# show nft-rule tunmap append
@@ -33,8 +33,8 @@
  nft-rule tunmap append bar
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace
set 1 foo bar;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace
set 1 foo bar;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace
set 1 foo bar accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace
set 1 foo bar accept;
 
 OsmoUPF(config-tunmap)# show running-config
 ...
@@ -50,5 +50,5 @@
  no nft-rule tunmap append
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201
ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203
ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter accept;

-- 
To view, visit https://gerrit.osmocom.org/c/osmo-upf/+/30501
To unsubscribe, or for help writing mail filters, visit
https://gerrit.osmocom.org/settings

Gerrit-Project: osmo-upf
Gerrit-Branch: master
Gerrit-Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825
Gerrit-Change-Number: 30501
Gerrit-PatchSet: 1
Gerrit-Owner: neels &lt;nhofmeyr(a)sysmocom.de&gt;
Gerrit-MessageType: newchange



    

2025

2024

2023

2022

Change in osmo-upf[master]: nft: append 'accept' to each rule