osmo-upf

Commit Graph

Author	SHA1	Message	Date
Neels Hofmeyr	95ab35035a	nft: append 'accept' to each rule This 'accept' is not an optional addition, it should always be present. (Just saying because previous patch added a VTY command to configure additions to the rules, and this patch is orthogonal to that.) Related: OS#5810 Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825	2022-12-09 18:28:19 +01:00
Neels Hofmeyr	8525c49c5d	add cfg: tunmap / nft-rule append It can be useful to add 'meta nftrace set 1' to nftables rules to help analysis / site debugging. Add the possibility to do this by cfg. Instead of adding the fixed string of 'meta nftrace set 1', allow appending arbitrary strings to the nftables rules, to accomodate any other future tweaks that may be useful. Related: SYS#6192 Change-Id: Ia1fac67108902a48b43d8d1dc184ccf541fd9ba8	2022-12-09 18:28:19 +01:00
Neels Hofmeyr	0e66d699ed	vty: add: show nft-rule tunmap example Add VTY command to print out an nftables ruleset that osmo-upf produces, with arbitrary IP addrs / TEIDs inserted. This allows tracking in *.vty tests how the nftables rulesets are changed by patches. future: - Adding the 'tunmap' keyword to allow adding show commands for different uses of nftables. - Adding the 'example' keyword to allow adding show commands for actual tunmap IDs / PFCP session IDs / ... - Matches upcoming vty commands 'nft-rule tunmap append .NFT_RULE' 'no nft-rule tunmap append' 'show nft-rule tunmap append' Add new separate nft-rule.vty -- more to come here in upcoming patch. Change-Id: I9b57aa492c051e480c9bd819ae58f8f59a13af40	2022-12-09 18:28:19 +01:00

Author

SHA1

Message

Date

Neels Hofmeyr

95ab35035a

nft: append 'accept' to each rule

This 'accept' is not an optional addition, it should always be present.
(Just saying because previous patch added a VTY command to configure
additions to the rules, and this patch is orthogonal to that.)

Related: OS#5810
Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825

2022-12-09 18:28:19 +01:00

Neels Hofmeyr

8525c49c5d

add cfg: tunmap / nft-rule append

It can be useful to add 'meta nftrace set 1' to nftables rules to help
analysis / site debugging. Add the possibility to do this by cfg.

Instead of adding the fixed string of 'meta nftrace set 1', allow
appending arbitrary strings to the nftables rules, to accomodate any
other future tweaks that may be useful.

Related: SYS#6192
Change-Id: Ia1fac67108902a48b43d8d1dc184ccf541fd9ba8

2022-12-09 18:28:19 +01:00

Neels Hofmeyr

0e66d699ed

vty: add: show nft-rule tunmap example

Add VTY command to print out an nftables ruleset that osmo-upf produces,
with arbitrary IP addrs / TEIDs inserted. This allows tracking in *.vty
tests how the nftables rulesets are changed by patches.

future:
- Adding the 'tunmap' keyword to allow adding show commands for
  different uses of nftables.
- Adding the 'example' keyword to allow adding show commands for
  actual tunmap IDs / PFCP session IDs / ...
- Matches upcoming vty commands
  'nft-rule tunmap append .NFT_RULE'
  'no nft-rule tunmap append'
  'show nft-rule tunmap append'

Add new separate nft-rule.vty -- more to come here in upcoming patch.

Change-Id: I9b57aa492c051e480c9bd819ae58f8f59a13af40

2022-12-09 18:28:19 +01:00

3 Commits