Page MenuHomeVyOS Platform
Create Task
Maniphest T4219

support incoming-interface (iif) in local PBR
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Support the ip rule add iif xx directive.

From the manpage:

iif NAME
       select the incoming device to match. If the interface is loopback, the rule
       only matches packets originating from this host. This means that you may create
       separate routing tables for forwarded and local packets and, hence, completely
       segregate them.

Details

Version
-
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects

Event Timeline

hensur created this task.Jan 29 2022, 12:39 PM
hensur claimed this task.
hensur edited a custom field.
hensur added a comment.Jan 29 2022, 12:51 PM

PR: https://github.com/vyos/vyos-1x/pull/1196

Restricted Repository Identity mentioned this in rVYOSONEXb3066e73ff48: Merge pull request #1196 from hensur/current-ipv6-local-route-iif.Jan 31 2022, 6:27 PM
hensur mentioned this in rVYOSONEXc6c562eca6ff: policy: T4219: add local-route(6) incoming-interface.Jan 31 2022, 6:27 PM
Viacheslav changed the task status from Open to Needs testing.Feb 8 2022, 11:06 AM
pasik subscribed.Feb 8 2022, 1:03 PM
Restricted Repository Identity mentioned this in rVYOSONEX6066cef0a75e: Merge pull request #1219 from hensur/equuleus-ipv6-local-route.Feb 19 2022, 5:07 PM
hensur mentioned this in rVYOSONEX72d7152f794c: backport: policy: T4219: add local-route(6) incoming-interface.Feb 19 2022, 5:07 PM
c-po mentioned this in rVYOSONEXe22b8a31536e: Revert "backport: policy: T4219: add local-route(6) incoming-interface".Feb 22 2022, 6:54 AM
Restricted Repository Identity mentioned this in rVYOSONEX2ccd2fffdc34: Merge pull request #1235 from hensur/equuleus-ipv6-local-route.Mar 23 2022, 9:18 AM
hensur mentioned this in rVYOSONEX7c50d232857a: backport: policy: T4219: add local-route(6) incoming-interface.Mar 23 2022, 9:18 AM
c-po subscribed.Mar 24 2022, 5:26 PM

Testcase still fails on VyOS 1.3

cpo@LR2.wue3:~$ /usr/libexec/vyos/tests/smoke/cli/test_policy.py
test_access_list (__main__.TestPolicy) ... ok
test_access_list6 (__main__.TestPolicy) ... ok
test_as_path_list (__main__.TestPolicy) ... ok
test_community_list (__main__.TestPolicy) ... ok
test_delete_ipv4_ipv6_table_id (__main__.TestPolicy) ... FAIL

======================================================================
FAIL: test_delete_ipv4_ipv6_table_id (__main__.TestPolicy)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/libexec/vyos/tests/smoke/cli/test_policy.py", line 996, in test_delete_ipv4_ipv6_table_id
    self.assertEqual(sort_ip(tmp), [])
AssertionError: Lists differ: ['103: from 203.0.113.0/24 to 203.0.112.0/[85 chars]150'] != []

First list contains 2 additional elements.
First extra element 0:
'103: from 203.0.113.0/24 to 203.0.112.0/24 fwmark 0x17 lookup 150'

+ []
- ['103: from 203.0.113.0/24 to 203.0.112.0/24 fwmark 0x17 lookup 150',
-  '103: from 203.0.114.5 to 203.0.116.5 fwmark 0x17 lookup 150']

----------------------------------------------------------------------
Ran 5 tests in 62.004s

FAILED (failures=1)

Can you please check it out?

Restricted Repository Identity mentioned this in rVYOSONEX45a2a7d0adc7: Revert "backport: T4515: T4219: policy local-route6 and inbound-interface….Mar 28 2022, 4:49 PM
Restricted Repository Identity mentioned this in rVYOSONEX43a3300afed5: Merge pull request #1255 from vyos/revert-1235-equuleus-ipv6-local-route.Mar 28 2022, 4:53 PM
Restricted Repository Identity mentioned this in rVYOSONEX04c6326d31a3: Merge pull request #1259 from hensur/equuleus-ipv6-local-route.Dec 17 2022, 10:00 AM
hensur mentioned this in rVYOSONEXb832ab05d168: Revert "Revert "backport: T4515: T4219: policy local-route6 and inbound….Dec 17 2022, 10:01 AM
Viacheslav closed this task as Resolved.Feb 28 2023, 4:57 PM
Viacheslav added a project: VyOS 1.3 Equuleus (1.3.3).
Viacheslav moved this task from Open to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.
dmbaturin mentioned this in 1.3.3.May 19 2023, 1:04 PM