nft: append 'accept' to each rule

This 'accept' is not an optional addition, it should always be present. (Just saying because previous patch added a VTY command to configure additions to the rules, and this patch is orthogonal to that.) Related: OS#5810 Change-Id: I129133cc5d7180ce3761d5604d602d23a5ef9825
2025-10-23 08:12:03 +00:00 · 2022-12-06 14:28:32 +01:00
parent 8525c49c5d
commit 95ab35035a
2 changed files with 11 additions and 10 deletions
--- a/src/osmo-upf/upf_nft.c
+++ b/src/osmo-upf/upf_nft.c
@@ -162,6 +162,7 @@ static int tunmap_single_direction(char *buf, size_t buflen,
 			OSMO_STRBUF_PRINTF(sb, " %s", i->str);
 	}

+	OSMO_STRBUF_PRINTF(sb, " accept");
 	OSMO_STRBUF_PRINTF(sb, ";\n");

 	return sb.chars_needed;
--- a/tests/nft-rule.vty
+++ b/tests/nft-rule.vty
@@ -6,16 +6,16 @@ OsmoUPF(config-tunmap)# show nft-rule tunmap append
 no nft-rule tunmap append
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter accept;

 OsmoUPF(config-tunmap)# nft-rule tunmap append meta nftrace set 1
 OsmoUPF(config-tunmap)# show nft-rule tunmap append
 nft-rule tunmap append meta nftrace set 1
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 accept;

 OsmoUPF(config-tunmap)# nft-rule tunmap append foo
 OsmoUPF(config-tunmap)# show nft-rule tunmap append
@@ -23,8 +23,8 @@ OsmoUPF(config-tunmap)# show nft-rule tunmap append
 nft-rule tunmap append foo
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo accept;

 OsmoUPF(config-tunmap)# nft-rule tunmap append bar
 OsmoUPF(config-tunmap)# show nft-rule tunmap append
@@ -33,8 +33,8 @@ OsmoUPF(config-tunmap)# show nft-rule tunmap append
 nft-rule tunmap append bar
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo bar;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo bar;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter meta nftrace set 1 foo bar accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter meta nftrace set 1 foo bar accept;

 OsmoUPF(config-tunmap)# show running-config
 ...
@@ -50,5 +50,5 @@ OsmoUPF(config-tunmap)# show nft-rule tunmap append
 no nft-rule tunmap append
 OsmoUPF(config-tunmap)# show nft-rule tunmap example
 add chain inet osmo-upf tunmap123 { type filter hook prerouting priority -300; }
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter;
-add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.1 @ih,32,32 0x00000201 ip saddr set 2.2.2.3 ip daddr set 3.3.3.3 @ih,32,32 set 0x00000302 counter accept;
+add rule inet osmo-upf tunmap123 meta l4proto udp ip daddr 2.2.2.3 @ih,32,32 0x00000203 ip saddr set 2.2.2.1 ip daddr set 1.1.1.1 @ih,32,32 set 0x00000102 counter accept;