Page MenuHomeVyOS Platform

support incoming-interface (iif) in local PBR
Closed, ResolvedPublicFEATURE REQUEST

Description

Support the ip rule add iif xx directive.

From the manpage:

iif NAME
       select the incoming device to match. If the interface is loopback, the rule
       only matches packets originating from this host. This means that you may create
       separate routing tables for forwarded and local packets and, hence, completely
       segregate them.

Details

Difficulty level
Normal (likely a few hours)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects

Mentioned In
1.3.3

Event Timeline

hensur created this task.
hensur changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).
Viacheslav changed the task status from Open to Needs testing.Feb 8 2022, 11:06 AM

Testcase still fails on VyOS 1.3

[email protected]:~$ /usr/libexec/vyos/tests/smoke/cli/test_policy.py
test_access_list (__main__.TestPolicy) ... ok
test_access_list6 (__main__.TestPolicy) ... ok
test_as_path_list (__main__.TestPolicy) ... ok
test_community_list (__main__.TestPolicy) ... ok
test_delete_ipv4_ipv6_table_id (__main__.TestPolicy) ... FAIL

======================================================================
FAIL: test_delete_ipv4_ipv6_table_id (__main__.TestPolicy)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/libexec/vyos/tests/smoke/cli/test_policy.py", line 996, in test_delete_ipv4_ipv6_table_id
    self.assertEqual(sort_ip(tmp), [])
AssertionError: Lists differ: ['103: from 203.0.113.0/24 to 203.0.112.0/[85 chars]150'] != []

First list contains 2 additional elements.
First extra element 0:
'103: from 203.0.113.0/24 to 203.0.112.0/24 fwmark 0x17 lookup 150'

+ []
- ['103: from 203.0.113.0/24 to 203.0.112.0/24 fwmark 0x17 lookup 150',
-  '103: from 203.0.114.5 to 203.0.116.5 fwmark 0x17 lookup 150']

----------------------------------------------------------------------
Ran 5 tests in 62.004s

FAILED (failures=1)

Can you please check it out?

Viacheslav moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
Viacheslav moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.3) board.