You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ALL ICMP currently only allows icmpv4. Probably should break it into ALL ICMPv4 and ALL ICMPv6 respectively.
Address family mixing will get fairly complicated. For early going keeping address families separated might make the most sense even though there is some support by making the protocol families explicit. An example is permit that passes validation but bombs in the datapath is add rule inet nexodus nexodus-inbound meta nfproto ipv4 ip saddr 0200::/8 udp dport 123-456 iifname wg0 counter accept" failed: exit status 1. Some scenarios can handle both but some can't due to the user space tool api not capable of being agnostic 😵
The following isn't getting instantiated in the data path: [{"from_port":123,"ip_protocol":"ipv4","ip_ranges":["100.64.0.0/10"],"to_port":456}]. tcp works but ipv6 || ipv4 are missing. Add e2e with the fix.
Add three new e2e rule tests for all scenarios, starting with 1. [Protocol, *, *] 2. [Protocol, Port, ] 3. [Protocol, Port, IP_Ranges]. [, *, *] is already tested. Skip the actual connection attempts for now since it will get a bit redundant, just make sure a 422 isn't returned.
The text was updated successfully, but these errors were encountered:
Add SecGroup issues here please:
ALL ICMPcurrently only allows icmpv4. Probably should break it intoALL ICMPv4andALL ICMPv6respectively.add rule inet nexodus nexodus-inbound meta nfproto ipv4 ip saddr 0200::/8 udp dport 123-456 iifname wg0 counter accept" failed: exit status 1. Some scenarios can handle both but some can't due to the user space tool api not capable of being agnostic 😵[{"from_port":123,"ip_protocol":"ipv4","ip_ranges":["100.64.0.0/10"],"to_port":456}]. tcp works but ipv6 || ipv4 are missing. Add e2e with the fix.The text was updated successfully, but these errors were encountered: