New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(pipelined): blocking of local ipv6 addresses is supported #12339
Conversation
Thanks for opening a PR! 💯
Howto
More infoPlease take a moment to read through the Magma project's
If this is your first Magma PR, also consider reading
|
Oops! Looks like you failed the Howto
♻️ Updated: ✅ The check is passing the Python Format Check after the last commit. |
...ots/test_access_control.AccessControlTestLocalIpBlockLTEIpV6.test_blocking_ip_match.snapshot
Show resolved
Hide resolved
f7a8b7e
to
b9ccd38
Compare
Oops! Looks like you failed the Howto
♻️ Updated: ✅ The check is passing the DCO check after the last commit. |
a354e3e
to
151cccc
Compare
), | ||
ip_proto=IPPROTO_ICMP, | ||
) | ||
return MagmaMatch( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
better readability you could add 'else' here.
lte/gateway/python/magma/pipelined/tests/test_access_control.py
Outdated
Show resolved
Hide resolved
Signed-off-by: Nils Semmelrock <nils.semmelrock@tngtech.com>
Signed-off-by: Nils Semmelrock <nils.semmelrock@tngtech.com>
Signed-off-by: Nils Semmelrock <nils.semmelrock@tngtech.com>
151cccc
to
85f4a50
Compare
running integ tests on fork: https://github.com/nstng/magma/actions/runs/2096312195 (/) |
…a#12339) Signed-off-by: sreedharkumartn <sreedhar.kumar@wavelabs.ai>
…a#12339) * chore(pipelined): access control test is refactored Signed-off-by: Nils Semmelrock <nils.semmelrock@tngtech.com> * chore(pipelined): blocking of local ipv6 addresses is supported Signed-off-by: Nils Semmelrock <nils.semmelrock@tngtech.com> * chore(pipelined): blocking of local ipv6 addresses is tested Signed-off-by: Nils Semmelrock <nils.semmelrock@tngtech.com>
Summary
See #12074.
Couple of notes and questions @pshelar and @koolzz:
access_control.py
usesnetifaces
which is outdatedfe80::
addresses as these are not static in the vm setup - and it is disproportionate to make them static. Is there a test mechanic we did not see that achieves the same?127.*
addresses are blocked - from our research we found that there is not really a fixed ipv6 block for loopback addresses. For now we only blocked in this case::1
. What is your expectation here?Test Plan
Mainly
test_access_control.py
.Additional Information