Merge pull request #1250 from fett0/T4304

OSPF : T4304: Set import/export filter inter-area prefix

4 files changed, 71 insertions, 0 deletions

diff --git a/data/templates/frr/ospfd.frr.tmpl b/data/templates/frr/ospfd.frr.tmpl
index 12213f162..59d936b55 100644
--- a/data/templates/frr/ospfd.frr.tmpl
+++ b/data/templates/frr/ospfd.frr.tmpl
@@ -97,6 +97,12 @@ router ospf {{ 'vrf ' + vrf if vrf is defined and vrf is not none }}
 {%         endif %}
 {%       endfor %}
 {%     endif %}
+{%     if area_config.export_list is defined and area_config.export_list is not none %}
+ area {{ area_id }} export-list {{ area_config.export_list }}
+{%     endif %}
+{%     if area_config.import_list is defined and area_config.import_list is not none %}
+ area {{ area_id }} import-list {{ area_config.import_list }}
+{%     endif %}
 {%     if area_config.shortcut is defined and area_config.shortcut is not none %}
  area {{ area_id }} shortcut {{ area_config.shortcut }}
 {%     endif %}
diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i
index 088bee2de..3a3372e47 100644
--- a/interface-definitions/include/ospf/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospf/protocol-common-config.xml.i
@@ -256,6 +256,36 @@
         </constraint>
       </properties>
     </leafNode>
+    <leafNode name="export-list">
+      <properties>
+        <help>Set the filter for networks announced to other areas</help>
+        <completionHelp>
+          <path>policy access-list</path>
+        </completionHelp>
+        <valueHelp>
+          <format>u32</format>
+          <description>Access-list number</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 0-4294967295"/>
+        </constraint>
+      </properties>
+    </leafNode>
+    <leafNode name="import-list">
+      <properties>
+        <help>Set the filter for networks from other areas announced</help>
+        <completionHelp>
+          <path>policy access-list</path>
+        </completionHelp>
+        <valueHelp>
+          <format>u32</format>
+          <description>Access-list number</description>
+        </valueHelp>
+        <constraint>
+          <validator name="numeric" argument="--range 0-4294967295"/>
+        </constraint>
+      </properties>
+    </leafNode>
     <tagNode name="virtual-link">
       <properties>
         <help>Virtual link</help>
diff --git a/smoketest/scripts/cli/test_protocols_ospf.py b/smoketest/scripts/cli/test_protocols_ospf.py
index ee58b0fe2..5d8e9cff2 100755
--- a/smoketest/scripts/cli/test_protocols_ospf.py
+++ b/smoketest/scripts/cli/test_protocols_ospf.py
@@ -368,6 +368,30 @@ class TestProtocolsOSPF(VyOSUnitTestSHIM.TestCase):
         self.cli_delete(['vrf', 'name', vrf])
         self.cli_delete(['interfaces', 'ethernet', vrf_iface, 'vrf'])
 
+    def test_ospf_13_export_list(self):
+        # Verify explort-list works on ospf-area
+        acl = '100'
+        seq = '10'
+        area = '0.0.0.10'
+        network = '10.0.0.0/8'
+
+
+        self.cli_set(['policy', 'access-list', acl, 'rule', seq, 'action', 'permit'])
+        self.cli_set(['policy', 'access-list', acl, 'rule', seq, 'source', 'any'])
+        self.cli_set(['policy', 'access-list', acl, 'rule', seq, 'destination', 'any'])
+        self.cli_set(base_path + ['area', area, 'network', network])
+        self.cli_set(base_path + ['area', area, 'export-list', acl])
+
+        # commit changes
+        self.cli_commit()
+
+        # Verify FRR ospfd configuration
+        frrconfig = self.getFRRconfig('router ospf')
+        self.assertIn(f'router ospf', frrconfig)
+        self.assertIn(f' timers throttle spf 200 1000 10000', frrconfig) # default
+        self.assertIn(f' network {network} area {area}', frrconfig)
+        self.assertIn(f' area {area} export-list {acl}', frrconfig)
+
 if __name__ == '__main__':
     logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
     unittest.main(verbosity=2)
diff --git a/src/conf_mode/protocols_ospf.py b/src/conf_mode/protocols_ospf.py
index 4895cde6f..26d491838 100755
--- a/src/conf_mode/protocols_ospf.py
+++ b/src/conf_mode/protocols_ospf.py
@@ -25,6 +25,7 @@ from vyos.configdict import node_changed
 from vyos.configverify import verify_common_route_maps
 from vyos.configverify import verify_route_map
 from vyos.configverify import verify_interface_exists
+from vyos.configverify import verify_access_list
 from vyos.template import render_to_string
 from vyos.util import dict_search
 from vyos.util import get_interface_config
@@ -159,6 +160,16 @@ def verify(ospf):
     route_map_name = dict_search('default_information.originate.route_map', ospf)
     if route_map_name: verify_route_map(route_map_name, ospf)
 
+    # Validate if configured Access-list exists 
+    if 'area' in ospf:
+          for area, area_config in ospf['area'].items():
+              if 'import_list' in area_config:
+                  acl_import = area_config['import_list']
+                  if acl_import: verify_access_list(acl_import, ospf)
+              if 'export_list' in area_config:
+                  acl_export = area_config['export_list']
+                  if acl_export: verify_access_list(acl_export, ospf)
+
     if 'interface' in ospf:
         for interface, interface_config in ospf['interface'].items():
             verify_interface_exists(interface)