diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-05-29 16:00:12 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2022-05-29 16:44:14 +0000 |
commit | fda276bd0bb60f0ac4289103956e07c66c8e0f1e (patch) | |
tree | de05481c3d6184439a0e343e3f50594ecd8396f7 | |
parent | 96a88c1990a974c5291553e8b9cd3220795366fb (diff) | |
download | vyos-1x-fda276bd0bb60f0ac4289103956e07c66c8e0f1e.tar.gz vyos-1x-fda276bd0bb60f0ac4289103956e07c66c8e0f1e.zip |
Policy: T4450: Expand options for ip|ipv6 address match. Now support prefix-len on both matches. Also change help properties of route-source node.
-rw-r--r-- | data/templates/frr/policy.frr.j2 | 6 | ||||
-rw-r--r-- | interface-definitions/policy.xml.in | 28 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_policy.py | 17 |
3 files changed, 47 insertions, 4 deletions
diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2 index 01884101f..9326cdf03 100644 --- a/data/templates/frr/policy.frr.j2 +++ b/data/templates/frr/policy.frr.j2 @@ -185,6 +185,9 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }} {% if rule_config.match.ip.address.prefix_list is vyos_defined %} match ip address prefix-list {{ rule_config.match.ip.address.prefix_list }} {% endif %} +{% if rule_config.match.ip.address.prefix_len is vyos_defined %} + match ip address prefix-len {{ rule_config.match.ip.address.prefix_len }} +{% endif %} {% if rule_config.match.ip.nexthop.access_list is vyos_defined %} match ip next-hop {{ rule_config.match.ip.nexthop.access_list }} {% endif %} @@ -212,6 +215,9 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }} {% if rule_config.match.ipv6.address.prefix_list is vyos_defined %} match ipv6 address prefix-list {{ rule_config.match.ipv6.address.prefix_list }} {% endif %} +{% if rule_config.match.ipv6.address.prefix_len is vyos_defined %} + match ipv6 address prefix-len {{ rule_config.match.ipv6.address.prefix_len }} +{% endif %} {% if rule_config.match.ipv6.nexthop is vyos_defined %} match ipv6 next-hop address {{ rule_config.match.ipv6.nexthop }} {% endif %} diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index d4aa4e024..aaed6286f 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -637,6 +637,18 @@ </completionHelp> </properties> </leafNode> + <leafNode name="prefix-len"> + <properties> + <help>IP prefix-length to match</help> + <valueHelp> + <format>u32:0-32</format> + <description>Prefix length</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-32"/> + </constraint> + </properties> + </leafNode> </children> </node> <!-- T3304 but it overwrite node nexthop @@ -692,7 +704,7 @@ </leafNode> <leafNode name="prefix-len"> <properties> - <help>IP prefix-lenght to match</help> + <help>IP prefix-length to match</help> <valueHelp> <format>u32:0-32</format> <description>Prefix length</description> @@ -729,7 +741,7 @@ </node> <node name="route-source"> <properties> - <help>test</help> + <help>Match advertising source address of route</help> </properties> <children> <leafNode name="access-list"> @@ -795,6 +807,18 @@ </completionHelp> </properties> </leafNode> + <leafNode name="prefix-len"> + <properties> + <help>IPv6 prefix-length to match</help> + <valueHelp> + <format>u32:0-128</format> + <description>Prefix length</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 0-128"/> + </constraint> + </properties> + </leafNode> </children> </node> <leafNode name="nexthop"> diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py index 2a8843faf..5a8d6995f 100755 --- a/smoketest/scripts/cli/test_policy.py +++ b/smoketest/scripts/cli/test_policy.py @@ -719,7 +719,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): goto = '25' ipv4_nexthop_address= '192.0.2.2' - ipv4_nexthop_plen= '18' + ipv4_prefix_len= '18' + ipv6_prefix_len= '122' ipv4_nexthop_type= 'blackhole' @@ -791,6 +792,7 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): 'action' : 'permit', 'match' : { 'ipv6-nexthop' : ipv6_nexthop, + 'ipv6-address-pfx-len' : ipv6_prefix_len, 'large-community' : large_community_list, 'local-pref' : local_pref, 'metric': metric, @@ -802,12 +804,13 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): 'action' : 'permit', 'match' : { 'ip-nexthop-addr' : ipv4_nexthop_address, + 'ip-address-pfx-len' : ipv4_prefix_len, }, }, '42' : { 'action' : 'deny', 'match' : { - 'ip-nexthop-plen' : ipv4_nexthop_plen, + 'ip-nexthop-plen' : ipv4_prefix_len, }, }, '44' : { @@ -940,6 +943,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): self.cli_set(path + ['rule', rule, 'match', 'ip', 'address', 'access-list', rule_config['match']['ip-address-acl']]) if 'ip-address-pfx' in rule_config['match']: self.cli_set(path + ['rule', rule, 'match', 'ip', 'address', 'prefix-list', rule_config['match']['ip-address-pfx']]) + if 'ip-address-pfx-len' in rule_config['match']: + self.cli_set(path + ['rule', rule, 'match', 'ip', 'address', 'prefix-len', rule_config['match']['ip-address-pfx-len']]) if 'ip-nexthop-acl' in rule_config['match']: self.cli_set(path + ['rule', rule, 'match', 'ip', 'nexthop', 'access-list', rule_config['match']['ip-nexthop-acl']]) if 'ip-nexthop-pfx' in rule_config['match']: @@ -958,6 +963,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): self.cli_set(path + ['rule', rule, 'match', 'ipv6', 'address', 'access-list', rule_config['match']['ipv6-address-acl']]) if 'ipv6-address-pfx' in rule_config['match']: self.cli_set(path + ['rule', rule, 'match', 'ipv6', 'address', 'prefix-list', rule_config['match']['ipv6-address-pfx']]) + if 'ipv6-address-pfx-len' in rule_config['match']: + self.cli_set(path + ['rule', rule, 'match', 'ipv6', 'address', 'prefix-len', rule_config['match']['ipv6-address-pfx-len']]) if 'ipv6-nexthop' in rule_config['match']: self.cli_set(path + ['rule', rule, 'match', 'ipv6', 'nexthop', rule_config['match']['ipv6-nexthop']]) if 'large-community' in rule_config['match']: @@ -1086,6 +1093,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): if 'ip-address-pfx' in rule_config['match']: tmp = f'match ip address prefix-list {rule_config["match"]["ip-address-pfx"]}' self.assertIn(tmp, config) + if 'ip-address-pfx-len' in rule_config['match']: + tmp = f'match ip address prefix-len {rule_config["match"]["ip-address-pfx-len"]}' + self.assertIn(tmp, config) if 'ip-nexthop-acl' in rule_config['match']: tmp = f'match ip next-hop {rule_config["match"]["ip-nexthop-acl"]}' self.assertIn(tmp, config) @@ -1113,6 +1123,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): if 'ipv6-address-pfx' in rule_config['match']: tmp = f'match ipv6 address prefix-list {rule_config["match"]["ipv6-address-pfx"]}' self.assertIn(tmp, config) + if 'ipv6-address-pfx-len' in rule_config['match']: + tmp = f'match ipv6 address prefix-len {rule_config["match"]["ipv6-address-pfx-len"]}' + self.assertIn(tmp, config) if 'ipv6-nexthop' in rule_config['match']: tmp = f'match ipv6 next-hop address {rule_config["match"]["ipv6-nexthop"]}' self.assertIn(tmp, config) |