summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorViacheslav Hletenko <v.gletenko@vyos.io>2023-05-02 15:08:59 +0000
committerViacheslav Hletenko <v.gletenko@vyos.io>2023-05-02 15:08:59 +0000
commit33810487a8ea80cd2b44f144f761e54d6e2a7b8a (patch)
tree224f679f213774274f159db40d40569097c6b728
parent0f224ec009aed6184691da49b8aba5a53b162770 (diff)
downloadvyos-1x-33810487a8ea80cd2b44f144f761e54d6e2a7b8a.tar.gz
vyos-1x-33810487a8ea80cd2b44f144f761e54d6e2a7b8a.zip
T5163: Add match protocol filter for route-map
Ability to match 'source-protocol' for the route-map filters set policy route-map foo rule 10 action 'permit' set policy route-map foo rule 10 match protocol 'bgp'
-rw-r--r--data/templates/frr/policy.frr.j24
-rw-r--r--interface-definitions/policy.xml.in59
-rwxr-xr-xsmoketest/scripts/cli/test_policy.py23
3 files changed, 85 insertions, 1 deletions
diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2
index 9b5e80aed..ed5876ae9 100644
--- a/data/templates/frr/policy.frr.j2
+++ b/data/templates/frr/policy.frr.j2
@@ -245,6 +245,10 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
{% if rule_config.match.peer is vyos_defined %}
match peer {{ rule_config.match.peer }}
{% endif %}
+{% if rule_config.match.protocol is vyos_defined %}
+{% set source_protocol = 'ospf6' if rule_config.match.protocol == 'ospfv3' else rule_config.match.protocol %}
+ match source-protocol {{ source_protocol }}
+{% endif %}
{% if rule_config.match.rpki is vyos_defined %}
match rpki {{ rule_config.match.rpki }}
{% endif %}
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index 7d5fe79ef..02828c4f6 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -971,6 +971,65 @@
</constraint>
</properties>
</leafNode>
+ <leafNode name="protocol">
+ <properties>
+ <help>Match protocol via which the route was learnt</help>
+ <completionHelp>
+ <list>babel bgp connected isis kernel ospf ospfv3 rip ripng static table vnc</list>
+ </completionHelp>
+ <valueHelp>
+ <format>babel</format>
+ <description>Babel routing protocol (Babel)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>bgp</format>
+ <description>Border Gateway Protocol (BGP)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>connected</format>
+ <description>Connected routes (directly attached subnet or host)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>isis</format>
+ <description>Intermediate System to Intermediate System (IS-IS)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>kernel</format>
+ <description>Kernel routes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ospf</format>
+ <description>Open Shortest Path First (OSPFv2)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ospfv3</format>
+ <description>Open Shortest Path First (IPv6) (OSPFv3)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>rip</format>
+ <description>Routing Information Protocol (RIP)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>ripng</format>
+ <description>Routing Information Protocol next-generation (IPv6) (RIPng)</description>
+ </valueHelp>
+ <valueHelp>
+ <format>static</format>
+ <description>Statically configured routes</description>
+ </valueHelp>
+ <valueHelp>
+ <format>table</format>
+ <description>Non-main Kernel Routing Table</description>
+ </valueHelp>
+ <valueHelp>
+ <format>vnc</format>
+ <description>Virtual Network Control (VNC)</description>
+ </valueHelp>
+ <constraint>
+ <regex>(babel|bgp|connected|isis|kernel|ospf|ospfv3|rip|ripng|static|table|vnc)</regex>
+ </constraint>
+ </properties>
+ </leafNode>
<leafNode name="rpki">
<properties>
<help>Match RPKI validation result</help>
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py
index 3a4ef666a..f35cdaa4c 100755
--- a/smoketest/scripts/cli/test_policy.py
+++ b/smoketest/scripts/cli/test_policy.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021-2022 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -1071,6 +1071,22 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
},
},
},
+ 'match-protocol' : {
+ 'rule' : {
+ '10' : {
+ 'action' : 'permit',
+ 'match' : {
+ 'protocol' : 'static',
+ },
+ },
+ '20' : {
+ 'action' : 'permit',
+ 'match' : {
+ 'protocol' : 'bgp',
+ },
+ },
+ },
+ },
'relative-metric' : {
'rule' : {
'10' : {
@@ -1202,6 +1218,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
self.cli_set(path + ['rule', rule, 'match', 'rpki', 'notfound'])
if 'rpki-valid' in rule_config['match']:
self.cli_set(path + ['rule', rule, 'match', 'rpki', 'valid'])
+ if 'protocol' in rule_config['match']:
+ self.cli_set(path + ['rule', rule, 'match', 'protocol', rule_config['match']['protocol']])
if 'tag' in rule_config['match']:
self.cli_set(path + ['rule', rule, 'match', 'tag', rule_config['match']['tag']])
@@ -1368,6 +1386,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
if 'peer' in rule_config['match']:
tmp = f'match peer {rule_config["match"]["peer"]}'
self.assertIn(tmp, config)
+ if 'protocol' in rule_config['match']:
+ tmp = f'match source-protocol {rule_config["match"]["protocol"]}'
+ self.assertIn(tmp, config)
if 'rpki-invalid' in rule_config['match']:
tmp = f'match rpki invalid'
self.assertIn(tmp, config)