diff options
-rw-r--r-- | data/templates/frr/policy.frr.j2 | 11 | ||||
-rw-r--r-- | interface-definitions/include/version/quagga-version.xml.i | 2 | ||||
-rw-r--r-- | interface-definitions/policy.xml.in | 57 | ||||
-rw-r--r-- | smoketest/configs.no-load/firewall-big (renamed from smoketest/configs/firewall-big) | 0 | ||||
-rw-r--r-- | smoketest/configs/bgp-big-as-cloud | 4 | ||||
-rwxr-xr-x | smoketest/scripts/cli/test_policy.py | 49 | ||||
-rwxr-xr-x | src/migration-scripts/quagga/9-to-10 | 62 | ||||
-rwxr-xr-x | src/validators/as-number-list | 29 |
8 files changed, 170 insertions, 44 deletions
diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2 index 9f3097f82..f0a64cb89 100644 --- a/data/templates/frr/policy.frr.j2 +++ b/data/templates/frr/policy.frr.j2 @@ -238,11 +238,14 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }} {% if rule_config.set.aggregator.as is vyos_defined and rule_config.set.aggregator.ip is vyos_defined %} set aggregator as {{ rule_config.set.aggregator.as }} {{ rule_config.set.aggregator.ip }} {% endif %} -{% if rule_config.set.as_path_exclude is vyos_defined %} - set as-path exclude {{ rule_config.set.as_path_exclude }} +{% if rule_config.set.as_path.exclude is vyos_defined %} + set as-path exclude {{ rule_config.set.as_path.exclude }} {% endif %} -{% if rule_config.set.as_path_prepend is vyos_defined %} - set as-path prepend {{ rule_config.set.as_path_prepend }} +{% if rule_config.set.as_path.prepend is vyos_defined %} + set as-path prepend {{ rule_config.set.as_path.prepend }} +{% endif %} +{% if rule_config.set.as_path.prepend_last_as is vyos_defined %} + set as-path prepend last-as {{ rule_config.set.as_path.prepend_last_as }} {% endif %} {% if rule_config.set.atomic_aggregate is vyos_defined %} set atomic-aggregate diff --git a/interface-definitions/include/version/quagga-version.xml.i b/interface-definitions/include/version/quagga-version.xml.i index bb8ad7f82..f9944acce 100644 --- a/interface-definitions/include/version/quagga-version.xml.i +++ b/interface-definitions/include/version/quagga-version.xml.i @@ -1,3 +1,3 @@ <!-- include start from include/version/quagga-version.xml.i --> -<syntaxVersion component='quagga' version='9'></syntaxVersion> +<syntaxVersion component='quagga' version='10'></syntaxVersion> <!-- include end --> diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in index ddb0159d5..1d5d7dd55 100644 --- a/interface-definitions/policy.xml.in +++ b/interface-definitions/policy.xml.in @@ -948,24 +948,49 @@ </leafNode> </children> </node> - <leafNode name="as-path-exclude"> + <node name="as-path"> <properties> - <help>Remove ASN(s) from a Border Gateway Protocol (BGP) AS-path attribute</help> - <valueHelp> - <format>txt</format> - <description>BGP AS path exclude string (ex: "456 64500 45001")</description> - </valueHelp> - </properties> - </leafNode> - <leafNode name="as-path-prepend"> - <properties> - <help>Prepend string for a Border Gateway Protocol (BGP) AS-path attribute</help> - <valueHelp> - <format>txt</format> - <description>BGP AS path prepend string (ex: "64501 64501")</description> - </valueHelp> + <help>Transform BGP AS_PATH attribute</help> </properties> - </leafNode> + <children> + <leafNode name="exclude"> + <properties> + <help>Remove/exclude from the as-path attribute</help> + <valueHelp> + <format>u32</format> + <description>AS number</description> + </valueHelp> + <constraint> + <validator name="as-number-list"/> + </constraint> + </properties> + </leafNode> + <leafNode name="prepend"> + <properties> + <help>Prepend to the as-path</help> + <valueHelp> + <format>u32</format> + <description>AS number</description> + </valueHelp> + <constraint> + <validator name="as-number-list"/> + </constraint> + </properties> + </leafNode> + <leafNode name="prepend-last-as"> + <properties> + <help>Use the last AS-number in the as-path</help> + <valueHelp> + <format>u32:1-10</format> + <description>Number of times to insert</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-10"/> + </constraint> + </properties> + </leafNode> + </children> + </node> <leafNode name="atomic-aggregate"> <properties> <help>BGP atomic aggregate attribute</help> diff --git a/smoketest/configs/firewall-big b/smoketest/configs.no-load/firewall-big index 94b0c6dd5..94b0c6dd5 100644 --- a/smoketest/configs/firewall-big +++ b/smoketest/configs.no-load/firewall-big diff --git a/smoketest/configs/bgp-big-as-cloud b/smoketest/configs/bgp-big-as-cloud index 10660ec87..65819256e 100644 --- a/smoketest/configs/bgp-big-as-cloud +++ b/smoketest/configs/bgp-big-as-cloud @@ -982,6 +982,10 @@ policy { } } } + set { + as-path-exclude "100 200 300" + as-path-prepend "64512 64512 64512" + } } rule 100 { action deny diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py index b232a2241..3e8dd35ae 100755 --- a/smoketest/scripts/cli/test_policy.py +++ b/smoketest/scripts/cli/test_policy.py @@ -800,27 +800,28 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): '10' : { 'action' : 'deny', 'set' : { - 'aggregator-as' : '1234567890', - 'aggregator-ip' : '10.255.255.0', - 'as-path-exclude' : '1234', - 'as-path-prepend' : '1234567890 987654321', - 'atomic-aggregate' : '', - 'distance' : '110', - 'extcommunity-bw' : '20000', - 'extcommunity-rt' : '123:456', - 'extcommunity-soo' : '456:789', - 'ipv6-next-hop-global': '2001::1', - 'ipv6-next-hop-local' : 'fe80::1', - 'ip-next-hop' : '192.168.1.1', - 'large-community' : '100:200:300', - 'local-preference' : '500', - 'metric' : '150', - 'metric-type' : 'type-1', - 'origin' : 'incomplete', - 'originator-id' : '172.16.10.1', - 'src' : '100.0.0.1', - 'tag' : '65530', - 'weight' : '2', + 'aggregator-as' : '1234567890', + 'aggregator-ip' : '10.255.255.0', + 'as-path-exclude' : '1234', + 'as-path-prepend' : '1234567890 987654321', + 'as-path-prepend-last-as' : '5', + 'atomic-aggregate' : '', + 'distance' : '110', + 'extcommunity-bw' : '20000', + 'extcommunity-rt' : '123:456', + 'extcommunity-soo' : '456:789', + 'ipv6-next-hop-global' : '2001::1', + 'ipv6-next-hop-local' : 'fe80::1', + 'ip-next-hop' : '192.168.1.1', + 'large-community' : '100:200:300', + 'local-preference' : '500', + 'metric' : '150', + 'metric-type' : 'type-1', + 'origin' : 'incomplete', + 'originator-id' : '172.16.10.1', + 'src' : '100.0.0.1', + 'tag' : '65530', + 'weight' : '2', }, }, }, @@ -958,9 +959,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): if 'aggregator-ip' in rule_config['set']: self.cli_set(path + ['rule', rule, 'set', 'aggregator', 'ip', rule_config['set']['aggregator-ip']]) if 'as-path-exclude' in rule_config['set']: - self.cli_set(path + ['rule', rule, 'set', 'as-path-exclude', rule_config['set']['as-path-exclude']]) + self.cli_set(path + ['rule', rule, 'set', 'as-path', 'exclude', rule_config['set']['as-path-exclude']]) if 'as-path-prepend' in rule_config['set']: - self.cli_set(path + ['rule', rule, 'set', 'as-path-prepend', rule_config['set']['as-path-prepend']]) + self.cli_set(path + ['rule', rule, 'set', 'as-path', 'prepend', rule_config['set']['as-path-prepend']]) if 'atomic-aggregate' in rule_config['set']: self.cli_set(path + ['rule', rule, 'set', 'atomic-aggregate']) if 'distance' in rule_config['set']: @@ -1118,6 +1119,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase): tmp += 'as-path exclude ' + rule_config['set']['as-path-exclude'] elif 'as-path-prepend' in rule_config['set']: tmp += 'as-path prepend ' + rule_config['set']['as-path-prepend'] + elif 'as-path-prepend-last-as' in rule_config['set']: + tmp += 'as-path prepend last-as' + rule_config['set']['as-path-prepend-last-as'] elif 'atomic-aggregate' in rule_config['set']: tmp += 'atomic-aggregate' elif 'distance' in rule_config['set']: diff --git a/src/migration-scripts/quagga/9-to-10 b/src/migration-scripts/quagga/9-to-10 new file mode 100755 index 000000000..249738822 --- /dev/null +++ b/src/migration-scripts/quagga/9-to-10 @@ -0,0 +1,62 @@ +#!/usr/bin/env python3 +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# re-organize route-map as-path + +from sys import argv +from sys import exit + +from vyos.configtree import ConfigTree + +if (len(argv) < 2): + print("Must specify file name!") + exit(1) + +file_name = argv[1] + +with open(file_name, 'r') as f: + config_file = f.read() + +base = ['policy', 'route-map'] + +config = ConfigTree(config_file) +if not config.exists(base): + # Nothing to do + exit(0) + +for route_map in config.list_nodes(base): + # Bail out Early + if not config.exists(base + [route_map, 'rule']): + continue + + for rule in config.list_nodes(base + [route_map, 'rule']): + rule_base = base + [route_map, 'rule', rule] + if config.exists(rule_base + ['set', 'as-path-exclude']): + tmp = config.return_value(rule_base + ['set', 'as-path-exclude']) + config.delete(rule_base + ['set', 'as-path-exclude']) + config.set(rule_base + ['set', 'as-path', 'exclude'], value=tmp) + + if config.exists(rule_base + ['set', 'as-path-prepend']): + tmp = config.return_value(rule_base + ['set', 'as-path-prepend']) + config.delete(rule_base + ['set', 'as-path-prepend']) + config.set(rule_base + ['set', 'as-path', 'prepend'], value=tmp) + +try: + with open(file_name, 'w') as f: + f.write(config.to_string()) +except OSError as e: + print("Failed to save the modified config: {}".format(e)) + exit(1) diff --git a/src/validators/as-number-list b/src/validators/as-number-list new file mode 100755 index 000000000..432d44180 --- /dev/null +++ b/src/validators/as-number-list @@ -0,0 +1,29 @@ +#!/bin/sh +# +# Copyright (C) 2022 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +if [ $# -lt 1 ]; then + echo "Illegal number of parameters" + exit 1 +fi + +for var in "$@"; do + ${vyos_validators_dir}/numeric --range 1-4294967294 $var + if [ $? -ne 0 ]; then + exit 1 + fi +done + +exit 0 |