From fda276bd0bb60f0ac4289103956e07c66c8e0f1e Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Sun, 29 May 2022 16:00:12 +0000
Subject: Policy: T4450: Expand options for ip|ipv6 address match. Now support
prefix-len on both matches. Also change help properties of route-source node.
---
data/templates/frr/policy.frr.j2 | 6 ++++++
interface-definitions/policy.xml.in | 28 ++++++++++++++++++++++++++--
smoketest/scripts/cli/test_policy.py | 17 +++++++++++++++--
3 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2
index 01884101f..9326cdf03 100644
--- a/data/templates/frr/policy.frr.j2
+++ b/data/templates/frr/policy.frr.j2
@@ -185,6 +185,9 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
{% if rule_config.match.ip.address.prefix_list is vyos_defined %}
match ip address prefix-list {{ rule_config.match.ip.address.prefix_list }}
{% endif %}
+{% if rule_config.match.ip.address.prefix_len is vyos_defined %}
+ match ip address prefix-len {{ rule_config.match.ip.address.prefix_len }}
+{% endif %}
{% if rule_config.match.ip.nexthop.access_list is vyos_defined %}
match ip next-hop {{ rule_config.match.ip.nexthop.access_list }}
{% endif %}
@@ -212,6 +215,9 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
{% if rule_config.match.ipv6.address.prefix_list is vyos_defined %}
match ipv6 address prefix-list {{ rule_config.match.ipv6.address.prefix_list }}
{% endif %}
+{% if rule_config.match.ipv6.address.prefix_len is vyos_defined %}
+ match ipv6 address prefix-len {{ rule_config.match.ipv6.address.prefix_len }}
+{% endif %}
{% if rule_config.match.ipv6.nexthop is vyos_defined %}
match ipv6 next-hop address {{ rule_config.match.ipv6.nexthop }}
{% endif %}
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index d4aa4e024..aaed6286f 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -637,6 +637,18 @@
</completionHelp>
</properties>
</leafNode>
+ <leafNode name="prefix-len">
+ <properties>
+ <help>IP prefix-length to match</help>
+ <valueHelp>
+ <format>u32:0-32</format>
+ <description>Prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-32"/>
+ </constraint>
+ </properties>
+ </leafNode>
</children>
</node>
<!-- T3304 but it overwrite node nexthop
@@ -692,7 +704,7 @@
</leafNode>
<leafNode name="prefix-len">
<properties>
- <help>IP prefix-lenght to match</help>
+ <help>IP prefix-length to match</help>
<valueHelp>
<format>u32:0-32</format>
<description>Prefix length</description>
@@ -729,7 +741,7 @@
</node>
<node name="route-source">
<properties>
- <help>test</help>
+ <help>Match advertising source address of route</help>
</properties>
<children>
<leafNode name="access-list">
@@ -795,6 +807,18 @@
</completionHelp>
</properties>
</leafNode>
+ <leafNode name="prefix-len">
+ <properties>
+ <help>IPv6 prefix-length to match</help>
+ <valueHelp>
+ <format>u32:0-128</format>
+ <description>Prefix length</description>
+ </valueHelp>
+ <constraint>
+ <validator name="numeric" argument="--range 0-128"/>
+ </constraint>
+ </properties>
+ </leafNode>
</children>
</node>
<leafNode name="nexthop">
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py
index 2a8843faf..5a8d6995f 100755
--- a/smoketest/scripts/cli/test_policy.py
+++ b/smoketest/scripts/cli/test_policy.py
@@ -719,7 +719,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
goto = '25'
ipv4_nexthop_address= '192.0.2.2'
- ipv4_nexthop_plen= '18'
+ ipv4_prefix_len= '18'
+ ipv6_prefix_len= '122'
ipv4_nexthop_type= 'blackhole'
@@ -791,6 +792,7 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
'action' : 'permit',
'match' : {
'ipv6-nexthop' : ipv6_nexthop,
+ 'ipv6-address-pfx-len' : ipv6_prefix_len,
'large-community' : large_community_list,
'local-pref' : local_pref,
'metric': metric,
@@ -802,12 +804,13 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
'action' : 'permit',
'match' : {
'ip-nexthop-addr' : ipv4_nexthop_address,
+ 'ip-address-pfx-len' : ipv4_prefix_len,
},
},
'42' : {
'action' : 'deny',
'match' : {
- 'ip-nexthop-plen' : ipv4_nexthop_plen,
+ 'ip-nexthop-plen' : ipv4_prefix_len,
},
},
'44' : {
@@ -940,6 +943,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
self.cli_set(path + ['rule', rule, 'match', 'ip', 'address', 'access-list', rule_config['match']['ip-address-acl']])
if 'ip-address-pfx' in rule_config['match']:
self.cli_set(path + ['rule', rule, 'match', 'ip', 'address', 'prefix-list', rule_config['match']['ip-address-pfx']])
+ if 'ip-address-pfx-len' in rule_config['match']:
+ self.cli_set(path + ['rule', rule, 'match', 'ip', 'address', 'prefix-len', rule_config['match']['ip-address-pfx-len']])
if 'ip-nexthop-acl' in rule_config['match']:
self.cli_set(path + ['rule', rule, 'match', 'ip', 'nexthop', 'access-list', rule_config['match']['ip-nexthop-acl']])
if 'ip-nexthop-pfx' in rule_config['match']:
@@ -958,6 +963,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
self.cli_set(path + ['rule', rule, 'match', 'ipv6', 'address', 'access-list', rule_config['match']['ipv6-address-acl']])
if 'ipv6-address-pfx' in rule_config['match']:
self.cli_set(path + ['rule', rule, 'match', 'ipv6', 'address', 'prefix-list', rule_config['match']['ipv6-address-pfx']])
+ if 'ipv6-address-pfx-len' in rule_config['match']:
+ self.cli_set(path + ['rule', rule, 'match', 'ipv6', 'address', 'prefix-len', rule_config['match']['ipv6-address-pfx-len']])
if 'ipv6-nexthop' in rule_config['match']:
self.cli_set(path + ['rule', rule, 'match', 'ipv6', 'nexthop', rule_config['match']['ipv6-nexthop']])
if 'large-community' in rule_config['match']:
@@ -1086,6 +1093,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
if 'ip-address-pfx' in rule_config['match']:
tmp = f'match ip address prefix-list {rule_config["match"]["ip-address-pfx"]}'
self.assertIn(tmp, config)
+ if 'ip-address-pfx-len' in rule_config['match']:
+ tmp = f'match ip address prefix-len {rule_config["match"]["ip-address-pfx-len"]}'
+ self.assertIn(tmp, config)
if 'ip-nexthop-acl' in rule_config['match']:
tmp = f'match ip next-hop {rule_config["match"]["ip-nexthop-acl"]}'
self.assertIn(tmp, config)
@@ -1113,6 +1123,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
if 'ipv6-address-pfx' in rule_config['match']:
tmp = f'match ipv6 address prefix-list {rule_config["match"]["ipv6-address-pfx"]}'
self.assertIn(tmp, config)
+ if 'ipv6-address-pfx-len' in rule_config['match']:
+ tmp = f'match ipv6 address prefix-len {rule_config["match"]["ipv6-address-pfx-len"]}'
+ self.assertIn(tmp, config)
if 'ipv6-nexthop' in rule_config['match']:
tmp = f'match ipv6 next-hop address {rule_config["match"]["ipv6-nexthop"]}'
self.assertIn(tmp, config)
--
cgit v1.2.3