From 33810487a8ea80cd2b44f144f761e54d6e2a7b8a Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Tue, 2 May 2023 15:08:59 +0000
Subject: T5163: Add match protocol filter for route-map

Ability to match 'source-protocol' for the route-map filters

set policy route-map foo rule 10 action 'permit'
set policy route-map foo rule 10 match protocol 'bgp'
---
 data/templates/frr/policy.frr.j2     |  4 +++
 interface-definitions/policy.xml.in  | 59 ++++++++++++++++++++++++++++++++++++
 smoketest/scripts/cli/test_policy.py | 23 +++++++++++++-
 3 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/data/templates/frr/policy.frr.j2 b/data/templates/frr/policy.frr.j2
index 9b5e80aed..ed5876ae9 100644
--- a/data/templates/frr/policy.frr.j2
+++ b/data/templates/frr/policy.frr.j2
@@ -245,6 +245,10 @@ route-map {{ route_map }} {{ rule_config.action }} {{ rule }}
 {%                     if rule_config.match.peer is vyos_defined %}
  match peer {{ rule_config.match.peer }}
 {%                     endif %}
+{%                     if rule_config.match.protocol is vyos_defined %}
+{%                         set source_protocol = 'ospf6' if rule_config.match.protocol == 'ospfv3' else rule_config.match.protocol %}
+ match source-protocol {{ source_protocol }}
+{%                     endif %}
 {%                     if rule_config.match.rpki is vyos_defined %}
  match rpki {{ rule_config.match.rpki }}
 {%                     endif %}
diff --git a/interface-definitions/policy.xml.in b/interface-definitions/policy.xml.in
index 7d5fe79ef..02828c4f6 100644
--- a/interface-definitions/policy.xml.in
+++ b/interface-definitions/policy.xml.in
@@ -971,6 +971,65 @@
                       </constraint>
                     </properties>
                   </leafNode>
+                  <leafNode name="protocol">
+                    <properties>
+                      <help>Match protocol via which the route was learnt</help>
+                      <completionHelp>
+                        <list>babel bgp connected isis kernel ospf ospfv3 rip ripng static table vnc</list>
+                      </completionHelp>
+                      <valueHelp>
+                        <format>babel</format>
+                        <description>Babel routing protocol (Babel)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>bgp</format>
+                        <description>Border Gateway Protocol (BGP)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>connected</format>
+                        <description>Connected routes (directly attached subnet or host)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>isis</format>
+                        <description>Intermediate System to Intermediate System (IS-IS)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>kernel</format>
+                        <description>Kernel routes</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ospf</format>
+                        <description>Open Shortest Path First (OSPFv2)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ospfv3</format>
+                        <description>Open Shortest Path First (IPv6) (OSPFv3)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>rip</format>
+                        <description>Routing Information Protocol (RIP)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>ripng</format>
+                        <description>Routing Information Protocol next-generation (IPv6) (RIPng)</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>static</format>
+                        <description>Statically configured routes</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>table</format>
+                        <description>Non-main Kernel Routing Table</description>
+                      </valueHelp>
+                      <valueHelp>
+                        <format>vnc</format>
+                        <description>Virtual Network Control (VNC)</description>
+                      </valueHelp>
+                      <constraint>
+                        <regex>(babel|bgp|connected|isis|kernel|ospf|ospfv3|rip|ripng|static|table|vnc)</regex>
+                      </constraint>
+                    </properties>
+                  </leafNode>
                   <leafNode name="rpki">
                     <properties>
                       <help>Match RPKI validation result</help>
diff --git a/smoketest/scripts/cli/test_policy.py b/smoketest/scripts/cli/test_policy.py
index 3a4ef666a..f35cdaa4c 100755
--- a/smoketest/scripts/cli/test_policy.py
+++ b/smoketest/scripts/cli/test_policy.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021-2022 VyOS maintainers and contributors
+# Copyright (C) 2021-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -1071,6 +1071,22 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
                     },
                 },
             },
+            'match-protocol' : {
+                'rule' : {
+                    '10' : {
+                        'action' : 'permit',
+                        'match' : {
+                            'protocol'  : 'static',
+                        },
+                    },
+                    '20' : {
+                        'action' : 'permit',
+                        'match' : {
+                            'protocol'   : 'bgp',
+                        },
+                    },
+                },
+            },
             'relative-metric' : {
                 'rule' : {
                     '10' : {
@@ -1202,6 +1218,8 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
                         self.cli_set(path + ['rule', rule, 'match', 'rpki', 'notfound'])
                     if 'rpki-valid' in rule_config['match']:
                         self.cli_set(path + ['rule', rule, 'match', 'rpki', 'valid'])
+                    if 'protocol' in rule_config['match']:
+                        self.cli_set(path + ['rule', rule, 'match', 'protocol', rule_config['match']['protocol']])
                     if 'tag' in rule_config['match']:
                         self.cli_set(path + ['rule', rule, 'match', 'tag', rule_config['match']['tag']])
 
@@ -1368,6 +1386,9 @@ class TestPolicy(VyOSUnitTestSHIM.TestCase):
                     if 'peer' in rule_config['match']:
                         tmp = f'match peer {rule_config["match"]["peer"]}'
                         self.assertIn(tmp, config)
+                    if 'protocol' in rule_config['match']:
+                        tmp = f'match source-protocol {rule_config["match"]["protocol"]}'
+                        self.assertIn(tmp, config)
                     if 'rpki-invalid' in rule_config['match']:
                         tmp = f'match rpki invalid'
                         self.assertIn(tmp, config)
-- 
cgit v1.2.3