From a681ddef742367dd0fc59df15c857f2190059fcc Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Thu, 15 Feb 2024 22:58:33 +0100
Subject: T5150: rename smoketest config egb-igp-route-maps ->
 egp-igp-route-maps

EDB should be EGP for exterior gateway protocol

(cherry picked from commit 56654191613113764415d7eddadcbd8c97e126de)
---
 smoketest/configs/egb-igp-route-maps | 127 -----------------------------------
 smoketest/configs/egp-igp-route-maps | 127 +++++++++++++++++++++++++++++++++++
 2 files changed, 127 insertions(+), 127 deletions(-)
 delete mode 100644 smoketest/configs/egb-igp-route-maps
 create mode 100644 smoketest/configs/egp-igp-route-maps

diff --git a/smoketest/configs/egb-igp-route-maps b/smoketest/configs/egb-igp-route-maps
deleted file mode 100644
index ca36691d4..000000000
--- a/smoketest/configs/egb-igp-route-maps
+++ /dev/null
@@ -1,127 +0,0 @@
-interfaces {
-    ethernet eth0 {
-        address 192.0.2.1/25
-        duplex auto
-        smp-affinity auto
-        speed auto
-    }
-    ethernet eth1 {
-        address 192.0.2.129/25
-        address 2001:db8::1234/64
-        duplex auto
-        smp-affinity auto
-        speed auto
-    }
-    loopback lo {
-    }
-}
-policy {
-    route-map zebra-bgp {
-        rule 10 {
-            action permit
-        }
-    }
-    route-map zebra-isis {
-        rule 10 {
-            action permit
-        }
-    }
-    route-map zebra-ospf {
-        rule 10 {
-            action permit
-        }
-    }
-    route-map zebra-ospfv3 {
-        rule 10 {
-            action permit
-        }
-    }
-    route-map zebra-ripng {
-        rule 10 {
-            action permit
-        }
-    }
-    route-map zebra-static {
-        rule 10 {
-            action permit
-        }
-    }
-}
-protocols {
-    bgp 100 {
-        route-map zebra-bgp
-    }
-    isis {
-        interface eth0 {
-        }
-        net 49.0001.1921.6800.1002.00
-        route-map zebra-isis
-    }
-    ospf {
-        area 0 {
-            network 192.0.2.0/25
-            network 192.0.2.128/25
-        }
-        log-adjacency-changes {
-        }
-        parameters {
-            abr-type cisco
-            router-id 1.1.1.1
-        }
-        passive-interface default
-        passive-interface-exclude eth0
-        passive-interface-exclude eth1
-        route-map zebra-ospf
-    }
-    ospfv3 {
-        area 0 {
-            interface eth1
-        }
-        parameters {
-            router-id 1.1.1.1
-        }
-        route-map zebra-ospfv3
-    }
-    ripng {
-        interface eth1
-        route-map zebra-ripng
-    }
-    static {
-        route-map zebra-static
-    }
-}
-system {
-    config-management {
-        commit-revisions 100
-    }
-    console {
-        device ttyS0 {
-            speed 115200
-        }
-    }
-    host-name vyos
-    login {
-        user vyos {
-            authentication {
-                encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
-                plaintext-password ""
-            }
-        }
-    }
-    name-server 192.168.0.1
-    syslog {
-        global {
-            archive {
-                file 5
-                size 512
-            }
-            facility all {
-                level info
-            }
-        }
-    }
-    time-zone Europe/Berlin
-}
-// Warning: Do not remove the following line.
-// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
-// Release version: 1.3.2
diff --git a/smoketest/configs/egp-igp-route-maps b/smoketest/configs/egp-igp-route-maps
new file mode 100644
index 000000000..ca36691d4
--- /dev/null
+++ b/smoketest/configs/egp-igp-route-maps
@@ -0,0 +1,127 @@
+interfaces {
+    ethernet eth0 {
+        address 192.0.2.1/25
+        duplex auto
+        smp-affinity auto
+        speed auto
+    }
+    ethernet eth1 {
+        address 192.0.2.129/25
+        address 2001:db8::1234/64
+        duplex auto
+        smp-affinity auto
+        speed auto
+    }
+    loopback lo {
+    }
+}
+policy {
+    route-map zebra-bgp {
+        rule 10 {
+            action permit
+        }
+    }
+    route-map zebra-isis {
+        rule 10 {
+            action permit
+        }
+    }
+    route-map zebra-ospf {
+        rule 10 {
+            action permit
+        }
+    }
+    route-map zebra-ospfv3 {
+        rule 10 {
+            action permit
+        }
+    }
+    route-map zebra-ripng {
+        rule 10 {
+            action permit
+        }
+    }
+    route-map zebra-static {
+        rule 10 {
+            action permit
+        }
+    }
+}
+protocols {
+    bgp 100 {
+        route-map zebra-bgp
+    }
+    isis {
+        interface eth0 {
+        }
+        net 49.0001.1921.6800.1002.00
+        route-map zebra-isis
+    }
+    ospf {
+        area 0 {
+            network 192.0.2.0/25
+            network 192.0.2.128/25
+        }
+        log-adjacency-changes {
+        }
+        parameters {
+            abr-type cisco
+            router-id 1.1.1.1
+        }
+        passive-interface default
+        passive-interface-exclude eth0
+        passive-interface-exclude eth1
+        route-map zebra-ospf
+    }
+    ospfv3 {
+        area 0 {
+            interface eth1
+        }
+        parameters {
+            router-id 1.1.1.1
+        }
+        route-map zebra-ospfv3
+    }
+    ripng {
+        interface eth1
+        route-map zebra-ripng
+    }
+    static {
+        route-map zebra-static
+    }
+}
+system {
+    config-management {
+        commit-revisions 100
+    }
+    console {
+        device ttyS0 {
+            speed 115200
+        }
+    }
+    host-name vyos
+    login {
+        user vyos {
+            authentication {
+                encrypted-password $6$O5gJRlDYQpj$MtrCV9lxMnZPMbcxlU7.FI793MImNHznxGoMFgm3Q6QP3vfKJyOSRCt3Ka/GzFQyW1yZS4NS616NLHaIPPFHc0
+                plaintext-password ""
+            }
+        }
+    }
+    name-server 192.168.0.1
+    syslog {
+        global {
+            archive {
+                file 5
+                size 512
+            }
+            facility all {
+                level info
+            }
+        }
+    }
+    time-zone Europe/Berlin
+}
+// Warning: Do not remove the following line.
+// vyos-config-version: "broadcast-relay@1:cluster@1:config-management@1:conntrack@3:conntrack-sync@2:dhcp-relay@2:dhcp-server@6:dhcpv6-server@1:dns-forwarding@3:firewall@5:https@2:interfaces@22:ipoe-server@1:ipsec@5:isis@1:l2tp@3:lldp@1:mdns@1:nat@5:ntp@1:pppoe-server@5:pptp@2:qos@1:quagga@8:rpki@1:salt@1:snmp@2:ssh@2:sstp@3:system@21:vrrp@2:vyos-accel-ppp@2:wanloadbalance@3:webproxy@2:zone-policy@1"
+// Release version: 1.3.2
-- 
cgit v1.2.3


From 64c8318b94d91b37ddc60632aa1203f37e65ccd7 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Thu, 15 Feb 2024 22:54:58 +0100
Subject: T6001: add option to disable next-hop-tracking resolve-via-default

* set system ip nht no-resolve-via-default
* set system ipv6 nht no-resolve-via-default

(cherry picked from commit ece0e768f36e52f8964823d891264d7c187204ec)
---
 data/templates/frr/zebra.route-map.frr.j2         |  5 +++++
 interface-definitions/include/system-ip-nht.xml.i | 15 +++++++++++++++
 interface-definitions/system_ip.xml.in            |  1 +
 interface-definitions/system_ipv6.xml.in          |  1 +
 smoketest/scripts/cli/test_system_ip.py           | 15 ++++++++++++++-
 smoketest/scripts/cli/test_system_ipv6.py         | 15 ++++++++++++++-
 src/conf_mode/system_ip.py                        |  1 +
 src/conf_mode/system_ipv6.py                      |  1 +
 8 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 interface-definitions/include/system-ip-nht.xml.i

diff --git a/data/templates/frr/zebra.route-map.frr.j2 b/data/templates/frr/zebra.route-map.frr.j2
index 8e18abbde..669d58354 100644
--- a/data/templates/frr/zebra.route-map.frr.j2
+++ b/data/templates/frr/zebra.route-map.frr.j2
@@ -1,4 +1,8 @@
 !
+{% if nht.no_resolve_via_default is vyos_defined %}
+no {{ afi }} nht resolve-via-default
+{% endif %}
+!
 {% if protocol is vyos_defined %}
 {%     for protocol_name, protocol_config in protocol.items() %}
 {%         if protocol_name is vyos_defined('ospfv3') %}
@@ -7,3 +11,4 @@
 {{ afi }} protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}
 {%     endfor %}
 {% endif %}
+!
diff --git a/interface-definitions/include/system-ip-nht.xml.i b/interface-definitions/include/system-ip-nht.xml.i
new file mode 100644
index 000000000..4074043cd
--- /dev/null
+++ b/interface-definitions/include/system-ip-nht.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from syslog-facility.xml.i -->
+<node name="nht">
+  <properties>
+    <help>Filter Next Hop tracking route resolution</help>
+  </properties>
+  <children>
+    <leafNode name="no-resolve-via-default">
+      <properties>
+        <help>Do not resolve via default route</help>
+        <valueless/>
+      </properties>
+    </leafNode>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/system_ip.xml.in b/interface-definitions/system_ip.xml.in
index 6e3b7d5d0..015eb270f 100644
--- a/interface-definitions/system_ip.xml.in
+++ b/interface-definitions/system_ip.xml.in
@@ -48,6 +48,7 @@
               </leafNode>
             </children>
           </node>
+          #include <include/system-ip-nht.xml.i>
           <node name="tcp">
             <properties>
               <help>IPv4 TCP parameters</help>
diff --git a/interface-definitions/system_ipv6.xml.in b/interface-definitions/system_ipv6.xml.in
index 8957cb6a7..dda00af38 100644
--- a/interface-definitions/system_ipv6.xml.in
+++ b/interface-definitions/system_ipv6.xml.in
@@ -36,6 +36,7 @@
               #include <include/arp-ndp-table-size.xml.i>
             </children>
           </node>
+          #include <include/system-ip-nht.xml.i>
           #include <include/system-ipv6-protocol.xml.i>
           <leafNode name="strict-dad">
             <properties>
diff --git a/smoketest/scripts/cli/test_system_ip.py b/smoketest/scripts/cli/test_system_ip.py
index 567416774..ac8b74236 100755
--- a/smoketest/scripts/cli/test_system_ip.py
+++ b/smoketest/scripts/cli/test_system_ip.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020-2023 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -120,5 +120,18 @@ class TestSystemIP(VyOSUnitTestSHIM.TestCase):
         # Commit again
         self.cli_commit()
 
+    def test_system_ip_nht(self):
+        self.cli_set(base_path + ['nht', 'no-resolve-via-default'])
+        self.cli_commit()
+        # Verify CLI config applied to FRR
+        frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+        self.assertIn(f'no ip nht resolve-via-default', frrconfig)
+
+        self.cli_delete(base_path + ['nht', 'no-resolve-via-default'])
+        self.cli_commit()
+        # Verify CLI config removed to FRR
+        frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+        self.assertNotIn(f'no ip nht resolve-via-default', frrconfig)
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_system_ipv6.py b/smoketest/scripts/cli/test_system_ipv6.py
index 225c2d666..bc0f7aa8c 100755
--- a/smoketest/scripts/cli/test_system_ipv6.py
+++ b/smoketest/scripts/cli/test_system_ipv6.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2021-2023 VyOS maintainers and contributors
+# Copyright (C) 2021-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -131,5 +131,18 @@ class TestSystemIPv6(VyOSUnitTestSHIM.TestCase):
         # Commit again
         self.cli_commit()
 
+    def test_system_ipv6_nht(self):
+        self.cli_set(base_path + ['nht', 'no-resolve-via-default'])
+        self.cli_commit()
+        # Verify CLI config applied to FRR
+        frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+        self.assertIn(f'no ipv6 nht resolve-via-default', frrconfig)
+
+        self.cli_delete(base_path + ['nht', 'no-resolve-via-default'])
+        self.cli_commit()
+        # Verify CLI config removed to FRR
+        frrconfig = self.getFRRconfig('', end='', daemon='zebra')
+        self.assertNotIn(f'no ipv6 nht resolve-via-default', frrconfig)
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
diff --git a/src/conf_mode/system_ip.py b/src/conf_mode/system_ip.py
index 7612e2c0d..833f89554 100755
--- a/src/conf_mode/system_ip.py
+++ b/src/conf_mode/system_ip.py
@@ -127,6 +127,7 @@ def apply(opt):
 
         # The route-map used for the FIB (zebra) is part of the zebra daemon
         frr_cfg.load_configuration(zebra_daemon)
+        frr_cfg.modify_section(r'no ip nht resolve-via-default')
         frr_cfg.modify_section(r'ip protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
         if 'frr_zebra_config' in opt:
             frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
diff --git a/src/conf_mode/system_ipv6.py b/src/conf_mode/system_ipv6.py
index 90a1a8087..00d440e35 100755
--- a/src/conf_mode/system_ipv6.py
+++ b/src/conf_mode/system_ipv6.py
@@ -104,6 +104,7 @@ def apply(opt):
 
         # The route-map used for the FIB (zebra) is part of the zebra daemon
         frr_cfg.load_configuration(zebra_daemon)
+        frr_cfg.modify_section(r'no ipv6 nht resolve-via-default')
         frr_cfg.modify_section(r'ipv6 protocol \w+ route-map [-a-zA-Z0-9.]+', stop_pattern='(\s|!)')
         if 'frr_zebra_config' in opt:
             frr_cfg.add_before(frr.default_add_before, opt['frr_zebra_config'])
-- 
cgit v1.2.3


From 42e83b8b2cca6ba73c2663629cf92b3b2b225898 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Fri, 16 Feb 2024 08:31:58 +0100
Subject: T6001: add option to disable next-hop-tracking resolve-via-default in
 VRF context

* set vrf name <name> ip nht no-resolve-via-default
* set vrf name <name> ipv6 nht no-resolve-via-default

(cherry picked from commit 0fafc4bcdb9efc03796ddab0832471b11ba1bbe0)
---
 data/templates/frr/zebra.vrf.route-map.frr.j2 |  6 +++++
 interface-definitions/vrf.xml.in              |  2 ++
 smoketest/scripts/cli/test_vrf.py             | 35 ++++++++++++++++++++++++++-
 3 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/data/templates/frr/zebra.vrf.route-map.frr.j2 b/data/templates/frr/zebra.vrf.route-map.frr.j2
index 4e1206374..f1cc6fe66 100644
--- a/data/templates/frr/zebra.vrf.route-map.frr.j2
+++ b/data/templates/frr/zebra.vrf.route-map.frr.j2
@@ -6,6 +6,12 @@
 {%             continue %}
 {%         endif %}
 vrf {{ vrf }}
+{%         if vrf_config.ip.nht.no_resolve_via_default is vyos_defined %}
+ no ip nht resolve-via-default
+{%         endif %}
+{%         if vrf_config.ipv6.nht.no_resolve_via_default is vyos_defined %}
+ no ipv6 nht resolve-via-default
+{%         endif %}
 {%         if vrf_config.ip.protocol is vyos_defined %}
 {%             for protocol_name, protocol_config in vrf_config.ip.protocol.items() %}
  ip protocol {{ protocol_name }} route-map {{ protocol_config.route_map }}
diff --git a/interface-definitions/vrf.xml.in b/interface-definitions/vrf.xml.in
index e5ec539d3..25f26d0cc 100644
--- a/interface-definitions/vrf.xml.in
+++ b/interface-definitions/vrf.xml.in
@@ -34,6 +34,7 @@
             </properties>
             <children>
               #include <include/interface/disable-forwarding.xml.i>
+              #include <include/system-ip-nht.xml.i>
               #include <include/system-ip-protocol.xml.i>
             </children>
           </node>
@@ -43,6 +44,7 @@
             </properties>
             <children>
               #include <include/interface/disable-forwarding.xml.i>
+              #include <include/system-ip-nht.xml.i>
               #include <include/system-ipv6-protocol.xml.i>
             </children>
           </node>
diff --git a/smoketest/scripts/cli/test_vrf.py b/smoketest/scripts/cli/test_vrf.py
index a3090ee41..438387f2d 100755
--- a/smoketest/scripts/cli/test_vrf.py
+++ b/smoketest/scripts/cli/test_vrf.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020-2023 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -495,6 +495,39 @@ class VRFTest(VyOSUnitTestSHIM.TestCase):
             frrconfig = self.getFRRconfig(f'vrf {vrf}')
             self.assertNotIn('vni', frrconfig)
 
+    def test_vrf_ip_ipv6_nht(self):
+        table = '6910'
+
+        for vrf in vrfs:
+            base = base_path + ['name', vrf]
+            self.cli_set(base + ['table', table])
+            self.cli_set(base + ['ip', 'nht', 'no-resolve-via-default'])
+            self.cli_set(base + ['ipv6', 'nht', 'no-resolve-via-default'])
+
+            table = str(int(table) + 1)
+
+        self.cli_commit()
+
+        # Verify route-map properly applied to FRR
+        for vrf in vrfs:
+            frrconfig = self.getFRRconfig(f'vrf {vrf}', daemon='zebra')
+            self.assertIn(f'vrf {vrf}', frrconfig)
+            self.assertIn(f' no ip nht resolve-via-default', frrconfig)
+            self.assertIn(f' no ipv6 nht resolve-via-default', frrconfig)
+
+        # Delete route-maps
+        for vrf in vrfs:
+            base = base_path + ['name', vrf]
+            self.cli_delete(base + ['ip'])
+            self.cli_delete(base + ['ipv6'])
+
+        self.cli_commit()
+
+        # Verify route-map properly is removed from FRR
+        for vrf in vrfs:
+            frrconfig = self.getFRRconfig(f'vrf {vrf}', daemon='zebra')
+            self.assertNotIn(f' no ip nht resolve-via-default', frrconfig)
+            self.assertNotIn(f' no ipv6 nht resolve-via-default', frrconfig)
 
 if __name__ == '__main__':
     unittest.main(verbosity=2)
-- 
cgit v1.2.3