From a6c936997611de85dc73152297679d0b53095713 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 3 Apr 2022 12:11:29 +0200
Subject: isis: T4336: add support for MD5 authentication password on a circuit

---
 interface-definitions/include/isis/password.xml.i  | 20 ++++++++
 .../include/isis/protocol-common-config.xml.i      | 54 +++-------------------
 2 files changed, 26 insertions(+), 48 deletions(-)
 create mode 100644 interface-definitions/include/isis/password.xml.i

(limited to 'interface-definitions/include/isis')

diff --git a/interface-definitions/include/isis/password.xml.i b/interface-definitions/include/isis/password.xml.i
new file mode 100644
index 000000000..27c3b0fa0
--- /dev/null
+++ b/interface-definitions/include/isis/password.xml.i
@@ -0,0 +1,20 @@
+<!-- include start from isis/password.xml.i -->
+<leafNode name="plaintext-password">
+  <properties>
+    <help>Plain-text authentication type</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Circuit password</description>
+    </valueHelp>
+  </properties>
+</leafNode>
+<leafNode name="md5">
+  <properties>
+    <help>MD5 authentication type</help>
+    <valueHelp>
+      <format>txt</format>
+      <description>Level-wide password</description>
+    </valueHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i
index 8ffa14a19..e0145f7a4 100644
--- a/interface-definitions/include/isis/protocol-common-config.xml.i
+++ b/interface-definitions/include/isis/protocol-common-config.xml.i
@@ -4,24 +4,7 @@
     <help>Configure the authentication password for an area</help>
   </properties>
   <children>
-    <leafNode name="plaintext-password">
-      <properties>
-        <help>Plain-text authentication type</help>
-        <valueHelp>
-          <format>txt</format>
-          <description>Level-wide password</description>
-        </valueHelp>
-      </properties>
-    </leafNode>
-    <leafNode name="md5">
-      <properties>
-        <help>MD5 authentication type</help>
-        <valueHelp>
-          <format>txt</format>
-          <description>Level-wide password</description>
-        </valueHelp>
-      </properties>
-    </leafNode>
+    #include <include/isis/password.xml.i>
   </children>
 </node>
 <node name="default-information">
@@ -59,24 +42,7 @@
     <help>Set the authentication password for a routing domain</help>
   </properties>
   <children>
-    <leafNode name="plaintext-password">
-      <properties>
-        <help>Plain-text authentication type</help>
-        <valueHelp>
-          <format>txt</format>
-          <description>Level-wide password</description>
-        </valueHelp>
-      </properties>
-    </leafNode>
-    <leafNode name="md5">
-      <properties>
-        <help>MD5 authentication type</help>
-        <valueHelp>
-          <format>txt</format>
-          <description>Level-wide password</description>
-        </valueHelp>
-      </properties>
-    </leafNode>
+    #include <include/isis/password.xml.i>
   </children>
 </node>
 <leafNode name="dynamic-hostname">
@@ -104,7 +70,7 @@
       <description>Act as an area router</description>
     </valueHelp>
     <constraint>
-      <regex>^(level-1|level-1-2|level-2)$</regex>
+      <regex>(level-1|level-1-2|level-2)</regex>
     </constraint>
   </properties>
 </leafNode>
@@ -182,7 +148,7 @@
       <description>Use new style of TLVs to carry wider metric</description>
     </valueHelp>
     <constraint>
-      <regex>^(narrow|transition|wide)$</regex>
+      <regex>(narrow|transition|wide)</regex>
     </constraint>
   </properties>
 </leafNode>
@@ -668,7 +634,7 @@
           <description>Level-2 only adjacencies are formed</description>
         </valueHelp>
         <constraint>
-          <regex>^(level-1|level-1-2|level-2-only)$</regex>
+          <regex>(level-1|level-1-2|level-2-only)</regex>
         </constraint>
       </properties>
     </leafNode>
@@ -722,15 +688,7 @@
         <help>Configure the authentication password for a circuit</help>
       </properties>
       <children>
-        <leafNode name="plaintext-password">
-          <properties>
-            <help>Plain-text authentication type</help>
-            <valueHelp>
-              <format>txt</format>
-              <description>Circuit password</description>
-            </valueHelp>
-          </properties>
-        </leafNode>
+        #include <include/isis/password.xml.i>
       </children>
     </node>
     <leafNode name="priority">
-- 
cgit v1.2.3


From abdd80c7387e0b819aba5e74777695421fcb70bf Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 3 Apr 2022 13:27:44 +0200
Subject: xml: isis: T3236: create common high-low label value include block

---
 .../include/isis/high-low-label-value.xml.i        | 26 +++++++++++
 .../include/isis/protocol-common-config.xml.i      | 50 +---------------------
 2 files changed, 28 insertions(+), 48 deletions(-)
 create mode 100644 interface-definitions/include/isis/high-low-label-value.xml.i

(limited to 'interface-definitions/include/isis')

diff --git a/interface-definitions/include/isis/high-low-label-value.xml.i b/interface-definitions/include/isis/high-low-label-value.xml.i
new file mode 100644
index 000000000..adc28417d
--- /dev/null
+++ b/interface-definitions/include/isis/high-low-label-value.xml.i
@@ -0,0 +1,26 @@
+<!-- include start from isis/high-low-label-value.xml.i -->
+<leafNode name="low-label-value">
+  <properties>
+    <help>MPLS label lower bound</help>
+    <valueHelp>
+      <format>u32:16-1048575</format>
+      <description>Label value</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 16-1048575"/>
+    </constraint>
+  </properties>
+</leafNode>
+<leafNode name="high-label-value">
+  <properties>
+    <help>MPLS label upper bound</help>
+    <valueHelp>
+      <format>u32:16-1048575</format>
+      <description>Label value</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 16-1048575"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i
index e0145f7a4..af9d87a0d 100644
--- a/interface-definitions/include/isis/protocol-common-config.xml.i
+++ b/interface-definitions/include/isis/protocol-common-config.xml.i
@@ -244,30 +244,7 @@
         <help>Global block label range</help>
       </properties>
       <children>
-        <leafNode name="low-label-value">
-          <properties>
-            <help>The lower bound of the global block</help>
-            <valueHelp>
-              <format>u32:16-1048575</format>
-              <description>MPLS label value</description>
-            </valueHelp>
-            <constraint>
-              <validator name="numeric" argument="--range 16-1048575"/>
-            </constraint>
-          </properties>
-        </leafNode>
-        <leafNode name="high-label-value">
-          <properties>
-            <help>The upper bound of the global block</help>
-            <valueHelp>
-              <format>u32:16-1048575</format>
-              <description>MPLS label value</description>
-            </valueHelp>
-            <constraint>
-              <validator name="numeric" argument="--range 16-1048575"/>
-            </constraint>
-          </properties>
-        </leafNode>
+        #include <include/isis/high-low-label-value.xml.i>
       </children>
     </node>
 <!--
@@ -276,30 +253,7 @@
         <help>Local Block label range</help>
       </properties>
       <children>
-        <leafNode name="low-label-value">
-          <properties>
-            <help>The lower bound of the local block</help>
-            <valueHelp>
-              <format>u32:16-1048575</format>
-              <description>MPLS label value</description>
-            </valueHelp>
-            <constraint>
-              <validator name="numeric" argument="  range 16-1048575"/>
-            </constraint>
-          </properties>
-        </leafNode>
-        <leafNode name="high-label-value">
-          <properties>
-            <help>The upper bound of the local block</help>
-            <valueHelp>
-              <format>u32:16-1048575</format>
-              <description>MPLS label value</description>
-            </valueHelp>
-            <constraint>
-              <validator name="numeric" argument="  range 16-1048575"/>
-            </constraint>
-          </properties>
-        </leafNode>
+        #include <include/isis/high-low-label-value.xml.i>
       </children>
     </node>
 -->
-- 
cgit v1.2.3


From 7d3ae5fc3ba113b67281c9605f3a8a71b924efe2 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 3 Apr 2022 14:11:06 +0200
Subject: isis: T3156: add segment routing local-block for ISIS

---
 data/templates/frr/isisd.frr.tmpl                  |  7 ++--
 .../include/isis/protocol-common-config.xml.i      |  6 +--
 src/conf_mode/protocols_isis.py                    | 44 ++++++++++++++--------
 3 files changed, 34 insertions(+), 23 deletions(-)

(limited to 'interface-definitions/include/isis')

diff --git a/data/templates/frr/isisd.frr.tmpl b/data/templates/frr/isisd.frr.tmpl
index 33adac64e..238541903 100644
--- a/data/templates/frr/isisd.frr.tmpl
+++ b/data/templates/frr/isisd.frr.tmpl
@@ -114,10 +114,11 @@ router isis VyOS {{ 'vrf ' + vrf if vrf is vyos_defined }}
  segment-routing node-msd {{ segment_routing.maximum_label_depth }}
 {%   endif %}
 {%   if segment_routing.global_block is vyos_defined %}
+{%     if segment_routing.local_block is vyos_defined %}
+ segment-routing global-block {{ segment_routing.global_block.low_label_value }} {{ segment_routing.global_block.high_label_value }} local-block {{ segment_routing.local_block.low_label_value }} {{ segment_routing.local_block.high_label_value }}
+{%     else %}
  segment-routing global-block {{ segment_routing.global_block.low_label_value }} {{ segment_routing.global_block.high_label_value }}
-{%   endif %}
-{%   if segment_routing.local_block is vyos_defined %}
- segment-routing local-block {{ segment_routing.global_block.low_label_value }} {{ segment_routing.local_block.high_label_value }}
+{%     endif %}
 {%   endif %}
 {%   if segment_routing.prefix is vyos_defined %}
 {%     for prefixes in segment_routing.prefix %}
diff --git a/interface-definitions/include/isis/protocol-common-config.xml.i b/interface-definitions/include/isis/protocol-common-config.xml.i
index af9d87a0d..75a0355d4 100644
--- a/interface-definitions/include/isis/protocol-common-config.xml.i
+++ b/interface-definitions/include/isis/protocol-common-config.xml.i
@@ -241,22 +241,20 @@
     </leafNode>
     <node name="global-block">
       <properties>
-        <help>Global block label range</help>
+        <help>Segment Routing Global Block label range</help>
       </properties>
       <children>
         #include <include/isis/high-low-label-value.xml.i>
       </children>
     </node>
-<!--
     <node name="local-block">
       <properties>
-        <help>Local Block label range</help>
+        <help>Segment Routing Local Block label range</help>
       </properties>
       <children>
         #include <include/isis/high-low-label-value.xml.i>
       </children>
     </node>
--->
     <leafNode name="maximum-label-depth">
       <properties>
         <help>Maximum MPLS labels allowed for this router</help>
diff --git a/src/conf_mode/protocols_isis.py b/src/conf_mode/protocols_isis.py
index 9b4b215de..f2501e38a 100755
--- a/src/conf_mode/protocols_isis.py
+++ b/src/conf_mode/protocols_isis.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2020-2021 VyOS maintainers and contributors
+# Copyright (C) 2020-2022 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -169,28 +169,40 @@ def verify(isis):
 
     # Segment routing checks
     if dict_search('segment_routing.global_block', isis):
-        high_label_value = dict_search('segment_routing.global_block.high_label_value', isis)
-        low_label_value = dict_search('segment_routing.global_block.low_label_value', isis)
+        g_high_label_value = dict_search('segment_routing.global_block.high_label_value', isis)
+        g_low_label_value = dict_search('segment_routing.global_block.low_label_value', isis)
 
-        # If segment routing global block high value is blank, throw error
-        if (low_label_value and not high_label_value) or (high_label_value and not low_label_value):
-            raise ConfigError('Segment routing global block requires both low and high value!')
+        # If segment routing global block high or low value is blank, throw error
+        if not (g_low_label_value or g_high_label_value):
+            raise ConfigError('Segment routing global-block requires both low and high value!')
 
         # If segment routing global block low value is higher than the high value, throw error
-        if int(low_label_value) > int(high_label_value):
-            raise ConfigError('Segment routing global block low value must be lower than high value')
+        if int(g_low_label_value) > int(g_high_label_value):
+            raise ConfigError('Segment routing global-block low value must be lower than high value')
 
     if dict_search('segment_routing.local_block', isis):
-        high_label_value = dict_search('segment_routing.local_block.high_label_value', isis)
-        low_label_value = dict_search('segment_routing.local_block.low_label_value', isis)
+        if dict_search('segment_routing.global_block', isis) == None:
+            raise ConfigError('Segment routing local-block requires global-block to be configured!')
 
-        # If segment routing local block high value is blank, throw error
-        if (low_label_value and not high_label_value) or (high_label_value and not low_label_value):
-            raise ConfigError('Segment routing local block requires both high and low value!')
+        l_high_label_value = dict_search('segment_routing.local_block.high_label_value', isis)
+        l_low_label_value = dict_search('segment_routing.local_block.low_label_value', isis)
 
-        # If segment routing local block low value is higher than the high value, throw error
-        if int(low_label_value) > int(high_label_value):
-            raise ConfigError('Segment routing local block low value must be lower than high value')
+        # If segment routing local-block high or low value is blank, throw error
+        if not (l_low_label_value or l_high_label_value):
+            raise ConfigError('Segment routing local-block requires both high and low value!')
+
+        # If segment routing local-block low value is higher than the high value, throw error
+        if int(l_low_label_value) > int(l_high_label_value):
+            raise ConfigError('Segment routing local-block low value must be lower than high value')
+
+        # local-block most live outside global block
+        global_range = range(int(g_low_label_value), int(g_high_label_value) +1)
+        local_range  = range(int(l_low_label_value), int(l_high_label_value) +1)
+
+        # Check for overlapping ranges
+        if list(set(global_range) & set(local_range)):
+            raise ConfigError(f'Segment-Routing Global Block ({g_low_label_value}/{g_high_label_value}) '\
+                              f'conflicts with Local Block ({l_low_label_value}/{l_high_label_value})!')
 
     return None
 
-- 
cgit v1.2.3