From 051cb6fbe2a9e4b8008bf21cec33eb2b8385305d Mon Sep 17 00:00:00 2001 From: Andrew Topp Date: Wed, 4 Sep 2024 04:09:46 +1000 Subject: pbr: T6430: Local IP rules routing into VRFs by name * This is the `policy local-route*` part of T6430, manipulating ip rules, another PR covers firewall-backed `policy route*` for similar functionality * Local PBR (policy local-route*) can only target table IDs up to 200 and the previous PR to extend the range was rejected * PBR with this PR can now also target VRFs directly by name, working around targeting problems for VRF table IDs outside the overlapping 100-200 range * Validation ensures rules can't target both a table ID and a VRF name (internally they are handled the same) * Relocated TestPolicyRoute.verify_rules() into VyOSUnitTestSHIM.TestCase, extended to allow lookups in other address families (IPv6 in the new tests). verify_rules() is used by original pbr and new lpbr smoketests in this PR. --- interface-definitions/policy_local-route.xml.in | 36 +++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'interface-definitions') diff --git a/interface-definitions/policy_local-route.xml.in b/interface-definitions/policy_local-route.xml.in index 7a019154a..5235a668a 100644 --- a/interface-definitions/policy_local-route.xml.in +++ b/interface-definitions/policy_local-route.xml.in @@ -39,6 +39,24 @@ + + + VRF to forward packet with + + txt + VRF instance name + + + default + Forward into default global VRF + + + default + vrf name + + #include + + @@ -113,6 +131,24 @@ + + + VRF to forward packet with + + txt + VRF instance name + + + default + Forward into default global VRF + + + default + vrf name + + #include + + -- cgit v1.2.3 From 9c291d115d987cc635d1ef56898119c7d2bdfee6 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 7 Oct 2024 17:13:14 +0200 Subject: xml: T6430: add re-usable vrf CLI node for firewall and pbr --- .../set-packet-modifications-table-and-vrf.xml.i | 19 +---------- interface-definitions/include/firewall/vrf.xml.i | 20 ++++++++++++ interface-definitions/policy_local-route.xml.in | 38 ++-------------------- 3 files changed, 23 insertions(+), 54 deletions(-) create mode 100644 interface-definitions/include/firewall/vrf.xml.i (limited to 'interface-definitions') diff --git a/interface-definitions/include/firewall/set-packet-modifications-table-and-vrf.xml.i b/interface-definitions/include/firewall/set-packet-modifications-table-and-vrf.xml.i index c7875b31d..5eb1984a5 100644 --- a/interface-definitions/include/firewall/set-packet-modifications-table-and-vrf.xml.i +++ b/interface-definitions/include/firewall/set-packet-modifications-table-and-vrf.xml.i @@ -25,24 +25,7 @@ - - - VRF to forward packet with - - txt - VRF instance name - - - default - Forward into default global VRF - - - default - vrf name - - #include - - + #include diff --git a/interface-definitions/include/firewall/vrf.xml.i b/interface-definitions/include/firewall/vrf.xml.i new file mode 100644 index 000000000..af8ce3ab4 --- /dev/null +++ b/interface-definitions/include/firewall/vrf.xml.i @@ -0,0 +1,20 @@ + + + + VRF to forward packet with + + txt + VRF instance name + + + default + Forward into default global VRF + + + default + vrf name + + #include + + + diff --git a/interface-definitions/policy_local-route.xml.in b/interface-definitions/policy_local-route.xml.in index 5235a668a..9f6588db8 100644 --- a/interface-definitions/policy_local-route.xml.in +++ b/interface-definitions/policy_local-route.xml.in @@ -39,24 +39,7 @@ - - - VRF to forward packet with - - txt - VRF instance name - - - default - Forward into default global VRF - - - default - vrf name - - #include - - + #include @@ -131,24 +114,7 @@ - - - VRF to forward packet with - - txt - VRF instance name - - - default - Forward into default global VRF - - - default - vrf name - - #include - - + #include -- cgit v1.2.3