ncm-network: nmstate - add additional route rule parameters

- provide additional route rule parameters for nmstate config as defined in https://nmstate.io/devel/yaml_api.html#routes
quattor · Feb 20, 2024 · 1450ec3 · 1450ec3
1 parent 125da86
commit 1450ec3
Show file tree

Hide file tree

Showing 4 changed files with 88 additions and 1 deletion.
diff --git a/ncm-network/src/main/pan/components/network/core-schema.pan b/ncm-network/src/main/pan/components/network/core-schema.pan
@@ -77,6 +77,16 @@ type structure_rule = {
     "table" ? network_valid_routing_table
     @{priority, The priority of the rule over the others. Required by Network Manager when setting routing rules.}
     "priority" ? long(0..0xffffffff)
+    @{nmstate-action used by nmstate module}
+    "nmstate-action" ? choice('blackhole', 'prohibit', 'unreachable')
+    @{nmstate-state used by nmstate module, Can only set to absent for deleting matching route rules}
+    "nmstate-state" ? choice('absent')
+    @{nmstate-iif used by nmstate module, Incoming interface name}
+    "nmstate-iif" ? string
+    @{nmstate-fwmark used by nmstate module. Select the fwmark value to match}
+    "nmstate-fwmark" ? string
+    @{nmstate-fwmask used by nmstate module. Select the fwmask value to match}
+    "nmstate-fwmask" ? string
     @{rule add options to use (cannot be combined with other options)}
     "command" ? string with !match(SELF, '[;]')
 } with {
@@ -88,7 +98,7 @@ type structure_rule = {
         if (!exists(SELF['to']) && !exists(SELF['from'])) {
             error("Rule requires selector to or from (or use command)");
         };
-        if (!exists(SELF['table'])) {
+        if (!exists(SELF['table']) && (module != 'nmstate')) {
             error("Rule requires action table (or use command)");
         };
     };

diff --git a/ncm-network/src/main/perl/nmstate.pm b/ncm-network/src/main/perl/nmstate.pm
@@ -121,6 +121,11 @@ sub make_nm_ip_rule
         $thisrule{'route-table'} = "$routing_table_hash->{$rule->{table}}" if $rule->{table};
         $thisrule{'ip-to'} = $rule->{to} if $rule->{to};
         $thisrule{'ip-from'} = $rule->{from} if $rule->{from};
+        $thisrule{'action'} = $rule->{'nmstate-action'} if $rule->{'nmstate-action'};
+        $thisrule{'state'} = $rule->{'nmstate-state'} if $rule->{'nmstate-state'};
+        $thisrule{'iif'} = $rule->{'nmstate-iif'} if $rule->{'nmstate-iif'};
+        $thisrule{'fwmark'} = $rule->{'nmstate-fwmark'} if $rule->{'nmstate-fwmark'};
+        $thisrule{'fwmask'} = $rule->{'nmstate-fwmask'} if $rule->{'nmstate-fwmask'};
         push (@rule_entry, \%thisrule);
 
         # Add a default absent rule to match table defined. This will clear any existing rules for this table, instead of merging.

diff --git a/ncm-network/src/test/perl/nmstate_route_rule.t b/ncm-network/src/test/perl/nmstate_route_rule.t
@@ -0,0 +1,61 @@
+use strict;
+use warnings;
+
+BEGIN {
+    *CORE::GLOBAL::sleep = sub {};
+}
+
+use Test::More;
+use Test::Quattor qw(nmstate_route_rule);
+use Test::MockModule;
+use Readonly;
+
+use NCM::Component::nmstate;
+my $mock = Test::MockModule->new('NCM::Component::nmstate');
+my %executables;
+$mock->mock('_is_executable', sub {diag "executables $_[1] ",explain \%executables;return $executables{$_[1]};});
+
+my $cfg = get_config_for_profile('nmstate_route_rule');
+my $cmp = NCM::Component::nmstate->new('network');
+
+Readonly my $RULE_YML => <<EOF;
+# File generated by NCM::Component::nmstate. Do not edit
+---
+interfaces:
+- ipv4:
+    address:
+    - ip: 4.3.2.1
+      prefix-length: 24
+    dhcp: false
+    enabled: true
+  mac-address: 6e:a5:1b:55:77:0a
+  name: eth0
+  profile-name: eth0
+  state: up
+  type: ethernet
+route-rules:
+  config:
+  - action: unreachable
+    family: ipv4
+    fwmark: '111'
+    fwmask: '000'
+    iif: eth0
+    ip-to: 1.2.3.4/24
+    priority: 100
+  - action: prohibit
+    family: ipv4
+    ip-to: 1.2.4.4/24
+    priority: 100
+    state: absent
+routes:
+  config:
+  - next-hop-interface: eth0
+    state: absent
+EOF
+
+is($cmp->Configure($cfg), 1, "Component runs correctly with a test profile");
+
+my $ruleyml = get_file_contents("/etc/nmstate/eth0.yml");
+is($ruleyml, $RULE_YML, "Exact eth0 rule yml config");
+
+done_testing();
diff --git a/ncm-network/src/test/resources/nmstate_route_rule.pan b/ncm-network/src/test/resources/nmstate_route_rule.pan
@@ -0,0 +1,11 @@
+object template nmstate_route_rule;
+
+include 'simple_base_profile';
+include 'components/network/config-nmstate';
+
+# test for nmstate rule parameters on new interface
+"/hardware/cards/nic/eth0/hwaddr" = "6e:a5:1b:55:77:0a";
+prefix "/system/network/interfaces/eth0";
+"rule/0" = dict("to", "1.2.3.4/24", "nmstate-action", "unreachable",
+            "nmstate-iif", "eth0", "nmstate-fwmask", "000", "nmstate-fwmark", "111");
+"rule/1" = dict("to", "1.2.4.4/24", "nmstate-action", "prohibit", "nmstate-state", "absent");