Skip to content

Commit

Permalink
ncm-network: nmstate - add additional route rule parameters
Browse files Browse the repository at this point in the history
- provide additional route rule parameters for nmstate config as defined in
https://nmstate.io/devel/yaml_api.html#routes

- add a default absent rule to clear route rules entries for the table.
  nmstate by default will merge rules therefore won't clear if there are any
  old rules already present. This will make sure only rules defined by profile is present.
  • Loading branch information
Abdul Karim authored and Abdul Karim committed Jan 5, 2024
1 parent 14a5f7d commit c4b3700
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 3 deletions.
16 changes: 13 additions & 3 deletions ncm-network/src/main/pan/components/network/core-schema.pan
Original file line number Diff line number Diff line change
Expand Up @@ -77,18 +77,28 @@ type structure_rule = {
"table" ? network_valid_routing_table
@{priority, The priority of the rule over the others. Required by Network Manager when setting routing rules.}
"priority" ? long(0..0xffffffff)
@{action used by nmstate module}
"action" ? choice('unreachable', 'blackhole', 'prohibit')
@{state used by nmstate module, Can only set to absent for deleting matching route rules}
"state" ? choice('absent')
@{iif used by nmstate module, Incoming interface name}
"iff" ? string
@{fwmark used by nmstate module. Select the fwmark value to match}
"fwmark" ? string
@{fwmask used by nmstate module. Select the fwmask value to match}
"fwmask" ? string
@{rule add options to use (cannot be combined with other options)}
"command" ? string with !match(SELF, '[;]')
} with {
module = value('/software/components/network/ncm-module', '');
if (exists(SELF['command'])) {
module = value('/software/components/network/ncm-module', '');
if (module == 'nmstate') error("Command routes are not supported by the nmstate backend");
if (module == 'nmstate') error("Command rule are not supported by the nmstate backend");
if (length(SELF) != 1) error("Cannot use command and any of the other attributes as rule");
} else {
if (!exists(SELF['to']) && !exists(SELF['from'])) {
error("Rule requires selector to or from (or use command)");
};
if (!exists(SELF['table'])) {
if (!exists(SELF['table']) && (module != 'nmstate')) {
error("Rule requires action table (or use command)");
};
};
Expand Down
13 changes: 13 additions & 0 deletions ncm-network/src/main/perl/nmstate.pm
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ sub make_nm_ip_rule
my ($self, $device, $rules, $routing_table_hash) = @_;

my @rule_entry;
my %rule_entry_absent;
foreach my $rule (@$rules) {
if ($rule->{command}){
$self->warn("Rule command entry not supported with nmstate, ignoring '$rule->{command}'");
Expand All @@ -120,8 +121,20 @@ sub make_nm_ip_rule
$thisrule{'route-table'} = "$routing_table_hash->{$rule->{table}}" if $rule->{table};
$thisrule{'ip-to'} = $rule->{to} if $rule->{to};
$thisrule{'ip-from'} = $rule->{from} if $rule->{from};
$thisrule{'action'} = $rule->{action} if $rule->{action};
$thisrule{'state'} = $rule->{state} if $rule->{state};
$thisrule{'iff'} = $rule->{iff} if $rule->{iff};
$thisrule{'fwmark'} = $rule->{fwmark} if $rule->{fwmark};
$thisrule{'fwmask'} = $rule->{fwmask} if $rule->{fwmask};
push (@rule_entry, \%thisrule);

# Add a default absent rule to match table defined. This will clear any existing rules for this table, instead of merging.
if ($rule->{table}) {
$rule_entry_absent{'state'} = "absent";
$rule_entry_absent{'route-table'} = $routing_table_hash->{$rule->{table}};
};
}
push (@rule_entry, \%rule_entry_absent) if %rule_entry_absent;
return \@rule_entry;
}

Expand Down

0 comments on commit c4b3700

Please sign in to comment.