T6269: policy: ensure correct rule parsing when using, and when not using <set table> option in policy route. (backport #3367)

[mergify]

Change Summary

Ensure correct rule parsing when using, and when not using option in policy route.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

• https://vyos.dev/T6269
• https://vyos.dev/T6191

Related PR(s)

Component(s) name

policy route

Proposed changes

How to test

Config test for both cases describe in T6191 and in T6269

vyos@latest# run show config comm | grep policy
set policy route BAR interface 'eth1'
set policy route BAR rule 4 protocol 'tcp'
set policy route BAR rule 4 set tcp-mss '1399'
set policy route BAR rule 4 source address '198.51.100.0/24'
set policy route BAR rule 4 tcp flags syn
set policy route BAR rule 10 destination address '!10.0.0.0/8'
set policy route BAR rule 10 set table '100'
set policy route BAR rule 10 source address '198.51.100.0/24'
set policy route FOO interface 'eth1'
set policy route FOO rule 10 destination address '192.0.2.0/24'
set policy route FOO rule 10 set table '102'
set policy route FOO rule 10 source address '198.51.100.0/24'
set policy route FOO rule 20 destination address '192.0.2.0/24'
set policy route FOO rule 20 set table '20'
[edit]
vyos@latest#

And check nftables in order to ensure correct rule parsing:

vyos@latest# sudo nft list chain ip vyos_mangle VYOS_PBR_UD_FOO
table ip vyos_mangle {
        chain VYOS_PBR_UD_FOO {
                ip daddr 192.0.2.0/24 ip saddr 198.51.100.0/24 counter packets 0 bytes 0 meta mark set 0x7fffff99 return comment "ipv4-route-FOO-10"
                ip daddr 192.0.2.0/24 counter packets 0 bytes 0 meta mark set 0x7fffffeb return comment "ipv4-route-FOO-20"
        }
}
[edit]
vyos@latest# sudo nft list chain ip vyos_mangle VYOS_PBR_UD_BAR
table ip vyos_mangle {
        chain VYOS_PBR_UD_BAR {
                ip saddr 198.51.100.0/24 tcp flags & syn == syn counter packets 0 bytes 0 tcp option maxseg size set 1399 comment "ipv4-route-BAR-4"
                ip daddr != 10.0.0.0/8 ip saddr 198.51.100.0/24 counter packets 0 bytes 0 meta mark set 0x7fffff9b return comment "ipv4-route-BAR-10"
        }
}
[edit]
vyos@latest#

Smoketest result

./test_frewall.py --> OK
./test_policy_route --> OK

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

---

This is an automatic backport of pull request #3367 done by [Mergify](https://mergify.com).