From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 953F61FF13C
	for <inbox@lore.proxmox.com>; Thu, 19 Feb 2026 16:00:56 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 729A41A192;
	Thu, 19 Feb 2026 16:01:57 +0100 (CET)
Date: Thu, 19 Feb 2026 16:01:53 +0100
From: Gabriel Goller <g.goller@proxmox.com>
To: Hannes Laimer <h.laimer@proxmox.com>
Subject: Re: [PATCH proxmox-ve-rs 7/9] frr: support custom frr configuration
 lines
Message-ID: <kzfrer7p3jx362zhjewi7pymshsfda4tdoo5f6sjkucf5rbkl2@uvn7yrbqzyhj>
Mail-Followup-To: Hannes Laimer <h.laimer@proxmox.com>,
	pve-devel@lists.proxmox.com
References: <20260203160246.353351-1-g.goller@proxmox.com>
 <20260203160246.353351-8-g.goller@proxmox.com>
 <e77d3a9e-48b7-4c45-8ca2-a4a9543f52e7@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <e77d3a9e-48b7-4c45-8ca2-a4a9543f52e7@proxmox.com>
User-Agent: NeoMutt/20241002-35-39f9a6
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1771513304155
X-SPAM-LEVEL: Spam detection results:  0
	AWL                    -0.002 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: FQJJJESDGVJPNUU6NIAYSXHTMZFWBA2U
X-Message-ID-Hash: FQJJJESDGVJPNUU6NIAYSXHTMZFWBA2U
X-MailFrom: g.goller@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: pve-devel@lists.proxmox.com
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

On 19.02.2026 13:17, Hannes Laimer wrote:
> currently we place the custom stuff from `frr.conf.local` at the top of
> `frr.conf`. I don't think it should be a problem having it at the
> bottom, but I'm not super sure if there maybe exist some options we
> don't merge that care about the ordering. I couldn't find any, but in
> case I missed something, wanted to note it here.

This should be possible. It's a bit weird, as it's before the route-maps
right in the middle of the config and not all the statements can be
overridden by the frr.conf.local -- but it's better than not being
backwards-compatible :).

I'll add the following hunk and fix the tests in pve-network:

diff --git a/proxmox-frr-templates/templates/frr.conf.jinja b/proxmox-frr-templates/templates/frr.conf.jinja
index f9ca858907..5731781cc5 100644
--- a/proxmox-frr-templates/templates/frr.conf.jinja
+++ b/proxmox-frr-templates/templates/frr.conf.jinja
@@ -4,9 +4,9 @@
 {% include "ospfd.jinja" %}
 {% include "access_lists.jinja" %}
 {% include "prefix_lists.jinja" %}
-{% include "route_maps.jinja" %}
-{% include "ip_routes.jinja" %}
-{% include "protocol_routemaps.jinja" %}
 {% for line in custom_frr_config %}
 {{ line }}
 {% endfor %}
+{% include "route_maps.jinja" %}
+{% include "ip_routes.jinja" %}
+{% include "protocol_routemaps.jinja" %}


I locally have a test for the frr conf local merging (I'll add it in the
next version of this patch series), which when applied to the current
version of pve-network shows the following diff:
@@ -1,10 +1,9 @@
-#          got: 'frr version 10.4.1
+#     expected: 'frr version 10.4.1
 # frr defaults datacenter
 # hostname localhost
 # log syslog informational
 # service integrated-vtysh-config
 # !
-# !
 # vrf vrf_myzone
 #  vni 1000
 # exit-vrf
@@ -22,7 +21,6 @@
 #  neighbor 192.168.0.3 peer-group VTEP
 #  neighbor 192.168.1.1 remote-as 65001
 #  neighbor 192.168.1.1 description "External Peer"
-#  !
 #  address-family ipv4 unicast
 #   neighbor VTEP activate
 #  exit-address-family
@@ -31,8 +29,8 @@
 #   neighbor VTEP activate
 #   neighbor VTEP route-map MAP_VTEP_IN in
 #   neighbor VTEP route-map MAP_VTEP_OUT out
-#   advertise-all-vni
 #   advertise-svi-ip
+#   advertise-all-vni
 #  exit-address-family
 # exit
 # !
@@ -41,29 +39,25 @@
 #  no bgp hard-administrative-reset
 #  no bgp graceful-restart notification
 # exit
+# route-map MAP_VTEP_IN permit 2
+#  set community 65000:200
+# exit
 # !
 # ip prefix-list PL_ALLOW seq 10 permit 10.0.0.0/8 le 24
-# !
-# bgp community-list standard CL_LOCAL permit 65000:200
-# !
-# route-map CUSTOM_MAP permit 1
+# route-map CUSTOM_MAP permit 10
 #  match ip address prefix-list PL_ALLOW
 # exit
 # !
-# route-map MAP_VTEP_IN permit 1
-# exit
+# bgp community-list standard CL_LOCAL permit 65000:200
 # !
-# route-map MAP_VTEP_IN permit 2
-#  set community 65000:200
+# route-map MAP_VTEP_IN permit 1
 # exit
 # !
 # route-map MAP_VTEP_OUT permit 1
-# exit
-# !
-# route-map MAP_VTEP_OUT permit 2
 #  set community 65000:100
 # exit
 # !
 # line vty
 # !
 # '
+

IMO this is quite good.

Thanks for the review!

> On 2026-02-03 17:01, Gabriel Goller wrote:
> > When merging the frr.conf.local with the frr.conf, some lines cannot be
> > merged and we need to add custom frr config lines to the rust
> > configuration. Add the vec of lines and just dump them into the
> > template.
> > 
> > Co-authored-by: Stefan Hanreich <s.hanreich@proxmox.com>
> > Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
> > ---
> >  proxmox-frr-templates/templates/frr.conf.jinja | 3 +++
> >  proxmox-frr/src/ser/mod.rs                     | 3 +++
> >  2 files changed, 6 insertions(+)
> > 
> > diff --git a/proxmox-frr-templates/templates/frr.conf.jinja b/proxmox-frr-templates/templates/frr.conf.jinja
> > index c8495b417990..6d60ad2a4c4c 100644
> > --- a/proxmox-frr-templates/templates/frr.conf.jinja
> > +++ b/proxmox-frr-templates/templates/frr.conf.jinja
> > @@ -4,3 +4,6 @@
> >  {% include "access_lists.jinja" %}
> >  {% include "route_maps.jinja" %}
> >  {% include "protocol_routemaps.jinja" %}
> > +{% for line in custom_frr_config %}
> > +{{ line }}
> > +{% endfor %}
> > diff --git a/proxmox-frr/src/ser/mod.rs b/proxmox-frr/src/ser/mod.rs
> > index 9aaee74d7af0..3baa0a318fb0 100644
> > --- a/proxmox-frr/src/ser/mod.rs
> > +++ b/proxmox-frr/src/ser/mod.rs
> > @@ -185,6 +185,9 @@ pub struct FrrConfig {
> >      #[builder(default)]
> >      #[serde(default)]
> >      pub access_lists: BTreeMap<AccessListName, Vec<AccessListRule>>,
> > +    #[builder(default)]
> > +    #[serde(default)]
> > +    pub custom_frr_config: Vec<String>,
> >  }
> >  
> >  #[derive(Clone, Debug, PartialEq, Eq, Default, Serialize, Deserialize)]
>