From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 0EC211FF13B for ; Wed, 25 Mar 2026 10:43:06 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 9CFC8F88D; Wed, 25 Mar 2026 10:42:22 +0100 (CET) From: Stefan Hanreich To: pve-devel@lists.proxmox.com Subject: [PATCH proxmox-ve-rs 8/9] ve-config: frr: implement frr config generation for route maps Date: Wed, 25 Mar 2026 10:41:21 +0100 Message-ID: <20260325094142.174364-11-s.hanreich@proxmox.com> X-Mailer: git-send-email 2.47.3 In-Reply-To: <20260325094142.174364-1-s.hanreich@proxmox.com> References: <20260325094142.174364-1-s.hanreich@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1774431663836 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.718 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: EQ3TCR7RWMYTNDKSL3QJSIOAPQJTUT34 X-Message-ID-Hash: EQ3TCR7RWMYTNDKSL3QJSIOAPQJTUT34 X-MailFrom: s.hanreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Implements conversion traits for all the section config types, so they can be converted into their respective FRR template counterpart. This module contains a helper for adding all route map entries to an existing FRR configuration. It will overwrite existing route map entries that have the same name AND order number. But if entries with the same name, but different ordering, exist they will only be added to the existing FRR configuration without dropping the other route map entries. This currently not relevant either way, because the initial API implementation will reject creating route maps with names of route maps that the stack auto-generates. In the future this behavior can be used for selectively overriding / appending existing Proxmox VE route maps. The helper also automatically orders route map entries according to their ordering number. This allows for deterministic FRR configuration output, which is important for tests and convenient for human readability. Signed-off-by: Stefan Hanreich --- proxmox-ve-config/src/sdn/route_map.rs | 271 +++++++++++++++++++++++++ 1 file changed, 271 insertions(+) diff --git a/proxmox-ve-config/src/sdn/route_map.rs b/proxmox-ve-config/src/sdn/route_map.rs index 3f4da56..8d8c4dc 100644 --- a/proxmox-ve-config/src/sdn/route_map.rs +++ b/proxmox-ve-config/src/sdn/route_map.rs @@ -369,6 +369,277 @@ impl ApiType for MatchAction { .schema(); } +#[cfg(feature = "frr")] +pub mod frr { + //! Route Map Entry FRR types + //! + //! This module contains implementations of conversion traits for the section config types, so + //! they can be converted to the respective proxmox-frr types. This enables easy conversion to + //! the proxmox-frr types and makes it possible to generate the FRR configuration for the Route + //! Map entries. + use core::{convert::Into, iter::IntoIterator}; + + use super::*; + + use proxmox_frr::ser::{ + route_map::{RouteMapEntry as FrrRouteMap, RouteMapMatch, RouteMapName, RouteMapSet}, + FrrConfig, + }; + + use crate::sdn::route_map::RouteMapAction; + + impl Into for MatchAction { + fn into(self) -> RouteMapMatch { + match self { + Self::RouteType(evpn_route_type) => RouteMapMatch::RouteType(evpn_route_type), + Self::Vni(vni) => RouteMapMatch::Vni(vni), + Self::IpAddressPrefixList(prefix_list_name) => { + RouteMapMatch::IpAddressPrefixList(prefix_list_name.into()) + } + Self::Ip6AddressPrefixList(prefix_list_name) => { + RouteMapMatch::Ip6AddressPrefixList(prefix_list_name.into()) + } + Self::IpNextHopPrefixList(prefix_list_name) => { + RouteMapMatch::IpNextHopPrefixList(prefix_list_name.into()) + } + Self::Ip6NextHopPrefixList(prefix_list_name) => { + RouteMapMatch::Ip6NextHopPrefixList(prefix_list_name.into()) + } + Self::IpNextHopAddress(ipv4_addr) => RouteMapMatch::IpNextHopAddress(*ipv4_addr), + Self::Ip6NextHopAddress(ipv6_addr) => RouteMapMatch::Ip6NextHopAddress(*ipv6_addr), + Self::Metric(metric) => RouteMapMatch::Metric(metric), + Self::LocalPreference(local_preference) => { + RouteMapMatch::LocalPreference(local_preference) + } + Self::Peer(ip_addr) => RouteMapMatch::Peer(ip_addr), + Self::Tag(tag) => RouteMapMatch::Tag(tag), + } + } + } + + impl Into for SetAction { + fn into(self) -> RouteMapSet { + match self { + Self::IpNextHopPeerAddress => RouteMapSet::IpNextHopPeerAddress, + Self::IpNextHopUnchanged => RouteMapSet::IpNextHopUnchanged, + Self::IpNextHop(ipv4_addr) => RouteMapSet::IpNextHop(*ipv4_addr), + Self::Ip6NextHopPeerAddress => RouteMapSet::Ip6NextHopPeerAddress, + Self::Ip6NextHopPreferGlobal => RouteMapSet::Ip6NextHopPreferGlobal, + Self::Ip6NextHop(ipv6_addr) => RouteMapSet::Ip6NextHop(*ipv6_addr), + Self::LocalPreference(local_preference) => { + RouteMapSet::LocalPreference(local_preference) + } + Self::Tag(tag) => RouteMapSet::Tag(tag), + Self::Weight(weight) => RouteMapSet::Weight(weight), + Self::Metric(metric) => RouteMapSet::Metric(metric), + Self::Src(src) => RouteMapSet::Src(src), + } + } + } + + impl Into for RouteMapEntry { + fn into(self) -> FrrRouteMap { + FrrRouteMap { + seq: self.id.order, + action: match self.action { + RouteMapAction::Permit => proxmox_frr::ser::route_map::AccessAction::Permit, + RouteMapAction::Deny => proxmox_frr::ser::route_map::AccessAction::Deny, + }, + matches: self + .match_actions + .into_iter() + .map(|match_action| match_action.into_inner().into()) + .collect(), + sets: self + .set_actions + .into_iter() + .map(|set_action| set_action.into_inner().into()) + .collect(), + custom_frr_config: Default::default(), + } + } + } + + /// Add a list of Route Map Entries to a [`FrrConfig`]. + /// + /// This method takes a list of Route Map Entries and adds them to given FRR configuration. + /// Existing Route Map entries with the same name, but different ordering number will remain in + /// the configuration. Entries with the same ordering will get merged. + /// + /// This behavior is different from Prefix Lists, where we overwrite existing Prefix Lists in + /// the FRR configuration. The reason for this is that users can override the Route Map setting + /// in the EVPN controller. + pub fn build_frr_route_maps( + config: impl IntoIterator, + frr_config: &mut FrrConfig, + ) -> Result<(), anyhow::Error> { + for route_map in config.into_iter() { + let RouteMap::RouteMapEntry(route_map) = route_map; + let route_map_name = RouteMapName::new(route_map.id.route_map_id.to_string()); + + if let Some(frr_route_map) = frr_config.routemaps.get_mut(&route_map_name) { + let idx = + frr_route_map.partition_point(|element| element.seq <= route_map.id().order()); + frr_route_map.insert(idx, route_map.into()); + } else { + frr_config + .routemaps + .insert(route_map_name, vec![route_map.into()]); + } + } + + Ok(()) + } + + #[cfg(test)] + mod tests { + use super::*; + + use proxmox_frr::ser::serializer::dump; + use proxmox_section_config::typed::ApiSectionDataEntry; + + #[test] + fn test_build_route_map_order() -> Result<(), anyhow::Error> { + let section_config = r#" +route-map-entry: another_20 + action deny + +route-map-entry: another_50 + action deny + +route-map-entry: another_60 + action deny + +route-map-entry: another_40 + action deny + +route-map-entry: another_30 + action deny +"#; + + let config = RouteMap::parse_section_config("route-maps.cfg", section_config)?; + let mut frr_config = FrrConfig::default(); + + build_frr_route_maps( + config + .into_iter() + .map(|(_, route_map_entry)| route_map_entry), + &mut frr_config, + )?; + + assert_eq!( + dump(&frr_config)?, + r#"! +route-map another deny 20 +exit +! +route-map another deny 30 +exit +! +route-map another deny 40 +exit +! +route-map another deny 50 +exit +! +route-map another deny 60 +exit +"# + ); + + Ok(()) + } + + #[test] + fn test_build_route_map() -> Result<(), anyhow::Error> { + let section_config = r#" +route-map-entry: another_67 + action deny + match key=vni,value=313373 + match key=peer,value=some_peergroup + +route-map-entry: example_122 + action deny + match key=route-type,value=es + match key=vni,value=313373 + match key=ip-address-prefix-list,value=some_prefix_list + match key=ip-next-hop-prefix-list,value=some_other_prefix_list + match key=ip-next-hop-address,value=192.0.2.45 + match key=metric,value=8347 + match key=local-preference,value=8347 + match key=peer,value=some_interface + match key=peer,value=some_peergroup + set key=ip6-next-hop-peer-address + set key=ip6-next-hop-prefer-global + set key=ip6-next-hop,value=2001:DB8::1 + +route-map-entry: example_123 + action permit + match key=ip6-address-prefix-list,value=some_prefix_list + match key=ip6-next-hop-prefix-list,value=some_other_prefix_list + match key=ip6-next-hop-address,value=2001:DB8:cafe::BeeF + set key=ip-next-hop-peer-address + set key=ip-next-hop-unchanged + set key=ip-next-hop,value=198.51.100.3 + set key=local-preference,value=1234 + set key=tag,value=untagged + set key=weight,value=20 + set key=metric,value=+rtt +"#; + + let config = RouteMap::parse_section_config("route-maps.cfg", section_config)?; + let mut frr_config = FrrConfig::default(); + + build_frr_route_maps( + config + .into_iter() + .map(|(_, route_map_entry)| route_map_entry), + &mut frr_config, + )?; + + assert_eq!( + dump(&frr_config)?, + r#"! +route-map another deny 67 + match evpn vni 313373 + match peer some_peergroup +exit +! +route-map example deny 122 + match evpn route-type es + match evpn vni 313373 + match ip address prefix-list some_prefix_list + match ip next-hop prefix-list some_other_prefix_list + match ip next-hop address 192.0.2.45 + match metric 8347 + match local-preference 8347 + match peer some_interface + match peer some_peergroup + set ipv6 next-hop peer-address + set ipv6 next-hop prefer-global + set ipv6 next-hop global 2001:db8::1 +exit +! +route-map example permit 123 + match ipv6 address prefix-list some_prefix_list + match ipv6 next-hop prefix-list some_other_prefix_list + match ipv6 next-hop address 2001:db8:cafe::beef + set ip next-hop peer-address + set ip next-hop unchanged + set ip next-hop 198.51.100.3 + set local-preference 1234 + set tag untagged + set weight 20 + set metric +rtt +exit +"# + ); + + Ok(()) + } + } +} + pub mod api { //! API type for Route Map Entries. //! -- 2.47.3