From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 3FAE31FF141
	for <inbox@lore.proxmox.com>; Tue, 05 May 2026 17:39:29 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 050579CA0;
	Tue,  5 May 2026 17:38:16 +0200 (CEST)
From: Stefan Hanreich <s.hanreich@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network v5 34/46] fabrics: ospf: openfabric: add
 route_filter property
Date: Tue,  5 May 2026 17:37:02 +0200
Message-ID: <20260505153720.412180-35-s.hanreich@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260505153720.412180-1-s.hanreich@proxmox.com>
References: <20260505153720.412180-1-s.hanreich@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1777995343084
X-SPAM-LEVEL: Spam detection results:  0
	AWL                     0.650 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: 5XCERYLDYUAUO37XUHI5WJWDFT2V5JBQ
X-Message-ID-Hash: 5XCERYLDYUAUO37XUHI5WJWDFT2V5JBQ
X-MailFrom: s.hanreich@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

Previously fabrics auto-generated and applied route map that filtered
the routes that get installed into the kernel routing table to only
include routes that are contained in the IP prefix of the fabric. This
can now be overridden by the route_filter parameter. Users can specify
a custom prefix list, that is used for filtering installed routes.

Signed-off-by: Stefan Hanreich <s.hanreich@proxmox.com>
---
 src/PVE/Network/SDN/Fabrics.pm     | 15 +++++++++++++--
 src/PVE/Network/SDN/PrefixLists.pm | 11 +++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/src/PVE/Network/SDN/Fabrics.pm b/src/PVE/Network/SDN/Fabrics.pm
index 1ecedbd..bc295f0 100644
--- a/src/PVE/Network/SDN/Fabrics.pm
+++ b/src/PVE/Network/SDN/Fabrics.pm
@@ -6,8 +6,10 @@ use warnings;
 use PVE::Cluster qw(cfs_register_file cfs_read_file cfs_lock_file cfs_write_file);
 use PVE::JSONSchema qw(get_standard_option);
 use PVE::INotify;
+
 use PVE::RS::SDN;
 use PVE::RS::SDN::Fabrics;
+use PVE::RS::SDN::PrefixLists;
 
 PVE::JSONSchema::register_format(
     'pve-sdn-fabric-id',
@@ -264,6 +266,15 @@ sub fabric_properties {
                 'OSPF area. Either a IPv4 address or a 32-bit number. Gets validated in rust.',
             optional => 1,
         },
+        route_filter => {
+            type => 'string',
+            format => 'pve-sdn-prefix-list-id',
+            'type-property' => 'protocol',
+            'instance-types' => ['ospf', 'openfabric'],
+            description =>
+                'A prefix list that should be used for filtering routes that are to be installed into the kernel routing table',
+            optional => 1,
+        },
     };
 
     if ($update) {
@@ -277,7 +288,7 @@ sub fabric_properties {
                     'instance-types' => ['openfabric'],
                     items => {
                         type => 'string',
-                        enum => ['hello_interval', 'csnp_interval'],
+                        enum => ['hello_interval', 'csnp_interval', 'route_filter'],
                     },
                     optional => 1,
                 },
@@ -286,7 +297,7 @@ sub fabric_properties {
                     'instance-types' => ['ospf'],
                     items => {
                         type => 'string',
-                        enum => ['area'],
+                        enum => ['area', 'redistribute', 'route_filter'],
                     },
                     optional => 1,
                 },
diff --git a/src/PVE/Network/SDN/PrefixLists.pm b/src/PVE/Network/SDN/PrefixLists.pm
index 4cd7fdb..efe1463 100644
--- a/src/PVE/Network/SDN/PrefixLists.pm
+++ b/src/PVE/Network/SDN/PrefixLists.pm
@@ -9,6 +9,7 @@ use PVE::INotify;
 use PVE::Network::SDN;
 use PVE::Network::SDN::RouteMaps;
 use PVE::RS::SDN::PrefixLists;
+use PVE::RS::SDN::Fabrics;
 
 PVE::JSONSchema::register_format(
     'pve-sdn-prefix-list-id',
@@ -77,6 +78,16 @@ sub write_config {
 sub check_references {
     my ($prefix_list_id) = @_;
 
+    my $fabrics = PVE::Network::SDN::Fabrics::config()->list_fabrics();
+    for my $fabric_id (keys $fabrics->%*) {
+        my $fabric = $fabrics->{$fabric_id};
+
+        if ($fabric->{route_filter}) {
+            die "prefix list $prefix_list_id is still referenced by fabric $fabric_id"
+                if $fabric->{route_filter} eq $prefix_list_id;
+        }
+    }
+
     my $route_map_entries = PVE::Network::SDN::RouteMaps::config()->list();
     for my $route_map_entry (values $route_map_entries->%*) {
         for my $match_action_property_string ($route_map_entry->{match}->@*) {
-- 
2.47.3