From b5de236cb27e7d08b813321233915a5dc90c6e9a Mon Sep 17 00:00:00 2001
From: Abdul Karim <Abdul.Karim@morganstanley.com>
Date: Thu, 4 Jan 2024 23:08:14 +0000
Subject: [PATCH] ncm-network: nmstate - add additional route rule parameters

- provide additional route rule parameters for nmstate config as defined in
https://nmstate.io/devel/yaml_api.html#routes
---
 .../components/network/core-schema-legacy.pan | 12 +++-
 ncm-network/src/main/perl/nmstate.pm          |  5 ++
 .../src/test/perl/nmstate_route_rule.t        | 64 +++++++++++++++++++
 .../src/test/resources/nmstate_route_rule.pan | 11 ++++
 4 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100755 ncm-network/src/test/perl/nmstate_route_rule.t
 create mode 100755 ncm-network/src/test/resources/nmstate_route_rule.pan

diff --git a/ncm-network/src/main/pan/components/network/core-schema-legacy.pan b/ncm-network/src/main/pan/components/network/core-schema-legacy.pan
index b1745ee243..a5fc2065b2 100644
--- a/ncm-network/src/main/pan/components/network/core-schema-legacy.pan
+++ b/ncm-network/src/main/pan/components/network/core-schema-legacy.pan
@@ -77,6 +77,16 @@ type structure_rule = {
     "priority" ? long(0..0xffffffff)
     @{rule add options to use (cannot be combined with other options)}
     "command" ? string with !match(SELF, '[;]')
+    @{nmstate-action used by nmstate module}
+     "nmstate-action" ? choice('blackhole', 'prohibit', 'unreachable')
+    @{nmstate-state used by nmstate module, Can only set to absent for deleting matching route rules}
+    "nmstate-state" ? choice('absent')
+    @{nmstate-iif used by nmstate module, Incoming interface name}
+    "nmstate-iif" ? string
+    @{nmstate-fwmark used by nmstate module. Select the fwmark value to match}
+    "nmstate-fwmark" ? string
+    @{nmstate-fwmask used by nmstate module. Select the fwmask value to match}
+    "nmstate-fwmask" ? string
 } with {
     module = value('/software/components/network/ncm-module', '');
     if (exists(SELF['command'])) {
@@ -86,7 +96,7 @@ type structure_rule = {
         if (!exists(SELF['to']) && !exists(SELF['from'])) {
             error("Rule requires selector to or from (or use command)");
         };
-        if (!exists(SELF['table'])) {
+        if (!exists(SELF['table']) && (module != 'nmstate')) {
             error("Rule requires action table (or use command)");
         };
     };
diff --git a/ncm-network/src/main/perl/nmstate.pm b/ncm-network/src/main/perl/nmstate.pm
index 3be7ef2488..af2ecf0545 100644
--- a/ncm-network/src/main/perl/nmstate.pm
+++ b/ncm-network/src/main/perl/nmstate.pm
@@ -123,6 +123,11 @@ sub make_nm_ip_rule
         $thisrule{'route-table'} = "$routing_table_hash->{$rule->{table}}" if $rule->{table};
         $thisrule{'ip-to'} = $rule->{to} if $rule->{to};
         $thisrule{'ip-from'} = $rule->{from} if $rule->{from};
+        $thisrule{'action'} = $rule->{'nmstate-action'} if $rule->{'nmstate-action'};
+        $thisrule{'state'} = $rule->{'nmstate-state'} if $rule->{'nmstate-state'};
+        $thisrule{'iif'} = $rule->{'nmstate-iif'} if $rule->{'nmstate-iif'};
+        $thisrule{'fwmark'} = $rule->{'nmstate-fwmark'} if $rule->{'nmstate-fwmark'};
+        $thisrule{'fwmask'} = $rule->{'nmstate-fwmask'} if $rule->{'nmstate-fwmask'};
         push (@rule_entry, \%thisrule);
 
         # Add a default absent rule to match table defined. This will clear any existing rules for this table, instead of merging.
diff --git a/ncm-network/src/test/perl/nmstate_route_rule.t b/ncm-network/src/test/perl/nmstate_route_rule.t
new file mode 100755
index 0000000000..ee73ee9749
--- /dev/null
+++ b/ncm-network/src/test/perl/nmstate_route_rule.t
@@ -0,0 +1,64 @@
+use strict;
+use warnings;
+
+BEGIN {
+    *CORE::GLOBAL::sleep = sub {};
+}
+
+use Test::More;
+use Test::Quattor qw(nmstate_route_rule);
+use Test::MockModule;
+use Readonly;
+
+use NCM::Component::nmstate;
+my $mock = Test::MockModule->new('NCM::Component::nmstate');
+my %executables;
+$mock->mock('_is_executable', sub {diag "executables $_[1] ",explain \%executables;return $executables{$_[1]};});
+
+my $cfg = get_config_for_profile('nmstate_route_rule');
+my $cmp = NCM::Component::nmstate->new('network');
+
+Readonly my $RULE_YML => <<EOF;
+# File generated by NCM::Component::nmstate. Do not edit
+---
+interfaces:
+- ipv4:
+    address:
+    - ip: 4.3.2.1
+      prefix-length: 24
+    dhcp: false
+    enabled: true
+  mac-address: 6e:a5:1b:55:77:0a
+  name: eth0
+  profile-name: eth0
+  state: up
+  type: ethernet
+route-rules:
+  config:
+  - action: unreachable
+    family: ipv4
+    fwmark: '111'
+    fwmask: '000'
+    iif: eth0
+    ip-to: 1.2.3.4/24
+    priority: 100
+  - action: prohibit
+    family: ipv4
+    ip-to: 1.2.4.4/24
+    priority: 100
+    state: absent
+routes:
+  config:
+  - next-hop-interface: eth0
+    state: absent
+  - destination: 0.0.0.0/0
+    next-hop-address: 4.3.2.254
+    next-hop-interface: eth0
+EOF
+
+is($cmp->Configure($cfg), 1, "Component runs correctly with a test profile");
+
+my $ruleyml = get_file_contents("/etc/nmstate/eth0.yml");
+is($ruleyml, $RULE_YML, "Exact eth0 rule yml config");
+
+done_testing();
diff --git a/ncm-network/src/test/resources/nmstate_route_rule.pan b/ncm-network/src/test/resources/nmstate_route_rule.pan
new file mode 100755
index 0000000000..50c06877c0
--- /dev/null
+++ b/ncm-network/src/test/resources/nmstate_route_rule.pan
@@ -0,0 +1,11 @@
+object template nmstate_route_rule;
+
+include 'simple_base_profile';
+include 'components/network/config-nmstate';
+
+# test for nmstate rule parameters on new interface
+"/hardware/cards/nic/eth0/hwaddr" = "6e:a5:1b:55:77:0a";
+prefix "/system/network/interfaces/eth0";
+"rule/0" = dict("to", "1.2.3.4/24", "nmstate-action", "unreachable",
+            "nmstate-iif", "eth0", "nmstate-fwmask", "000", "nmstate-fwmark", "111");
+"rule/1" = dict("to", "1.2.4.4/24", "nmstate-action", "prohibit", "nmstate-state", "absent");
\ No newline at end of file