From 1c2ba4a23ff1180063cf939857dffb1e95b4812a Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Mon, 6 Feb 2023 18:38:52 +0200
Subject: [PATCH 1/3] tests: Check if `route-map vpn import` basic funtionality
 works fine

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 .../bgp_route_map_vpn_import/__init__.py      |   0
 .../bgp_route_map_vpn_import/r1/bgpd.conf     |  46 +++++++
 .../bgp_route_map_vpn_import/r1/zebra.conf    |  16 +++
 .../test_bgp_route_map_vpn_import.py          | 126 ++++++++++++++++++
 4 files changed, 188 insertions(+)
 create mode 100644 tests/topotests/bgp_route_map_vpn_import/__init__.py
 create mode 100644 tests/topotests/bgp_route_map_vpn_import/r1/bgpd.conf
 create mode 100644 tests/topotests/bgp_route_map_vpn_import/r1/zebra.conf
 create mode 100644 tests/topotests/bgp_route_map_vpn_import/test_bgp_route_map_vpn_import.py

diff --git a/tests/topotests/bgp_route_map_vpn_import/__init__.py b/tests/topotests/bgp_route_map_vpn_import/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/tests/topotests/bgp_route_map_vpn_import/r1/bgpd.conf b/tests/topotests/bgp_route_map_vpn_import/r1/bgpd.conf
new file mode 100644
index 0000000000..c9ad0b1a5b
--- /dev/null
+++ b/tests/topotests/bgp_route_map_vpn_import/r1/bgpd.conf
@@ -0,0 +1,46 @@
+!
+debug bgp updates
+debug bgp vpn leak-from-vrf
+debug bgp vpn leak-to-vrf
+debug bgp nht
+debug route-map
+!
+router bgp 65001
+ bgp router-id 10.10.10.10
+ no bgp ebgp-requires-policy
+!
+router bgp 65001 vrf Customer
+ bgp router-id 192.168.1.2
+ no bgp ebgp-requires-policy
+ address-family ipv4 unicast
+  redistribute connected
+  rd vpn export 192.168.1.2:2
+  rt vpn import 192.168.1.2:2
+  rt vpn export 192.168.1.2:2
+  export vpn
+  import vpn
+ exit-address-family
+!
+router bgp 65001 vrf Service
+ bgp router-id 192.168.2.2
+ no bgp ebgp-requires-policy
+ address-family ipv4 unicast
+  redistribute connected
+  rd vpn export 192.168.2.2:2
+  rt vpn import 192.168.2.2:2 192.168.1.2:2
+  rt vpn export 192.168.2.2:2
+  route-map vpn import from-customer
+  export vpn
+  import vpn
+ exit-address-family
+!
+bgp extcommunity-list standard from-customer seq 5 permit rt 192.168.1.2:2
+!
+ip prefix-list p1 seq 5 permit 192.0.2.0/24
+!
+route-map from-customer permit 10
+ match extcommunity from-customer
+ match ip address prefix-list p1
+ set local-preference 123
+route-map from-customer permit 20
+!
diff --git a/tests/topotests/bgp_route_map_vpn_import/r1/zebra.conf b/tests/topotests/bgp_route_map_vpn_import/r1/zebra.conf
new file mode 100644
index 0000000000..51966b2636
--- /dev/null
+++ b/tests/topotests/bgp_route_map_vpn_import/r1/zebra.conf
@@ -0,0 +1,16 @@
+!
+interface lo
+ ip address 10.10.10.10/32
+!
+interface r1-eth0 vrf Customer
+ ip address 192.168.1.2/24
+!
+interface r1-eth1 vrf Service
+ ip address 192.168.2.2/24
+!
+interface r1-eth2
+ ip address 10.0.1.1/24
+!
+interface r1-eth3 vrf Customer
+ ip address 192.0.2.1/24
+!
diff --git a/tests/topotests/bgp_route_map_vpn_import/test_bgp_route_map_vpn_import.py b/tests/topotests/bgp_route_map_vpn_import/test_bgp_route_map_vpn_import.py
new file mode 100644
index 0000000000..9de1b1a0e3
--- /dev/null
+++ b/tests/topotests/bgp_route_map_vpn_import/test_bgp_route_map_vpn_import.py
@@ -0,0 +1,126 @@
+#!/usr/bin/env python
+
+#
+# Copyright (c) 2022 by
+# Donatas Abraitis <donatas@opensourcerouting.org>
+#
+# Permission to use, copy, modify, and/or distribute this software
+# for any purpose with or without fee is hereby granted, provided
+# that the above copyright notice and this permission notice appear
+# in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NETDEF BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
+# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
+# OF THIS SOFTWARE.
+#
+
+"""
+Test if `route-map vpn import NAME` works by setting/matching via route-maps.
+Routes from VRF Customer to VRF Service MUST be leaked and modified later
+with `route-map vpn import`.
+"""
+
+import os
+import sys
+import json
+import pytest
+import functools
+
+CWD = os.path.dirname(os.path.realpath(__file__))
+sys.path.append(os.path.join(CWD, "../"))
+
+# pylint: disable=C0413
+from lib import topotest
+from lib.topogen import Topogen, TopoRouter, get_topogen
+from lib.common_config import step
+
+pytestmark = [pytest.mark.bgpd]
+
+
+def build_topo(tgen):
+    tgen.add_router("r1")
+
+    switch = tgen.add_switch("s1")
+    switch.add_link(tgen.gears["r1"])
+
+    switch = tgen.add_switch("s2")
+    switch.add_link(tgen.gears["r1"])
+
+    switch = tgen.add_switch("s3")
+    switch.add_link(tgen.gears["r1"])
+
+    switch = tgen.add_switch("s4")
+    switch.add_link(tgen.gears["r1"])
+
+
+def setup_module(mod):
+    tgen = Topogen(build_topo, mod.__name__)
+    tgen.start_topology()
+
+    r1 = tgen.gears["r1"]
+
+    r1.run("ip link add Customer type vrf table 1001")
+    r1.run("ip link set up dev Customer")
+    r1.run("ip link set r1-eth0 master Customer")
+    r1.run("ip link add Service type vrf table 1002")
+    r1.run("ip link set up dev Service")
+    r1.run("ip link set r1-eth1 master Service")
+    r1.run("ip link set r1-eth3 master Customer")
+
+    router_list = tgen.routers()
+
+    for i, (rname, router) in enumerate(router_list.items(), 1):
+        router.load_config(
+            TopoRouter.RD_ZEBRA, os.path.join(CWD, "{}/zebra.conf".format(rname))
+        )
+        router.load_config(
+            TopoRouter.RD_BGP, os.path.join(CWD, "{}/bgpd.conf".format(rname))
+        )
+
+    tgen.start_router()
+
+
+def teardown_module(mod):
+    tgen = get_topogen()
+    tgen.stop_topology()
+
+
+def test_bgp_route_map_vpn_import():
+    tgen = get_topogen()
+
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+
+    r1 = tgen.gears["r1"]
+
+    def _bgp_check_received_leaked_with_vpn_import():
+        output = json.loads(r1.vtysh_cmd("show bgp vrf Service ipv4 unicast json"))
+        expected = {
+            "routes": {
+                "192.0.2.0/24": [
+                    {
+                        "locPrf": 123,
+                    },
+                ],
+                "192.168.1.0/24": [
+                    {
+                        "locPrf": None,
+                    }
+                ],
+            }
+        }
+        return topotest.json_cmp(output, expected)
+
+    test_func = functools.partial(_bgp_check_received_leaked_with_vpn_import)
+    _, result = topotest.run_and_expect(test_func, None, count=60, wait=1)
+    assert result is None, "Failed, imported routes are not modified"
+
+
+if __name__ == "__main__":
+    args = ["-s"] + sys.argv[1:]
+    sys.exit(pytest.main(args))

From 1aa2c93e2cce804406dc277d63ba5cf104ffd0e1 Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Mon, 6 Feb 2023 18:40:44 +0200
Subject: [PATCH 2/3] bgpd: Drop struct bgp from vpn_leak_to_vrf_withdraw()

Not used at all, just drop it.

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 bgpd/bgp_mplsvpn.c |  9 ++++-----
 bgpd/bgp_mplsvpn.h |  3 +--
 bgpd/bgp_route.c   | 14 ++++++--------
 3 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c
index 288115f211..3cafab8ede 100644
--- a/bgpd/bgp_mplsvpn.c
+++ b/bgpd/bgp_mplsvpn.c
@@ -1192,7 +1192,7 @@ leak_update(struct bgp *to_bgp, struct bgp_dest *bn,
 			if (!ecommunity_cmp(
 				    bgp_attr_get_ecommunity(bpi->attr),
 				    bgp_attr_get_ecommunity(new_attr))) {
-				vpn_leak_to_vrf_withdraw(to_bgp, bpi);
+				vpn_leak_to_vrf_withdraw(bpi);
 				bgp_aggregate_decrement(to_bgp, p, bpi, afi,
 							safi);
 				bgp_path_info_delete(bn, bpi);
@@ -1722,7 +1722,7 @@ void vpn_leak_from_vrf_withdraw(struct bgp *to_bgp,		/* to */
 
 	if (bpi) {
 		/* withdraw from looped vrfs as well */
-		vpn_leak_to_vrf_withdraw(to_bgp, bpi);
+		vpn_leak_to_vrf_withdraw(bpi);
 
 		bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
 		bgp_path_info_delete(bn, bpi);
@@ -1777,7 +1777,7 @@ void vpn_leak_from_vrf_withdraw_all(struct bgp *to_bgp, struct bgp *from_bgp,
 						zlog_debug("%s: deleting it",
 							   __func__);
 					/* withdraw from leak-to vrfs as well */
-					vpn_leak_to_vrf_withdraw(to_bgp, bpi);
+					vpn_leak_to_vrf_withdraw(bpi);
 					bgp_aggregate_decrement(
 						to_bgp, bgp_dest_get_prefix(bn),
 						bpi, afi, safi);
@@ -2115,8 +2115,7 @@ bool vpn_leak_to_vrf_update(struct bgp *from_bgp,
 	return leak_success;
 }
 
-void vpn_leak_to_vrf_withdraw(struct bgp *from_bgp,	   /* from */
-			      struct bgp_path_info *path_vpn) /* route */
+void vpn_leak_to_vrf_withdraw(struct bgp_path_info *path_vpn)
 {
 	const struct prefix *p;
 	afi_t afi;
diff --git a/bgpd/bgp_mplsvpn.h b/bgpd/bgp_mplsvpn.h
index 7b57e4c75d..b54476e5d3 100644
--- a/bgpd/bgp_mplsvpn.h
+++ b/bgpd/bgp_mplsvpn.h
@@ -75,8 +75,7 @@ extern bool vpn_leak_to_vrf_update(struct bgp *from_bgp,
 				   struct bgp_path_info *path_vpn,
 				   struct prefix_rd *prd);
 
-extern void vpn_leak_to_vrf_withdraw(struct bgp *from_bgp,
-				     struct bgp_path_info *path_vpn);
+extern void vpn_leak_to_vrf_withdraw(struct bgp_path_info *path_vpn);
 
 extern void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi);
 extern void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi);
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 4c98ffcf09..d7ff0e3c0a 100644
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -4456,8 +4456,7 @@ void bgp_update(struct peer *peer, const struct prefix *p, uint32_t addpath_id,
 						bgp_evpn_unimport_route(
 							bgp, afi, safi, p, pi);
 					else /* SAFI_MPLS_VPN */
-						vpn_leak_to_vrf_withdraw(bgp,
-									 pi);
+						vpn_leak_to_vrf_withdraw(pi);
 				}
 			}
 		}
@@ -4877,7 +4876,7 @@ filtered:
 		if ((SAFI_MPLS_VPN == safi)
 		    && (bgp->inst_type == BGP_INSTANCE_TYPE_DEFAULT)) {
 
-			vpn_leak_to_vrf_withdraw(bgp, pi);
+			vpn_leak_to_vrf_withdraw(pi);
 		}
 
 		bgp_rib_remove(dest, pi, peer, afi, safi);
@@ -4979,7 +4978,7 @@ void bgp_withdraw(struct peer *peer, const struct prefix *p,
 		if ((SAFI_MPLS_VPN == safi)
 		    && (bgp->inst_type == BGP_INSTANCE_TYPE_DEFAULT)) {
 
-			vpn_leak_to_vrf_withdraw(bgp, pi);
+			vpn_leak_to_vrf_withdraw(pi);
 		}
 	} else if (bgp_debug_update(peer, p, NULL, 1)) {
 		bgp_debug_rdpfxpath2str(afi, safi, prd, p, label, num_labels,
@@ -5419,7 +5418,7 @@ static wq_item_status bgp_clear_route_node(struct work_queue *wq, void *data)
 			}
 			if (SAFI_MPLS_VPN == safi &&
 			    bgp->inst_type == BGP_INSTANCE_TYPE_DEFAULT) {
-				vpn_leak_to_vrf_withdraw(bgp, pi);
+				vpn_leak_to_vrf_withdraw(pi);
 			}
 
 			bgp_rib_remove(dest, pi, peer, afi, safi);
@@ -5688,8 +5687,7 @@ void bgp_clear_stale_route(struct peer *peer, afi_t afi, safi_t safi)
 						    BGP_ROUTE_IMPORTED &&
 					    peer->bgp->inst_type ==
 						    BGP_INSTANCE_TYPE_DEFAULT)
-						vpn_leak_to_vrf_withdraw(
-							peer->bgp, pi);
+						vpn_leak_to_vrf_withdraw(pi);
 
 					bgp_rib_remove(rm, pi, peer, afi, safi);
 					break;
@@ -6384,7 +6382,7 @@ static void bgp_static_withdraw_safi(struct bgp *bgp, const struct prefix *p,
 #endif
 		if (SAFI_MPLS_VPN == safi
 		    && bgp->inst_type == BGP_INSTANCE_TYPE_DEFAULT) {
-			vpn_leak_to_vrf_withdraw(bgp, pi);
+			vpn_leak_to_vrf_withdraw(pi);
 		}
 		bgp_aggregate_decrement(bgp, p, pi, afi, safi);
 		bgp_path_info_delete(dest, pi);

From 4ee5265aa7836f68bc2f1aa54207245625940182 Mon Sep 17 00:00:00 2001
From: Donatas Abraitis <donatas@opensourcerouting.org>
Date: Mon, 6 Feb 2023 18:41:19 +0200
Subject: [PATCH 3/3] bgpd: Add more context in logs about from where to where
 routes are leaked

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
---
 bgpd/bgp_mplsvpn.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c
index 3cafab8ede..33e7d971ad 100644
--- a/bgpd/bgp_mplsvpn.c
+++ b/bgpd/bgp_mplsvpn.c
@@ -1873,7 +1873,10 @@ static bool vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp,   /* to */
 
 	if (!vpn_leak_from_vpn_active(to_bgp, afi, &debugmsg)) {
 		if (debug)
-			zlog_debug("%s: skipping: %s", __func__, debugmsg);
+			zlog_debug(
+				"%s: from vpn (%s) to vrf (%s), skipping: %s",
+				__func__, from_bgp->name_pretty,
+				to_bgp->name_pretty, debugmsg);
 		return false;
 	}
 
@@ -2158,7 +2161,8 @@ void vpn_leak_to_vrf_withdraw(struct bgp_path_info *path_vpn)
 	for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
 		if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
 			if (debug)
-				zlog_debug("%s: skipping: %s", __func__,
+				zlog_debug("%s: from %s, skipping: %s",
+					   __func__, bgp->name_pretty,
 					   debugmsg);
 			continue;
 		}