quattor · stdweird · Dec 9, 2024
diff --git a/ncm-network/src/main/pan/components/network/types/network/backend/initscripts.pan b/ncm-network/src/main/pan/components/network/types/network/backend/initscripts.pan
@@ -13,6 +13,10 @@ function network_valid_route = {
         error("Use either prefix or netmask as route");
     };
 
+    if (exists(SELF['gateway']) && exists(SELF['type'])) {
+        error("The route gateway will be ignored when type is defined");
+    };
+
     if (exists(SELF['prefix'])) {
         network_valid_prefix(SELF);
     };

diff --git a/ncm-network/src/main/pan/components/network/types/network/backend/nmstate.pan b/ncm-network/src/main/pan/components/network/types/network/backend/nmstate.pan
@@ -38,6 +38,10 @@ function network_valid_route = {
         if (exists(SELF['prefix']) && exists(SELF['netmask'])) error("Use either prefix or netmask as route");
     };
 
+    if (exists(SELF['gateway']) && exists(SELF['type'])) {
+        error("The route gateway will be ignored when type is defined");
+    };
+
     if (exists(SELF['prefix'])) {
         network_valid_prefix(SELF);
     };

diff --git a/ncm-network/src/main/pan/components/network/types/network/route.pan b/ncm-network/src/main/pan/components/network/types/network/route.pan
@@ -40,4 +40,6 @@ type network_route = {
     "onlink" ? boolean
     @{route add command options to use (cannot be combined with other options)}
     "command" ? string with !match(SELF, '[;]')
+    @{route types}  # only subset, i.e. the nmstate allowed route types
+    "type" ? choice('blackhole', 'unreachable', 'prohibit')
 } with network_valid_route(SELF);
diff --git a/ncm-network/src/main/perl/network.pm b/ncm-network/src/main/perl/network.pm
@@ -1236,12 +1236,22 @@ sub make_ifcfg_ip_route
                 # in absence of netmask, NetAddr::IP uses 32 or 128
                 $ip = NetAddr::IP->new($route->{address}, $route->{netmask});
             }
+
             # Generate it
-            $route->{command} = "$ip";
-            $route->{command} .= " via $route->{gateway}" if $route->{gateway};
-            $route->{command} .= " dev $device";
-            $route->{command} .= " onlink" if $route->{onlink};
-            $route->{command} .= " table $route->{table}" if $route->{table};
+            my @commands;
+            push(@commands, $route->{type}) if $route->{type};
+            push(@commands, $ip);
+
+            if (!$route->{type}) {
+                # This is part of the next-hop config
+                push(@commands, "via", $route->{gateway}) if $route->{gateway};
+                push(@commands, "dev", $device);
+            };
+
+            push(@commands, "onlink") if $route->{onlink};
+            push(@commands, "table", $route->{table}) if $route->{table};
+
+            $route->{command} = join(" ", @commands);
         }
         push(@text, $route->{command});
     }

diff --git a/ncm-network/src/main/perl/nmstate.pm b/ncm-network/src/main/perl/nmstate.pm
@@ -190,9 +190,16 @@ sub make_nm_ip_route
                 $rt{destination} = $route->{address}."/32";
              }
         }
+
         $rt{'table-id'} = "$routing_table_hash->{$route->{table}}" if $route->{table};
-        $rt{'next-hop-interface'} = $device;
-        $rt{'next-hop-address'} = $route->{gateway} if $route->{gateway};
+
+        if ($route->{type}) {
+            $rt{'route-type'} = $route->{type};
+        } else {
+            $rt{'next-hop-interface'} = $device;
+            $rt{'next-hop-address'} = $route->{gateway} if $route->{gateway};
+        }
+
         push (@rt_entry, \%rt);
 
     }

diff --git a/ncm-network/src/test/perl/nmstate_route_rule.t b/ncm-network/src/test/perl/nmstate_route_rule.t
@@ -54,6 +54,8 @@ routes:
   - destination: 0.0.0.0/0
     next-hop-address: 4.3.2.254
     next-hop-interface: eth0
+  - destination: 1.2.3.9/32
+    route-type: blackhole
 EOF
 
 is($cmp->Configure($cfg), 1, "Component runs correctly with a test profile");

diff --git a/ncm-network/src/test/perl/route_rule.t b/ncm-network/src/test/perl/route_rule.t
@@ -112,6 +112,7 @@ Readonly my $ETH0_ROUTE => <<EOF;
 something arbitrary
 default via 4.3.2.3 dev eth0 table outside
 1.2.3.9/32 via 4.3.2.9 dev eth0 onlink table outside
+blackhole 1.2.3.9/32
 EOF
 
 Readonly my $ETH0_ROUTE6 => <<EOF;

diff --git a/ncm-network/src/test/resources/nmstate_route_rule.pan b/ncm-network/src/test/resources/nmstate_route_rule.pan
@@ -5,8 +5,16 @@ variable QUATTOR_TYPES_NETWORK_BACKEND = 'nmstate';
 include 'simple_base_profile';
 include 'components/network/config-nmstate';
 
+
 # test for nmstate rule parameters on new interface
 "/hardware/cards/nic/eth0/hwaddr" = "6e:a5:1b:55:77:0a";
+
+prefix "/system/network/interfaces/eth0";
+"route/0" = dict(
+    "address", "1.2.3.9",
+    "type", "blackhole"
+);
+
 prefix "/system/network/interfaces/eth0";
 "rule/0" = dict(
     "to", "1.2.3.4/24",

diff --git a/ncm-network/src/test/resources/route_rule.pan b/ncm-network/src/test/resources/route_rule.pan
@@ -17,6 +17,7 @@ prefix "/system/network/interfaces/eth0";
 "route/7" = dict("command", "something arbitrary with :");
 "route/8" = dict("address", "default", "gateway", "4.3.2.3", "table", "outside");
 "route/9" = dict("address", "1.2.3.9", "gateway", "4.3.2.9", "table", "outside", "onlink", true);
+"route/10" = dict("address", "1.2.3.9", "type", "blackhole");
 
 "rule/0" = dict("command", "something");
 "rule/1" = dict("command", "something with ::");