From 9d751de04ad6141ba2d28d69cdebfa2a38b6b449 Mon Sep 17 00:00:00 2001 From: Mazdak Nasab Date: Fri, 6 Feb 2026 12:07:08 -0800 Subject: [PATCH 1/5] Replace ippool filters in BIRD template with golang funcs --- .../confd/templates/bird6_ipam.cfg.template | 53 ++--- .../confd/templates/bird_ipam.cfg.template | 68 ++---- confd/pkg/resource/template/template_funcs.go | 135 ++++++++++++ .../resource/template/template_funcs_test.go | 194 ++++++++++++++++++ .../export_only/explicit_peer/bird6_ipam.cfg | 23 ++- .../export_only/explicit_peer/bird_ipam.cfg | 24 ++- .../export_only/global_peer/bird6_ipam.cfg | 23 ++- .../export_only/global_peer/bird_ipam.cfg | 24 ++- .../filter_deletion/step1/bird6_ipam.cfg | 23 ++- .../filter_deletion/step1/bird_ipam.cfg | 24 ++- .../filter_deletion/step2/bird6_ipam.cfg | 23 ++- .../filter_deletion/step2/bird_ipam.cfg | 24 ++- .../bgpfilter/filter_names/bird6_ipam.cfg | 23 ++- .../bgpfilter/filter_names/bird_ipam.cfg | 24 ++- .../import_only/explicit_peer/bird6_ipam.cfg | 23 ++- .../import_only/explicit_peer/bird_ipam.cfg | 24 ++- .../import_only/global_peer/bird6_ipam.cfg | 23 ++- .../import_only/global_peer/bird_ipam.cfg | 24 ++- .../bgpfilter/match_interface/bird6_ipam.cfg | 23 ++- .../bgpfilter/match_interface/bird_ipam.cfg | 24 ++- .../bgpfilter/match_operators/bird6_ipam.cfg | 23 ++- .../bgpfilter/match_operators/bird_ipam.cfg | 24 ++- .../bgpfilter/match_source/bird6_ipam.cfg | 23 ++- .../bgpfilter/match_source/bird_ipam.cfg | 24 ++- .../multi_filter/explicit_peer/bird6_ipam.cfg | 23 ++- .../multi_filter/explicit_peer/bird_ipam.cfg | 24 ++- .../multi_filter/global_peer/bird6_ipam.cfg | 23 ++- .../multi_filter/global_peer/bird_ipam.cfg | 24 ++- .../bgpfilter/node_mesh/bird6_ipam.cfg | 23 ++- .../bgpfilter/node_mesh/bird_ipam.cfg | 24 ++- .../explicit_peer/bird6_ipam.cfg | 23 ++- .../single_filter/explicit_peer/bird_ipam.cfg | 24 ++- .../single_filter/global_peer/bird6_ipam.cfg | 23 ++- .../single_filter/global_peer/bird_ipam.cfg | 24 ++- .../v4_only/explicit_peer/bird6_ipam.cfg | 23 ++- .../v4_only/explicit_peer/bird_ipam.cfg | 24 ++- .../v4_only/global_peer/bird6_ipam.cfg | 23 ++- .../v4_only/global_peer/bird_ipam.cfg | 24 ++- .../v6_only/explicit_peer/bird6_ipam.cfg | 23 ++- .../v6_only/explicit_peer/bird_ipam.cfg | 24 ++- .../v6_only/global_peer/bird6_ipam.cfg | 23 ++- .../v6_only/global_peer/bird_ipam.cfg | 24 ++- .../global-external/bird6_ipam.cfg | 23 ++- .../global-external/bird_ipam.cfg | 32 ++- .../global-ipv6/bird6_ipam.cfg | 26 +-- .../global-ipv6/bird_ipam.cfg | 32 ++- .../explicit_peering/global/bird6_ipam.cfg | 23 ++- .../explicit_peering/global/bird_ipam.cfg | 32 ++- .../keepnexthop-global/bird6_ipam.cfg | 23 ++- .../keepnexthop-global/bird_ipam.cfg | 32 ++- .../keepnexthop/bird6_ipam.cfg | 23 ++- .../keepnexthop/bird_ipam.cfg | 32 ++- .../local-as-global-ipv6/bird6_ipam.cfg | 26 +-- .../local-as-global-ipv6/bird_ipam.cfg | 32 ++- .../local-as-global/bird6_ipam.cfg | 23 ++- .../local-as-global/bird_ipam.cfg | 32 ++- .../local-as-ipv6/bird6_ipam.cfg | 26 +-- .../local-as-ipv6/bird_ipam.cfg | 32 ++- .../explicit_peering/local-as/bird6_ipam.cfg | 23 ++- .../explicit_peering/local-as/bird_ipam.cfg | 32 ++- .../local_bgp_peer/bird6_ipam.cfg | 23 ++- .../local_bgp_peer/bird_ipam.cfg | 24 ++- .../route_reflector/bird6_ipam.cfg | 23 ++- .../route_reflector/bird_ipam.cfg | 32 ++- .../route_reflector_v6_by_ip/bird6_ipam.cfg | 23 ++- .../route_reflector_v6_by_ip/bird_ipam.cfg | 32 ++- .../explicit_peering/selectors/bird6_ipam.cfg | 23 ++- .../explicit_peering/selectors/bird_ipam.cfg | 32 ++- .../selectors/step2/bird6_ipam.cfg | 23 ++- .../selectors/step2/bird_ipam.cfg | 32 ++- .../specific_node/bird6_ipam.cfg | 23 ++- .../specific_node/bird_ipam.cfg | 32 ++- .../ignored_interfaces/bird6_ipam.cfg | 23 ++- .../ignored_interfaces/bird_ipam.cfg | 24 ++- .../mesh/bgp-export/bird6_ipam.cfg | 34 +-- .../mesh/bgp-export/bird_ipam.cfg | 50 ++--- .../mesh/communities/bird6_ipam.cfg | 23 ++- .../mesh/communities/bird_ipam.cfg | 32 ++- .../mesh/communities/step2/bird6_ipam.cfg | 23 ++- .../mesh/communities/step2/bird_ipam.cfg | 32 ++- .../mesh/hash/bird6_ipam.cfg | 23 ++- .../mesh/hash/bird_ipam.cfg | 32 ++- .../mesh/ipip-always/bird6_ipam.cfg | 23 ++- .../mesh/ipip-always/bird_ipam.cfg | 32 ++- .../mesh/ipip-cross-subnet/bird6_ipam.cfg | 23 ++- .../mesh/ipip-cross-subnet/bird_ipam.cfg | 35 ++-- .../mesh/ipip-off/bird6_ipam.cfg | 26 +-- .../mesh/ipip-off/bird_ipam.cfg | 32 ++- .../mesh/password/step1/bird6_ipam.cfg | 26 +-- .../mesh/password/step1/bird_ipam.cfg | 32 ++- .../mesh/password/step2/bird6_ipam.cfg | 26 +-- .../mesh/password/step2/bird_ipam.cfg | 32 ++- .../mesh/password/step3/bird6_ipam.cfg | 26 +-- .../mesh/password/step3/bird_ipam.cfg | 32 ++- .../mesh/restart-time/bird6_ipam.cfg | 26 +-- .../mesh/restart-time/bird_ipam.cfg | 32 ++- .../bird6_ipam.cfg | 23 ++- .../bird_ipam.cfg | 32 ++- .../static-routes-exclude-node/bird6_ipam.cfg | 24 ++- .../static-routes-exclude-node/bird_ipam.cfg | 33 ++- .../step2/bird6_ipam.cfg | 23 ++- .../step2/bird_ipam.cfg | 32 ++- .../bird6_ipam.cfg | 23 ++- .../bird_ipam.cfg | 27 +-- .../mesh/static-routes/bird6_ipam.cfg | 24 ++- .../mesh/static-routes/bird_ipam.cfg | 33 ++- .../mesh/static-routes/step2/bird6_ipam.cfg | 23 ++- .../mesh/static-routes/step2/bird_ipam.cfg | 32 ++- .../mesh/vxlan-always/bird6_ipam.cfg | 30 ++- .../mesh/vxlan-always/bird_ipam.cfg | 32 ++- .../next_hop_mode/global_peers/bird6_ipam.cfg | 23 ++- .../next_hop_mode/global_peers/bird_ipam.cfg | 24 ++- .../route_reflectors/bird6_ipam.cfg | 23 ++- .../route_reflectors/bird_ipam.cfg | 24 ++- .../password-deadlock/bird6_ipam.cfg | 23 ++- .../password-deadlock/bird_ipam.cfg | 24 ++- .../password/step1/bird6_ipam.cfg | 23 ++- .../password/step1/bird_ipam.cfg | 24 ++- .../password/step2/bird6_ipam.cfg | 23 ++- .../password/step2/bird_ipam.cfg | 24 ++- .../password/step3/bird6_ipam.cfg | 23 ++- .../password/step3/bird_ipam.cfg | 24 ++- .../password/step4/bird6_ipam.cfg | 23 ++- .../password/step4/bird_ipam.cfg | 24 ++- .../password/step5/bird6_ipam.cfg | 23 ++- .../password/step5/bird_ipam.cfg | 24 ++- .../password/step6/bird6_ipam.cfg | 23 ++- .../password/step6/bird_ipam.cfg | 24 ++- .../reachable_by/global_peers/bird6_ipam.cfg | 23 ++- .../reachable_by/global_peers/bird_ipam.cfg | 24 ++- .../route_reflectors/bird6_ipam.cfg | 23 ++- .../route_reflectors/bird_ipam.cfg | 24 ++- .../reverse_peering/auto/bird6_ipam.cfg | 23 ++- .../reverse_peering/auto/bird_ipam.cfg | 24 ++- .../reverse_peering/manual/bird6_ipam.cfg | 23 ++- .../reverse_peering/manual/bird_ipam.cfg | 24 ++- .../step1/bird6_ipam.cfg | 23 ++- .../step1/bird_ipam.cfg | 24 ++- .../step2/bird6_ipam.cfg | 23 ++- .../step2/bird_ipam.cfg | 24 ++- .../step3/bird6_ipam.cfg | 23 ++- .../step3/bird_ipam.cfg | 24 ++- .../ttl_security/explicit_node/bird6_ipam.cfg | 23 ++- .../ttl_security/explicit_node/bird_ipam.cfg | 24 ++- .../ttl_security/global/bird6_ipam.cfg | 23 ++- .../ttl_security/global/bird_ipam.cfg | 24 ++- .../ttl_security/peer_selector/bird6_ipam.cfg | 23 ++- .../ttl_security/peer_selector/bird_ipam.cfg | 24 ++- 148 files changed, 2395 insertions(+), 1757 deletions(-) diff --git a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template index fc65d01d3c2..92b1fec40e0 100644 --- a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template @@ -1,13 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ -{{range ls "/v1/ipam/v6/pool"}}{{$data := json (getv (printf "/v1/ipam/v6/pool/%s" .))}} -{{- if $data.disableBGPExport}} - if ( net ~ {{$data.cidr}} ) then { reject; } -{{- end}} -{{- end}} -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -27,10 +18,26 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "reject" false 6 }} +{{ $line }} +{{- end }} +} + +function accept_enabled_pools() { +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "accept" false 6 }} +{{ $line }} +{{- end }} +} + +function program_pools_to_kernel() { +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "" true 6 }} +{{ $line }} +{{- end }} +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -38,6 +45,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); + accept_enabled_pools(); + {{- $static_key := "/staticroutesv6"}} {{- if ls $static_key}} @@ -62,36 +71,18 @@ function calico_export_to_bgp_peers(bool internal_peer) { {{- end}} {{- end}} {{- end}} -{{range ls "/v1/ipam/v6/pool"}}{{$data := json (getv (printf "/v1/ipam/v6/pool/%s" .))}} -{{- if $data.disableBGPExport}} - # Skip {{$data.cidr}} as BGP export is disabled for it -{{- else}} - if ( net ~ {{$data.cidr}} ) then { - accept; - } -{{- end}} -{{- end}} } filter calico_kernel_programming { {{- $reject_key := "/rejectcidrsv6"}} {{- if ls $reject_key}} - # Don't program static routes into kernel. {{- range ls $reject_key}} {{- $parts := split . "-"}} {{- $cidr := join $parts "/"}} if ( net ~ {{$cidr}} ) then { reject; } {{- end}} - {{- end}} -{{range ls "/v1/ipam/v6/pool"}}{{$data := json (getv (printf "/v1/ipam/v6/pool/%s" .))}} -{{- if $data.vxlan_mode}} - if ( net ~ {{$data.cidr}} ) then { - # Don't program VXLAN routes into the kernel - these are handled by Felix. - reject; - } -{{- end}}{{/* End of '$data.vxlan_mode' */}} -{{- end}}{{/* End of 'range ls...' */}} - accept; {{- /* Destination is not in any ipPool, accept */}} + program_pools_to_kernel(); + accept; {{- /* Destination is not in any ipPool, accept */}} } diff --git a/confd/etc/calico/confd/templates/bird_ipam.cfg.template b/confd/etc/calico/confd/templates/bird_ipam.cfg.template index 803c46e995f..d600fc21e05 100644 --- a/confd/etc/calico/confd/templates/bird_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird_ipam.cfg.template @@ -1,13 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ -{{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}} -{{- if $data.disableBGPExport}} - if ( net ~ {{$data.cidr}} ) then { reject; } -{{- end}} -{{- end}} -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -27,10 +18,26 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "reject" false 4 }} +{{ $line }} +{{- end }} +} + +function accept_enabled_pools() { +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "accept" false 4 }} +{{ $line }} +{{- end }} +} + +function program_pools_to_kernel() { +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "" true 4 }} +{{ $line }} +{{- end }} +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -38,6 +45,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); + accept_enabled_pools(); + {{- $static_key := "/staticroutes"}} {{- if ls $static_key}} @@ -62,51 +71,18 @@ function calico_export_to_bgp_peers(bool internal_peer) { {{- end}} {{- end}} {{- end}} -{{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}} -{{- if $data.disableBGPExport}} - # Skip {{$data.cidr}} as BGP export is disabled for it -{{- else}} - if ( net ~ {{$data.cidr}} ) then { - accept; - } -{{- end}} -{{- end}} } -{{$network_key := printf "/bgp/v1/host/%s/network_v4" (getenv "NODENAME")}} filter calico_kernel_programming { {{- $reject_key := "/rejectcidrs"}} {{- if ls $reject_key}} - # Don't program static routes into kernel. {{- range ls $reject_key}} {{- $parts := split . "-"}} {{- $cidr := join $parts "/"}} if ( net ~ {{$cidr}} ) then { reject; } {{- end}} - {{- end}} -{{- if exists $network_key}}{{$network := getv $network_key}} -{{range ls "/v1/ipam/v4/pool"}}{{$data := json (getv (printf "/v1/ipam/v4/pool/%s" .))}} - if ( net ~ {{$data.cidr}} ) then { -{{- if $data.vxlan_mode}} - # Don't program VXLAN routes into the kernel - these are handled by Felix. - reject; - } -{{- else if $data.ipip_mode}}{{if eq $data.ipip_mode "cross-subnet"}} - if defined(bgp_next_hop) && ( bgp_next_hop ~ {{$network}} ) then - krt_tunnel = ""; {{- /* Destination in ipPool, mode is cross sub-net, route from-host on subnet, do not use IPIP */}} - else - krt_tunnel = "{{$data.ipip}}"; {{- /* Destination in ipPool, mode is cross sub-net, route from-host off subnet, set the tunnel (if IPIP not enabled, value will be "") */}} - accept; - } {{- else}} - krt_tunnel = "{{$data.ipip}}"; {{- /* Destination in ipPool, mode not cross sub-net, set the tunnel (if IPIP not enabled, value will be "") */}} - accept; - } {{- end}} {{- else}} - krt_tunnel = "{{$data.ipip}}"; {{- /* Destination in ipPool, mode field is not present, set the tunnel (if IPIP not enabled, value will be "") */}} - accept; - } {{- end}} -{{end}} -{{- end}}{{/* End of 'exists $network_key' */}} - accept; {{- /* Destination is not in any ipPool, accept */}} + program_pools_to_kernel(); + accept; {{- /* Destination is not in any ipPool, accept */}} } diff --git a/confd/pkg/resource/template/template_funcs.go b/confd/pkg/resource/template/template_funcs.go index af3a38e35d2..6131f9071f7 100644 --- a/confd/pkg/resource/template/template_funcs.go +++ b/confd/pkg/resource/template/template_funcs.go @@ -16,6 +16,8 @@ import ( v3 "github.com/projectcalico/api/pkg/apis/projectcalico/v3" "github.com/projectcalico/calico/confd/pkg/backends" + "github.com/projectcalico/calico/libcalico-go/lib/backend/encap" + "github.com/projectcalico/calico/libcalico-go/lib/backend/model" ) func newFuncMap() map[string]interface{} { @@ -40,6 +42,7 @@ func newFuncMap() map[string]interface{} { m["base64Encode"] = Base64Encode m["base64Decode"] = Base64Decode m["bgpFilterBIRDFuncs"] = BGPFilterBIRDFuncs + m["ippoolsFilterBIRDFunc"] = IPPoolsFilterBIRDFunc return m } @@ -403,6 +406,138 @@ func BGPFilterBIRDFuncs(pairs memkv.KVPairs, version int) ([]string, error) { return lines, nil } +// This function generates BIRD statements for IPPool resources to be used as BIRD filters based on the following input: +// - pairs: IPPool resources packaged into KVPairs. +// - filterAction: specified action to filter generated statements. For exporting pools to BGP peers, we need to +// first reject disabled ippool, and then accept the rest at the end after all other filters. Allowed values are +// "accept", "reject", and "" (to not filter). +// - forProgrammingKernel: Whether the generated statemens are intended for programming routes to kernel or exporting to +// other BGP Peers. As an example, we need to set "krt_tunnel" for programming IPIP and no-encap IPv4 routes. +// - version: the statment ip family. +// +// As an example, For the following sample IPPool resource: +// +// apiVersion: projectcalico.org/v3 +// kind: IPPool +// metadata: +// +// name: my.ippool-1 +// +// spec: +// +// cidr: 10.1.0.0/16 +// ipipMode: Always +// +// this function generates the following statement for programming routes to kernel: +// +// if (net ~ 10.10.0.0/16) then { krt_tunnel="tunl0"; accept; } +// +// and the following statement for exporting to BGP peers: +// +// if (net ~ 10.10.0.0/16) then { accept; } +func IPPoolsFilterBIRDFunc( + pairs memkv.KVPairs, + filterAction string, + forProgrammingKernel bool, + version int, +) ([]string, error) { + if version != 4 && version != 6 { + return []string{}, fmt.Errorf("version must be either 4 or 6") + } + + lines := []string{} + for _, kvp := range pairs { + var ippool model.IPPool + err := json.Unmarshal([]byte(kvp.Value), &ippool) + if err != nil { + return []string{}, fmt.Errorf("error unmarshalling JSON: %s", err) + } + + cidr := ippool.CIDR.String() + var action, comment, extraStatement string + switch { + case ippool.DisableBGPExport && !forProgrammingKernel: + // IPPool's BGP export is disabled, and filter is for exporting to other peers. + action = "reject" + comment = "BGP export is disabled." + case ippool.VXLANMode == encap.Always || ippool.VXLANMode == encap.CrossSubnet: + // VXLAN encapsulation is always handled by Felix. + if forProgrammingKernel { + // Felix always handles programming VXLAN IPPools. + action = "reject" + comment = "VXLAN routes are handled by Felix." + } else { + action = "accept" + } + case ippool.IPIPMode == encap.Always || ippool.IPIPMode == encap.CrossSubnet, // IPIP Encapsulation. + ippool.IPIPMode == encap.Undefined || ippool.VXLANMode == encap.Undefined: // No-encapsulation. + // IPIP encapsulation or No-Encap. + if forProgrammingKernel && version == 4 { + // For IPv4 IPIP and no-encap routes, we need to set `krt_tunnel` variable which is needed by + // our fork of BIRD. + extraStatement = extraStatementForKernelProgrammingIPIPNoEncap(ippool.IPIPMode, cidr) + } + action = "accept" + default: + return nil, fmt.Errorf("invalid %s ippool", kvp.Key) + } + + // Filter statements based on provided filterAction. + if len(filterAction) != 0 && filterAction != action { + continue + } + lines = append(lines, emitFilterStatementForIPPools(cidr, extraStatement, action, comment)) + } + if len(lines) == 0 { + var line string + switch filterAction { + case "accept", "reject": + line = formatComment(fmt.Sprintf("No v%d %s filter generated", version, filterAction)) + case "": + line = formatComment(fmt.Sprintf("No v%d IPPool configured", version)) + default: + return nil, fmt.Errorf("unknown target action %s", filterAction) + } + lines = append(lines, line) + } + return lines, nil +} + +func extraStatementForKernelProgrammingIPIPNoEncap(ipipMode encap.Mode, cidr string) string { + switch v3.EncapMode(ipipMode) { + case v3.Always: + return `krt_tunnel="tunl0";` + case v3.CrossSubnet: + format := `if (defined(bgp_next_hop)&&(bgp_next_hop ~ %s)) then krt_tunnel=""; else krt_tunnel="tunl0";` + return fmt.Sprintf(format, cidr) + case v3.Undefined: + // No-encap case. + return `krt_tunnel="";` + default: + return `` + } +} + +func emitFilterStatementForIPPools(cidr, extraStatement, action, comment string) (statement string) { + // Check mandatory inputs. + if len(cidr) == 0 || len(action) == 0 { + return + } + if len(extraStatement) != 0 { + statement = fmt.Sprintf("if (net ~ %s) then { %s %s; }", cidr, extraStatement, action) + } else { + statement = fmt.Sprintf("if (net ~ %s) then { %s; }", cidr, action) + } + if len(comment) != 0 { + statement = fmt.Sprintf("%s %s", statement, formatComment(comment)) + } + return +} + +func formatComment(comment string) string { + return fmt.Sprintf("# %s", comment) +} + // Getenv retrieves the value of the environment variable named by the key. // It returns the value, which will the default value if the variable is not present. // If no default value was given - returns "". diff --git a/confd/pkg/resource/template/template_funcs_test.go b/confd/pkg/resource/template/template_funcs_test.go index a783b010129..d57bb44ccca 100644 --- a/confd/pkg/resource/template/template_funcs_test.go +++ b/confd/pkg/resource/template/template_funcs_test.go @@ -2,11 +2,17 @@ package template import ( "encoding/json" + "fmt" "reflect" + "strings" "testing" "github.com/kelseyhightower/memkv" v3 "github.com/projectcalico/api/pkg/apis/projectcalico/v3" + + "github.com/projectcalico/calico/libcalico-go/lib/backend/encap" + "github.com/projectcalico/calico/libcalico-go/lib/backend/model" + "github.com/projectcalico/calico/libcalico-go/lib/net" ) func Test_hashToIPv4_invalid_range(t *testing.T) { @@ -216,3 +222,191 @@ func Test_ValidateHashToIpv4Method(t *testing.T) { func int32Helper(i int32) *int32 { return &i } + +type ippoolTestCase struct { + cidr string + exportDisabled bool + ipipMode encap.Mode + vxlanMode encap.Mode +} + +var ( + poolsTestsV4 []ippoolTestCase = []ippoolTestCase{ + // IPv4 IPIP Encapsulation cases. + {cidr: "10.10.0.0/16", exportDisabled: false, ipipMode: encap.Always}, + {cidr: "10.11.0.0/16", exportDisabled: true, ipipMode: encap.Always}, + {cidr: "10.12.0.0/16", exportDisabled: false, ipipMode: encap.CrossSubnet}, + {cidr: "10.13.0.0/16", exportDisabled: true, ipipMode: encap.CrossSubnet}, + // IPv4 No-Encapsulation case. + {cidr: "10.14.0.0/16", exportDisabled: false}, + {cidr: "10.15.0.0/16", exportDisabled: true}, + // IPv4 VXLAN Encapsulation cases. + {cidr: "10.16.0.0/16", exportDisabled: false, vxlanMode: encap.Always}, + {cidr: "10.17.0.0/16", exportDisabled: true, vxlanMode: encap.Always}, + {cidr: "10.18.0.0/16", exportDisabled: false, vxlanMode: encap.CrossSubnet}, + {cidr: "10.19.0.0/16", exportDisabled: true, vxlanMode: encap.CrossSubnet}, + } + + poolsTestsV6 []ippoolTestCase = []ippoolTestCase{ + // IPv6 IPIP Encapsulation cases. + {cidr: "dead:beef:1::/64", exportDisabled: false, ipipMode: encap.Always}, + {cidr: "dead:beef:2::/64", exportDisabled: true, ipipMode: encap.Always}, + {cidr: "dead:beef:3::/64", exportDisabled: false, ipipMode: encap.CrossSubnet}, + {cidr: "dead:beef:4::/64", exportDisabled: true, ipipMode: encap.CrossSubnet}, + // IPv6 No-Encapsulation case. + {cidr: "dead:beef:5::/64", exportDisabled: false}, + {cidr: "dead:beef:6::/64", exportDisabled: true}, + // IPv6 VXLAN Encapsulation cases. + {cidr: "dead:beef:7::/64", exportDisabled: false, vxlanMode: encap.Always}, + {cidr: "dead:beef:8::/64", exportDisabled: true, vxlanMode: encap.Always}, + {cidr: "dead:beef:9::/64", exportDisabled: false, vxlanMode: encap.CrossSubnet}, + {cidr: "dead:beef:10::/64", exportDisabled: true, vxlanMode: encap.CrossSubnet}, + } +) + +func Test_IPPoolsFilterBIRDFunc_NoIPPool(t *testing.T) { + kvps := ippoolTestCasesToKVPairs(t, nil) + for _, ipfamily := range []int{4, 6} { + for _, action := range []string{"", "accept", "reject"} { + for _, forKernel := range []bool{true, false} { + generated, err := IPPoolsFilterBIRDFunc(kvps, action, forKernel, ipfamily) + if err != nil { + t.Errorf("Unexpected error while generating BIRD IPPool filter: %s", err) + } + if len(generated) != 1 || !strings.HasPrefix(generated[0], "# ") { + t.Errorf("Expected exactly one comment but received: %s", generated) + } + } + } + } +} + +func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV4(t *testing.T) { + expectedStatements := []string{ + // IPv4 IPIP Encapsulation cases. + `if (net ~ 10.10.0.0/16) then { krt_tunnel="tunl0"; accept; }`, + `if (net ~ 10.11.0.0/16) then { krt_tunnel="tunl0"; accept; }`, + `if (net ~ 10.12.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.12.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, + `if (net ~ 10.13.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.13.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, + // IPv4 No-Encapsulation case. + `if (net ~ 10.14.0.0/16) then { krt_tunnel=""; accept; }`, + `if (net ~ 10.15.0.0/16) then { krt_tunnel=""; accept; }`, + // IPv4 VXLAN Encapsulation cases. + `if (net ~ 10.16.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, + `if (net ~ 10.17.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, + `if (net ~ 10.18.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, + `if (net ~ 10.19.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, + } + testExpectedIPPoolStatments(t, poolsTestsV4, expectedStatements, true, 4) +} + +func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV6(t *testing.T) { + expectedStatements := []string{ + // IPv6 IPIP Encapsulation cases. + `if (net ~ dead:beef:1::/64) then { accept; }`, + `if (net ~ dead:beef:2::/64) then { accept; }`, + `if (net ~ dead:beef:3::/64) then { accept; }`, + `if (net ~ dead:beef:4::/64) then { accept; }`, + // IPv6 No-Encapsulation case. + `if (net ~ dead:beef:5::/64) then { accept; }`, + `if (net ~ dead:beef:6::/64) then { accept; }`, + // IPv6 VXLAN Encapsulation cases. + `if (net ~ dead:beef:7::/64) then { reject; } # VXLAN routes are handled by Felix.`, + `if (net ~ dead:beef:8::/64) then { reject; } # VXLAN routes are handled by Felix.`, + `if (net ~ dead:beef:9::/64) then { reject; } # VXLAN routes are handled by Felix.`, + `if (net ~ dead:beef:10::/64) then { reject; } # VXLAN routes are handled by Felix.`, + } + testExpectedIPPoolStatments(t, poolsTestsV6, expectedStatements, true, 6) +} + +func Test_IPPoolsFilterBIRDFunc_BGPPeeringV4(t *testing.T) { + expectedStatements := []string{ + // IPv4 IPIP Encapsulation cases. + `if (net ~ 10.10.0.0/16) then { accept; }`, + `if (net ~ 10.11.0.0/16) then { reject; } # BGP export is disabled.`, + `if (net ~ 10.12.0.0/16) then { accept; }`, + `if (net ~ 10.13.0.0/16) then { reject; } # BGP export is disabled.`, + // IPv4 No-Encapsulation case. + `if (net ~ 10.14.0.0/16) then { accept; }`, + `if (net ~ 10.15.0.0/16) then { reject; } # BGP export is disabled.`, + // IPv4 VXLAN Encapsulation cases. + `if (net ~ 10.16.0.0/16) then { accept; }`, + `if (net ~ 10.17.0.0/16) then { reject; } # BGP export is disabled.`, + `if (net ~ 10.18.0.0/16) then { accept; }`, + `if (net ~ 10.19.0.0/16) then { reject; } # BGP export is disabled.`, + } + testExpectedIPPoolStatments(t, poolsTestsV4, expectedStatements, false, 4) +} + +func Test_IPPoolsFilterBIRDFunc_BGPPeeringV6(t *testing.T) { + expectedStatements := []string{ + // IPv6 IPIP Encapsulation cases. + `if (net ~ dead:beef:1::/64) then { accept; }`, + `if (net ~ dead:beef:2::/64) then { reject; } # BGP export is disabled.`, + `if (net ~ dead:beef:3::/64) then { accept; }`, + `if (net ~ dead:beef:4::/64) then { reject; } # BGP export is disabled.`, + // IPv6 No-Encapsulation case. + `if (net ~ dead:beef:5::/64) then { accept; }`, + `if (net ~ dead:beef:6::/64) then { reject; } # BGP export is disabled.`, + // IPv6 VXLAN Encapsulation cases. + `if (net ~ dead:beef:7::/64) then { accept; }`, + `if (net ~ dead:beef:8::/64) then { reject; } # BGP export is disabled.`, + `if (net ~ dead:beef:9::/64) then { accept; }`, + `if (net ~ dead:beef:10::/64) then { reject; } # BGP export is disabled.`, + } + testExpectedIPPoolStatments(t, poolsTestsV6, expectedStatements, false, 6) +} + +func testExpectedIPPoolStatments( + t *testing.T, + tcs []ippoolTestCase, + expectedStatements []string, + forProgrammingKernel bool, + ipVersion int, +) { + kvps := ippoolTestCasesToKVPairs(t, tcs) + for _, filterAction := range []string{"", "accept", "reject"} { + expected := filterExpextedStatements(expectedStatements, filterAction) + generated, err := IPPoolsFilterBIRDFunc(kvps, filterAction, forProgrammingKernel, ipVersion) + if err != nil { + t.Errorf("Unexpected error while generating BIRD IPPool filter: %s", err) + } + if !reflect.DeepEqual(generated, expected) { + t.Errorf("Generated BIRD config differs from expectation:\n Generated=%#v,\n Expected=%#v", + generated, expected) + } + } +} + +func ippoolTestCasesToKVPairs(t *testing.T, tcs []ippoolTestCase) memkv.KVPairs { + kvps := []memkv.KVPair{} + for _, tc := range tcs { + ippool := model.IPPool{} + ippool.CIDR = net.MustParseCIDR(tc.cidr) + ippool.IPIPMode = tc.ipipMode + ippool.VXLANMode = tc.vxlanMode + ippool.DisableBGPExport = tc.exportDisabled + + jsonIPPool, err := json.Marshal(ippool) + if err != nil { + t.Errorf("Error formatting IPPool into JSON: %s", err) + } + kvps = append(kvps, memkv.KVPair{ + Key: fmt.Sprintf("ippool-%s", tc.cidr), + Value: string(jsonIPPool), + }) + } + return kvps +} + +func filterExpextedStatements(statements []string, filterAction string) (filtered []string) { + if len(filterAction) == 0 { + return statements + } + for _, s := range statements { + if strings.Contains(s, fmt.Sprintf("%s; }", filterAction)) { + filtered = append(filtered, s) + } + } + return +} diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_names/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_names/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_names/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_names/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_interface/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_interface/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_interface/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_interface/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_operators/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_operators/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_operators/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_operators/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_source/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_source/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_source/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_source/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg index 6fd518a50a9..110d29e848f 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 2002::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg index 6fd518a50a9..110d29e848f 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 2002::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg index 6fd518a50a9..110d29e848f 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 2002::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg b/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ignored_interfaces/bird_ipam.cfg b/confd/tests/compiled_templates/ignored_interfaces/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/ignored_interfaces/bird_ipam.cfg +++ b/confd/tests/compiled_templates/ignored_interfaces/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg index 2706563a32a..0eb37b3891c 100644 --- a/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg @@ -1,10 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - - if ( net ~ 2002:102::/64 ) then { reject; } -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -24,10 +18,23 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +if (net ~ 2002:102::/64) then { reject; } # BGP export is disabled. +} + +function accept_enabled_pools() { +if (net ~ 2002:101::/64) then { accept; } +if (net ~ 2002:103::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002:101::/64) then { accept; } +if (net ~ 2002:102::/64) then { accept; } +if (net ~ 2002:103::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -35,17 +42,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002:101::/64 ) then { - accept; - } - # Skip 2002:102::/64 as BGP export is disabled for it - if ( net ~ 2002:103::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg index 6f9ad064e34..6af4c26fe0e 100644 --- a/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg @@ -1,10 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - - if ( net ~ 192.168.2.0/24 ) then { reject; } -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -24,10 +18,23 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +if (net ~ 192.168.2.0/24) then { reject; } # BGP export is disabled. +} + +function accept_enabled_pools() { +if (net ~ 192.168.1.0/24) then { accept; } +if (net ~ 192.168.3.0/24) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.1.0/24) then { krt_tunnel=""; accept; } +if (net ~ 192.168.2.0/24) then { krt_tunnel=""; accept; } +if (net ~ 192.168.3.0/24) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -35,33 +42,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.1.0/24 ) then { - accept; - } - # Skip 192.168.2.0/24 as BGP export is disabled for it - if ( net ~ 192.168.3.0/24 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.1.0/24 ) then { - krt_tunnel = ""; - accept; - } - - if ( net ~ 192.168.2.0/24 ) then { - krt_tunnel = ""; - accept; - } - - if ( net ~ 192.168.3.0/24 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg index 6bf2288cb65..0d31caec14c 100644 --- a/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg index 6bf2288cb65..0d31caec14c 100644 --- a/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg index 6bf2288cb65..0d31caec14c 100644 --- a/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg index 57300f8a0a5..7644e825f0e 100644 --- a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 192.168.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,22 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - if defined(bgp_next_hop) && ( bgp_next_hop ~ 10.192.0.0/16 ) then - krt_tunnel = ""; - else - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg index 6fd518a50a9..110d29e848f 100644 --- a/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 2002::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg index 6bf2288cb65..0d31caec14c 100644 --- a/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg index 6fd518a50a9..110d29e848f 100644 --- a/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 2002::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg index 6bf2288cb65..0d31caec14c 100644 --- a/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg index 6fd518a50a9..110d29e848f 100644 --- a/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 2002::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg index 6bf2288cb65..0d31caec14c 100644 --- a/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg index 6fd518a50a9..110d29e848f 100644 --- a/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 2002::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg index 6bf2288cb65..0d31caec14c 100644 --- a/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg index 6fd518a50a9..110d29e848f 100644 --- a/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 2002::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 2002::/64) then { accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 2002::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg index 6bf2288cb65..0d31caec14c 100644 --- a/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = ""; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg index 1a5c1e90049..ef4dfd66380 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,13 +39,12 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - # Don't program static routes into kernel. if ( net ~ fd00:96::/112 ) then { reject; } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg index 025d4909edb..7fd0f3d5b5c 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,22 +39,12 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - # Don't program static routes into kernel. if ( net ~ 10.101.0.0/16 ) then { reject; } - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg index ddc693f28ff..a8b23b8d371 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,20 +39,16 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); + accept_enabled_pools(); # Export static routes. if ( net ~ 10.101.0.0/16 ) then { accept; } if ( net ~ 10.101.0.101/32 ) then { accept; } - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } } - filter calico_kernel_programming { - # Don't program static routes into kernel. if ( net ~ 10.101.0.0/16 ) then { reject; } + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg index 7e615a4af05..f9425bdca74 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,17 +39,16 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); + accept_enabled_pools(); # Export static routes. if ( net ~ fd00:96::/112 ) then { accept; } if ( net ~ fd00:96::28/128 ) then { accept; } - } filter calico_kernel_programming { - # Don't program static routes into kernel. if ( net ~ fd00:96::/112 ) then { reject; } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg index 7462b303165..9c2788ab2c7 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,28 +39,18 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); + accept_enabled_pools(); # Export static routes. if ( net ~ 10.101.0.0/16 ) then { accept; } if ( net ~ 10.101.0.101/32 ) then { accept; } if ( net ~ 80.15.0.0/24 ) then { accept; } - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } } - filter calico_kernel_programming { - # Don't program static routes into kernel. if ( net ~ 10.101.0.0/16 ) then { reject; } if ( net ~ 80.15.0.0/24 ) then { reject; } - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg index 8c4453f41a1..da453bd87e7 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - krt_tunnel = "tunl0"; - accept; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg index 1bc8a213447..8324bff7020 100644 --- a/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ dead:beef::/64) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ dead:beef::/64) then { reject; } # VXLAN routes are handled by Felix. +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,17 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ dead:beef::/64 ) then { - accept; - } + accept_enabled_pools(); } filter calico_kernel_programming { - - if ( net ~ dead:beef::/64 ) then { - # Don't program VXLAN routes into the kernel - these are handled by Felix. - reject; - } + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg index 22bf027b62f..9129340b4e7 100644 --- a/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +if (net ~ 192.168.0.0/16) then { accept; } +} + +function program_pools_to_kernel() { +if (net ~ 192.168.0.0/16) then { reject; } # VXLAN routes are handled by Felix. +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,19 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - - if ( net ~ 192.168.0.0/16 ) then { - accept; - } + accept_enabled_pools(); } - filter calico_kernel_programming { - - if ( net ~ 192.168.0.0/16 ) then { - # Don't program VXLAN routes into the kernel - these are handled by Felix. - reject; - } - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg b/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password-deadlock/bird_ipam.cfg b/confd/tests/compiled_templates/password-deadlock/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/password-deadlock/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password-deadlock/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step1/bird_ipam.cfg b/confd/tests/compiled_templates/password/step1/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/password/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step1/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step2/bird_ipam.cfg b/confd/tests/compiled_templates/password/step2/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/password/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step2/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step3/bird_ipam.cfg b/confd/tests/compiled_templates/password/step3/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/password/step3/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step3/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step4/bird_ipam.cfg b/confd/tests/compiled_templates/password/step4/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/password/step4/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step4/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step5/bird_ipam.cfg b/confd/tests/compiled_templates/password/step5/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/password/step5/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step5/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step6/bird_ipam.cfg b/confd/tests/compiled_templates/password/step6/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/password/step6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step6/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg b/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reachable_by/global_peers/bird_ipam.cfg b/confd/tests/compiled_templates/reachable_by/global_peers/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/reachable_by/global_peers/bird_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/global_peers/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird_ipam.cfg b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reverse_peering/auto/bird_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/auto/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/reverse_peering/auto/bird_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/auto/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reverse_peering/manual/bird_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/manual/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/reverse_peering/manual/bird_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/manual/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/explicit_node/bird_ipam.cfg b/confd/tests/compiled_templates/ttl_security/explicit_node/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/ttl_security/explicit_node/bird_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/explicit_node/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/global/bird_ipam.cfg b/confd/tests/compiled_templates/ttl_security/global/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/ttl_security/global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/global/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg index d7daa3928e5..105a380a1e0 100644 --- a/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v6 reject filter generated +} + +function accept_enabled_pools() { +# No v6 accept filter generated +} + +function program_pools_to_kernel() { +# No v6 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,10 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/peer_selector/bird_ipam.cfg b/confd/tests/compiled_templates/ttl_security/peer_selector/bird_ipam.cfg index 284fa44f216..fb680e47e73 100644 --- a/confd/tests/compiled_templates/ttl_security/peer_selector/bird_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/peer_selector/bird_ipam.cfg @@ -1,9 +1,4 @@ # Generated by confd -function reject_disabled_pools () -{ - -} - function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -23,10 +18,20 @@ function reject_local_routes () { } } +function reject_disabled_pools() { +# No v4 reject filter generated +} + +function accept_enabled_pools() { +# No v4 accept filter generated +} + +function program_pools_to_kernel() { +# No v4 IPPool configured +} + function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, - # call reject_disabled_pools() first, then reject_tunnel_routes(), - # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -34,11 +39,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - + accept_enabled_pools(); } - filter calico_kernel_programming { - + program_pools_to_kernel(); accept; } From 30a872c940ddcae450fdc9e113141cf15600452a Mon Sep 17 00:00:00 2001 From: Mazdak Nasab Date: Fri, 6 Feb 2026 13:16:05 -0800 Subject: [PATCH 2/5] add space --- .../confd/templates/bird6_ipam.cfg.template | 2 +- confd/pkg/resource/template/template_funcs.go | 8 +- .../resource/template/template_funcs_test.go | 84 +++++++++---------- .../export_only/explicit_peer/bird6_ipam.cfg | 2 +- .../export_only/global_peer/bird6_ipam.cfg | 2 +- .../filter_deletion/step1/bird6_ipam.cfg | 2 +- .../filter_deletion/step2/bird6_ipam.cfg | 2 +- .../bgpfilter/filter_names/bird6_ipam.cfg | 2 +- .../import_only/explicit_peer/bird6_ipam.cfg | 2 +- .../import_only/global_peer/bird6_ipam.cfg | 2 +- .../bgpfilter/match_interface/bird6_ipam.cfg | 2 +- .../bgpfilter/match_operators/bird6_ipam.cfg | 2 +- .../bgpfilter/match_source/bird6_ipam.cfg | 2 +- .../multi_filter/explicit_peer/bird6_ipam.cfg | 2 +- .../multi_filter/global_peer/bird6_ipam.cfg | 2 +- .../bgpfilter/node_mesh/bird6_ipam.cfg | 2 +- .../explicit_peer/bird6_ipam.cfg | 2 +- .../single_filter/global_peer/bird6_ipam.cfg | 2 +- .../v4_only/explicit_peer/bird6_ipam.cfg | 2 +- .../v4_only/global_peer/bird6_ipam.cfg | 2 +- .../v6_only/explicit_peer/bird6_ipam.cfg | 2 +- .../v6_only/global_peer/bird6_ipam.cfg | 2 +- .../global-external/bird6_ipam.cfg | 2 +- .../global-external/bird_ipam.cfg | 4 +- .../global-ipv6/bird6_ipam.cfg | 6 +- .../global-ipv6/bird_ipam.cfg | 4 +- .../explicit_peering/global/bird6_ipam.cfg | 2 +- .../explicit_peering/global/bird_ipam.cfg | 4 +- .../keepnexthop-global/bird6_ipam.cfg | 2 +- .../keepnexthop-global/bird_ipam.cfg | 4 +- .../keepnexthop/bird6_ipam.cfg | 2 +- .../keepnexthop/bird_ipam.cfg | 4 +- .../local-as-global-ipv6/bird6_ipam.cfg | 6 +- .../local-as-global-ipv6/bird_ipam.cfg | 4 +- .../local-as-global/bird6_ipam.cfg | 2 +- .../local-as-global/bird_ipam.cfg | 4 +- .../local-as-ipv6/bird6_ipam.cfg | 6 +- .../local-as-ipv6/bird_ipam.cfg | 4 +- .../explicit_peering/local-as/bird6_ipam.cfg | 2 +- .../explicit_peering/local-as/bird_ipam.cfg | 4 +- .../local_bgp_peer/bird6_ipam.cfg | 2 +- .../route_reflector/bird6_ipam.cfg | 2 +- .../route_reflector/bird_ipam.cfg | 4 +- .../route_reflector_v6_by_ip/bird6_ipam.cfg | 2 +- .../route_reflector_v6_by_ip/bird_ipam.cfg | 4 +- .../explicit_peering/selectors/bird6_ipam.cfg | 2 +- .../explicit_peering/selectors/bird_ipam.cfg | 4 +- .../selectors/step2/bird6_ipam.cfg | 2 +- .../selectors/step2/bird_ipam.cfg | 4 +- .../specific_node/bird6_ipam.cfg | 2 +- .../specific_node/bird_ipam.cfg | 4 +- .../ignored_interfaces/bird6_ipam.cfg | 2 +- .../mesh/bgp-export/bird6_ipam.cfg | 14 ++-- .../mesh/bgp-export/bird_ipam.cfg | 12 +-- .../mesh/communities/bird6_ipam.cfg | 2 +- .../mesh/communities/bird_ipam.cfg | 4 +- .../mesh/communities/step2/bird6_ipam.cfg | 2 +- .../mesh/communities/step2/bird_ipam.cfg | 4 +- .../mesh/hash/bird6_ipam.cfg | 2 +- .../mesh/hash/bird_ipam.cfg | 4 +- .../mesh/ipip-always/bird6_ipam.cfg | 2 +- .../mesh/ipip-always/bird_ipam.cfg | 4 +- .../mesh/ipip-cross-subnet/bird6_ipam.cfg | 2 +- .../mesh/ipip-cross-subnet/bird_ipam.cfg | 4 +- .../mesh/ipip-off/bird6_ipam.cfg | 6 +- .../mesh/ipip-off/bird_ipam.cfg | 4 +- .../mesh/password/step1/bird6_ipam.cfg | 6 +- .../mesh/password/step1/bird_ipam.cfg | 4 +- .../mesh/password/step2/bird6_ipam.cfg | 6 +- .../mesh/password/step2/bird_ipam.cfg | 4 +- .../mesh/password/step3/bird6_ipam.cfg | 6 +- .../mesh/password/step3/bird_ipam.cfg | 4 +- .../mesh/restart-time/bird6_ipam.cfg | 6 +- .../mesh/restart-time/bird_ipam.cfg | 4 +- .../bird6_ipam.cfg | 2 +- .../bird_ipam.cfg | 4 +- .../static-routes-exclude-node/bird6_ipam.cfg | 2 +- .../static-routes-exclude-node/bird_ipam.cfg | 4 +- .../step2/bird6_ipam.cfg | 2 +- .../step2/bird_ipam.cfg | 4 +- .../bird6_ipam.cfg | 2 +- .../bird_ipam.cfg | 4 +- .../mesh/static-routes/bird6_ipam.cfg | 2 +- .../mesh/static-routes/bird_ipam.cfg | 4 +- .../mesh/static-routes/step2/bird6_ipam.cfg | 2 +- .../mesh/static-routes/step2/bird_ipam.cfg | 4 +- .../mesh/vxlan-always/bird6_ipam.cfg | 6 +- .../mesh/vxlan-always/bird_ipam.cfg | 4 +- .../next_hop_mode/global_peers/bird6_ipam.cfg | 2 +- .../route_reflectors/bird6_ipam.cfg | 2 +- .../password-deadlock/bird6_ipam.cfg | 2 +- .../password/step1/bird6_ipam.cfg | 2 +- .../password/step2/bird6_ipam.cfg | 2 +- .../password/step3/bird6_ipam.cfg | 2 +- .../password/step4/bird6_ipam.cfg | 2 +- .../password/step5/bird6_ipam.cfg | 2 +- .../password/step6/bird6_ipam.cfg | 2 +- .../reachable_by/global_peers/bird6_ipam.cfg | 2 +- .../route_reflectors/bird6_ipam.cfg | 2 +- .../reverse_peering/auto/bird6_ipam.cfg | 2 +- .../reverse_peering/manual/bird6_ipam.cfg | 2 +- .../step1/bird6_ipam.cfg | 2 +- .../step2/bird6_ipam.cfg | 2 +- .../step3/bird6_ipam.cfg | 2 +- .../ttl_security/explicit_node/bird6_ipam.cfg | 2 +- .../ttl_security/global/bird6_ipam.cfg | 2 +- .../ttl_security/peer_selector/bird6_ipam.cfg | 2 +- 107 files changed, 211 insertions(+), 211 deletions(-) diff --git a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template index 92b1fec40e0..b774c03de55 100644 --- a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template @@ -22,7 +22,7 @@ function reject_disabled_pools() { {{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "reject" false 6 }} {{ $line }} {{- end }} -} +} function accept_enabled_pools() { {{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "accept" false 6 }} diff --git a/confd/pkg/resource/template/template_funcs.go b/confd/pkg/resource/template/template_funcs.go index 6131f9071f7..0af93ea58c2 100644 --- a/confd/pkg/resource/template/template_funcs.go +++ b/confd/pkg/resource/template/template_funcs.go @@ -411,9 +411,9 @@ func BGPFilterBIRDFuncs(pairs memkv.KVPairs, version int) ([]string, error) { // - filterAction: specified action to filter generated statements. For exporting pools to BGP peers, we need to // first reject disabled ippool, and then accept the rest at the end after all other filters. Allowed values are // "accept", "reject", and "" (to not filter). -// - forProgrammingKernel: Whether the generated statemens are intended for programming routes to kernel or exporting to +// - forProgrammingKernel: Whether the generated statements are intended for programming routes to kernel or exporting to // other BGP Peers. As an example, we need to set "krt_tunnel" for programming IPIP and no-encap IPv4 routes. -// - version: the statment ip family. +// - version: the statement ip family. // // As an example, For the following sample IPPool resource: // @@ -524,9 +524,9 @@ func emitFilterStatementForIPPools(cidr, extraStatement, action, comment string) return } if len(extraStatement) != 0 { - statement = fmt.Sprintf("if (net ~ %s) then { %s %s; }", cidr, extraStatement, action) + statement = fmt.Sprintf(" if (net ~ %s) then { %s %s; }", cidr, extraStatement, action) } else { - statement = fmt.Sprintf("if (net ~ %s) then { %s; }", cidr, action) + statement = fmt.Sprintf(" if (net ~ %s) then { %s; }", cidr, action) } if len(comment) != 0 { statement = fmt.Sprintf("%s %s", statement, formatComment(comment)) diff --git a/confd/pkg/resource/template/template_funcs_test.go b/confd/pkg/resource/template/template_funcs_test.go index d57bb44ccca..d319014f108 100644 --- a/confd/pkg/resource/template/template_funcs_test.go +++ b/confd/pkg/resource/template/template_funcs_test.go @@ -284,18 +284,18 @@ func Test_IPPoolsFilterBIRDFunc_NoIPPool(t *testing.T) { func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV4(t *testing.T) { expectedStatements := []string{ // IPv4 IPIP Encapsulation cases. - `if (net ~ 10.10.0.0/16) then { krt_tunnel="tunl0"; accept; }`, - `if (net ~ 10.11.0.0/16) then { krt_tunnel="tunl0"; accept; }`, - `if (net ~ 10.12.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.12.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, - `if (net ~ 10.13.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.13.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, + ` if (net ~ 10.10.0.0/16) then { krt_tunnel="tunl0"; accept; }`, + ` if (net ~ 10.11.0.0/16) then { krt_tunnel="tunl0"; accept; }`, + ` if (net ~ 10.12.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.12.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, + ` if (net ~ 10.13.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.13.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, // IPv4 No-Encapsulation case. - `if (net ~ 10.14.0.0/16) then { krt_tunnel=""; accept; }`, - `if (net ~ 10.15.0.0/16) then { krt_tunnel=""; accept; }`, + ` if (net ~ 10.14.0.0/16) then { krt_tunnel=""; accept; }`, + ` if (net ~ 10.15.0.0/16) then { krt_tunnel=""; accept; }`, // IPv4 VXLAN Encapsulation cases. - `if (net ~ 10.16.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, - `if (net ~ 10.17.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, - `if (net ~ 10.18.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, - `if (net ~ 10.19.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, + ` if (net ~ 10.16.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, + ` if (net ~ 10.17.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, + ` if (net ~ 10.18.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, + ` if (net ~ 10.19.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, } testExpectedIPPoolStatments(t, poolsTestsV4, expectedStatements, true, 4) } @@ -303,18 +303,18 @@ func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV4(t *testing.T) { func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV6(t *testing.T) { expectedStatements := []string{ // IPv6 IPIP Encapsulation cases. - `if (net ~ dead:beef:1::/64) then { accept; }`, - `if (net ~ dead:beef:2::/64) then { accept; }`, - `if (net ~ dead:beef:3::/64) then { accept; }`, - `if (net ~ dead:beef:4::/64) then { accept; }`, + ` if (net ~ dead:beef:1::/64) then { accept; }`, + ` if (net ~ dead:beef:2::/64) then { accept; }`, + ` if (net ~ dead:beef:3::/64) then { accept; }`, + ` if (net ~ dead:beef:4::/64) then { accept; }`, // IPv6 No-Encapsulation case. - `if (net ~ dead:beef:5::/64) then { accept; }`, - `if (net ~ dead:beef:6::/64) then { accept; }`, + ` if (net ~ dead:beef:5::/64) then { accept; }`, + ` if (net ~ dead:beef:6::/64) then { accept; }`, // IPv6 VXLAN Encapsulation cases. - `if (net ~ dead:beef:7::/64) then { reject; } # VXLAN routes are handled by Felix.`, - `if (net ~ dead:beef:8::/64) then { reject; } # VXLAN routes are handled by Felix.`, - `if (net ~ dead:beef:9::/64) then { reject; } # VXLAN routes are handled by Felix.`, - `if (net ~ dead:beef:10::/64) then { reject; } # VXLAN routes are handled by Felix.`, + ` if (net ~ dead:beef:7::/64) then { reject; } # VXLAN routes are handled by Felix.`, + ` if (net ~ dead:beef:8::/64) then { reject; } # VXLAN routes are handled by Felix.`, + ` if (net ~ dead:beef:9::/64) then { reject; } # VXLAN routes are handled by Felix.`, + ` if (net ~ dead:beef:10::/64) then { reject; } # VXLAN routes are handled by Felix.`, } testExpectedIPPoolStatments(t, poolsTestsV6, expectedStatements, true, 6) } @@ -322,18 +322,18 @@ func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV6(t *testing.T) { func Test_IPPoolsFilterBIRDFunc_BGPPeeringV4(t *testing.T) { expectedStatements := []string{ // IPv4 IPIP Encapsulation cases. - `if (net ~ 10.10.0.0/16) then { accept; }`, - `if (net ~ 10.11.0.0/16) then { reject; } # BGP export is disabled.`, - `if (net ~ 10.12.0.0/16) then { accept; }`, - `if (net ~ 10.13.0.0/16) then { reject; } # BGP export is disabled.`, + ` if (net ~ 10.10.0.0/16) then { accept; }`, + ` if (net ~ 10.11.0.0/16) then { reject; } # BGP export is disabled.`, + ` if (net ~ 10.12.0.0/16) then { accept; }`, + ` if (net ~ 10.13.0.0/16) then { reject; } # BGP export is disabled.`, // IPv4 No-Encapsulation case. - `if (net ~ 10.14.0.0/16) then { accept; }`, - `if (net ~ 10.15.0.0/16) then { reject; } # BGP export is disabled.`, + ` if (net ~ 10.14.0.0/16) then { accept; }`, + ` if (net ~ 10.15.0.0/16) then { reject; } # BGP export is disabled.`, // IPv4 VXLAN Encapsulation cases. - `if (net ~ 10.16.0.0/16) then { accept; }`, - `if (net ~ 10.17.0.0/16) then { reject; } # BGP export is disabled.`, - `if (net ~ 10.18.0.0/16) then { accept; }`, - `if (net ~ 10.19.0.0/16) then { reject; } # BGP export is disabled.`, + ` if (net ~ 10.16.0.0/16) then { accept; }`, + ` if (net ~ 10.17.0.0/16) then { reject; } # BGP export is disabled.`, + ` if (net ~ 10.18.0.0/16) then { accept; }`, + ` if (net ~ 10.19.0.0/16) then { reject; } # BGP export is disabled.`, } testExpectedIPPoolStatments(t, poolsTestsV4, expectedStatements, false, 4) } @@ -341,18 +341,18 @@ func Test_IPPoolsFilterBIRDFunc_BGPPeeringV4(t *testing.T) { func Test_IPPoolsFilterBIRDFunc_BGPPeeringV6(t *testing.T) { expectedStatements := []string{ // IPv6 IPIP Encapsulation cases. - `if (net ~ dead:beef:1::/64) then { accept; }`, - `if (net ~ dead:beef:2::/64) then { reject; } # BGP export is disabled.`, - `if (net ~ dead:beef:3::/64) then { accept; }`, - `if (net ~ dead:beef:4::/64) then { reject; } # BGP export is disabled.`, + ` if (net ~ dead:beef:1::/64) then { accept; }`, + ` if (net ~ dead:beef:2::/64) then { reject; } # BGP export is disabled.`, + ` if (net ~ dead:beef:3::/64) then { accept; }`, + ` if (net ~ dead:beef:4::/64) then { reject; } # BGP export is disabled.`, // IPv6 No-Encapsulation case. - `if (net ~ dead:beef:5::/64) then { accept; }`, - `if (net ~ dead:beef:6::/64) then { reject; } # BGP export is disabled.`, + ` if (net ~ dead:beef:5::/64) then { accept; }`, + ` if (net ~ dead:beef:6::/64) then { reject; } # BGP export is disabled.`, // IPv6 VXLAN Encapsulation cases. - `if (net ~ dead:beef:7::/64) then { accept; }`, - `if (net ~ dead:beef:8::/64) then { reject; } # BGP export is disabled.`, - `if (net ~ dead:beef:9::/64) then { accept; }`, - `if (net ~ dead:beef:10::/64) then { reject; } # BGP export is disabled.`, + ` if (net ~ dead:beef:7::/64) then { accept; }`, + ` if (net ~ dead:beef:8::/64) then { reject; } # BGP export is disabled.`, + ` if (net ~ dead:beef:9::/64) then { accept; }`, + ` if (net ~ dead:beef:10::/64) then { reject; } # BGP export is disabled.`, } testExpectedIPPoolStatments(t, poolsTestsV6, expectedStatements, false, 6) } @@ -366,7 +366,7 @@ func testExpectedIPPoolStatments( ) { kvps := ippoolTestCasesToKVPairs(t, tcs) for _, filterAction := range []string{"", "accept", "reject"} { - expected := filterExpextedStatements(expectedStatements, filterAction) + expected := filterExpectedStatements(expectedStatements, filterAction) generated, err := IPPoolsFilterBIRDFunc(kvps, filterAction, forProgrammingKernel, ipVersion) if err != nil { t.Errorf("Unexpected error while generating BIRD IPPool filter: %s", err) @@ -399,7 +399,7 @@ func ippoolTestCasesToKVPairs(t *testing.T, tcs []ippoolTestCase) memkv.KVPairs return kvps } -func filterExpextedStatements(statements []string, filterAction string) (filtered []string) { +func filterExpectedStatements(statements []string, filterAction string) (filtered []string) { if len(filterAction) == 0 { return statements } diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg index 110d29e848f..c32930ad910 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg index 110d29e848f..c32930ad910 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg index 110d29e848f..c32930ad910 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg b/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg index 0eb37b3891c..10c3b775499 100644 --- a/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg @@ -19,18 +19,18 @@ function reject_local_routes () { } function reject_disabled_pools() { -if (net ~ 2002:102::/64) then { reject; } # BGP export is disabled. -} + if (net ~ 2002:102::/64) then { reject; } # BGP export is disabled. +} function accept_enabled_pools() { -if (net ~ 2002:101::/64) then { accept; } -if (net ~ 2002:103::/64) then { accept; } + if (net ~ 2002:101::/64) then { accept; } + if (net ~ 2002:103::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002:101::/64) then { accept; } -if (net ~ 2002:102::/64) then { accept; } -if (net ~ 2002:103::/64) then { accept; } + if (net ~ 2002:101::/64) then { accept; } + if (net ~ 2002:102::/64) then { accept; } + if (net ~ 2002:103::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg index 6af4c26fe0e..b6250339d3a 100644 --- a/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg @@ -19,18 +19,18 @@ function reject_local_routes () { } function reject_disabled_pools() { -if (net ~ 192.168.2.0/24) then { reject; } # BGP export is disabled. + if (net ~ 192.168.2.0/24) then { reject; } # BGP export is disabled. } function accept_enabled_pools() { -if (net ~ 192.168.1.0/24) then { accept; } -if (net ~ 192.168.3.0/24) then { accept; } + if (net ~ 192.168.1.0/24) then { accept; } + if (net ~ 192.168.3.0/24) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.1.0/24) then { krt_tunnel=""; accept; } -if (net ~ 192.168.2.0/24) then { krt_tunnel=""; accept; } -if (net ~ 192.168.3.0/24) then { krt_tunnel=""; accept; } + if (net ~ 192.168.1.0/24) then { krt_tunnel=""; accept; } + if (net ~ 192.168.2.0/24) then { krt_tunnel=""; accept; } + if (net ~ 192.168.3.0/24) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg index 0d31caec14c..fb98265c12a 100644 --- a/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg index 0d31caec14c..fb98265c12a 100644 --- a/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg index 0d31caec14c..fb98265c12a 100644 --- a/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg index 7644e825f0e..fe01e2d5d8d 100644 --- a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 192.168.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 192.168.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg index 110d29e848f..c32930ad910 100644 --- a/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg index 0d31caec14c..fb98265c12a 100644 --- a/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg index 110d29e848f..c32930ad910 100644 --- a/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg index 0d31caec14c..fb98265c12a 100644 --- a/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg index 110d29e848f..c32930ad910 100644 --- a/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg index 0d31caec14c..fb98265c12a 100644 --- a/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg index 110d29e848f..c32930ad910 100644 --- a/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg index 0d31caec14c..fb98265c12a 100644 --- a/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg index 110d29e848f..c32930ad910 100644 --- a/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ 2002::/64) then { accept; } + if (net ~ 2002::/64) then { accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg index 0d31caec14c..fb98265c12a 100644 --- a/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg index ef4dfd66380..1bc037bbcf9 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg index 7fd0f3d5b5c..f2929ca74f9 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg index a8b23b8d371..9cd5177f954 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg index f9425bdca74..4a5ea597d21 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg index 9c2788ab2c7..9faf52d0513 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg index da453bd87e7..094d5ef6a4a 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg index 8324bff7020..eaae848a6f2 100644 --- a/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg @@ -20,14 +20,14 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { -if (net ~ dead:beef::/64) then { accept; } + if (net ~ dead:beef::/64) then { accept; } } function program_pools_to_kernel() { -if (net ~ dead:beef::/64) then { reject; } # VXLAN routes are handled by Felix. + if (net ~ dead:beef::/64) then { reject; } # VXLAN routes are handled by Felix. } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg index 9129340b4e7..0608fe4cc46 100644 --- a/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg @@ -23,11 +23,11 @@ function reject_disabled_pools() { } function accept_enabled_pools() { -if (net ~ 192.168.0.0/16) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } function program_pools_to_kernel() { -if (net ~ 192.168.0.0/16) then { reject; } # VXLAN routes are handled by Felix. + if (net ~ 192.168.0.0/16) then { reject; } # VXLAN routes are handled by Felix. } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg b/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg b/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated diff --git a/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg index 105a380a1e0..8906f8a48de 100644 --- a/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg @@ -20,7 +20,7 @@ function reject_local_routes () { function reject_disabled_pools() { # No v6 reject filter generated -} +} function accept_enabled_pools() { # No v6 accept filter generated From a7bb869a607fc7640ac3fbd7ed7b6a7cd919c808 Mon Sep 17 00:00:00 2001 From: Mazdak Nasab Date: Fri, 6 Feb 2026 15:12:59 -0800 Subject: [PATCH 3/5] Fix --- .../confd/templates/bird6_ipam.cfg.template | 6 +++--- .../confd/templates/bird_ipam.cfg.template | 9 ++++++--- confd/pkg/resource/template/template_funcs.go | 12 ++++++++---- .../resource/template/template_funcs_test.go | 17 +++++++++-------- .../mesh/ipip-cross-subnet/bird_ipam.cfg | 3 ++- .../static-routes-no-ipv4-address/bird_ipam.cfg | 2 +- 6 files changed, 29 insertions(+), 20 deletions(-) diff --git a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template index b774c03de55..ca3d4e4d77b 100644 --- a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template @@ -19,19 +19,19 @@ function reject_local_routes () { } function reject_disabled_pools() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "reject" false 6 }} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "reject" false "" 6 }} {{ $line }} {{- end }} } function accept_enabled_pools() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "accept" false 6 }} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "accept" false "" 6 }} {{ $line }} {{- end }} } function program_pools_to_kernel() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "" true 6 }} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "" true "" 6 }} {{ $line }} {{- end }} } diff --git a/confd/etc/calico/confd/templates/bird_ipam.cfg.template b/confd/etc/calico/confd/templates/bird_ipam.cfg.template index d600fc21e05..a220e6ff053 100644 --- a/confd/etc/calico/confd/templates/bird_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird_ipam.cfg.template @@ -19,21 +19,24 @@ function reject_local_routes () { } function reject_disabled_pools() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "reject" false 4 }} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "reject" false "" 4 }} {{ $line }} {{- end }} } function accept_enabled_pools() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "accept" false 4 }} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "accept" false "" 4 }} {{ $line }} {{- end }} } +{{$network_key := printf "/bgp/v1/host/%s/network_v4" (getenv "NODENAME")}} function program_pools_to_kernel() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "" true 4 }} +{{- if exists $network_key}}{{$network := getv $network_key}} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "" true $network 4 }} {{ $line }} {{- end }} +{{- end}} } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/pkg/resource/template/template_funcs.go b/confd/pkg/resource/template/template_funcs.go index 0af93ea58c2..33e93810036 100644 --- a/confd/pkg/resource/template/template_funcs.go +++ b/confd/pkg/resource/template/template_funcs.go @@ -14,6 +14,7 @@ import ( "github.com/kelseyhightower/memkv" v3 "github.com/projectcalico/api/pkg/apis/projectcalico/v3" + "github.com/sirupsen/logrus" "github.com/projectcalico/calico/confd/pkg/backends" "github.com/projectcalico/calico/libcalico-go/lib/backend/encap" @@ -413,6 +414,7 @@ func BGPFilterBIRDFuncs(pairs memkv.KVPairs, version int) ([]string, error) { // "accept", "reject", and "" (to not filter). // - forProgrammingKernel: Whether the generated statements are intended for programming routes to kernel or exporting to // other BGP Peers. As an example, we need to set "krt_tunnel" for programming IPIP and no-encap IPv4 routes. +// - localSubnet: the subnet of local node, which is needed by IPv4 IPIP pool in cross subnet mode. // - version: the statement ip family. // // As an example, For the following sample IPPool resource: @@ -439,6 +441,7 @@ func IPPoolsFilterBIRDFunc( pairs memkv.KVPairs, filterAction string, forProgrammingKernel bool, + localSubnet string, version int, ) ([]string, error) { if version != 4 && version != 6 { @@ -472,10 +475,10 @@ func IPPoolsFilterBIRDFunc( case ippool.IPIPMode == encap.Always || ippool.IPIPMode == encap.CrossSubnet, // IPIP Encapsulation. ippool.IPIPMode == encap.Undefined || ippool.VXLANMode == encap.Undefined: // No-encapsulation. // IPIP encapsulation or No-Encap. - if forProgrammingKernel && version == 4 { + if forProgrammingKernel && version == 4 && len(localSubnet) != 0 { // For IPv4 IPIP and no-encap routes, we need to set `krt_tunnel` variable which is needed by // our fork of BIRD. - extraStatement = extraStatementForKernelProgrammingIPIPNoEncap(ippool.IPIPMode, cidr) + extraStatement = extraStatementForKernelProgrammingIPIPNoEncap(ippool.IPIPMode, localSubnet) } action = "accept" default: @@ -503,13 +506,14 @@ func IPPoolsFilterBIRDFunc( return lines, nil } -func extraStatementForKernelProgrammingIPIPNoEncap(ipipMode encap.Mode, cidr string) string { +func extraStatementForKernelProgrammingIPIPNoEncap(ipipMode encap.Mode, localSubnet string) string { + logrus.Infof("pepper %v", localSubnet) switch v3.EncapMode(ipipMode) { case v3.Always: return `krt_tunnel="tunl0";` case v3.CrossSubnet: format := `if (defined(bgp_next_hop)&&(bgp_next_hop ~ %s)) then krt_tunnel=""; else krt_tunnel="tunl0";` - return fmt.Sprintf(format, cidr) + return fmt.Sprintf(format, localSubnet) case v3.Undefined: // No-encap case. return `krt_tunnel="";` diff --git a/confd/pkg/resource/template/template_funcs_test.go b/confd/pkg/resource/template/template_funcs_test.go index d319014f108..1036465fe13 100644 --- a/confd/pkg/resource/template/template_funcs_test.go +++ b/confd/pkg/resource/template/template_funcs_test.go @@ -269,7 +269,7 @@ func Test_IPPoolsFilterBIRDFunc_NoIPPool(t *testing.T) { for _, ipfamily := range []int{4, 6} { for _, action := range []string{"", "accept", "reject"} { for _, forKernel := range []bool{true, false} { - generated, err := IPPoolsFilterBIRDFunc(kvps, action, forKernel, ipfamily) + generated, err := IPPoolsFilterBIRDFunc(kvps, action, forKernel, "", ipfamily) if err != nil { t.Errorf("Unexpected error while generating BIRD IPPool filter: %s", err) } @@ -286,8 +286,8 @@ func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV4(t *testing.T) { // IPv4 IPIP Encapsulation cases. ` if (net ~ 10.10.0.0/16) then { krt_tunnel="tunl0"; accept; }`, ` if (net ~ 10.11.0.0/16) then { krt_tunnel="tunl0"; accept; }`, - ` if (net ~ 10.12.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.12.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, - ` if (net ~ 10.13.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.13.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, + ` if (net ~ 10.12.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 1.1.1.0/24)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, + ` if (net ~ 10.13.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 1.1.1.0/24)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; }`, // IPv4 No-Encapsulation case. ` if (net ~ 10.14.0.0/16) then { krt_tunnel=""; accept; }`, ` if (net ~ 10.15.0.0/16) then { krt_tunnel=""; accept; }`, @@ -297,7 +297,7 @@ func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV4(t *testing.T) { ` if (net ~ 10.18.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, ` if (net ~ 10.19.0.0/16) then { reject; } # VXLAN routes are handled by Felix.`, } - testExpectedIPPoolStatments(t, poolsTestsV4, expectedStatements, true, 4) + testExpectedIPPoolStatments(t, poolsTestsV4, expectedStatements, true, "1.1.1.0/24", 4) } func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV6(t *testing.T) { @@ -316,7 +316,7 @@ func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV6(t *testing.T) { ` if (net ~ dead:beef:9::/64) then { reject; } # VXLAN routes are handled by Felix.`, ` if (net ~ dead:beef:10::/64) then { reject; } # VXLAN routes are handled by Felix.`, } - testExpectedIPPoolStatments(t, poolsTestsV6, expectedStatements, true, 6) + testExpectedIPPoolStatments(t, poolsTestsV6, expectedStatements, true, "", 6) } func Test_IPPoolsFilterBIRDFunc_BGPPeeringV4(t *testing.T) { @@ -335,7 +335,7 @@ func Test_IPPoolsFilterBIRDFunc_BGPPeeringV4(t *testing.T) { ` if (net ~ 10.18.0.0/16) then { accept; }`, ` if (net ~ 10.19.0.0/16) then { reject; } # BGP export is disabled.`, } - testExpectedIPPoolStatments(t, poolsTestsV4, expectedStatements, false, 4) + testExpectedIPPoolStatments(t, poolsTestsV4, expectedStatements, false, "", 4) } func Test_IPPoolsFilterBIRDFunc_BGPPeeringV6(t *testing.T) { @@ -354,7 +354,7 @@ func Test_IPPoolsFilterBIRDFunc_BGPPeeringV6(t *testing.T) { ` if (net ~ dead:beef:9::/64) then { accept; }`, ` if (net ~ dead:beef:10::/64) then { reject; } # BGP export is disabled.`, } - testExpectedIPPoolStatments(t, poolsTestsV6, expectedStatements, false, 6) + testExpectedIPPoolStatments(t, poolsTestsV6, expectedStatements, false, "", 6) } func testExpectedIPPoolStatments( @@ -362,12 +362,13 @@ func testExpectedIPPoolStatments( tcs []ippoolTestCase, expectedStatements []string, forProgrammingKernel bool, + localSubnet string, ipVersion int, ) { kvps := ippoolTestCasesToKVPairs(t, tcs) for _, filterAction := range []string{"", "accept", "reject"} { expected := filterExpectedStatements(expectedStatements, filterAction) - generated, err := IPPoolsFilterBIRDFunc(kvps, filterAction, forProgrammingKernel, ipVersion) + generated, err := IPPoolsFilterBIRDFunc(kvps, filterAction, forProgrammingKernel, localSubnet, ipVersion) if err != nil { t.Errorf("Unexpected error while generating BIRD IPPool filter: %s", err) } diff --git a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg index fe01e2d5d8d..4849bd9d8ee 100644 --- a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg @@ -26,8 +26,9 @@ function accept_enabled_pools() { if (net ~ 192.168.0.0/16) then { accept; } } + function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 192.168.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; } + if (net ~ 192.168.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.192.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { diff --git a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg index 9cd5177f954..e75994d24d6 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg @@ -26,8 +26,8 @@ function accept_enabled_pools() { if (net ~ 192.168.0.0/16) then { accept; } } + function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } } function calico_export_to_bgp_peers(bool internal_peer) { From 05caa8391fedfe3bda7731456cfb991415c5ac04 Mon Sep 17 00:00:00 2001 From: Mazdak Nasab Date: Mon, 9 Feb 2026 13:29:52 -0800 Subject: [PATCH 4/5] embed filters --- .../confd/templates/bird6_ipam.cfg.template | 40 ++++++++-------- .../confd/templates/bird_ipam.cfg.template | 46 +++++++++---------- confd/pkg/resource/template/template_funcs.go | 14 ------ .../resource/template/template_funcs_test.go | 17 ------- .../export_only/explicit_peer/bird6.cfg | 2 + .../export_only/explicit_peer/bird6_ipam.cfg | 20 +++----- .../export_only/explicit_peer/bird_ipam.cfg | 21 +++------ .../export_only/global_peer/bird6.cfg | 2 + .../export_only/global_peer/bird6_ipam.cfg | 20 +++----- .../export_only/global_peer/bird_ipam.cfg | 21 +++------ .../bgpfilter/filter_deletion/step1/bird6.cfg | 2 + .../filter_deletion/step1/bird6_ipam.cfg | 20 +++----- .../filter_deletion/step1/bird_ipam.cfg | 21 +++------ .../bgpfilter/filter_deletion/step2/bird6.cfg | 2 + .../filter_deletion/step2/bird6_ipam.cfg | 20 +++----- .../filter_deletion/step2/bird_ipam.cfg | 21 +++------ .../bgpfilter/filter_names/bird6.cfg | 2 + .../bgpfilter/filter_names/bird6_ipam.cfg | 20 +++----- .../bgpfilter/filter_names/bird_ipam.cfg | 21 +++------ .../import_only/explicit_peer/bird6.cfg | 2 + .../import_only/explicit_peer/bird6_ipam.cfg | 20 +++----- .../import_only/explicit_peer/bird_ipam.cfg | 21 +++------ .../import_only/global_peer/bird6.cfg | 2 + .../import_only/global_peer/bird6_ipam.cfg | 20 +++----- .../import_only/global_peer/bird_ipam.cfg | 21 +++------ .../bgpfilter/match_interface/bird6.cfg | 2 + .../bgpfilter/match_interface/bird6_ipam.cfg | 20 +++----- .../bgpfilter/match_interface/bird_ipam.cfg | 21 +++------ .../bgpfilter/match_operators/bird6.cfg | 2 + .../bgpfilter/match_operators/bird6_ipam.cfg | 20 +++----- .../bgpfilter/match_operators/bird_ipam.cfg | 21 +++------ .../bgpfilter/match_source/bird6.cfg | 2 + .../bgpfilter/match_source/bird6_ipam.cfg | 20 +++----- .../bgpfilter/match_source/bird_ipam.cfg | 21 +++------ .../multi_filter/explicit_peer/bird6.cfg | 2 + .../multi_filter/explicit_peer/bird6_ipam.cfg | 20 +++----- .../multi_filter/explicit_peer/bird_ipam.cfg | 21 +++------ .../multi_filter/global_peer/bird6.cfg | 2 + .../multi_filter/global_peer/bird6_ipam.cfg | 20 +++----- .../multi_filter/global_peer/bird_ipam.cfg | 21 +++------ .../bgpfilter/node_mesh/bird6.cfg | 2 + .../bgpfilter/node_mesh/bird6_ipam.cfg | 20 +++----- .../bgpfilter/node_mesh/bird_ipam.cfg | 21 +++------ .../single_filter/explicit_peer/bird6.cfg | 2 + .../explicit_peer/bird6_ipam.cfg | 20 +++----- .../single_filter/explicit_peer/bird_ipam.cfg | 21 +++------ .../single_filter/global_peer/bird6.cfg | 2 + .../single_filter/global_peer/bird6_ipam.cfg | 20 +++----- .../single_filter/global_peer/bird_ipam.cfg | 21 +++------ .../bgpfilter/v4_only/explicit_peer/bird6.cfg | 2 + .../v4_only/explicit_peer/bird6_ipam.cfg | 20 +++----- .../v4_only/explicit_peer/bird_ipam.cfg | 21 +++------ .../bgpfilter/v4_only/global_peer/bird6.cfg | 2 + .../v4_only/global_peer/bird6_ipam.cfg | 20 +++----- .../v4_only/global_peer/bird_ipam.cfg | 21 +++------ .../bgpfilter/v6_only/explicit_peer/bird6.cfg | 2 + .../v6_only/explicit_peer/bird6_ipam.cfg | 20 +++----- .../v6_only/explicit_peer/bird_ipam.cfg | 21 +++------ .../bgpfilter/v6_only/global_peer/bird6.cfg | 2 + .../v6_only/global_peer/bird6_ipam.cfg | 20 +++----- .../v6_only/global_peer/bird_ipam.cfg | 21 +++------ .../global-external/bird6.cfg | 1 + .../global-external/bird6_ipam.cfg | 20 +++----- .../global-external/bird_ipam.cfg | 23 ++++------ .../explicit_peering/global-ipv6/bird6.cfg | 2 + .../global-ipv6/bird6_ipam.cfg | 22 ++++----- .../global-ipv6/bird_ipam.cfg | 23 ++++------ .../explicit_peering/global/bird6.cfg | 1 + .../explicit_peering/global/bird6_ipam.cfg | 20 +++----- .../explicit_peering/global/bird_ipam.cfg | 23 ++++------ .../keepnexthop-global/bird6.cfg | 2 + .../keepnexthop-global/bird6_ipam.cfg | 20 +++----- .../keepnexthop-global/bird_ipam.cfg | 23 ++++------ .../explicit_peering/keepnexthop/bird6.cfg | 2 + .../keepnexthop/bird6_ipam.cfg | 20 +++----- .../keepnexthop/bird_ipam.cfg | 23 ++++------ .../local-as-global-ipv6/bird6_ipam.cfg | 22 ++++----- .../local-as-global-ipv6/bird_ipam.cfg | 23 ++++------ .../local-as-global/bird6.cfg | 1 + .../local-as-global/bird6_ipam.cfg | 20 +++----- .../local-as-global/bird_ipam.cfg | 23 ++++------ .../local-as-ipv6/bird6_ipam.cfg | 22 ++++----- .../local-as-ipv6/bird_ipam.cfg | 23 ++++------ .../explicit_peering/local-as/bird6.cfg | 1 + .../explicit_peering/local-as/bird6_ipam.cfg | 20 +++----- .../explicit_peering/local-as/bird_ipam.cfg | 23 ++++------ .../explicit_peering/local_bgp_peer/bird6.cfg | 2 + .../local_bgp_peer/bird6_ipam.cfg | 20 +++----- .../local_bgp_peer/bird_ipam.cfg | 21 +++------ .../route_reflector/bird6.cfg | 2 + .../route_reflector/bird6_ipam.cfg | 20 +++----- .../route_reflector/bird_ipam.cfg | 23 ++++------ .../route_reflector_v6_by_ip/bird6_ipam.cfg | 20 +++----- .../route_reflector_v6_by_ip/bird_ipam.cfg | 23 ++++------ .../explicit_peering/selectors/bird6.cfg | 2 + .../explicit_peering/selectors/bird6_ipam.cfg | 20 +++----- .../explicit_peering/selectors/bird_ipam.cfg | 23 ++++------ .../selectors/step2/bird6.cfg | 2 + .../selectors/step2/bird6_ipam.cfg | 20 +++----- .../selectors/step2/bird_ipam.cfg | 23 ++++------ .../explicit_peering/specific_node/bird6.cfg | 1 + .../specific_node/bird6_ipam.cfg | 20 +++----- .../specific_node/bird_ipam.cfg | 23 ++++------ .../ignored_interfaces/bird6.cfg | 2 + .../ignored_interfaces/bird6_ipam.cfg | 20 +++----- .../ignored_interfaces/bird_ipam.cfg | 21 +++------ .../mesh/bgp-export/bird6.cfg | 1 + .../mesh/bgp-export/bird6_ipam.cfg | 29 +++++------- .../mesh/bgp-export/bird_ipam.cfg | 30 ++++++------ .../mesh/communities/bird6.cfg | 1 + .../mesh/communities/bird6_ipam.cfg | 20 +++----- .../mesh/communities/bird_ipam.cfg | 23 ++++------ .../mesh/communities/step2/bird6.cfg | 1 + .../mesh/communities/step2/bird6_ipam.cfg | 20 +++----- .../mesh/communities/step2/bird_ipam.cfg | 23 ++++------ .../mesh/hash/bird6_ipam.cfg | 20 +++----- .../mesh/hash/bird_ipam.cfg | 23 ++++------ .../mesh/ipip-always/bird6.cfg | 1 + .../mesh/ipip-always/bird6_ipam.cfg | 20 +++----- .../mesh/ipip-always/bird_ipam.cfg | 23 ++++------ .../mesh/ipip-cross-subnet/bird6.cfg | 1 + .../mesh/ipip-cross-subnet/bird6_ipam.cfg | 20 +++----- .../mesh/ipip-cross-subnet/bird_ipam.cfg | 24 ++++------ .../mesh/ipip-off/bird6.cfg | 2 + .../mesh/ipip-off/bird6_ipam.cfg | 22 ++++----- .../mesh/ipip-off/bird_ipam.cfg | 23 ++++------ .../mesh/password/step1/bird6.cfg | 2 + .../mesh/password/step1/bird6_ipam.cfg | 22 ++++----- .../mesh/password/step1/bird_ipam.cfg | 23 ++++------ .../mesh/password/step2/bird6.cfg | 2 + .../mesh/password/step2/bird6_ipam.cfg | 22 ++++----- .../mesh/password/step2/bird_ipam.cfg | 23 ++++------ .../mesh/password/step3/bird6.cfg | 2 + .../mesh/password/step3/bird6_ipam.cfg | 22 ++++----- .../mesh/password/step3/bird_ipam.cfg | 23 ++++------ .../mesh/restart-time/bird6.cfg | 2 + .../mesh/restart-time/bird6_ipam.cfg | 22 ++++----- .../mesh/restart-time/bird_ipam.cfg | 23 ++++------ .../route-reflector-mesh-enabled/bird6.cfg | 2 + .../bird6_ipam.cfg | 20 +++----- .../bird_ipam.cfg | 23 ++++------ .../mesh/static-routes-exclude-node/bird6.cfg | 2 + .../static-routes-exclude-node/bird6_ipam.cfg | 21 +++------ .../static-routes-exclude-node/bird_ipam.cfg | 24 ++++------ .../step2/bird6.cfg | 2 + .../step2/bird6_ipam.cfg | 20 +++----- .../step2/bird_ipam.cfg | 23 ++++------ .../bird6_ipam.cfg | 20 +++----- .../bird_ipam.cfg | 23 ++++------ .../mesh/static-routes/bird6.cfg | 2 + .../mesh/static-routes/bird6_ipam.cfg | 21 +++------ .../mesh/static-routes/bird_ipam.cfg | 24 ++++------ .../mesh/static-routes/step2/bird6.cfg | 2 + .../mesh/static-routes/step2/bird6_ipam.cfg | 20 +++----- .../mesh/static-routes/step2/bird_ipam.cfg | 23 ++++------ .../mesh/vxlan-always/bird6_ipam.cfg | 22 ++++----- .../mesh/vxlan-always/bird_ipam.cfg | 23 ++++------ .../next_hop_mode/global_peers/bird6.cfg | 2 + .../next_hop_mode/global_peers/bird6_ipam.cfg | 20 +++----- .../next_hop_mode/global_peers/bird_ipam.cfg | 21 +++------ .../next_hop_mode/route_reflectors/bird6.cfg | 2 + .../route_reflectors/bird6_ipam.cfg | 20 +++----- .../route_reflectors/bird_ipam.cfg | 21 +++------ .../password-deadlock/bird6_ipam.cfg | 20 +++----- .../password-deadlock/bird_ipam.cfg | 21 +++------ .../password/step1/bird6.cfg | 2 + .../password/step1/bird6_ipam.cfg | 20 +++----- .../password/step1/bird_ipam.cfg | 21 +++------ .../password/step2/bird6.cfg | 2 + .../password/step2/bird6_ipam.cfg | 20 +++----- .../password/step2/bird_ipam.cfg | 21 +++------ .../password/step3/bird6.cfg | 2 + .../password/step3/bird6_ipam.cfg | 20 +++----- .../password/step3/bird_ipam.cfg | 21 +++------ .../password/step4/bird6.cfg | 2 + .../password/step4/bird6_ipam.cfg | 20 +++----- .../password/step4/bird_ipam.cfg | 21 +++------ .../password/step5/bird6.cfg | 2 + .../password/step5/bird6_ipam.cfg | 20 +++----- .../password/step5/bird_ipam.cfg | 21 +++------ .../password/step6/bird6.cfg | 2 + .../password/step6/bird6_ipam.cfg | 20 +++----- .../password/step6/bird_ipam.cfg | 21 +++------ .../reachable_by/global_peers/bird6.cfg | 2 + .../reachable_by/global_peers/bird6_ipam.cfg | 20 +++----- .../reachable_by/global_peers/bird_ipam.cfg | 21 +++------ .../reachable_by/route_reflectors/bird6.cfg | 2 + .../route_reflectors/bird6_ipam.cfg | 20 +++----- .../route_reflectors/bird_ipam.cfg | 21 +++------ .../reverse_peering/auto/bird6.cfg | 2 + .../reverse_peering/auto/bird6_ipam.cfg | 20 +++----- .../reverse_peering/auto/bird_ipam.cfg | 21 +++------ .../reverse_peering/manual/bird6.cfg | 2 + .../reverse_peering/manual/bird6_ipam.cfg | 20 +++----- .../reverse_peering/manual/bird_ipam.cfg | 21 +++------ .../step1/bird6.cfg | 1 + .../step1/bird6_ipam.cfg | 20 +++----- .../step1/bird_ipam.cfg | 21 +++------ .../step2/bird6.cfg | 1 + .../step2/bird6_ipam.cfg | 20 +++----- .../step2/bird_ipam.cfg | 21 +++------ .../step3/bird6.cfg | 1 + .../step3/bird6_ipam.cfg | 20 +++----- .../step3/bird_ipam.cfg | 21 +++------ .../ttl_security/explicit_node/bird6.cfg | 2 + .../ttl_security/explicit_node/bird6_ipam.cfg | 20 +++----- .../ttl_security/explicit_node/bird_ipam.cfg | 21 +++------ .../ttl_security/global/bird6.cfg | 2 + .../ttl_security/global/bird6_ipam.cfg | 20 +++----- .../ttl_security/global/bird_ipam.cfg | 21 +++------ .../ttl_security/peer_selector/bird6.cfg | 2 + .../ttl_security/peer_selector/bird6_ipam.cfg | 20 +++----- .../ttl_security/peer_selector/bird_ipam.cfg | 21 +++------ 213 files changed, 1188 insertions(+), 2101 deletions(-) diff --git a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template index ca3d4e4d77b..b290f7b2168 100644 --- a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template @@ -1,4 +1,11 @@ # Generated by confd +function reject_disabled_pools () +{ +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "reject" false "" 6 }} +{{ $line }} +{{- end}} +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,26 +25,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "reject" false "" 6 }} -{{ $line }} -{{- end }} -} - -function accept_enabled_pools() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "accept" false "" 6 }} -{{ $line }} -{{- end }} -} - -function program_pools_to_kernel() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "" true "" 6 }} -{{ $line }} -{{- end }} -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -45,8 +36,6 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); - {{- $static_key := "/staticroutesv6"}} {{- if ls $static_key}} @@ -71,18 +60,25 @@ function calico_export_to_bgp_peers(bool internal_peer) { {{- end}} {{- end}} {{- end}} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "accept" false "" 6 }} +{{ $line }} +{{- end }} } filter calico_kernel_programming { {{- $reject_key := "/rejectcidrsv6"}} {{- if ls $reject_key}} + # Don't program static routes into kernel. {{- range ls $reject_key}} {{- $parts := split . "-"}} {{- $cidr := join $parts "/"}} if ( net ~ {{$cidr}} ) then { reject; } {{- end}} + +{{- end}} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "" true "" 6 }} +{{ $line }} {{- end}} - program_pools_to_kernel(); - accept; {{- /* Destination is not in any ipPool, accept */}} + accept; {{- /* Destination is not in any ipPool, accept */}} } diff --git a/confd/etc/calico/confd/templates/bird_ipam.cfg.template b/confd/etc/calico/confd/templates/bird_ipam.cfg.template index a220e6ff053..f2f82e1cdd2 100644 --- a/confd/etc/calico/confd/templates/bird_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird_ipam.cfg.template @@ -1,4 +1,11 @@ # Generated by confd +function reject_disabled_pools () +{ +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "reject" false "" 4 }} +{{ $line }} +{{- end}} +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,29 +25,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "reject" false "" 4 }} -{{ $line }} -{{- end }} -} - -function accept_enabled_pools() { -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "accept" false "" 4 }} -{{ $line }} -{{- end }} -} - -{{$network_key := printf "/bgp/v1/host/%s/network_v4" (getenv "NODENAME")}} -function program_pools_to_kernel() { -{{- if exists $network_key}}{{$network := getv $network_key}} -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "" true $network 4 }} -{{ $line }} -{{- end }} -{{- end}} -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -48,8 +36,6 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); - {{- $static_key := "/staticroutes"}} {{- if ls $static_key}} @@ -74,18 +60,28 @@ function calico_export_to_bgp_peers(bool internal_peer) { {{- end}} {{- end}} {{- end}} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "accept" false "" 4 }} +{{ $line }} +{{- end }} } +{{$network_key := printf "/bgp/v1/host/%s/network_v4" (getenv "NODENAME")}} filter calico_kernel_programming { {{- $reject_key := "/rejectcidrs"}} {{- if ls $reject_key}} + # Don't program static routes into kernel. {{- range ls $reject_key}} {{- $parts := split . "-"}} {{- $cidr := join $parts "/"}} if ( net ~ {{$cidr}} ) then { reject; } {{- end}} + +{{- end}} +{{- if exists $network_key}}{{$network := getv $network_key}} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v4/pool/*") "" true $network 4 }} +{{ $line }} +{{- end}} {{- end}} - program_pools_to_kernel(); - accept; {{- /* Destination is not in any ipPool, accept */}} + accept; {{- /* Destination is not in any ipPool, accept */}} } diff --git a/confd/pkg/resource/template/template_funcs.go b/confd/pkg/resource/template/template_funcs.go index 33e93810036..515d2c86580 100644 --- a/confd/pkg/resource/template/template_funcs.go +++ b/confd/pkg/resource/template/template_funcs.go @@ -14,7 +14,6 @@ import ( "github.com/kelseyhightower/memkv" v3 "github.com/projectcalico/api/pkg/apis/projectcalico/v3" - "github.com/sirupsen/logrus" "github.com/projectcalico/calico/confd/pkg/backends" "github.com/projectcalico/calico/libcalico-go/lib/backend/encap" @@ -491,23 +490,10 @@ func IPPoolsFilterBIRDFunc( } lines = append(lines, emitFilterStatementForIPPools(cidr, extraStatement, action, comment)) } - if len(lines) == 0 { - var line string - switch filterAction { - case "accept", "reject": - line = formatComment(fmt.Sprintf("No v%d %s filter generated", version, filterAction)) - case "": - line = formatComment(fmt.Sprintf("No v%d IPPool configured", version)) - default: - return nil, fmt.Errorf("unknown target action %s", filterAction) - } - lines = append(lines, line) - } return lines, nil } func extraStatementForKernelProgrammingIPIPNoEncap(ipipMode encap.Mode, localSubnet string) string { - logrus.Infof("pepper %v", localSubnet) switch v3.EncapMode(ipipMode) { case v3.Always: return `krt_tunnel="tunl0";` diff --git a/confd/pkg/resource/template/template_funcs_test.go b/confd/pkg/resource/template/template_funcs_test.go index 1036465fe13..b4560068541 100644 --- a/confd/pkg/resource/template/template_funcs_test.go +++ b/confd/pkg/resource/template/template_funcs_test.go @@ -264,23 +264,6 @@ var ( } ) -func Test_IPPoolsFilterBIRDFunc_NoIPPool(t *testing.T) { - kvps := ippoolTestCasesToKVPairs(t, nil) - for _, ipfamily := range []int{4, 6} { - for _, action := range []string{"", "accept", "reject"} { - for _, forKernel := range []bool{true, false} { - generated, err := IPPoolsFilterBIRDFunc(kvps, action, forKernel, "", ipfamily) - if err != nil { - t.Errorf("Unexpected error while generating BIRD IPPool filter: %s", err) - } - if len(generated) != 1 || !strings.HasPrefix(generated[0], "# ") { - t.Errorf("Expected exactly one comment but received: %s", generated) - } - } - } - } -} - func Test_IPPoolsFilterBIRDFunc_KernelProgrammingV4(t *testing.T) { expectedStatements := []string{ // IPv4 IPIP Encapsulation cases. diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6.cfg index a88604fc9a6..15c29057b00 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6.cfg @@ -100,3 +100,5 @@ protocol bgp Node_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/explicit_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6.cfg index aeeb6bfe467..2e9d4c963a0 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6.cfg @@ -93,3 +93,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/export_only/global_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6.cfg index 031c0b150d0..48b80f2acbd 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6.cfg @@ -101,3 +101,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step1/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6.cfg index bd59021816b..efb00b46f3c 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_deletion/step2/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_names/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/filter_names/bird6.cfg index e19e7ff8a9b..c408ba27b5f 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_names/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_names/bird6.cfg @@ -123,3 +123,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_names/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/filter_names/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/filter_names/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/filter_names/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/filter_names/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6.cfg index 5e1b3dd42a5..74d1a0c87b4 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6.cfg @@ -100,3 +100,5 @@ protocol bgp Node_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/explicit_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6.cfg index ab2fd13bfec..f2910bde96b 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6.cfg @@ -93,3 +93,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/import_only/global_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_interface/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/match_interface/bird6.cfg index e687e3f432f..36310de54ec 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_interface/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_interface/bird6.cfg @@ -101,3 +101,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_interface/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_interface/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_interface/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_interface/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_interface/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_operators/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/match_operators/bird6.cfg index 39450de3c78..8d6c924251c 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_operators/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_operators/bird6.cfg @@ -101,3 +101,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_operators/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_operators/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_operators/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_operators/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_operators/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_source/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/match_source/bird6.cfg index 39e7b96a214..babf81190c8 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_source/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_source/bird6.cfg @@ -97,3 +97,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_source/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/match_source/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/match_source/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/match_source/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/match_source/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6.cfg index bf6830d114e..b936204b558 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6.cfg @@ -120,3 +120,5 @@ protocol bgp Global_2001__104 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/explicit_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6.cfg index 78de6f27714..1456bd0051e 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6.cfg @@ -118,3 +118,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/multi_filter/global_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6.cfg index d18d5a7ab62..c1e96fe5bed 100644 --- a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6.cfg @@ -93,3 +93,5 @@ protocol bgp Mesh_2001__104 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/node_mesh/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/node_mesh/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6.cfg index 0a04ac2599f..3ba314fbb85 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6.cfg @@ -114,3 +114,5 @@ protocol bgp Node_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/explicit_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6.cfg index 6d64d25bbde..be94806aed6 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6.cfg @@ -101,3 +101,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/single_filter/global_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6.cfg index a4efff4c4af..be0a9a9c185 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Node_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/explicit_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6.cfg index bd59021816b..efb00b46f3c 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v4_only/global_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6.cfg index 0d49a3e1223..874cf97136a 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6.cfg @@ -114,3 +114,5 @@ protocol bgp Node_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/explicit_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6.cfg index cd0ab6fc9ca..b9329fd6a75 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6.cfg @@ -101,3 +101,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird_ipam.cfg b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/bgpfilter/v6_only/global_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global-external/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/global-external/bird6.cfg index f242abbca13..d8fc709da3e 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-external/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-external/bird6.cfg @@ -46,3 +46,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-external/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-external/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6.cfg index 6f8cd0f5429..efd94428c07 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Global_2001__104 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg index c32930ad910..150fa05330b 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 2002::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/global/bird6.cfg index f242abbca13..d8fc709da3e 100644 --- a/confd/tests/compiled_templates/explicit_peering/global/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global/bird6.cfg @@ -46,3 +46,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6.cfg index 91e84b5fdb6..0ddcc956719 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6.cfg @@ -73,3 +73,5 @@ protocol bgp Global_ac13__57_port_50 from bgp_template { }; # Only want to export routes for workloads. next hop keep; } + + diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop-global/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6.cfg index bc046a60e83..658e12d2b6d 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6.cfg @@ -73,3 +73,5 @@ protocol bgp Node_ac13__57_port_50 from bgp_template { }; # Only want to export routes for workloads. next hop keep; } + + diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/keepnexthop/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg index c32930ad910..150fa05330b 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 2002::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6.cfg index f242abbca13..d8fc709da3e 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6.cfg @@ -46,3 +46,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg index c32930ad910..150fa05330b 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 2002::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/local-as/bird6.cfg index 2317b8ef6c3..79551934020 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as/bird6.cfg @@ -44,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6.cfg index c5069273f60..a9b763a8410 100644 --- a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6.cfg @@ -92,3 +92,5 @@ protocol bgp Local_Workload_fd00_10_244_0_586d_4461_e980_a286 from bgp_template }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local_bgp_peer/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6.cfg index ac6b83874f9..e075e7d8b4d 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6.cfg @@ -102,3 +102,5 @@ protocol bgp Node_fe0a__4 from bgp_template { rr client; rr cluster id 10.0.0.1; } + + diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/route_reflector_v6_by_ip/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/bird6.cfg index f20e41896c1..db6313ad243 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Node_fd5f__4 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6.cfg index 0a9b2c1d763..8e9d72065a6 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Node_fd5f__4 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/selectors/step2/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/specific_node/bird6.cfg b/confd/tests/compiled_templates/explicit_peering/specific_node/bird6.cfg index 2317b8ef6c3..79551934020 100644 --- a/confd/tests/compiled_templates/explicit_peering/specific_node/bird6.cfg +++ b/confd/tests/compiled_templates/explicit_peering/specific_node/bird6.cfg @@ -44,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/specific_node/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/specific_node/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/ignored_interfaces/bird6.cfg b/confd/tests/compiled_templates/ignored_interfaces/bird6.cfg index 653956e20a6..5a87108a0e7 100644 --- a/confd/tests/compiled_templates/ignored_interfaces/bird6.cfg +++ b/confd/tests/compiled_templates/ignored_interfaces/bird6.cfg @@ -72,3 +72,5 @@ protocol bgp Mesh_2001__104 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg b/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ignored_interfaces/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ignored_interfaces/bird_ipam.cfg b/confd/tests/compiled_templates/ignored_interfaces/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/ignored_interfaces/bird_ipam.cfg +++ b/confd/tests/compiled_templates/ignored_interfaces/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/bgp-export/bird6.cfg b/confd/tests/compiled_templates/mesh/bgp-export/bird6.cfg index 2317b8ef6c3..79551934020 100644 --- a/confd/tests/compiled_templates/mesh/bgp-export/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/bgp-export/bird6.cfg @@ -44,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg index 10c3b775499..cbda84a42d4 100644 --- a/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg @@ -1,4 +1,9 @@ # Generated by confd +function reject_disabled_pools () +{ + if (net ~ 2002:102::/64) then { reject; } # BGP export is disabled. +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,23 +23,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { - if (net ~ 2002:102::/64) then { reject; } # BGP export is disabled. -} - -function accept_enabled_pools() { - if (net ~ 2002:101::/64) then { accept; } - if (net ~ 2002:103::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002:101::/64) then { accept; } - if (net ~ 2002:102::/64) then { accept; } - if (net ~ 2002:103::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -42,10 +34,13 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002:101::/64) then { accept; } + if (net ~ 2002:103::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002:101::/64) then { accept; } + if (net ~ 2002:102::/64) then { accept; } + if (net ~ 2002:103::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg index b6250339d3a..105a59547cb 100644 --- a/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/bgp-export/bird_ipam.cfg @@ -1,4 +1,9 @@ # Generated by confd +function reject_disabled_pools () +{ + if (net ~ 192.168.2.0/24) then { reject; } # BGP export is disabled. +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,23 +23,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { - if (net ~ 192.168.2.0/24) then { reject; } # BGP export is disabled. -} - -function accept_enabled_pools() { - if (net ~ 192.168.1.0/24) then { accept; } - if (net ~ 192.168.3.0/24) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.1.0/24) then { krt_tunnel=""; accept; } - if (net ~ 192.168.2.0/24) then { krt_tunnel=""; accept; } - if (net ~ 192.168.3.0/24) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -42,10 +34,14 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.1.0/24) then { accept; } + if (net ~ 192.168.3.0/24) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.1.0/24) then { krt_tunnel=""; accept; } + if (net ~ 192.168.2.0/24) then { krt_tunnel=""; accept; } + if (net ~ 192.168.3.0/24) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/communities/bird6.cfg b/confd/tests/compiled_templates/mesh/communities/bird6.cfg index be66ce71c66..3f691ca970e 100644 --- a/confd/tests/compiled_templates/mesh/communities/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/communities/bird6.cfg @@ -49,3 +49,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg index fb98265c12a..3ca4ae7db92 100644 --- a/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/communities/step2/bird6.cfg b/confd/tests/compiled_templates/mesh/communities/step2/bird6.cfg index 0e11c8ef3bc..34ecd5163ba 100644 --- a/confd/tests/compiled_templates/mesh/communities/step2/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/communities/step2/bird6.cfg @@ -49,3 +49,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/step2/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg index fb98265c12a..3ca4ae7db92 100644 --- a/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/communities/step2/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/hash/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg index fb98265c12a..3ca4ae7db92 100644 --- a/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/hash/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-always/bird6.cfg b/confd/tests/compiled_templates/mesh/ipip-always/bird6.cfg index 2317b8ef6c3..79551934020 100644 --- a/confd/tests/compiled_templates/mesh/ipip-always/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-always/bird6.cfg @@ -44,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-always/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-always/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6.cfg b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6.cfg index 2317b8ef6c3..79551934020 100644 --- a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6.cfg @@ -44,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg index 4849bd9d8ee..c76bff0f382 100644 --- a/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-cross-subnet/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,21 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.192.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -40,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { if (defined(bgp_next_hop)&&(bgp_next_hop ~ 10.192.0.0/16)) then krt_tunnel=""; else krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-off/bird6.cfg b/confd/tests/compiled_templates/mesh/ipip-off/bird6.cfg index 17beb4475ff..22377411dc6 100644 --- a/confd/tests/compiled_templates/mesh/ipip-off/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-off/bird6.cfg @@ -80,3 +80,5 @@ protocol bgp Mesh_2001__104 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg index c32930ad910..150fa05330b 100644 --- a/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 2002::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg index fb98265c12a..3ca4ae7db92 100644 --- a/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-off/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step1/bird6.cfg b/confd/tests/compiled_templates/mesh/password/step1/bird6.cfg index 17beb4475ff..22377411dc6 100644 --- a/confd/tests/compiled_templates/mesh/password/step1/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/password/step1/bird6.cfg @@ -80,3 +80,5 @@ protocol bgp Mesh_2001__104 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg index c32930ad910..150fa05330b 100644 --- a/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 2002::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg index fb98265c12a..3ca4ae7db92 100644 --- a/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step1/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step2/bird6.cfg b/confd/tests/compiled_templates/mesh/password/step2/bird6.cfg index f1e5d60f4bf..ca4cf3d9c6c 100644 --- a/confd/tests/compiled_templates/mesh/password/step2/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/password/step2/bird6.cfg @@ -82,3 +82,5 @@ protocol bgp Mesh_2001__104 from bgp_template { passive on; password "password-a"; } + + diff --git a/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg index c32930ad910..150fa05330b 100644 --- a/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 2002::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg index fb98265c12a..3ca4ae7db92 100644 --- a/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step2/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step3/bird6.cfg b/confd/tests/compiled_templates/mesh/password/step3/bird6.cfg index 8c53cb42594..2c69dbf5c86 100644 --- a/confd/tests/compiled_templates/mesh/password/step3/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/password/step3/bird6.cfg @@ -82,3 +82,5 @@ protocol bgp Mesh_2001__104 from bgp_template { passive on; password "new-password-a"; } + + diff --git a/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg index c32930ad910..150fa05330b 100644 --- a/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 2002::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg index fb98265c12a..3ca4ae7db92 100644 --- a/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step3/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/restart-time/bird6.cfg b/confd/tests/compiled_templates/mesh/restart-time/bird6.cfg index 28bd59ef9cc..dc6061077ef 100644 --- a/confd/tests/compiled_templates/mesh/restart-time/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/restart-time/bird6.cfg @@ -82,3 +82,5 @@ protocol bgp Mesh_2001__104 from bgp_template { passive on; graceful restart time 10; } + + diff --git a/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg index c32930ad910..150fa05330b 100644 --- a/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 2002::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 2002::/64) then { accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 2002::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg index fb98265c12a..3ca4ae7db92 100644 --- a/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/restart-time/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel=""; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6.cfg b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6.cfg index ad0121ba336..b65b0351298 100644 --- a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6.cfg @@ -83,3 +83,5 @@ protocol bgp Node_fe0a__6 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/route-reflector-mesh-enabled/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6.cfg index d7102792bf1..38cdf2e0762 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6.cfg @@ -81,3 +81,5 @@ protocol bgp Mesh_fdf5_10__4 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg index 1bc037bbcf9..4c7bd2a20a5 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,12 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { + # Don't program static routes into kernel. if ( net ~ fd00:96::/112 ) then { reject; } - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg index f2929ca74f9..c0a4898029c 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,12 +33,14 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { + # Don't program static routes into kernel. if ( net ~ 10.101.0.0/16 ) then { reject; } - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6.cfg index d7102792bf1..38cdf2e0762 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6.cfg @@ -81,3 +81,5 @@ protocol bgp Mesh_fdf5_10__4 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-exclude-node/step2/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg index e75994d24d6..f6d5c12d54b 100644 --- a/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes-no-ipv4-address/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - - -function program_pools_to_kernel() { -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,16 +33,17 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); # Export static routes. if ( net ~ 10.101.0.0/16 ) then { accept; } if ( net ~ 10.101.0.101/32 ) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { + # Don't program static routes into kernel. if ( net ~ 10.101.0.0/16 ) then { reject; } - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes/bird6.cfg b/confd/tests/compiled_templates/mesh/static-routes/bird6.cfg index d7102792bf1..38cdf2e0762 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/bird6.cfg @@ -81,3 +81,5 @@ protocol bgp Mesh_fdf5_10__4 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg index 4a5ea597d21..df4f18fe663 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,7 +33,6 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); # Export static routes. if ( net ~ fd00:96::/112 ) then { accept; } @@ -47,8 +40,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { + # Don't program static routes into kernel. if ( net ~ fd00:96::/112 ) then { reject; } - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg index 9faf52d0513..f49735015b9 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,18 +33,20 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); # Export static routes. if ( net ~ 10.101.0.0/16 ) then { accept; } if ( net ~ 10.101.0.101/32 ) then { accept; } if ( net ~ 80.15.0.0/24 ) then { accept; } + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { + # Don't program static routes into kernel. if ( net ~ 10.101.0.0/16 ) then { reject; } if ( net ~ 80.15.0.0/24 ) then { reject; } - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes/step2/bird6.cfg b/confd/tests/compiled_templates/mesh/static-routes/step2/bird6.cfg index d7102792bf1..38cdf2e0762 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/step2/bird6.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/step2/bird6.cfg @@ -81,3 +81,5 @@ protocol bgp Mesh_fdf5_10__4 from bgp_template { }; # Only want to export routes for workloads. passive on; } + + diff --git a/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/step2/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg index 094d5ef6a4a..cb7dcf8318b 100644 --- a/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/static-routes/step2/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { krt_tunnel="tunl0"; accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg index eaae848a6f2..14d183d493c 100644 --- a/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/vxlan-always/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ dead:beef::/64) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ dead:beef::/64) then { reject; } # VXLAN routes are handled by Felix. -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,10 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ dead:beef::/64) then { accept; } } filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ dead:beef::/64) then { reject; } # VXLAN routes are handled by Felix. accept; } diff --git a/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg b/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg index 0608fe4cc46..3aec5a40637 100644 --- a/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/vxlan-always/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { - if (net ~ 192.168.0.0/16) then { accept; } -} - -function program_pools_to_kernel() { - if (net ~ 192.168.0.0/16) then { reject; } # VXLAN routes are handled by Felix. -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,11 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); + if (net ~ 192.168.0.0/16) then { accept; } } + filter calico_kernel_programming { - program_pools_to_kernel(); + if (net ~ 192.168.0.0/16) then { reject; } # VXLAN routes are handled by Felix. accept; } diff --git a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6.cfg b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6.cfg index 7490a89c674..62dc185bd61 100644 --- a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6.cfg @@ -87,3 +87,5 @@ protocol bgp Global_ffee__11 from bgp_template { }; # Only want to export routes for workloads. next hop self; } + + diff --git a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/next_hop_mode/global_peers/bird_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/global_peers/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6.cfg b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6.cfg index d1ad6246de5..b89d4889825 100644 --- a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6.cfg @@ -113,3 +113,5 @@ protocol bgp Node_ffee__11 from bgp_template { }; # Only want to export routes for workloads. next hop self; } + + diff --git a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird_ipam.cfg b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird_ipam.cfg +++ b/confd/tests/compiled_templates/next_hop_mode/route_reflectors/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg b/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password-deadlock/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password-deadlock/bird_ipam.cfg b/confd/tests/compiled_templates/password-deadlock/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/password-deadlock/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password-deadlock/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step1/bird6.cfg b/confd/tests/compiled_templates/password/step1/bird6.cfg index 7c976c7ed1e..a4efdde987a 100644 --- a/confd/tests/compiled_templates/password/step1/bird6.cfg +++ b/confd/tests/compiled_templates/password/step1/bird6.cfg @@ -5,6 +5,7 @@ function apply_communities () # Generated by confd include "bird6_aggr.cfg"; include "bird6_ipam.cfg"; + router id 10.24.0.1; # Configure synchronization between routing tables and kernel. @@ -43,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step1/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step1/bird_ipam.cfg b/confd/tests/compiled_templates/password/step1/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/password/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step1/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step2/bird6.cfg b/confd/tests/compiled_templates/password/step2/bird6.cfg index 7c976c7ed1e..a4efdde987a 100644 --- a/confd/tests/compiled_templates/password/step2/bird6.cfg +++ b/confd/tests/compiled_templates/password/step2/bird6.cfg @@ -5,6 +5,7 @@ function apply_communities () # Generated by confd include "bird6_aggr.cfg"; include "bird6_ipam.cfg"; + router id 10.24.0.1; # Configure synchronization between routing tables and kernel. @@ -43,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step2/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step2/bird_ipam.cfg b/confd/tests/compiled_templates/password/step2/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/password/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step2/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step3/bird6.cfg b/confd/tests/compiled_templates/password/step3/bird6.cfg index 7c976c7ed1e..a4efdde987a 100644 --- a/confd/tests/compiled_templates/password/step3/bird6.cfg +++ b/confd/tests/compiled_templates/password/step3/bird6.cfg @@ -5,6 +5,7 @@ function apply_communities () # Generated by confd include "bird6_aggr.cfg"; include "bird6_ipam.cfg"; + router id 10.24.0.1; # Configure synchronization between routing tables and kernel. @@ -43,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step3/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step3/bird_ipam.cfg b/confd/tests/compiled_templates/password/step3/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/password/step3/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step3/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step4/bird6.cfg b/confd/tests/compiled_templates/password/step4/bird6.cfg index 7c976c7ed1e..a4efdde987a 100644 --- a/confd/tests/compiled_templates/password/step4/bird6.cfg +++ b/confd/tests/compiled_templates/password/step4/bird6.cfg @@ -5,6 +5,7 @@ function apply_communities () # Generated by confd include "bird6_aggr.cfg"; include "bird6_ipam.cfg"; + router id 10.24.0.1; # Configure synchronization between routing tables and kernel. @@ -43,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step4/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step4/bird_ipam.cfg b/confd/tests/compiled_templates/password/step4/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/password/step4/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step4/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step5/bird6.cfg b/confd/tests/compiled_templates/password/step5/bird6.cfg index 7c976c7ed1e..a4efdde987a 100644 --- a/confd/tests/compiled_templates/password/step5/bird6.cfg +++ b/confd/tests/compiled_templates/password/step5/bird6.cfg @@ -5,6 +5,7 @@ function apply_communities () # Generated by confd include "bird6_aggr.cfg"; include "bird6_ipam.cfg"; + router id 10.24.0.1; # Configure synchronization between routing tables and kernel. @@ -43,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step5/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step5/bird_ipam.cfg b/confd/tests/compiled_templates/password/step5/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/password/step5/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step5/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step6/bird6.cfg b/confd/tests/compiled_templates/password/step6/bird6.cfg index 7c976c7ed1e..a4efdde987a 100644 --- a/confd/tests/compiled_templates/password/step6/bird6.cfg +++ b/confd/tests/compiled_templates/password/step6/bird6.cfg @@ -5,6 +5,7 @@ function apply_communities () # Generated by confd include "bird6_aggr.cfg"; include "bird6_ipam.cfg"; + router id 10.24.0.1; # Configure synchronization between routing tables and kernel. @@ -43,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg b/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/password/step6/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/password/step6/bird_ipam.cfg b/confd/tests/compiled_templates/password/step6/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/password/step6/bird_ipam.cfg +++ b/confd/tests/compiled_templates/password/step6/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reachable_by/global_peers/bird6.cfg b/confd/tests/compiled_templates/reachable_by/global_peers/bird6.cfg index 1e019347bb6..9a4e73bd5d9 100644 --- a/confd/tests/compiled_templates/reachable_by/global_peers/bird6.cfg +++ b/confd/tests/compiled_templates/reachable_by/global_peers/bird6.cfg @@ -87,3 +87,5 @@ protocol bgp Global_ffee__11 from bgp_template { }; # Only want to export routes for workloads. next hop keep; } + + diff --git a/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg b/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/global_peers/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reachable_by/global_peers/bird_ipam.cfg b/confd/tests/compiled_templates/reachable_by/global_peers/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/reachable_by/global_peers/bird_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/global_peers/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6.cfg b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6.cfg index f7ff39a614d..0dde3f09e05 100644 --- a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6.cfg +++ b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6.cfg @@ -113,3 +113,5 @@ protocol bgp Node_ffee__11 from bgp_template { }; # Only want to export routes for workloads. next hop keep; } + + diff --git a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird_ipam.cfg b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/reachable_by/route_reflectors/bird_ipam.cfg +++ b/confd/tests/compiled_templates/reachable_by/route_reflectors/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reverse_peering/auto/bird6.cfg b/confd/tests/compiled_templates/reverse_peering/auto/bird6.cfg index df582d075df..2e75c4d52a3 100644 --- a/confd/tests/compiled_templates/reverse_peering/auto/bird6.cfg +++ b/confd/tests/compiled_templates/reverse_peering/auto/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Node_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/auto/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reverse_peering/auto/bird_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/auto/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/reverse_peering/auto/bird_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/auto/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reverse_peering/manual/bird6.cfg b/confd/tests/compiled_templates/reverse_peering/manual/bird6.cfg index 9ccdd11b138..953f3a2bb91 100644 --- a/confd/tests/compiled_templates/reverse_peering/manual/bird6.cfg +++ b/confd/tests/compiled_templates/reverse_peering/manual/bird6.cfg @@ -59,3 +59,5 @@ template bgp bgp_template { # -------------- BGP Filters ------------------ # No v6 BGPFilters configured # No BGP peers configured for this node + + diff --git a/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/manual/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/reverse_peering/manual/bird_ipam.cfg b/confd/tests/compiled_templates/reverse_peering/manual/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/reverse_peering/manual/bird_ipam.cfg +++ b/confd/tests/compiled_templates/reverse_peering/manual/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6.cfg index 027469e61f2..0d55cdb741a 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6.cfg @@ -44,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step1/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6.cfg index 027469e61f2..0d55cdb741a 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6.cfg @@ -44,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step2/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6.cfg index 027469e61f2..0d55cdb741a 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6.cfg @@ -44,3 +44,4 @@ protocol direct { } # IPv6 disabled on this node. + diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird_ipam.cfg b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird_ipam.cfg +++ b/confd/tests/compiled_templates/sourceaddr_gracefulrestart/step3/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/explicit_node/bird6.cfg b/confd/tests/compiled_templates/ttl_security/explicit_node/bird6.cfg index 9ccdd11b138..953f3a2bb91 100644 --- a/confd/tests/compiled_templates/ttl_security/explicit_node/bird6.cfg +++ b/confd/tests/compiled_templates/ttl_security/explicit_node/bird6.cfg @@ -59,3 +59,5 @@ template bgp bgp_template { # -------------- BGP Filters ------------------ # No v6 BGPFilters configured # No BGP peers configured for this node + + diff --git a/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/explicit_node/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/explicit_node/bird_ipam.cfg b/confd/tests/compiled_templates/ttl_security/explicit_node/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/ttl_security/explicit_node/bird_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/explicit_node/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/global/bird6.cfg b/confd/tests/compiled_templates/ttl_security/global/bird6.cfg index fd94da38d48..4f442493842 100644 --- a/confd/tests/compiled_templates/ttl_security/global/bird6.cfg +++ b/confd/tests/compiled_templates/ttl_security/global/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Global_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/global/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/global/bird_ipam.cfg b/confd/tests/compiled_templates/ttl_security/global/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/ttl_security/global/bird_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/global/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/peer_selector/bird6.cfg b/confd/tests/compiled_templates/ttl_security/peer_selector/bird6.cfg index 19aa91e6380..efa2d90c1e9 100644 --- a/confd/tests/compiled_templates/ttl_security/peer_selector/bird6.cfg +++ b/confd/tests/compiled_templates/ttl_security/peer_selector/bird6.cfg @@ -85,3 +85,5 @@ protocol bgp Node_2001__104 from bgp_template { reject; }; # Only want to export routes for workloads. } + + diff --git a/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg b/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg index 8906f8a48de..a4ddeb21e47 100644 --- a/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/peer_selector/bird6_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v6 reject filter generated -} - -function accept_enabled_pools() { -# No v6 accept filter generated -} - -function program_pools_to_kernel() { -# No v6 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,8 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } filter calico_kernel_programming { - program_pools_to_kernel(); accept; } diff --git a/confd/tests/compiled_templates/ttl_security/peer_selector/bird_ipam.cfg b/confd/tests/compiled_templates/ttl_security/peer_selector/bird_ipam.cfg index fb680e47e73..735fc295b8c 100644 --- a/confd/tests/compiled_templates/ttl_security/peer_selector/bird_ipam.cfg +++ b/confd/tests/compiled_templates/ttl_security/peer_selector/bird_ipam.cfg @@ -1,4 +1,8 @@ # Generated by confd +function reject_disabled_pools () +{ +} + function reject_tunnel_routes () { # Don't export tunnel routes to other nodes, Felix programs them. # IPIP routes are handled by Bird, and it does not re-advertise them. @@ -18,20 +22,10 @@ function reject_local_routes () { } } -function reject_disabled_pools() { -# No v4 reject filter generated -} - -function accept_enabled_pools() { -# No v4 accept filter generated -} - -function program_pools_to_kernel() { -# No v4 IPPool configured -} - function calico_export_to_bgp_peers(bool internal_peer) { # filter code terminates when it calls `accept;` or `reject;`, + # call reject_disabled_pools() first, then reject_tunnel_routes(), + # then apply_communities() and then calico_aggr() reject_disabled_pools(); if (internal_peer) then { reject_tunnel_routes(); @@ -39,10 +33,9 @@ function calico_export_to_bgp_peers(bool internal_peer) { reject_local_routes(); apply_communities(); calico_aggr(); - accept_enabled_pools(); } + filter calico_kernel_programming { - program_pools_to_kernel(); accept; } From c8c378deb163435ca3b46b297abce3a7e8ae3979 Mon Sep 17 00:00:00 2001 From: Mazdak Nasab Date: Wed, 11 Feb 2026 15:35:34 -0800 Subject: [PATCH 5/5] Address comments #1 --- confd/etc/calico/confd/templates/bird6_ipam.cfg.template | 2 +- confd/pkg/resource/template/template_funcs.go | 2 +- .../explicit_peering/global-ipv6/bird6_ipam.cfg | 1 - .../explicit_peering/local-as-global-ipv6/bird6_ipam.cfg | 1 - .../explicit_peering/local-as-ipv6/bird6_ipam.cfg | 1 - confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg | 3 --- confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg | 1 - .../compiled_templates/mesh/password/step1/bird6_ipam.cfg | 1 - .../compiled_templates/mesh/password/step2/bird6_ipam.cfg | 1 - .../compiled_templates/mesh/password/step3/bird6_ipam.cfg | 1 - .../tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg | 1 - 11 files changed, 2 insertions(+), 13 deletions(-) diff --git a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template index b290f7b2168..fcfecba2f36 100644 --- a/confd/etc/calico/confd/templates/bird6_ipam.cfg.template +++ b/confd/etc/calico/confd/templates/bird6_ipam.cfg.template @@ -77,7 +77,7 @@ filter calico_kernel_programming { {{- end}} {{- end}} -{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "" true "" 6 }} +{{- range $line := ippoolsFilterBIRDFunc (gets "/v1/ipam/v6/pool/*") "reject" true "" 6 }} {{ $line }} {{- end}} accept; {{- /* Destination is not in any ipPool, accept */}} diff --git a/confd/pkg/resource/template/template_funcs.go b/confd/pkg/resource/template/template_funcs.go index 515d2c86580..d81e5eac60f 100644 --- a/confd/pkg/resource/template/template_funcs.go +++ b/confd/pkg/resource/template/template_funcs.go @@ -409,7 +409,7 @@ func BGPFilterBIRDFuncs(pairs memkv.KVPairs, version int) ([]string, error) { // This function generates BIRD statements for IPPool resources to be used as BIRD filters based on the following input: // - pairs: IPPool resources packaged into KVPairs. // - filterAction: specified action to filter generated statements. For exporting pools to BGP peers, we need to -// first reject disabled ippool, and then accept the rest at the end after all other filters. Allowed values are +// first reject disabled ippools, and then accept the rest at the end after all other filters. Allowed values are // "accept", "reject", and "" (to not filter). // - forProgrammingKernel: Whether the generated statements are intended for programming routes to kernel or exporting to // other BGP Peers. As an example, we need to set "krt_tunnel" for programming IPIP and no-encap IPv4 routes. diff --git a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg index 150fa05330b..64a578bc047 100644 --- a/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/global-ipv6/bird6_ipam.cfg @@ -37,6 +37,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg index 150fa05330b..64a578bc047 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-global-ipv6/bird6_ipam.cfg @@ -37,6 +37,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg index 150fa05330b..64a578bc047 100644 --- a/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/explicit_peering/local-as-ipv6/bird6_ipam.cfg @@ -37,6 +37,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg index cbda84a42d4..e8fdfebb07d 100644 --- a/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/bgp-export/bird6_ipam.cfg @@ -39,8 +39,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002:101::/64) then { accept; } - if (net ~ 2002:102::/64) then { accept; } - if (net ~ 2002:103::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg index 150fa05330b..64a578bc047 100644 --- a/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/ipip-off/bird6_ipam.cfg @@ -37,6 +37,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg index 150fa05330b..64a578bc047 100644 --- a/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step1/bird6_ipam.cfg @@ -37,6 +37,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg index 150fa05330b..64a578bc047 100644 --- a/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step2/bird6_ipam.cfg @@ -37,6 +37,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg index 150fa05330b..64a578bc047 100644 --- a/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/password/step3/bird6_ipam.cfg @@ -37,6 +37,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002::/64) then { accept; } accept; } diff --git a/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg b/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg index 150fa05330b..64a578bc047 100644 --- a/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg +++ b/confd/tests/compiled_templates/mesh/restart-time/bird6_ipam.cfg @@ -37,6 +37,5 @@ function calico_export_to_bgp_peers(bool internal_peer) { } filter calico_kernel_programming { - if (net ~ 2002::/64) then { accept; } accept; }