Introduce new option to Capirca Arista traffic-policy generator:

- "destination_self" generates `destination prefix self unicast` match condition, which matches packets destined to the local router interfaces. This match condition is mutually exclusive to other `destination` conditions.

PiperOrigin-RevId: 840347750

Author: Capirca Team

capirca/lib/arista_tp.py

@@ -70,6 +70,9 @@ class AristaTpFragmentInV6Error(Error):
   pass
 
 
+class TooManyAddressAttributesError(Error):
+  pass
+
 class Config:
   """config allows a configuration to be assembled easily.
 
@@ -233,7 +236,7 @@ def __str__(self):
         self.term.hop_limit or self.term.port or self.term.protocol or
         self.term.protocol_except or self.term.source_address or
         self.term.source_address_exclude or self.term.source_port or
-        self.term.source_prefix or self.term.ttl )
+        self.term.source_prefix or self.term.ttl or self.term.destination_self)
 
     # if the term name is default-* we will render this into the
     # appropriate default term name to be used in this filter.
@@ -276,6 +279,20 @@ def __str__(self):
                 term=self.term.name, direction="source", af=self.term_type))
         return ""
 
+      # destination self
+      if self.term.destination_self:
+        if (
+            self.term.destination_address
+            or self.term.destination_address_exclude
+            or self.term.destination_prefix
+        ):
+          raise TooManyAddressAttributesError(
+              "'destination_self', 'destination_address', "
+              "'destination_address_exclude', and 'destination_prefix' "
+              "are mutually exclusive."
+          )
+        term_block.append([MATCH_INDENT, "destination prefix self unicast", False])
+
       # destination address
       dst_addr = self.term.GetAddressOfVersion("destination_address", term_af)
       dst_addr_ex = self.term.GetAddressOfVersion("destination_address_exclude",
@@ -771,6 +788,7 @@ def _BuildTokens(self):
         "destination_address_exclude",
         "destination_port",
         "destination_prefix",
+        "destination_self",
         "dscp_set",
         "expiration",
         "fragment_offset",

capirca/lib/policy.py

@@ -458,6 +458,7 @@ def __init__(self, obj):
     self.destination_address = []
     self.destination_address_exclude = []
     self.destination_port = []
+    self.destination_self = False
     self.destination_prefix = []
     self.filter_term = None
     self.forwarding_class = []
@@ -796,6 +797,8 @@ def __str__(self):
           '  destination_address_exclude: %s'
           % self._SortAddressesByFamily('destination_address_exclude')
       )
+    if self.destination_self:
+      ret_str.append('  destination_self: true')
     if self.destination_tag:
       ret_str.append('  destination_tag: %s' % self.destination_tag)
     if self.target_resources:
@@ -1120,6 +1123,9 @@ def __eq__(self, other):
     if sorted(self.destination_zone) != sorted(other.destination_zone):
       return False
 
+    if self.destination_self != other.destination_self:
+      return False
+
     return True
 
   def __ne__(self, other):
@@ -1335,6 +1341,9 @@ def AddObject(self, obj):
           self.source_zone.append(x.value)
         elif x.var_type is VarType.DZONE:
           self.destination_zone.append(x.value)
+        elif x.var_type is VarType.DESTINATION_SELF:
+          if x.value == 'true':
+            self.destination_self = True
         elif x.var_type is VarType.FORTIGATE_APPLICATION_ID:
           self.fortigate_application_id.append(x.value)
         else:
@@ -1444,6 +1453,9 @@ def AddObject(self, obj):
         self.target_service_accounts.append(obj.value)
       elif obj.var_type is VarType.FILTER_TERM:
         self.filter_term = obj.value
+      elif obj.var_type is VarType.DESTINATION_SELF:
+        if obj.value == 'true':
+          self.destination_self = True
       elif obj.var_type is VarType.FORTIGATE_APPLICATION_ID:
         self.fortigate_application_id.append(obj.value)
       else:
@@ -1816,6 +1828,7 @@ class VarType:
   POLICE_BURST = 74
   POLICE_PPS = 75
   FORTIGATE_APPLICATION_ID = 76
+  DESTINATION_SELF = 77
 
   def __init__(self, var_type, value):
     self.var_type = var_type
@@ -1993,6 +2006,7 @@ def __ne__(self, other):
     'DSCP_SET',
     'DTAG',
     'DZONE',
+    'DESTINATION_SELF',
     'ENCAPSULATE',
     'ESCAPEDSTRING',
     'ETHER_TYPE',
@@ -2085,6 +2099,7 @@ def __ne__(self, other):
     'destination-prefix': 'DPFX',
     'destination-prefix-except': 'EDPFX',
     'destination-port': 'DPORT',
+    'destination-self': 'DESTINATION_SELF',
     'destination-tag': 'DTAG',
     'destination-zone': 'DZONE',
     'dscp-except': 'DSCP_EXCEPT',
@@ -2283,6 +2298,7 @@ def p_term_spec(p):
   """term_spec : term_spec action_spec
 
   | term_spec addr_spec
+  | term_spec destination_self_spec
   | term_spec restrict_address_family_spec
   | term_spec comment_spec
   | term_spec counter_spec
@@ -2545,6 +2561,11 @@ def p_dscp_except_spec(p):
     p[0].append(VarType(VarType.DSCP_EXCEPT, dscp))
 
 
+def p_destination_self_spec(p):
+  """destination_self_spec : DESTINATION_SELF ':' ':' STRING"""
+  p[0] = VarType(VarType.DESTINATION_SELF, p[4])
+
+
 def p_exclude_spec(p):
   """exclude_spec : SADDREXCLUDE ':' ':' one_or_more_strings
 

capirca/lib/policy_simple.py

@@ -170,6 +170,10 @@ class DestinationPrefixExcept(Field):
   """A destination-prefix-except field."""
 
 
+class DestinationSelf(Field):
+  """A destination-self field."""
+
+
 class DestinationTag(Field):
   """A destination tag field."""
 
@@ -368,6 +372,7 @@ class ApplicationID(Field):
     'destination-port': DestinationPort,
     'destination-prefix': DestinationPrefix,
     'destination-prefix-except': DestinationPrefixExcept,
+    'destination-self': DestinationSelf,
     'destination-tag': DestinationTag,
     'destination-zone': DestinationZone,
     'dscp-match': DscpMatch,

tests/lib/arista_tp_test.py

@@ -271,6 +271,19 @@
   traffic-class:: 4
 }
 """
+GOOD_DST_SELF_TERM = """
+term good-dst-self-term {
+  destination-self:: true
+  action:: accept
+}
+"""
+BAD_DST_SELF_ADDR_TERM = """
+term bad-dst-self-addr-term {
+  destination-address:: SOME_HOST
+  destination-self:: true
+  action:: accept
+}
+"""
 NEXT_HOP_GROUP_TERM = """
 term next-hop-group-term {
   protocol:: tcp
@@ -638,6 +651,7 @@
     "destination_address_exclude",
     "destination_port",
     "destination_prefix",
+    "destination_self",
     "dscp_set",
     "expiration",
     "fragment_offset",
@@ -1401,6 +1415,20 @@ def testAnyMixed(self):
     self.assertIn("match ipv6-ANY_MIXED ipv6", output, output)
     self.assertIn("destination prefix 2001:4860:4860::8844/128", output, output)
 
+  def testDestinationSelf(self):
+    atp = arista_tp.AristaTrafficPolicy(
+        policy.ParsePolicy(GOOD_HEADER + GOOD_DST_SELF_TERM, self.naming),
+        EXP_INFO)
+    output = str(atp)
+    self.assertIn("destination prefix self unicast", output, output)
+
+  def testDestinationSelfAddrConflict(self):
+    self.naming.GetNetAddr.return_value = [nacaddr.IP("10.0.0.0/8")]
+    atp = arista_tp.AristaTrafficPolicy(
+        policy.ParsePolicy(GOOD_HEADER + BAD_DST_SELF_ADDR_TERM, self.naming),
+        EXP_INFO)
+    self.assertRaises(arista_tp.TooManyAddressAttributesError, str, atp)
+
   def testDscpSet(self):
     self.naming.GetNetAddr.side_effect = [[
         nacaddr.IP("8.8.4.4"),