lib: Do not convert EVPN prefixes into IPv4/IPv6 if not needed (backport #15377)

lib/routemap.c

@@ -2548,7 +2548,6 @@ route_map_result_t route_map_apply_ext(struct route_map *map,
 	struct route_map_index *index = NULL;
 	struct route_map_rule *set = NULL;
 	bool skip_match_clause = false;
-	struct prefix conv;
 
 	if (recursion > RMAP_RECURSION_LIMIT) {
 		if (map)
@@ -2571,31 +2570,14 @@ route_map_result_t route_map_apply_ext(struct route_map *map,
 
 	map->applied++;
 
-	/*
-	 * Handling for matching evpn_routes in the prefix table.
-	 *
-	 * We convert type2/5 prefix to ipv4/6 prefix to do longest
-	 * prefix matching on.
-	 */
 	if (prefix->family == AF_EVPN) {
-		if (evpn_prefix2prefix(prefix, &conv) != 0) {
-			if (unlikely(CHECK_FLAG(rmap_debug,
-						DEBUG_ROUTEMAP_DETAIL)))
-				zlog_debug(
-					"Unable to convert EVPN prefix %pFX into IPv4/IPv6 prefix. Falling back to non-optimized route-map lookup",
-					prefix);
-		} else {
-			if (unlikely(CHECK_FLAG(rmap_debug,
-						DEBUG_ROUTEMAP_DETAIL)))
-				zlog_debug(
-					"Converted EVPN prefix %pFX into %pFX for optimized route-map lookup",
-					prefix, &conv);
-
-			prefix = &conv;
-		}
+		index = map->head;
+	} else {
+		skip_match_clause = true;
+		index = route_map_get_index(map, prefix, match_object,
+					    &match_ret);
 	}
 
-	index = route_map_get_index(map, prefix, match_object, &match_ret);
 	if (index) {
 		index->applied++;
 		if (unlikely(CHECK_FLAG(rmap_debug, DEBUG_ROUTEMAP)))
@@ -2619,7 +2601,6 @@ route_map_result_t route_map_apply_ext(struct route_map *map,
 			ret = RMAP_DENYMATCH;
 		goto route_map_apply_end;
 	}
-	skip_match_clause = true;
 
 	for (; index; index = index->next) {
 		if (!skip_match_clause) {

tests/topotests/bgp_evpn_route_map_match/r1/frr.conf

@@ -0,0 +1,44 @@
+!
+!debug bgp neighbor
+!debug route-map detail
+!
+vni 10
+!
+int lo
+ ip address 10.10.10.1/32
+!
+int r1-eth1
+ ip address 192.168.1.1/24
+!
+router bgp 65001
+ no bgp ebgp-requires-policy
+ no bgp network import-check
+ neighbor 192.168.1.2 remote-as external
+ neighbor 192.168.1.2 timers 1 3
+ neighbor 192.168.1.2 timers connect 1
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  network 10.10.10.10/32
+ exit-address-family
+ !
+ address-family l2vpn evpn
+  neighbor 192.168.1.2 activate
+  neighbor 192.168.1.2 route-map r2 out
+  advertise-all-vni
+  advertise ipv4 unicast
+ exit-address-family
+!
+route-map r2 deny 10
+ match evpn route-type macip
+!
+route-map r2 deny 20
+ match ip address prefix-list pl
+ match evpn route-type prefix
+!
+route-map r2 permit 30
+!
+ip prefix-list pl seq 5 permit 192.168.1.0/24
+ip prefix-list pl seq 10 permit 10.10.10.1/32
+ip prefix-list pl seq 15 permit 10.10.10.2/32
+!

tests/topotests/bgp_evpn_route_map_match/test_bgp_evpn_route_map_match.py

@@ -0,0 +1,110 @@
+#!/usr/bin/env python
+# SPDX-License-Identifier: ISC
+
+# Copyright (c) 2023 by
+# Donatas Abraitis <donatas@opensourcerouting.org>
+#
+
+"""
+Test if route-map match by EVPN route-type works.
+"""
+
+import os
+import re
+import sys
+import json
+import pytest
+import functools
+
+pytestmark = pytest.mark.bgpd
+
+CWD = os.path.dirname(os.path.realpath(__file__))
+sys.path.append(os.path.join(CWD, "../"))
+
+# pylint: disable=C0413
+from lib import topotest
+from lib.topogen import Topogen, TopoRouter, get_topogen
+from lib.common_config import step
+
+pytestmark = [pytest.mark.bgpd]
+
+
+def setup_module(mod):
+    topodef = {"s1": ("c1", "r1"), "s2": ("r1", "r2"), "s3": ("r2", "c2")}
+    tgen = Topogen(topodef, mod.__name__)
+    tgen.start_topology()
+
+    tgen.net["r1"].cmd(
+        """
+ip link add vxlan10 type vxlan id 10 dstport 4789 local 10.10.10.1 nolearning
+ip link add name br10 type bridge
+ip link set dev vxlan10 master br10
+ip link set dev r1-eth0 master br10
+ip link set up dev br10
+ip link set up dev vxlan10"""
+    )
+
+    tgen.net["r2"].cmd(
+        """
+ip link add vxlan10 type vxlan id 10 dstport 4789 local 10.10.10.2 nolearning
+ip link add name br10 type bridge
+ip link set dev vxlan10 master br10
+ip link set dev r2-eth1 master br10
+ip link set up dev br10
+ip link set up dev vxlan10"""
+    )
+
+    router_list = tgen.routers()
+
+    for _, (rname, router) in enumerate(router_list.items(), 1):
+        router.load_frr_config(os.path.join(CWD, "{}/frr.conf".format(rname)))
+
+    tgen.start_router()
+
+
+def teardown_module(mod):
+    tgen = get_topogen()
+    tgen.stop_topology()
+
+
+def test_bgp_evpn_route_map_match_route_type():
+    tgen = get_topogen()
+
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+
+    r1 = tgen.gears["r1"]
+
+    def _bgp_converge():
+        output = json.loads(
+            r1.vtysh_cmd(
+                "show bgp l2vpn evpn neighbor 192.168.1.2 advertised-routes json"
+            )
+        )
+        expected = {
+            "advertisedRoutes": {
+                "10.10.10.1:1": {
+                    "[5]:[0]:[32]:[10.10.10.10]": {
+                        "valid": True,
+                    }
+                },
+                "10.10.10.2:2": {
+                    "[3]:[0]:[32]:[10.10.10.2]": {
+                        "valid": True,
+                    }
+                },
+            },
+            "totalPrefixCounter": 2,
+        }
+        return topotest.json_cmp(output, expected)
+
+    test_func = functools.partial(
+        _bgp_converge,
+    )
+    _, result = topotest.run_and_expect(test_func, None, count=60, wait=1)
+    assert result is None, "Filtered EVPN routes should not be advertised"
+
+
+if __name__ == "__main__":
+    args = ["-s"] + sys.argv[1:]
+    sys.exit(pytest.main(args))