From 09262f1b720ff22631e34222321099187bfd37d8 Mon Sep 17 00:00:00 2001
From: "G. Paul Ziemba" <paulz@labn.net>
Date: Sun, 30 Jul 2023 12:14:05 -0700
Subject: [PATCH] pbrd: add nexthop drop type

Signed-off-by: G. Paul Ziemba <paulz@labn.net>
---
 doc/user/pbr.rst    | 39 ++++++++++++++++---------------
 lib/nexthop_group.c |  1 +
 pbrd/pbr_vty.c      | 57 ++++++++++++++++++++++++++++-----------------
 3 files changed, 56 insertions(+), 41 deletions(-)

diff --git a/doc/user/pbr.rst b/doc/user/pbr.rst
index 17f3504898..4d90f5cb6f 100644
--- a/doc/user/pbr.rst
+++ b/doc/user/pbr.rst
@@ -161,6 +161,26 @@ specified in the rule are also applied to the packet.
    VLAN-matching facilities,
    so this field will be ignored unless other dataplane providers are used.
 
+.. clicmd:: set nexthop-group NAME
+
+   Action:
+   forward the packet using nexthop-group NAME.
+
+.. clicmd:: set nexthop [A.B.C.D|X:X::X:XX|blackhole] [interface] [nexthop-vrf NAME]
+
+   Action:
+   forward the packet using the specified single nexthop.
+   If `blackhole`, packets will be sent to a blackhole route and dropped.
+
+.. clicmd:: set vrf unchanged|NAME
+
+   Action:
+   If set to ``unchanged``, the rule will use the vrf table the interface
+   is in as its lookup.
+   If set to NAME, the rule will use that vrf table as its lookup.
+
+   Not supported with NETNS VRF backend.
+
 .. clicmd:: set queue-id (1-65535)
 
    Action:
@@ -195,25 +215,6 @@ specified in the rule are also applied to the packet.
    so this field will be ignored unless another dataplane provider is used.
    It is invalid to specify both a `strip` and `set vlan` action.
 
-.. clicmd:: set nexthop-group NAME
-
-   Action:
-   forward the packet using nexthop-group NAME.
-
-.. clicmd:: set nexthop [A.B.C.D|X:X::X:XX] [interface] [nexthop-vrf NAME]
-
-   Action:
-   forward the packet using the specified single nexthop.
-
-.. clicmd:: set vrf unchanged|NAME
-
-   Action:
-   If set to ``unchanged``, the rule will use the vrf table the interface
-   is in as its lookup.
-   If set to NAME, the rule will use that vrf table as its lookup.
-
-   Not supported with NETNS VRF backend.
-
 .. clicmd:: show pbr map [NAME] [detail|json]
 
    Display pbr maps either all or by ``NAME``. If ``detail`` is set, it will
diff --git a/lib/nexthop_group.c b/lib/nexthop_group.c
index 0613fc6736..25370eba48 100644
--- a/lib/nexthop_group.c
+++ b/lib/nexthop_group.c
@@ -1047,6 +1047,7 @@ void nexthop_group_write_nexthop_simple(struct vty *vty,
 		vty_out(vty, "%pI6 %s", &nh->gate.ipv6, ifname);
 		break;
 	case NEXTHOP_TYPE_BLACKHOLE:
+		vty_out(vty, "%s", "drop");
 		break;
 	}
 }
diff --git a/pbrd/pbr_vty.c b/pbrd/pbr_vty.c
index be75a63f9e..5ee262b9c7 100644
--- a/pbrd/pbr_vty.c
+++ b/pbrd/pbr_vty.c
@@ -718,22 +718,27 @@ DEFPY(no_pbr_map_nexthop_group, no_pbr_map_nexthop_group_cmd,
 	return CMD_SUCCESS;
 }
 
-DEFPY(pbr_map_nexthop, pbr_map_nexthop_cmd,
-      "set nexthop\
+/* clang-format off */
+DEFPY  (pbr_map_nexthop,
+	pbr_map_nexthop_cmd,
+	"set nexthop\
         <\
 	  <A.B.C.D|X:X::X:X>$addr [INTERFACE$intf]\
 	  |INTERFACE$intf\
+	  |blackhole$bh\
 	>\
         [nexthop-vrf NAME$vrf_name]",
-      "Set for the PBR-MAP\n"
-      "Specify one of the nexthops in this map\n"
-      "v4 Address\n"
-      "v6 Address\n"
-      "Interface to use\n"
-      "Interface to use\n"
-      "If the nexthop is in a different vrf tell us\n"
-      "The nexthop-vrf Name\n")
+	"Set for the PBR-MAP\n"
+	"Specify one of the nexthops in this map\n"
+	"v4 Address\n"
+	"v6 Address\n"
+	"Interface to use\n"
+	"Interface to use\n"
+	"Blackhole route\n"
+	"If the nexthop is in a different vrf tell us\n"
+	"The nexthop-vrf Name\n")
 {
+	/* clang-format on */
 	struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
 	struct vrf *vrf;
 	struct nexthop nhop;
@@ -815,8 +820,11 @@ DEFPY(pbr_map_nexthop, pbr_map_nexthop_cmd,
 				nhop.type = NEXTHOP_TYPE_IPV6;
 			}
 		}
-	} else
+	} else if (bh) {
+		nhop.type = NEXTHOP_TYPE_BLACKHOLE;
+	} else {
 		nhop.type = NEXTHOP_TYPE_IFINDEX;
+	}
 
 	if (pbrms->nhg)
 		nh = nexthop_exists(pbrms->nhg, &nhop);
@@ -845,23 +853,28 @@ done:
 	return CMD_SUCCESS;
 }
 
-DEFPY(no_pbr_map_nexthop, no_pbr_map_nexthop_cmd,
-      "no set nexthop\
+/* clang-format off */
+DEFPY  (no_pbr_map_nexthop,
+	no_pbr_map_nexthop_cmd,
+	"no set nexthop\
         [<\
 	  <A.B.C.D|X:X::X:X>$addr [INTERFACE$intf]\
 	  |INTERFACE$intf\
+	  |blackhole$bh\
 	>\
         [nexthop-vrf NAME$vrf_name]]",
-      NO_STR
-      "Set for the PBR-MAP\n"
-      "Specify one of the nexthops in this map\n"
-      "v4 Address\n"
-      "v6 Address\n"
-      "Interface to use\n"
-      "Interface to use\n"
-      "If the nexthop is in a different vrf tell us\n"
-      "The nexthop-vrf Name\n")
+	NO_STR
+	"Set for the PBR-MAP\n"
+	"Specify one of the nexthops in this map\n"
+	"v4 Address\n"
+	"v6 Address\n"
+	"Interface to use\n"
+	"Interface to use\n"
+	"Blackhole route\n"
+	"If the nexthop is in a different vrf tell us\n"
+	"The nexthop-vrf Name\n")
 {
+	/* clang-format on */
 	struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence);
 
 	if (!pbrms)
-- 
2.39.5