proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-07-09 18:50:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

zebra: pbr rule structure is being added fwmark tag

Browse Source 
PBR rule is being added a 32 bit value that can be used to record a rule
in the kernel, by using a fwmark information.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is contained in:
Philippe Guibert 2018-03-08 15:20:49 +01:00
parent 425bdd6bf1
commit 1907e4b80b
3 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
zebra/zebra_pbr.c
View File

@ -57,6 +57,10 @@ uint32_t zebra_pbr_rules_hash_key(void *arg)
else else
key = jhash_1word(0, key); key = jhash_1word(0, key);
if (rule->filter.fwmark)
key = jhash_1word(rule->filter.fwmark, key);
else
key = jhash_1word(0, key);
return jhash_3words(rule->filter.src_port, rule->filter.dst_port, return jhash_3words(rule->filter.src_port, rule->filter.dst_port,
prefix_hash_key(&rule->filter.dst_ip), prefix_hash_key(&rule->filter.dst_ip),
jhash_1word(rule->unique, key)); jhash_1word(rule->unique, key));
@ -87,6 +91,9 @@ int zebra_pbr_rules_hash_equal(const void *arg1, const void *arg2)
if (r1->filter.dst_port != r2->filter.dst_port) if (r1->filter.dst_port != r2->filter.dst_port)
return 0; return 0;
if (r1->filter.fwmark != r2->filter.fwmark)
return 0;
if (!prefix_same(&r1->filter.src_ip, &r2->filter.src_ip)) if (!prefix_same(&r1->filter.src_ip, &r2->filter.src_ip))
return 0; return 0;

4
zebra/zebra_pbr.h
View File

@ -46,6 +46,7 @@ struct zebra_pbr_filter {
#define PBR_FILTER_DST_IP (1 << 1) #define PBR_FILTER_DST_IP (1 << 1)
#define PBR_FILTER_SRC_PORT (1 << 2) #define PBR_FILTER_SRC_PORT (1 << 2)
#define PBR_FILTER_DST_PORT (1 << 3) #define PBR_FILTER_DST_PORT (1 << 3)
#define PBR_FILTER_FWMARK (1 << 4)
/* Source and Destination IP address with masks. */ /* Source and Destination IP address with masks. */
struct prefix src_ip; struct prefix src_ip;
@ -54,6 +55,9 @@ struct zebra_pbr_filter {
/* Source and Destination higher-layer (TCP/UDP) port numbers. */ /* Source and Destination higher-layer (TCP/UDP) port numbers. */
uint16_t src_port; uint16_t src_port;
uint16_t dst_port; uint16_t dst_port;
/* Filter with fwmark */
uint32_t fwmark;
}; };
#define IS_RULE_FILTERING_ON_SRC_IP(r) \ #define IS_RULE_FILTERING_ON_SRC_IP(r) \

9
zebra/zserv.c
View File

@ -2741,14 +2741,18 @@ static inline void zread_rule(ZAPI_HANDLER_ARGS)
STREAM_GET(&zpr.filter.dst_ip.u.prefix, s, STREAM_GET(&zpr.filter.dst_ip.u.prefix, s,
prefix_blen(&zpr.filter.dst_ip)); prefix_blen(&zpr.filter.dst_ip));
STREAM_GETW(s, zpr.filter.dst_port); STREAM_GETW(s, zpr.filter.dst_port);
STREAM_GETL(s, zpr.filter.fwmark);
STREAM_GETL(s, zpr.action.table); STREAM_GETL(s, zpr.action.table);
STREAM_GETL(s, ifindex); STREAM_GETL(s, ifindex);
if (ifindex) {
zpr.ifp = if_lookup_by_index(ifindex, VRF_UNKNOWN); zpr.ifp = if_lookup_by_index(ifindex, VRF_UNKNOWN);
if (!zpr.ifp) { if (!zpr.ifp) {
zlog_debug("Failed to lookup ifindex: %u", ifindex); zlog_debug("Failed to lookup ifindex: %u",
ifindex);
return; return;
} }
}
if (!is_default_prefix(&zpr.filter.src_ip)) if (!is_default_prefix(&zpr.filter.src_ip))
zpr.filter.filter_bm |= PBR_FILTER_SRC_IP; zpr.filter.filter_bm |= PBR_FILTER_SRC_IP;
@ -2762,6 +2766,9 @@ static inline void zread_rule(ZAPI_HANDLER_ARGS)
if (zpr.filter.dst_port) if (zpr.filter.dst_port)
zpr.filter.filter_bm |= PBR_FILTER_DST_PORT; zpr.filter.filter_bm |= PBR_FILTER_DST_PORT;
if (zpr.filter.fwmark)
zpr.filter.filter_bm |= PBR_FILTER_FWMARK;
if (hdr->command == ZEBRA_RULE_ADD) if (hdr->command == ZEBRA_RULE_ADD)
zebra_pbr_add_rule(zvrf->zns, &zpr); zebra_pbr_add_rule(zvrf->zns, &zpr);
else else