proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-11 20:48:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bgpd: add an icmp flag for flowspec icmp entries

Browse Source 
Some values for icmp type/code can not be encoded like port source or
port destination. This is the case of 0 value that is authorized for
icmp.

Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit is contained in:
Philippe Guibert 2018-06-21 12:29:18 +02:00
parent da3fa38394
commit 3bed236338
2 changed files with 27 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
bgpd/bgp_pbr.c
View File

@ -1310,7 +1310,9 @@ static void bgp_pbr_policyroute_remove_from_zebra_unit(struct bgp *bgp,
prefix_copy(&temp2.dst, bpf->dst);
} else
temp2.dst.family = AF_INET;
if (src_port && src_port->min_port) {
if (src_port && (src_port->min_port || bpf->protocol == IPPROTO_ICMP)) {
if (bpf->protocol == IPPROTO_ICMP)
temp.flags |= MATCH_ICMP_SET;
temp.flags |= MATCH_PORT_SRC_SET;
temp2.src_port_min = src_port->min_port;
if (src_port->max_port) {
@ -1318,7 +1320,9 @@ static void bgp_pbr_policyroute_remove_from_zebra_unit(struct bgp *bgp,
temp2.src_port_max = src_port->max_port;
}
}
if (dst_port && dst_port->min_port) {
if (dst_port && (dst_port->min_port || bpf->protocol == IPPROTO_ICMP)) {
if (bpf->protocol == IPPROTO_ICMP)
temp.flags |= MATCH_ICMP_SET;
temp.flags |= MATCH_PORT_DST_SET;
temp2.dst_port_min = dst_port->min_port;
if (dst_port->max_port) {
@ -1692,33 +1696,38 @@ static void bgp_pbr_policyroute_add_to_zebra_unit(struct bgp *bgp,
/* then look for bpm */
memset(&temp, 0, sizeof(temp));
if (bpf->src == NULL || bpf->dst == NULL) {
if ((src_port && src_port->min_port) ||
(dst_port && dst_port->min_port))
temp.type = IPSET_NET_PORT;
else
temp.type = IPSET_NET;
} else {
if ((src_port && src_port->min_port) ||
(dst_port && dst_port->min_port))
temp.type = IPSET_NET_PORT_NET;
else
temp.type = IPSET_NET_NET;
}
temp.vrf_id = bpf->vrf_id;
if (bpf->src)
temp.flags |= MATCH_IP_SRC_SET;
if (bpf->dst)
temp.flags |= MATCH_IP_DST_SET;
if (src_port && src_port->min_port)
if (src_port && (src_port->min_port || bpf->protocol == IPPROTO_ICMP)) {
if (bpf->protocol == IPPROTO_ICMP)
temp.flags |= MATCH_ICMP_SET;
temp.flags |= MATCH_PORT_SRC_SET;
if (dst_port && dst_port->min_port)
}
if (dst_port && (dst_port->min_port || bpf->protocol == IPPROTO_ICMP)) {
if (bpf->protocol == IPPROTO_ICMP)
temp.flags |= MATCH_ICMP_SET;
temp.flags |= MATCH_PORT_DST_SET;
}
if (src_port && src_port->max_port)
temp.flags |= MATCH_PORT_SRC_RANGE_SET;
if (dst_port && dst_port->max_port)
temp.flags |= MATCH_PORT_DST_RANGE_SET;
if (bpf->src == NULL || bpf->dst == NULL) {
if (temp.flags & (MATCH_PORT_DST_SET | MATCH_PORT_SRC_SET))
temp.type = IPSET_NET_PORT;
else
temp.type = IPSET_NET;
} else {
if (temp.flags & (MATCH_PORT_DST_SET | MATCH_PORT_SRC_SET))
temp.type = IPSET_NET_PORT_NET;
else
temp.type = IPSET_NET_NET;
}
if (pkt_len) {
temp.pkt_len_min = pkt_len->min_port;
if (pkt_len->max_port)

1
lib/pbr.h
View File

@ -116,6 +116,7 @@ struct pbr_rule {
#define MATCH_DSCP_INVERSE_SET (1 << 7)
#define MATCH_PKT_LEN_INVERSE_SET (1 << 8)
#define MATCH_FRAGMENT_INVERSE_SET (1 << 9)
#define MATCH_ICMP_SET (1 << 10)
extern int zapi_pbr_rule_encode(uint8_t cmd, struct stream *s,
struct pbr_rule *zrule);