proxmox-mirrors/mirror_frr
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_frr synced 2025-08-07 09:15:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pimd: Add ip pim register-accept-list PLIST command

Browse Source 
When pim receives a register packet, we will apply the
received source to the prefix list.  If accepted normal
processing continues.  If denied we will send a register
stop message to the source.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
This commit is contained in:
Donald Sharp 2020-02-20 12:14:03 -05:00
parent 2ca35b6437
commit f4e74bd038
6 changed files with 66 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/user/pim.rst
View File

@ -66,6 +66,14 @@ Certain signals have special meanings to *pimd*.
prefix of group ranges covered. This command is vrf aware, to configure for prefix of group ranges covered. This command is vrf aware, to configure for
a vrf, enter the vrf submode. a vrf, enter the vrf submode.
.. index:: ip pim register-accept-list PLIST
.. clicmd:: ip pim register-accept-list PLIST
When pim receives a register packet the source of the packet will be compared
to the prefix-list specified, PLIST, and if a permit is received normal
processing continues. If a deny is returned for the source address of the
register packet a register stop message is sent to the source.
.. index:: ip pim spt-switchover infinity-and-beyond .. index:: ip pim spt-switchover infinity-and-beyond
.. clicmd:: ip pim spt-switchover infinity-and-beyond .. clicmd:: ip pim spt-switchover infinity-and-beyond

22
pimd/pim_cmd.c
View File

@ -6650,6 +6650,26 @@ DEFUN (no_ip_pim_spt_switchover_infinity_plist,
return pim_cmd_spt_switchover(pim, PIM_SPT_IMMEDIATE, NULL); return pim_cmd_spt_switchover(pim, PIM_SPT_IMMEDIATE, NULL);
} }
DEFPY (pim_register_accept_list,
pim_register_accept_list_cmd,
"[no] ip pim register-accept-list WORD$word",
NO_STR
IP_STR
PIM_STR
"Only accept registers from a specific source prefix list\n"
"Prefix-List name\n")
{
PIM_DECLVAR_CONTEXT(vrf, pim);
if (no)
XFREE(MTYPE_PIM_PLIST_NAME, pim->register_plist);
else {
XFREE(MTYPE_PIM_PLIST_NAME, pim->register_plist);
pim->register_plist = XSTRDUP(MTYPE_PIM_PLIST_NAME, word);
}
return CMD_SUCCESS;
}
DEFUN (ip_pim_joinprune_time, DEFUN (ip_pim_joinprune_time,
ip_pim_joinprune_time_cmd, ip_pim_joinprune_time_cmd,
"ip pim join-prune-interval (60-600)", "ip pim join-prune-interval (60-600)",
@ -10743,6 +10763,8 @@ void pim_cmd_init(void)
install_element(CONFIG_NODE, install_element(CONFIG_NODE,
&no_ip_pim_spt_switchover_infinity_plist_cmd); &no_ip_pim_spt_switchover_infinity_plist_cmd);
install_element(VRF_NODE, &no_ip_pim_spt_switchover_infinity_plist_cmd); install_element(VRF_NODE, &no_ip_pim_spt_switchover_infinity_plist_cmd);
install_element(CONFIG_NODE, &pim_register_accept_list_cmd);
install_element(VRF_NODE, &pim_register_accept_list_cmd);
install_element(CONFIG_NODE, &ip_pim_joinprune_time_cmd); install_element(CONFIG_NODE, &ip_pim_joinprune_time_cmd);
install_element(VRF_NODE, &ip_pim_joinprune_time_cmd); install_element(VRF_NODE, &ip_pim_joinprune_time_cmd);
install_element(CONFIG_NODE, &no_ip_pim_joinprune_time_cmd); install_element(CONFIG_NODE, &no_ip_pim_joinprune_time_cmd);

1
pimd/pim_instance.c
View File

@ -70,6 +70,7 @@ static void pim_instance_terminate(struct pim_instance *pim)
pim_msdp_exit(pim); pim_msdp_exit(pim);
XFREE(MTYPE_PIM_PLIST_NAME, pim->spt.plist); XFREE(MTYPE_PIM_PLIST_NAME, pim->spt.plist);
XFREE(MTYPE_PIM_PLIST_NAME, pim->register_plist);
XFREE(MTYPE_PIM_PIM_INSTANCE, pim); XFREE(MTYPE_PIM_PIM_INSTANCE, pim);
} }

3
pimd/pim_instance.h
View File

@ -135,6 +135,9 @@ struct pim_instance {
char *plist; char *plist;
} spt; } spt;
/* The name of the register-accept prefix-list */
char *register_plist;
struct hash *rpf_hash; struct hash *rpf_hash;
void *ssm_info; /* per-vrf SSM configuration */ void *ssm_info; /* per-vrf SSM configuration */

27
pimd/pim_register.c
View File

@ -389,6 +389,33 @@ int pim_register_recv(struct interface *ifp, struct in_addr dest_addr,
== ((RP(pim, sg.grp))->rpf_addr.u.prefix4.s_addr))) { == ((RP(pim, sg.grp))->rpf_addr.u.prefix4.s_addr))) {
sentRegisterStop = 0; sentRegisterStop = 0;
if (pim->register_plist) {
struct prefix_list *plist;
struct prefix src;
plist = prefix_list_lookup(AFI_IP, pim->register_plist);
src.family = AF_INET;
src.prefixlen = IPV4_MAX_PREFIXLEN;
src.u.prefix4 = sg.src;
if (prefix_list_apply(plist, &src) == PREFIX_DENY) {
pim_register_stop_send(ifp, &sg, dest_addr,
src_addr);
if (PIM_DEBUG_PIM_PACKETS) {
char src_str[INET_ADDRSTRLEN];
pim_inet4_dump("<src?>", src_addr,
src_str,
sizeof(src_str));
zlog_debug("%s: Sending register-stop to %s for %pSG4 due to prefix-list denial, dropping packet",
__func__, src_str, &sg);
}
return 0;
}
}
if (*bits & PIM_REGISTER_BORDER_BIT) { if (*bits & PIM_REGISTER_BORDER_BIT) {
struct in_addr pimbr = pim_br_get_pmbr(&sg); struct in_addr pimbr = pim_br_get_pmbr(&sg);
if (PIM_DEBUG_PIM_PACKETS) if (PIM_DEBUG_PIM_PACKETS)

5
pimd/pim_vty.c
View File

@ -211,6 +211,11 @@ int pim_global_config_write_worker(struct pim_instance *pim, struct vty *vty)
ssm->plist_name); ssm->plist_name);
++writes; ++writes;
} }
if (pim->register_plist) {
vty_out(vty, "%sip pim register-accept-list %s\n", spaces,
pim->register_plist);
++writes;
}
if (pim->spt.switchover == PIM_SPT_INFINITY) { if (pim->spt.switchover == PIM_SPT_INFINITY) {
if (pim->spt.plist) if (pim->spt.plist)
vty_out(vty, vty_out(vty,