diff options
| author | Philippe Guibert <philippe.guibert@6wind.com> | 2018-06-20 14:06:31 +0200 |
|---|---|---|
| committer | Philippe Guibert <philippe.guibert@6wind.com> | 2018-06-28 11:08:58 +0200 |
| commit | 5ac5b7cc7e6ac1ba25e7cd07dd0949e2b62725ae (patch) | |
| tree | 00abf1389d43daea42b0be1f76d0ba7c7cd4d54f | |
| parent | bgpd: support for flowspec fragment list into policy routing (diff) | |
| download | frr-5ac5b7cc7e6ac1ba25e7cd07dd0949e2b62725ae.tar.xz frr-5ac5b7cc7e6ac1ba25e7cd07dd0949e2b62725ae.zip | |
zebra: handle policy routing fragment handling
incoming iptable entries with fragment parameter is handled.
An iptable context is created for each fragment value received from BGP.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
| -rw-r--r-- | zebra/zapi_msg.c | 1 | ||||
| -rw-r--r-- | zebra/zebra_pbr.c | 20 | ||||
| -rw-r--r-- | zebra/zebra_pbr.h | 1 |
3 files changed, 22 insertions, 0 deletions
diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c index dfbbb8e61..32165ae78 100644 --- a/zebra/zapi_msg.c +++ b/zebra/zapi_msg.c @@ -2943,6 +2943,7 @@ static inline void zread_iptable(ZAPI_HANDLER_ARGS) STREAM_GETW(s, zpi.tcp_flags); STREAM_GETW(s, zpi.tcp_mask_flags); STREAM_GETC(s, zpi.dscp_value); + STREAM_GETC(s, zpi.fragment); STREAM_GETL(s, zpi.nb_interface); zebra_pbr_iptable_update_interfacelist(s, &zpi); diff --git a/zebra/zebra_pbr.c b/zebra/zebra_pbr.c index f9f7882f6..74ef25b03 100644 --- a/zebra/zebra_pbr.c +++ b/zebra/zebra_pbr.c @@ -93,6 +93,14 @@ static const struct message tcp_value_str[] = { {0} }; +static const struct message fragment_value_str[] = { + {1, "dont-fragment"}, + {2, "is-fragment"}, + {4, "first-fragment"}, + {8, "last-fragment"}, + {0} +}; + /* static function declarations */ DEFINE_HOOK(zebra_pbr_ipset_entry_wrap_script_get_stat, (struct zebra_ns *zns, struct zebra_pbr_ipset_entry *ipset, @@ -376,6 +384,7 @@ uint32_t zebra_pbr_iptable_hash_key(void *arg) key = jhash_1word(iptable->tcp_flags, key); key = jhash_1word(iptable->tcp_mask_flags, key); key = jhash_1word(iptable->dscp_value, key); + key = jhash_1word(iptable->fragment, key); return jhash_3words(iptable->filter_bm, iptable->type, iptable->unique, key); } @@ -410,6 +419,8 @@ int zebra_pbr_iptable_hash_equal(const void *arg1, const void *arg2) return 0; if (r1->dscp_value != r2->dscp_value) return 0; + if (r1->fragment != r2->fragment) + return 0; return 1; } @@ -1089,6 +1100,15 @@ static int zebra_pbr_show_iptable_walkcb(struct hash_backet *backet, void *arg) iptable->filter_bm & MATCH_DSCP_INVERSE_SET ? "not" : "", iptable->dscp_value); } + if (iptable->fragment) { + char val_str[10]; + + sprintf(val_str, "%d", iptable->fragment); + vty_out(vty, "\t fragment%s %s\n", + iptable->filter_bm & MATCH_FRAGMENT_INVERSE_SET ? + " not" : "", lookup_msg(fragment_value_str, + iptable->fragment, val_str)); + } ret = hook_call(zebra_pbr_iptable_wrap_script_get_stat, zns, iptable, &pkts, &bytes); if (ret && pkts > 0) diff --git a/zebra/zebra_pbr.h b/zebra/zebra_pbr.h index 58c71f4d9..fd83502ae 100644 --- a/zebra/zebra_pbr.h +++ b/zebra/zebra_pbr.h @@ -138,6 +138,7 @@ struct zebra_pbr_iptable { uint16_t tcp_flags; uint16_t tcp_mask_flags; uint8_t dscp_value; + uint8_t fragment; uint32_t nb_interface; |