diff options
| author | Rafael Zalamena <rzalamena@opensourcerouting.org> | 2021-05-03 15:25:52 +0200 |
|---|---|---|
| committer | Rafael Zalamena <rzalamena@opensourcerouting.org> | 2024-07-27 16:32:30 +0200 |
| commit | be3bfe5daa721acc0182d6c3f003a9d9d80e6612 (patch) | |
| tree | 036568b0964c5ca419c5c22b6a74442c008eb094 /pimd/pim_nb_config.c | |
| parent | yang: MSDP SA filtering support (diff) | |
| download | frr-be3bfe5daa721acc0182d6c3f003a9d9d80e6612.tar.xz frr-be3bfe5daa721acc0182d6c3f003a9d9d80e6612.zip | |
pimd: MSDP SA filtering
Implement MSDP peer incoming/outgoing SA filter.
Note
----
Cisco extended access list has a special meaning: the first address is
the source address to filter.
Example:
! The rules below filter some LAN prefix to be leaked out
access-list filter-lan-source deny ip 192.168.0.0 0.0.255.255 224.0.0.0 0.255.255.255
access-list filter-lan-source permit any
router pim
msdp peer 192.168.0.1 sa-filter filter-lan-source out
! The rules below filter some special management group from being
! learned
access-list filter-management-group deny 230.0.0.0 0.255.255.255
access-list filter-management-group permit any
router pim
msdp peer 192.168.0.1 sa-filter filter-management-group in
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Diffstat (limited to 'pimd/pim_nb_config.c')
| -rw-r--r-- | pimd/pim_nb_config.c | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/pimd/pim_nb_config.c b/pimd/pim_nb_config.c index be0be8588..49bd9a5ce 100644 --- a/pimd/pim_nb_config.c +++ b/pimd/pim_nb_config.c @@ -1287,6 +1287,94 @@ int routing_control_plane_protocols_control_plane_protocol_pim_address_family_ms #endif /* PIM_IPV != 6 */ /* + * XPath: + * /frr-routing:routing/control-plane-protocols/control-plane-protocol/frr-pim:pim/address-family/msdp-peer/sa-filter-in + */ +int pim_msdp_peer_sa_filter_in_modify(struct nb_cb_modify_args *args) +{ + struct pim_msdp_peer *mp; + + switch (args->event) { + case NB_EV_VALIDATE: + case NB_EV_PREPARE: + case NB_EV_ABORT: + /* NOTHING */ + break; + case NB_EV_APPLY: + mp = nb_running_get_entry(args->dnode, NULL, true); + XFREE(MTYPE_TMP, mp->acl_in); + mp->acl_in = XSTRDUP(MTYPE_TMP, + yang_dnode_get_string(args->dnode, NULL)); + break; + } + + return NB_OK; +} + +int pim_msdp_peer_sa_filter_in_destroy(struct nb_cb_destroy_args *args) +{ + struct pim_msdp_peer *mp; + + switch (args->event) { + case NB_EV_VALIDATE: + case NB_EV_PREPARE: + case NB_EV_ABORT: + /* NOTHING */ + break; + case NB_EV_APPLY: + mp = nb_running_get_entry(args->dnode, NULL, true); + XFREE(MTYPE_TMP, mp->acl_in); + break; + } + + return NB_OK; +} + +/* + * XPath: + * /frr-routing:routing/control-plane-protocols/control-plane-protocol/frr-pim:pim/address-family/msdp-peer/sa-filter-out + */ +int pim_msdp_peer_sa_filter_out_modify(struct nb_cb_modify_args *args) +{ + struct pim_msdp_peer *mp; + + switch (args->event) { + case NB_EV_VALIDATE: + case NB_EV_PREPARE: + case NB_EV_ABORT: + /* NOTHING */ + break; + case NB_EV_APPLY: + mp = nb_running_get_entry(args->dnode, NULL, true); + XFREE(MTYPE_TMP, mp->acl_out); + mp->acl_out = XSTRDUP(MTYPE_TMP, + yang_dnode_get_string(args->dnode, NULL)); + break; + } + + return NB_OK; +} + +int pim_msdp_peer_sa_filter_out_destroy(struct nb_cb_destroy_args *args) +{ + struct pim_msdp_peer *mp; + + switch (args->event) { + case NB_EV_VALIDATE: + case NB_EV_PREPARE: + case NB_EV_ABORT: + /* NOTHING */ + break; + case NB_EV_APPLY: + mp = nb_running_get_entry(args->dnode, NULL, true); + XFREE(MTYPE_TMP, mp->acl_out); + break; + } + + return NB_OK; +} + +/* * XPath: /frr-routing:routing/control-plane-protocols/control-plane-protocol/frr-pim:pim/address-family/mlag */ int routing_control_plane_protocols_control_plane_protocol_pim_address_family_mlag_create( |