diff options
| -rw-r--r-- | zebra/zapi_msg.c | 16 | ||||
| -rw-r--r-- | zebra/zebra_ns.c | 23 | ||||
| -rw-r--r-- | zebra/zebra_ns.h | 6 | ||||
| -rw-r--r-- | zebra/zebra_pbr.c | 190 | ||||
| -rw-r--r-- | zebra/zebra_pbr.h | 59 | ||||
| -rw-r--r-- | zebra/zebra_router.c | 19 | ||||
| -rw-r--r-- | zebra/zebra_router.h | 6 |
7 files changed, 131 insertions, 188 deletions
diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c index c9325d844..276b825b3 100644 --- a/zebra/zapi_msg.c +++ b/zebra/zapi_msg.c @@ -2273,9 +2273,9 @@ static inline void zread_ipset(ZAPI_HANDLER_ARGS) STREAM_GET(&zpi.ipset_name, s, ZEBRA_IPSET_NAME_SIZE); if (hdr->command == ZEBRA_IPSET_CREATE) - zebra_pbr_create_ipset(zvrf->zns, &zpi); + zebra_pbr_create_ipset(&zpi); else - zebra_pbr_destroy_ipset(zvrf->zns, &zpi); + zebra_pbr_destroy_ipset(&zpi); } stream_failure: @@ -2328,12 +2328,12 @@ static inline void zread_ipset_entry(ZAPI_HANDLER_ARGS) zpi.filter_bm |= PBR_FILTER_PROTO; /* calculate backpointer */ - zpi.backpointer = zebra_pbr_lookup_ipset_pername( - zvrf->zns, ipset.ipset_name); + zpi.backpointer = + zebra_pbr_lookup_ipset_pername(ipset.ipset_name); if (hdr->command == ZEBRA_IPSET_ENTRY_ADD) - zebra_pbr_add_ipset_entry(zvrf->zns, &zpi); + zebra_pbr_add_ipset_entry(&zpi); else - zebra_pbr_del_ipset_entry(zvrf->zns, &zpi); + zebra_pbr_del_ipset_entry(&zpi); } stream_failure: @@ -2368,9 +2368,9 @@ static inline void zread_iptable(ZAPI_HANDLER_ARGS) zebra_pbr_iptable_update_interfacelist(s, &zpi); if (hdr->command == ZEBRA_IPTABLE_ADD) - zebra_pbr_add_iptable(zvrf->zns, &zpi); + zebra_pbr_add_iptable(&zpi); else - zebra_pbr_del_iptable(zvrf->zns, &zpi); + zebra_pbr_del_iptable(&zpi); stream_failure: return; } diff --git a/zebra/zebra_ns.c b/zebra/zebra_ns.c index 300989e33..e65f23dc8 100644 --- a/zebra/zebra_ns.c +++ b/zebra/zebra_ns.c @@ -121,20 +121,6 @@ int zebra_ns_enable(ns_id_t ns_id, void **info) zns->ns_id = ns_id; - zns->ipset_hash = - hash_create_size(8, zebra_pbr_ipset_hash_key, - zebra_pbr_ipset_hash_equal, "IPset Hash"); - - zns->ipset_entry_hash = - hash_create_size(8, zebra_pbr_ipset_entry_hash_key, - zebra_pbr_ipset_entry_hash_equal, - "IPset Hash Entry"); - - zns->iptable_hash = - hash_create_size(8, zebra_pbr_iptable_hash_key, - zebra_pbr_iptable_hash_equal, - "IPtable Hash Entry"); - #if defined(HAVE_RTADV) rtadv_init(zns); #endif @@ -153,15 +139,6 @@ int zebra_ns_disable(ns_id_t ns_id, void **info) { struct zebra_ns *zns = (struct zebra_ns *)(*info); - hash_clean(zns->ipset_entry_hash, - zebra_pbr_ipset_entry_free), - hash_clean(zns->ipset_hash, zebra_pbr_ipset_free); - hash_free(zns->ipset_hash); - hash_free(zns->ipset_entry_hash); - hash_clean(zns->iptable_hash, - zebra_pbr_iptable_free); - hash_free(zns->iptable_hash); - route_table_finish(zns->if_table); zebra_vxlan_ns_disable(zns); #if defined(HAVE_RTADV) diff --git a/zebra/zebra_ns.h b/zebra/zebra_ns.h index 2af430420..2498be716 100644 --- a/zebra/zebra_ns.h +++ b/zebra/zebra_ns.h @@ -57,12 +57,6 @@ struct zebra_ns { struct rtadv rtadv; #endif /* HAVE_RTADV */ - struct hash *ipset_hash; - - struct hash *ipset_entry_hash; - - struct hash *iptable_hash; - /* Back pointer */ struct ns *ns; }; diff --git a/zebra/zebra_pbr.c b/zebra/zebra_pbr.c index 059930f4e..d774994a8 100644 --- a/zebra/zebra_pbr.c +++ b/zebra/zebra_pbr.c @@ -103,30 +103,24 @@ static const struct message fragment_value_str[] = { }; /* static function declarations */ -DEFINE_HOOK(zebra_pbr_ipset_entry_wrap_script_get_stat, (struct zebra_ns *zns, - struct zebra_pbr_ipset_entry *ipset, - uint64_t *pkts, uint64_t *bytes), - (zns, ipset, pkts, bytes)) - -DEFINE_HOOK(zebra_pbr_iptable_wrap_script_get_stat, (struct zebra_ns *zns, - struct zebra_pbr_iptable *iptable, - uint64_t *pkts, uint64_t *bytes), - (zns, iptable, pkts, bytes)) - -DEFINE_HOOK(zebra_pbr_iptable_wrap_script_update, (struct zebra_ns *zns, - int cmd, - struct zebra_pbr_iptable *iptable), - (zns, cmd, iptable)); - -DEFINE_HOOK(zebra_pbr_ipset_entry_wrap_script_update, (struct zebra_ns *zns, - int cmd, - struct zebra_pbr_ipset_entry *ipset), - (zns, cmd, ipset)); - -DEFINE_HOOK(zebra_pbr_ipset_wrap_script_update, (struct zebra_ns *zns, - int cmd, - struct zebra_pbr_ipset *ipset), - (zns, cmd, ipset)); +DEFINE_HOOK(zebra_pbr_ipset_entry_wrap_script_get_stat, + (struct zebra_pbr_ipset_entry *ipset, uint64_t *pkts, + uint64_t *bytes), + (ipset, pkts, bytes)) + +DEFINE_HOOK(zebra_pbr_iptable_wrap_script_get_stat, + (struct zebra_pbr_iptable *iptable, uint64_t *pkts, + uint64_t *bytes), + (iptable, pkts, bytes)) + +DEFINE_HOOK(zebra_pbr_iptable_wrap_script_update, + (int cmd, struct zebra_pbr_iptable *iptable), (cmd, iptable)); + +DEFINE_HOOK(zebra_pbr_ipset_entry_wrap_script_update, + (int cmd, struct zebra_pbr_ipset_entry *ipset), (cmd, ipset)); + +DEFINE_HOOK(zebra_pbr_ipset_wrap_script_update, + (int cmd, struct zebra_pbr_ipset *ipset), (cmd, ipset)); /* Private functions */ @@ -233,7 +227,8 @@ static int pbr_rule_lookup_unique_walker(struct hash_backet *b, void *data) return HASHWALK_CONTINUE; } -static struct zebra_pbr_rule *pbr_rule_lookup_unique(struct zebra_pbr_rule *zrule) +static struct zebra_pbr_rule * +pbr_rule_lookup_unique(struct zebra_pbr_rule *zrule) { struct pbr_rule_unique_lookup pul; @@ -249,15 +244,9 @@ static struct zebra_pbr_rule *pbr_rule_lookup_unique(struct zebra_pbr_rule *zrul void zebra_pbr_ipset_free(void *arg) { struct zebra_pbr_ipset *ipset; - struct zebra_ns *zns; ipset = (struct zebra_pbr_ipset *)arg; - if (vrf_is_backend_netns()) - zns = zebra_ns_lookup(ipset->vrf_id); - else - zns = zebra_ns_lookup(NS_DEFAULT); - hook_call(zebra_pbr_ipset_wrap_script_update, - zns, 0, ipset); + hook_call(zebra_pbr_ipset_wrap_script_update, 0, ipset); XFREE(MTYPE_TMP, ipset); } @@ -265,8 +254,9 @@ uint32_t zebra_pbr_ipset_hash_key(void *arg) { struct zebra_pbr_ipset *ipset = (struct zebra_pbr_ipset *)arg; uint32_t *pnt = (uint32_t *)&ipset->ipset_name; + uint32_t key = jhash_1word(ipset->vrf_id, 0x63ab42de); - return jhash2(pnt, ZEBRA_IPSET_NAME_HASH_SIZE, 0x63ab42de); + return jhash2(pnt, ZEBRA_IPSET_NAME_HASH_SIZE, key); } bool zebra_pbr_ipset_hash_equal(const void *arg1, const void *arg2) @@ -280,6 +270,9 @@ bool zebra_pbr_ipset_hash_equal(const void *arg1, const void *arg2) return false; if (r1->unique != r2->unique) return false; + if (r1->vrf_id != r2->vrf_id) + return false; + if (strncmp(r1->ipset_name, r2->ipset_name, ZEBRA_IPSET_NAME_SIZE)) return false; @@ -289,17 +282,10 @@ bool zebra_pbr_ipset_hash_equal(const void *arg1, const void *arg2) void zebra_pbr_ipset_entry_free(void *arg) { struct zebra_pbr_ipset_entry *ipset; - struct zebra_ns *zns; ipset = (struct zebra_pbr_ipset_entry *)arg; - if (ipset->backpointer && vrf_is_backend_netns()) { - struct zebra_pbr_ipset *ips = ipset->backpointer; - zns = zebra_ns_lookup((ns_id_t)ips->vrf_id); - } else - zns = zebra_ns_lookup(NS_DEFAULT); - hook_call(zebra_pbr_ipset_entry_wrap_script_update, - zns, 0, ipset); + hook_call(zebra_pbr_ipset_entry_wrap_script_update, 0, ipset); XFREE(MTYPE_TMP, ipset); } @@ -360,15 +346,9 @@ void zebra_pbr_iptable_free(void *arg) struct zebra_pbr_iptable *iptable; struct listnode *node, *nnode; char *name; - struct zebra_ns *zns; iptable = (struct zebra_pbr_iptable *)arg; - if (vrf_is_backend_netns()) - zns = zebra_ns_lookup((ns_id_t)iptable->vrf_id); - else - zns = zebra_ns_lookup(NS_DEFAULT); - hook_call(zebra_pbr_iptable_wrap_script_update, - zns, 0, iptable); + hook_call(zebra_pbr_iptable_wrap_script_update, 0, iptable); for (ALL_LIST_ELEMENTS(iptable->interface_name_list, node, nnode, name)) { @@ -394,6 +374,8 @@ uint32_t zebra_pbr_iptable_hash_key(void *arg) key = jhash_1word(iptable->tcp_mask_flags, key); key = jhash_1word(iptable->dscp_value, key); key = jhash_1word(iptable->fragment, key); + key = jhash_1word(iptable->vrf_id, key); + return jhash_3words(iptable->filter_bm, iptable->type, iptable->unique, key); } @@ -405,6 +387,8 @@ bool zebra_pbr_iptable_hash_equal(const void *arg1, const void *arg2) r1 = (const struct zebra_pbr_iptable *)arg1; r2 = (const struct zebra_pbr_iptable *)arg2; + if (r1->vrf_id != r2->vrf_id) + return 0; if (r1->type != r2->type) return false; if (r1->unique != r2->unique) @@ -491,57 +475,48 @@ static void zebra_pbr_cleanup_rules(struct hash_backet *b, void *data) static void zebra_pbr_cleanup_ipset(struct hash_backet *b, void *data) { - struct zebra_ns *zns = zebra_ns_lookup(NS_DEFAULT); struct zebra_pbr_ipset *ipset = b->data; int *sock = data; if (ipset->sock == *sock) { - hook_call(zebra_pbr_ipset_wrap_script_update, - zns, 0, ipset); - hash_release(zns->ipset_hash, ipset); + hook_call(zebra_pbr_ipset_wrap_script_update, 0, ipset); + hash_release(zrouter.ipset_hash, ipset); } } static void zebra_pbr_cleanup_ipset_entry(struct hash_backet *b, void *data) { - struct zebra_ns *zns = zebra_ns_lookup(NS_DEFAULT); struct zebra_pbr_ipset_entry *ipset = b->data; int *sock = data; if (ipset->sock == *sock) { - hook_call(zebra_pbr_ipset_entry_wrap_script_update, - zns, 0, ipset); - hash_release(zns->ipset_entry_hash, ipset); + hook_call(zebra_pbr_ipset_entry_wrap_script_update, 0, ipset); + hash_release(zrouter.ipset_entry_hash, ipset); } } static void zebra_pbr_cleanup_iptable(struct hash_backet *b, void *data) { - struct zebra_ns *zns = zebra_ns_lookup(NS_DEFAULT); struct zebra_pbr_iptable *iptable = b->data; int *sock = data; if (iptable->sock == *sock) { - hook_call(zebra_pbr_iptable_wrap_script_update, - zns, 0, iptable); - hash_release(zns->iptable_hash, iptable); + hook_call(zebra_pbr_iptable_wrap_script_update, 0, iptable); + hash_release(zrouter.iptable_hash, iptable); } } static int zebra_pbr_client_close_cleanup(struct zserv *client) { int sock = client->sock; - struct zebra_ns *zns = zebra_ns_lookup(NS_DEFAULT); if (!sock) return 0; hash_iterate(zrouter.rules_hash, zebra_pbr_cleanup_rules, &sock); - hash_iterate(zns->iptable_hash, - zebra_pbr_cleanup_iptable, &sock); - hash_iterate(zns->ipset_entry_hash, - zebra_pbr_cleanup_ipset_entry, &sock); - hash_iterate(zns->ipset_hash, - zebra_pbr_cleanup_ipset, &sock); + hash_iterate(zrouter.iptable_hash, zebra_pbr_cleanup_iptable, &sock); + hash_iterate(zrouter.ipset_entry_hash, zebra_pbr_cleanup_ipset_entry, + &sock); + hash_iterate(zrouter.ipset_hash, zebra_pbr_cleanup_ipset, &sock); return 1; } @@ -564,29 +539,25 @@ static void *pbr_ipset_alloc_intern(void *arg) return new; } -void zebra_pbr_create_ipset(struct zebra_ns *zns, - struct zebra_pbr_ipset *ipset) +void zebra_pbr_create_ipset(struct zebra_pbr_ipset *ipset) { int ret; - (void)hash_get(zns->ipset_hash, ipset, pbr_ipset_alloc_intern); - ret = hook_call(zebra_pbr_ipset_wrap_script_update, - zns, 1, ipset); + (void)hash_get(zrouter.ipset_hash, ipset, pbr_ipset_alloc_intern); + ret = hook_call(zebra_pbr_ipset_wrap_script_update, 1, ipset); kernel_pbr_ipset_add_del_status(ipset, ret ? ZEBRA_DPLANE_INSTALL_SUCCESS : ZEBRA_DPLANE_INSTALL_FAILURE); } -void zebra_pbr_destroy_ipset(struct zebra_ns *zns, - struct zebra_pbr_ipset *ipset) +void zebra_pbr_destroy_ipset(struct zebra_pbr_ipset *ipset) { struct zebra_pbr_ipset *lookup; - lookup = hash_lookup(zns->ipset_hash, ipset); - hook_call(zebra_pbr_ipset_wrap_script_update, - zns, 0, ipset); + lookup = hash_lookup(zrouter.ipset_hash, ipset); + hook_call(zebra_pbr_ipset_wrap_script_update, 0, ipset); if (lookup) { - hash_release(zns->ipset_hash, lookup); + hash_release(zrouter.ipset_hash, lookup); XFREE(MTYPE_TMP, lookup); } else zlog_debug( @@ -619,8 +590,7 @@ static int zebra_pbr_ipset_pername_walkcb(struct hash_backet *backet, void *arg) return HASHWALK_CONTINUE; } -struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(struct zebra_ns *zns, - char *ipsetname) +struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(char *ipsetname) { struct pbr_ipset_name_lookup pinl; struct pbr_ipset_name_lookup *ptr = &pinl; @@ -630,7 +600,7 @@ struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(struct zebra_ns *zns, memset(ptr, 0, sizeof(struct pbr_ipset_name_lookup)); snprintf((char *)ptr->ipset_name, ZEBRA_IPSET_NAME_SIZE, "%s", ipsetname); - hash_walk(zns->ipset_hash, zebra_pbr_ipset_pername_walkcb, ptr); + hash_walk(zrouter.ipset_hash, zebra_pbr_ipset_pername_walkcb, ptr); return ptr->ipset; } @@ -648,30 +618,26 @@ static void *pbr_ipset_entry_alloc_intern(void *arg) return new; } -void zebra_pbr_add_ipset_entry(struct zebra_ns *zns, - struct zebra_pbr_ipset_entry *ipset) +void zebra_pbr_add_ipset_entry(struct zebra_pbr_ipset_entry *ipset) { int ret; - (void)hash_get(zns->ipset_entry_hash, ipset, + (void)hash_get(zrouter.ipset_entry_hash, ipset, pbr_ipset_entry_alloc_intern); - ret = hook_call(zebra_pbr_ipset_entry_wrap_script_update, - zns, 1, ipset); + ret = hook_call(zebra_pbr_ipset_entry_wrap_script_update, 1, ipset); kernel_pbr_ipset_entry_add_del_status(ipset, ret ? ZEBRA_DPLANE_INSTALL_SUCCESS : ZEBRA_DPLANE_INSTALL_FAILURE); } -void zebra_pbr_del_ipset_entry(struct zebra_ns *zns, - struct zebra_pbr_ipset_entry *ipset) +void zebra_pbr_del_ipset_entry(struct zebra_pbr_ipset_entry *ipset) { struct zebra_pbr_ipset_entry *lookup; - lookup = hash_lookup(zns->ipset_entry_hash, ipset); - hook_call(zebra_pbr_ipset_entry_wrap_script_update, - zns, 0, ipset); + lookup = hash_lookup(zrouter.ipset_entry_hash, ipset); + hook_call(zebra_pbr_ipset_entry_wrap_script_update, 0, ipset); if (lookup) { - hash_release(zns->ipset_entry_hash, lookup); + hash_release(zrouter.ipset_entry_hash, lookup); XFREE(MTYPE_TMP, lookup); } else zlog_debug("%s: IPSet being deleted we know nothing about", @@ -692,31 +658,28 @@ static void *pbr_iptable_alloc_intern(void *arg) return new; } -void zebra_pbr_add_iptable(struct zebra_ns *zns, - struct zebra_pbr_iptable *iptable) +void zebra_pbr_add_iptable(struct zebra_pbr_iptable *iptable) { int ret; - (void)hash_get(zns->iptable_hash, iptable, - pbr_iptable_alloc_intern); - ret = hook_call(zebra_pbr_iptable_wrap_script_update, zns, 1, iptable); + (void)hash_get(zrouter.iptable_hash, iptable, pbr_iptable_alloc_intern); + ret = hook_call(zebra_pbr_iptable_wrap_script_update, 1, iptable); kernel_pbr_iptable_add_del_status(iptable, ret ? ZEBRA_DPLANE_INSTALL_SUCCESS : ZEBRA_DPLANE_INSTALL_FAILURE); } -void zebra_pbr_del_iptable(struct zebra_ns *zns, - struct zebra_pbr_iptable *iptable) +void zebra_pbr_del_iptable(struct zebra_pbr_iptable *iptable) { struct zebra_pbr_iptable *lookup; - lookup = hash_lookup(zns->iptable_hash, iptable); - hook_call(zebra_pbr_iptable_wrap_script_update, zns, 0, iptable); + lookup = hash_lookup(zrouter.iptable_hash, iptable); + hook_call(zebra_pbr_iptable_wrap_script_update, 0, iptable); if (lookup) { struct listnode *node, *nnode; char *name; - hash_release(zns->iptable_hash, lookup); + hash_release(zrouter.iptable_hash, lookup); for (ALL_LIST_ELEMENTS(iptable->interface_name_list, node, nnode, name)) { XFREE(MTYPE_PBR_IPTABLE_IFNAME, name); @@ -921,7 +884,6 @@ static int zebra_pbr_show_ipset_entry_walkcb(struct hash_backet *backet, struct zebra_pbr_ipset_entry *zpie = (struct zebra_pbr_ipset_entry *)backet->data; uint64_t pkts = 0, bytes = 0; - struct zebra_ns *zns = unique->zns; int ret = 0; if (zpie->backpointer != zpi) @@ -979,8 +941,8 @@ static int zebra_pbr_show_ipset_entry_walkcb(struct hash_backet *backet, } vty_out(vty, " (%u)\n", zpie->unique); - ret = hook_call(zebra_pbr_ipset_entry_wrap_script_get_stat, - zns, zpie, &pkts, &bytes); + ret = hook_call(zebra_pbr_ipset_entry_wrap_script_get_stat, zpie, &pkts, + &bytes); if (ret && pkts > 0) vty_out(vty, "\t pkts %" PRIu64 ", bytes %" PRIu64"\n", pkts, bytes); @@ -1001,7 +963,7 @@ static int zebra_pbr_show_ipset_walkcb(struct hash_backet *backet, void *arg) unique.vty = vty; unique.zpi = zpi; unique.zns = zns; - hash_walk(zns->ipset_entry_hash, zebra_pbr_show_ipset_entry_walkcb, + hash_walk(zrouter.ipset_entry_hash, zebra_pbr_show_ipset_entry_walkcb, &unique); vty_out(vty, "\n"); return HASHWALK_CONTINUE; @@ -1037,7 +999,7 @@ void zebra_pbr_show_ipset_list(struct vty *vty, char *ipsetname) struct zebra_pbr_env_display uniqueipset; if (ipsetname) { - zpi = zebra_pbr_lookup_ipset_pername(zns, ipsetname); + zpi = zebra_pbr_lookup_ipset_pername(ipsetname); if (!zpi) { vty_out(vty, "No IPset %s found\n", ipsetname); return; @@ -1048,15 +1010,14 @@ void zebra_pbr_show_ipset_list(struct vty *vty, char *ipsetname) unique.vty = vty; unique.zpi = zpi; unique.zns = zns; - hash_walk(zns->ipset_entry_hash, - zebra_pbr_show_ipset_entry_walkcb, - &unique); + hash_walk(zrouter.ipset_entry_hash, + zebra_pbr_show_ipset_entry_walkcb, &unique); return; } uniqueipset.zns = zns; uniqueipset.vty = vty; uniqueipset.name = NULL; - hash_walk(zns->ipset_hash, zebra_pbr_show_ipset_walkcb, + hash_walk(zrouter.ipset_hash, zebra_pbr_show_ipset_walkcb, &uniqueipset); } @@ -1134,8 +1095,8 @@ static void zebra_pbr_show_iptable_unit(struct zebra_pbr_iptable *iptable, " not" : "", lookup_msg(fragment_value_str, iptable->fragment, val_str)); } - ret = hook_call(zebra_pbr_iptable_wrap_script_get_stat, - zns, iptable, &pkts, &bytes); + ret = hook_call(zebra_pbr_iptable_wrap_script_get_stat, iptable, &pkts, + &bytes); if (ret && pkts > 0) vty_out(vty, "\t pkts %" PRIu64 ", bytes %" PRIu64"\n", pkts, bytes); @@ -1182,8 +1143,7 @@ void zebra_pbr_show_iptable(struct vty *vty, char *iptable_name) env.vty = vty; env.zns = zns; env.name = iptable_name; - hash_walk(zns->iptable_hash, zebra_pbr_show_iptable_walkcb, - &env); + hash_walk(zrouter.iptable_hash, zebra_pbr_show_iptable_walkcb, &env); } void zebra_pbr_iptable_update_interfacelist(struct stream *s, diff --git a/zebra/zebra_pbr.h b/zebra/zebra_pbr.h index bc651d511..b0791f974 100644 --- a/zebra/zebra_pbr.h +++ b/zebra/zebra_pbr.h @@ -155,21 +155,14 @@ const char *zebra_pbr_ipset_type2str(uint32_t type); void zebra_pbr_add_rule(struct zebra_pbr_rule *rule); void zebra_pbr_del_rule(struct zebra_pbr_rule *rule); -void zebra_pbr_create_ipset(struct zebra_ns *zns, - struct zebra_pbr_ipset *ipset); -void zebra_pbr_destroy_ipset(struct zebra_ns *zns, - struct zebra_pbr_ipset *ipset); -struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(struct zebra_ns *zns, - char *ipsetname); -void zebra_pbr_add_ipset_entry(struct zebra_ns *zns, - struct zebra_pbr_ipset_entry *ipset); -void zebra_pbr_del_ipset_entry(struct zebra_ns *zns, - struct zebra_pbr_ipset_entry *ipset); - -void zebra_pbr_add_iptable(struct zebra_ns *zns, - struct zebra_pbr_iptable *iptable); -void zebra_pbr_del_iptable(struct zebra_ns *zns, - struct zebra_pbr_iptable *iptable); +void zebra_pbr_create_ipset(struct zebra_pbr_ipset *ipset); +void zebra_pbr_destroy_ipset(struct zebra_pbr_ipset *ipset); +struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(char *ipsetname); +void zebra_pbr_add_ipset_entry(struct zebra_pbr_ipset_entry *ipset); +void zebra_pbr_del_ipset_entry(struct zebra_pbr_ipset_entry *ipset); + +void zebra_pbr_add_iptable(struct zebra_pbr_iptable *iptable); +void zebra_pbr_del_iptable(struct zebra_pbr_iptable *iptable); /* * Install specified rule for a specific interface. @@ -243,26 +236,20 @@ extern void zebra_pbr_iptable_update_interfacelist(struct stream *s, size_t zebra_pbr_tcpflags_snprintf(char *buffer, size_t len, uint16_t tcp_val); -DECLARE_HOOK(zebra_pbr_ipset_entry_wrap_script_get_stat, (struct zebra_ns *zns, - struct zebra_pbr_ipset_entry *ipset, - uint64_t *pkts, uint64_t *bytes), - (zns, ipset, pkts, bytes)) -DECLARE_HOOK(zebra_pbr_iptable_wrap_script_get_stat, (struct zebra_ns *zns, - struct zebra_pbr_iptable *iptable, - uint64_t *pkts, uint64_t *bytes), - (zns, iptable, pkts, bytes)) -DECLARE_HOOK(zebra_pbr_iptable_wrap_script_update, (struct zebra_ns *zns, - int cmd, - struct zebra_pbr_iptable *iptable), - (zns, cmd, iptable)); - -DECLARE_HOOK(zebra_pbr_ipset_entry_wrap_script_update, (struct zebra_ns *zns, - int cmd, - struct zebra_pbr_ipset_entry *ipset), - (zns, cmd, ipset)); -DECLARE_HOOK(zebra_pbr_ipset_wrap_script_update, (struct zebra_ns *zns, - int cmd, - struct zebra_pbr_ipset *ipset), - (zns, cmd, ipset)); +DECLARE_HOOK(zebra_pbr_ipset_entry_wrap_script_get_stat, + (struct zebra_pbr_ipset_entry *ipset, uint64_t *pkts, + uint64_t *bytes), + (ipset, pkts, bytes)) +DECLARE_HOOK(zebra_pbr_iptable_wrap_script_get_stat, + (struct zebra_pbr_iptable *iptable, uint64_t *pkts, + uint64_t *bytes), + (iptable, pkts, bytes)) +DECLARE_HOOK(zebra_pbr_iptable_wrap_script_update, + (int cmd, struct zebra_pbr_iptable *iptable), (cmd, iptable)); + +DECLARE_HOOK(zebra_pbr_ipset_entry_wrap_script_update, + (int cmd, struct zebra_pbr_ipset_entry *ipset), (cmd, ipset)); +DECLARE_HOOK(zebra_pbr_ipset_wrap_script_update, + (int cmd, struct zebra_pbr_ipset *ipset), (cmd, ipset)); #endif /* _ZEBRA_PBR_H */ diff --git a/zebra/zebra_router.c b/zebra/zebra_router.c index 94d7ab1b8..99d96fd67 100644 --- a/zebra/zebra_router.c +++ b/zebra/zebra_router.c @@ -158,6 +158,13 @@ void zebra_router_terminate(void) hash_clean(zrouter.rules_hash, zebra_pbr_rules_free); hash_free(zrouter.rules_hash); + + hash_clean(zrouter.ipset_entry_hash, zebra_pbr_ipset_entry_free), + hash_clean(zrouter.ipset_hash, zebra_pbr_ipset_free); + hash_free(zrouter.ipset_hash); + hash_free(zrouter.ipset_entry_hash); + hash_clean(zrouter.iptable_hash, zebra_pbr_iptable_free); + hash_free(zrouter.iptable_hash); } void zebra_router_init(void) @@ -167,4 +174,16 @@ void zebra_router_init(void) zrouter.rules_hash = hash_create_size(8, zebra_pbr_rules_hash_key, zebra_pbr_rules_hash_equal, "Rules Hash"); + + zrouter.ipset_hash = + hash_create_size(8, zebra_pbr_ipset_hash_key, + zebra_pbr_ipset_hash_equal, "IPset Hash"); + + zrouter.ipset_entry_hash = hash_create_size( + 8, zebra_pbr_ipset_entry_hash_key, + zebra_pbr_ipset_entry_hash_equal, "IPset Hash Entry"); + + zrouter.iptable_hash = hash_create_size(8, zebra_pbr_iptable_hash_key, + zebra_pbr_iptable_hash_equal, + "IPtable Hash Entry"); } diff --git a/zebra/zebra_router.h b/zebra/zebra_router.h index 246f3857c..6f7013acd 100644 --- a/zebra/zebra_router.h +++ b/zebra/zebra_router.h @@ -52,6 +52,12 @@ struct zebra_router { struct hash *l3vni_table; struct hash *rules_hash; + + struct hash *ipset_hash; + + struct hash *ipset_entry_hash; + + struct hash *iptable_hash; }; extern struct zebra_router zrouter; |