summaryrefslogtreecommitdiffstats
path: root/zebra/zebra_pbr.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* lib: hashing functions should take const argumentsQuentin Young2019-05-141-4/+4
| | | | | | | | | | It doesn't make much sense for a hash function to modify its argument, so const the hash input. BGP does it in a couple places, those cast away the const. Not great but not any worse than it was. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* add cplusplus guards to all zebra headersEmanuele Di Pascale2019-03-251-0/+8
| | | | Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
* zebra: Remove _wrap_script from hook namesDonald Sharp2018-10-241-5/+5
| | | | | | | The _wrap_script inclusion implies a certain end functionality of which we don't care. We just care that the hooks are called. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: Move ipset_hash, ipset_entry_hash and iptable_hash into zrouterDonald Sharp2018-10-241-36/+23
| | | | | | | These three data structures belong in the `zebra_router` structure as that they do not belong in `struct zebra_ns`. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: Move rules_hash to zrouterDonald Sharp2018-10-241-2/+4
| | | | | | | | | | Move the rules_hash to the zrouter data structure and provide the additional bit of work needed to lookup the rule based upon the namespace id as well. Make the callers of functions not care about what namespace id we are in. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* *: Replace hash_cmp function return value to a boolDonald Sharp2018-10-191-4/+5
| | | | | | | | | The ->hash_cmp and linked list ->cmp functions were sometimes being used interchangeably and this really is not a good thing. So let's modify the hash_cmp function pointer to return a boolean and convert everything to use the new syntax. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: Create zebra_dplane.c and .hMark Stapp2018-09-201-7/+6
| | | | | | | Add first sketchy 'dplane' files. Signed-off-by: Mark Stapp <mjs@voltanet.io> Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: show pbr iptable per iptablePhilippe Guibert2018-07-241-1/+1
| | | | | | Add ability to pass a ip table parameter. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: handle policy routing fragment handlingPhilippe Guibert2018-06-281-0/+1
| | | | | | | incoming iptable entries with fragment parameter is handled. An iptable context is created for each fragment value received from BGP. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* *: add flowspec dscp handlingPhilippe Guibert2018-06-281-0/+1
| | | | | | Only one dscp value is accepted as filtering option. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: handling of policy routing iptable tcpflagsPhilippe Guibert2018-06-281-0/+4
| | | | Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: add packet length into pbr supportPhilippe Guibert2018-06-281-0/+3
| | | | | | | | The packet length is added to iptable zapi message. Then the iptable structure is taking into account the pkt_len field. The show pbr iptable command displays the packet length used if any. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* bgpd: add comment to inform that icmp can be stored in that structPhilippe Guibert2018-06-281-0/+2
| | | | | | Generic ipset entry structure will be reused to host icmp information. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: improve show zebra ipset output for icmpPhilippe Guibert2018-06-281-0/+2
| | | | | | | The icmp type/code is displayed. Also, the flags are correctly set in case ICMP protocol is elected. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: pbr ipset_type2_str command is externalisedPhilippe Guibert2018-06-281-0/+2
| | | | | | The API of that function that converts ipset types is externalised. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: Add knowledge of request success/failure for pbr rulesDonald Sharp2018-05-301-2/+2
| | | | | | | Add some nascent code to handle success/failure of the rule installation. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: Rename SOUTHBOUND_XXX to DP_XXXDonald Sharp2018-05-301-5/+5
| | | | | | | The SOUTHBOUND_XXX enum was named a bit poorly. Let's use a bit better name for what we are trying to do. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: PBR config and monitor IPSET/IPTABLE hooks declaredPhilippe Guibert2018-05-251-0/+22
| | | | | | | | | | The following PBR handlers: ipset, and iptables will prioritary call the hook from a possible plugin. If a plugin is attached, then it will return a positive value. That is why the return status is tested against 0 value, since that means that there are no plugin module plugged Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: handle iptable list of interfacesPhilippe Guibert2018-05-251-0/+6
| | | | | | | | | Upon reception of an iptable_add or iptable_del, a list of interface indexes may be passed in the zapi interface. The list is converted in interface name so that it is ready to be passed to be programmed to the underlying system. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: add 3 fields to ipset_entry : src,dst port, and protoPhilippe Guibert2018-05-251-0/+7
| | | | | | | | | | | | Those 3 fields are read and written between zebra and bgpd. This permits extending the ipset_entry structure. Combinatories will be possible: - filtering with one of the src/dst port. - filtering with one of the range src/ range dst port usage of src or dst is exclusive in a FS entry. - filtering a port or a port range based on either src or dst port. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: pbr vty show command for ipset and iptablesPhilippe Guibert2018-05-251-0/+3
| | | | | | | | | | | | | Two new vty show functions available: show pbr ipset <NAME> show pbr iptables <NAME> Those function dump the underlying "kernel" contexts. It relies on the zebra pbr contexts. This helps then to know which zebra pbr context has been configured since those contexts are mainly configured by BGP Flowspec. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: add netlink rule support for fwmark optionPhilippe Guibert2018-05-251-0/+2
| | | | | | | | When a mark is set, incoming traffic having that mark set can be redirected to a specific table identifier. This work is done through netlink. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: rework pbr ipset entryPhilippe Guibert2018-05-251-0/+4
| | | | | | | | Add ns_id into zebra_pbr ipset This is important so that each ipset entry knows on which NETNS the ipset entry must be inkected Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: upon zclient breaking, flush PBR entriesPhilippe Guibert2018-05-221-2/+1
| | | | | | | In case, the BGP or PBR daemon leaves, the PBR contexts created by this daemon are flushed. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: adapt zebra_pbr_rule based with pbr_rulePhilippe Guibert2018-04-161-65/+9
| | | | | | | | | | | In order to avoid duplicates functions, the zebra_pbr_rule structure used by zebra to decode the zapi message, and send netlink messages, is slightly modified. the structure is derived from pbr_rule, but it also includes sock identifier that is used to send back information to the daemon that did the request. Also, the ifp pointer is stored in that structure. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: add IPTABLE_ADD and IPTABLE_DEL commands in zapiPhilippe Guibert2018-04-161-0/+41
| | | | | | | | | | | Those messages permit a remote daemon to configure an iptable entry. A structure is defined that maps to an iptable entry. More specifically, this structure proposes to associate fwmark, and a table ID. Adding to the configuration, the initialisation of iptables hash list is done into zebra netnamespace. Also a hook for notifying the sender that the iptables has been correctly set is done. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: pbr rule structure is being added fwmark tagPhilippe Guibert2018-04-161-0/+4
| | | | | | | PBR rule is being added a 32 bit value that can be used to record a rule in the kernel, by using a fwmark information. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: handling notifications upon ipset creation/destruction donePhilippe Guibert2018-04-161-0/+15
| | | | | | | Once ipset entries are injected in the kernel, the relevant daemon is informed with a zebra message sent back. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* lib: add ZEBRA IPSET definesPhilippe Guibert2018-04-161-0/+2
| | | | | | | ZEBRA IPSET defines are added for creating/deleting ipset contexts. Ans also create ipset hash sets. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: handle entry pointfs for ipset creation/destructionPhilippe Guibert2018-04-161-0/+61
| | | | | | | | IPset and IPset entries structures are introduced. Those entries reflect the ipset structures and ipset hash sets that will be created on the kernel. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* zebra: Allow for deletion of rules when the originator goes awayDonald Sharp2018-03-161-0/+3
| | | | | | | When zebra detects that the originator has dissapeared delete all rules associated with that client. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* lib, zebra: Add Rule insertion success/failure messagesDonald Sharp2018-03-091-0/+9
| | | | | | | Add code to allow rule insertion notifications to be sent back up the stack. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: Make the ifp part of the rule structureDonald Sharp2018-03-091-11/+6
| | | | | | | | | | Every place we need to pass around the rule structure we need to pass around the ifp as well. Move it into the structure. This will also allow us to notify up to higher level protocols that this worked properly or not better too. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: Keep track of rules writtenDonald Sharp2018-03-091-2/+7
| | | | | | | | Keep track of rules written into the kernel. This will allow us to delete them on shutdown if we are not cleaned up properly. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: Cleanup apiDonald Sharp2018-03-091-0/+2
| | | | | | | | | Allow the add/delete to go through a intermediary function in zebra_pbr.c instead of directly to the underlying os call. This will allow future refinements to track the data a bit better so that on shutdown we can delete the rules. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* zebra: Cleanup a couple of api issuesDonald Sharp2018-03-091-10/+9
| | | | | | | | 1) use uint32_t instead of u_int32_t as we are supposed to 2) Consolidate priority into the rule. 3) Cleanup the api from this. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* *: PBR - netlink interaction and basic definitionsvivek2018-03-091-0/+128
Implement netlink interactions for Policy Based Routing. This includes APIs to install and uninstall rules and handle notifications from the kernel related to rule addition or deletion. Various definitions are added to facilitate this. Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 05:12:59 +0100