[mirror_frr.git] / bgpd / bgp_pbr.h

/*
 * BGP pbr
 * Copyright (C) 6WIND
 *
 * FRR is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * FRR is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; see the file COPYING; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
 */
#ifndef __BGP_PBR_H__
#define __BGP_PBR_H__

#include "nexthop.h"
#include "zclient.h"

/* flowspec case: 0 to 3 actions maximum:
 * 1 redirect
 * 1 set dscp
 * 1 set traffic rate
 */
#define ACTIONS_MAX_NUM 4
enum bgp_pbr_action_enum {
	ACTION_TRAFFICRATE = 1,
	ACTION_TRAFFIC_ACTION = 2,
	ACTION_REDIRECT = 3,
	ACTION_MARKING = 4,
	ACTION_REDIRECT_IP = 5
};

#define TRAFFIC_ACTION_SAMPLE     (1 << 0)
#define TRAFFIC_ACTION_TERMINATE  (1 << 1)
#define TRAFFIC_ACTION_DISTRIBUTE (1 << 2)

#define OPERATOR_COMPARE_LESS_THAN    (1<<1)
#define OPERATOR_COMPARE_GREATER_THAN (1<<2)
#define OPERATOR_COMPARE_EQUAL_TO     (1<<3)
#define OPERATOR_COMPARE_EXACT_MATCH  (1<<4)

#define OPERATOR_UNARY_OR    (1<<1)
#define OPERATOR_UNARY_AND   (1<<2)

/* struct used to store values [0;65535]
 * this can be used for port number of protocol
 */
#define BGP_PBR_MATCH_VAL_MAX 5

struct bgp_pbr_match_val {
	uint16_t value;
	uint8_t compare_operator;
	uint8_t unary_operator;
};

#define FRAGMENT_DONT  1
#define FRAGMENT_IS    2
#define FRAGMENT_FIRST 4
#define FRAGMENT_LAST  8

struct bgp_pbr_entry_action {
	/* used to store enum bgp_pbr_action_enum enumerate */
	uint8_t action;
	union {
		union {
			uint8_t rate_info[4]; /* IEEE.754.1985 */
			float rate;
		} r __attribute__((aligned(8)));
		struct _pbr_action {
			uint8_t do_sample;
			uint8_t filter;
		} za;
		vrf_id_t redirect_vrf;
		struct _pbr_redirect_ip {
			struct in_addr redirect_ip_v4;
			uint8_t duplicate;
		} zr;
		uint8_t marking_dscp;
	} u __attribute__((aligned(8)));
};

/* BGP Policy Route structure */
struct bgp_pbr_entry_main {
#define BGP_PBR_UNDEFINED	0
#define BGP_PBR_IPSET		1
#define BGP_PBR_IPRULE		2
	uint8_t type;

	/*
	 * This is an enum but we are going to treat it as a uint8_t
	 * for purpose of encoding/decoding
	 */
	afi_t afi;
	safi_t safi;

#define PREFIX_SRC_PRESENT (1 << 0)
#define PREFIX_DST_PRESENT (1 << 1)
	uint8_t match_bitmask_iprule;
	uint8_t match_bitmask;

	uint8_t match_src_port_num;
	uint8_t match_dst_port_num;
	uint8_t match_port_num;
	uint8_t match_protocol_num;
	uint8_t match_icmp_type_num;
	uint8_t match_icmp_code_num;
	uint8_t match_packet_length_num;
	uint8_t match_dscp_num;
	uint8_t match_tcpflags_num;
	uint8_t match_fragment_num;

	struct prefix src_prefix;
	struct prefix dst_prefix;

#define PROTOCOL_UDP 17
#define PROTOCOL_TCP 6
#define PROTOCOL_ICMP 1
	struct bgp_pbr_match_val protocol[BGP_PBR_MATCH_VAL_MAX];
	struct bgp_pbr_match_val src_port[BGP_PBR_MATCH_VAL_MAX];
	struct bgp_pbr_match_val dst_port[BGP_PBR_MATCH_VAL_MAX];
	struct bgp_pbr_match_val port[BGP_PBR_MATCH_VAL_MAX];
	struct bgp_pbr_match_val icmp_type[BGP_PBR_MATCH_VAL_MAX];
	struct bgp_pbr_match_val icmp_code[BGP_PBR_MATCH_VAL_MAX];
	struct bgp_pbr_match_val packet_length[BGP_PBR_MATCH_VAL_MAX];
	struct bgp_pbr_match_val dscp[BGP_PBR_MATCH_VAL_MAX];

	struct bgp_pbr_match_val tcpflags[BGP_PBR_MATCH_VAL_MAX];
	struct bgp_pbr_match_val fragment[BGP_PBR_MATCH_VAL_MAX];

	uint16_t action_num;
	struct bgp_pbr_entry_action actions[ACTIONS_MAX_NUM];

	vrf_id_t vrf_id;
};

struct bgp_pbr_interface {
	RB_ENTRY(bgp_pbr_interface) id_entry;
	char name[INTERFACE_NAMSIZ];
};

RB_HEAD(bgp_pbr_interface_head, bgp_pbr_interface);
RB_PROTOTYPE(bgp_pbr_interface_head, bgp_pbr_interface, id_entry,
	     bgp_pbr_interface_compare);

extern int bgp_pbr_interface_compare(const struct bgp_pbr_interface *a,
				     const struct bgp_pbr_interface *b);

struct bgp_pbr_config {
	struct bgp_pbr_interface_head ifaces_by_name_ipv4;
	bool pbr_interface_any_ipv4;
};

extern struct bgp_pbr_config *bgp_pbr_cfg;

struct bgp_pbr_rule {
	uint32_t flags;
	struct prefix src;
	struct prefix dst;
	struct bgp_pbr_action *action;
	vrf_id_t vrf_id;
	uint32_t unique;
	uint32_t priority;
	bool installed;
	bool install_in_progress;
	void *path;
};

struct bgp_pbr_match {
	char ipset_name[ZEBRA_IPSET_NAME_SIZE];

	/* mapped on enum ipset_type
	 */
	uint32_t type;

	uint32_t flags;

	uint16_t pkt_len_min;
	uint16_t pkt_len_max;
	uint16_t tcp_flags;
	uint16_t tcp_mask_flags;
	uint8_t dscp_value;
	uint8_t fragment;
	uint8_t protocol;

	vrf_id_t vrf_id;

	/* unique identifier for ipset create transaction
	 */
	uint32_t unique;

	/* unique identifier for iptable add transaction
	 */
	uint32_t unique2;

	bool installed;
	bool install_in_progress;

	bool installed_in_iptable;
	bool install_iptable_in_progress;

	struct hash *entry_hash;

	struct bgp_pbr_action *action;

};

struct bgp_pbr_match_entry {
	struct bgp_pbr_match *backpointer;

	uint32_t unique;

	struct prefix src;
	struct prefix dst;

	uint16_t src_port_min;
	uint16_t src_port_max;
	uint16_t dst_port_min;
	uint16_t dst_port_max;
	uint8_t proto;

	void *path;

	bool installed;
	bool install_in_progress;
};

struct bgp_pbr_action {

	/*
	 * The Unique identifier of this specific pbrms
	 */
	uint32_t unique;

	uint32_t fwmark;

	uint32_t table_id;

	float rate;

	/*
	 * nexthop information, or drop information
	 * contains src vrf_id and nh contains dest vrf_id
	 */
	vrf_id_t vrf_id;
	struct nexthop nh;

	bool installed;
	bool install_in_progress;
	uint32_t refcnt;
	struct bgp *bgp;
};

extern struct bgp_pbr_rule *bgp_pbr_rule_lookup(vrf_id_t vrf_id,
						uint32_t unique);

extern struct bgp_pbr_action *bgp_pbr_action_rule_lookup(vrf_id_t vrf_id,
							 uint32_t unique);

extern struct bgp_pbr_match *bgp_pbr_match_ipset_lookup(vrf_id_t vrf_id,
							uint32_t unique);

extern struct bgp_pbr_match_entry *bgp_pbr_match_ipset_entry_lookup(
					    vrf_id_t vrf_id, char *name,
					    uint32_t unique);
extern struct bgp_pbr_match *bgp_pbr_match_iptable_lookup(vrf_id_t vrf_id,
							  uint32_t unique);

extern void bgp_pbr_cleanup(struct bgp *bgp);
extern void bgp_pbr_init(struct bgp *bgp);

extern uint32_t bgp_pbr_rule_hash_key(const void *arg);
extern bool bgp_pbr_rule_hash_equal(const void *arg1,
				   const void *arg2);
extern uint32_t bgp_pbr_action_hash_key(const void *arg);
extern bool bgp_pbr_action_hash_equal(const void *arg1,
				     const void *arg2);
extern uint32_t bgp_pbr_match_entry_hash_key(const void *arg);
extern bool bgp_pbr_match_entry_hash_equal(const void *arg1,
					  const void *arg2);
extern uint32_t bgp_pbr_match_hash_key(const void *arg);
extern bool bgp_pbr_match_hash_equal(const void *arg1,
				    const void *arg2);

void bgp_pbr_print_policy_route(struct bgp_pbr_entry_main *api);

struct bgp_node;
struct bgp_path_info;
extern void bgp_pbr_update_entry(struct bgp *bgp, struct prefix *p,
				 struct bgp_path_info *new_select, afi_t afi,
				 safi_t safi, bool nlri_update);

/* bgp pbr utilities */
extern struct bgp_pbr_interface *pbr_interface_lookup(const char *name);
extern void bgp_pbr_reset(struct bgp *bgp, afi_t afi);
extern struct bgp_pbr_interface *bgp_pbr_interface_lookup(const char *name,
				   struct bgp_pbr_interface_head *head);

extern int bgp_pbr_build_and_validate_entry(struct prefix *p,
					    struct bgp_path_info *path,
					    struct bgp_pbr_entry_main *api);
#endif /* __BGP_PBR_H__ */
Commit	Line	Data
bbe6ffd6 PG	1	/*
	2	* BGP pbr
	3	* Copyright (C) 6WIND
	4	*
	5	* FRR is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2, or (at your option) any
	8	* later version.
	9	*
	10	* FRR is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of
	12	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	13	* General Public License for more details.
	14	*
	15	* You should have received a copy of the GNU General Public License along
	16	* with this program; see the file COPYING; if not, write to the Free Software
	17	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	18	*/
	19	#ifndef __BGP_PBR_H__
	20	#define __BGP_PBR_H__
	21
	22	#include "nexthop.h"
	23	#include "zclient.h"
	24
b46b6f1a PG	25	/* flowspec case: 0 to 3 actions maximum:
	26	* 1 redirect
	27	* 1 set dscp
	28	* 1 set traffic rate
	29	*/
	30	#define ACTIONS_MAX_NUM 4
	31	enum bgp_pbr_action_enum {
	32	ACTION_TRAFFICRATE = 1,
	33	ACTION_TRAFFIC_ACTION = 2,
	34	ACTION_REDIRECT = 3,
	35	ACTION_MARKING = 4,
	36	ACTION_REDIRECT_IP = 5
	37	};
	38
	39	#define TRAFFIC_ACTION_SAMPLE (1 << 0)
	40	#define TRAFFIC_ACTION_TERMINATE (1 << 1)
	41	#define TRAFFIC_ACTION_DISTRIBUTE (1 << 2)
	42
	43	#define OPERATOR_COMPARE_LESS_THAN (1<<1)
	44	#define OPERATOR_COMPARE_GREATER_THAN (1<<2)
	45	#define OPERATOR_COMPARE_EQUAL_TO (1<<3)
	46	#define OPERATOR_COMPARE_EXACT_MATCH (1<<4)
	47
	48	#define OPERATOR_UNARY_OR (1<<1)
	49	#define OPERATOR_UNARY_AND (1<<2)
	50
	51	/* struct used to store values [0;65535]
	52	* this can be used for port number of protocol
	53	*/
	54	#define BGP_PBR_MATCH_VAL_MAX 5
	55
	56	struct bgp_pbr_match_val {
	57	uint16_t value;
	58	uint8_t compare_operator;
	59	uint8_t unary_operator;
3f54c705	60	};
b46b6f1a PG	61
	62	#define FRAGMENT_DONT 1
	63	#define FRAGMENT_IS 2
	64	#define FRAGMENT_FIRST 4
	65	#define FRAGMENT_LAST 8
	66
b46b6f1a PG	67	struct bgp_pbr_entry_action {
	68	/* used to store enum bgp_pbr_action_enum enumerate */
	69	uint8_t action;
	70	union {
	71	union {
	72	uint8_t rate_info[4]; /* IEEE.754.1985 */
	73	float rate;
	74	} r __attribute__((aligned(8)));
	75	struct _pbr_action {
	76	uint8_t do_sample;
	77	uint8_t filter;
	78	} za;
	79	vrf_id_t redirect_vrf;
	80	struct _pbr_redirect_ip {
	81	struct in_addr redirect_ip_v4;
	82	uint8_t duplicate;
	83	} zr;
	84	uint8_t marking_dscp;
	85	} u __attribute__((aligned(8)));
	86	};
	87
	88	/* BGP Policy Route structure */
	89	struct bgp_pbr_entry_main {
5fa779c9 PG	90	#define BGP_PBR_UNDEFINED 0
	91	#define BGP_PBR_IPSET 1
	92	#define BGP_PBR_IPRULE 2
b46b6f1a	93	uint8_t type;
b46b6f1a PG	94
	95	/*
	96	* This is an enum but we are going to treat it as a uint8_t
	97	* for purpose of encoding/decoding
	98	*/
	99	afi_t afi;
	100	safi_t safi;
	101
	102	#define PREFIX_SRC_PRESENT (1 << 0)
	103	#define PREFIX_DST_PRESENT (1 << 1)
5fa779c9	104	uint8_t match_bitmask_iprule;
b46b6f1a PG	105	uint8_t match_bitmask;
	106
	107	uint8_t match_src_port_num;
	108	uint8_t match_dst_port_num;
	109	uint8_t match_port_num;
	110	uint8_t match_protocol_num;
	111	uint8_t match_icmp_type_num;
	112	uint8_t match_icmp_code_num;
	113	uint8_t match_packet_length_num;
	114	uint8_t match_dscp_num;
	115	uint8_t match_tcpflags_num;
588ec356	116	uint8_t match_fragment_num;
b46b6f1a PG	117
	118	struct prefix src_prefix;
	119	struct prefix dst_prefix;
	120
1de7dfff PG	121	#define PROTOCOL_UDP 17
1de7dfff PG	122	#define PROTOCOL_TCP 6
932404b7	123	#define PROTOCOL_ICMP 1
b46b6f1a PG	124	struct bgp_pbr_match_val protocol[BGP_PBR_MATCH_VAL_MAX];
	125	struct bgp_pbr_match_val src_port[BGP_PBR_MATCH_VAL_MAX];
	126	struct bgp_pbr_match_val dst_port[BGP_PBR_MATCH_VAL_MAX];
	127	struct bgp_pbr_match_val port[BGP_PBR_MATCH_VAL_MAX];
	128	struct bgp_pbr_match_val icmp_type[BGP_PBR_MATCH_VAL_MAX];
	129	struct bgp_pbr_match_val icmp_code[BGP_PBR_MATCH_VAL_MAX];
	130	struct bgp_pbr_match_val packet_length[BGP_PBR_MATCH_VAL_MAX];
	131	struct bgp_pbr_match_val dscp[BGP_PBR_MATCH_VAL_MAX];
2da7d62e	132
b46b6f1a	133	struct bgp_pbr_match_val tcpflags[BGP_PBR_MATCH_VAL_MAX];
588ec356	134	struct bgp_pbr_match_val fragment[BGP_PBR_MATCH_VAL_MAX];
b46b6f1a PG	135
	136	uint16_t action_num;
	137	struct bgp_pbr_entry_action actions[ACTIONS_MAX_NUM];
	138
b46b6f1a PG	139	vrf_id_t vrf_id;
	140	};
	141
4762c213 PG	142	struct bgp_pbr_interface {
	143	RB_ENTRY(bgp_pbr_interface) id_entry;
	144	char name[INTERFACE_NAMSIZ];
	145	};
	146
	147	RB_HEAD(bgp_pbr_interface_head, bgp_pbr_interface);
	148	RB_PROTOTYPE(bgp_pbr_interface_head, bgp_pbr_interface, id_entry,
	149	bgp_pbr_interface_compare);
	150
	151	extern int bgp_pbr_interface_compare(const struct bgp_pbr_interface *a,
	152	const struct bgp_pbr_interface *b);
	153
	154	struct bgp_pbr_config {
	155	struct bgp_pbr_interface_head ifaces_by_name_ipv4;
	156	bool pbr_interface_any_ipv4;
	157	};
	158
	159	extern struct bgp_pbr_config *bgp_pbr_cfg;
	160
27e376d4 PG	161	struct bgp_pbr_rule {
	162	uint32_t flags;
	163	struct prefix src;
	164	struct prefix dst;
	165	struct bgp_pbr_action *action;
	166	vrf_id_t vrf_id;
	167	uint32_t unique;
8112a7a0	168	uint32_t priority;
27e376d4 PG	169	bool installed;
27e376d4 PG	170	bool install_in_progress;
ce3c0614	171	void *path;
27e376d4 PG	172	};
27e376d4 PG	173
bbe6ffd6 PG	174	struct bgp_pbr_match {
	175	char ipset_name[ZEBRA_IPSET_NAME_SIZE];
	176
	177	/* mapped on enum ipset_type
	178	*/
	179	uint32_t type;
	180
f3d32faa PG	181	uint32_t flags;
f3d32faa PG	182
83360720 PG	183	uint16_t pkt_len_min;
83360720 PG	184	uint16_t pkt_len_max;
2da7d62e PG	185	uint16_t tcp_flags;
2da7d62e PG	186	uint16_t tcp_mask_flags;
4977bd6c	187	uint8_t dscp_value;
6f5617d8	188	uint8_t fragment;
f449d223	189	uint8_t protocol;
83360720	190
f3d32faa PG	191	vrf_id_t vrf_id;
	192
	193	/* unique identifier for ipset create transaction
	194	*/
bbe6ffd6 PG	195	uint32_t unique;
bbe6ffd6 PG	196
f3d32faa PG	197	/* unique identifier for iptable add transaction
	198	*/
	199	uint32_t unique2;
	200
bbe6ffd6	201	bool installed;
30d50e6d	202	bool install_in_progress;
f3d32faa PG	203
	204	bool installed_in_iptable;
	205	bool install_iptable_in_progress;
	206
	207	struct hash *entry_hash;
	208
	209	struct bgp_pbr_action *action;
	210
bbe6ffd6 PG	211	};
	212
	213	struct bgp_pbr_match_entry {
	214	struct bgp_pbr_match *backpointer;
	215
	216	uint32_t unique;
	217
	218	struct prefix src;
	219	struct prefix dst;
	220
f730e566 PG	221	uint16_t src_port_min;
	222	uint16_t src_port_max;
	223	uint16_t dst_port_min;
	224	uint16_t dst_port_max;
	225	uint8_t proto;
	226
9b6d8fcf	227	void *path;
b588b642	228
bbe6ffd6 PG	229	bool installed;
	230	bool install_in_progress;
	231	};
	232
	233	struct bgp_pbr_action {
	234
	235	/*
	236	* The Unique identifier of this specific pbrms
	237	*/
	238	uint32_t unique;
	239
	240	uint32_t fwmark;
	241
	242	uint32_t table_id;
	243
f3d32faa PG	244	float rate;
f3d32faa PG	245
bbe6ffd6 PG	246	/*
	247	* nexthop information, or drop information
	248	* contains src vrf_id and nh contains dest vrf_id
	249	*/
	250	vrf_id_t vrf_id;
	251	struct nexthop nh;
	252
	253	bool installed;
	254	bool install_in_progress;
a6b07429 PG	255	uint32_t refcnt;
a6b07429 PG	256	struct bgp *bgp;
bbe6ffd6 PG	257	};
bbe6ffd6 PG	258
ffee150e PG	259	extern struct bgp_pbr_rule *bgp_pbr_rule_lookup(vrf_id_t vrf_id,
	260	uint32_t unique);
	261
70eabd12 PG	262	extern struct bgp_pbr_action *bgp_pbr_action_rule_lookup(vrf_id_t vrf_id,
70eabd12 PG	263	uint32_t unique);
bbe6ffd6 PG	264
	265	extern struct bgp_pbr_match *bgp_pbr_match_ipset_lookup(vrf_id_t vrf_id,
	266	uint32_t unique);
	267
	268	extern struct bgp_pbr_match_entry *bgp_pbr_match_ipset_entry_lookup(
	269	vrf_id_t vrf_id, char *name,
	270	uint32_t unique);
1815c6fc PG	271	extern struct bgp_pbr_match *bgp_pbr_match_iptable_lookup(vrf_id_t vrf_id,
1815c6fc PG	272	uint32_t unique);
f3d32faa	273
a6b07429	274	extern void bgp_pbr_cleanup(struct bgp *bgp);
f3d32faa PG	275	extern void bgp_pbr_init(struct bgp *bgp);
f3d32faa PG	276
d8b87afe	277	extern uint32_t bgp_pbr_rule_hash_key(const void *arg);
27e376d4 PG	278	extern bool bgp_pbr_rule_hash_equal(const void *arg1,
27e376d4 PG	279	const void *arg2);
d8b87afe	280	extern uint32_t bgp_pbr_action_hash_key(const void *arg);
74df8d6d	281	extern bool bgp_pbr_action_hash_equal(const void *arg1,
f3d32faa	282	const void *arg2);
d8b87afe	283	extern uint32_t bgp_pbr_match_entry_hash_key(const void *arg);
74df8d6d	284	extern bool bgp_pbr_match_entry_hash_equal(const void *arg1,
f3d32faa	285	const void *arg2);
d8b87afe	286	extern uint32_t bgp_pbr_match_hash_key(const void *arg);
74df8d6d	287	extern bool bgp_pbr_match_hash_equal(const void *arg1,
f3d32faa PG	288	const void *arg2);
f3d32faa PG	289
b46b6f1a PG	290	void bgp_pbr_print_policy_route(struct bgp_pbr_entry_main *api);
b46b6f1a PG	291
45918cfb	292	struct bgp_node;
4b7e6066	293	struct bgp_path_info;
45918cfb	294	extern void bgp_pbr_update_entry(struct bgp bgp, struct prefix p,
4b7e6066 DS	295	struct bgp_path_info *new_select, afi_t afi,
4b7e6066 DS	296	safi_t safi, bool nlri_update);
45918cfb	297
4762c213 PG	298	/* bgp pbr utilities */
	299	extern struct bgp_pbr_interface pbr_interface_lookup(const char name);
	300	extern void bgp_pbr_reset(struct bgp *bgp, afi_t afi);
	301	extern struct bgp_pbr_interface bgp_pbr_interface_lookup(const char name,
	302	struct bgp_pbr_interface_head *head);
	303
0378bcaa PG	304	extern int bgp_pbr_build_and_validate_entry(struct prefix *p,
	305	struct bgp_path_info *path,
	306	struct bgp_pbr_entry_main *api);
bbe6ffd6	307	#endif /* __BGP_PBR_H__ */