]>
Commit | Line | Data |
---|---|---|
acddc0ed | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
942bf97b | 2 | /* |
3 | * Zebra Policy Based Routing (PBR) Data structures and definitions | |
4 | * These are public definitions referenced by multiple files. | |
5 | * Copyright (C) 2018 Cumulus Networks, Inc. | |
942bf97b | 6 | */ |
7 | ||
8 | #ifndef _ZEBRA_PBR_H | |
9 | #define _ZEBRA_PBR_H | |
10 | ||
11 | #include <zebra.h> | |
12 | ||
13 | #include "prefix.h" | |
14 | #include "if.h" | |
b6c5d343 | 15 | |
942bf97b | 16 | #include "rt.h" |
5dd0722d | 17 | #include "pbr.h" |
942bf97b | 18 | |
51e94aa7 EDP |
19 | #ifdef __cplusplus |
20 | extern "C" { | |
21 | #endif | |
22 | ||
c0ce4875 MS |
23 | /* Memory type for PBR objects. */ |
24 | DECLARE_MTYPE(PBR_OBJ); | |
25 | ||
4cf4fad1 AK |
26 | struct zebra_pbr_action { |
27 | afi_t afi; | |
28 | ||
29 | /* currently only one nexthop is supported */ | |
30 | union g_addr gate; | |
31 | ||
32 | /* dest-interface */ | |
33 | ifindex_t ifindex; | |
34 | ||
9898473f AK |
35 | /* dataplane info */ |
36 | intptr_t dp_flow_ptr; | |
37 | ||
4cf4fad1 AK |
38 | /* neigh */ |
39 | struct zebra_neigh_ent *neigh; | |
59f47eb0 | 40 | /* zebra_pbr_rule is linked to neigh via neigh_listnode */ |
4cf4fad1 AK |
41 | struct listnode neigh_listnode; |
42 | }; | |
43 | ||
5dd0722d PG |
44 | struct zebra_pbr_rule { |
45 | int sock; | |
7661461a | 46 | |
5dd0722d | 47 | struct pbr_rule rule; |
1907e4b8 | 48 | |
b19d55d0 | 49 | char ifname[INTERFACE_NAMSIZ]; |
7f0ea8a4 | 50 | |
4cf4fad1 AK |
51 | struct zebra_pbr_action action; |
52 | ||
7f0ea8a4 | 53 | vrf_id_t vrf_id; |
942bf97b | 54 | }; |
55 | ||
56 | #define IS_RULE_FILTERING_ON_SRC_IP(r) \ | |
5dd0722d | 57 | (r->rule.filter.filter_bm & PBR_FILTER_SRC_IP) |
942bf97b | 58 | #define IS_RULE_FILTERING_ON_DST_IP(r) \ |
5dd0722d | 59 | (r->rule.filter.filter_bm & PBR_FILTER_DST_IP) |
942bf97b | 60 | #define IS_RULE_FILTERING_ON_SRC_PORT(r) \ |
5dd0722d | 61 | (r->rule.filter.filter_bm & PBR_FILTER_SRC_PORT) |
942bf97b | 62 | #define IS_RULE_FILTERING_ON_DST_PORT(r) \ |
5dd0722d | 63 | (r->rule.filter.filter_bm & PBR_FILTER_DST_PORT) |
01f23aff WC |
64 | #define IS_RULE_FILTERING_ON_DSFIELD(r) \ |
65 | (r->rule.filter.filter_bm & PBR_FILTER_DSFIELD) | |
2bee7aae PG |
66 | #define IS_RULE_FILTERING_ON_FWMARK(r) \ |
67 | (r->rule.filter.filter_bm & PBR_FILTER_FWMARK) | |
7661461a PG |
68 | |
69 | /* | |
70 | * An IPSet Entry Filter | |
71 | * | |
72 | * This is a filter mapped on ipset entries | |
73 | */ | |
ef524230 PG |
74 | struct zebra_pbr_ipset_info { |
75 | /* type is encoded as uint32_t | |
76 | * but value is an enum ipset_type | |
77 | */ | |
78 | uint32_t type; | |
79 | ||
85b02353 PG |
80 | uint8_t family; |
81 | ||
ef524230 PG |
82 | char ipset_name[ZEBRA_IPSET_NAME_SIZE]; |
83 | }; | |
84 | ||
7661461a PG |
85 | struct zebra_pbr_ipset { |
86 | /* | |
87 | * Originating zclient sock fd, so we can know who to send | |
88 | * back to. | |
89 | */ | |
90 | int sock; | |
91 | ||
be2028d1 PG |
92 | vrf_id_t vrf_id; |
93 | ||
7661461a PG |
94 | uint32_t unique; |
95 | ||
96 | /* type is encoded as uint32_t | |
97 | * but value is an enum ipset_type | |
98 | */ | |
99 | uint32_t type; | |
a60b7031 PG |
100 | |
101 | uint8_t family; | |
102 | ||
7661461a PG |
103 | char ipset_name[ZEBRA_IPSET_NAME_SIZE]; |
104 | }; | |
105 | ||
ef524230 | 106 | |
7661461a PG |
107 | /* |
108 | * An IPSet Entry Filter | |
109 | * | |
110 | * This is a filter mapped on ipset entries | |
111 | */ | |
112 | struct zebra_pbr_ipset_entry { | |
113 | /* | |
114 | * Originating zclient sock fd, so we can know who to send | |
115 | * back to. | |
116 | */ | |
117 | int sock; | |
118 | ||
119 | uint32_t unique; | |
120 | ||
121 | struct prefix src; | |
122 | struct prefix dst; | |
123 | ||
3b0c3697 | 124 | /* udp/tcp src port or icmp type */ |
25d760c5 PG |
125 | uint16_t src_port_min; |
126 | uint16_t src_port_max; | |
3b0c3697 | 127 | /* udp/tcp dst port or icmp code */ |
25d760c5 PG |
128 | uint16_t dst_port_min; |
129 | uint16_t dst_port_max; | |
130 | ||
131 | uint8_t proto; | |
132 | ||
7661461a PG |
133 | uint32_t filter_bm; |
134 | ||
135 | struct zebra_pbr_ipset *backpointer; | |
136 | }; | |
137 | ||
7abd6c4f PG |
138 | /* |
139 | * An IPTables Action | |
140 | * | |
141 | * This is a filter mapped on ipset entries | |
142 | */ | |
143 | struct zebra_pbr_iptable { | |
144 | /* | |
145 | * Originating zclient sock fd, so we can know who to send | |
146 | * back to. | |
147 | */ | |
148 | int sock; | |
149 | ||
be2028d1 PG |
150 | vrf_id_t vrf_id; |
151 | ||
7abd6c4f PG |
152 | uint32_t unique; |
153 | ||
154 | /* include ipset type | |
155 | */ | |
156 | uint32_t type; | |
157 | ||
158 | /* include which IP is to be filtered | |
159 | */ | |
160 | uint32_t filter_bm; | |
161 | ||
162 | uint32_t fwmark; | |
163 | ||
164 | uint32_t action; | |
165 | ||
e7f7dad4 PG |
166 | uint16_t pkt_len_min; |
167 | uint16_t pkt_len_max; | |
dc993e76 PG |
168 | uint16_t tcp_flags; |
169 | uint16_t tcp_mask_flags; | |
4977bd6c | 170 | uint8_t dscp_value; |
5ac5b7cc | 171 | uint8_t fragment; |
f449d223 | 172 | uint8_t protocol; |
e7f7dad4 | 173 | |
f80ec7e3 | 174 | uint32_t nb_interface; |
a60b7031 PG |
175 | uint16_t flow_label; |
176 | ||
177 | uint8_t family; | |
f80ec7e3 PG |
178 | |
179 | struct list *interface_name_list; | |
180 | ||
c9250e28 PG |
181 | #define IPTABLE_INSTALL_QUEUED 1 << 1 |
182 | #define IPTABLE_UNINSTALL_QUEUED 1 << 2 | |
183 | uint8_t internal_flags; | |
7abd6c4f PG |
184 | char ipset_name[ZEBRA_IPSET_NAME_SIZE]; |
185 | }; | |
186 | ||
be729dd7 | 187 | extern const struct message icmp_typecode_str[]; |
c9b1139a | 188 | extern const struct message icmpv6_typecode_str[]; |
be729dd7 | 189 | |
5b0d92b8 PG |
190 | const char *zebra_pbr_ipset_type2str(uint32_t type); |
191 | ||
7f0ea8a4 DS |
192 | void zebra_pbr_add_rule(struct zebra_pbr_rule *rule); |
193 | void zebra_pbr_del_rule(struct zebra_pbr_rule *rule); | |
62f20a52 DS |
194 | void zebra_pbr_create_ipset(struct zebra_pbr_ipset *ipset); |
195 | void zebra_pbr_destroy_ipset(struct zebra_pbr_ipset *ipset); | |
196 | struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(char *ipsetname); | |
197 | void zebra_pbr_add_ipset_entry(struct zebra_pbr_ipset_entry *ipset); | |
198 | void zebra_pbr_del_ipset_entry(struct zebra_pbr_ipset_entry *ipset); | |
199 | ||
200 | void zebra_pbr_add_iptable(struct zebra_pbr_iptable *iptable); | |
201 | void zebra_pbr_del_iptable(struct zebra_pbr_iptable *iptable); | |
5162e000 | 202 | void zebra_pbr_process_iptable(struct zebra_dplane_ctx *ctx); |
ef524230 PG |
203 | void zebra_pbr_process_ipset(struct zebra_dplane_ctx *ctx); |
204 | void zebra_pbr_process_ipset_entry(struct zebra_dplane_ctx *ctx); | |
7abd6c4f | 205 | |
942bf97b | 206 | /* |
207 | * Get to know existing PBR rules in the kernel - typically called at startup. | |
208 | */ | |
209 | extern void kernel_read_pbr_rules(struct zebra_ns *zns); | |
210 | ||
211 | /* | |
212 | * Handle success or failure of rule (un)install in the kernel. | |
213 | */ | |
f62e5480 | 214 | extern void zebra_pbr_dplane_result(struct zebra_dplane_ctx *ctx); |
942bf97b | 215 | |
425bdd6b PG |
216 | /* |
217 | * Handle success or failure of ipset kinds (un)install in the kernel. | |
218 | */ | |
219 | extern void kernel_pbr_ipset_add_del_status(struct zebra_pbr_ipset *ipset, | |
ea1c14f6 | 220 | enum zebra_dplane_status res); |
425bdd6b PG |
221 | |
222 | extern void kernel_pbr_ipset_entry_add_del_status( | |
223 | struct zebra_pbr_ipset_entry *ipset, | |
ea1c14f6 | 224 | enum zebra_dplane_status res); |
425bdd6b | 225 | |
942bf97b | 226 | /* |
227 | * Handle rule delete notification from kernel. | |
228 | */ | |
a0321978 | 229 | extern int kernel_pbr_rule_del(struct zebra_pbr_rule *rule); |
942bf97b | 230 | |
43fe6a2a | 231 | extern void zebra_pbr_rules_free(void *arg); |
d8b87afe | 232 | extern uint32_t zebra_pbr_rules_hash_key(const void *arg); |
74df8d6d | 233 | extern bool zebra_pbr_rules_hash_equal(const void *arg1, const void *arg2); |
e69aa084 | 234 | |
425bdd6b PG |
235 | /* has operates on 32bit pointer |
236 | * and field is a string of 8bit | |
237 | */ | |
238 | #define ZEBRA_IPSET_NAME_HASH_SIZE (ZEBRA_IPSET_NAME_SIZE / 4) | |
239 | ||
7661461a | 240 | extern void zebra_pbr_ipset_free(void *arg); |
d8b87afe | 241 | extern uint32_t zebra_pbr_ipset_hash_key(const void *arg); |
74df8d6d | 242 | extern bool zebra_pbr_ipset_hash_equal(const void *arg1, const void *arg2); |
7661461a PG |
243 | |
244 | extern void zebra_pbr_ipset_entry_free(void *arg); | |
d8b87afe | 245 | extern uint32_t zebra_pbr_ipset_entry_hash_key(const void *arg); |
74df8d6d DS |
246 | extern bool zebra_pbr_ipset_entry_hash_equal(const void *arg1, |
247 | const void *arg2); | |
7661461a | 248 | |
7abd6c4f | 249 | extern void zebra_pbr_iptable_free(void *arg); |
d8b87afe | 250 | extern uint32_t zebra_pbr_iptable_hash_key(const void *arg); |
74df8d6d | 251 | extern bool zebra_pbr_iptable_hash_equal(const void *arg1, const void *arg2); |
7abd6c4f | 252 | |
59f47eb0 AK |
253 | extern void zebra_pbr_config_write(struct vty *vty); |
254 | extern void zebra_pbr_expand_action_update(bool enable); | |
4c0ec639 | 255 | extern void zebra_pbr_init(void); |
586f4ccf | 256 | extern void zebra_pbr_show_ipset_list(struct vty *vty, char *ipsetname); |
7929821a | 257 | extern void zebra_pbr_show_iptable(struct vty *vty, char *iptable); |
f80ec7e3 PG |
258 | extern void zebra_pbr_iptable_update_interfacelist(struct stream *s, |
259 | struct zebra_pbr_iptable *zpi); | |
dc993e76 PG |
260 | size_t zebra_pbr_tcpflags_snprintf(char *buffer, size_t len, |
261 | uint16_t tcp_val); | |
59f47eb0 AK |
262 | extern void zebra_pbr_show_rule(struct vty *vty); |
263 | extern void zebra_pbr_show_rule_unit(struct zebra_pbr_rule *rule, | |
264 | struct vty *vty); | |
586f4ccf | 265 | |
1c6fca1f | 266 | DECLARE_HOOK(zebra_pbr_ipset_entry_get_stat, |
62f20a52 DS |
267 | (struct zebra_pbr_ipset_entry *ipset, uint64_t *pkts, |
268 | uint64_t *bytes), | |
8451921b | 269 | (ipset, pkts, bytes)); |
1c6fca1f | 270 | DECLARE_HOOK(zebra_pbr_iptable_get_stat, |
62f20a52 DS |
271 | (struct zebra_pbr_iptable *iptable, uint64_t *pkts, |
272 | uint64_t *bytes), | |
8451921b | 273 | (iptable, pkts, bytes)); |
1c6fca1f | 274 | DECLARE_HOOK(zebra_pbr_iptable_update, |
62f20a52 DS |
275 | (int cmd, struct zebra_pbr_iptable *iptable), (cmd, iptable)); |
276 | ||
1c6fca1f | 277 | DECLARE_HOOK(zebra_pbr_ipset_entry_update, |
62f20a52 | 278 | (int cmd, struct zebra_pbr_ipset_entry *ipset), (cmd, ipset)); |
1c6fca1f | 279 | DECLARE_HOOK(zebra_pbr_ipset_update, |
62f20a52 | 280 | (int cmd, struct zebra_pbr_ipset *ipset), (cmd, ipset)); |
73a829f7 | 281 | |
51e94aa7 EDP |
282 | #ifdef __cplusplus |
283 | } | |
284 | #endif | |
285 | ||
942bf97b | 286 | #endif /* _ZEBRA_PBR_H */ |