]>
Commit | Line | Data |
---|---|---|
942bf97b | 1 | /* |
2 | * Zebra Policy Based Routing (PBR) Data structures and definitions | |
3 | * These are public definitions referenced by multiple files. | |
4 | * Copyright (C) 2018 Cumulus Networks, Inc. | |
5 | * | |
6 | * This file is part of FRR. | |
7 | * | |
8 | * FRR is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2, or (at your option) any | |
11 | * later version. | |
12 | * | |
13 | * FRR is distributed in the hope that it will be useful, but | |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | * General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with FRR; see the file COPYING. If not, write to the Free | |
20 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA | |
21 | * 02111-1307, USA. | |
22 | */ | |
23 | ||
24 | #ifndef _ZEBRA_PBR_H | |
25 | #define _ZEBRA_PBR_H | |
26 | ||
27 | #include <zebra.h> | |
28 | ||
29 | #include "prefix.h" | |
30 | #include "if.h" | |
b6c5d343 | 31 | |
942bf97b | 32 | #include "rt.h" |
5dd0722d | 33 | #include "pbr.h" |
942bf97b | 34 | |
51e94aa7 EDP |
35 | #ifdef __cplusplus |
36 | extern "C" { | |
37 | #endif | |
38 | ||
5dd0722d PG |
39 | struct zebra_pbr_rule { |
40 | int sock; | |
7661461a | 41 | |
5dd0722d | 42 | struct pbr_rule rule; |
1907e4b8 | 43 | |
b19d55d0 | 44 | char ifname[INTERFACE_NAMSIZ]; |
7f0ea8a4 DS |
45 | |
46 | vrf_id_t vrf_id; | |
942bf97b | 47 | }; |
48 | ||
49 | #define IS_RULE_FILTERING_ON_SRC_IP(r) \ | |
5dd0722d | 50 | (r->rule.filter.filter_bm & PBR_FILTER_SRC_IP) |
942bf97b | 51 | #define IS_RULE_FILTERING_ON_DST_IP(r) \ |
5dd0722d | 52 | (r->rule.filter.filter_bm & PBR_FILTER_DST_IP) |
942bf97b | 53 | #define IS_RULE_FILTERING_ON_SRC_PORT(r) \ |
5dd0722d | 54 | (r->rule.filter.filter_bm & PBR_FILTER_SRC_PORT) |
942bf97b | 55 | #define IS_RULE_FILTERING_ON_DST_PORT(r) \ |
5dd0722d | 56 | (r->rule.filter.filter_bm & PBR_FILTER_DST_PORT) |
01f23aff WC |
57 | #define IS_RULE_FILTERING_ON_DSFIELD(r) \ |
58 | (r->rule.filter.filter_bm & PBR_FILTER_DSFIELD) | |
2bee7aae PG |
59 | #define IS_RULE_FILTERING_ON_FWMARK(r) \ |
60 | (r->rule.filter.filter_bm & PBR_FILTER_FWMARK) | |
7661461a PG |
61 | |
62 | /* | |
63 | * An IPSet Entry Filter | |
64 | * | |
65 | * This is a filter mapped on ipset entries | |
66 | */ | |
ef524230 PG |
67 | struct zebra_pbr_ipset_info { |
68 | /* type is encoded as uint32_t | |
69 | * but value is an enum ipset_type | |
70 | */ | |
71 | uint32_t type; | |
72 | ||
73 | char ipset_name[ZEBRA_IPSET_NAME_SIZE]; | |
74 | }; | |
75 | ||
7661461a PG |
76 | struct zebra_pbr_ipset { |
77 | /* | |
78 | * Originating zclient sock fd, so we can know who to send | |
79 | * back to. | |
80 | */ | |
81 | int sock; | |
82 | ||
be2028d1 PG |
83 | vrf_id_t vrf_id; |
84 | ||
7661461a PG |
85 | uint32_t unique; |
86 | ||
87 | /* type is encoded as uint32_t | |
88 | * but value is an enum ipset_type | |
89 | */ | |
90 | uint32_t type; | |
a60b7031 PG |
91 | |
92 | uint8_t family; | |
93 | ||
7661461a PG |
94 | char ipset_name[ZEBRA_IPSET_NAME_SIZE]; |
95 | }; | |
96 | ||
ef524230 | 97 | |
7661461a PG |
98 | /* |
99 | * An IPSet Entry Filter | |
100 | * | |
101 | * This is a filter mapped on ipset entries | |
102 | */ | |
103 | struct zebra_pbr_ipset_entry { | |
104 | /* | |
105 | * Originating zclient sock fd, so we can know who to send | |
106 | * back to. | |
107 | */ | |
108 | int sock; | |
109 | ||
110 | uint32_t unique; | |
111 | ||
112 | struct prefix src; | |
113 | struct prefix dst; | |
114 | ||
3b0c3697 | 115 | /* udp/tcp src port or icmp type */ |
25d760c5 PG |
116 | uint16_t src_port_min; |
117 | uint16_t src_port_max; | |
3b0c3697 | 118 | /* udp/tcp dst port or icmp code */ |
25d760c5 PG |
119 | uint16_t dst_port_min; |
120 | uint16_t dst_port_max; | |
121 | ||
122 | uint8_t proto; | |
123 | ||
7661461a PG |
124 | uint32_t filter_bm; |
125 | ||
126 | struct zebra_pbr_ipset *backpointer; | |
127 | }; | |
128 | ||
7abd6c4f PG |
129 | /* |
130 | * An IPTables Action | |
131 | * | |
132 | * This is a filter mapped on ipset entries | |
133 | */ | |
134 | struct zebra_pbr_iptable { | |
135 | /* | |
136 | * Originating zclient sock fd, so we can know who to send | |
137 | * back to. | |
138 | */ | |
139 | int sock; | |
140 | ||
be2028d1 PG |
141 | vrf_id_t vrf_id; |
142 | ||
7abd6c4f PG |
143 | uint32_t unique; |
144 | ||
145 | /* include ipset type | |
146 | */ | |
147 | uint32_t type; | |
148 | ||
149 | /* include which IP is to be filtered | |
150 | */ | |
151 | uint32_t filter_bm; | |
152 | ||
153 | uint32_t fwmark; | |
154 | ||
155 | uint32_t action; | |
156 | ||
e7f7dad4 PG |
157 | uint16_t pkt_len_min; |
158 | uint16_t pkt_len_max; | |
dc993e76 PG |
159 | uint16_t tcp_flags; |
160 | uint16_t tcp_mask_flags; | |
4977bd6c | 161 | uint8_t dscp_value; |
5ac5b7cc | 162 | uint8_t fragment; |
f449d223 | 163 | uint8_t protocol; |
e7f7dad4 | 164 | |
f80ec7e3 | 165 | uint32_t nb_interface; |
a60b7031 PG |
166 | uint16_t flow_label; |
167 | ||
168 | uint8_t family; | |
f80ec7e3 PG |
169 | |
170 | struct list *interface_name_list; | |
171 | ||
7abd6c4f PG |
172 | char ipset_name[ZEBRA_IPSET_NAME_SIZE]; |
173 | }; | |
174 | ||
be729dd7 | 175 | extern const struct message icmp_typecode_str[]; |
c9b1139a | 176 | extern const struct message icmpv6_typecode_str[]; |
be729dd7 | 177 | |
5b0d92b8 PG |
178 | const char *zebra_pbr_ipset_type2str(uint32_t type); |
179 | ||
7f0ea8a4 DS |
180 | void zebra_pbr_add_rule(struct zebra_pbr_rule *rule); |
181 | void zebra_pbr_del_rule(struct zebra_pbr_rule *rule); | |
62f20a52 DS |
182 | void zebra_pbr_create_ipset(struct zebra_pbr_ipset *ipset); |
183 | void zebra_pbr_destroy_ipset(struct zebra_pbr_ipset *ipset); | |
184 | struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(char *ipsetname); | |
185 | void zebra_pbr_add_ipset_entry(struct zebra_pbr_ipset_entry *ipset); | |
186 | void zebra_pbr_del_ipset_entry(struct zebra_pbr_ipset_entry *ipset); | |
187 | ||
188 | void zebra_pbr_add_iptable(struct zebra_pbr_iptable *iptable); | |
189 | void zebra_pbr_del_iptable(struct zebra_pbr_iptable *iptable); | |
5162e000 | 190 | void zebra_pbr_process_iptable(struct zebra_dplane_ctx *ctx); |
ef524230 PG |
191 | void zebra_pbr_process_ipset(struct zebra_dplane_ctx *ctx); |
192 | void zebra_pbr_process_ipset_entry(struct zebra_dplane_ctx *ctx); | |
7abd6c4f | 193 | |
942bf97b | 194 | /* |
195 | * Get to know existing PBR rules in the kernel - typically called at startup. | |
196 | */ | |
197 | extern void kernel_read_pbr_rules(struct zebra_ns *zns); | |
198 | ||
199 | /* | |
200 | * Handle success or failure of rule (un)install in the kernel. | |
201 | */ | |
f62e5480 | 202 | extern void zebra_pbr_dplane_result(struct zebra_dplane_ctx *ctx); |
942bf97b | 203 | |
425bdd6b PG |
204 | /* |
205 | * Handle success or failure of ipset kinds (un)install in the kernel. | |
206 | */ | |
207 | extern void kernel_pbr_ipset_add_del_status(struct zebra_pbr_ipset *ipset, | |
ea1c14f6 | 208 | enum zebra_dplane_status res); |
425bdd6b PG |
209 | |
210 | extern void kernel_pbr_ipset_entry_add_del_status( | |
211 | struct zebra_pbr_ipset_entry *ipset, | |
ea1c14f6 | 212 | enum zebra_dplane_status res); |
425bdd6b | 213 | |
942bf97b | 214 | /* |
215 | * Handle rule delete notification from kernel. | |
216 | */ | |
a0321978 | 217 | extern int kernel_pbr_rule_del(struct zebra_pbr_rule *rule); |
942bf97b | 218 | |
43fe6a2a | 219 | extern void zebra_pbr_rules_free(void *arg); |
d8b87afe | 220 | extern uint32_t zebra_pbr_rules_hash_key(const void *arg); |
74df8d6d | 221 | extern bool zebra_pbr_rules_hash_equal(const void *arg1, const void *arg2); |
e69aa084 | 222 | |
425bdd6b PG |
223 | /* has operates on 32bit pointer |
224 | * and field is a string of 8bit | |
225 | */ | |
226 | #define ZEBRA_IPSET_NAME_HASH_SIZE (ZEBRA_IPSET_NAME_SIZE / 4) | |
227 | ||
7661461a | 228 | extern void zebra_pbr_ipset_free(void *arg); |
d8b87afe | 229 | extern uint32_t zebra_pbr_ipset_hash_key(const void *arg); |
74df8d6d | 230 | extern bool zebra_pbr_ipset_hash_equal(const void *arg1, const void *arg2); |
7661461a PG |
231 | |
232 | extern void zebra_pbr_ipset_entry_free(void *arg); | |
d8b87afe | 233 | extern uint32_t zebra_pbr_ipset_entry_hash_key(const void *arg); |
74df8d6d DS |
234 | extern bool zebra_pbr_ipset_entry_hash_equal(const void *arg1, |
235 | const void *arg2); | |
7661461a | 236 | |
7abd6c4f | 237 | extern void zebra_pbr_iptable_free(void *arg); |
d8b87afe | 238 | extern uint32_t zebra_pbr_iptable_hash_key(const void *arg); |
74df8d6d | 239 | extern bool zebra_pbr_iptable_hash_equal(const void *arg1, const void *arg2); |
7abd6c4f | 240 | |
4c0ec639 | 241 | extern void zebra_pbr_init(void); |
586f4ccf | 242 | extern void zebra_pbr_show_ipset_list(struct vty *vty, char *ipsetname); |
7929821a | 243 | extern void zebra_pbr_show_iptable(struct vty *vty, char *iptable); |
f80ec7e3 PG |
244 | extern void zebra_pbr_iptable_update_interfacelist(struct stream *s, |
245 | struct zebra_pbr_iptable *zpi); | |
dc993e76 PG |
246 | size_t zebra_pbr_tcpflags_snprintf(char *buffer, size_t len, |
247 | uint16_t tcp_val); | |
586f4ccf | 248 | |
1c6fca1f | 249 | DECLARE_HOOK(zebra_pbr_ipset_entry_get_stat, |
62f20a52 DS |
250 | (struct zebra_pbr_ipset_entry *ipset, uint64_t *pkts, |
251 | uint64_t *bytes), | |
8451921b | 252 | (ipset, pkts, bytes)); |
1c6fca1f | 253 | DECLARE_HOOK(zebra_pbr_iptable_get_stat, |
62f20a52 DS |
254 | (struct zebra_pbr_iptable *iptable, uint64_t *pkts, |
255 | uint64_t *bytes), | |
8451921b | 256 | (iptable, pkts, bytes)); |
1c6fca1f | 257 | DECLARE_HOOK(zebra_pbr_iptable_update, |
62f20a52 DS |
258 | (int cmd, struct zebra_pbr_iptable *iptable), (cmd, iptable)); |
259 | ||
1c6fca1f | 260 | DECLARE_HOOK(zebra_pbr_ipset_entry_update, |
62f20a52 | 261 | (int cmd, struct zebra_pbr_ipset_entry *ipset), (cmd, ipset)); |
1c6fca1f | 262 | DECLARE_HOOK(zebra_pbr_ipset_update, |
62f20a52 | 263 | (int cmd, struct zebra_pbr_ipset *ipset), (cmd, ipset)); |
73a829f7 | 264 | |
51e94aa7 EDP |
265 | #ifdef __cplusplus |
266 | } | |
267 | #endif | |
268 | ||
942bf97b | 269 | #endif /* _ZEBRA_PBR_H */ |