[mirror_frr.git] / zebra / zebra_pbr.h

/*
 * Zebra Policy Based Routing (PBR) Data structures and definitions
 * These are public definitions referenced by multiple files.
 * Copyright (C) 2018 Cumulus Networks, Inc.
 *
 * This file is part of FRR.
 *
 * FRR is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * FRR is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with FRR; see the file COPYING.  If not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 */

#ifndef _ZEBRA_PBR_H
#define _ZEBRA_PBR_H

#include <zebra.h>

#include "prefix.h"
#include "if.h"

#include "rt.h"
#include "pbr.h"

#ifdef __cplusplus
extern "C" {
#endif

struct zebra_pbr_rule {
	int sock;

	struct pbr_rule rule;

	char ifname[INTERFACE_NAMSIZ];

	vrf_id_t vrf_id;
};

#define IS_RULE_FILTERING_ON_SRC_IP(r) \
	(r->rule.filter.filter_bm & PBR_FILTER_SRC_IP)
#define IS_RULE_FILTERING_ON_DST_IP(r) \
	(r->rule.filter.filter_bm & PBR_FILTER_DST_IP)
#define IS_RULE_FILTERING_ON_SRC_PORT(r) \
	(r->rule.filter.filter_bm & PBR_FILTER_SRC_PORT)
#define IS_RULE_FILTERING_ON_DST_PORT(r) \
	(r->rule.filter.filter_bm & PBR_FILTER_DST_PORT)
#define IS_RULE_FILTERING_ON_FWMARK(r) \
	(r->rule.filter.filter_bm & PBR_FILTER_FWMARK)

/*
 * An IPSet Entry Filter
 *
 * This is a filter mapped on ipset entries
 */
struct zebra_pbr_ipset {
	/*
	 * Originating zclient sock fd, so we can know who to send
	 * back to.
	 */
	int sock;

	vrf_id_t vrf_id;

	uint32_t unique;

	/* type is encoded as uint32_t
	 * but value is an enum ipset_type
	 */
	uint32_t type;
	char ipset_name[ZEBRA_IPSET_NAME_SIZE];
};

/*
 * An IPSet Entry Filter
 *
 * This is a filter mapped on ipset entries
 */
struct zebra_pbr_ipset_entry {
	/*
	 * Originating zclient sock fd, so we can know who to send
	 * back to.
	 */
	int sock;

	uint32_t unique;

	struct prefix src;
	struct prefix dst;

	/* udp/tcp src port or icmp type */
	uint16_t src_port_min;
	uint16_t src_port_max;
	/* udp/tcp dst port or icmp code */
	uint16_t dst_port_min;
	uint16_t dst_port_max;

	uint8_t proto;

	uint32_t filter_bm;

	struct zebra_pbr_ipset *backpointer;
};

/*
 * An IPTables Action
 *
 * This is a filter mapped on ipset entries
 */
struct zebra_pbr_iptable {
	/*
	 * Originating zclient sock fd, so we can know who to send
	 * back to.
	 */
	int sock;

	vrf_id_t vrf_id;

	uint32_t unique;

	/* include ipset type
	 */
	uint32_t type;

	/* include which IP is to be filtered
	 */
	uint32_t filter_bm;

	uint32_t fwmark;

	uint32_t action;

	uint16_t pkt_len_min;
	uint16_t pkt_len_max;
	uint16_t tcp_flags;
	uint16_t tcp_mask_flags;
	uint8_t dscp_value;
	uint8_t fragment;
	uint8_t protocol;

	uint32_t nb_interface;

	struct list *interface_name_list;

	char ipset_name[ZEBRA_IPSET_NAME_SIZE];
};

extern const struct message icmp_typecode_str[];

const char *zebra_pbr_ipset_type2str(uint32_t type);

void zebra_pbr_add_rule(struct zebra_pbr_rule *rule);
void zebra_pbr_del_rule(struct zebra_pbr_rule *rule);
void zebra_pbr_create_ipset(struct zebra_pbr_ipset *ipset);
void zebra_pbr_destroy_ipset(struct zebra_pbr_ipset *ipset);
struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(char *ipsetname);
void zebra_pbr_add_ipset_entry(struct zebra_pbr_ipset_entry *ipset);
void zebra_pbr_del_ipset_entry(struct zebra_pbr_ipset_entry *ipset);

void zebra_pbr_add_iptable(struct zebra_pbr_iptable *iptable);
void zebra_pbr_del_iptable(struct zebra_pbr_iptable *iptable);

/*
 * Install specified rule for a specific interface.
 * It is possible that the user-defined sequence number and the one in the
 * forwarding plane may not coincide, hence the API requires a separate
 * rule priority - maps to preference/FRA_PRIORITY on Linux.
 */
extern enum zebra_dplane_result kernel_add_pbr_rule(struct zebra_pbr_rule *rule);

/*
 * Uninstall specified rule for a specific interface.
 */
extern enum zebra_dplane_result kernel_del_pbr_rule(struct zebra_pbr_rule *rule);

/*
 * Get to know existing PBR rules in the kernel - typically called at startup.
 */
extern void kernel_read_pbr_rules(struct zebra_ns *zns);

/*
 * Handle success or failure of rule (un)install in the kernel.
 */
extern void kernel_pbr_rule_add_del_status(struct zebra_pbr_rule *rule,
					   enum zebra_dplane_status res);

/*
 * Handle success or failure of ipset kinds (un)install in the kernel.
 */
extern void kernel_pbr_ipset_add_del_status(struct zebra_pbr_ipset *ipset,
					   enum zebra_dplane_status res);

extern void kernel_pbr_ipset_entry_add_del_status(
				struct zebra_pbr_ipset_entry *ipset,
				enum zebra_dplane_status res);

extern void kernel_pbr_iptable_add_del_status(struct zebra_pbr_iptable *iptable,
			      enum zebra_dplane_status res);

/*
 * Handle rule delete notification from kernel.
 */
extern int kernel_pbr_rule_del(struct zebra_pbr_rule *rule);

extern void zebra_pbr_rules_free(void *arg);
extern uint32_t zebra_pbr_rules_hash_key(const void *arg);
extern bool zebra_pbr_rules_hash_equal(const void *arg1, const void *arg2);

/* has operates on 32bit pointer
 * and field is a string of 8bit
 */
#define ZEBRA_IPSET_NAME_HASH_SIZE (ZEBRA_IPSET_NAME_SIZE / 4)

extern void zebra_pbr_ipset_free(void *arg);
extern uint32_t zebra_pbr_ipset_hash_key(const void *arg);
extern bool zebra_pbr_ipset_hash_equal(const void *arg1, const void *arg2);

extern void zebra_pbr_ipset_entry_free(void *arg);
extern uint32_t zebra_pbr_ipset_entry_hash_key(const void *arg);
extern bool zebra_pbr_ipset_entry_hash_equal(const void *arg1,
					     const void *arg2);

extern void zebra_pbr_iptable_free(void *arg);
extern uint32_t zebra_pbr_iptable_hash_key(const void *arg);
extern bool zebra_pbr_iptable_hash_equal(const void *arg1, const void *arg2);

extern void zebra_pbr_init(void);
extern void zebra_pbr_show_ipset_list(struct vty *vty, char *ipsetname);
extern void zebra_pbr_show_iptable(struct vty *vty, char *iptable);
extern void zebra_pbr_iptable_update_interfacelist(struct stream *s,
				   struct zebra_pbr_iptable *zpi);
size_t zebra_pbr_tcpflags_snprintf(char *buffer, size_t len,
				   uint16_t tcp_val);

DECLARE_HOOK(zebra_pbr_ipset_entry_get_stat,
	     (struct zebra_pbr_ipset_entry *ipset, uint64_t *pkts,
	      uint64_t *bytes),
	     (ipset, pkts, bytes))
DECLARE_HOOK(zebra_pbr_iptable_get_stat,
	     (struct zebra_pbr_iptable *iptable, uint64_t *pkts,
	      uint64_t *bytes),
	     (iptable, pkts, bytes))
DECLARE_HOOK(zebra_pbr_iptable_update,
	     (int cmd, struct zebra_pbr_iptable *iptable), (cmd, iptable));

DECLARE_HOOK(zebra_pbr_ipset_entry_update,
	     (int cmd, struct zebra_pbr_ipset_entry *ipset), (cmd, ipset));
DECLARE_HOOK(zebra_pbr_ipset_update,
	     (int cmd, struct zebra_pbr_ipset *ipset), (cmd, ipset));

#ifdef __cplusplus
}
#endif

#endif /* _ZEBRA_PBR_H */
Commit	Line	Data
	1	/*
	2	* Zebra Policy Based Routing (PBR) Data structures and definitions
	3	* These are public definitions referenced by multiple files.
	4	* Copyright (C) 2018 Cumulus Networks, Inc.
	5	*
	6	* This file is part of FRR.
	7	*
	8	* FRR is free software; you can redistribute it and/or modify it
	9	* under the terms of the GNU General Public License as published by the
	10	* Free Software Foundation; either version 2, or (at your option) any
	11	* later version.
	12	*
	13	* FRR is distributed in the hope that it will be useful, but
	14	* WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	* General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with FRR; see the file COPYING. If not, write to the Free
	20	* Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
	21	* 02111-1307, USA.
	22	*/
	23
	24	#ifndef _ZEBRA_PBR_H
	25	#define _ZEBRA_PBR_H
	26
	27	#include <zebra.h>
	28
	29	#include "prefix.h"
	30	#include "if.h"
	31
	32	#include "rt.h"
	33	#include "pbr.h"
	34
	35	#ifdef __cplusplus
	36	extern "C" {
	37	#endif
	38
	39	struct zebra_pbr_rule {
	40	int sock;
	41
	42	struct pbr_rule rule;
	43
	44	char ifname[INTERFACE_NAMSIZ];
	45
	46	vrf_id_t vrf_id;
	47	};
	48
	49	#define IS_RULE_FILTERING_ON_SRC_IP(r) \
	50	(r->rule.filter.filter_bm & PBR_FILTER_SRC_IP)
	51	#define IS_RULE_FILTERING_ON_DST_IP(r) \
	52	(r->rule.filter.filter_bm & PBR_FILTER_DST_IP)
	53	#define IS_RULE_FILTERING_ON_SRC_PORT(r) \
	54	(r->rule.filter.filter_bm & PBR_FILTER_SRC_PORT)
	55	#define IS_RULE_FILTERING_ON_DST_PORT(r) \
	56	(r->rule.filter.filter_bm & PBR_FILTER_DST_PORT)
	57	#define IS_RULE_FILTERING_ON_FWMARK(r) \
	58	(r->rule.filter.filter_bm & PBR_FILTER_FWMARK)
	59
	60	/*
	61	* An IPSet Entry Filter
	62	*
	63	* This is a filter mapped on ipset entries
	64	*/
	65	struct zebra_pbr_ipset {
	66	/*
	67	* Originating zclient sock fd, so we can know who to send
	68	* back to.
	69	*/
	70	int sock;
	71
	72	vrf_id_t vrf_id;
	73
	74	uint32_t unique;
	75
	76	/* type is encoded as uint32_t
	77	* but value is an enum ipset_type
	78	*/
	79	uint32_t type;
	80	char ipset_name[ZEBRA_IPSET_NAME_SIZE];
	81	};
	82
	83	/*
	84	* An IPSet Entry Filter
	85	*
	86	* This is a filter mapped on ipset entries
	87	*/
	88	struct zebra_pbr_ipset_entry {
	89	/*
	90	* Originating zclient sock fd, so we can know who to send
	91	* back to.
	92	*/
	93	int sock;
	94
	95	uint32_t unique;
	96
	97	struct prefix src;
	98	struct prefix dst;
	99
	100	/* udp/tcp src port or icmp type */
	101	uint16_t src_port_min;
	102	uint16_t src_port_max;
	103	/* udp/tcp dst port or icmp code */
	104	uint16_t dst_port_min;
	105	uint16_t dst_port_max;
	106
	107	uint8_t proto;
	108
	109	uint32_t filter_bm;
	110
	111	struct zebra_pbr_ipset *backpointer;
	112	};
	113
	114	/*
	115	* An IPTables Action
	116	*
	117	* This is a filter mapped on ipset entries
	118	*/
	119	struct zebra_pbr_iptable {
	120	/*
	121	* Originating zclient sock fd, so we can know who to send
	122	* back to.
	123	*/
	124	int sock;
	125
	126	vrf_id_t vrf_id;
	127
	128	uint32_t unique;
	129
	130	/* include ipset type
	131	*/
	132	uint32_t type;
	133
	134	/* include which IP is to be filtered
	135	*/
	136	uint32_t filter_bm;
	137
	138	uint32_t fwmark;
	139
	140	uint32_t action;
	141
	142	uint16_t pkt_len_min;
	143	uint16_t pkt_len_max;
	144	uint16_t tcp_flags;
	145	uint16_t tcp_mask_flags;
	146	uint8_t dscp_value;
	147	uint8_t fragment;
	148	uint8_t protocol;
	149
	150	uint32_t nb_interface;
	151
	152	struct list *interface_name_list;
	153
	154	char ipset_name[ZEBRA_IPSET_NAME_SIZE];
	155	};
	156
	157	extern const struct message icmp_typecode_str[];
	158
	159	const char *zebra_pbr_ipset_type2str(uint32_t type);
	160
	161	void zebra_pbr_add_rule(struct zebra_pbr_rule *rule);
	162	void zebra_pbr_del_rule(struct zebra_pbr_rule *rule);
	163	void zebra_pbr_create_ipset(struct zebra_pbr_ipset *ipset);
	164	void zebra_pbr_destroy_ipset(struct zebra_pbr_ipset *ipset);
	165	struct zebra_pbr_ipset zebra_pbr_lookup_ipset_pername(char ipsetname);
	166	void zebra_pbr_add_ipset_entry(struct zebra_pbr_ipset_entry *ipset);
	167	void zebra_pbr_del_ipset_entry(struct zebra_pbr_ipset_entry *ipset);
	168
	169	void zebra_pbr_add_iptable(struct zebra_pbr_iptable *iptable);
	170	void zebra_pbr_del_iptable(struct zebra_pbr_iptable *iptable);
	171
	172	/*
	173	* Install specified rule for a specific interface.
	174	* It is possible that the user-defined sequence number and the one in the
	175	* forwarding plane may not coincide, hence the API requires a separate
	176	* rule priority - maps to preference/FRA_PRIORITY on Linux.
	177	*/
	178	extern enum zebra_dplane_result kernel_add_pbr_rule(struct zebra_pbr_rule *rule);
	179
	180	/*
	181	* Uninstall specified rule for a specific interface.
	182	*/
	183	extern enum zebra_dplane_result kernel_del_pbr_rule(struct zebra_pbr_rule *rule);
	184
	185	/*
	186	* Get to know existing PBR rules in the kernel - typically called at startup.
	187	*/
	188	extern void kernel_read_pbr_rules(struct zebra_ns *zns);
	189
	190	/*
	191	* Handle success or failure of rule (un)install in the kernel.
	192	*/
	193	extern void kernel_pbr_rule_add_del_status(struct zebra_pbr_rule *rule,
	194	enum zebra_dplane_status res);
	195
	196	/*
	197	* Handle success or failure of ipset kinds (un)install in the kernel.
	198	*/
	199	extern void kernel_pbr_ipset_add_del_status(struct zebra_pbr_ipset *ipset,
	200	enum zebra_dplane_status res);
	201
	202	extern void kernel_pbr_ipset_entry_add_del_status(
	203	struct zebra_pbr_ipset_entry *ipset,
	204	enum zebra_dplane_status res);
	205
	206	extern void kernel_pbr_iptable_add_del_status(struct zebra_pbr_iptable *iptable,
	207	enum zebra_dplane_status res);
	208
	209	/*
	210	* Handle rule delete notification from kernel.
	211	*/
	212	extern int kernel_pbr_rule_del(struct zebra_pbr_rule *rule);
	213
	214	extern void zebra_pbr_rules_free(void *arg);
	215	extern uint32_t zebra_pbr_rules_hash_key(const void *arg);
	216	extern bool zebra_pbr_rules_hash_equal(const void arg1, const void arg2);
	217
	218	/* has operates on 32bit pointer
	219	* and field is a string of 8bit
	220	*/
	221	#define ZEBRA_IPSET_NAME_HASH_SIZE (ZEBRA_IPSET_NAME_SIZE / 4)
	222
	223	extern void zebra_pbr_ipset_free(void *arg);
	224	extern uint32_t zebra_pbr_ipset_hash_key(const void *arg);
	225	extern bool zebra_pbr_ipset_hash_equal(const void arg1, const void arg2);
	226
	227	extern void zebra_pbr_ipset_entry_free(void *arg);
	228	extern uint32_t zebra_pbr_ipset_entry_hash_key(const void *arg);
	229	extern bool zebra_pbr_ipset_entry_hash_equal(const void *arg1,
	230	const void *arg2);
	231
	232	extern void zebra_pbr_iptable_free(void *arg);
	233	extern uint32_t zebra_pbr_iptable_hash_key(const void *arg);
	234	extern bool zebra_pbr_iptable_hash_equal(const void arg1, const void arg2);
	235
	236	extern void zebra_pbr_init(void);
	237	extern void zebra_pbr_show_ipset_list(struct vty vty, char ipsetname);
	238	extern void zebra_pbr_show_iptable(struct vty vty, char iptable);
	239	extern void zebra_pbr_iptable_update_interfacelist(struct stream *s,
	240	struct zebra_pbr_iptable *zpi);
	241	size_t zebra_pbr_tcpflags_snprintf(char *buffer, size_t len,
	242	uint16_t tcp_val);
	243
	244	DECLARE_HOOK(zebra_pbr_ipset_entry_get_stat,
	245	(struct zebra_pbr_ipset_entry ipset, uint64_t pkts,
	246	uint64_t *bytes),
	247	(ipset, pkts, bytes))
	248	DECLARE_HOOK(zebra_pbr_iptable_get_stat,
	249	(struct zebra_pbr_iptable iptable, uint64_t pkts,
	250	uint64_t *bytes),
	251	(iptable, pkts, bytes))
	252	DECLARE_HOOK(zebra_pbr_iptable_update,
	253	(int cmd, struct zebra_pbr_iptable *iptable), (cmd, iptable));
	254
	255	DECLARE_HOOK(zebra_pbr_ipset_entry_update,
	256	(int cmd, struct zebra_pbr_ipset_entry *ipset), (cmd, ipset));
	257	DECLARE_HOOK(zebra_pbr_ipset_update,
	258	(int cmd, struct zebra_pbr_ipset *ipset), (cmd, ipset));
	259
	260	#ifdef __cplusplus
	261	}
	262	#endif
	263
	264	#endif /* _ZEBRA_PBR_H */