bgpd/bgp_pbr.h

   1 /*
   2  * BGP pbr
   3  * Copyright (C) 6WIND
   4  *
   5  * FRR is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2, or (at your option) any
   8  * later version.
   9  *
  10  * FRR is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU General Public License along
  16  * with this program; see the file COPYING; if not, write to the Free Software
  17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  18  */
  19 #ifndef __BGP_PBR_H__
  20 #define __BGP_PBR_H__
  21
  22 #include "nexthop.h"
  23 #include "zclient.h"
  24
  25 /* flowspec case: 0 to 3 actions maximum:
  26  * 1 redirect
  27  * 1 set dscp
  28  * 1 set traffic rate
  29  */
  30 #define ACTIONS_MAX_NUM 4
  31 enum bgp_pbr_action_enum {
  32         ACTION_TRAFFICRATE = 1,
  33         ACTION_TRAFFIC_ACTION = 2,
  34         ACTION_REDIRECT = 3,
  35         ACTION_MARKING = 4,
  36         ACTION_REDIRECT_IP = 5
  37 };
  38
  39 #define TRAFFIC_ACTION_SAMPLE     (1 << 0)
  40 #define TRAFFIC_ACTION_TERMINATE  (1 << 1)
  41 #define TRAFFIC_ACTION_DISTRIBUTE (1 << 2)
  42
  43 #define OPERATOR_COMPARE_LESS_THAN    (1<<1)
  44 #define OPERATOR_COMPARE_GREATER_THAN (1<<2)
  45 #define OPERATOR_COMPARE_EQUAL_TO     (1<<3)
  46 #define OPERATOR_COMPARE_EXACT_MATCH  (1<<4)
  47
  48 #define OPERATOR_UNARY_OR    (1<<1)
  49 #define OPERATOR_UNARY_AND   (1<<2)
  50
  51 /* struct used to store values [0;65535]
  52  * this can be used for port number of protocol
  53  */
  54 #define BGP_PBR_MATCH_VAL_MAX 5
  55
  56 struct bgp_pbr_match_val {
  57         uint16_t value;
  58         uint8_t compare_operator;
  59         uint8_t unary_operator;
  60 };
  61
  62 #define FRAGMENT_DONT  1
  63 #define FRAGMENT_IS    2
  64 #define FRAGMENT_FIRST 4
  65 #define FRAGMENT_LAST  8
  66
  67 struct bgp_pbr_entry_action {
  68         /* used to store enum bgp_pbr_action_enum enumerate */
  69         uint8_t action;
  70         union {
  71                 union {
  72                         uint8_t rate_info[4]; /* IEEE.754.1985 */
  73                         float rate;
  74                 } r __attribute__((aligned(8)));
  75                 struct _pbr_action {
  76                         uint8_t do_sample;
  77                         uint8_t filter;
  78                 } za;
  79                 vrf_id_t redirect_vrf;
  80                 struct _pbr_redirect_ip {
  81                         struct in_addr redirect_ip_v4;
  82                         struct in6_addr redirect_ip_v6;
  83                         uint8_t duplicate;
  84                 } zr;
  85                 uint8_t marking_dscp;
  86         } u __attribute__((aligned(8)));
  87 };
  88
  89 /* BGP Policy Route structure */
  90 struct bgp_pbr_entry_main {
  91 #define BGP_PBR_UNDEFINED       0
  92 #define BGP_PBR_IPSET           1
  93 #define BGP_PBR_IPRULE          2
  94         uint8_t type;
  95
  96         /*
  97          * This is an enum but we are going to treat it as a uint8_t
  98          * for purpose of encoding/decoding
  99          */
 100         afi_t afi;
 101         safi_t safi;
 102
 103 #define PREFIX_SRC_PRESENT (1 << 0)
 104 #define PREFIX_DST_PRESENT (1 << 1)
 105         uint8_t match_bitmask_iprule;
 106         uint8_t match_bitmask;
 107
 108         uint8_t match_src_port_num;
 109         uint8_t match_dst_port_num;
 110         uint8_t match_port_num;
 111         uint8_t match_protocol_num;
 112         uint8_t match_icmp_type_num;
 113         uint8_t match_icmp_code_num;
 114         uint8_t match_packet_length_num;
 115         uint8_t match_dscp_num;
 116         uint8_t match_tcpflags_num;
 117         uint8_t match_fragment_num;
 118         uint8_t match_flowlabel_num;
 119
 120         struct prefix src_prefix;
 121         struct prefix dst_prefix;
 122         uint8_t src_prefix_offset;
 123         uint8_t dst_prefix_offset;
 124
 125 #define PROTOCOL_UDP 17
 126 #define PROTOCOL_TCP 6
 127 #define PROTOCOL_ICMP 1
 128 #define PROTOCOL_ICMPV6 58
 129         struct bgp_pbr_match_val protocol[BGP_PBR_MATCH_VAL_MAX];
 130         struct bgp_pbr_match_val src_port[BGP_PBR_MATCH_VAL_MAX];
 131         struct bgp_pbr_match_val dst_port[BGP_PBR_MATCH_VAL_MAX];
 132         struct bgp_pbr_match_val port[BGP_PBR_MATCH_VAL_MAX];
 133         struct bgp_pbr_match_val icmp_type[BGP_PBR_MATCH_VAL_MAX];
 134         struct bgp_pbr_match_val icmp_code[BGP_PBR_MATCH_VAL_MAX];
 135         struct bgp_pbr_match_val packet_length[BGP_PBR_MATCH_VAL_MAX];
 136         struct bgp_pbr_match_val dscp[BGP_PBR_MATCH_VAL_MAX];
 137         struct bgp_pbr_match_val flow_label[BGP_PBR_MATCH_VAL_MAX];
 138
 139         struct bgp_pbr_match_val tcpflags[BGP_PBR_MATCH_VAL_MAX];
 140         struct bgp_pbr_match_val fragment[BGP_PBR_MATCH_VAL_MAX];
 141
 142         uint16_t action_num;
 143         struct bgp_pbr_entry_action actions[ACTIONS_MAX_NUM];
 144
 145         vrf_id_t vrf_id;
 146 };
 147
 148 struct bgp_pbr_interface {
 149         RB_ENTRY(bgp_pbr_interface) id_entry;
 150         char name[INTERFACE_NAMSIZ];
 151 };
 152
 153 RB_HEAD(bgp_pbr_interface_head, bgp_pbr_interface);
 154 RB_PROTOTYPE(bgp_pbr_interface_head, bgp_pbr_interface, id_entry,
 155              bgp_pbr_interface_compare);
 156
 157 extern int bgp_pbr_interface_compare(const struct bgp_pbr_interface *a,
 158                                      const struct bgp_pbr_interface *b);
 159
 160 struct bgp_pbr_config {
 161         struct bgp_pbr_interface_head ifaces_by_name_ipv4;
 162         bool pbr_interface_any_ipv4;
 163         struct bgp_pbr_interface_head ifaces_by_name_ipv6;
 164         bool pbr_interface_any_ipv6;
 165 };
 166
 167 extern struct bgp_pbr_config *bgp_pbr_cfg;
 168
 169 struct bgp_pbr_rule {
 170         uint32_t flags;
 171         struct prefix src;
 172         struct prefix dst;
 173         struct bgp_pbr_action *action;
 174         vrf_id_t vrf_id;
 175         uint32_t unique;
 176         uint32_t priority;
 177         bool installed;
 178         bool install_in_progress;
 179         void *path;
 180 };
 181
 182 struct bgp_pbr_match {
 183         char ipset_name[ZEBRA_IPSET_NAME_SIZE];
 184
 185         /* mapped on enum ipset_type
 186          */
 187         uint32_t type;
 188
 189         uint32_t flags;
 190         uint8_t family;
 191
 192         uint16_t pkt_len_min;
 193         uint16_t pkt_len_max;
 194         uint16_t tcp_flags;
 195         uint16_t tcp_mask_flags;
 196         uint8_t dscp_value;
 197         uint8_t fragment;
 198         uint8_t protocol;
 199         uint16_t flow_label;
 200
 201         vrf_id_t vrf_id;
 202
 203         /* unique identifier for ipset create transaction
 204          */
 205         uint32_t unique;
 206
 207         /* unique identifier for iptable add transaction
 208          */
 209         uint32_t unique2;
 210
 211         bool installed;
 212         bool install_in_progress;
 213
 214         bool installed_in_iptable;
 215         bool install_iptable_in_progress;
 216
 217         struct hash *entry_hash;
 218
 219         struct bgp_pbr_action *action;
 220
 221 };
 222
 223 struct bgp_pbr_match_entry {
 224         struct bgp_pbr_match *backpointer;
 225
 226         uint32_t unique;
 227
 228         struct prefix src;
 229         struct prefix dst;
 230
 231         uint16_t src_port_min;
 232         uint16_t src_port_max;
 233         uint16_t dst_port_min;
 234         uint16_t dst_port_max;
 235         uint8_t proto;
 236
 237         void *path;
 238
 239         bool installed;
 240         bool install_in_progress;
 241 };
 242
 243 struct bgp_pbr_action {
 244
 245         /*
 246          * The Unique identifier of this specific pbrms
 247          */
 248         uint32_t unique;
 249
 250         uint32_t fwmark;
 251
 252         uint32_t table_id;
 253
 254         float rate;
 255
 256         /*
 257          * nexthop information, or drop information
 258          * contains src vrf_id and nh contains dest vrf_id
 259          */
 260         vrf_id_t vrf_id;
 261         struct nexthop nh;
 262
 263         bool installed;
 264         bool install_in_progress;
 265         uint32_t refcnt;
 266         struct bgp *bgp;
 267         afi_t afi;
 268 };
 269
 270 extern struct bgp_pbr_rule *bgp_pbr_rule_lookup(vrf_id_t vrf_id,
 271                                                 uint32_t unique);
 272
 273 extern struct bgp_pbr_action *bgp_pbr_action_rule_lookup(vrf_id_t vrf_id,
 274                                                          uint32_t unique);
 275
 276 extern struct bgp_pbr_match *bgp_pbr_match_ipset_lookup(vrf_id_t vrf_id,
 277                                                         uint32_t unique);
 278
 279 extern struct bgp_pbr_match_entry *bgp_pbr_match_ipset_entry_lookup(
 280                                             vrf_id_t vrf_id, char *name,
 281                                             uint32_t unique);
 282 extern struct bgp_pbr_match *bgp_pbr_match_iptable_lookup(vrf_id_t vrf_id,
 283                                                           uint32_t unique);
 284
 285 extern void bgp_pbr_cleanup(struct bgp *bgp);
 286 extern void bgp_pbr_init(struct bgp *bgp);
 287
 288 extern uint32_t bgp_pbr_rule_hash_key(const void *arg);
 289 extern bool bgp_pbr_rule_hash_equal(const void *arg1,
 290                                    const void *arg2);
 291 extern uint32_t bgp_pbr_action_hash_key(const void *arg);
 292 extern bool bgp_pbr_action_hash_equal(const void *arg1,
 293                                      const void *arg2);
 294 extern uint32_t bgp_pbr_match_entry_hash_key(const void *arg);
 295 extern bool bgp_pbr_match_entry_hash_equal(const void *arg1,
 296                                           const void *arg2);
 297 extern uint32_t bgp_pbr_match_hash_key(const void *arg);
 298 extern bool bgp_pbr_match_hash_equal(const void *arg1,
 299                                     const void *arg2);
 300
 301 void bgp_pbr_print_policy_route(struct bgp_pbr_entry_main *api);
 302
 303 struct bgp_path_info;
 304 extern void bgp_pbr_update_entry(struct bgp *bgp, const struct prefix *p,
 305                                  struct bgp_path_info *new_select, afi_t afi,
 306                                  safi_t safi, bool nlri_update);
 307
 308 /* bgp pbr utilities */
 309 extern struct bgp_pbr_interface *pbr_interface_lookup(const char *name);
 310 extern void bgp_pbr_reset(struct bgp *bgp, afi_t afi);
 311 extern struct bgp_pbr_interface *bgp_pbr_interface_lookup(const char *name,
 312                                    struct bgp_pbr_interface_head *head);
 313
 314 extern int bgp_pbr_build_and_validate_entry(const struct prefix *p,
 315                                             struct bgp_path_info *path,
 316                                             struct bgp_pbr_entry_main *api);
 317 #endif /* __BGP_PBR_H__ */