bgpd/bgp_pbr.h

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  * BGP pbr
   4  * Copyright (C) 6WIND
   5  */
   6 #ifndef __BGP_PBR_H__
   7 #define __BGP_PBR_H__
   8
   9 #include "nexthop.h"
  10 #include "zclient.h"
  11
  12 /* flowspec case: 0 to 3 actions maximum:
  13  * 1 redirect
  14  * 1 set dscp
  15  * 1 set traffic rate
  16  */
  17 #define ACTIONS_MAX_NUM 4
  18 enum bgp_pbr_action_enum {
  19         ACTION_TRAFFICRATE = 1,
  20         ACTION_TRAFFIC_ACTION = 2,
  21         ACTION_REDIRECT = 3,
  22         ACTION_MARKING = 4,
  23         ACTION_REDIRECT_IP = 5
  24 };
  25
  26 #define TRAFFIC_ACTION_SAMPLE     (1 << 0)
  27 #define TRAFFIC_ACTION_TERMINATE  (1 << 1)
  28 #define TRAFFIC_ACTION_DISTRIBUTE (1 << 2)
  29
  30 #define OPERATOR_COMPARE_LESS_THAN    (1<<1)
  31 #define OPERATOR_COMPARE_GREATER_THAN (1<<2)
  32 #define OPERATOR_COMPARE_EQUAL_TO     (1<<3)
  33 #define OPERATOR_COMPARE_EXACT_MATCH  (1<<4)
  34
  35 #define OPERATOR_UNARY_OR    (1<<1)
  36 #define OPERATOR_UNARY_AND   (1<<2)
  37
  38 /* struct used to store values [0;65535]
  39  * this can be used for port number of protocol
  40  */
  41 #define BGP_PBR_MATCH_VAL_MAX 5
  42
  43 struct bgp_pbr_match_val {
  44         uint16_t value;
  45         uint8_t compare_operator;
  46         uint8_t unary_operator;
  47 };
  48
  49 #define FRAGMENT_DONT  1
  50 #define FRAGMENT_IS    2
  51 #define FRAGMENT_FIRST 4
  52 #define FRAGMENT_LAST  8
  53
  54 struct bgp_pbr_entry_action {
  55         /* used to store enum bgp_pbr_action_enum enumerate */
  56         uint8_t action;
  57         union {
  58                 union {
  59                         uint8_t rate_info[4]; /* IEEE.754.1985 */
  60                         float rate;
  61                 } r __attribute__((aligned(8)));
  62                 struct _pbr_action {
  63                         uint8_t do_sample;
  64                         uint8_t filter;
  65                 } za;
  66                 vrf_id_t redirect_vrf;
  67                 struct _pbr_redirect_ip {
  68                         struct in_addr redirect_ip_v4;
  69                         struct in6_addr redirect_ip_v6;
  70                         uint8_t duplicate;
  71                 } zr;
  72                 uint8_t marking_dscp;
  73         } u __attribute__((aligned(8)));
  74 };
  75
  76 /* BGP Policy Route structure */
  77 struct bgp_pbr_entry_main {
  78 #define BGP_PBR_UNDEFINED       0
  79 #define BGP_PBR_IPSET           1
  80 #define BGP_PBR_IPRULE          2
  81         uint8_t type;
  82
  83         /*
  84          * This is an enum but we are going to treat it as a uint8_t
  85          * for purpose of encoding/decoding
  86          */
  87         afi_t afi;
  88         safi_t safi;
  89
  90 #define PREFIX_SRC_PRESENT (1 << 0)
  91 #define PREFIX_DST_PRESENT (1 << 1)
  92         uint8_t match_bitmask_iprule;
  93         uint8_t match_bitmask;
  94
  95         uint8_t match_src_port_num;
  96         uint8_t match_dst_port_num;
  97         uint8_t match_port_num;
  98         uint8_t match_protocol_num;
  99         uint8_t match_icmp_type_num;
 100         uint8_t match_icmp_code_num;
 101         uint8_t match_packet_length_num;
 102         uint8_t match_dscp_num;
 103         uint8_t match_tcpflags_num;
 104         uint8_t match_fragment_num;
 105         uint8_t match_flowlabel_num;
 106
 107         struct prefix src_prefix;
 108         struct prefix dst_prefix;
 109         uint8_t src_prefix_offset;
 110         uint8_t dst_prefix_offset;
 111
 112 #define PROTOCOL_UDP 17
 113 #define PROTOCOL_TCP 6
 114 #define PROTOCOL_ICMP 1
 115 #define PROTOCOL_ICMPV6 58
 116         struct bgp_pbr_match_val protocol[BGP_PBR_MATCH_VAL_MAX];
 117         struct bgp_pbr_match_val src_port[BGP_PBR_MATCH_VAL_MAX];
 118         struct bgp_pbr_match_val dst_port[BGP_PBR_MATCH_VAL_MAX];
 119         struct bgp_pbr_match_val port[BGP_PBR_MATCH_VAL_MAX];
 120         struct bgp_pbr_match_val icmp_type[BGP_PBR_MATCH_VAL_MAX];
 121         struct bgp_pbr_match_val icmp_code[BGP_PBR_MATCH_VAL_MAX];
 122         struct bgp_pbr_match_val packet_length[BGP_PBR_MATCH_VAL_MAX];
 123         struct bgp_pbr_match_val dscp[BGP_PBR_MATCH_VAL_MAX];
 124         struct bgp_pbr_match_val flow_label[BGP_PBR_MATCH_VAL_MAX];
 125
 126         struct bgp_pbr_match_val tcpflags[BGP_PBR_MATCH_VAL_MAX];
 127         struct bgp_pbr_match_val fragment[BGP_PBR_MATCH_VAL_MAX];
 128
 129         uint16_t action_num;
 130         struct bgp_pbr_entry_action actions[ACTIONS_MAX_NUM];
 131
 132         vrf_id_t vrf_id;
 133 };
 134
 135 struct bgp_pbr_interface {
 136         RB_ENTRY(bgp_pbr_interface) id_entry;
 137         char name[INTERFACE_NAMSIZ];
 138 };
 139
 140 RB_HEAD(bgp_pbr_interface_head, bgp_pbr_interface);
 141 RB_PROTOTYPE(bgp_pbr_interface_head, bgp_pbr_interface, id_entry,
 142              bgp_pbr_interface_compare);
 143
 144 extern int bgp_pbr_interface_compare(const struct bgp_pbr_interface *a,
 145                                      const struct bgp_pbr_interface *b);
 146
 147 struct bgp_pbr_config {
 148         struct bgp_pbr_interface_head ifaces_by_name_ipv4;
 149         bool pbr_interface_any_ipv4;
 150         struct bgp_pbr_interface_head ifaces_by_name_ipv6;
 151         bool pbr_interface_any_ipv6;
 152 };
 153
 154 extern struct bgp_pbr_config *bgp_pbr_cfg;
 155
 156 struct bgp_pbr_rule {
 157         uint32_t flags;
 158         struct prefix src;
 159         struct prefix dst;
 160         struct bgp_pbr_action *action;
 161         vrf_id_t vrf_id;
 162         uint32_t unique;
 163         uint32_t priority;
 164         bool installed;
 165         bool install_in_progress;
 166         void *path;
 167 };
 168
 169 struct bgp_pbr_match {
 170         char ipset_name[ZEBRA_IPSET_NAME_SIZE];
 171
 172         /* mapped on enum ipset_type
 173          */
 174         uint32_t type;
 175
 176         uint32_t flags;
 177         uint8_t family;
 178
 179         uint16_t pkt_len_min;
 180         uint16_t pkt_len_max;
 181         uint16_t tcp_flags;
 182         uint16_t tcp_mask_flags;
 183         uint8_t dscp_value;
 184         uint8_t fragment;
 185         uint8_t protocol;
 186         uint16_t flow_label;
 187
 188         vrf_id_t vrf_id;
 189
 190         /* unique identifier for ipset create transaction
 191          */
 192         uint32_t unique;
 193
 194         /* unique identifier for iptable add transaction
 195          */
 196         uint32_t unique2;
 197
 198         bool installed;
 199         bool install_in_progress;
 200
 201         bool installed_in_iptable;
 202         bool install_iptable_in_progress;
 203
 204         struct hash *entry_hash;
 205
 206         struct bgp_pbr_action *action;
 207
 208 };
 209
 210 struct bgp_pbr_match_entry {
 211         struct bgp_pbr_match *backpointer;
 212
 213         uint32_t unique;
 214
 215         struct prefix src;
 216         struct prefix dst;
 217
 218         uint16_t src_port_min;
 219         uint16_t src_port_max;
 220         uint16_t dst_port_min;
 221         uint16_t dst_port_max;
 222         uint8_t proto;
 223
 224         void *path;
 225
 226         bool installed;
 227         bool install_in_progress;
 228 };
 229
 230 struct bgp_pbr_action {
 231
 232         /*
 233          * The Unique identifier of this specific pbrms
 234          */
 235         uint32_t unique;
 236
 237         uint32_t fwmark;
 238
 239         uint32_t table_id;
 240
 241         float rate;
 242
 243         /*
 244          * nexthop information, or drop information
 245          * contains src vrf_id and nh contains dest vrf_id
 246          */
 247         vrf_id_t vrf_id;
 248         struct nexthop nh;
 249
 250         bool installed;
 251         bool install_in_progress;
 252         uint32_t refcnt;
 253         struct bgp *bgp;
 254         afi_t afi;
 255 };
 256
 257 extern struct bgp_pbr_rule *bgp_pbr_rule_lookup(vrf_id_t vrf_id,
 258                                                 uint32_t unique);
 259
 260 extern struct bgp_pbr_action *bgp_pbr_action_rule_lookup(vrf_id_t vrf_id,
 261                                                          uint32_t unique);
 262
 263 extern struct bgp_pbr_match *bgp_pbr_match_ipset_lookup(vrf_id_t vrf_id,
 264                                                         uint32_t unique);
 265
 266 extern struct bgp_pbr_match_entry *bgp_pbr_match_ipset_entry_lookup(
 267                                             vrf_id_t vrf_id, char *name,
 268                                             uint32_t unique);
 269 extern struct bgp_pbr_match *bgp_pbr_match_iptable_lookup(vrf_id_t vrf_id,
 270                                                           uint32_t unique);
 271
 272 extern void bgp_pbr_cleanup(struct bgp *bgp);
 273 extern void bgp_pbr_init(struct bgp *bgp);
 274
 275 extern uint32_t bgp_pbr_rule_hash_key(const void *arg);
 276 extern bool bgp_pbr_rule_hash_equal(const void *arg1,
 277                                    const void *arg2);
 278 extern uint32_t bgp_pbr_action_hash_key(const void *arg);
 279 extern bool bgp_pbr_action_hash_equal(const void *arg1,
 280                                      const void *arg2);
 281 extern uint32_t bgp_pbr_match_entry_hash_key(const void *arg);
 282 extern bool bgp_pbr_match_entry_hash_equal(const void *arg1,
 283                                           const void *arg2);
 284 extern uint32_t bgp_pbr_match_hash_key(const void *arg);
 285 extern bool bgp_pbr_match_hash_equal(const void *arg1,
 286                                     const void *arg2);
 287
 288 void bgp_pbr_print_policy_route(struct bgp_pbr_entry_main *api);
 289
 290 struct bgp_path_info;
 291 extern void bgp_pbr_update_entry(struct bgp *bgp, const struct prefix *p,
 292                                  struct bgp_path_info *new_select, afi_t afi,
 293                                  safi_t safi, bool nlri_update);
 294
 295 /* bgp pbr utilities */
 296 extern struct bgp_pbr_interface *pbr_interface_lookup(const char *name);
 297 extern void bgp_pbr_reset(struct bgp *bgp, afi_t afi);
 298 extern struct bgp_pbr_interface *bgp_pbr_interface_lookup(const char *name,
 299                                    struct bgp_pbr_interface_head *head);
 300
 301 extern int bgp_pbr_build_and_validate_entry(const struct prefix *p,
 302                                             struct bgp_path_info *path,
 303                                             struct bgp_pbr_entry_main *api);
 304 #endif /* __BGP_PBR_H__ */