zebra/zebra_pbr.h

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  * Zebra Policy Based Routing (PBR) Data structures and definitions
   4  * These are public definitions referenced by multiple files.
   5  * Copyright (C) 2018 Cumulus Networks, Inc.
   6  */
   7
   8 #ifndef _ZEBRA_PBR_H
   9 #define _ZEBRA_PBR_H
  10
  11 #include <zebra.h>
  12
  13 #include "prefix.h"
  14 #include "if.h"
  15
  16 #include "rt.h"
  17 #include "pbr.h"
  18
  19 #ifdef __cplusplus
  20 extern "C" {
  21 #endif
  22
  23 /* Memory type for PBR objects. */
  24 DECLARE_MTYPE(PBR_OBJ);
  25
  26 struct zebra_pbr_action {
  27         afi_t afi;
  28
  29         /* currently only one nexthop is supported */
  30         union g_addr gate;
  31
  32         /* dest-interface */
  33         ifindex_t ifindex;
  34
  35         /* dataplane info */
  36         intptr_t dp_flow_ptr;
  37
  38         /* neigh */
  39         struct zebra_neigh_ent *neigh;
  40         /* zebra_pbr_rule is linked to neigh via neigh_listnode */
  41         struct listnode neigh_listnode;
  42 };
  43
  44 struct zebra_pbr_rule {
  45         int sock;
  46
  47         struct pbr_rule rule;
  48
  49         char ifname[INTERFACE_NAMSIZ];
  50
  51         struct zebra_pbr_action action;
  52
  53         vrf_id_t vrf_id;
  54 };
  55
  56 #define IS_RULE_FILTERING_ON_SRC_IP(r) \
  57         (r->rule.filter.filter_bm & PBR_FILTER_SRC_IP)
  58 #define IS_RULE_FILTERING_ON_DST_IP(r) \
  59         (r->rule.filter.filter_bm & PBR_FILTER_DST_IP)
  60 #define IS_RULE_FILTERING_ON_SRC_PORT(r) \
  61         (r->rule.filter.filter_bm & PBR_FILTER_SRC_PORT)
  62 #define IS_RULE_FILTERING_ON_DST_PORT(r) \
  63         (r->rule.filter.filter_bm & PBR_FILTER_DST_PORT)
  64 #define IS_RULE_FILTERING_ON_DSFIELD(r) \
  65         (r->rule.filter.filter_bm & PBR_FILTER_DSFIELD)
  66 #define IS_RULE_FILTERING_ON_FWMARK(r) \
  67         (r->rule.filter.filter_bm & PBR_FILTER_FWMARK)
  68
  69 /*
  70  * An IPSet Entry Filter
  71  *
  72  * This is a filter mapped on ipset entries
  73  */
  74 struct zebra_pbr_ipset_info {
  75         /* type is encoded as uint32_t
  76          * but value is an enum ipset_type
  77          */
  78         uint32_t type;
  79
  80         uint8_t family;
  81
  82         char ipset_name[ZEBRA_IPSET_NAME_SIZE];
  83 };
  84
  85 struct zebra_pbr_ipset {
  86         /*
  87          * Originating zclient sock fd, so we can know who to send
  88          * back to.
  89          */
  90         int sock;
  91
  92         vrf_id_t vrf_id;
  93
  94         uint32_t unique;
  95
  96         /* type is encoded as uint32_t
  97          * but value is an enum ipset_type
  98          */
  99         uint32_t type;
 100
 101         uint8_t family;
 102
 103         char ipset_name[ZEBRA_IPSET_NAME_SIZE];
 104 };
 105
 106
 107 /*
 108  * An IPSet Entry Filter
 109  *
 110  * This is a filter mapped on ipset entries
 111  */
 112 struct zebra_pbr_ipset_entry {
 113         /*
 114          * Originating zclient sock fd, so we can know who to send
 115          * back to.
 116          */
 117         int sock;
 118
 119         uint32_t unique;
 120
 121         struct prefix src;
 122         struct prefix dst;
 123
 124         /* udp/tcp src port or icmp type */
 125         uint16_t src_port_min;
 126         uint16_t src_port_max;
 127         /* udp/tcp dst port or icmp code */
 128         uint16_t dst_port_min;
 129         uint16_t dst_port_max;
 130
 131         uint8_t proto;
 132
 133         uint32_t filter_bm;
 134
 135         struct zebra_pbr_ipset *backpointer;
 136 };
 137
 138 /*
 139  * An IPTables Action
 140  *
 141  * This is a filter mapped on ipset entries
 142  */
 143 struct zebra_pbr_iptable {
 144         /*
 145          * Originating zclient sock fd, so we can know who to send
 146          * back to.
 147          */
 148         int sock;
 149
 150         vrf_id_t vrf_id;
 151
 152         uint32_t unique;
 153
 154         /* include ipset type
 155          */
 156         uint32_t type;
 157
 158         /* include which IP is to be filtered
 159          */
 160         uint32_t filter_bm;
 161
 162         uint32_t fwmark;
 163
 164         uint32_t action;
 165
 166         uint16_t pkt_len_min;
 167         uint16_t pkt_len_max;
 168         uint16_t tcp_flags;
 169         uint16_t tcp_mask_flags;
 170         uint8_t dscp_value;
 171         uint8_t fragment;
 172         uint8_t protocol;
 173
 174         uint32_t nb_interface;
 175         uint16_t flow_label;
 176
 177         uint8_t family;
 178
 179         struct list *interface_name_list;
 180
 181 #define IPTABLE_INSTALL_QUEUED 1 << 1
 182 #define IPTABLE_UNINSTALL_QUEUED 1 << 2
 183         uint8_t internal_flags;
 184         char ipset_name[ZEBRA_IPSET_NAME_SIZE];
 185 };
 186
 187 extern const struct message icmp_typecode_str[];
 188 extern const struct message icmpv6_typecode_str[];
 189
 190 const char *zebra_pbr_ipset_type2str(uint32_t type);
 191
 192 void zebra_pbr_add_rule(struct zebra_pbr_rule *rule);
 193 void zebra_pbr_del_rule(struct zebra_pbr_rule *rule);
 194 void zebra_pbr_create_ipset(struct zebra_pbr_ipset *ipset);
 195 void zebra_pbr_destroy_ipset(struct zebra_pbr_ipset *ipset);
 196 struct zebra_pbr_ipset *zebra_pbr_lookup_ipset_pername(char *ipsetname);
 197 void zebra_pbr_add_ipset_entry(struct zebra_pbr_ipset_entry *ipset);
 198 void zebra_pbr_del_ipset_entry(struct zebra_pbr_ipset_entry *ipset);
 199
 200 void zebra_pbr_add_iptable(struct zebra_pbr_iptable *iptable);
 201 void zebra_pbr_del_iptable(struct zebra_pbr_iptable *iptable);
 202 void zebra_pbr_process_iptable(struct zebra_dplane_ctx *ctx);
 203 void zebra_pbr_process_ipset(struct zebra_dplane_ctx *ctx);
 204 void zebra_pbr_process_ipset_entry(struct zebra_dplane_ctx *ctx);
 205
 206 /*
 207  * Get to know existing PBR rules in the kernel - typically called at startup.
 208  */
 209 extern void kernel_read_pbr_rules(struct zebra_ns *zns);
 210
 211 /*
 212  * Handle success or failure of rule (un)install in the kernel.
 213  */
 214 extern void zebra_pbr_dplane_result(struct zebra_dplane_ctx *ctx);
 215
 216 /*
 217  * Handle success or failure of ipset kinds (un)install in the kernel.
 218  */
 219 extern void kernel_pbr_ipset_add_del_status(struct zebra_pbr_ipset *ipset,
 220                                            enum zebra_dplane_status res);
 221
 222 extern void kernel_pbr_ipset_entry_add_del_status(
 223                                 struct zebra_pbr_ipset_entry *ipset,
 224                                 enum zebra_dplane_status res);
 225
 226 /*
 227  * Handle rule delete notification from kernel.
 228  */
 229 extern int kernel_pbr_rule_del(struct zebra_pbr_rule *rule);
 230
 231 extern void zebra_pbr_rules_free(void *arg);
 232 extern uint32_t zebra_pbr_rules_hash_key(const void *arg);
 233 extern bool zebra_pbr_rules_hash_equal(const void *arg1, const void *arg2);
 234
 235 /* has operates on 32bit pointer
 236  * and field is a string of 8bit
 237  */
 238 #define ZEBRA_IPSET_NAME_HASH_SIZE (ZEBRA_IPSET_NAME_SIZE / 4)
 239
 240 extern void zebra_pbr_ipset_free(void *arg);
 241 extern uint32_t zebra_pbr_ipset_hash_key(const void *arg);
 242 extern bool zebra_pbr_ipset_hash_equal(const void *arg1, const void *arg2);
 243
 244 extern void zebra_pbr_ipset_entry_free(void *arg);
 245 extern uint32_t zebra_pbr_ipset_entry_hash_key(const void *arg);
 246 extern bool zebra_pbr_ipset_entry_hash_equal(const void *arg1,
 247                                              const void *arg2);
 248
 249 extern void zebra_pbr_iptable_free(void *arg);
 250 extern uint32_t zebra_pbr_iptable_hash_key(const void *arg);
 251 extern bool zebra_pbr_iptable_hash_equal(const void *arg1, const void *arg2);
 252
 253 extern void zebra_pbr_config_write(struct vty *vty);
 254 extern void zebra_pbr_expand_action_update(bool enable);
 255 extern void zebra_pbr_init(void);
 256 extern void zebra_pbr_show_ipset_list(struct vty *vty, char *ipsetname);
 257 extern void zebra_pbr_show_iptable(struct vty *vty, char *iptable);
 258 extern void zebra_pbr_iptable_update_interfacelist(struct stream *s,
 259                                    struct zebra_pbr_iptable *zpi);
 260 size_t zebra_pbr_tcpflags_snprintf(char *buffer, size_t len,
 261                                    uint16_t tcp_val);
 262 extern void zebra_pbr_show_rule(struct vty *vty);
 263 extern void zebra_pbr_show_rule_unit(struct zebra_pbr_rule *rule,
 264                                      struct vty *vty);
 265
 266 DECLARE_HOOK(zebra_pbr_ipset_entry_get_stat,
 267              (struct zebra_pbr_ipset_entry *ipset, uint64_t *pkts,
 268               uint64_t *bytes),
 269              (ipset, pkts, bytes));
 270 DECLARE_HOOK(zebra_pbr_iptable_get_stat,
 271              (struct zebra_pbr_iptable *iptable, uint64_t *pkts,
 272               uint64_t *bytes),
 273              (iptable, pkts, bytes));
 274 DECLARE_HOOK(zebra_pbr_iptable_update,
 275              (int cmd, struct zebra_pbr_iptable *iptable), (cmd, iptable));
 276
 277 DECLARE_HOOK(zebra_pbr_ipset_entry_update,
 278              (int cmd, struct zebra_pbr_ipset_entry *ipset), (cmd, ipset));
 279 DECLARE_HOOK(zebra_pbr_ipset_update,
 280              (int cmd, struct zebra_pbr_ipset *ipset), (cmd, ipset));
 281
 282 #ifdef __cplusplus
 283 }
 284 #endif
 285
 286 #endif /* _ZEBRA_PBR_H */