#include "prefix.h"
#include "lib_errors.h"
+#include "bgp_route.h"
#include "bgp_table.h"
#include "bgp_flowspec_util.h"
#include "bgp_flowspec_private.h"
*/
if (prefix->family == AF_INET
&& prefix->u.prefix4.s_addr == 0)
- memset(prefix, 0,
- sizeof(struct prefix));
+ bpem->match_bitmask_iprule |= bitmask;
else
bpem->match_bitmask |= bitmask;
}
__func__, type);
}
}
+ if (bpem->match_packet_length_num || bpem->match_fragment_num ||
+ bpem->match_tcpflags_num || bpem->match_dscp_num ||
+ bpem->match_packet_length_num || bpem->match_icmp_code_num ||
+ bpem->match_icmp_type_num || bpem->match_port_num ||
+ bpem->match_src_port_num || bpem->match_dst_port_num ||
+ bpem->match_protocol_num || bpem->match_bitmask)
+ bpem->type = BGP_PBR_IPSET;
+ else if ((bpem->match_bitmask_iprule & PREFIX_SRC_PRESENT) ||
+ (bpem->match_bitmask_iprule & PREFIX_DST_PRESENT))
+ /* the extracted policy rule may not need an
+ * iptables/ipset filtering. check this may not be
+ * a standard ip rule : permit any to any ( eg)
+ */
+ bpem->type = BGP_PBR_IPRULE;
+ else
+ bpem->type = BGP_PBR_UNDEFINED;
return error;
}
+
+/* return 1 if FS entry invalid or no NH IP */
+int bgp_flowspec_get_first_nh(struct bgp *bgp, struct bgp_path_info *pi,
+ struct prefix *p)
+{
+ struct bgp_pbr_entry_main api;
+ int i;
+ struct bgp_node *rn = pi->net;
+ struct bgp_pbr_entry_action *api_action;
+
+ memset(&api, 0, sizeof(struct bgp_pbr_entry_main));
+ if (bgp_pbr_build_and_validate_entry(&rn->p, pi, &api) < 0)
+ return 1;
+ for (i = 0; i < api.action_num; i++) {
+ api_action = &api.actions[i];
+ if (api_action->action != ACTION_REDIRECT_IP)
+ continue;
+ p->family = AF_INET;
+ p->prefixlen = IPV4_MAX_BITLEN;
+ p->u.prefix4 = api_action->u.zr.redirect_ip_v4;
+ return 0;
+ }
+ return 1;
+}