key = jhash_3words(rule->rule.seq, rule->rule.priority,
rule->rule.action.table,
prefix_hash_key(&rule->rule.filter.src_ip));
- if (rule->ifp)
- key = jhash_1word(rule->ifp->ifindex, key);
- else
- key = jhash_1word(0, key);
if (rule->rule.filter.fwmark)
- key = jhash_1word(rule->rule.filter.fwmark, key);
+ key = jhash_3words(rule->rule.filter.fwmark, rule->vrf_id,
+ rule->rule.ifindex, key);
else
- key = jhash_1word(0, key);
-
- key = jhash_1word(rule->vrf_id, key);
+ key = jhash_2words(rule->vrf_id, rule->rule.ifindex, key);
return jhash_3words(rule->rule.filter.src_port,
rule->rule.filter.dst_port,
if (!prefix_same(&r1->rule.filter.dst_ip, &r2->rule.filter.dst_ip))
return false;
- if (r1->ifp != r2->ifp)
+ if (r1->rule.ifindex != r2->rule.ifindex)
return false;
if (r1->vrf_id != r2->vrf_id)
struct pbr_rule_unique_lookup {
struct zebra_pbr_rule *rule;
uint32_t unique;
- struct interface *ifp;
+ ifindex_t ifindex;
vrf_id_t vrf_id;
};
struct zebra_pbr_rule *rule = b->data;
if (pul->unique == rule->rule.unique
- && pul->ifp == rule->ifp
+ && pul->ifindex == rule->rule.ifindex
&& pul->vrf_id == rule->vrf_id) {
pul->rule = rule;
return HASHWALK_ABORT;
struct pbr_rule_unique_lookup pul;
pul.unique = zrule->rule.unique;
- pul.ifp = zrule->ifp;
+ pul.ifindex = zrule->rule.ifindex;
pul.rule = NULL;
pul.vrf_id = zrule->vrf_id;
hash_walk(zrouter.rules_hash, &pbr_rule_lookup_unique_walker, &pul);
iptable = (struct zebra_pbr_iptable *)arg;
hook_call(zebra_pbr_iptable_update, 0, iptable);
- for (ALL_LIST_ELEMENTS(iptable->interface_name_list,
- node, nnode, name)) {
- XFREE(MTYPE_PBR_IPTABLE_IFNAME, name);
- list_delete_node(iptable->interface_name_list,
- node);
+ if (iptable->interface_name_list) {
+ for (ALL_LIST_ELEMENTS(iptable->interface_name_list, node,
+ nnode, name)) {
+ XFREE(MTYPE_PBR_IPTABLE_IFNAME, name);
+ list_delete_node(iptable->interface_name_list, node);
+ }
+ list_delete(&iptable->interface_name_list);
}
XFREE(MTYPE_TMP, iptable);
}
key = jhash_1word(iptable->tcp_flags, key);
key = jhash_1word(iptable->tcp_mask_flags, key);
key = jhash_1word(iptable->dscp_value, key);
+ key = jhash_1word(iptable->protocol, key);
key = jhash_1word(iptable->fragment, key);
key = jhash_1word(iptable->vrf_id, key);
return false;
if (r1->fragment != r2->fragment)
return false;
+ if (r1->protocol != r2->protocol)
+ return false;
return true;
}
if (rule->sock == *sock) {
(void)kernel_del_pbr_rule(rule);
- hash_release(zrouter.rules_hash, rule);
- XFREE(MTYPE_TMP, rule);
+ if (hash_release(zrouter.rules_hash, rule))
+ XFREE(MTYPE_TMP, rule);
+ else
+ zlog_debug(
+ "%s: Rule seq: %u is being cleaned but we can't find it in our tables",
+ __func__, rule->rule.seq);
}
}
int *sock = data;
if (ipset->sock == *sock) {
- hook_call(zebra_pbr_ipset_update, 0, ipset);
- hash_release(zrouter.ipset_hash, ipset);
+ if (hash_release(zrouter.ipset_hash, ipset))
+ zebra_pbr_ipset_free(ipset);
+ else
+ hook_call(zebra_pbr_ipset_update, 0, ipset);
}
}
int *sock = data;
if (ipset->sock == *sock) {
- hook_call(zebra_pbr_ipset_entry_update, 0, ipset);
- hash_release(zrouter.ipset_entry_hash, ipset);
+ if (hash_release(zrouter.ipset_entry_hash, ipset))
+ zebra_pbr_ipset_entry_free(ipset);
+ else
+ hook_call(zebra_pbr_ipset_entry_update, 0, ipset);
}
}
int *sock = data;
if (iptable->sock == *sock) {
- hook_call(zebra_pbr_iptable_update, 0, iptable);
- hash_release(zrouter.iptable_hash, iptable);
+ if (hash_release(zrouter.iptable_hash, iptable))
+ zebra_pbr_iptable_free(iptable);
+ else
+ hook_call(zebra_pbr_iptable_update, 0, iptable);
}
}
{
struct zebra_pbr_iptable *zpi;
struct zebra_pbr_iptable *new;
+ struct listnode *ln;
+ char *ifname;
zpi = (struct zebra_pbr_iptable *)arg;
new = XCALLOC(MTYPE_TMP, sizeof(struct zebra_pbr_iptable));
+ /* Deep structure copy */
memcpy(new, zpi, sizeof(*zpi));
+ new->interface_name_list = list_new();
+
+ if (zpi->interface_name_list) {
+ for (ALL_LIST_ELEMENTS_RO(zpi->interface_name_list, ln, ifname))
+ listnode_add(new->interface_name_list,
+ XSTRDUP(MTYPE_PBR_IPTABLE_IFNAME, ifname));
+ }
return new;
}
list_delete_node(iptable->interface_name_list,
node);
}
+ list_delete(&iptable->interface_name_list);
XFREE(MTYPE_TMP, lookup);
} else
zlog_debug("%s: IPTable being deleted we know nothing about",
" not" : "", lookup_msg(fragment_value_str,
iptable->fragment, val_str));
}
+ if (iptable->protocol) {
+ vty_out(vty, "\t protocol %d\n",
+ iptable->protocol);
+ }
ret = hook_call(zebra_pbr_iptable_get_stat, iptable, &pkts,
&bytes);
if (ret && pkts > 0)