* - combination src/dst => drop
* - combination srcport + @IP
*/
- if (api->match_packet_length_num
- || api->match_dscp_num || api->match_tcpflags_num) {
+ if (api->match_dscp_num || api->match_tcpflags_num) {
if (BGP_DEBUG(pbr, PBR)) {
bgp_pbr_print_policy_route(api);
zlog_debug("BGP: some SET actions not supported by Zebra. ignoring.");
"too complex. ignoring.");
return 0;
}
+ if (!bgp_pbr_extract(api->packet_length, api->match_packet_length_num, NULL)) {
+ if (BGP_DEBUG(pbr, PBR))
+ zlog_debug("BGP: match packet length operations:"
+ "too complex. ignoring.");
+ return 0;
+ }
/* no combinations with both src_port and dst_port
* or port with src_port and dst_port
*/
key = jhash_1word(pbm->vrf_id, 0x4312abde);
key = jhash_1word(pbm->flags, key);
+ key = jhash_1word(pbm->pkt_len_min, key);
+ key = jhash_1word(pbm->pkt_len_max, key);
return jhash_1word(pbm->type, key);
}
if (r1->action != r2->action)
return 0;
+ if (r1->pkt_len_min != r2->pkt_len_min)
+ return 0;
+
+ if (r1->pkt_len_max != r2->pkt_len_max)
+ return 0;
+
return 1;
}
struct prefix *src,
struct prefix *dst,
uint8_t protocol,
+ struct bgp_pbr_range_port *pkt_len,
struct bgp_pbr_range_port *src_port,
struct bgp_pbr_range_port *dst_port)
{
}
temp2.proto = protocol;
+ if (pkt_len)
+ temp.pkt_len_min = pkt_len->min_port;
+ if (pkt_len && pkt_len->max_port)
+ temp.pkt_len_max = pkt_len->max_port;
+
if (src == NULL || dst == NULL) {
if (temp.flags & (MATCH_PORT_DST_SET | MATCH_PORT_SRC_SET))
temp.type = IPSET_NET_PORT;
struct nexthop *nh,
float *rate,
uint8_t protocol,
+ struct bgp_pbr_range_port *pkt_len,
struct bgp_pbr_range_port *src_port,
struct bgp_pbr_range_port *dst_port)
{
temp.flags |= MATCH_PORT_SRC_RANGE_SET;
if (dst_port && dst_port->max_port)
temp.flags |= MATCH_PORT_DST_RANGE_SET;
+ if (pkt_len)
+ temp.pkt_len_min = pkt_len->min_port;
+ if (pkt_len && pkt_len->max_port)
+ temp.pkt_len_max = pkt_len->max_port;
+
temp.action = bpa;
bpm = hash_get(bgp->pbr_match_hash, &temp,
bgp_pbr_match_alloc_intern);
struct prefix *src_address,
struct prefix *dst_address,
uint8_t proto,
+ struct bgp_pbr_range_port *pkt_len,
struct bgp *bgp,
struct bgp_info *binfo,
bool add,
vrf_id, src_address,
dst_address,
nh, rate, proto,
- &srcp, &dstp);
+ pkt_len, &srcp, &dstp);
else
bgp_pbr_policyroute_remove_from_zebra(
bgp,
vrf_id,
src_address,
dst_address,
- proto,
+ proto, pkt_len,
&srcp, &dstp);
return;
}
vrf_id, src_address,
dst_address,
nh, rate, proto,
- &srcp, &dstp);
+ pkt_len, &srcp, &dstp);
else
bgp_pbr_policyroute_remove_from_zebra(
bgp,
src_address,
dst_address,
proto,
+ pkt_len,
&srcp, &dstp);
}
}
vrf_id, src_address,
dst_address,
nh, rate, proto,
+ pkt_len,
&srcp, &dstp);
else
bgp_pbr_policyroute_remove_from_zebra(
vrf_id,
src_address,
dst_address,
- proto,
+ proto, pkt_len,
&srcp, &dstp);
}
vrf_id, src_address,
dst_address,
nh, rate, proto,
- &srcp, &dstp);
+ pkt_len, &srcp, &dstp);
else
bgp_pbr_policyroute_remove_from_zebra(
bgp,
vrf_id,
src_address,
dst_address,
- proto,
+ proto, pkt_len,
&srcp, &dstp);
break;
}
uint8_t proto = 0;
struct bgp_pbr_range_port *srcp = NULL, *dstp = NULL;
struct bgp_pbr_range_port range, range_icmp_code;
+ struct bgp_pbr_range_port pkt_len;
bool enum_icmp = false;
memset(&nh, 0, sizeof(struct nexthop));
dstp = &range_icmp_code;
}
}
-
+ if (api->match_packet_length_num >= 1)
+ bgp_pbr_extract(api->packet_length,
+ api->match_packet_length_num,
+ &pkt_len);
if (!add) {
if (enum_icmp) {
return bgp_pbr_enumerate_action_src_dst(api->icmp_type,
api->match_icmp_type_num,
api->icmp_code,
api->match_icmp_code_num,
- src, dst, proto,
+ src, dst, proto, &pkt_len,
bgp, binfo, add,
api->vrf_id, NULL, NULL);
}
binfo,
api->vrf_id,
src, dst,
- proto,
+ proto, &pkt_len,
srcp, dstp);
}
/* no action for add = true */
api->match_icmp_type_num,
api->icmp_code,
api->match_icmp_code_num,
- src, dst, proto,
+ src, dst, proto, &pkt_len,
bgp, binfo, add,
api->vrf_id, &nh, &rate);
else
bgp_pbr_policyroute_add_to_zebra(bgp, binfo,
api->vrf_id, src, dst,
&nh, &rate, proto,
- srcp, dstp);
+ &pkt_len, srcp, dstp);
} else {
/* update rate. can be reentrant */
rate = api->actions[i].u.r.rate;
api->match_icmp_type_num,
api->icmp_code,
api->match_icmp_code_num,
- src, dst, proto,
+ src, dst, proto, &pkt_len,
bgp, binfo, add,
api->vrf_id, &nh, &rate);
else
api->vrf_id,
src, dst,
&nh, &rate, proto,
- srcp, dstp);
+ &pkt_len, srcp, dstp);
/* XXX combination with REDIRECT_VRF
* + REDIRECT_NH_IP not done
*/
api->match_icmp_type_num,
api->icmp_code,
api->match_icmp_code_num,
- src, dst, proto,
+ src, dst, proto, &pkt_len,
bgp, binfo, add,
api->vrf_id, &nh, &rate);
else
api->vrf_id,
src, dst,
&nh, &rate, proto,
- srcp, dstp);
+ &pkt_len, srcp, dstp);
continue_loop = 0;
break;
case ACTION_MARKING:
projects / mirror_frr.git / commitdiff