pbrd: add vlan filters pcp/vlan-id/vlan-flags; ip-protocol any (zapi)

    Subset: ZAPI changes to send the new data

    Also adds filter_bm field; currently for PBR_FILTER_PCP, but in the
    future to be used for all of the filter fields.

    Changes by:
	Josh Werner <joshuawerner@mitre.org>
	Eli Baum <ebaum@mitre.org>
	G. Paul Ziemba <paulz@labn.net>

Signed-off-by: G. Paul Ziemba <paulz@labn.net>

diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c
index 1320906339df9d726c82a4075f42ba8904d2e340..aa7ce6a8fbd3b4751680157dc92b7780ad1f3f9b 100644 (file)
--- a/bgpd/bgp_zebra.c
+++ b/bgpd/bgp_zebra.c
@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /* zebra client
  * Copyright (C) 1997, 98, 99 Kunihiro Ishiguro
+ * Copyright (c) 2023 LabN Consulting, L.L.C.
  */
 
 #include <zebra.h>
@@ -2732,6 +2733,9 @@ static void bgp_encode_pbr_rule_action(struct stream *s,
                stream_putl(s, pbr->unique);
        else
                stream_putl(s, pbra->unique);
+
+       stream_putl(s, 0); /* filter_bm placeholder */
+
        stream_putc(s, 0); /* ip protocol being used */
        if (pbr && pbr->flags & MATCH_IP_SRC_SET)
                memcpy(&pfx, &(pbr->src), sizeof(struct prefix));
@@ -2756,19 +2760,23 @@ static void bgp_encode_pbr_rule_action(struct stream *s,
        stream_put(s, &pfx.u.prefix, prefix_blen(&pfx));
 
        stream_putw(s, 0);  /* dst port */
-       stream_putc(s, 0);  /* dsfield */
+
+       stream_putc(s, 0); /* filter dsfield */
        /* if pbr present, fwmark is not used */
        if (pbr)
                stream_putl(s, 0);
        else
-               stream_putl(s, pbra->fwmark);  /* fwmark */
+               stream_putl(s, pbra->fwmark); /* filter fwmark */
 
-       stream_putl(s, 0); /* queue id */
-       stream_putw(s, 0); /* vlan_id */
-       stream_putw(s, 0); /* vlan_flags */
-       stream_putw(s, 0); /* pcp */
+       stream_putc(s, 0); /* pcp filter */
+       stream_putw(s, 0); /* pcp action  */
+       stream_putw(s, 0); /* vlan_id filter */
+       stream_putw(s, 0); /* vlan_flags filter */
+       stream_putw(s, 0); /* vlan_id action */
+       stream_putw(s, 0); /* vlan_flags action */
+       stream_putl(s, 0); /* queue id action */
 
-       stream_putl(s, pbra->table_id);
+       stream_putl(s, pbra->table_id); /* table action */
 
        memset(ifname, 0, sizeof(ifname));
        stream_put(s, ifname, INTERFACE_NAMSIZ); /* ifname unused */

diff --git a/pbrd/pbr_zebra.c b/pbrd/pbr_zebra.c
index 53a02e14a59963b4d50b707d8eb4dac8f0b85285..28d89b0b5c37403c97e761724a8ec9ce956696da 100644 (file)
--- a/pbrd/pbr_zebra.c
+++ b/pbrd/pbr_zebra.c
@@ -3,6 +3,9 @@
  * Zebra connect code.
  * Copyright (C) 2018 Cumulus Networks, Inc.
  *               Donald Sharp
+ * Portions:
+ *             Copyright (c) 2021 The MITRE Corporation.
+ *             Copyright (c) 2023 LabN Consulting, L.L.C.
  */
 #include <zebra.h>
 
@@ -20,6 +23,7 @@
 #include "log.h"
 #include "nexthop.h"
 #include "nexthop_group.h"
+#include "pbr.h"
 
 #include "pbr_nht.h"
 #include "pbr_map.h"
@@ -529,6 +533,9 @@ static bool pbr_encode_pbr_map_sequence(struct stream *s,
        stream_putl(s, pbrms->seqno);
        stream_putl(s, pbrms->ruleno);
        stream_putl(s, pbrms->unique);
+
+       stream_putl(s, pbrms->filter_bm);
+
        stream_putc(s, pbrms->ip_proto); /* The ip_proto */
        pbr_encode_pbr_map_sequence_prefix(s, pbrms->src, family);
        stream_putw(s, pbrms->src_prt);
@@ -536,13 +543,25 @@ static bool pbr_encode_pbr_map_sequence(struct stream *s,
        stream_putw(s, pbrms->dst_prt);
        stream_putc(s, pbrms->dsfield);
        stream_putl(s, pbrms->mark);
-
-       stream_putl(s, pbrms->action_queue_id);
+       /* PCP */
+       if (CHECK_FLAG(pbrms->filter_bm, PBR_FILTER_PCP))
+               stream_putc(s, pbrms->match_pcp);
+       else
+               stream_putc(s, 0);
+       stream_putw(s, pbrms->action_pcp);
+       /* VLAN */
+       stream_putw(s, pbrms->match_vlan_id);
+       stream_putw(s, pbrms->match_vlan_flags);
 
        stream_putw(s, pbrms->action_vlan_id);
        stream_putw(s, pbrms->action_vlan_flags);
-       stream_putw(s, pbrms->action_pcp);
+       stream_putl(s, pbrms->action_queue_id);
 
+       /* if the user does not use the command "set vrf name |unchanged"
+        * then pbr_encode_pbr_map_sequence_vrf will not be called
+        */
+
+       /* these statement get a table id */
        if (pbrms->vrf_unchanged || pbrms->vrf_lookup)
                pbr_encode_pbr_map_sequence_vrf(s, pbrms, ifp);
        else if (pbrms->nhgrp_name)
@@ -568,9 +587,6 @@ bool pbr_send_pbr_map(struct pbr_map_sequence *pbrms,
 
        is_installed &= pbrms->installed;
 
-       DEBUGD(&pbr_dbg_zebra, "%s: for %s %d(%" PRIu64 ")", __func__,
-              pbrm->name, install, is_installed);
-
        /*
         * If we are installed and asked to do so again and the config
         * has not changed, just return.

diff --git a/zebra/zapi_msg.c b/zebra/zapi_msg.c
index 5ac87540588ee4cd2280dce621bc064844db09fa..ab491ea52541c29cb4bc5081f78ae4e60c6631d1 100644 (file)
--- a/zebra/zapi_msg.c
+++ b/zebra/zapi_msg.c
@@ -5,6 +5,8 @@
  *   Copyright (C) 1997-1999  Kunihiro Ishiguro
  *   Copyright (C) 2015-2018  Cumulus Networks, Inc.
  *   et al.
+ *   Copyright (c) 2021 The MITRE Corporation.
+ *   Copyright (c) 2023 LabN Consulting, L.L.C.
  */
 
 #include <zebra.h>
@@ -3199,6 +3201,9 @@ static inline void zread_rule(ZAPI_HANDLER_ARGS)
                STREAM_GETL(s, zpr.rule.seq);
                STREAM_GETL(s, zpr.rule.priority);
                STREAM_GETL(s, zpr.rule.unique);
+
+               STREAM_GETL(s, zpr.rule.filter.filter_bm);
+
                STREAM_GETC(s, zpr.rule.filter.ip_proto);
                STREAM_GETC(s, zpr.rule.filter.src_ip.family);
                STREAM_GETC(s, zpr.rule.filter.src_ip.prefixlen);
@@ -3213,10 +3218,13 @@ static inline void zread_rule(ZAPI_HANDLER_ARGS)
                STREAM_GETC(s, zpr.rule.filter.dsfield);
                STREAM_GETL(s, zpr.rule.filter.fwmark);
 
-               STREAM_GETL(s, zpr.rule.action.queue_id);
+               STREAM_GETC(s, zpr.rule.filter.pcp);
+               STREAM_GETW(s, zpr.rule.action.pcp);
+               STREAM_GETW(s, zpr.rule.filter.vlan_id);
+               STREAM_GETW(s, zpr.rule.filter.vlan_flags);
                STREAM_GETW(s, zpr.rule.action.vlan_id);
                STREAM_GETW(s, zpr.rule.action.vlan_flags);
-               STREAM_GETW(s, zpr.rule.action.pcp);
+               STREAM_GETL(s, zpr.rule.action.queue_id);
 
                STREAM_GETL(s, zpr.rule.action.table);
                STREAM_GET(ifname, s, INTERFACE_NAMSIZ);
@@ -3245,6 +3253,14 @@ static inline void zread_rule(ZAPI_HANDLER_ARGS)
                if (zpr.rule.filter.fwmark)
                        zpr.rule.filter.filter_bm |= PBR_FILTER_FWMARK;
 
+               /* NB PBR_FILTER_PCP should already be set by sender */
+
+               if (zpr.rule.filter.vlan_flags)
+                       zpr.rule.filter.filter_bm |= PBR_FILTER_VLAN_FLAGS;
+
+               if (zpr.rule.filter.vlan_id)
+                       zpr.rule.filter.filter_bm |= PBR_FILTER_VLAN_ID;
+
                if (!(zpr.rule.filter.src_ip.family == AF_INET
                      || zpr.rule.filter.src_ip.family == AF_INET6)) {
                        zlog_warn(
@@ -3515,7 +3531,7 @@ static inline void zread_ipset_entry(ZAPI_HANDLER_ARGS)
                if (zpi.src_port_max != 0)
                        zpi.filter_bm |= PBR_FILTER_SRC_PORT_RANGE;
                if (zpi.proto != 0)
-                       zpi.filter_bm |= PBR_FILTER_PROTO;
+                       zpi.filter_bm |= PBR_FILTER_IP_PROTOCOL;
 
                if (!(zpi.dst.family == AF_INET
                      || zpi.dst.family == AF_INET6)) {