zebra: ignore iprule requests for unsupported actions

Only attempt to install in netlink iprules that include supported
actions; ignore requests with actions that aren't supported by
netlink.

Signed-off-by: Mark Stapp <mjs@labn.net>

diff --git a/zebra/rule_netlink.c b/zebra/rule_netlink.c
index bc96e12902cf9c456fd6c1e06291b804c937283e..f00aef52c07a8360dfda196f5b132ec2fafb4bce 100644 (file)
--- a/zebra/rule_netlink.c
+++ b/zebra/rule_netlink.c
@@ -174,6 +174,17 @@ static ssize_t netlink_oldrule_msg_encoder(struct zebra_dplane_ctx *ctx,
                dplane_ctx_rule_get_old_ipproto(ctx), buf, buflen);
 }
 
+/*
+ * Identify valid rule actions for netlink - other actions can't be installed
+ */
+static bool nl_rule_valid_action(uint32_t action)
+{
+       if (action == PBR_ACTION_TABLE)
+               return true;
+       else
+               return false;
+}
+
 /* Public functions */
 
 enum netlink_msg_status
@@ -181,6 +192,7 @@ netlink_put_rule_update_msg(struct nl_batch *bth, struct zebra_dplane_ctx *ctx)
 {
        enum dplane_op_e op;
        enum netlink_msg_status ret;
+       struct pbr_rule rule = {};
 
        op = dplane_ctx_get_op(ctx);
        if (!(op == DPLANE_OP_RULE_ADD || op == DPLANE_OP_RULE_UPDATE
@@ -192,6 +204,18 @@ netlink_put_rule_update_msg(struct nl_batch *bth, struct zebra_dplane_ctx *ctx)
                return FRR_NETLINK_ERROR;
        }
 
+       /* TODO -- special handling for rules that include actions that
+        * netlink cannot install. Some of the rule attributes are not
+        * available in netlink: only try to install valid actions.
+        */
+       dplane_ctx_rule_get(ctx, &rule, NULL);
+       if (!nl_rule_valid_action(rule.action.flags)) {
+               if (IS_ZEBRA_DEBUG_KERNEL)
+                       zlog_debug("%s: skip invalid action %#x", __func__,
+                                  rule.action.flags);
+               return 0;
+       }
+
        ret = netlink_batch_add_msg(bth, ctx, netlink_rule_msg_encoder, false);
 
        /**