From 4112baec9f7ec235c66e2c5992ba2288ca1557e7 Mon Sep 17 00:00:00 2001 From: Mark Stapp Date: Tue, 23 May 2023 15:31:31 -0400 Subject: [PATCH] pbrd, zebra: fix zapi and netlink rule encoding In pbrd, don't encode a rule without a table. There are cases where the zapi encoding was incorrect because the 4-octet table id was missing. In zebra, mask off the ECN bits in the TOS byte when encoding an iprule to match netlink's expectation. Signed-off-by: Mark Stapp --- pbrd/pbr_zebra.c | 21 +++++++++++++++------ zebra/rule_netlink.c | 4 ++-- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/pbrd/pbr_zebra.c b/pbrd/pbr_zebra.c index 097c9f2964..53a02e14a5 100644 --- a/pbrd/pbr_zebra.c +++ b/pbrd/pbr_zebra.c @@ -516,7 +516,7 @@ pbr_encode_pbr_map_sequence_vrf(struct stream *s, stream_putl(s, pbr_vrf->vrf->data.l.table_id); } -static void pbr_encode_pbr_map_sequence(struct stream *s, +static bool pbr_encode_pbr_map_sequence(struct stream *s, struct pbr_map_sequence *pbrms, struct interface *ifp) { @@ -549,7 +549,14 @@ static void pbr_encode_pbr_map_sequence(struct stream *s, stream_putl(s, pbr_nht_get_table(pbrms->nhgrp_name)); else if (pbrms->nhg) stream_putl(s, pbr_nht_get_table(pbrms->internal_nhg_name)); + else { + /* Not valid for install without table */ + return false; + } + stream_put(s, ifp->name, INTERFACE_NAMSIZ); + + return true; } bool pbr_send_pbr_map(struct pbr_map_sequence *pbrms, @@ -593,11 +600,13 @@ bool pbr_send_pbr_map(struct pbr_map_sequence *pbrms, install ? "Installing" : "Deleting", pbrm->name, pbrms->seqno, install, pmi->ifp->name, pmi->delete); - pbr_encode_pbr_map_sequence(s, pbrms, pmi->ifp); - - stream_putw_at(s, 0, stream_get_endp(s)); - - zclient_send_message(zclient); + if (pbr_encode_pbr_map_sequence(s, pbrms, pmi->ifp)) { + stream_putw_at(s, 0, stream_get_endp(s)); + zclient_send_message(zclient); + } else { + DEBUGD(&pbr_dbg_zebra, "%s: %s seq %u encode failed, skipped", + __func__, pbrm->name, pbrms->seqno); + } return true; } diff --git a/zebra/rule_netlink.c b/zebra/rule_netlink.c index c7832992ea..518c948c99 100644 --- a/zebra/rule_netlink.c +++ b/zebra/rule_netlink.c @@ -116,9 +116,9 @@ static ssize_t netlink_rule_msg_encode( return 0; } - /* dsfield, if specified */ + /* dsfield, if specified; mask off the ECN bits */ if (filter_bm & PBR_FILTER_DSFIELD) - req->frh.tos = dsfield; + req->frh.tos = dsfield & 0xfc; /* protocol to match on */ if (filter_bm & PBR_FILTER_IP_PROTOCOL) -- 2.39.5