From 49027ce8568ca773b0fc441e4abbf71d0d605c2c Mon Sep 17 00:00:00 2001 From: Don Slice Date: Mon, 26 Mar 2018 19:16:09 +0000 Subject: [PATCH] pbrd: adjust/remove the rule correctly when dst and/or src removed When the last match criteria was removed (dst-ip or src-ip), we were not deleting the rule correctly for ipv6. This fix retains the needed src-ip/dst-ip during the pbr_send_pbr_map process so the appropriate information is available for the rule delete. Signed-off-by: Don Slice --- pbrd/pbr_map.c | 7 ------- pbrd/pbr_map.h | 5 +++++ pbrd/pbr_vty.c | 4 ++++ pbrd/pbr_zebra.c | 11 ++++------- zebra/rule_netlink.c | 3 --- 5 files changed, 13 insertions(+), 17 deletions(-) diff --git a/pbrd/pbr_map.c b/pbrd/pbr_map.c index 5962509e82..ea79320a71 100644 --- a/pbrd/pbr_map.c +++ b/pbrd/pbr_map.c @@ -527,13 +527,6 @@ void pbr_map_check(struct pbr_map_sequence *pbrms) __PRETTY_FUNCTION__, pbrm->name, pbrms->seqno, pbrms->reason); if (pbrms->reason == PBR_MAP_VALID_SEQUENCE_NUMBER) { - if (pbrms->installed) { - install = false; - for (ALL_LIST_ELEMENTS_RO(pbrm->incoming, inode, pmi)) { - pbr_send_pbr_map(pbrms, pmi, install); - } - install = true; - } install = true; DEBUGD(&pbr_dbg_map, "%s: Installing %s(%u) reason: %" PRIu64, __PRETTY_FUNCTION__, pbrm->name, pbrms->seqno, diff --git a/pbrd/pbr_map.h b/pbrd/pbr_map.h index 12d49d98c0..5cb22d7429 100644 --- a/pbrd/pbr_map.h +++ b/pbrd/pbr_map.h @@ -85,6 +85,11 @@ struct pbr_map_sequence { struct prefix *src; struct prefix *dst; + /* + * Family of the src/dst. Needed when deleting since we clear them + */ + unsigned char family; + /* * The nexthop group we auto create * for when the user specifies a individual diff --git a/pbrd/pbr_vty.c b/pbrd/pbr_vty.c index a4f3c54646..87ec3804a5 100644 --- a/pbrd/pbr_vty.c +++ b/pbrd/pbr_vty.c @@ -95,6 +95,8 @@ DEFPY(pbr_map_match_src, pbr_map_match_src_cmd, { struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence); + pbrms->family = prefix->family; + if (!no) { if (prefix_same(pbrms->src, prefix)) return CMD_SUCCESS; @@ -122,6 +124,8 @@ DEFPY(pbr_map_match_dst, pbr_map_match_dst_cmd, { struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence); + pbrms->family = prefix->family; + if (!no) { if (prefix_same(pbrms->dst, prefix)) return CMD_SUCCESS; diff --git a/pbrd/pbr_zebra.c b/pbrd/pbr_zebra.c index 971fe65aaf..a1a2d34ac1 100644 --- a/pbrd/pbr_zebra.c +++ b/pbrd/pbr_zebra.c @@ -455,7 +455,7 @@ void pbr_send_rnh(struct nexthop *nhop, bool reg) static void pbr_encode_pbr_map_sequence_prefix(struct stream *s, struct prefix *p, - u_char family) + unsigned char family) { struct prefix any; @@ -474,14 +474,11 @@ static void pbr_encode_pbr_map_sequence(struct stream *s, struct pbr_map_sequence *pbrms, struct interface *ifp) { - u_char family; + unsigned char family; family = AF_INET; - if (pbrms->src) - family = pbrms->src->family; - - if (pbrms->dst) - family = pbrms->dst->family; + if (pbrms->family) + family = pbrms->family; stream_putl(s, pbrms->seqno); stream_putl(s, pbrms->ruleno); diff --git a/zebra/rule_netlink.c b/zebra/rule_netlink.c index 2122f9f5fa..dc942204a4 100644 --- a/zebra/rule_netlink.c +++ b/zebra/rule_netlink.c @@ -77,9 +77,6 @@ static int netlink_rule_update(int cmd, struct zebra_pbr_rule *rule) req.frh.family = family; req.frh.action = FR_ACT_TO_TBL; - if (cmd == RTM_NEWRULE) - req.n.nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL; - /* rule's pref # */ addattr32(&req.n, sizeof(req), FRA_PRIORITY, rule->priority); -- 2.39.5