From 8112a7a0723561ea3d959a0c72ba8b3c4134f316 Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Fri, 30 Nov 2018 14:13:37 +0100 Subject: [PATCH] bgpd: change priority of fs pbr rules two kind of rules are being set from bgp flowspec: ipset based rules, and ip rule rules. default route rules may have a lower priority than the other rules ( that do not support default rules). so, if an ipset rule without fwmark is being requested, then priority is arbitrarily set to 1. the other case, priority is set to 0. Signed-off-by: Philippe Guibert --- bgpd/bgp_pbr.c | 1 + bgpd/bgp_pbr.h | 1 + bgpd/bgp_zebra.c | 12 ++++++++++-- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/bgpd/bgp_pbr.c b/bgpd/bgp_pbr.c index 890fb64313..9a6ada2058 100644 --- a/bgpd/bgp_pbr.c +++ b/bgpd/bgp_pbr.c @@ -2030,6 +2030,7 @@ static void bgp_pbr_policyroute_add_to_zebra_unit(struct bgp *bgp, if (bpf->type == BGP_PBR_IPRULE) { memset(&pbr_rule, 0, sizeof(pbr_rule)); pbr_rule.vrf_id = bpf->vrf_id; + pbr_rule.priority = 20; if (bpf->src) { pbr_rule.flags |= MATCH_IP_SRC_SET; prefix_copy(&pbr_rule.src, bpf->src); diff --git a/bgpd/bgp_pbr.h b/bgpd/bgp_pbr.h index c3db10cbe7..da21e0f9c4 100644 --- a/bgpd/bgp_pbr.h +++ b/bgpd/bgp_pbr.h @@ -165,6 +165,7 @@ struct bgp_pbr_rule { struct bgp_pbr_action *action; vrf_id_t vrf_id; uint32_t unique; + uint32_t priority; bool installed; bool install_in_progress; }; diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c index 9212c36dd5..4513086ad0 100644 --- a/bgpd/bgp_zebra.c +++ b/bgpd/bgp_zebra.c @@ -2270,8 +2270,16 @@ static void bgp_encode_pbr_rule_action(struct stream *s, struct prefix pfx; stream_putl(s, 0); /* seqno unused */ - stream_putl(s, 0); /* ruleno unused */ - + if (pbr) + stream_putl(s, pbr->priority); + else + stream_putl(s, 0); + /* ruleno unused - priority change + * ruleno permits distinguishing various FS PBR entries + * - FS PBR entries based on ipset/iptables + * - FS PBR entries based on iprule + * the latter may contain default routing information injected by FS + */ if (pbr) stream_putl(s, pbr->unique); else -- 2.39.5