diff options
| author | G. Paul Ziemba <paulz@labn.net> | 2023-07-30 19:14:01 -0700 |
|---|---|---|
| committer | G. Paul Ziemba <paulz@labn.net> | 2023-08-08 10:18:22 -0700 |
| commit | c47fd378f33b721cc32b788c6ce89353b1076416 (patch) | |
| tree | a86e2a1e56e59248781cd1ccd21fb816d5b6b8d3 | |
| parent | 5572f45d51c587691384a9ec3a195e6a01540930 (diff) | |
pbrd: add explicit 'family' field for rules
In the netlink-mediated kernel dataplane, each rule is stored
in either an IPv4-specific database or an IPv6-specific database.
PBRD opportunistically gleans each rule's address family value
from its source or destination IP address match value (if either
exists), or from its nexthop or nexthop-group (if it exists).
The 'family' value is particularly needed for netlink during
incremental rule deletion when none of the above fields remain set.
Before now, this address family has been encoded by occult means
in the (possibly otherwise unset) source/destination IP match
fields in ZAPI and zebra.
This commit documents the reasons for maintaining the 'family'
field in the PBRD rule structure, adds a 'family' field in the
common lib/pbr.h rule structure, and carries it explicitly in ZAPI.
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
| -rw-r--r-- | bgpd/bgp_zebra.c | 1 | ||||
| -rw-r--r-- | lib/pbr.h | 1 | ||||
| -rw-r--r-- | lib/zclient.c | 2 | ||||
| -rw-r--r-- | pbrd/pbr_zebra.c | 14 |
4 files changed, 14 insertions, 4 deletions
diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c index 8ff6b63e05..9784c1c837 100644 --- a/bgpd/bgp_zebra.c +++ b/bgpd/bgp_zebra.c @@ -2737,6 +2737,7 @@ static void bgp_encode_pbr_rule_action(struct stream *s, else r.unique = pbra->unique; + r.family = fam; /* filter */ @@ -114,6 +114,7 @@ struct pbr_action { */ struct pbr_rule { vrf_id_t vrf_id; + uint8_t family; /* netlink: select which rule database */ uint32_t seq; uint32_t priority; diff --git a/lib/zclient.c b/lib/zclient.c index 294a78feb0..4648b285fd 100644 --- a/lib/zclient.c +++ b/lib/zclient.c @@ -1702,6 +1702,7 @@ int zapi_pbr_rule_encode(struct stream *s, struct pbr_rule *r) */ stream_putl(s, 1); + stream_putc(s, r->family); stream_putl(s, r->seq); stream_putl(s, r->priority); stream_putl(s, r->unique); @@ -1723,6 +1724,7 @@ bool zapi_pbr_rule_decode(struct stream *s, struct pbr_rule *r) memset(r, 0, sizeof(*r)); + STREAM_GETC(s, r->family); STREAM_GETL(s, r->seq); STREAM_GETL(s, r->priority); STREAM_GETL(s, r->unique); diff --git a/pbrd/pbr_zebra.c b/pbrd/pbr_zebra.c index 030c4c1114..adcf449cfa 100644 --- a/pbrd/pbr_zebra.c +++ b/pbrd/pbr_zebra.c @@ -517,10 +517,14 @@ static bool pbr_encode_pbr_map_sequence(struct stream *s, uint8_t family; /* - * There seems to be some effort in pbr_vty.c to keep the three - * copies of "family" equal. Not sure if the reason goes beyond - * ensuring consistency in ZAPI encoding. In any case, it might - * be handled better as an internal matter for the encoder (TBD). + * Opportunistic address family field is set when any of the IP + * address match/set fields is set, or when a NH/NHG is resolved. + * The value is needed by zebra for the underlying netlink + * messaging, particularly in delete operations, because it + * selects the rule database (IPv4 vs. IPv6). + * + * Historically the value has been encoded into any unused + * "match src/dst address" fields and picked off in zebra. */ family = AF_INET; if (pbrms->family) @@ -539,6 +543,8 @@ static bool pbr_encode_pbr_map_sequence(struct stream *s, r.priority = pbrms->ruleno; r.unique = pbrms->unique; + r.family = pbrms->family; + /* filter */ r.filter.filter_bm = pbrms->filter_bm; if (pbrms->src) |