diff options
| author | Donald Sharp <sharpd@nvidia.com> | 2021-06-04 15:48:16 -0400 |
|---|---|---|
| committer | Donald Sharp <sharpd@nvidia.com> | 2021-07-08 11:12:47 -0400 |
| commit | 5e732768f4de955edb7ec48212164e252e9a4590 (patch) | |
| tree | 96e016974d12cae965e297886f30e2b2c9a12687 /pbrd/pbr_vty.c | |
| parent | f56697eff3890c21b434f84f34304320462c8d37 (diff) | |
pbrd: Add `match ip-protocol [tcp|udp]`
Add the `match ip-protocol [tcp|udp]` command to allow pbr to
match on tcp or udp streams.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Diffstat (limited to 'pbrd/pbr_vty.c')
| -rw-r--r-- | pbrd/pbr_vty.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/pbrd/pbr_vty.c b/pbrd/pbr_vty.c index f13ed4d429..730f965cd0 100644 --- a/pbrd/pbr_vty.c +++ b/pbrd/pbr_vty.c @@ -193,6 +193,32 @@ DEFPY(pbr_map_match_dst, pbr_map_match_dst_cmd, return CMD_SUCCESS; } +DEFPY(pbr_map_match_ip_proto, pbr_map_match_ip_proto_cmd, + "[no] match ip-protocol [tcp|udp]$ip_proto", + NO_STR + "Match the rest of the command\n" + "Choose an ip-protocol\n" + "Match on tcp flows\n" + "Match on udp flows\n") +{ + struct pbr_map_sequence *pbrms = VTY_GET_CONTEXT(pbr_map_sequence); + struct protoent *p; + + if (!no) { + p = getprotobyname(ip_proto); + if (!p) { + vty_out(vty, "Unable to convert %s to proto id\n", + ip_proto); + return CMD_WARNING; + } + + pbrms->ip_proto = p->p_proto; + } else + pbrms->ip_proto = 0; + + return CMD_SUCCESS; +} + DEFPY(pbr_map_match_src_port, pbr_map_match_src_port_cmd, "[no] match src-port (1-65535)$port", NO_STR @@ -718,6 +744,13 @@ static void vty_show_pbrms(struct vty *vty, pbrms->installed ? "yes" : "no", pbrms->reason ? rbuf : "Valid"); + if (pbrms->ip_proto) { + struct protoent *p; + + p = getprotobynumber(pbrms->ip_proto); + vty_out(vty, " IP Protocol Match: %s\n", p->p_name); + } + if (pbrms->src) vty_out(vty, " SRC Match: %pFX\n", pbrms->src); if (pbrms->dst) @@ -1128,6 +1161,13 @@ static int pbr_vty_map_config_write_sequence(struct vty *vty, if (pbrms->dst_prt) vty_out(vty, " match dst-port %u\n", pbrms->dst_prt); + if (pbrms->ip_proto) { + struct protoent *p; + + p = getprotobynumber(pbrms->ip_proto); + vty_out(vty, " match ip-protocol %s\n", p->p_name); + } + if (pbrms->dsfield & PBR_DSFIELD_DSCP) vty_out(vty, " match dscp %u\n", (pbrms->dsfield & PBR_DSFIELD_DSCP) >> 2); @@ -1218,6 +1258,7 @@ void pbr_vty_init(void) install_element(CONFIG_NODE, &pbr_set_table_range_cmd); install_element(CONFIG_NODE, &no_pbr_set_table_range_cmd); install_element(INTERFACE_NODE, &pbr_policy_cmd); + install_element(PBRMAP_NODE, &pbr_map_match_ip_proto_cmd); install_element(PBRMAP_NODE, &pbr_map_match_src_port_cmd); install_element(PBRMAP_NODE, &pbr_map_match_dst_port_cmd); install_element(PBRMAP_NODE, &pbr_map_match_src_cmd); |