diff options
| author | Philippe Guibert <philippe.guibert@6wind.com> | 2018-03-12 09:23:48 +0100 |
|---|---|---|
| committer | Philippe Guibert <philippe.guibert@6wind.com> | 2018-04-16 14:40:43 +0200 |
| commit | 7abd6c4fa0331bc6a416c69080218457f9efc90f (patch) | |
| tree | d6e0fdfceebd71c106b608fc66d9b24df40c3228 /zebra/zebra_pbr.h | |
| parent | 1907e4b80b03dbaea9cb13eb4b52b33d1b9d30d3 (diff) | |
zebra: add IPTABLE_ADD and IPTABLE_DEL commands in zapi
Those messages permit a remote daemon to configure an iptable entry. A
structure is defined that maps to an iptable entry. More specifically,
this structure proposes to associate fwmark, and a table ID.
Adding to the configuration, the initialisation of iptables hash list is
done into zebra netnamespace. Also a hook for notifying the sender that
the iptables has been correctly set is done.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Diffstat (limited to 'zebra/zebra_pbr.h')
| -rw-r--r-- | zebra/zebra_pbr.h | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/zebra/zebra_pbr.h b/zebra/zebra_pbr.h index 9f25c6f434..6de33ee2e1 100644 --- a/zebra/zebra_pbr.h +++ b/zebra/zebra_pbr.h @@ -148,6 +148,35 @@ struct zebra_pbr_ipset_entry { struct zebra_pbr_ipset *backpointer; }; +/* + * An IPTables Action + * + * This is a filter mapped on ipset entries + */ +struct zebra_pbr_iptable { + /* + * Originating zclient sock fd, so we can know who to send + * back to. + */ + int sock; + + uint32_t unique; + + /* include ipset type + */ + uint32_t type; + + /* include which IP is to be filtered + */ + uint32_t filter_bm; + + uint32_t fwmark; + + uint32_t action; + + char ipset_name[ZEBRA_IPSET_NAME_SIZE]; +}; + void zebra_pbr_add_rule(struct zebra_ns *zns, struct zebra_pbr_rule *rule); void zebra_pbr_del_rule(struct zebra_ns *zns, struct zebra_pbr_rule *rule); void zebra_pbr_create_ipset(struct zebra_ns *zns, @@ -161,6 +190,11 @@ void zebra_pbr_add_ipset_entry(struct zebra_ns *zns, void zebra_pbr_del_ipset_entry(struct zebra_ns *zns, struct zebra_pbr_ipset_entry *ipset); +void zebra_pbr_add_iptable(struct zebra_ns *zns, + struct zebra_pbr_iptable *iptable); +void zebra_pbr_del_iptable(struct zebra_ns *zns, + struct zebra_pbr_iptable *iptable); + /* * Install specified rule for a specific interface. * It is possible that the user-defined sequence number and the one in the @@ -196,6 +230,9 @@ extern void kernel_pbr_ipset_entry_add_del_status( struct zebra_pbr_ipset_entry *ipset, enum southbound_results res); +extern void kernel_pbr_iptable_add_del_status(struct zebra_pbr_iptable *iptable, + enum southbound_results res); + /* * Handle rule delete notification from kernel. */ @@ -220,4 +257,8 @@ extern void zebra_pbr_ipset_entry_free(void *arg); extern uint32_t zebra_pbr_ipset_entry_hash_key(void *arg); extern int zebra_pbr_ipset_entry_hash_equal(const void *arg1, const void *arg2); +extern void zebra_pbr_iptable_free(void *arg); +extern uint32_t zebra_pbr_iptable_hash_key(void *arg); +extern int zebra_pbr_iptable_hash_equal(const void *arg1, const void *arg2); + #endif /* _ZEBRA_PBR_H */ |