diff options
Diffstat (limited to 'lib/pbr.h')
| -rw-r--r-- | lib/pbr.h | 83 |
1 files changed, 63 insertions, 20 deletions
@@ -1,6 +1,9 @@ // SPDX-License-Identifier: GPL-2.0-or-later /* Policy Based Routing (PBR) main header * Copyright (C) 2018 6WIND + * Portions: + * Copyright (c) 2021 The MITRE Corporation. + * Copyright (c) 2023 LabN Consulting, L.L.C. */ #ifndef _PBR_H @@ -25,30 +28,44 @@ extern "C" { * specified. */ struct pbr_filter { - uint32_t filter_bm; /* not encoded by zapi - */ -#define PBR_FILTER_SRC_IP (1 << 0) -#define PBR_FILTER_DST_IP (1 << 1) -#define PBR_FILTER_SRC_PORT (1 << 2) -#define PBR_FILTER_DST_PORT (1 << 3) -#define PBR_FILTER_FWMARK (1 << 4) -#define PBR_FILTER_PROTO (1 << 5) -#define PBR_FILTER_SRC_PORT_RANGE (1 << 6) -#define PBR_FILTER_DST_PORT_RANGE (1 << 7) -#define PBR_FILTER_DSFIELD (1 << 8) -#define PBR_FILTER_IP_PROTOCOL (1 << 9) + uint32_t filter_bm; +#define PBR_FILTER_SRC_IP (1 << 0) +#define PBR_FILTER_DST_IP (1 << 1) +#define PBR_FILTER_SRC_PORT (1 << 2) +#define PBR_FILTER_DST_PORT (1 << 3) +#define PBR_FILTER_FWMARK (1 << 4) +#define PBR_FILTER_IP_PROTOCOL (1 << 5) +#define PBR_FILTER_SRC_PORT_RANGE (1 << 6) +#define PBR_FILTER_DST_PORT_RANGE (1 << 7) +#define PBR_FILTER_DSCP (1 << 8) +#define PBR_FILTER_ECN (1 << 9) +#define PBR_FILTER_PCP (1 << 10) +#define PBR_FILTER_VLAN_FLAGS (1 << 11) +#define PBR_FILTER_VLAN_ID (1 << 12) #define PBR_DSFIELD_DSCP (0xfc) /* Upper 6 bits of DS field: DSCP */ #define PBR_DSFIELD_ECN (0x03) /* Lower 2 bits of DS field: BCN */ - /* Source and Destination IP address with masks. */ +#define PBR_PCP (0x07) /* 3-bit value 0..7 for prioritization*/ + +#define PBR_VLAN_FLAGS_NO_WILD 0 +#define PBR_VLAN_FLAGS_TAGGED (1 << 0) +#define PBR_VLAN_FLAGS_UNTAGGED (1 << 1) +#define PBR_VLAN_FLAGS_UNTAGGED_0 (1 << 2) + + /* Source and Destination IP address with masks */ struct prefix src_ip; struct prefix dst_ip; - /* Source and Destination higher-layer (TCP/UDP) port numbers. */ + /* Source and Destination layer 4 (TCP/UDP/etc.) port numbers */ uint16_t src_port; uint16_t dst_port; + /* Filter by VLAN and prioritization */ + uint8_t pcp; + uint16_t vlan_id; + uint16_t vlan_flags; + /* Filter by Differentiated Services field */ uint8_t dsfield; /* DSCP (6 bits) & ECN (2 bits) */ @@ -69,14 +86,39 @@ struct pbr_filter { * the user criteria may directly point to a table too. */ struct pbr_action { + uint32_t flags; + +#define PBR_ACTION_TABLE (1 << 0) +#define PBR_ACTION_QUEUE_ID (1 << 1) +#define PBR_ACTION_PCP (1 << 2) +#define PBR_ACTION_VLAN_ID (1 << 3) +#define PBR_ACTION_VLAN_STRIP_INNER_ANY (1 << 4) +#define PBR_ACTION_SRC_IP (1 << 5) +#define PBR_ACTION_DST_IP (1 << 6) +#define PBR_ACTION_SRC_PORT (1 << 7) +#define PBR_ACTION_DST_PORT (1 << 8) +#define PBR_ACTION_DSCP (1 << 9) +#define PBR_ACTION_ECN (1 << 10) +#define PBR_ACTION_DROP (1 << 11) /* nexthop == blackhole */ + + uint32_t table; + uint32_t queue_id; + /* VLAN */ uint8_t pcp; uint16_t vlan_id; - uint16_t vlan_flags; - uint32_t queue_id; + /* Source and Destination IP addresses */ + union sockunion src_ip; + union sockunion dst_ip; - uint32_t table; + /* Source and Destination layer 4 (TCP/UDP/etc.) port numbers */ + uint32_t src_port; + uint32_t dst_port; + + /* Differentiated Services field */ + uint8_t dscp; /* stored here already shifted to upper 6 bits */ + uint8_t ecn; /* stored here as lower 2 bits */ }; /* @@ -88,6 +130,7 @@ struct pbr_action { */ struct pbr_rule { vrf_id_t vrf_id; + uint8_t family; /* netlink: select which rule database */ uint32_t seq; uint32_t priority; @@ -95,7 +138,7 @@ struct pbr_rule { struct pbr_filter filter; struct pbr_action action; - char ifname[INTERFACE_NAMSIZ + 1]; + char ifname[IFNAMSIZ + 1]; }; /* TCP flags value shared @@ -130,8 +173,8 @@ struct pbr_rule { #define MATCH_FLOW_LABEL_SET (1 << 12) #define MATCH_FLOW_LABEL_INVERSE_SET (1 << 13) -extern int zapi_pbr_rule_encode(uint8_t cmd, struct stream *s, - struct pbr_rule *zrule); +extern int zapi_pbr_rule_encode(struct stream *s, struct pbr_rule *r); +extern bool zapi_pbr_rule_decode(struct stream *s, struct pbr_rule *r); #ifdef __cplusplus } |