1 files changed, 63 insertions, 20 deletions

diff --git a/lib/pbr.h b/lib/pbr.h
index e8563afb3b..fe2d32a44a 100644
--- a/lib/pbr.h
+++ b/lib/pbr.h
@@ -1,6 +1,9 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 /* Policy Based Routing (PBR) main header
  * Copyright (C) 2018 6WIND
+ * Portions:
+ *      Copyright (c) 2021 The MITRE Corporation.
+ *      Copyright (c) 2023 LabN Consulting, L.L.C.
  */
 
 #ifndef _PBR_H
@@ -25,30 +28,44 @@ extern "C" {
  * specified.
  */
 struct pbr_filter {
-	uint32_t filter_bm; /* not encoded by zapi
-			     */
-#define PBR_FILTER_SRC_IP		(1 << 0)
-#define PBR_FILTER_DST_IP		(1 << 1)
-#define PBR_FILTER_SRC_PORT		(1 << 2)
-#define PBR_FILTER_DST_PORT		(1 << 3)
-#define PBR_FILTER_FWMARK		(1 << 4)
-#define PBR_FILTER_PROTO		(1 << 5)
-#define PBR_FILTER_SRC_PORT_RANGE	(1 << 6)
-#define PBR_FILTER_DST_PORT_RANGE	(1 << 7)
-#define PBR_FILTER_DSFIELD		(1 << 8)
-#define PBR_FILTER_IP_PROTOCOL	(1 << 9)
+	uint32_t filter_bm;
+#define PBR_FILTER_SRC_IP         (1 << 0)
+#define PBR_FILTER_DST_IP         (1 << 1)
+#define PBR_FILTER_SRC_PORT       (1 << 2)
+#define PBR_FILTER_DST_PORT       (1 << 3)
+#define PBR_FILTER_FWMARK         (1 << 4)
+#define PBR_FILTER_IP_PROTOCOL	  (1 << 5)
+#define PBR_FILTER_SRC_PORT_RANGE (1 << 6)
+#define PBR_FILTER_DST_PORT_RANGE (1 << 7)
+#define PBR_FILTER_DSCP		  (1 << 8)
+#define PBR_FILTER_ECN		  (1 << 9)
+#define PBR_FILTER_PCP            (1 << 10)
+#define PBR_FILTER_VLAN_FLAGS     (1 << 11)
+#define PBR_FILTER_VLAN_ID        (1 << 12)
 
 #define PBR_DSFIELD_DSCP (0xfc) /* Upper 6 bits of DS field: DSCP */
 #define PBR_DSFIELD_ECN (0x03)	/* Lower 2 bits of DS field: BCN */
 
-	/* Source and Destination IP address with masks. */
+#define PBR_PCP (0x07)		/* 3-bit value 0..7 for prioritization*/
+
+#define PBR_VLAN_FLAGS_NO_WILD	  0
+#define PBR_VLAN_FLAGS_TAGGED	  (1 << 0)
+#define PBR_VLAN_FLAGS_UNTAGGED	  (1 << 1)
+#define PBR_VLAN_FLAGS_UNTAGGED_0 (1 << 2)
+
+	/* Source and Destination IP address with masks */
 	struct prefix src_ip;
 	struct prefix dst_ip;
 
-	/* Source and Destination higher-layer (TCP/UDP) port numbers. */
+	/* Source and Destination layer 4 (TCP/UDP/etc.) port numbers */
 	uint16_t src_port;
 	uint16_t dst_port;
 
+	/* Filter by VLAN and prioritization */
+	uint8_t pcp;
+	uint16_t vlan_id;
+	uint16_t vlan_flags;
+
 	/* Filter by Differentiated Services field  */
 	uint8_t dsfield; /* DSCP (6 bits) & ECN (2 bits) */
 
@@ -69,14 +86,39 @@ struct pbr_filter {
  * the user criteria may directly point to a table too.
  */
 struct pbr_action {
+	uint32_t flags;
+
+#define PBR_ACTION_TABLE		(1 << 0)
+#define PBR_ACTION_QUEUE_ID		(1 << 1)
+#define PBR_ACTION_PCP			(1 << 2)
+#define PBR_ACTION_VLAN_ID		(1 << 3)
+#define PBR_ACTION_VLAN_STRIP_INNER_ANY (1 << 4)
+#define PBR_ACTION_SRC_IP		(1 << 5)
+#define PBR_ACTION_DST_IP		(1 << 6)
+#define PBR_ACTION_SRC_PORT		(1 << 7)
+#define PBR_ACTION_DST_PORT		(1 << 8)
+#define PBR_ACTION_DSCP			(1 << 9)
+#define PBR_ACTION_ECN			(1 << 10)
+#define PBR_ACTION_DROP			(1 << 11) /* nexthop == blackhole */
+
+	uint32_t table;
+	uint32_t queue_id;
+
 	/* VLAN */
 	uint8_t pcp;
 	uint16_t vlan_id;
-	uint16_t vlan_flags;
 
-	uint32_t queue_id;
+	/* Source and Destination IP addresses */
+	union sockunion src_ip;
+	union sockunion dst_ip;
 
-	uint32_t table;
+	/* Source and Destination layer 4 (TCP/UDP/etc.) port numbers */
+	uint32_t src_port;
+	uint32_t dst_port;
+
+	/* Differentiated Services field  */
+	uint8_t dscp; /* stored here already shifted to upper 6 bits */
+	uint8_t ecn;  /* stored here as lower 2 bits */
 };
 
 /*
@@ -88,6 +130,7 @@ struct pbr_action {
  */
 struct pbr_rule {
 	vrf_id_t vrf_id;
+	uint8_t family; /* netlink: select which rule database */
 
 	uint32_t seq;
 	uint32_t priority;
@@ -95,7 +138,7 @@ struct pbr_rule {
 	struct pbr_filter filter;
 	struct pbr_action action;
 
-	char ifname[INTERFACE_NAMSIZ + 1];
+	char ifname[IFNAMSIZ + 1];
 };
 
 /* TCP flags value shared
@@ -130,8 +173,8 @@ struct pbr_rule {
 #define MATCH_FLOW_LABEL_SET		(1 << 12)
 #define MATCH_FLOW_LABEL_INVERSE_SET	(1 << 13)
 
-extern int zapi_pbr_rule_encode(uint8_t cmd, struct stream *s,
-				struct pbr_rule *zrule);
+extern int zapi_pbr_rule_encode(struct stream *s, struct pbr_rule *r);
+extern bool zapi_pbr_rule_decode(struct stream *s, struct pbr_rule *r);
 
 #ifdef __cplusplus
 }