Merge pull request #3414 from pguibert6WIND/iprule_any_flowspec_handl…

…ing_2 Iprule any flowspec handling
FRRouting · Jan 29, 2019 · 2b697c3 · 2b697c3
2 parents bac65e2 + ce3c061
commit 2b697c3
Show file tree

Hide file tree

Showing 9 changed files with 515 additions and 68 deletions.
diff --git a/bgpd/bgp_flowspec_util.c b/bgpd/bgp_flowspec_util.c
@@ -456,8 +456,7 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
 				 */
 				if (prefix->family == AF_INET
 				    && prefix->u.prefix4.s_addr == 0)
-					memset(prefix, 0,
-					       sizeof(struct prefix));
+					bpem->match_bitmask_iprule |= bitmask;
 				else
 					bpem->match_bitmask |= bitmask;
 			}
@@ -580,6 +579,22 @@ int bgp_flowspec_match_rules_fill(uint8_t *nlri_content, int len,
 				 __func__, type);
 		}
 	}
+	if (bpem->match_packet_length_num || bpem->match_fragment_num ||
+	    bpem->match_tcpflags_num || bpem->match_dscp_num ||
+	    bpem->match_packet_length_num || bpem->match_icmp_code_num ||
+	    bpem->match_icmp_type_num || bpem->match_port_num ||
+	    bpem->match_src_port_num || bpem->match_dst_port_num ||
+	    bpem->match_protocol_num || bpem->match_bitmask)
+		bpem->type = BGP_PBR_IPSET;
+	else if ((bpem->match_bitmask_iprule & PREFIX_SRC_PRESENT) ||
+		 (bpem->match_bitmask_iprule & PREFIX_DST_PRESENT))
+		/* the extracted policy rule may not need an
+		 * iptables/ipset filtering. check this may not be
+		 * a standard ip rule : permit any to any ( eg)
+		 */
+		bpem->type = BGP_PBR_IPRULE;
+	else
+		bpem->type = BGP_PBR_UNDEFINED;
 	return error;
 }
 

diff --git a/bgpd/bgp_flowspec_vty.c b/bgpd/bgp_flowspec_vty.c
@@ -333,16 +333,17 @@ void route_vty_out_flowspec(struct vty *vty, struct prefix *p,
 		struct bgp_path_info_extra *extra =
 			bgp_path_info_extra_get(path);
 
-		if (extra->bgp_fs_pbr) {
+		if (listcount(extra->bgp_fs_pbr) ||
+		    listcount(extra->bgp_fs_iprule)) {
 			struct listnode *node;
 			struct bgp_pbr_match_entry *bpme;
+			struct bgp_pbr_rule *bpr;
 			struct bgp_pbr_match *bpm;
 			bool list_began = false;
 			struct list *list_bpm;
 
 			list_bpm = list_new();
-			if (listcount(extra->bgp_fs_pbr))
-				vty_out(vty, "\tinstalled in PBR");
+			vty_out(vty, "\tinstalled in PBR");
 			for (ALL_LIST_ELEMENTS_RO(extra->bgp_fs_pbr,
 						  node, bpme)) {
 				bpm = bpme->backpointer;
@@ -356,6 +357,19 @@ void route_vty_out_flowspec(struct vty *vty, struct prefix *p,
 					vty_out(vty, ", ");
 				vty_out(vty, "%s", bpm->ipset_name);
 			}
+			for (ALL_LIST_ELEMENTS_RO(extra->bgp_fs_iprule,
+						  node, bpr)) {
+				if (!bpr->action)
+					continue;
+				if (!list_began) {
+					vty_out(vty, " (");
+					list_began = true;
+				} else
+					vty_out(vty, ", ");
+				vty_out(vty, "-ipv4-rule %d action lookup %u-",
+					bpr->priority,
+					bpr->action->table_id);
+			}
 			if (list_began)
 				vty_out(vty, ")");
 			vty_out(vty, "\n");