diff options
| author | Philippe Guibert <philippe.guibert@6wind.com> | 2018-06-04 18:11:04 +0200 |
|---|---|---|
| committer | Philippe Guibert <philippe.guibert@6wind.com> | 2018-06-28 08:52:15 +0200 |
| commit | 932404b7b09e42096fde0972fbe2976ff1de1b2b (patch) | |
| tree | a300ffcd389e4732da90dba79f369be19aa326fc /bgpd/bgp_pbr.h | |
| parent | zebra: improve show zebra ipset output for icmp (diff) | |
| download | frr-932404b7b09e42096fde0972fbe2976ff1de1b2b.tar.xz frr-932404b7b09e42096fde0972fbe2976ff1de1b2b.zip | |
bgpd: handle ICMP type and code from flowspec
It is possible for flowspec entries containing ICMP rule to insert PBR
entries based on ICMP type and ICMP code.
Flowspec ICMP filtering can either have icmp type or icmp code or both.
Not all combinations are permitted:
- if icmp code is provided, then it is not possible to derive the
correct icmp value. This will not be installed
- range of ICMP is authorised or list of ICMP, but not both.
- on receiving a list of ICMPtype/code, each ICMP type is attempted to
be associated to ICMP code. If not found, then ICMPtype is combined
with all known ICMP code values associated to that ICMP type.
- if a specific ICMP type/code is needed, despite the ICMP code/type
combination does not exist, then it is possible to do it by forging a
FS ICMP type/code specific for that.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Diffstat (limited to 'bgpd/bgp_pbr.h')
| -rw-r--r-- | bgpd/bgp_pbr.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/bgpd/bgp_pbr.h b/bgpd/bgp_pbr.h index 20edaf30b..e869d0106 100644 --- a/bgpd/bgp_pbr.h +++ b/bgpd/bgp_pbr.h @@ -125,6 +125,7 @@ struct bgp_pbr_entry_main { #define PROTOCOL_UDP 17 #define PROTOCOL_TCP 6 +#define PROTOCOL_ICMP 1 struct bgp_pbr_match_val protocol[BGP_PBR_MATCH_VAL_MAX]; struct bgp_pbr_match_val src_port[BGP_PBR_MATCH_VAL_MAX]; struct bgp_pbr_match_val dst_port[BGP_PBR_MATCH_VAL_MAX]; |