diff options
| author | G. Paul Ziemba <paulz@labn.net> | 2023-07-31 04:14:01 +0200 |
|---|---|---|
| committer | G. Paul Ziemba <paulz@labn.net> | 2023-08-08 19:18:22 +0200 |
| commit | c47fd378f33b721cc32b788c6ce89353b1076416 (patch) | |
| tree | a86e2a1e56e59248781cd1ccd21fb816d5b6b8d3 /pbrd/pbr_zebra.c | |
| parent | pbrd: PBR_FILTER_DSFIELD -> {PBR_FILTER_DSCP,PBR_FILTER_ECN} (diff) | |
| download | frr-c47fd378f33b721cc32b788c6ce89353b1076416.tar.xz frr-c47fd378f33b721cc32b788c6ce89353b1076416.zip | |
pbrd: add explicit 'family' field for rules
In the netlink-mediated kernel dataplane, each rule is stored
in either an IPv4-specific database or an IPv6-specific database.
PBRD opportunistically gleans each rule's address family value
from its source or destination IP address match value (if either
exists), or from its nexthop or nexthop-group (if it exists).
The 'family' value is particularly needed for netlink during
incremental rule deletion when none of the above fields remain set.
Before now, this address family has been encoded by occult means
in the (possibly otherwise unset) source/destination IP match
fields in ZAPI and zebra.
This commit documents the reasons for maintaining the 'family'
field in the PBRD rule structure, adds a 'family' field in the
common lib/pbr.h rule structure, and carries it explicitly in ZAPI.
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
Diffstat (limited to '')
| -rw-r--r-- | pbrd/pbr_zebra.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/pbrd/pbr_zebra.c b/pbrd/pbr_zebra.c index 030c4c111..adcf449cf 100644 --- a/pbrd/pbr_zebra.c +++ b/pbrd/pbr_zebra.c @@ -517,10 +517,14 @@ static bool pbr_encode_pbr_map_sequence(struct stream *s, uint8_t family; /* - * There seems to be some effort in pbr_vty.c to keep the three - * copies of "family" equal. Not sure if the reason goes beyond - * ensuring consistency in ZAPI encoding. In any case, it might - * be handled better as an internal matter for the encoder (TBD). + * Opportunistic address family field is set when any of the IP + * address match/set fields is set, or when a NH/NHG is resolved. + * The value is needed by zebra for the underlying netlink + * messaging, particularly in delete operations, because it + * selects the rule database (IPv4 vs. IPv6). + * + * Historically the value has been encoded into any unused + * "match src/dst address" fields and picked off in zebra. */ family = AF_INET; if (pbrms->family) @@ -539,6 +543,8 @@ static bool pbr_encode_pbr_map_sequence(struct stream *s, r.priority = pbrms->ruleno; r.unique = pbrms->unique; + r.family = pbrms->family; + /* filter */ r.filter.filter_bm = pbrms->filter_bm; if (pbrms->src) |