diff options
| author | Corey Siltala <csiltala@atcorp.com> | 2024-11-25 17:43:30 +0100 |
|---|---|---|
| committer | Corey Siltala <csiltala@atcorp.com> | 2024-12-06 21:44:17 +0100 |
| commit | a9bee74ea2ed6e91a7a49d291ad1a8d3c2c1bec0 (patch) | |
| tree | e9823e8bb63fe440686771ca76a9b340a818921e /pimd | |
| parent | Merge pull request #17603 from opensourcerouting/fix/bgp_peer_with_peer-group (diff) | |
| download | frr-a9bee74ea2ed6e91a7a49d291ad1a8d3c2c1bec0.tar.xz frr-a9bee74ea2ed6e91a7a49d291ad1a8d3c2c1bec0.zip | |
pimd: Move ACL handling to pim_util.c
Move the extended access-list handling from pim_msdp_packet.c to
pim_util.c to allow use elsewhere in the daemon.
Signed-off-by: Corey Siltala <csiltala@atcorp.com>
Diffstat (limited to 'pimd')
| -rw-r--r-- | pimd/pim_msdp_packet.c | 51 | ||||
| -rw-r--r-- | pimd/pim_util.c | 41 | ||||
| -rw-r--r-- | pimd/pim_util.h | 3 |
3 files changed, 46 insertions, 49 deletions
diff --git a/pimd/pim_msdp_packet.c b/pimd/pim_msdp_packet.c index f66a941ee..c858bad1a 100644 --- a/pimd/pim_msdp_packet.c +++ b/pimd/pim_msdp_packet.c @@ -367,53 +367,6 @@ static void pim_msdp_pkt_sa_fill_one(struct pim_msdp_sa *sa) stream_put_ipv4(sa->pim->msdp.work_obuf, sa->sg.src.s_addr); } -static bool msdp_cisco_match(const struct filter *filter, - const struct in_addr *source, - const struct in_addr *group) -{ - const struct filter_cisco *cfilter = &filter->u.cfilter; - uint32_t source_addr; - uint32_t group_addr; - - group_addr = group->s_addr & ~cfilter->mask_mask.s_addr; - - if (cfilter->extended) { - source_addr = source->s_addr & ~cfilter->addr_mask.s_addr; - if (group_addr == cfilter->mask.s_addr && - source_addr == cfilter->addr.s_addr) - return true; - } else if (group_addr == cfilter->addr.s_addr) - return true; - - return false; -} - -static enum filter_type msdp_access_list_apply(struct access_list *access, - const struct in_addr *source, - const struct in_addr *group) -{ - struct filter *filter; - struct prefix group_prefix; - - if (access == NULL) - return FILTER_DENY; - - for (filter = access->head; filter; filter = filter->next) { - if (filter->cisco) { - if (msdp_cisco_match(filter, source, group)) - return filter->type; - } else { - group_prefix.family = AF_INET; - group_prefix.prefixlen = IPV4_MAX_BITLEN; - group_prefix.u.prefix4.s_addr = group->s_addr; - if (access_list_apply(access, &group_prefix)) - return filter->type; - } - } - - return FILTER_DENY; -} - bool msdp_peer_sa_filter(const struct pim_msdp_peer *mp, const struct pim_msdp_sa *sa) { @@ -425,7 +378,7 @@ bool msdp_peer_sa_filter(const struct pim_msdp_peer *mp, /* Find access list and test it. */ acl = access_list_lookup(AFI_IP, mp->acl_out); - if (msdp_access_list_apply(acl, &sa->sg.src, &sa->sg.grp) == FILTER_DENY) + if (pim_access_list_apply(acl, &sa->sg.src, &sa->sg.grp) == FILTER_DENY) return true; return false; @@ -641,7 +594,7 @@ static void pim_msdp_pkt_sa_rx_one(struct pim_msdp_peer *mp, struct in_addr rp) /* Filter incoming SA with configured access list. */ if (mp->acl_in) { acl = access_list_lookup(AFI_IP, mp->acl_in); - if (msdp_access_list_apply(acl, &sg.src, &sg.grp) == FILTER_DENY) { + if (pim_access_list_apply(acl, &sg.src, &sg.grp) == FILTER_DENY) { if (pim_msdp_log_sa_events(mp->pim)) zlog_info("MSDP peer %pI4 filter SA in (%pI4, %pI4)", &mp->peer, &sg.src, &sg.grp); diff --git a/pimd/pim_util.c b/pimd/pim_util.c index 657e84ae5..49ae6949a 100644 --- a/pimd/pim_util.c +++ b/pimd/pim_util.c @@ -126,6 +126,47 @@ int pim_is_group_224_4(struct in_addr group_addr) return prefix_match(&group_all, &group); } +static bool pim_cisco_match(const struct filter *filter, const struct in_addr *source, + const struct in_addr *group) +{ + const struct filter_cisco *cfilter = &filter->u.cfilter; + uint32_t source_addr; + uint32_t group_addr; + + group_addr = group->s_addr & ~cfilter->mask_mask.s_addr; + + if (cfilter->extended) { + source_addr = source->s_addr & ~cfilter->addr_mask.s_addr; + if (group_addr == cfilter->mask.s_addr && source_addr == cfilter->addr.s_addr) + return true; + } else if (group_addr == cfilter->addr.s_addr) + return true; + + return false; +} + +enum filter_type pim_access_list_apply(struct access_list *access, const struct in_addr *source, + const struct in_addr *group) +{ + struct filter *filter; + struct prefix group_prefix = {}; + + if (access == NULL) + return FILTER_DENY; + + for (filter = access->head; filter; filter = filter->next) { + if (filter->cisco) { + if (pim_cisco_match(filter, source, group)) + return filter->type; + } + } + + group_prefix.family = AF_INET; + group_prefix.prefixlen = IPV4_MAX_BITLEN; + group_prefix.u.prefix4.s_addr = group->s_addr; + return access_list_apply(access, &group_prefix); +} + bool pim_is_group_filtered(struct pim_interface *pim_ifp, pim_addr *grp) { struct prefix grp_pfx; diff --git a/pimd/pim_util.h b/pimd/pim_util.h index c882fe487..cffa93ed2 100644 --- a/pimd/pim_util.h +++ b/pimd/pim_util.h @@ -10,6 +10,7 @@ #include <stdint.h> #include <zebra.h> +#include "lib/filter.h" #include "checksum.h" #include "pimd.h" @@ -22,6 +23,8 @@ void pim_pkt_dump(const char *label, const uint8_t *buf, int size); int pim_is_group_224_0_0_0_24(struct in_addr group_addr); int pim_is_group_224_4(struct in_addr group_addr); +enum filter_type pim_access_list_apply(struct access_list *access, const struct in_addr *source, + const struct in_addr *group); bool pim_is_group_filtered(struct pim_interface *pim_ifp, pim_addr *grp); int pim_get_all_mcast_group(struct prefix *prefix); bool pim_addr_is_multicast(pim_addr addr); |