zebra: add PBR script wrapper framework to interact with script #2025
Commits on Apr 30, 2018
-
Add ns_id into zebra_pbr ipset This is important so that each ipset entry knows on which NETNS the ipset entry must be inkected Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: ipset and ipset entry deletion remove entry from hash list too
This commit is a fix that removes the structure from the hash list, instead of just removing that structure. Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: cleanup zebra policy context
Upon the remote daemon leaving, some contexts may have to be flushed. This commit does the change. IPset and IPSet Entries and iptables are flushed. Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: handle notification in case pbr ipset, or iptables is removed
In cast the removal of an iptable or an ipset pbr context is done, then a notification is sent back to the relevant daemon that sent the message. Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: add netlink rule support for fwmark option
When a mark is set, incoming traffic having that mark set can be redirected to a specific table identifier. This work is done through netlink. Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: add script wrapper framework to interact with script
This framework has 2 APIs, - able to execute script show command, and return the output in a json structure. Those script show command are tighted with iptables and ipset output. - able to analyse json tree, and extract pkts and bytes values. This framework permits gaining time, since it allows frr to call some external programs and rely on externals like the output. This framework relies on plugin module. This module is called zebra_wrap_script. Signed-off-by: Philippe Guibert <[email protected]>
-
doc: add wrap_script module in documentation
update documentation with zebra module script. Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: add wrap script handlers for iptable/ipset config
In order to configure iptables, ipset entries and ipset contexts, 2 script handlers apis are available to pass scripts commands. Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: add wrap_script_node to handle vty commands for wrap_script
This preparatory work introduces a new node that will be used to add vty configuration commands, and the associated show running. Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: add vty command to configure target ip script
3 new vty commands permit to configure zebra wrap ip scripts: - [no] wrap script ipset <> - [no] wrap script iptable <> - [no] wrap script iprule <> Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: PBR configuration handlers may call wrap script handlers
The following PBR handlers: ip rule, ipset, and iptables will prioritary call the wrap script handlers. If the script handler is not present ( or returns 0 - that is why the script handlers may not return 0), then if available an other configuration call may be called. This is the case with ip rule PBR handler that also has a netlink API. This mechanism guarantees that if wrap script can configure it, then no need to use netlink. Signed-off-by: Philippe Guibert <[email protected]>
-
zebra: pbr vty show command for ipset and iptables
Two new vty show functions available: show pbr ipset <NAME> show pbr iptables <NAME> Those function dump the underlying "kernel" contexts. It relies on the zebra pbr contexts first. This helps then to know which zebra pbr context has been configured since those contexts are mainly configured by BGP Flowspec. Also, it relies on zebra wrap context API. From this wrap API, it gets some statistics information to know which context has been matching how many packets and bytes. Signed-off-by: Philippe Guibert <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.