*: PBR - netlink interaction and basic definitions

include/linux/fib_rules.h

@@ -0,0 +1,74 @@
+#ifndef __LINUX_FIB_RULES_H
+#define __LINUX_FIB_RULES_H
+
+#include <linux/types.h>
+#include <linux/rtnetlink.h>
+
+/* rule is permanent, and cannot be deleted */
+#define FIB_RULE_PERMANENT	0x00000001
+#define FIB_RULE_INVERT		0x00000002
+#define FIB_RULE_UNRESOLVED	0x00000004
+#define FIB_RULE_IIF_DETACHED	0x00000008
+#define FIB_RULE_DEV_DETACHED	FIB_RULE_IIF_DETACHED
+#define FIB_RULE_OIF_DETACHED	0x00000010
+
+/* try to find source address in routing lookups */
+#define FIB_RULE_FIND_SADDR	0x00010000
+
+struct fib_rule_hdr {
+	__u8		family;
+	__u8		dst_len;
+	__u8		src_len;
+	__u8		tos;
+
+	__u8		table;
+	__u8		res1;	/* reserved */
+	__u8		res2;	/* reserved */
+	__u8		action;
+
+	__u32		flags;
+};
+
+enum {
+	FRA_UNSPEC,
+	FRA_DST,	/* destination address */
+	FRA_SRC,	/* source address */
+	FRA_IIFNAME,	/* interface name */
+#define FRA_IFNAME	FRA_IIFNAME
+	FRA_GOTO,	/* target to jump to (FR_ACT_GOTO) */
+	FRA_UNUSED2,
+	FRA_PRIORITY,	/* priority/preference */
+	FRA_UNUSED3,
+	FRA_UNUSED4,
+	FRA_UNUSED5,
+	FRA_FWMARK,	/* mark */
+	FRA_FLOW,	/* flow/class id */
+	FRA_UNUSED6,
+	FRA_SUPPRESS_IFGROUP,
+	FRA_SUPPRESS_PREFIXLEN,
+	FRA_TABLE,	/* Extended table id */
+	FRA_FWMASK,	/* mask for netfilter mark */
+	FRA_OIFNAME,
+	FRA_PAD,
+	FRA_L3MDEV,	/* iif or oif is l3mdev goto its table */
+	__FRA_MAX
+};
+
+#define FRA_MAX (__FRA_MAX - 1)
+
+enum {
+	FR_ACT_UNSPEC,
+	FR_ACT_TO_TBL,		/* Pass to fixed table */
+	FR_ACT_GOTO,		/* Jump to another rule */
+	FR_ACT_NOP,		/* No operation */
+	FR_ACT_RES3,
+	FR_ACT_RES4,
+	FR_ACT_BLACKHOLE,	/* Drop without notification */
+	FR_ACT_UNREACHABLE,	/* Drop with ENETUNREACH */
+	FR_ACT_PROHIBIT,	/* Drop with EACCES */
+	__FR_ACT_MAX,
+};
+
+#define FR_ACT_MAX (__FR_ACT_MAX - 1)
+
+#endif

include/subdir.am

@@ -6,4 +6,5 @@ noinst_HEADERS += \
 	include/linux/neighbour.h \
 	include/linux/rtnetlink.h \
 	include/linux/socket.h \
+	include/linux/fib_rules.h \
 	# end

zebra/kernel_netlink.c

@@ -45,6 +45,7 @@
 #include "zebra/kernel_netlink.h"
 #include "zebra/rt_netlink.h"
 #include "zebra/if_netlink.h"
+#include "zebra/rule_netlink.h"
 
 #ifndef SO_RCVBUFFORCE
 #define SO_RCVBUFFORCE  (33)
@@ -85,6 +86,9 @@ static const struct message nlmsg_str[] = {{RTM_NEWROUTE, "RTM_NEWROUTE"},
 					   {RTM_NEWNEIGH, "RTM_NEWNEIGH"},
 					   {RTM_DELNEIGH, "RTM_DELNEIGH"},
 					   {RTM_GETNEIGH, "RTM_GETNEIGH"},
+					   {RTM_NEWRULE, "RTM_NEWRULE"},
+					   {RTM_DELRULE, "RTM_DELRULE"},
+					   {RTM_GETRULE, "RTM_GETRULE"},
 					   {0}};
 
 static const struct message rtproto_str[] = {
@@ -262,6 +266,12 @@ static int netlink_information_fetch(struct sockaddr_nl *snl,
 	case RTM_DELNEIGH:
 		return netlink_neigh_change(snl, h, ns_id);
 		break;
+	case RTM_NEWRULE:
+		return netlink_rule_change(snl, h, ns_id, startup);
+		break;
+	case RTM_DELRULE:
+		return netlink_rule_change(snl, h, ns_id, startup);
+		break;
 	default:
 		if (IS_ZEBRA_DEBUG_KERNEL)
 			zlog_debug("Unknown netlink nlmsg_type %d vrf %u\n",
@@ -788,7 +798,8 @@ void kernel_init(struct zebra_ns *zns)
 	/* Initialize netlink sockets */
 	groups = RTMGRP_LINK | RTMGRP_IPV4_ROUTE | RTMGRP_IPV4_IFADDR
 		 | RTMGRP_IPV6_ROUTE | RTMGRP_IPV6_IFADDR | RTMGRP_IPV4_MROUTE
-		 | RTMGRP_NEIGH;
+		 | RTMGRP_NEIGH
+		 | RTNLGRP_IPV4_RULE | RTNLGRP_IPV6_RULE;
 
 	snprintf(zns->netlink.name, sizeof(zns->netlink.name),
 		 "netlink-listen (NS %u)", zns->ns_id);

zebra/rtread_getmsg.c

@@ -263,4 +263,8 @@ void neigh_read_for_vlan(struct zebra_ns *zns, struct interface *vlan_if)
 {
 }
 
+void kernel_read_pbr_rules(struct zebra_ns *zns)
+{
+}
+
 #endif /* SUNOS_5 */

zebra/rtread_netlink.c

@@ -25,7 +25,9 @@
 
 #include "vty.h"
 #include "zebra/rt.h"
+#include "zebra/zebra_pbr.h"
 #include "zebra/rt_netlink.h"
+#include "zebra/rule_netlink.h"
 
 void route_read(struct zebra_ns *zns)
 {
@@ -53,4 +55,9 @@ void neigh_read_for_vlan(struct zebra_ns *zns, struct interface *vlan_if)
 	netlink_neigh_read_for_vlan(zns, vlan_if);
 }
 
+void kernel_read_pbr_rules(struct zebra_ns *zns)
+{
+	netlink_rules_read(zns);
+}
+
 #endif /* GNU_LINUX */

zebra/rtread_sysctl.c

@@ -92,4 +92,8 @@ void neigh_read_for_vlan(struct zebra_ns *zns, struct interface *vlan_if)
 {
 }
 
+void kernel_read_pbr_rules(struct zebra_ns *zns)
+{
+}
+
 #endif /* !defined(GNU_LINUX) && !defined(SUNOS_5) */