[PATCH] Allow to match on the kernel route protocol in filters
Hi, I made a patch that allow to access the protocol field of routes learned from the kernel. The goal is to be able to filter on the protocol that added the route. For example FDN [1] need it to filter routes added by a patched version of l2tpns [2]. The patch adds two attributes: krt_source and krt_proto. krt_source is an enum which export the u.krt.src field of routes and krt_proto is an integer which export the u.krt.proto field. The patch also adds constants from /etc/iproute2/rt_protos. [1] http://www.fdn.fr/ [2] http://dolka.fr/code/l2tpns.git Cheers, -- Jérémie
On Wed, Mar 14, 2012 at 08:50:24PM +0100, Jérémie Dimino wrote:
Hi,
I made a patch that allow to access the protocol field of routes learned from the kernel. The goal is to be able to filter on the protocol that added the route. For example FDN [1] need it to filter routes added by a patched version of l2tpns [2].
The patch adds two attributes: krt_source and krt_proto. krt_source is an enum which export the u.krt.src field of routes and krt_proto is an integer which export the u.krt.proto field. The patch also adds constants from /etc/iproute2/rt_protos.
Thanks, i will merge but there are some minor issues with this. First, i will remove krt_source, that seems useless - you will never get KRT_SRC_BIRD and KRT_SRC_REDIRECT, so you get only KRT_SRC_ALIEN or KRT_SRC_KERNEL, which is the same as whether krt_proto is ipp_kernel. Second, the attribute is not shown in 'show route all', i will fix that. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hi, I'm the one who suggested coding the “filtering on kernel proto” on another mailing-list (after getting the idea from here) and Jérémie offered to code it. Le lundi 19 mars 2012 à 13:26 +0100, Ondrej Zajicek a écrit :
On Wed, Mar 14, 2012 at 08:50:24PM +0100, Jérémie Dimino wrote:
The patch adds two attributes: krt_source and krt_proto. krt_source is an enum which export the u.krt.src field of routes and krt_proto is an integer which export the u.krt.proto field. The patch also adds constants from /etc/iproute2/rt_protos.
Thanks, i will merge but there are some minor issues with this.
First, i will remove krt_source, that seems useless - you will never get KRT_SRC_BIRD and KRT_SRC_REDIRECT, so you get only KRT_SRC_ALIEN or KRT_SRC_KERNEL, which is the same as whether krt_proto is ipp_kernel.
We debated offline whether we should include both or not, but I didn't realize that KRT_SRC_BIRD and KRT_SRC_REDIRECT where filtered out before reaching bird tables. Anyway, we tried to find a good compromise between having only one source of authority (thus unifying both attributes) but still being able to use this attribute for system not aware of krt_proto (i.e. non-Linux). I didn't find a satisfying answer to that. Now that we reduced the possibilities, could the possibility to filter on krt_proto = ipp_kernel (or !=) be left for BSD users? E.g. by setting krt_proto to the same netlink value as Linux when krt_src == KRT_SRC_KERNEL? Anyway, having the possibility to filter on krt_proto on Linux is great, thanks Jérémie. Regards, Benjamin
On Thu, Mar 22, 2012 at 12:26:00PM +0100, Benjamin Cama wrote:
Hi,
I'm the one who suggested coding the ???filtering on kernel proto??? on another mailing-list (after getting the idea from here) and Jérémie offered to code it.
Le lundi 19 mars 2012 ?? 13:26 +0100, Ondrej Zajicek a écrit :
On Wed, Mar 14, 2012 at 08:50:24PM +0100, Jérémie Dimino wrote:
The patch adds two attributes: krt_source and krt_proto. krt_source is an enum which export the u.krt.src field of routes and krt_proto is an integer which export the u.krt.proto field. The patch also adds constants from /etc/iproute2/rt_protos.
Thanks, i will merge but there are some minor issues with this.
First, i will remove krt_source, that seems useless - you will never get KRT_SRC_BIRD and KRT_SRC_REDIRECT, so you get only KRT_SRC_ALIEN or KRT_SRC_KERNEL, which is the same as whether krt_proto is ipp_kernel.
We debated offline whether we should include both or not, but I didn't realize that KRT_SRC_BIRD and KRT_SRC_REDIRECT where filtered out before reaching bird tables. Anyway, we tried to find a good compromise between having only one source of authority (thus unifying both attributes) but still being able to use this attribute for system not aware of krt_proto (i.e. non-Linux). I didn't find a satisfying answer to that. Now that we reduced the possibilities, could the possibility to filter on krt_proto = ipp_kernel (or !=) be left for BSD users? E.g. by setting krt_proto to the same netlink value as Linux when krt_src == KRT_SRC_KERNEL?
I guess a good solution would be to fill some relevant krt_proto on BSD (probably the value of RTF_PROTO* flags). One minor downside is that kernel route value would be system-dependend (0 on BSD, ipp_kernel (i.e. 2) on Linux). But that is probably OK, ipp_kernel constant is not even defined on BSD. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Le jeudi 22 mars 2012 à 13:14 +0100, Ondrej Zajicek a écrit :
On Thu, Mar 22, 2012 at 12:26:00PM +0100, Benjamin Cama wrote:
We debated offline whether we should include both or not, but I didn't realize that KRT_SRC_BIRD and KRT_SRC_REDIRECT where filtered out before reaching bird tables. Anyway, we tried to find a good compromise between having only one source of authority (thus unifying both attributes) but still being able to use this attribute for system not aware of krt_proto (i.e. non-Linux). I didn't find a satisfying answer to that. Now that we reduced the possibilities, could the possibility to filter on krt_proto = ipp_kernel (or !=) be left for BSD users? E.g. by setting krt_proto to the same netlink value as Linux when krt_src == KRT_SRC_KERNEL?
I guess a good solution would be to fill some relevant krt_proto on BSD (probably the value of RTF_PROTO* flags). One minor downside is that kernel route value would be system-dependend (0 on BSD, ipp_kernel (i.e. 2) on Linux). But that is probably OK, ipp_kernel constant is not even defined on BSD.
Why not make krt.proto = 2 on BSD too when krt.src == KRT_SRC_KERNEL? And define *just* ipp_kernel symbol to be 2 on this platform? Seems too hackish? -- Benjamin
On Thu, Mar 22, 2012 at 02:42:06PM +0100, Benjamin Cama wrote:
I guess a good solution would be to fill some relevant krt_proto on BSD (probably the value of RTF_PROTO* flags). One minor downside is that kernel route value would be system-dependend (0 on BSD, ipp_kernel (i.e. 2) on Linux). But that is probably OK, ipp_kernel constant is not even defined on BSD.
Why not make krt.proto = 2 on BSD too when krt.src == KRT_SRC_KERNEL? And define *just* ipp_kernel symbol to be 2 on this platform? Seems too hackish?
On BSD, there are RTF_PROTO1,2,3 flags, so it is pretty natural to return something like (RTF_PROTO1 + 2*RTF_PROTO2 + 4*RTF_PROTO3). -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Thu, Mar 22, 2012 at 02:42:06PM +0100, Benjamin Cama wrote:
Le jeudi 22 mars 2012 ?? 13:14 +0100, Ondrej Zajicek a écrit :
On Thu, Mar 22, 2012 at 12:26:00PM +0100, Benjamin Cama wrote:
We debated offline whether we should include both or not, but I didn't realize that KRT_SRC_BIRD and KRT_SRC_REDIRECT where filtered out before reaching bird tables. Anyway, we tried to find a good compromise between having only one source of authority (thus unifying both attributes) but still being able to use this attribute for system not aware of krt_proto (i.e. non-Linux). I didn't find a satisfying answer to that. Now that we reduced the possibilities, could the possibility to filter on krt_proto = ipp_kernel (or !=) be left for BSD users? E.g. by setting krt_proto to the same netlink value as Linux when krt_src == KRT_SRC_KERNEL?
I guess a good solution would be to fill some relevant krt_proto on BSD (probably the value of RTF_PROTO* flags). One minor downside is that kernel route value would be system-dependend (0 on BSD, ipp_kernel (i.e. 2) on Linux). But that is probably OK, ipp_kernel constant is not even defined on BSD.
Why not make krt.proto = 2 on BSD too when krt.src == KRT_SRC_KERNEL? And define *just* ipp_kernel symbol to be 2 on this platform? Seems too hackish?
I merged the support for proto/source (commit 72aed1a00ba9e18116d6fd907f7e1a36d0a0a583). The patch was rewritten to use standard route attribute code, so it is simpler. The route attribute name was finally changed to krt_source (and returns proto number in Linux and some composite of flags on BSD). BTW, i noticed that routes with src KRT_SRC_KERNEL are also internally filtered before reaching bird tables. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (3)
-
Benjamin Cama -
Jérémie Dimino -
Ondrej Zajicek