Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pimd: Extend multicast boundary/ACL functionality #17461

Merged
merged 5 commits into from
Dec 9, 2024

Conversation

csiltala
Copy link

@csiltala csiltala commented Nov 19, 2024

  • Add new interface command ip multicast boundary ACCESSLIST4_NAME. This allows filtering on both source and group vs. group-only as with the existing ip multicast boundary oil WORD command, which uses prefix-lists. If both are configured, the prefix-list is evaluated first.
  • Add basic test and documentation
  • Add documentation for existing access-list functionality

pimd/pim_iface.c Outdated Show resolved Hide resolved
pimd/pim_join.c Show resolved Hide resolved
@donaldsharp
Copy link
Member

Is there any particular reason you don't actually have any commit message? Make it easier for the person coming behind you to look at what you were doing / thinking about the functionality.

Copy link

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@csiltala csiltala force-pushed the multicast-boundary-acl branch from 7927e7e to 0488c55 Compare November 21, 2024 20:29
@Jafaral Jafaral changed the title pimd: Extend multicast boundary functionality pimd: Extend multicast boundary/ACL functionality Nov 21, 2024
@csiltala csiltala force-pushed the multicast-boundary-acl branch from 0488c55 to 4bb592e Compare November 21, 2024 22:44
@csiltala
Copy link
Author

csiltala commented Nov 22, 2024

Is there any particular reason you don't actually have any commit message? Make it easier for the person coming behind you to look at what you were doing / thinking about the functionality.

@donaldsharp I've updated the commit messages; let me know if you'd like any further changes.

@csiltala csiltala requested a review from Jafaral November 22, 2024 02:43
pimd/pim_cmd.c Outdated Show resolved Hide resolved
pimd/pim_iface.c Outdated Show resolved Hide resolved
pimd/pim_igmpv3.c Outdated Show resolved Hide resolved
pimd/pim_iface.h Outdated Show resolved Hide resolved
tests/topotests/pim_basic_acl/r3/frr.conf Outdated Show resolved Hide resolved
tests/topotests/pim_basic_acl/test_pim_basic_acl.py Outdated Show resolved Hide resolved
tests/topotests/pim_basic_acl/test_pim_basic_acl.py Outdated Show resolved Hide resolved
tests/topotests/pim_basic_acl/test_pim_basic_acl.py Outdated Show resolved Hide resolved
tests/topotests/pim_basic_acl/test_pim_basic_acl.py Outdated Show resolved Hide resolved
pimd/pim_join.c Show resolved Hide resolved
@csiltala csiltala force-pushed the multicast-boundary-acl branch from 4bb592e to 8364327 Compare November 26, 2024 14:56
@github-actions github-actions bot added size/XXL and removed size/XL labels Nov 26, 2024
@csiltala csiltala force-pushed the multicast-boundary-acl branch 6 times, most recently from aa903d1 to f42c246 Compare November 26, 2024 16:48
@csiltala csiltala force-pushed the multicast-boundary-acl branch from f42c246 to 4f726c1 Compare December 5, 2024 15:51
Corey Siltala added 5 commits December 6, 2024 14:44
Move the extended access-list handling from pim_msdp_packet.c to
pim_util.c to allow use elsewhere in the daemon.

Signed-off-by: Corey Siltala <[email protected]>
Add new interface command ip multicast boundary ACCESSLIST4_NAME. This
allows filtering on both source and group using the extended access-list
syntax vs. group-only as with the existing "ip multicast boundary oil"
command, which uses prefix-lists. If both are configured, the prefix-
list is evaluated first. The default behavior for both prefix-lists and
access-lists remains "deny", so the prefix-list must have a terminating
"permit" statement in order to also evaluate against the access-list.

The following example denies groups in range 229.1.1.0/24 and groups in
range 232.1.1.0/24 with source 10.0.20.2:

!
ip prefix-list pim-oil-plist seq 10 deny 229.1.1.0/24
ip prefix-list pim-oil-plist seq 20 permit any
!
access-list pim-acl seq 10 deny ip host 10.0.20.2 232.1.1.0 0.0.0.255
access-list pim-acl seq 20 permit ip any any
!
interface r1-eth0
 ip address 10.0.20.1/24
 ip igmp
 ip pim
 ip multicast boundary oil pim-oil-plist
 ip multicast boundary pim-acl
!

Signed-off-by: Corey Siltala <[email protected]>
Add simple test to show filtering of IGMP joins using new "ip multicast
boundary" filtering with access-lists, include test of existing prefix-
list based "ip multicast boundary oil" command.

Signed-off-by: Corey Siltala <[email protected]>
Add documentation for existing extended access-list functionality and
the new "ip multicast boundary" command leveraging that functionality.

Signed-off-by: Corey Siltala <[email protected]>
Rather than storing the prefix-list name and looking it up every time we use it, store a pointer to the prefix-list itself.

Signed-off-by: Corey Siltala <[email protected]>
@csiltala csiltala force-pushed the multicast-boundary-acl branch from 4f726c1 to 8465ba1 Compare December 6, 2024 20:45
Copy link
Member

@ton31337 ton31337 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@csiltala
Copy link
Author

csiltala commented Dec 6, 2024

LGTM

I just noticed an incorrectly copy-pasted comment and removed that (had same note about json_cmp wildcard for both ASM and SSM, inaccurate for SSM)

# Note: json_cmp treats "*" as wildcard but in this case that's actually what the source is

Only difference other than rebase on latest

@donaldsharp donaldsharp merged commit c05c2b1 into FRRouting:master Dec 9, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants