-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pimd: Extend multicast boundary/ACL functionality #17461
Conversation
Is there any particular reason you don't actually have any commit message? Make it easier for the person coming behind you to look at what you were doing / thinking about the functionality. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
7927e7e
to
0488c55
Compare
0488c55
to
4bb592e
Compare
@donaldsharp I've updated the commit messages; let me know if you'd like any further changes. |
4bb592e
to
8364327
Compare
aa903d1
to
f42c246
Compare
f42c246
to
4f726c1
Compare
Move the extended access-list handling from pim_msdp_packet.c to pim_util.c to allow use elsewhere in the daemon. Signed-off-by: Corey Siltala <[email protected]>
Add new interface command ip multicast boundary ACCESSLIST4_NAME. This allows filtering on both source and group using the extended access-list syntax vs. group-only as with the existing "ip multicast boundary oil" command, which uses prefix-lists. If both are configured, the prefix- list is evaluated first. The default behavior for both prefix-lists and access-lists remains "deny", so the prefix-list must have a terminating "permit" statement in order to also evaluate against the access-list. The following example denies groups in range 229.1.1.0/24 and groups in range 232.1.1.0/24 with source 10.0.20.2: ! ip prefix-list pim-oil-plist seq 10 deny 229.1.1.0/24 ip prefix-list pim-oil-plist seq 20 permit any ! access-list pim-acl seq 10 deny ip host 10.0.20.2 232.1.1.0 0.0.0.255 access-list pim-acl seq 20 permit ip any any ! interface r1-eth0 ip address 10.0.20.1/24 ip igmp ip pim ip multicast boundary oil pim-oil-plist ip multicast boundary pim-acl ! Signed-off-by: Corey Siltala <[email protected]>
Add simple test to show filtering of IGMP joins using new "ip multicast boundary" filtering with access-lists, include test of existing prefix- list based "ip multicast boundary oil" command. Signed-off-by: Corey Siltala <[email protected]>
Add documentation for existing extended access-list functionality and the new "ip multicast boundary" command leveraging that functionality. Signed-off-by: Corey Siltala <[email protected]>
Rather than storing the prefix-list name and looking it up every time we use it, store a pointer to the prefix-list itself. Signed-off-by: Corey Siltala <[email protected]>
4f726c1
to
8465ba1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I just noticed an incorrectly copy-pasted comment and removed that (had same note about json_cmp wildcard for both ASM and SSM, inaccurate for SSM)
Only difference other than rebase on latest |
ip multicast boundary ACCESSLIST4_NAME
. This allows filtering on both source and group vs. group-only as with the existingip multicast boundary oil WORD
command, which uses prefix-lists. If both are configured, the prefix-list is evaluated first.