[FROG] The feature request that are closed - where to go?

Konstantin Shalygin k0ste at k0ste.ru
Mon Sep 2 11:43:42 UTC 2024 

Hi list,

I created a request [1], waited 5 years, then it was closed, but nothing was done. Is there possible don't do that? Because is still actually for us. The current PBR implementation is very limited and woks only for input packets on interface. It may be a secret for some, but the network connections of the Linux host itself are created without an interface. This means that even if you hang the policy on the interface lo - the rule will not work

Sep 02 17:46:51 example.com kernel: LINUX OUTPUT IS: IN= OUT=vlan999 SRC=109.202.2.222 DST=1.1.1.1 LEN=73 TOS=0x00 PREC=0x00 TTL=64 ID=13835 PROTO=UDP SPT=41942 DPT=53 LEN=53 UID=973 GID=973 MARK=0xd3

For example:

!
interface lo
 pbr-policy sample
exit
!
nexthop-group sample
 nexthop 10.9.0.1 tap0 weight 50
 nexthop 10.10.0.1 tap1 weight 50
exit
!
pbr-map sample seq 5
 match mark 211
 set nexthop-group sample
exit


Thats produces rule: from all fwmark 0xd3 iif lo lookup 10000 proto zebra

How-to make this rule actually work

* make ability for FRR to omit the iif field (for example, via pbr (pbr-global?) without interface or with special sub-command)
* allow to set table_id or prio in pbr-map (for 3rd-party workarounds):
  * set nexthop-group sample table_id 10 (10010, for the 'pbr table range')
  * with fixed table_id number we can add the ip rule via custom script (the same rule as FRR created, without iif filed) 
* allow to set prio filed for the rule in pbr-map (for 3rd-party workarounds):
  * set nexthop-group sample prio 10010
  * this produces: from all fwmark 0xd3 iif lo lookup 10000 prio 10010 proto zebra
  * now possible to add custom script with rule 'from all fwmark 0xd3 goto 10010'


From my point of view, it looks like a very simple fix can significantly expand the capabilities of FRR for the PBR functions

Thanks,
k
[1] https://github.com/FRRouting/frr/issues/3242
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20240902/b1db1803/attachment.htm>

More information about the frog mailing list