Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pimd: Extend multicast boundary/ACL functionality #17461

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

pimd: Extend multicast boundary/ACL functionality #17461

wants to merge 3 commits into from
+817 −91

Commits on Nov 21, 2024

  1. pimd,yang: Extend multicast boundary functionality 

    Add new interface command ip multicast boundary ACCESSLIST4_NAME. This
allows filtering on both source and group using the extended access-list
syntax vs. group-only as with the existing "ip multicast boundary oil"
command, which uses prefix-lists. If both are configured, the prefix-
list is evaluated first. The default behavior for both prefix-lists and
access-lists remains "deny", so the prefix-list must have a terminating
"permit" statement in order to also evaluate against the access-list.

The following example denies groups in range 229.1.1.0/24 and groups in
range 232.1.1.0/24 with source 10.0.20.2:

!
ip prefix-list pim-oil-plist seq 10 deny 229.1.1.0/24
ip prefix-list pim-oil-plist seq 20 permit any
!
access-list pim-acl seq 10 deny ip host 10.0.20.2 232.1.1.0 0.0.0.255
access-list pim-acl seq 20 permit ip any any
!
interface r1-eth0
 ip address 10.0.20.1/24
 ip igmp
 ip pim
 ip multicast boundary oil pim-oil-plist
 ip multicast boundary pim-acl
!

Also move the extended access-list handling from pim_msdp_packet.c to
pim_util.c to allow use elsewhere in the daemon.

Signed-off-by: Corey Siltala <csiltala@atcorp.com>
    Corey Siltala committed Nov 21, 2024
    Configuration menu
    Copy the full SHA
    59ac426 View commit details
    Browse the repository at this point in the history

  2. tests: Add basic multicast boundary test 

    Add simple test to show filtering of IGMP joins using new "ip multicast
boundary" filtering with access-lists, include test of existing prefix-
list based "ip multicast boundary oil" command.

Signed-off-by: Corey Siltala <csiltala@atcorp.com>
    Corey Siltala committed Nov 21, 2024
    Configuration menu
    Copy the full SHA
    6cf4a1b View commit details
    Browse the repository at this point in the history

  3. doc: Expand ACL and multicast boundary documentation 

    Add documentation for existing extended access-list functionality and
the new "ip multicast boundary" command leveraging that functionality.

Signed-off-by: Corey Siltala <csiltala@atcorp.com>
    Corey Siltala committed Nov 21, 2024
    Configuration menu
    Copy the full SHA
    4bb592e View commit details
    Browse the repository at this point in the history