Preliminary support of input-policy

Support mirror and redirect.
Note: traffic-limiter is broken (ignored), and will later be
moved to input-policy/limit

2 files changed, 113 insertions, 0 deletions

diff --git a/lib/Vyatta/Qos/IngressMirror.pm b/lib/Vyatta/Qos/IngressMirror.pm
new file mode 100644
index 0000000..d3e52c0
--- /dev/null
+++ b/lib/Vyatta/Qos/IngressMirror.pm
@@ -0,0 +1,56 @@
+# Ingress Mirror
+#   Duplicate all packets to another interface
+#   This is useful for some forms of IDS or capture
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc.
+# All Rights Reserved.
+# **** End License ****
+
+package Vyatta::Qos::IngressMirror;
+use strict;
+use warnings;
+
+require Vyatta::Config;
+
+sub new {
+    my ( $that, $config, $name ) = @_;
+    my $self = {};
+    my $class = ref($that) || $that;
+
+    bless $self, $class;
+    $self->_define($config);
+
+    return $self;
+}
+
+# Setup new instance.
+sub _define {
+    my ( $self, $config ) = @_;
+    # config is at level: interfaces ethernet $dev input-policy redirect
+    $self->{_target} = $config->returnValue();
+}
+
+sub commands {
+    my ( $self, $dev, $parent ) = @_;
+    my $target = $self->{_target};
+
+    # Apply filter to ingress qdisc
+    # NB: action is egress because we are in ingress (upside down)
+    printf "filter add dev %s parent %x: ", $dev, $parent;
+    print  " protocol all prio 10 u32"; 
+    print  " match u32 0 0 flowid 1:1";
+    print  " action mirred egress mirror dev $target\n";
+}
+
+1;
diff --git a/lib/Vyatta/Qos/IngressRedirect.pm b/lib/Vyatta/Qos/IngressRedirect.pm
new file mode 100644
index 0000000..a04018f
--- /dev/null
+++ b/lib/Vyatta/Qos/IngressRedirect.pm
@@ -0,0 +1,57 @@
+# Ingress Redirect
+#   Forward all packets to another interface
+#
+# **** License ****
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# This code was originally developed by Vyatta, Inc.
+# Portions created by Vyatta are Copyright (C) 2010 Vyatta, Inc.
+# All Rights Reserved.
+# **** End License ****
+
+package Vyatta::Qos::IngressRedirect;
+use strict;
+use warnings;
+
+require Vyatta::Config;
+
+sub new {
+    my ( $that, $config, $name ) = @_;
+    my $self = {};
+    my $class = ref($that) || $that;
+
+    bless $self, $class;
+    $self->_define($config);
+
+    return $self;
+}
+
+# Setup new instance.
+sub _define {
+    my ( $self, $config, $dev ) = @_;
+    # config is at level: interfaces ethernet $dev input-policy redirect
+    $self->{_target} = $config->returnValue();
+}
+
+sub commands {
+    my ( $self, $dev, $parent ) = @_;
+    my $target = $self->{_target};
+
+    # Apply filter to ingress qdisc
+    # NB: action is egress because we are in ingress (upside down)
+    printf "filter add dev %s parent %x: ", $dev, $parent;
+    print  " protocol all prio 10 u32"; 
+    print  " match u32 0 0 flowid 1:1";
+    print  " action mirred egress redirect dev $target\n";
+}
+
+1;
+
+