]>
Commit | Line | Data |
---|---|---|
23b1539b PM |
1 | /* |
2 | * Filters: utility functions | |
3 | * | |
4 | * Copyright 1998 Pavel Machek <pavel@ucw.cz> | |
5 | * | |
6 | * Can be freely distributed and used under the terms of the GNU GPL. | |
29818140 | 7 | * |
23b1539b PM |
8 | */ |
9 | ||
2337ade7 PM |
10 | /** |
11 | * DOC: Filters | |
12 | * | |
725270cb MM |
13 | * You can find sources of the filter language in |filter/| |
14 | * directory. File |filter/config.Y| contains filter grammar and basically translates | |
15 | * the source from user into a tree of &f_inst structures. These trees are | |
16 | * later interpreted using code in |filter/filter.c|. | |
fe613ecd | 17 | * |
725270cb MM |
18 | * A filter is represented by a tree of &f_inst structures, one structure per |
19 | * "instruction". Each &f_inst contains @code, @aux value which is | |
20 | * usually the data type this instruction operates on and two generic | |
21 | * arguments (@a1, @a2). Some instructions contain pointer(s) to other | |
22 | * instructions in their (@a1, @a2) fields. | |
2337ade7 | 23 | * |
725270cb MM |
24 | * Filters use a &f_val structure for their data. Each &f_val |
25 | * contains type and value (types are constants prefixed with %T_). Few | |
26 | * of the types are special; %T_RETURN can be or-ed with a type to indicate | |
27 | * that return from a function or from the whole filter should be | |
28 | * forced. Important thing about &f_val's is that they may be copied | |
29 | * with a simple |=|. That's fine for all currently defined types: strings | |
2337ade7 | 30 | * are read-only (and therefore okay), paths are copied for each |
4c5f93d7 PM |
31 | * operation (okay too). |
32 | */ | |
2337ade7 | 33 | |
9a220cab | 34 | #undef LOCAL_DEBUG |
6b9fa320 | 35 | |
23b1539b PM |
36 | #include "nest/bird.h" |
37 | #include "lib/lists.h" | |
38 | #include "lib/resource.h" | |
39 | #include "lib/socket.h" | |
38506f71 | 40 | #include "lib/string.h" |
7f77e250 | 41 | #include "lib/unaligned.h" |
23b1539b PM |
42 | #include "nest/route.h" |
43 | #include "nest/protocol.h" | |
44 | #include "nest/iface.h" | |
159fa4ce | 45 | #include "nest/attrs.h" |
23b1539b PM |
46 | #include "conf/conf.h" |
47 | #include "filter/filter.h" | |
48 | ||
2d496d20 PM |
49 | #define P(a,b) ((a<<8) | b) |
50 | ||
38506f71 PM |
51 | #define CMP_ERROR 999 |
52 | ||
9831e591 | 53 | static struct adata * |
42a0c054 | 54 | adata_empty(struct linpool *pool, int l) |
ad9074e9 | 55 | { |
42a0c054 OZ |
56 | struct adata *res = lp_alloc(pool, sizeof(struct adata) + l); |
57 | res->length = l; | |
ad9074e9 PM |
58 | return res; |
59 | } | |
60 | ||
11cb6202 | 61 | static void |
0e175f9f | 62 | pm_format(struct f_path_mask *p, buffer *buf) |
11cb6202 | 63 | { |
0e175f9f | 64 | buffer_puts(buf, "[= "); |
11cb6202 OZ |
65 | |
66 | while (p) | |
0e175f9f OZ |
67 | { |
68 | switch(p->kind) | |
11cb6202 | 69 | { |
0e175f9f OZ |
70 | case PM_ASN: |
71 | buffer_print(buf, "%u ", p->val); | |
72 | break; | |
92a72a4c | 73 | |
0e175f9f OZ |
74 | case PM_QUESTION: |
75 | buffer_puts(buf, "? "); | |
76 | break; | |
92a72a4c | 77 | |
0e175f9f OZ |
78 | case PM_ASTERISK: |
79 | buffer_puts(buf, "* "); | |
80 | break; | |
11cb6202 | 81 | |
a0fe1944 OF |
82 | case PM_ASN_RANGE: |
83 | buffer_print(buf, "%u..%u ", p->val, p->val2); | |
84 | break; | |
85 | ||
0e175f9f OZ |
86 | case PM_ASN_EXPR: |
87 | buffer_print(buf, "%u ", f_eval_asn((struct f_inst *) p->val)); | |
88 | break; | |
11cb6202 OZ |
89 | } |
90 | ||
0e175f9f OZ |
91 | p = p->next; |
92 | } | |
93 | ||
94 | buffer_puts(buf, "=]"); | |
11cb6202 OZ |
95 | } |
96 | ||
70c57805 | 97 | static inline int |
0aeac9cb | 98 | uint_cmp(uint i1, uint i2) |
2dec1e34 | 99 | { |
70c57805 | 100 | return (int)(i1 > i2) - (int)(i1 < i2); |
2dec1e34 OZ |
101 | } |
102 | ||
70c57805 OZ |
103 | static inline int |
104 | u64_cmp(u64 i1, u64 i2) | |
42a0c054 | 105 | { |
70c57805 | 106 | return (int)(i1 > i2) - (int)(i1 < i2); |
42a0c054 OZ |
107 | } |
108 | ||
8dcf2544 | 109 | /** |
3e82b32d | 110 | * val_compare - compare two values |
8dcf2544 PM |
111 | * @v1: first value |
112 | * @v2: second value | |
113 | * | |
28a10f84 OZ |
114 | * Compares two values and returns -1, 0, 1 on <, =, > or CMP_ERROR on |
115 | * error. Tree module relies on this giving consistent results so | |
116 | * that it can be used for building balanced trees. | |
b093c328 | 117 | */ |
38506f71 PM |
118 | int |
119 | val_compare(struct f_val v1, struct f_val v2) | |
120 | { | |
d85e1f0e MM |
121 | int rc; |
122 | ||
f71bded6 | 123 | if (v1.type != v2.type) { |
70c57805 OZ |
124 | if (v1.type == T_VOID) /* Hack for else */ |
125 | return -1; | |
126 | if (v2.type == T_VOID) | |
127 | return 1; | |
128 | ||
126683fe OZ |
129 | #ifndef IPV6 |
130 | /* IP->Quad implicit conversion */ | |
131 | if ((v1.type == T_QUAD) && (v2.type == T_IP)) | |
2dec1e34 | 132 | return uint_cmp(v1.val.i, ipa_to_u32(v2.val.px.ip)); |
126683fe | 133 | if ((v1.type == T_IP) && (v2.type == T_QUAD)) |
2dec1e34 | 134 | return uint_cmp(ipa_to_u32(v1.val.px.ip), v2.val.i); |
126683fe OZ |
135 | #endif |
136 | ||
f71bded6 | 137 | debug( "Types do not match in val_compare\n" ); |
7db7b7db | 138 | return CMP_ERROR; |
f71bded6 | 139 | } |
28a10f84 | 140 | |
38506f71 | 141 | switch (v1.type) { |
28a10f84 OZ |
142 | case T_VOID: |
143 | return 0; | |
f4536657 | 144 | case T_ENUM: |
a6c9f064 OF |
145 | case T_INT: |
146 | case T_BOOL: | |
d3dd620b | 147 | case T_PAIR: |
126683fe | 148 | case T_QUAD: |
2dec1e34 | 149 | return uint_cmp(v1.val.i, v2.val.i); |
42a0c054 OZ |
150 | case T_EC: |
151 | return u64_cmp(v1.val.ec, v2.val.ec); | |
43fc099b | 152 | case T_IP: |
6dc7a0cb | 153 | return ipa_compare(v1.val.px.ip, v2.val.px.ip); |
d85e1f0e MM |
154 | case T_PREFIX: |
155 | if (rc = ipa_compare(v1.val.px.ip, v2.val.px.ip)) | |
156 | return rc; | |
52e030e1 | 157 | return uint_cmp(v1.val.px.len, v2.val.px.len); |
e29fa06e OZ |
158 | case T_STRING: |
159 | return strcmp(v1.val.s, v2.val.s); | |
3076b5ae MM |
160 | default: |
161 | return CMP_ERROR; | |
38506f71 PM |
162 | } |
163 | } | |
164 | ||
28a10f84 | 165 | static int |
122deb6d | 166 | pm_same(struct f_path_mask *m1, struct f_path_mask *m2) |
dfd48621 | 167 | { |
28a10f84 OZ |
168 | while (m1 && m2) |
169 | { | |
122deb6d | 170 | if (m1->kind != m2->kind) |
28a10f84 OZ |
171 | return 0; |
172 | ||
122deb6d OZ |
173 | if (m1->kind == PM_ASN_EXPR) |
174 | { | |
175 | if (!i_same((struct f_inst *) m1->val, (struct f_inst *) m2->val)) | |
176 | return 0; | |
177 | } | |
178 | else | |
179 | { | |
180 | if ((m1->val != m2->val) || (m1->val2 != m2->val2)) | |
181 | return 0; | |
182 | } | |
183 | ||
28a10f84 OZ |
184 | m1 = m1->next; |
185 | m2 = m2->next; | |
186 | } | |
187 | ||
33d22f0e | 188 | return !m1 && !m2; |
28a10f84 OZ |
189 | } |
190 | ||
191 | /** | |
192 | * val_same - compare two values | |
193 | * @v1: first value | |
194 | * @v2: second value | |
195 | * | |
196 | * Compares two values and returns 1 if they are same and 0 if not. | |
197 | * Comparison of values of different types is valid and returns 0. | |
198 | */ | |
199 | int | |
200 | val_same(struct f_val v1, struct f_val v2) | |
dfd48621 | 201 | { |
28a10f84 OZ |
202 | int rc; |
203 | ||
204 | rc = val_compare(v1, v2); | |
205 | if (rc != CMP_ERROR) | |
206 | return !rc; | |
207 | ||
208 | if (v1.type != v2.type) | |
209 | return 0; | |
210 | ||
211 | switch (v1.type) { | |
212 | case T_PATH_MASK: | |
122deb6d | 213 | return pm_same(v1.val.path_mask, v2.val.path_mask); |
28a10f84 OZ |
214 | case T_PATH: |
215 | case T_CLIST: | |
216 | case T_ECLIST: | |
217 | return adata_same(v1.val.ad, v2.val.ad); | |
218 | case T_SET: | |
219 | return same_tree(v1.val.t, v2.val.t); | |
220 | case T_PREFIX_SET: | |
221 | return trie_same(v1.val.ti, v2.val.ti); | |
222 | default: | |
223 | bug("Invalid type in val_same(): %x", v1.type); | |
224 | } | |
dfd48621 | 225 | } |
b1a597e0 OZ |
226 | |
227 | void | |
7f0d245a | 228 | fprefix_get_bounds(struct f_prefix *px, int *l, int *h) |
b1a597e0 OZ |
229 | { |
230 | *l = *h = px->len & LEN_MASK; | |
231 | ||
232 | if (px->len & LEN_MINUS) | |
233 | *l = 0; | |
234 | ||
235 | else if (px->len & LEN_PLUS) | |
236 | *h = MAX_PREFIX_LENGTH; | |
237 | ||
238 | else if (px->len & LEN_RANGE) | |
239 | { | |
240 | *l = 0xff & (px->len >> 16); | |
241 | *h = 0xff & (px->len >> 8); | |
242 | } | |
243 | } | |
244 | ||
ba5c0057 OZ |
245 | static int |
246 | clist_set_type(struct f_tree *set, struct f_val *v) | |
247 | { | |
248 | switch (set->from.type) { | |
249 | case T_PAIR: | |
250 | v->type = T_PAIR; | |
251 | return 1; | |
252 | case T_QUAD: | |
253 | #ifndef IPV6 | |
254 | case T_IP: | |
255 | #endif | |
256 | v->type = T_QUAD; | |
257 | return 1; | |
258 | break; | |
259 | default: | |
260 | v->type = T_VOID; | |
261 | return 0; | |
262 | } | |
263 | } | |
264 | ||
42a0c054 OZ |
265 | static inline int |
266 | eclist_set_type(struct f_tree *set) | |
267 | { return set->from.type == T_EC; } | |
268 | ||
ba5c0057 OZ |
269 | static int |
270 | clist_match_set(struct adata *clist, struct f_tree *set) | |
271 | { | |
272 | if (!clist) | |
273 | return 0; | |
274 | ||
275 | struct f_val v; | |
276 | if (!clist_set_type(set, &v)) | |
277 | return CMP_ERROR; | |
278 | ||
279 | u32 *l = (u32 *) clist->data; | |
280 | u32 *end = l + clist->length/4; | |
42a0c054 | 281 | |
ba5c0057 OZ |
282 | while (l < end) { |
283 | v.val.i = *l++; | |
284 | if (find_tree(set, v)) | |
285 | return 1; | |
286 | } | |
287 | return 0; | |
288 | } | |
289 | ||
42a0c054 OZ |
290 | static int |
291 | eclist_match_set(struct adata *list, struct f_tree *set) | |
292 | { | |
293 | if (!list) | |
294 | return 0; | |
295 | ||
296 | if (!eclist_set_type(set)) | |
297 | return CMP_ERROR; | |
298 | ||
299 | struct f_val v; | |
300 | u32 *l = int_set_get_data(list); | |
301 | int len = int_set_get_size(list); | |
302 | int i; | |
303 | ||
304 | v.type = T_EC; | |
305 | for (i = 0; i < len; i += 2) { | |
306 | v.val.ec = ec_get(l, i); | |
307 | if (find_tree(set, v)) | |
308 | return 1; | |
309 | } | |
310 | ||
311 | return 0; | |
312 | } | |
313 | ||
ba5c0057 | 314 | static struct adata * |
0888a737 | 315 | clist_filter(struct linpool *pool, struct adata *list, struct f_val set, int pos) |
ba5c0057 | 316 | { |
0888a737 | 317 | if (!list) |
ba5c0057 OZ |
318 | return NULL; |
319 | ||
0888a737 | 320 | int tree = (set.type == T_SET); /* 1 -> set is T_SET, 0 -> set is T_CLIST */ |
ba5c0057 | 321 | struct f_val v; |
0888a737 OZ |
322 | if (tree) |
323 | clist_set_type(set.val.t, &v); | |
324 | else | |
325 | v.type = T_PAIR; | |
ba5c0057 | 326 | |
0888a737 OZ |
327 | int len = int_set_get_size(list); |
328 | u32 *l = int_set_get_data(list); | |
329 | u32 tmp[len]; | |
ba5c0057 | 330 | u32 *k = tmp; |
0888a737 | 331 | u32 *end = l + len; |
ba5c0057 OZ |
332 | |
333 | while (l < end) { | |
334 | v.val.i = *l++; | |
0888a737 OZ |
335 | /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */ |
336 | if ((tree ? !!find_tree(set.val.t, v) : int_set_contains(set.val.ad, v.val.i)) == pos) | |
ba5c0057 OZ |
337 | *k++ = v.val.i; |
338 | } | |
339 | ||
340 | int nl = (k - tmp) * 4; | |
0888a737 OZ |
341 | if (nl == list->length) |
342 | return list; | |
ba5c0057 | 343 | |
42a0c054 OZ |
344 | struct adata *res = adata_empty(pool, nl); |
345 | memcpy(res->data, tmp, nl); | |
346 | return res; | |
347 | } | |
348 | ||
349 | static struct adata * | |
0888a737 | 350 | eclist_filter(struct linpool *pool, struct adata *list, struct f_val set, int pos) |
42a0c054 OZ |
351 | { |
352 | if (!list) | |
353 | return NULL; | |
354 | ||
0888a737 | 355 | int tree = (set.type == T_SET); /* 1 -> set is T_SET, 0 -> set is T_CLIST */ |
42a0c054 OZ |
356 | struct f_val v; |
357 | ||
358 | int len = int_set_get_size(list); | |
359 | u32 *l = int_set_get_data(list); | |
360 | u32 tmp[len]; | |
361 | u32 *k = tmp; | |
362 | int i; | |
363 | ||
364 | v.type = T_EC; | |
365 | for (i = 0; i < len; i += 2) { | |
366 | v.val.ec = ec_get(l, i); | |
0888a737 OZ |
367 | /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */ |
368 | if ((tree ? !!find_tree(set.val.t, v) : ec_set_contains(set.val.ad, v.val.ec)) == pos) { | |
42a0c054 OZ |
369 | *k++ = l[i]; |
370 | *k++ = l[i+1]; | |
371 | } | |
372 | } | |
373 | ||
374 | int nl = (k - tmp) * 4; | |
375 | if (nl == list->length) | |
376 | return list; | |
377 | ||
378 | struct adata *res = adata_empty(pool, nl); | |
ba5c0057 OZ |
379 | memcpy(res->data, tmp, nl); |
380 | return res; | |
381 | } | |
382 | ||
8dcf2544 | 383 | /** |
3e82b32d | 384 | * val_in_range - implement |~| operator |
8dcf2544 PM |
385 | * @v1: element |
386 | * @v2: set | |
387 | * | |
b655596d | 388 | * Checks if @v1 is element (|~| operator) of @v2. |
b093c328 | 389 | */ |
9831e591 | 390 | static int |
7db7b7db PM |
391 | val_in_range(struct f_val v1, struct f_val v2) |
392 | { | |
b655596d OZ |
393 | if ((v1.type == T_PATH) && (v2.type == T_PATH_MASK)) |
394 | return as_path_match(v1.val.ad, v2.val.path_mask); | |
6dc7a0cb | 395 | |
b655596d | 396 | if ((v1.type == T_INT) && (v2.type == T_PATH)) |
a15dab76 | 397 | return as_path_contains(v2.val.ad, v1.val.i, 1); |
6dc7a0cb | 398 | |
b655596d OZ |
399 | if (((v1.type == T_PAIR) || (v1.type == T_QUAD)) && (v2.type == T_CLIST)) |
400 | return int_set_contains(v2.val.ad, v1.val.i); | |
401 | #ifndef IPV6 | |
402 | /* IP->Quad implicit conversion */ | |
403 | if ((v1.type == T_IP) && (v2.type == T_CLIST)) | |
404 | return int_set_contains(v2.val.ad, ipa_to_u32(v1.val.px.ip)); | |
405 | #endif | |
b1a597e0 | 406 | |
b655596d OZ |
407 | if ((v1.type == T_EC) && (v2.type == T_ECLIST)) |
408 | return ec_set_contains(v2.val.ad, v1.val.ec); | |
ba5c0057 | 409 | |
b655596d OZ |
410 | if ((v1.type == T_STRING) && (v2.type == T_STRING)) |
411 | return patmatch(v2.val.s, v1.val.s); | |
42a0c054 | 412 | |
b655596d OZ |
413 | if ((v1.type == T_IP) && (v2.type == T_PREFIX)) |
414 | return ipa_in_net(v1.val.px.ip, v2.val.px.ip, v2.val.px.len); | |
7db7b7db | 415 | |
b655596d OZ |
416 | if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX)) |
417 | return net_in_net(v1.val.px.ip, v1.val.px.len, v2.val.px.ip, v2.val.px.len); | |
0d1b3c4c | 418 | |
b1a597e0 | 419 | if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX_SET)) |
7f0d245a | 420 | return trie_match_fprefix(v2.val.ti, &v1.val.px); |
0d1b3c4c | 421 | |
b655596d OZ |
422 | if (v2.type != T_SET) |
423 | return CMP_ERROR; | |
0d1b3c4c | 424 | |
b655596d OZ |
425 | /* With integrated Quad<->IP implicit conversion */ |
426 | if ((v1.type == v2.val.t->from.type) || | |
427 | ((IP_VERSION == 4) && (v1.type == T_QUAD) && (v2.val.t->from.type == T_IP))) | |
428 | return !!find_tree(v2.val.t, v1); | |
0d1b3c4c | 429 | |
b655596d | 430 | if (v1.type == T_CLIST) |
ba5c0057 | 431 | return clist_match_set(v1.val.ad, v2.val.t); |
0d1b3c4c | 432 | |
b655596d | 433 | if (v1.type == T_ECLIST) |
42a0c054 OZ |
434 | return eclist_match_set(v1.val.ad, v2.val.t); |
435 | ||
b655596d | 436 | if (v1.type == T_PATH) |
cc31b75a OZ |
437 | return as_path_match_set(v1.val.ad, v2.val.t); |
438 | ||
7db7b7db | 439 | return CMP_ERROR; |
38506f71 PM |
440 | } |
441 | ||
4c5f93d7 | 442 | /* |
0e175f9f | 443 | * val_format - format filter value |
b093c328 | 444 | */ |
508d9360 | 445 | void |
0e175f9f | 446 | val_format(struct f_val v, buffer *buf) |
38506f71 | 447 | { |
ecd25633 | 448 | char buf2[1024]; |
0e175f9f OZ |
449 | switch (v.type) |
450 | { | |
451 | case T_VOID: buffer_puts(buf, "(void)"); return; | |
452 | case T_BOOL: buffer_puts(buf, v.val.i ? "TRUE" : "FALSE"); return; | |
52e030e1 | 453 | case T_INT: buffer_print(buf, "%u", v.val.i); return; |
0e175f9f OZ |
454 | case T_STRING: buffer_print(buf, "%s", v.val.s); return; |
455 | case T_IP: buffer_print(buf, "%I", v.val.px.ip); return; | |
456 | case T_PREFIX: buffer_print(buf, "%I/%d", v.val.px.ip, v.val.px.len); return; | |
52e030e1 | 457 | case T_PAIR: buffer_print(buf, "(%u,%u)", v.val.i >> 16, v.val.i & 0xffff); return; |
0e175f9f OZ |
458 | case T_QUAD: buffer_print(buf, "%R", v.val.i); return; |
459 | case T_EC: ec_format(buf2, v.val.ec); buffer_print(buf, "%s", buf2); return; | |
460 | case T_PREFIX_SET: trie_format(v.val.ti, buf); return; | |
461 | case T_SET: tree_format(v.val.t, buf); return; | |
52e030e1 | 462 | case T_ENUM: buffer_print(buf, "(enum %x)%u", v.type, v.val.i); return; |
0e175f9f OZ |
463 | case T_PATH: as_path_format(v.val.ad, buf2, 1000); buffer_print(buf, "(path %s)", buf2); return; |
464 | case T_CLIST: int_set_format(v.val.ad, 1, -1, buf2, 1000); buffer_print(buf, "(clist %s)", buf2); return; | |
465 | case T_ECLIST: ec_set_format(v.val.ad, -1, buf2, 1000); buffer_print(buf, "(eclist %s)", buf2); return; | |
466 | case T_PATH_MASK: pm_format(v.val.path_mask, buf); return; | |
467 | default: buffer_print(buf, "[unknown type %x]", v.type); return; | |
38506f71 | 468 | } |
38506f71 PM |
469 | } |
470 | ||
a03ede64 OZ |
471 | static struct rte **f_rte; |
472 | static struct rta *f_old_rta; | |
31e79264 | 473 | static struct ea_list **f_tmp_attrs; |
a03ede64 | 474 | static struct linpool *f_pool; |
0e175f9f | 475 | static struct buffer f_buf; |
0a06a9b8 | 476 | static int f_flags; |
36bbfc70 | 477 | |
a03ede64 OZ |
478 | static inline void f_rte_cow(void) |
479 | { | |
315f23a0 | 480 | *f_rte = rte_cow(*f_rte); |
a03ede64 OZ |
481 | } |
482 | ||
4c5f93d7 | 483 | /* |
b093c328 PM |
484 | * rta_cow - prepare rta for modification by filter |
485 | */ | |
9831e591 | 486 | static void |
a03ede64 | 487 | f_rta_cow(void) |
26c09e1d | 488 | { |
8d9eef17 OZ |
489 | if (!rta_is_cached((*f_rte)->attrs)) |
490 | return; | |
491 | ||
492 | /* Prepare to modify rte */ | |
493 | f_rte_cow(); | |
494 | ||
495 | /* Store old rta to free it later, it stores reference from rte_cow() */ | |
496 | f_old_rta = (*f_rte)->attrs; | |
497 | ||
498 | /* | |
499 | * Get shallow copy of rta. Fields eattrs and nexthops of rta are shared | |
500 | * with f_old_rta (they will be copied when the cached rta will be obtained | |
501 | * at the end of f_run()), also the lock of hostentry is inherited (we | |
502 | * suppose hostentry is not changed by filters). | |
503 | */ | |
504 | (*f_rte)->attrs = rta_do_cow((*f_rte)->attrs, f_pool); | |
26c09e1d PM |
505 | } |
506 | ||
1123e707 | 507 | static struct tbf rl_runtime_err = TBF_DEFAULT_LOG_LIMITS; |
cb530392 | 508 | |
9a4037d4 | 509 | #define runtime(x) do { \ |
cb530392 | 510 | log_rl(&rl_runtime_err, L_ERR "filters, line %d: %s", what->lineno, x); \ |
9a4037d4 PM |
511 | res.type = T_RETURN; \ |
512 | res.val.i = F_ERROR; \ | |
513 | return res; \ | |
514 | } while(0) | |
515 | ||
516 | #define ARG(x,y) \ | |
517 | x = interpret(what->y); \ | |
2d496d20 | 518 | if (x.type & T_RETURN) \ |
9a4037d4 PM |
519 | return x; |
520 | ||
521 | #define ONEARG ARG(v1, a1.p) | |
522 | #define TWOARGS ARG(v1, a1.p) \ | |
523 | ARG(v2, a2.p) | |
524 | #define TWOARGS_C TWOARGS \ | |
525 | if (v1.type != v2.type) \ | |
b178d92a | 526 | runtime( "Can't operate with values of incompatible types" ); |
508d9360 OZ |
527 | #define ACCESS_RTE \ |
528 | do { if (!f_rte) runtime("No route to access"); } while (0) | |
7db7b7db | 529 | |
315f23a0 OZ |
530 | #define BITFIELD_MASK(what) \ |
531 | (1u << (what->a2.i >> 24)) | |
532 | ||
b093c328 PM |
533 | /** |
534 | * interpret | |
2e9b2421 | 535 | * @what: filter to interpret |
b093c328 | 536 | * |
4c5f93d7 | 537 | * Interpret given tree of filter instructions. This is core function |
b093c328 | 538 | * of filter system and does all the hard work. |
771ae456 PM |
539 | * |
540 | * Each instruction has 4 fields: code (which is instruction code), | |
541 | * aux (which is extension to instruction code, typically type), | |
542 | * arg1 and arg2 - arguments. Depending on instruction, arguments | |
315f23a0 | 543 | * are either integers, or pointers to instruction trees. Common |
771ae456 PM |
544 | * instructions like +, that have two expressions as arguments use |
545 | * TWOARGS macro to get both of them evaluated. | |
546 | * | |
547 | * &f_val structures are copied around, so there are no problems with | |
548 | * memory managment. | |
b093c328 | 549 | */ |
23b1539b PM |
550 | static struct f_val |
551 | interpret(struct f_inst *what) | |
552 | { | |
553 | struct symbol *sym; | |
126683fe | 554 | struct f_val v1, v2, res, *vp; |
92a72a4c | 555 | unsigned u1, u2; |
6a57bb31 | 556 | int i; |
7ea5b00f | 557 | u32 as; |
23b1539b PM |
558 | |
559 | res.type = T_VOID; | |
560 | if (!what) | |
561 | return res; | |
562 | ||
563 | switch(what->code) { | |
564 | case ',': | |
565 | TWOARGS; | |
566 | break; | |
567 | ||
568 | /* Binary operators */ | |
569 | case '+': | |
570 | TWOARGS_C; | |
571 | switch (res.type = v1.type) { | |
b178d92a | 572 | case T_VOID: runtime( "Can't operate with values of type void" ); |
23b1539b PM |
573 | case T_INT: res.val.i = v1.val.i + v2.val.i; break; |
574 | default: runtime( "Usage of unknown type" ); | |
575 | } | |
576 | break; | |
9f0d45d6 PM |
577 | case '-': |
578 | TWOARGS_C; | |
579 | switch (res.type = v1.type) { | |
b178d92a | 580 | case T_VOID: runtime( "Can't operate with values of type void" ); |
9f0d45d6 PM |
581 | case T_INT: res.val.i = v1.val.i - v2.val.i; break; |
582 | default: runtime( "Usage of unknown type" ); | |
583 | } | |
584 | break; | |
585 | case '*': | |
586 | TWOARGS_C; | |
587 | switch (res.type = v1.type) { | |
b178d92a | 588 | case T_VOID: runtime( "Can't operate with values of type void" ); |
9f0d45d6 PM |
589 | case T_INT: res.val.i = v1.val.i * v2.val.i; break; |
590 | default: runtime( "Usage of unknown type" ); | |
591 | } | |
592 | break; | |
23b1539b PM |
593 | case '/': |
594 | TWOARGS_C; | |
595 | switch (res.type = v1.type) { | |
b178d92a | 596 | case T_VOID: runtime( "Can't operate with values of type void" ); |
64ba9f7b PM |
597 | case T_INT: if (v2.val.i == 0) runtime( "Mother told me not to divide by 0" ); |
598 | res.val.i = v1.val.i / v2.val.i; break; | |
23b1539b PM |
599 | default: runtime( "Usage of unknown type" ); |
600 | } | |
601 | break; | |
315f23a0 | 602 | |
5f4aee76 | 603 | case '&': |
5f4aee76 | 604 | case '|': |
0aa88530 OZ |
605 | ARG(v1, a1.p); |
606 | if (v1.type != T_BOOL) | |
607 | runtime( "Can't do boolean operation on non-booleans" ); | |
608 | if (v1.val.i == (what->code == '|')) { | |
609 | res.type = T_BOOL; | |
610 | res.val.i = v1.val.i; | |
611 | break; | |
612 | } | |
613 | ||
614 | ARG(v2, a2.p); | |
615 | if (v2.type != T_BOOL) | |
616 | runtime( "Can't do boolean operation on non-booleans" ); | |
617 | res.type = T_BOOL; | |
618 | res.val.i = v2.val.i; | |
5f4aee76 | 619 | break; |
23b1539b | 620 | |
92a72a4c | 621 | case P('m','p'): |
42a0c054 | 622 | TWOARGS; |
92a72a4c OZ |
623 | if ((v1.type != T_INT) || (v2.type != T_INT)) |
624 | runtime( "Can't operate with value of non-integer type in pair constructor" ); | |
625 | u1 = v1.val.i; | |
626 | u2 = v2.val.i; | |
627 | if ((u1 > 0xFFFF) || (u2 > 0xFFFF)) | |
628 | runtime( "Can't operate with value out of bounds in pair constructor" ); | |
629 | res.val.i = (u1 << 16) | u2; | |
630 | res.type = T_PAIR; | |
631 | break; | |
632 | ||
42a0c054 OZ |
633 | case P('m','c'): |
634 | { | |
635 | TWOARGS; | |
636 | ||
637 | int check, ipv4_used; | |
638 | u32 key, val; | |
639 | ||
640 | if (v1.type == T_INT) { | |
641 | ipv4_used = 0; key = v1.val.i; | |
315f23a0 | 642 | } |
42a0c054 OZ |
643 | else if (v1.type == T_QUAD) { |
644 | ipv4_used = 1; key = v1.val.i; | |
645 | } | |
646 | #ifndef IPV6 | |
647 | /* IP->Quad implicit conversion */ | |
648 | else if (v1.type == T_IP) { | |
649 | ipv4_used = 1; key = ipa_to_u32(v1.val.px.ip); | |
650 | } | |
651 | #endif | |
652 | else | |
653 | runtime("Can't operate with key of non-integer/IPv4 type in EC constructor"); | |
654 | ||
655 | if (v2.type != T_INT) | |
656 | runtime("Can't operate with value of non-integer type in EC constructor"); | |
657 | val = v2.val.i; | |
658 | ||
659 | res.type = T_EC; | |
660 | ||
661 | if (what->aux == EC_GENERIC) { | |
662 | check = 0; res.val.ec = ec_generic(key, val); | |
663 | } | |
664 | else if (ipv4_used) { | |
665 | check = 1; res.val.ec = ec_ip4(what->aux, key, val); | |
666 | } | |
667 | else if (key < 0x10000) { | |
668 | check = 0; res.val.ec = ec_as2(what->aux, key, val); | |
669 | } | |
670 | else { | |
671 | check = 1; res.val.ec = ec_as4(what->aux, key, val); | |
672 | } | |
673 | ||
674 | if (check && (val > 0xFFFF)) | |
675 | runtime("Can't operate with value out of bounds in EC constructor"); | |
676 | ||
677 | break; | |
678 | } | |
679 | ||
23b1539b | 680 | /* Relational operators */ |
38506f71 PM |
681 | |
682 | #define COMPARE(x) \ | |
126683fe | 683 | TWOARGS; \ |
38506f71 PM |
684 | i = val_compare(v1, v2); \ |
685 | if (i==CMP_ERROR) \ | |
126683fe OZ |
686 | runtime( "Can't compare values of incompatible types" ); \ |
687 | res.type = T_BOOL; \ | |
38506f71 | 688 | res.val.i = (x); \ |
23b1539b | 689 | break; |
38506f71 | 690 | |
28a10f84 OZ |
691 | #define SAME(x) \ |
692 | TWOARGS; \ | |
693 | i = val_same(v1, v2); \ | |
694 | res.type = T_BOOL; \ | |
695 | res.val.i = (x); \ | |
696 | break; | |
697 | ||
698 | case P('!','='): SAME(!i); | |
699 | case P('=','='): SAME(i); | |
38506f71 | 700 | case '<': COMPARE(i==-1); |
2d496d20 | 701 | case P('<','='): COMPARE(i!=1); |
38506f71 | 702 | |
995e5894 PM |
703 | case '!': |
704 | ONEARG; | |
705 | if (v1.type != T_BOOL) | |
b178d92a | 706 | runtime( "Not applied to non-boolean" ); |
995e5894 PM |
707 | res = v1; |
708 | res.val.i = !res.val.i; | |
709 | break; | |
710 | ||
38506f71 PM |
711 | case '~': |
712 | TWOARGS; | |
23b1539b | 713 | res.type = T_BOOL; |
7db7b7db PM |
714 | res.val.i = val_in_range(v1, v2); |
715 | if (res.val.i == CMP_ERROR) | |
716 | runtime( "~ applied on unknown type pair" ); | |
0aa88530 | 717 | res.val.i = !!res.val.i; |
23b1539b | 718 | break; |
2d496d20 | 719 | case P('d','e'): |
f4536657 PM |
720 | ONEARG; |
721 | res.type = T_BOOL; | |
722 | res.val.i = (v1.type != T_VOID); | |
723 | break; | |
23b1539b | 724 | |
d3dd620b | 725 | /* Set to indirect value, a1 = variable, a2 = value */ |
23b1539b | 726 | case 's': |
2db3b288 PM |
727 | ARG(v2, a2.p); |
728 | sym = what->a1.p; | |
126683fe OZ |
729 | vp = sym->def; |
730 | if ((sym->class != (SYM_VARIABLE | v2.type)) && (v2.type != T_VOID)) { | |
731 | #ifndef IPV6 | |
732 | /* IP->Quad implicit conversion */ | |
733 | if ((sym->class == (SYM_VARIABLE | T_QUAD)) && (v2.type == T_IP)) { | |
734 | vp->type = T_QUAD; | |
735 | vp->val.i = ipa_to_u32(v2.val.px.ip); | |
736 | break; | |
737 | } | |
738 | #endif | |
aa461248 | 739 | runtime( "Assigning to variable of incompatible type" ); |
126683fe | 740 | } |
315f23a0 | 741 | *vp = v2; |
23b1539b PM |
742 | break; |
743 | ||
083c43e2 | 744 | /* some constants have value in a2, some in *a1.p, strange. */ |
b1a597e0 | 745 | case 'c': /* integer (or simple type) constant, string, set, or prefix_set */ |
c7b43f33 | 746 | res.type = what->aux; |
083c43e2 | 747 | |
b1a597e0 OZ |
748 | if (res.type == T_PREFIX_SET) |
749 | res.val.ti = what->a2.p; | |
750 | else if (res.type == T_SET) | |
083c43e2 OZ |
751 | res.val.t = what->a2.p; |
752 | else if (res.type == T_STRING) | |
753 | res.val.s = what->a2.p; | |
754 | else | |
755 | res.val.i = what->a2.i; | |
23b1539b | 756 | break; |
9be1086d | 757 | case 'V': |
38506f71 PM |
758 | case 'C': |
759 | res = * ((struct f_val *) what->a1.p); | |
760 | break; | |
23b1539b PM |
761 | case 'p': |
762 | ONEARG; | |
0e175f9f | 763 | val_format(v1, &f_buf); |
23b1539b PM |
764 | break; |
765 | case '?': /* ? has really strange error value, so we can implement if ... else nicely :-) */ | |
766 | ONEARG; | |
767 | if (v1.type != T_BOOL) | |
98da26a0 | 768 | runtime( "If requires boolean expression" ); |
23b1539b | 769 | if (v1.val.i) { |
2db3b288 | 770 | ARG(res,a2.p); |
23b1539b PM |
771 | res.val.i = 0; |
772 | } else res.val.i = 1; | |
773 | res.type = T_BOOL; | |
774 | break; | |
775 | case '0': | |
3cf4a2e2 | 776 | debug( "No operation\n" ); |
23b1539b | 777 | break; |
2d496d20 | 778 | case P('p',','): |
23b1539b | 779 | ONEARG; |
798df5b1 | 780 | if (what->a2.i == F_NOP || (what->a2.i != F_NONL && what->a1.p)) |
0e175f9f | 781 | log_commit(*L_INFO, &f_buf); |
23b1539b | 782 | |
2db3b288 | 783 | switch (what->a2.i) { |
23b1539b PM |
784 | case F_QUITBIRD: |
785 | die( "Filter asked me to die" ); | |
786 | case F_ACCEPT: | |
787 | /* Should take care about turning ACCEPT into MODIFY */ | |
788 | case F_ERROR: | |
2ad6dcdb | 789 | case F_REJECT: /* FIXME (noncritical) Should print complete route along with reason to reject route */ |
23b1539b | 790 | res.type = T_RETURN; |
2ad6dcdb | 791 | res.val.i = what->a2.i; |
7e1f9971 | 792 | return res; /* We have to return now, no more processing. */ |
d3dd620b | 793 | case F_NONL: |
23b1539b PM |
794 | case F_NOP: |
795 | break; | |
796 | default: | |
b178d92a | 797 | bug( "unknown return type: Can't happen"); |
23b1539b PM |
798 | } |
799 | break; | |
36bbfc70 PM |
800 | case 'a': /* rta access */ |
801 | { | |
508d9360 | 802 | ACCESS_RTE; |
36bbfc70 | 803 | struct rta *rta = (*f_rte)->attrs; |
c7b43f33 | 804 | res.type = what->aux; |
a5fc5958 OZ |
805 | |
806 | switch (what->a2.i) | |
807 | { | |
808 | case SA_FROM: res.val.px.ip = rta->from; break; | |
809 | case SA_GW: res.val.px.ip = rta->gw; break; | |
810 | case SA_NET: res.val.px.ip = (*f_rte)->net->n.prefix; | |
811 | res.val.px.len = (*f_rte)->net->n.pxlen; break; | |
736e143f | 812 | case SA_PROTO: res.val.s = rta->src->proto->name; break; |
a5fc5958 OZ |
813 | case SA_SOURCE: res.val.i = rta->source; break; |
814 | case SA_SCOPE: res.val.i = rta->scope; break; | |
815 | case SA_CAST: res.val.i = rta->cast; break; | |
816 | case SA_DEST: res.val.i = rta->dest; break; | |
817 | case SA_IFNAME: res.val.s = rta->iface ? rta->iface->name : ""; break; | |
818 | case SA_IFINDEX: res.val.i = rta->iface ? rta->iface->index : 0; break; | |
819 | ||
36bbfc70 | 820 | default: |
a5fc5958 | 821 | bug("Invalid static attribute access (%x)", res.type); |
36bbfc70 PM |
822 | } |
823 | } | |
824 | break; | |
0dc4431c | 825 | case P('a','S'): |
508d9360 | 826 | ACCESS_RTE; |
0dc4431c PM |
827 | ONEARG; |
828 | if (what->aux != v1.type) | |
98da26a0 | 829 | runtime( "Attempt to set static attribute to incompatible type" ); |
a5fc5958 | 830 | |
a03ede64 | 831 | f_rta_cow(); |
0dc4431c PM |
832 | { |
833 | struct rta *rta = (*f_rte)->attrs; | |
182a7895 | 834 | |
a5fc5958 OZ |
835 | switch (what->a2.i) |
836 | { | |
837 | case SA_FROM: | |
838 | rta->from = v1.val.px.ip; | |
0dc4431c | 839 | break; |
182a7895 | 840 | |
a5fc5958 | 841 | case SA_GW: |
00192d5a | 842 | { |
a5fc5958 | 843 | ip_addr ip = v1.val.px.ip; |
736e143f | 844 | neighbor *n = neigh_find(rta->src->proto, &ip, 0); |
00192d5a OZ |
845 | if (!n || (n->scope == SCOPE_HOST)) |
846 | runtime( "Invalid gw address" ); | |
847 | ||
848 | rta->dest = RTD_ROUTER; | |
849 | rta->gw = ip; | |
850 | rta->iface = n->iface; | |
851 | rta->nexthops = NULL; | |
852 | rta->hostentry = NULL; | |
853 | } | |
0dc4431c | 854 | break; |
182a7895 | 855 | |
a5fc5958 | 856 | case SA_SCOPE: |
182a7895 OZ |
857 | rta->scope = v1.val.i; |
858 | break; | |
859 | ||
a5fc5958 | 860 | case SA_DEST: |
182a7895 OZ |
861 | i = v1.val.i; |
862 | if ((i != RTD_BLACKHOLE) && (i != RTD_UNREACHABLE) && (i != RTD_PROHIBIT)) | |
863 | runtime( "Destination can be changed only to blackhole, unreachable or prohibit" ); | |
00192d5a | 864 | |
182a7895 OZ |
865 | rta->dest = i; |
866 | rta->gw = IPA_NONE; | |
867 | rta->iface = NULL; | |
868 | rta->nexthops = NULL; | |
00192d5a | 869 | rta->hostentry = NULL; |
182a7895 OZ |
870 | break; |
871 | ||
0dc4431c | 872 | default: |
a5fc5958 | 873 | bug("Invalid static attribute access (%x)", res.type); |
0dc4431c PM |
874 | } |
875 | } | |
876 | break; | |
2d496d20 | 877 | case P('e','a'): /* Access to extended attributes */ |
508d9360 | 878 | ACCESS_RTE; |
91447965 | 879 | { |
0a06a9b8 | 880 | eattr *e = NULL; |
315f23a0 OZ |
881 | u16 code = what->a2.i; |
882 | ||
3076b5ae | 883 | if (!(f_flags & FF_FORCE_TMPATTR)) |
315f23a0 OZ |
884 | e = ea_find((*f_rte)->attrs->eattrs, code); |
885 | if (!e) | |
886 | e = ea_find((*f_tmp_attrs), code); | |
3076b5ae | 887 | if ((!e) && (f_flags & FF_FORCE_TMPATTR)) |
315f23a0 | 888 | e = ea_find((*f_rte)->attrs->eattrs, code); |
e8da1bd0 OZ |
889 | |
890 | if (!e) { | |
0277cc0b OZ |
891 | /* A special case: undefined int_set looks like empty int_set */ |
892 | if ((what->aux & EAF_TYPE_MASK) == EAF_TYPE_INT_SET) { | |
893 | res.type = T_CLIST; | |
42a0c054 OZ |
894 | res.val.ad = adata_empty(f_pool, 0); |
895 | break; | |
896 | } | |
315f23a0 | 897 | |
42a0c054 | 898 | /* The same special case for ec_set */ |
315f23a0 | 899 | if ((what->aux & EAF_TYPE_MASK) == EAF_TYPE_EC_SET) { |
42a0c054 OZ |
900 | res.type = T_ECLIST; |
901 | res.val.ad = adata_empty(f_pool, 0); | |
0277cc0b OZ |
902 | break; |
903 | } | |
42a0c054 | 904 | |
e8da1bd0 OZ |
905 | /* Undefined value */ |
906 | res.type = T_VOID; | |
907 | break; | |
908 | } | |
909 | ||
910 | switch (what->aux & EAF_TYPE_MASK) { | |
911 | case EAF_TYPE_INT: | |
0150e521 | 912 | res.type = T_INT; |
91447965 PM |
913 | res.val.i = e->u.data; |
914 | break; | |
126683fe OZ |
915 | case EAF_TYPE_ROUTER_ID: |
916 | res.type = T_QUAD; | |
917 | res.val.i = e->u.data; | |
918 | break; | |
e8da1bd0 OZ |
919 | case EAF_TYPE_OPAQUE: |
920 | res.type = T_ENUM_EMPTY; | |
921 | res.val.i = 0; | |
922 | break; | |
330aecea | 923 | case EAF_TYPE_IP_ADDRESS: |
330aecea OZ |
924 | res.type = T_IP; |
925 | struct adata * ad = e->u.ptr; | |
926 | res.val.px.ip = * (ip_addr *) ad->data; | |
927 | break; | |
0150e521 PM |
928 | case EAF_TYPE_AS_PATH: |
929 | res.type = T_PATH; | |
930 | res.val.ad = e->u.ptr; | |
931 | break; | |
315f23a0 OZ |
932 | case EAF_TYPE_BITFIELD: |
933 | res.type = T_BOOL; | |
934 | res.val.i = !!(e->u.data & BITFIELD_MASK(what)); | |
935 | break; | |
0150e521 PM |
936 | case EAF_TYPE_INT_SET: |
937 | res.type = T_CLIST; | |
10a53608 PM |
938 | res.val.ad = e->u.ptr; |
939 | break; | |
42a0c054 OZ |
940 | case EAF_TYPE_EC_SET: |
941 | res.type = T_ECLIST; | |
942 | res.val.ad = e->u.ptr; | |
943 | break; | |
e8da1bd0 OZ |
944 | case EAF_TYPE_UNDEF: |
945 | res.type = T_VOID; | |
946 | break; | |
2803c9dd | 947 | default: |
ad9074e9 | 948 | bug("Unknown type in e,a"); |
91447965 PM |
949 | } |
950 | } | |
6dc7a0cb | 951 | break; |
2d496d20 | 952 | case P('e','S'): |
508d9360 | 953 | ACCESS_RTE; |
f31156ca | 954 | ONEARG; |
f31156ca PM |
955 | { |
956 | struct ea_list *l = lp_alloc(f_pool, sizeof(struct ea_list) + sizeof(eattr)); | |
315f23a0 | 957 | u16 code = what->a2.i; |
f31156ca PM |
958 | |
959 | l->next = NULL; | |
960 | l->flags = EALF_SORTED; | |
961 | l->count = 1; | |
315f23a0 | 962 | l->attrs[0].id = code; |
913ce95b PM |
963 | l->attrs[0].flags = 0; |
964 | l->attrs[0].type = what->aux | EAF_ORIGINATED; | |
315f23a0 | 965 | |
31e79264 PM |
966 | switch (what->aux & EAF_TYPE_MASK) { |
967 | case EAF_TYPE_INT: | |
968 | if (v1.type != T_INT) | |
969 | runtime( "Setting int attribute to non-int value" ); | |
f31156ca PM |
970 | l->attrs[0].u.data = v1.val.i; |
971 | break; | |
3e40f3e7 OZ |
972 | |
973 | case EAF_TYPE_ROUTER_ID: | |
974 | #ifndef IPV6 | |
975 | /* IP->Quad implicit conversion */ | |
976 | if (v1.type == T_IP) { | |
977 | l->attrs[0].u.data = ipa_to_u32(v1.val.px.ip); | |
978 | break; | |
979 | } | |
980 | #endif | |
981 | /* T_INT for backward compatibility */ | |
982 | if ((v1.type != T_QUAD) && (v1.type != T_INT)) | |
983 | runtime( "Setting quad attribute to non-quad value" ); | |
984 | l->attrs[0].u.data = v1.val.i; | |
985 | break; | |
986 | ||
e8da1bd0 OZ |
987 | case EAF_TYPE_OPAQUE: |
988 | runtime( "Setting opaque attribute is not allowed" ); | |
989 | break; | |
330aecea OZ |
990 | case EAF_TYPE_IP_ADDRESS: |
991 | if (v1.type != T_IP) | |
992 | runtime( "Setting ip attribute to non-ip value" ); | |
993 | int len = sizeof(ip_addr); | |
994 | struct adata *ad = lp_alloc(f_pool, sizeof(struct adata) + len); | |
995 | ad->length = len; | |
996 | (* (ip_addr *) ad->data) = v1.val.px.ip; | |
54fe0d92 | 997 | l->attrs[0].u.ptr = ad; |
330aecea | 998 | break; |
10a53608 PM |
999 | case EAF_TYPE_AS_PATH: |
1000 | if (v1.type != T_PATH) | |
1001 | runtime( "Setting path attribute to non-path value" ); | |
1002 | l->attrs[0].u.ptr = v1.val.ad; | |
1003 | break; | |
315f23a0 OZ |
1004 | case EAF_TYPE_BITFIELD: |
1005 | if (v1.type != T_BOOL) | |
1006 | runtime( "Setting bit in bitfield attribute to non-bool value" ); | |
1007 | { | |
1008 | /* First, we have to find the old value */ | |
1009 | eattr *e = NULL; | |
1010 | if (!(f_flags & FF_FORCE_TMPATTR)) | |
1011 | e = ea_find((*f_rte)->attrs->eattrs, code); | |
1012 | if (!e) | |
1013 | e = ea_find((*f_tmp_attrs), code); | |
1014 | if ((!e) && (f_flags & FF_FORCE_TMPATTR)) | |
1015 | e = ea_find((*f_rte)->attrs->eattrs, code); | |
1016 | u32 data = e ? e->u.data : 0; | |
1017 | ||
1018 | if (v1.val.i) | |
1019 | l->attrs[0].u.data = data | BITFIELD_MASK(what); | |
1020 | else | |
1021 | l->attrs[0].u.data = data & ~BITFIELD_MASK(what);; | |
1022 | } | |
1023 | break; | |
708711c3 PM |
1024 | case EAF_TYPE_INT_SET: |
1025 | if (v1.type != T_CLIST) | |
42a0c054 OZ |
1026 | runtime( "Setting clist attribute to non-clist value" ); |
1027 | l->attrs[0].u.ptr = v1.val.ad; | |
1028 | break; | |
1029 | case EAF_TYPE_EC_SET: | |
1030 | if (v1.type != T_ECLIST) | |
1031 | runtime( "Setting eclist attribute to non-eclist value" ); | |
708711c3 PM |
1032 | l->attrs[0].u.ptr = v1.val.ad; |
1033 | break; | |
31e79264 PM |
1034 | case EAF_TYPE_UNDEF: |
1035 | if (v1.type != T_VOID) | |
1036 | runtime( "Setting void attribute to non-void value" ); | |
48f9e019 PM |
1037 | l->attrs[0].u.data = 0; |
1038 | break; | |
0150e521 | 1039 | default: bug("Unknown type in e,S"); |
f31156ca | 1040 | } |
31e79264 | 1041 | |
3076b5ae | 1042 | if (!(what->aux & EAF_TEMP) && (!(f_flags & FF_FORCE_TMPATTR))) { |
a03ede64 | 1043 | f_rta_cow(); |
db96fccb OZ |
1044 | l->next = (*f_rte)->attrs->eattrs; |
1045 | (*f_rte)->attrs->eattrs = l; | |
31e79264 PM |
1046 | } else { |
1047 | l->next = (*f_tmp_attrs); | |
1048 | (*f_tmp_attrs) = l; | |
1049 | } | |
f31156ca | 1050 | } |
f31156ca | 1051 | break; |
0dc4431c | 1052 | case 'P': |
508d9360 | 1053 | ACCESS_RTE; |
0dc4431c PM |
1054 | res.type = T_INT; |
1055 | res.val.i = (*f_rte)->pref; | |
1056 | break; | |
1057 | case P('P','S'): | |
508d9360 | 1058 | ACCESS_RTE; |
0dc4431c PM |
1059 | ONEARG; |
1060 | if (v1.type != T_INT) | |
b178d92a | 1061 | runtime( "Can't set preference to non-integer" ); |
7d37bf79 | 1062 | if (v1.val.i > 0xFFFF) |
f4c6ca8c | 1063 | runtime( "Setting preference value out of bounds" ); |
a03ede64 | 1064 | f_rte_cow(); |
0dc4431c PM |
1065 | (*f_rte)->pref = v1.val.i; |
1066 | break; | |
684c6f5a PM |
1067 | case 'L': /* Get length of */ |
1068 | ONEARG; | |
1069 | res.type = T_INT; | |
1070 | switch(v1.type) { | |
1071 | case T_PREFIX: res.val.i = v1.val.px.len; break; | |
1072 | case T_PATH: res.val.i = as_path_getlen(v1.val.ad); break; | |
7ccb36d3 OZ |
1073 | case T_CLIST: res.val.i = int_set_get_size(v1.val.ad); break; |
1074 | case T_ECLIST: res.val.i = ec_set_get_size(v1.val.ad); break; | |
1075 | default: runtime( "Prefix, path, clist or eclist expected" ); | |
684c6f5a PM |
1076 | } |
1077 | break; | |
2d496d20 | 1078 | case P('c','p'): /* Convert prefix to ... */ |
36bbfc70 PM |
1079 | ONEARG; |
1080 | if (v1.type != T_PREFIX) | |
b178d92a | 1081 | runtime( "Prefix expected" ); |
c7b43f33 | 1082 | res.type = what->aux; |
36bbfc70 | 1083 | switch(res.type) { |
684c6f5a | 1084 | /* case T_INT: res.val.i = v1.val.px.len; break; Not needed any more */ |
6dc7a0cb | 1085 | case T_IP: res.val.px.ip = v1.val.px.ip; break; |
3076b5ae | 1086 | default: bug( "Unknown prefix to conversion" ); |
36bbfc70 PM |
1087 | } |
1088 | break; | |
7ea5b00f OZ |
1089 | case P('a','f'): /* Get first ASN from AS PATH */ |
1090 | ONEARG; | |
1091 | if (v1.type != T_PATH) | |
2eece54a | 1092 | runtime( "AS path expected" ); |
7ea5b00f OZ |
1093 | |
1094 | as = 0; | |
52b9b2a1 | 1095 | as_path_get_first(v1.val.ad, &as); |
7ea5b00f OZ |
1096 | res.type = T_INT; |
1097 | res.val.i = as; | |
1098 | break; | |
1099 | case P('a','l'): /* Get last ASN from AS PATH */ | |
1100 | ONEARG; | |
1101 | if (v1.type != T_PATH) | |
1102 | runtime( "AS path expected" ); | |
1103 | ||
1104 | as = 0; | |
52b9b2a1 | 1105 | as_path_get_last(v1.val.ad, &as); |
7ea5b00f OZ |
1106 | res.type = T_INT; |
1107 | res.val.i = as; | |
1108 | break; | |
9c9cc35c OZ |
1109 | case P('a','L'): /* Get last ASN from non-aggregated part of AS PATH */ |
1110 | ONEARG; | |
1111 | if (v1.type != T_PATH) | |
1112 | runtime( "AS path expected" ); | |
1113 | ||
1114 | res.type = T_INT; | |
1115 | res.val.i = as_path_get_last_nonaggregated(v1.val.ad); | |
1116 | break; | |
2d496d20 PM |
1117 | case 'r': |
1118 | ONEARG; | |
1119 | res = v1; | |
1120 | res.type |= T_RETURN; | |
44711e0c | 1121 | return res; |
2d496d20 | 1122 | case P('c','a'): /* CALL: this is special: if T_RETURN and returning some value, mask it out */ |
6542ece9 PM |
1123 | ONEARG; |
1124 | res = interpret(what->a2.p); | |
2d496d20 PM |
1125 | if (res.type == T_RETURN) |
1126 | return res; | |
315f23a0 | 1127 | res.type &= ~T_RETURN; |
6542ece9 | 1128 | break; |
aa461248 OZ |
1129 | case P('c','v'): /* Clear local variables */ |
1130 | for (sym = what->a1.p; sym != NULL; sym = sym->aux2) | |
1131 | ((struct f_val *) sym->def)->type = T_VOID; | |
1132 | break; | |
2d496d20 | 1133 | case P('S','W'): |
7db7b7db | 1134 | ONEARG; |
41be4444 PM |
1135 | { |
1136 | struct f_tree *t = find_tree(what->a2.p, v1); | |
1137 | if (!t) { | |
1138 | v1.type = T_VOID; | |
1139 | t = find_tree(what->a2.p, v1); | |
1140 | if (!t) { | |
ad9074e9 | 1141 | debug( "No else statement?\n"); |
41be4444 PM |
1142 | break; |
1143 | } | |
315f23a0 | 1144 | } |
1877dab2 | 1145 | /* It is actually possible to have t->data NULL */ |
44711e0c OZ |
1146 | |
1147 | res = interpret(t->data); | |
1148 | if (res.type & T_RETURN) | |
1149 | return res; | |
41be4444 | 1150 | } |
7db7b7db | 1151 | break; |
2d496d20 | 1152 | case P('i','M'): /* IP.MASK(val) */ |
f4536657 PM |
1153 | TWOARGS; |
1154 | if (v2.type != T_INT) | |
b178d92a | 1155 | runtime( "Integer expected"); |
f4536657 | 1156 | if (v1.type != T_IP) |
b178d92a | 1157 | runtime( "You can mask only IP addresses" ); |
f4536657 PM |
1158 | { |
1159 | ip_addr mask = ipa_mkmask(v2.val.i); | |
1160 | res.type = T_IP; | |
1161 | res.val.px.ip = ipa_and(mask, v1.val.px.ip); | |
1162 | } | |
d3dd620b | 1163 | break; |
afc54517 PM |
1164 | |
1165 | case 'E': /* Create empty attribute */ | |
1166 | res.type = what->aux; | |
42a0c054 | 1167 | res.val.ad = adata_empty(f_pool, 0); |
afc54517 PM |
1168 | break; |
1169 | case P('A','p'): /* Path prepend */ | |
1170 | TWOARGS; | |
1171 | if (v1.type != T_PATH) | |
1172 | runtime("Can't prepend to non-path"); | |
1173 | if (v2.type != T_INT) | |
1174 | runtime("Can't prepend non-integer"); | |
1175 | ||
1176 | res.type = T_PATH; | |
1177 | res.val.ad = as_path_prepend(f_pool, v1.val.ad, v2.val.i); | |
1178 | break; | |
1179 | ||
42a0c054 | 1180 | case P('C','a'): /* (Extended) Community list add or delete */ |
9c400ec9 | 1181 | TWOARGS; |
bff9ce51 OZ |
1182 | if (v1.type == T_PATH) |
1183 | { | |
1184 | struct f_tree *set = NULL; | |
1185 | u32 key = 0; | |
1186 | int pos; | |
1187 | ||
1188 | if (v2.type == T_INT) | |
1189 | key = v2.val.i; | |
1190 | else if ((v2.type == T_SET) && (v2.val.t->from.type == T_INT)) | |
1191 | set = v2.val.t; | |
1192 | else | |
1193 | runtime("Can't delete non-integer (set)"); | |
1194 | ||
1195 | switch (what->aux) | |
1196 | { | |
1197 | case 'a': runtime("Can't add to path"); | |
1198 | case 'd': pos = 0; break; | |
1199 | case 'f': pos = 1; break; | |
1200 | default: bug("unknown Ca operation"); | |
1201 | } | |
1202 | ||
1203 | if (pos && !set) | |
1204 | runtime("Can't filter integer"); | |
1205 | ||
1206 | res.type = T_PATH; | |
1207 | res.val.ad = as_path_filter(f_pool, v1.val.ad, set, key, pos); | |
1208 | } | |
1209 | else if (v1.type == T_CLIST) | |
42a0c054 OZ |
1210 | { |
1211 | /* Community (or cluster) list */ | |
1212 | struct f_val dummy; | |
1213 | int arg_set = 0; | |
52e030e1 | 1214 | uint n = 0; |
a58022a6 | 1215 | |
42a0c054 | 1216 | if ((v2.type == T_PAIR) || (v2.type == T_QUAD)) |
52e030e1 | 1217 | n = v2.val.i; |
126683fe | 1218 | #ifndef IPV6 |
42a0c054 OZ |
1219 | /* IP->Quad implicit conversion */ |
1220 | else if (v2.type == T_IP) | |
52e030e1 | 1221 | n = ipa_to_u32(v2.val.px.ip); |
126683fe | 1222 | #endif |
42a0c054 OZ |
1223 | else if ((v2.type == T_SET) && clist_set_type(v2.val.t, &dummy)) |
1224 | arg_set = 1; | |
0888a737 OZ |
1225 | else if (v2.type == T_CLIST) |
1226 | arg_set = 2; | |
42a0c054 OZ |
1227 | else |
1228 | runtime("Can't add/delete non-pair"); | |
1229 | ||
1230 | res.type = T_CLIST; | |
1231 | switch (what->aux) | |
1232 | { | |
1233 | case 'a': | |
0888a737 | 1234 | if (arg_set == 1) |
42a0c054 | 1235 | runtime("Can't add set"); |
0888a737 | 1236 | else if (!arg_set) |
52e030e1 | 1237 | res.val.ad = int_set_add(f_pool, v1.val.ad, n); |
315f23a0 | 1238 | else |
0888a737 | 1239 | res.val.ad = int_set_union(f_pool, v1.val.ad, v2.val.ad); |
42a0c054 | 1240 | break; |
315f23a0 | 1241 | |
42a0c054 OZ |
1242 | case 'd': |
1243 | if (!arg_set) | |
52e030e1 | 1244 | res.val.ad = int_set_del(f_pool, v1.val.ad, n); |
42a0c054 | 1245 | else |
0888a737 | 1246 | res.val.ad = clist_filter(f_pool, v1.val.ad, v2, 0); |
42a0c054 | 1247 | break; |
9c400ec9 | 1248 | |
42a0c054 OZ |
1249 | case 'f': |
1250 | if (!arg_set) | |
1251 | runtime("Can't filter pair"); | |
0888a737 | 1252 | res.val.ad = clist_filter(f_pool, v1.val.ad, v2, 1); |
42a0c054 OZ |
1253 | break; |
1254 | ||
1255 | default: | |
1256 | bug("unknown Ca operation"); | |
1257 | } | |
1258 | } | |
1259 | else if (v1.type == T_ECLIST) | |
e08d2ff0 | 1260 | { |
42a0c054 OZ |
1261 | /* Extended community list */ |
1262 | int arg_set = 0; | |
315f23a0 | 1263 | |
42a0c054 OZ |
1264 | /* v2.val is either EC or EC-set */ |
1265 | if ((v2.type == T_SET) && eclist_set_type(v2.val.t)) | |
1266 | arg_set = 1; | |
0888a737 OZ |
1267 | else if (v2.type == T_ECLIST) |
1268 | arg_set = 2; | |
42a0c054 OZ |
1269 | else if (v2.type != T_EC) |
1270 | runtime("Can't add/delete non-pair"); | |
1271 | ||
1272 | res.type = T_ECLIST; | |
1273 | switch (what->aux) | |
1274 | { | |
1275 | case 'a': | |
0888a737 | 1276 | if (arg_set == 1) |
42a0c054 | 1277 | runtime("Can't add set"); |
0888a737 OZ |
1278 | else if (!arg_set) |
1279 | res.val.ad = ec_set_add(f_pool, v1.val.ad, v2.val.ec); | |
315f23a0 | 1280 | else |
0888a737 | 1281 | res.val.ad = ec_set_union(f_pool, v1.val.ad, v2.val.ad); |
42a0c054 | 1282 | break; |
315f23a0 | 1283 | |
42a0c054 OZ |
1284 | case 'd': |
1285 | if (!arg_set) | |
1286 | res.val.ad = ec_set_del(f_pool, v1.val.ad, v2.val.ec); | |
1287 | else | |
0888a737 | 1288 | res.val.ad = eclist_filter(f_pool, v1.val.ad, v2, 0); |
42a0c054 | 1289 | break; |
e08d2ff0 | 1290 | |
42a0c054 OZ |
1291 | case 'f': |
1292 | if (!arg_set) | |
1293 | runtime("Can't filter ec"); | |
0888a737 | 1294 | res.val.ad = eclist_filter(f_pool, v1.val.ad, v2, 1); |
42a0c054 | 1295 | break; |
e08d2ff0 | 1296 | |
42a0c054 OZ |
1297 | default: |
1298 | bug("unknown Ca operation"); | |
1299 | } | |
9c400ec9 | 1300 | } |
42a0c054 OZ |
1301 | else |
1302 | runtime("Can't add/delete to non-(e)clist"); | |
1303 | ||
9c400ec9 PM |
1304 | break; |
1305 | ||
af582c48 OZ |
1306 | case P('R','C'): /* ROA Check */ |
1307 | if (what->arg1) | |
1308 | { | |
1309 | TWOARGS; | |
1310 | if ((v1.type != T_PREFIX) || (v2.type != T_INT)) | |
1311 | runtime("Invalid argument to roa_check()"); | |
1312 | ||
1313 | as = v2.val.i; | |
1314 | } | |
1315 | else | |
1316 | { | |
508d9360 | 1317 | ACCESS_RTE; |
af582c48 OZ |
1318 | v1.val.px.ip = (*f_rte)->net->n.prefix; |
1319 | v1.val.px.len = (*f_rte)->net->n.pxlen; | |
1320 | ||
1321 | /* We ignore temporary attributes, probably not a problem here */ | |
1322 | /* 0x02 is a value of BA_AS_PATH, we don't want to include BGP headers */ | |
1323 | eattr *e = ea_find((*f_rte)->attrs->eattrs, EA_CODE(EAP_BGP, 0x02)); | |
1324 | ||
1325 | if (!e || e->type != EAF_TYPE_AS_PATH) | |
1326 | runtime("Missing AS_PATH attribute"); | |
1327 | ||
1328 | as_path_get_last(e->u.ptr, &as); | |
1329 | } | |
1330 | ||
1331 | struct roa_table_config *rtc = ((struct f_inst_roa_check *) what)->rtc; | |
1332 | if (!rtc->table) | |
1333 | runtime("Missing ROA table"); | |
1334 | ||
1335 | res.type = T_ENUM_ROA; | |
1336 | res.val.i = roa_check(rtc->table, v1.val.px.ip, v1.val.px.len, as); | |
1337 | break; | |
1338 | ||
23b1539b PM |
1339 | default: |
1340 | bug( "Unknown instruction %d (%c)", what->code, what->code & 0xff); | |
1341 | } | |
1342 | if (what->next) | |
1343 | return interpret(what->next); | |
1344 | return res; | |
1345 | } | |
1346 | ||
2d496d20 | 1347 | #undef ARG |
9a4037d4 PM |
1348 | #define ARG(x,y) \ |
1349 | if (!i_same(f1->y, f2->y)) \ | |
1350 | return 0; | |
1351 | ||
1352 | #define ONEARG ARG(v1, a1.p) | |
1353 | #define TWOARGS ARG(v1, a1.p) \ | |
1354 | ARG(v2, a2.p) | |
1355 | ||
1356 | #define A2_SAME if (f1->a2.i != f2->a2.i) return 0; | |
1357 | ||
4c5f93d7 | 1358 | /* |
b093c328 PM |
1359 | * i_same - function that does real comparing of instruction trees, you should call filter_same from outside |
1360 | */ | |
9a4037d4 PM |
1361 | int |
1362 | i_same(struct f_inst *f1, struct f_inst *f2) | |
1363 | { | |
9a4037d4 PM |
1364 | if ((!!f1) != (!!f2)) |
1365 | return 0; | |
d4d75628 PM |
1366 | if (!f1) |
1367 | return 1; | |
9a4037d4 PM |
1368 | if (f1->aux != f2->aux) |
1369 | return 0; | |
1370 | if (f1->code != f2->code) | |
1371 | return 0; | |
d4d75628 PM |
1372 | if (f1 == f2) /* It looks strange, but it is possible with call rewriting trickery */ |
1373 | return 1; | |
9a4037d4 PM |
1374 | |
1375 | switch(f1->code) { | |
1376 | case ',': /* fall through */ | |
1377 | case '+': | |
9f0d45d6 PM |
1378 | case '-': |
1379 | case '*': | |
9a4037d4 | 1380 | case '/': |
5f4aee76 PM |
1381 | case '|': |
1382 | case '&': | |
92a72a4c | 1383 | case P('m','p'): |
4271f2b7 | 1384 | case P('m','c'): |
2d496d20 PM |
1385 | case P('!','='): |
1386 | case P('=','='): | |
9a4037d4 | 1387 | case '<': |
2d496d20 | 1388 | case P('<','='): TWOARGS; break; |
9a4037d4 | 1389 | |
995e5894 | 1390 | case '!': ONEARG; break; |
9a4037d4 | 1391 | case '~': TWOARGS; break; |
2d496d20 | 1392 | case P('d','e'): ONEARG; break; |
9a4037d4 PM |
1393 | |
1394 | case 's': | |
1395 | ARG(v2, a2.p); | |
1396 | { | |
1397 | struct symbol *s1, *s2; | |
1398 | s1 = f1->a1.p; | |
1399 | s2 = f2->a1.p; | |
1400 | if (strcmp(s1->name, s2->name)) | |
1401 | return 0; | |
1402 | if (s1->class != s2->class) | |
1403 | return 0; | |
1404 | } | |
1405 | break; | |
1406 | ||
315f23a0 | 1407 | case 'c': |
b1a597e0 OZ |
1408 | switch (f1->aux) { |
1409 | ||
1410 | case T_PREFIX_SET: | |
1411 | if (!trie_same(f1->a2.p, f2->a2.p)) | |
1412 | return 0; | |
9be1086d | 1413 | break; |
b1a597e0 OZ |
1414 | |
1415 | case T_SET: | |
4bb18dd2 PM |
1416 | if (!same_tree(f1->a2.p, f2->a2.p)) |
1417 | return 0; | |
9be1086d | 1418 | break; |
b1a597e0 | 1419 | |
4bb18dd2 PM |
1420 | case T_STRING: |
1421 | if (strcmp(f1->a2.p, f2->a2.p)) | |
1422 | return 0; | |
1423 | break; | |
b1a597e0 | 1424 | |
4bb18dd2 PM |
1425 | default: |
1426 | A2_SAME; | |
1427 | } | |
1428 | break; | |
507e182a | 1429 | |
28a10f84 OZ |
1430 | case 'C': |
1431 | if (!val_same(* (struct f_val *) f1->a1.p, * (struct f_val *) f2->a1.p)) | |
9a4037d4 PM |
1432 | return 0; |
1433 | break; | |
28a10f84 | 1434 | |
315f23a0 | 1435 | case 'V': |
9be1086d OF |
1436 | if (strcmp((char *) f1->a2.p, (char *) f2->a2.p)) |
1437 | return 0; | |
1438 | break; | |
684c6f5a | 1439 | case 'p': case 'L': ONEARG; break; |
9a4037d4 | 1440 | case '?': TWOARGS; break; |
afc54517 | 1441 | case '0': case 'E': break; |
2d496d20 | 1442 | case P('p',','): ONEARG; A2_SAME; break; |
0dc4431c | 1443 | case 'P': |
9a4037d4 | 1444 | case 'a': A2_SAME; break; |
2d496d20 | 1445 | case P('e','a'): A2_SAME; break; |
0dc4431c PM |
1446 | case P('P','S'): |
1447 | case P('a','S'): | |
2d496d20 | 1448 | case P('e','S'): ONEARG; A2_SAME; break; |
9a4037d4 | 1449 | |
2d496d20 PM |
1450 | case 'r': ONEARG; break; |
1451 | case P('c','p'): ONEARG; break; | |
d4d75628 | 1452 | case P('c','a'): /* Call rewriting trickery to avoid exponential behaviour */ |
315f23a0 | 1453 | ONEARG; |
d4d75628 | 1454 | if (!i_same(f1->a2.p, f2->a2.p)) |
315f23a0 | 1455 | return 0; |
d4d75628 PM |
1456 | f2->a2.p = f1->a2.p; |
1457 | break; | |
315f23a0 | 1458 | case P('c','v'): break; /* internal instruction */ |
2d496d20 PM |
1459 | case P('S','W'): ONEARG; if (!same_tree(f1->a2.p, f2->a2.p)) return 0; break; |
1460 | case P('i','M'): TWOARGS; break; | |
afc54517 | 1461 | case P('A','p'): TWOARGS; break; |
9c400ec9 | 1462 | case P('C','a'): TWOARGS; break; |
2eece54a | 1463 | case P('a','f'): |
f1f39bb9 OZ |
1464 | case P('a','l'): |
1465 | case P('a','L'): ONEARG; break; | |
af582c48 OZ |
1466 | case P('R','C'): |
1467 | TWOARGS; | |
1468 | /* Does not really make sense - ROA check resuls may change anyway */ | |
315f23a0 | 1469 | if (strcmp(((struct f_inst_roa_check *) f1)->rtc->name, |
af582c48 OZ |
1470 | ((struct f_inst_roa_check *) f2)->rtc->name)) |
1471 | return 0; | |
1472 | break; | |
9a4037d4 PM |
1473 | default: |
1474 | bug( "Unknown instruction %d in same (%c)", f1->code, f1->code & 0xff); | |
1475 | } | |
1476 | return i_same(f1->next, f2->next); | |
1477 | } | |
1478 | ||
ff95080f | 1479 | /** |
a03ede64 OZ |
1480 | * f_run - run a filter for a route |
1481 | * @filter: filter to run | |
1482 | * @rte: route being filtered, may be modified | |
1483 | * @tmp_attrs: temporary attributes, prepared by caller or generated by f_run() | |
ff95080f | 1484 | * @tmp_pool: all filter allocations go from this pool |
4c5f93d7 | 1485 | * @flags: flags |
a03ede64 OZ |
1486 | * |
1487 | * If filter needs to modify the route, there are several | |
1488 | * posibilities. @rte might be read-only (with REF_COW flag), in that | |
1489 | * case rw copy is obtained by rte_cow() and @rte is replaced. If | |
1490 | * @rte is originally rw, it may be directly modified (and it is never | |
1491 | * copied). | |
1492 | * | |
1493 | * The returned rte may reuse the (possibly cached, cloned) rta, or | |
1494 | * (if rta was modificied) contains a modified uncached rta, which | |
1495 | * uses parts allocated from @tmp_pool and parts shared from original | |
1496 | * rta. There is one exception - if @rte is rw but contains a cached | |
1497 | * rta and that is modified, rta in returned rte is also cached. | |
1498 | * | |
1499 | * Ownership of cached rtas is consistent with rte, i.e. | |
1500 | * if a new rte is returned, it has its own clone of cached rta | |
1501 | * (and cached rta of read-only source rte is intact), if rte is | |
1502 | * modified in place, old cached rta is possibly freed. | |
ff95080f | 1503 | */ |
23b1539b | 1504 | int |
0a06a9b8 | 1505 | f_run(struct filter *filter, struct rte **rte, struct ea_list **tmp_attrs, struct linpool *tmp_pool, int flags) |
23b1539b | 1506 | { |
36da2857 OZ |
1507 | if (filter == FILTER_ACCEPT) |
1508 | return F_ACCEPT; | |
1509 | ||
1510 | if (filter == FILTER_REJECT) | |
1511 | return F_REJECT; | |
1512 | ||
a03ede64 | 1513 | int rte_cow = ((*rte)->flags & REF_COW); |
6b9fa320 | 1514 | DBG( "Running filter `%s'...", filter->name ); |
23b1539b | 1515 | |
36bbfc70 | 1516 | f_rte = rte; |
a03ede64 OZ |
1517 | f_old_rta = NULL; |
1518 | f_tmp_attrs = tmp_attrs; | |
f31156ca | 1519 | f_pool = tmp_pool; |
a03ede64 | 1520 | f_flags = flags; |
0d1b3c4c | 1521 | |
0e175f9f OZ |
1522 | LOG_BUFFER_INIT(f_buf); |
1523 | ||
a03ede64 OZ |
1524 | struct f_val res = interpret(filter->root); |
1525 | ||
1526 | if (f_old_rta) { | |
1527 | /* | |
1528 | * Cached rta was modified and f_rte contains now an uncached one, | |
1529 | * sharing some part with the cached one. The cached rta should | |
1530 | * be freed (if rte was originally COW, f_old_rta is a clone | |
1531 | * obtained during rte_cow()). | |
1532 | * | |
1533 | * This also implements the exception mentioned in f_run() | |
1534 | * description. The reason for this is that rta reuses parts of | |
1535 | * f_old_rta, and these may be freed during rta_free(f_old_rta). | |
1536 | * This is not the problem if rte was COW, because original rte | |
1537 | * also holds the same rta. | |
1538 | */ | |
1539 | if (!rte_cow) | |
1540 | (*f_rte)->attrs = rta_lookup((*f_rte)->attrs); | |
1541 | ||
1542 | rta_free(f_old_rta); | |
1543 | } | |
1544 | ||
0d1b3c4c | 1545 | |
0b1cad81 | 1546 | if (res.type != T_RETURN) { |
1123e707 | 1547 | log_rl(&rl_runtime_err, L_ERR "Filter %s did not return accept nor reject. Make up your mind", filter->name); |
23b1539b | 1548 | return F_ERROR; |
0b1cad81 | 1549 | } |
52e030e1 | 1550 | DBG( "done (%u)\n", res.val.i ); |
23b1539b PM |
1551 | return res.val.i; |
1552 | } | |
1553 | ||
1321e12a OZ |
1554 | /* TODO: perhaps we could integrate f_eval(), f_eval_rte() and f_run() */ |
1555 | ||
1556 | struct f_val | |
1557 | f_eval_rte(struct f_inst *expr, struct rte **rte, struct linpool *tmp_pool) | |
1558 | { | |
1559 | struct ea_list *tmp_attrs = NULL; | |
1560 | ||
1561 | f_rte = rte; | |
1562 | f_old_rta = NULL; | |
1563 | f_tmp_attrs = &tmp_attrs; | |
1564 | f_pool = tmp_pool; | |
1565 | f_flags = 0; | |
1566 | ||
1567 | LOG_BUFFER_INIT(f_buf); | |
1568 | ||
1569 | /* Note that in this function we assume that rte->attrs is private / uncached */ | |
1570 | struct f_val res = interpret(expr); | |
1571 | ||
1572 | /* Hack to include EAF_TEMP attributes to the main list */ | |
1573 | (*rte)->attrs->eattrs = ea_append(tmp_attrs, (*rte)->attrs->eattrs); | |
1574 | ||
1575 | return res; | |
1576 | } | |
1577 | ||
508d9360 OZ |
1578 | struct f_val |
1579 | f_eval(struct f_inst *expr, struct linpool *tmp_pool) | |
1c20608e | 1580 | { |
b1c9d871 MM |
1581 | f_flags = 0; |
1582 | f_tmp_attrs = NULL; | |
1583 | f_rte = NULL; | |
508d9360 | 1584 | f_pool = tmp_pool; |
0d1b3c4c | 1585 | |
0e175f9f OZ |
1586 | LOG_BUFFER_INIT(f_buf); |
1587 | ||
508d9360 OZ |
1588 | return interpret(expr); |
1589 | } | |
0d1b3c4c | 1590 | |
52e030e1 | 1591 | uint |
508d9360 OZ |
1592 | f_eval_int(struct f_inst *expr) |
1593 | { | |
1594 | /* Called independently in parse-time to eval expressions */ | |
1595 | struct f_val res = f_eval(expr, cfg_mem); | |
0d1b3c4c | 1596 | |
b1c9d871 MM |
1597 | if (res.type != T_INT) |
1598 | cf_error("Integer expression expected"); | |
508d9360 | 1599 | |
b1c9d871 MM |
1600 | return res.val.i; |
1601 | } | |
1c20608e | 1602 | |
92a72a4c OZ |
1603 | u32 |
1604 | f_eval_asn(struct f_inst *expr) | |
1605 | { | |
0d1b3c4c | 1606 | /* Called as a part of another interpret call, therefore no log_reset() */ |
92a72a4c | 1607 | struct f_val res = interpret(expr); |
938b191b | 1608 | return (res.type == T_INT) ? res.val.i : 0; |
92a72a4c OZ |
1609 | } |
1610 | ||
ff95080f PM |
1611 | /** |
1612 | * filter_same - compare two filters | |
1613 | * @new: first filter to be compared | |
1614 | * @old: second filter to be compared, notice that this filter is | |
1615 | * damaged while comparing. | |
1616 | * | |
1617 | * Returns 1 in case filters are same, otherwise 0. If there are | |
1618 | * underlying bugs, it will rather say 0 on same filters than say | |
1619 | * 1 on different. | |
1620 | */ | |
30a6108c MM |
1621 | int |
1622 | filter_same(struct filter *new, struct filter *old) | |
1623 | { | |
81ce667b MM |
1624 | if (old == new) /* Handle FILTER_ACCEPT and FILTER_REJECT */ |
1625 | return 1; | |
1626 | if (old == FILTER_ACCEPT || old == FILTER_REJECT || | |
1627 | new == FILTER_ACCEPT || new == FILTER_REJECT) | |
1628 | return 0; | |
9a4037d4 | 1629 | return i_same(new->root, old->root); |
30a6108c | 1630 | } |