]>
git.ipfire.org Git - thirdparty/bird.git/blob - filter/filter.c
2 * Filters: utility functions
4 * Copyright 1998 Pavel Machek <pavel@ucw.cz>
6 * Can be freely distributed and used under the terms of the GNU GPL.
13 * You can find sources of the filter language in |filter/|
14 * directory. File |filter/config.Y| contains filter grammar and basically translates
15 * the source from user into a tree of &f_inst structures. These trees are
16 * later interpreted using code in |filter/filter.c|.
18 * A filter is represented by a tree of &f_inst structures, one structure per
19 * "instruction". Each &f_inst contains @code, @aux value which is
20 * usually the data type this instruction operates on and two generic
21 * arguments (@a1, @a2). Some instructions contain pointer(s) to other
22 * instructions in their (@a1, @a2) fields.
24 * Filters use a &f_val structure for their data. Each &f_val
25 * contains type and value (types are constants prefixed with %T_). Few
26 * of the types are special; %T_RETURN can be or-ed with a type to indicate
27 * that return from a function or from the whole filter should be
28 * forced. Important thing about &f_val's is that they may be copied
29 * with a simple |=|. That's fine for all currently defined types: strings
30 * are read-only (and therefore okay), paths are copied for each
31 * operation (okay too).
36 #include "nest/bird.h"
37 #include "lib/lists.h"
38 #include "lib/resource.h"
39 #include "lib/socket.h"
40 #include "lib/string.h"
41 #include "lib/unaligned.h"
42 #include "nest/route.h"
43 #include "nest/protocol.h"
44 #include "nest/iface.h"
45 #include "nest/attrs.h"
46 #include "conf/conf.h"
47 #include "filter/filter.h"
52 adata_empty(struct linpool
*pool
, int l
)
54 struct adata
*res
= lp_alloc(pool
, sizeof(struct adata
) + l
);
60 pm_format(struct f_path_mask
*p
, buffer
*buf
)
62 buffer_puts(buf
, "[= ");
69 buffer_print(buf
, "%u ", p
->val
);
73 buffer_puts(buf
, "? ");
77 buffer_puts(buf
, "* ");
81 buffer_print(buf
, "%u..%u ", p
->val
, p
->val2
);
91 buffer_puts(buf
, "=]");
95 uint_cmp(uint i1
, uint i2
)
97 return (int)(i1
> i2
) - (int)(i1
< i2
);
101 u64_cmp(u64 i1
, u64 i2
)
103 return (int)(i1
> i2
) - (int)(i1
< i2
);
107 lcomm_cmp(lcomm v1
, lcomm v2
)
109 if (v1
.asn
!= v2
.asn
)
110 return (v1
.asn
> v2
.asn
) ? 1 : -1;
111 if (v1
.ldp1
!= v2
.ldp1
)
112 return (v1
.ldp1
> v2
.ldp1
) ? 1 : -1;
113 if (v1
.ldp2
!= v2
.ldp2
)
114 return (v1
.ldp2
> v2
.ldp2
) ? 1 : -1;
119 * val_compare - compare two values
123 * Compares two values and returns -1, 0, 1 on <, =, > or CMP_ERROR on
124 * error. Tree module relies on this giving consistent results so
125 * that it can be used for building balanced trees.
128 val_compare(struct f_val v1
, struct f_val v2
)
132 if (v1
.type
!= v2
.type
) {
133 if (v1
.type
== T_VOID
) /* Hack for else */
135 if (v2
.type
== T_VOID
)
139 /* IP->Quad implicit conversion */
140 if ((v1
.type
== T_QUAD
) && (v2
.type
== T_IP
))
141 return uint_cmp(v1
.val
.i
, ipa_to_u32(v2
.val
.px
.ip
));
142 if ((v1
.type
== T_IP
) && (v2
.type
== T_QUAD
))
143 return uint_cmp(ipa_to_u32(v1
.val
.px
.ip
), v2
.val
.i
);
146 debug( "Types do not match in val_compare\n" );
158 return uint_cmp(v1
.val
.i
, v2
.val
.i
);
160 return u64_cmp(v1
.val
.ec
, v2
.val
.ec
);
162 return lcomm_cmp(v1
.val
.lc
, v2
.val
.lc
);
164 return ipa_compare(v1
.val
.px
.ip
, v2
.val
.px
.ip
);
166 if (rc
= ipa_compare(v1
.val
.px
.ip
, v2
.val
.px
.ip
))
168 return uint_cmp(v1
.val
.px
.len
, v2
.val
.px
.len
);
170 return strcmp(v1
.val
.s
, v2
.val
.s
);
177 pm_same(struct f_path_mask
*m1
, struct f_path_mask
*m2
)
181 if (m1
->kind
!= m2
->kind
)
184 if (m1
->kind
== PM_ASN_EXPR
)
186 if (!i_same((struct f_inst
*) m1
->val
, (struct f_inst
*) m2
->val
))
191 if ((m1
->val
!= m2
->val
) || (m1
->val2
!= m2
->val2
))
203 * val_same - compare two values
207 * Compares two values and returns 1 if they are same and 0 if not.
208 * Comparison of values of different types is valid and returns 0.
211 val_same(struct f_val v1
, struct f_val v2
)
215 rc
= val_compare(v1
, v2
);
219 if (v1
.type
!= v2
.type
)
224 return pm_same(v1
.val
.path_mask
, v2
.val
.path_mask
);
229 return adata_same(v1
.val
.ad
, v2
.val
.ad
);
231 return same_tree(v1
.val
.t
, v2
.val
.t
);
233 return trie_same(v1
.val
.ti
, v2
.val
.ti
);
235 bug("Invalid type in val_same(): %x", v1
.type
);
240 fprefix_get_bounds(struct f_prefix
*px
, int *l
, int *h
)
242 *l
= *h
= px
->len
& LEN_MASK
;
244 if (px
->len
& LEN_MINUS
)
247 else if (px
->len
& LEN_PLUS
)
248 *h
= MAX_PREFIX_LENGTH
;
250 else if (px
->len
& LEN_RANGE
)
252 *l
= 0xff & (px
->len
>> 16);
253 *h
= 0xff & (px
->len
>> 8);
258 clist_set_type(struct f_tree
*set
, struct f_val
*v
)
260 switch (set
->from
.type
) {
278 eclist_set_type(struct f_tree
*set
)
279 { return set
->from
.type
== T_EC
; }
282 lclist_set_type(struct f_tree
*set
)
283 { return set
->from
.type
== T_LC
; }
286 clist_match_set(struct adata
*clist
, struct f_tree
*set
)
292 if (!clist_set_type(set
, &v
))
295 u32
*l
= (u32
*) clist
->data
;
296 u32
*end
= l
+ clist
->length
/4;
300 if (find_tree(set
, v
))
307 eclist_match_set(struct adata
*list
, struct f_tree
*set
)
312 if (!eclist_set_type(set
))
316 u32
*l
= int_set_get_data(list
);
317 int len
= int_set_get_size(list
);
321 for (i
= 0; i
< len
; i
+= 2) {
322 v
.val
.ec
= ec_get(l
, i
);
323 if (find_tree(set
, v
))
331 lclist_match_set(struct adata
*list
, struct f_tree
*set
)
336 if (!lclist_set_type(set
))
340 u32
*l
= int_set_get_data(list
);
341 int len
= int_set_get_size(list
);
345 for (i
= 0; i
< len
; i
+= 3) {
346 v
.val
.lc
= lc_get(l
, i
);
347 if (find_tree(set
, v
))
354 static struct adata
*
355 clist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
360 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
363 clist_set_type(set
.val
.t
, &v
);
367 int len
= int_set_get_size(list
);
368 u32
*l
= int_set_get_data(list
);
375 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
376 if ((tree
? !!find_tree(set
.val
.t
, v
) : int_set_contains(set
.val
.ad
, v
.val
.i
)) == pos
)
380 uint nl
= (k
- tmp
) * sizeof(u32
);
381 if (nl
== list
->length
)
384 struct adata
*res
= adata_empty(pool
, nl
);
385 memcpy(res
->data
, tmp
, nl
);
389 static struct adata
*
390 eclist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
395 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
398 int len
= int_set_get_size(list
);
399 u32
*l
= int_set_get_data(list
);
405 for (i
= 0; i
< len
; i
+= 2) {
406 v
.val
.ec
= ec_get(l
, i
);
407 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
408 if ((tree
? !!find_tree(set
.val
.t
, v
) : ec_set_contains(set
.val
.ad
, v
.val
.ec
)) == pos
) {
414 uint nl
= (k
- tmp
) * sizeof(u32
);
415 if (nl
== list
->length
)
418 struct adata
*res
= adata_empty(pool
, nl
);
419 memcpy(res
->data
, tmp
, nl
);
423 static struct adata
*
424 lclist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
429 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
432 int len
= int_set_get_size(list
);
433 u32
*l
= int_set_get_data(list
);
439 for (i
= 0; i
< len
; i
+= 3) {
440 v
.val
.lc
= lc_get(l
, i
);
441 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
442 if ((tree
? !!find_tree(set
.val
.t
, v
) : lc_set_contains(set
.val
.ad
, v
.val
.lc
)) == pos
)
446 uint nl
= (k
- tmp
) * sizeof(u32
);
447 if (nl
== list
->length
)
450 struct adata
*res
= adata_empty(pool
, nl
);
451 memcpy(res
->data
, tmp
, nl
);
456 * val_in_range - implement |~| operator
460 * Checks if @v1 is element (|~| operator) of @v2.
463 val_in_range(struct f_val v1
, struct f_val v2
)
465 if ((v1
.type
== T_PATH
) && (v2
.type
== T_PATH_MASK
))
466 return as_path_match(v1
.val
.ad
, v2
.val
.path_mask
);
468 if ((v1
.type
== T_INT
) && (v2
.type
== T_PATH
))
469 return as_path_contains(v2
.val
.ad
, v1
.val
.i
, 1);
471 if (((v1
.type
== T_PAIR
) || (v1
.type
== T_QUAD
)) && (v2
.type
== T_CLIST
))
472 return int_set_contains(v2
.val
.ad
, v1
.val
.i
);
474 /* IP->Quad implicit conversion */
475 if ((v1
.type
== T_IP
) && (v2
.type
== T_CLIST
))
476 return int_set_contains(v2
.val
.ad
, ipa_to_u32(v1
.val
.px
.ip
));
479 if ((v1
.type
== T_EC
) && (v2
.type
== T_ECLIST
))
480 return ec_set_contains(v2
.val
.ad
, v1
.val
.ec
);
482 if ((v1
.type
== T_LC
) && (v2
.type
== T_LCLIST
))
483 return lc_set_contains(v2
.val
.ad
, v1
.val
.lc
);
485 if ((v1
.type
== T_STRING
) && (v2
.type
== T_STRING
))
486 return patmatch(v2
.val
.s
, v1
.val
.s
);
488 if ((v1
.type
== T_IP
) && (v2
.type
== T_PREFIX
))
489 return ipa_in_net(v1
.val
.px
.ip
, v2
.val
.px
.ip
, v2
.val
.px
.len
);
491 if ((v1
.type
== T_PREFIX
) && (v2
.type
== T_PREFIX
))
492 return net_in_net(v1
.val
.px
.ip
, v1
.val
.px
.len
, v2
.val
.px
.ip
, v2
.val
.px
.len
);
494 if ((v1
.type
== T_PREFIX
) && (v2
.type
== T_PREFIX_SET
))
495 return trie_match_fprefix(v2
.val
.ti
, &v1
.val
.px
);
497 if (v2
.type
!= T_SET
)
500 /* With integrated Quad<->IP implicit conversion */
501 if ((v1
.type
== v2
.val
.t
->from
.type
) ||
502 ((IP_VERSION
== 4) && (v1
.type
== T_QUAD
) && (v2
.val
.t
->from
.type
== T_IP
)))
503 return !!find_tree(v2
.val
.t
, v1
);
505 if (v1
.type
== T_CLIST
)
506 return clist_match_set(v1
.val
.ad
, v2
.val
.t
);
508 if (v1
.type
== T_ECLIST
)
509 return eclist_match_set(v1
.val
.ad
, v2
.val
.t
);
511 if (v1
.type
== T_LCLIST
)
512 return lclist_match_set(v1
.val
.ad
, v2
.val
.t
);
514 if (v1
.type
== T_PATH
)
515 return as_path_match_set(v1
.val
.ad
, v2
.val
.t
);
521 * val_format - format filter value
524 val_format(struct f_val v
, buffer
*buf
)
529 case T_VOID
: buffer_puts(buf
, "(void)"); return;
530 case T_BOOL
: buffer_puts(buf
, v
.val
.i
? "TRUE" : "FALSE"); return;
531 case T_INT
: buffer_print(buf
, "%u", v
.val
.i
); return;
532 case T_STRING
: buffer_print(buf
, "%s", v
.val
.s
); return;
533 case T_IP
: buffer_print(buf
, "%I", v
.val
.px
.ip
); return;
534 case T_PREFIX
: buffer_print(buf
, "%I/%d", v
.val
.px
.ip
, v
.val
.px
.len
); return;
535 case T_PAIR
: buffer_print(buf
, "(%u,%u)", v
.val
.i
>> 16, v
.val
.i
& 0xffff); return;
536 case T_QUAD
: buffer_print(buf
, "%R", v
.val
.i
); return;
537 case T_EC
: ec_format(buf2
, v
.val
.ec
); buffer_print(buf
, "%s", buf2
); return;
538 case T_LC
: lc_format(buf2
, v
.val
.lc
); buffer_print(buf
, "%s", buf2
); return;
539 case T_PREFIX_SET
: trie_format(v
.val
.ti
, buf
); return;
540 case T_SET
: tree_format(v
.val
.t
, buf
); return;
541 case T_ENUM
: buffer_print(buf
, "(enum %x)%u", v
.type
, v
.val
.i
); return;
542 case T_PATH
: as_path_format(v
.val
.ad
, buf2
, 1000); buffer_print(buf
, "(path %s)", buf2
); return;
543 case T_CLIST
: int_set_format(v
.val
.ad
, 1, -1, buf2
, 1000); buffer_print(buf
, "(clist %s)", buf2
); return;
544 case T_ECLIST
: ec_set_format(v
.val
.ad
, -1, buf2
, 1000); buffer_print(buf
, "(eclist %s)", buf2
); return;
545 case T_LCLIST
: lc_set_format(v
.val
.ad
, -1, buf2
, 1000); buffer_print(buf
, "(lclist %s)", buf2
); return;
546 case T_PATH_MASK
: pm_format(v
.val
.path_mask
, buf
); return;
547 default: buffer_print(buf
, "[unknown type %x]", v
.type
); return;
551 static struct rte
**f_rte
;
552 static struct rta
*f_old_rta
;
553 static struct ea_list
**f_tmp_attrs
;
554 static struct linpool
*f_pool
;
555 static struct buffer f_buf
;
558 static inline void f_rte_cow(void)
560 *f_rte
= rte_cow(*f_rte
);
564 * rta_cow - prepare rta for modification by filter
569 if (!rta_is_cached((*f_rte
)->attrs
))
572 /* Prepare to modify rte */
575 /* Store old rta to free it later, it stores reference from rte_cow() */
576 f_old_rta
= (*f_rte
)->attrs
;
579 * Get shallow copy of rta. Fields eattrs and nexthops of rta are shared
580 * with f_old_rta (they will be copied when the cached rta will be obtained
581 * at the end of f_run()), also the lock of hostentry is inherited (we
582 * suppose hostentry is not changed by filters).
584 (*f_rte
)->attrs
= rta_do_cow((*f_rte
)->attrs
, f_pool
);
587 static struct tbf rl_runtime_err
= TBF_DEFAULT_LOG_LIMITS
;
589 #define runtime(x) do { \
590 if (!(f_flags & FF_SILENT)) \
591 log_rl(&rl_runtime_err, L_ERR "filters, line %d: %s", what->lineno, x); \
592 res.type = T_RETURN; \
593 res.val.i = F_ERROR; \
598 x = interpret(what->y); \
599 if (x.type & T_RETURN) \
602 #define ONEARG ARG(v1, a1.p)
603 #define TWOARGS ARG(v1, a1.p) \
605 #define TWOARGS_C TWOARGS \
606 if (v1.type != v2.type) \
607 runtime( "Can't operate with values of incompatible types" );
609 do { if (!f_rte) runtime("No route to access"); } while (0)
611 #define BITFIELD_MASK(what) \
612 (1u << (what->a2.i >> 24))
616 * @what: filter to interpret
618 * Interpret given tree of filter instructions. This is core function
619 * of filter system and does all the hard work.
621 * Each instruction has 4 fields: code (which is instruction code),
622 * aux (which is extension to instruction code, typically type),
623 * arg1 and arg2 - arguments. Depending on instruction, arguments
624 * are either integers, or pointers to instruction trees. Common
625 * instructions like +, that have two expressions as arguments use
626 * TWOARGS macro to get both of them evaluated.
628 * &f_val structures are copied around, so there are no problems with
632 interpret(struct f_inst
*what
)
635 struct f_val v1
, v2
, res
= { .type
= T_VOID
}, *vp
;
640 for ( ; what
; what
= what
->next
) {
642 switch(what
->fi_code
) {
643 /* Binary operators */
646 switch (res
.type
= v1
.type
) {
647 case T_VOID
: runtime( "Can't operate with values of type void" );
648 case T_INT
: res
.val
.i
= v1
.val
.i
+ v2
.val
.i
; break;
649 default: runtime( "Usage of unknown type" );
654 switch (res
.type
= v1
.type
) {
655 case T_VOID
: runtime( "Can't operate with values of type void" );
656 case T_INT
: res
.val
.i
= v1
.val
.i
- v2
.val
.i
; break;
657 default: runtime( "Usage of unknown type" );
662 switch (res
.type
= v1
.type
) {
663 case T_VOID
: runtime( "Can't operate with values of type void" );
664 case T_INT
: res
.val
.i
= v1
.val
.i
* v2
.val
.i
; break;
665 default: runtime( "Usage of unknown type" );
670 switch (res
.type
= v1
.type
) {
671 case T_VOID
: runtime( "Can't operate with values of type void" );
672 case T_INT
: if (v2
.val
.i
== 0) runtime( "Mother told me not to divide by 0" );
673 res
.val
.i
= v1
.val
.i
/ v2
.val
.i
; break;
674 default: runtime( "Usage of unknown type" );
681 if (v1
.type
!= T_BOOL
)
682 runtime( "Can't do boolean operation on non-booleans" );
683 if (v1
.val
.i
== (what
->fi_code
== FI_OR
)) {
685 res
.val
.i
= v1
.val
.i
;
690 if (v2
.type
!= T_BOOL
)
691 runtime( "Can't do boolean operation on non-booleans" );
693 res
.val
.i
= v2
.val
.i
;
696 case FI_PAIR_CONSTRUCT
:
698 if ((v1
.type
!= T_INT
) || (v2
.type
!= T_INT
))
699 runtime( "Can't operate with value of non-integer type in pair constructor" );
702 if ((u1
> 0xFFFF) || (u2
> 0xFFFF))
703 runtime( "Can't operate with value out of bounds in pair constructor" );
704 res
.val
.i
= (u1
<< 16) | u2
;
708 case FI_EC_CONSTRUCT
:
712 int check
, ipv4_used
;
715 if (v1
.type
== T_INT
) {
716 ipv4_used
= 0; key
= v1
.val
.i
;
718 else if (v1
.type
== T_QUAD
) {
719 ipv4_used
= 1; key
= v1
.val
.i
;
722 /* IP->Quad implicit conversion */
723 else if (v1
.type
== T_IP
) {
724 ipv4_used
= 1; key
= ipa_to_u32(v1
.val
.px
.ip
);
728 runtime("Can't operate with key of non-integer/IPv4 type in EC constructor");
730 if (v2
.type
!= T_INT
)
731 runtime("Can't operate with value of non-integer type in EC constructor");
737 if (what
->aux
== EC_GENERIC
) {
738 check
= 0; res
.val
.ec
= ec_generic(key
, val
);
740 else if (ipv4_used
) {
741 check
= 1; res
.val
.ec
= ec_ip4(what
->aux
, key
, val
);
743 else if (key
< 0x10000) {
744 check
= 0; res
.val
.ec
= ec_as2(what
->aux
, key
, val
);
747 check
= 1; res
.val
.ec
= ec_as4(what
->aux
, key
, val
);
750 if (check
&& (val
> 0xFFFF))
751 runtime("Can't operate with value out of bounds in EC constructor");
756 case FI_LC_CONSTRUCT
:
760 /* Third argument hack */
761 struct f_val v3
= interpret(INST3(what
).p
);
762 if (v3
.type
& T_RETURN
)
765 if ((v1
.type
!= T_INT
) || (v2
.type
!= T_INT
) || (v3
.type
!= T_INT
))
766 runtime( "Can't operate with value of non-integer type in LC constructor" );
769 res
.val
.lc
= (lcomm
) { v1
.val
.i
, v2
.val
.i
, v3
.val
.i
};
774 case FI_PATHMASK_CONSTRUCT
:
776 struct f_path_mask
*tt
= what
->a1
.p
, *vbegin
, **vv
= &vbegin
;
779 *vv
= lp_alloc(f_pool
, sizeof(struct f_path_mask
));
780 if (tt
->kind
== PM_ASN_EXPR
) {
781 struct f_val res
= interpret((struct f_inst
*) tt
->val
);
782 (*vv
)->kind
= PM_ASN
;
783 if (res
.type
!= T_INT
) {
784 runtime( "Error resolving path mask template: value not an integer" );
785 return (struct f_val
) { .type
= T_VOID
};
788 (*vv
)->val
= res
.val
.i
;
796 res
= (struct f_val
) { .type
= T_PATH_MASK
, .val
.path_mask
= vbegin
};
800 /* Relational operators */
804 i = val_compare(v1, v2); \
806 runtime( "Can't compare values of incompatible types" ); \
813 i = val_same(v1, v2); \
818 case FI_NEQ
: SAME(!i
);
820 case FI_LT
: COMPARE(i
==-1);
821 case FI_LTE
: COMPARE(i
!=1);
825 if (v1
.type
!= T_BOOL
)
826 runtime( "Not applied to non-boolean" );
828 res
.val
.i
= !res
.val
.i
;
834 res
.val
.i
= val_in_range(v1
, v2
);
835 if (res
.val
.i
== CMP_ERROR
)
836 runtime( "~ applied on unknown type pair" );
837 res
.val
.i
= !!res
.val
.i
;
843 res
.val
.i
= val_in_range(v1
, v2
);
844 if (res
.val
.i
== CMP_ERROR
)
845 runtime( "!~ applied on unknown type pair" );
846 res
.val
.i
= !res
.val
.i
;
852 res
.val
.i
= (v1
.type
!= T_VOID
);
855 /* Set to indirect value, a1 = variable, a2 = value */
860 if ((sym
->class != (SYM_VARIABLE
| v2
.type
)) && (v2
.type
!= T_VOID
)) {
862 /* IP->Quad implicit conversion */
863 if ((sym
->class == (SYM_VARIABLE
| T_QUAD
)) && (v2
.type
== T_IP
)) {
865 vp
->val
.i
= ipa_to_u32(v2
.val
.px
.ip
);
869 runtime( "Assigning to variable of incompatible type" );
874 /* some constants have value in a2, some in *a1.p, strange. */
875 case FI_CONSTANT
: /* integer (or simple type) constant, string, set, or prefix_set */
876 res
.type
= what
->aux
;
878 if (res
.type
== T_PREFIX_SET
)
879 res
.val
.ti
= what
->a2
.p
;
880 else if (res
.type
== T_SET
)
881 res
.val
.t
= what
->a2
.p
;
882 else if (res
.type
== T_STRING
)
883 res
.val
.s
= what
->a2
.p
;
885 res
.val
.i
= what
->a2
.i
;
888 case FI_CONSTANT_INDIRECT
:
889 res
= * ((struct f_val
*) what
->a1
.p
);
893 val_format(v1
, &f_buf
);
895 case FI_CONDITION
: /* ? has really strange error value, so we can implement if ... else nicely :-) */
897 if (v1
.type
!= T_BOOL
)
898 runtime( "If requires boolean expression" );
902 } else res
.val
.i
= 1;
906 debug( "No operation\n" );
908 case FI_PRINT_AND_DIE
:
910 if ((what
->a2
.i
== F_NOP
|| (what
->a2
.i
!= F_NONL
&& what
->a1
.p
)) &&
911 !(f_flags
& FF_SILENT
))
912 log_commit(*L_INFO
, &f_buf
);
914 switch (what
->a2
.i
) {
916 die( "Filter asked me to die" );
918 /* Should take care about turning ACCEPT into MODIFY */
920 case F_REJECT
: /* FIXME (noncritical) Should print complete route along with reason to reject route */
922 res
.val
.i
= what
->a2
.i
;
923 return res
; /* We have to return now, no more processing. */
928 bug( "unknown return type: Can't happen");
931 case FI_RTA_GET
: /* rta access */
934 struct rta
*rta
= (*f_rte
)->attrs
;
935 res
.type
= what
->aux
;
939 case SA_FROM
: res
.val
.px
.ip
= rta
->from
; break;
940 case SA_GW
: res
.val
.px
.ip
= rta
->gw
; break;
941 case SA_NET
: res
.val
.px
.ip
= (*f_rte
)->net
->n
.prefix
;
942 res
.val
.px
.len
= (*f_rte
)->net
->n
.pxlen
; break;
943 case SA_PROTO
: res
.val
.s
= rta
->src
->proto
->name
; break;
944 case SA_SOURCE
: res
.val
.i
= rta
->source
; break;
945 case SA_SCOPE
: res
.val
.i
= rta
->scope
; break;
946 case SA_CAST
: res
.val
.i
= rta
->cast
; break;
947 case SA_DEST
: res
.val
.i
= rta
->dest
; break;
948 case SA_IFNAME
: res
.val
.s
= rta
->iface
? rta
->iface
->name
: ""; break;
949 case SA_IFINDEX
: res
.val
.i
= rta
->iface
? rta
->iface
->index
: 0; break;
952 bug("Invalid static attribute access (%x)", res
.type
);
959 if (what
->aux
!= v1
.type
)
960 runtime( "Attempt to set static attribute to incompatible type" );
964 struct rta
*rta
= (*f_rte
)->attrs
;
969 rta
->from
= v1
.val
.px
.ip
;
974 ip_addr ip
= v1
.val
.px
.ip
;
975 neighbor
*n
= neigh_find(rta
->src
->proto
, &ip
, 0);
976 if (!n
|| (n
->scope
== SCOPE_HOST
))
977 runtime( "Invalid gw address" );
979 rta
->dest
= RTD_ROUTER
;
981 rta
->iface
= n
->iface
;
982 rta
->nexthops
= NULL
;
983 rta
->hostentry
= NULL
;
988 rta
->scope
= v1
.val
.i
;
993 if ((i
!= RTD_BLACKHOLE
) && (i
!= RTD_UNREACHABLE
) && (i
!= RTD_PROHIBIT
))
994 runtime( "Destination can be changed only to blackhole, unreachable or prohibit" );
999 rta
->nexthops
= NULL
;
1000 rta
->hostentry
= NULL
;
1005 struct iface
*ifa
= if_find_by_name(v1
.val
.s
);
1007 runtime( "Invalid iface name" );
1009 rta
->dest
= RTD_DEVICE
;
1012 rta
->nexthops
= NULL
;
1013 rta
->hostentry
= NULL
;
1018 bug("Invalid static attribute access (%x)", res
.type
);
1022 case FI_EA_GET
: /* Access to extended attributes */
1026 u16 code
= what
->a2
.i
;
1028 if (!(f_flags
& FF_FORCE_TMPATTR
))
1029 e
= ea_find((*f_rte
)->attrs
->eattrs
, code
);
1031 e
= ea_find((*f_tmp_attrs
), code
);
1032 if ((!e
) && (f_flags
& FF_FORCE_TMPATTR
))
1033 e
= ea_find((*f_rte
)->attrs
->eattrs
, code
);
1036 /* A special case: undefined int_set looks like empty int_set */
1037 if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_INT_SET
) {
1039 res
.val
.ad
= adata_empty(f_pool
, 0);
1043 /* The same special case for ec_set */
1044 if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_EC_SET
) {
1045 res
.type
= T_ECLIST
;
1046 res
.val
.ad
= adata_empty(f_pool
, 0);
1050 /* The same special case for lc_set */
1051 if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_LC_SET
) {
1052 res
.type
= T_LCLIST
;
1053 res
.val
.ad
= adata_empty(f_pool
, 0);
1057 /* Undefined value */
1062 switch (what
->aux
& EAF_TYPE_MASK
) {
1065 res
.val
.i
= e
->u
.data
;
1067 case EAF_TYPE_ROUTER_ID
:
1069 res
.val
.i
= e
->u
.data
;
1071 case EAF_TYPE_OPAQUE
:
1072 res
.type
= T_ENUM_EMPTY
;
1075 case EAF_TYPE_IP_ADDRESS
:
1077 struct adata
* ad
= e
->u
.ptr
;
1078 res
.val
.px
.ip
= * (ip_addr
*) ad
->data
;
1080 case EAF_TYPE_AS_PATH
:
1082 res
.val
.ad
= e
->u
.ptr
;
1084 case EAF_TYPE_BITFIELD
:
1086 res
.val
.i
= !!(e
->u
.data
& BITFIELD_MASK(what
));
1088 case EAF_TYPE_INT_SET
:
1090 res
.val
.ad
= e
->u
.ptr
;
1092 case EAF_TYPE_EC_SET
:
1093 res
.type
= T_ECLIST
;
1094 res
.val
.ad
= e
->u
.ptr
;
1096 case EAF_TYPE_LC_SET
:
1097 res
.type
= T_LCLIST
;
1098 res
.val
.ad
= e
->u
.ptr
;
1100 case EAF_TYPE_UNDEF
:
1104 bug("Unknown type in e,a");
1112 struct ea_list
*l
= lp_alloc(f_pool
, sizeof(struct ea_list
) + sizeof(eattr
));
1113 u16 code
= what
->a2
.i
;
1116 l
->flags
= EALF_SORTED
;
1118 l
->attrs
[0].id
= code
;
1119 l
->attrs
[0].flags
= 0;
1120 l
->attrs
[0].type
= what
->aux
| EAF_ORIGINATED
;
1122 switch (what
->aux
& EAF_TYPE_MASK
) {
1124 // Enums are also ints, so allow them in.
1125 if (v1
.type
!= T_INT
&& (v1
.type
< T_ENUM_LO
|| v1
.type
> T_ENUM_HI
))
1126 runtime( "Setting int attribute to non-int value" );
1127 l
->attrs
[0].u
.data
= v1
.val
.i
;
1130 case EAF_TYPE_ROUTER_ID
:
1132 /* IP->Quad implicit conversion */
1133 if (v1
.type
== T_IP
) {
1134 l
->attrs
[0].u
.data
= ipa_to_u32(v1
.val
.px
.ip
);
1138 /* T_INT for backward compatibility */
1139 if ((v1
.type
!= T_QUAD
) && (v1
.type
!= T_INT
))
1140 runtime( "Setting quad attribute to non-quad value" );
1141 l
->attrs
[0].u
.data
= v1
.val
.i
;
1144 case EAF_TYPE_OPAQUE
:
1145 runtime( "Setting opaque attribute is not allowed" );
1147 case EAF_TYPE_IP_ADDRESS
:
1148 if (v1
.type
!= T_IP
)
1149 runtime( "Setting ip attribute to non-ip value" );
1150 int len
= sizeof(ip_addr
);
1151 struct adata
*ad
= lp_alloc(f_pool
, sizeof(struct adata
) + len
);
1153 (* (ip_addr
*) ad
->data
) = v1
.val
.px
.ip
;
1154 l
->attrs
[0].u
.ptr
= ad
;
1156 case EAF_TYPE_AS_PATH
:
1157 if (v1
.type
!= T_PATH
)
1158 runtime( "Setting path attribute to non-path value" );
1159 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1161 case EAF_TYPE_BITFIELD
:
1162 if (v1
.type
!= T_BOOL
)
1163 runtime( "Setting bit in bitfield attribute to non-bool value" );
1165 /* First, we have to find the old value */
1167 if (!(f_flags
& FF_FORCE_TMPATTR
))
1168 e
= ea_find((*f_rte
)->attrs
->eattrs
, code
);
1170 e
= ea_find((*f_tmp_attrs
), code
);
1171 if ((!e
) && (f_flags
& FF_FORCE_TMPATTR
))
1172 e
= ea_find((*f_rte
)->attrs
->eattrs
, code
);
1173 u32 data
= e
? e
->u
.data
: 0;
1176 l
->attrs
[0].u
.data
= data
| BITFIELD_MASK(what
);
1178 l
->attrs
[0].u
.data
= data
& ~BITFIELD_MASK(what
);;
1181 case EAF_TYPE_INT_SET
:
1182 if (v1
.type
!= T_CLIST
)
1183 runtime( "Setting clist attribute to non-clist value" );
1184 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1186 case EAF_TYPE_EC_SET
:
1187 if (v1
.type
!= T_ECLIST
)
1188 runtime( "Setting eclist attribute to non-eclist value" );
1189 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1191 case EAF_TYPE_LC_SET
:
1192 if (v1
.type
!= T_LCLIST
)
1193 runtime( "Setting lclist attribute to non-lclist value" );
1194 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1196 case EAF_TYPE_UNDEF
:
1197 if (v1
.type
!= T_VOID
)
1198 runtime( "Setting void attribute to non-void value" );
1199 l
->attrs
[0].u
.data
= 0;
1201 default: bug("Unknown type in e,S");
1204 if (!(what
->aux
& EAF_TEMP
) && (!(f_flags
& FF_FORCE_TMPATTR
))) {
1206 l
->next
= (*f_rte
)->attrs
->eattrs
;
1207 (*f_rte
)->attrs
->eattrs
= l
;
1209 l
->next
= (*f_tmp_attrs
);
1217 res
.val
.i
= (*f_rte
)->pref
;
1222 if (v1
.type
!= T_INT
)
1223 runtime( "Can't set preference to non-integer" );
1224 if (v1
.val
.i
> 0xFFFF)
1225 runtime( "Setting preference value out of bounds" );
1227 (*f_rte
)->pref
= v1
.val
.i
;
1229 case FI_LENGTH
: /* Get length of */
1233 case T_PREFIX
: res
.val
.i
= v1
.val
.px
.len
; break;
1234 case T_PATH
: res
.val
.i
= as_path_getlen(v1
.val
.ad
); break;
1235 case T_CLIST
: res
.val
.i
= int_set_get_size(v1
.val
.ad
); break;
1236 case T_ECLIST
: res
.val
.i
= ec_set_get_size(v1
.val
.ad
); break;
1237 case T_LCLIST
: res
.val
.i
= lc_set_get_size(v1
.val
.ad
); break;
1238 default: runtime( "Prefix, path, clist or eclist expected" );
1241 case FI_IP
: /* Convert prefix to ... */
1243 if (v1
.type
!= T_PREFIX
)
1244 runtime( "Prefix expected" );
1245 res
.type
= what
->aux
;
1247 /* case T_INT: res.val.i = v1.val.px.len; break; Not needed any more */
1248 case T_IP
: res
.val
.px
.ip
= v1
.val
.px
.ip
; break;
1249 default: bug( "Unknown prefix to conversion" );
1252 case FI_AS_PATH_FIRST
: /* Get first ASN from AS PATH */
1254 if (v1
.type
!= T_PATH
)
1255 runtime( "AS path expected" );
1258 as_path_get_first(v1
.val
.ad
, &as
);
1262 case FI_AS_PATH_LAST
: /* Get last ASN from AS PATH */
1264 if (v1
.type
!= T_PATH
)
1265 runtime( "AS path expected" );
1268 as_path_get_last(v1
.val
.ad
, &as
);
1272 case FI_AS_PATH_LAST_NAG
: /* Get last ASN from non-aggregated part of AS PATH */
1274 if (v1
.type
!= T_PATH
)
1275 runtime( "AS path expected" );
1278 res
.val
.i
= as_path_get_last_nonaggregated(v1
.val
.ad
);
1283 res
.type
|= T_RETURN
;
1285 case FI_CALL
: /* CALL: this is special: if T_RETURN and returning some value, mask it out */
1287 res
= interpret(what
->a2
.p
);
1288 if (res
.type
== T_RETURN
)
1290 res
.type
&= ~T_RETURN
;
1292 case FI_CLEAR_LOCAL_VARS
: /* Clear local variables */
1293 for (sym
= what
->a1
.p
; sym
!= NULL
; sym
= sym
->aux2
)
1294 ((struct f_val
*) sym
->def
)->type
= T_VOID
;
1299 struct f_tree
*t
= find_tree(what
->a2
.p
, v1
);
1302 t
= find_tree(what
->a2
.p
, v1
);
1304 debug( "No else statement?\n");
1308 /* It is actually possible to have t->data NULL */
1310 res
= interpret(t
->data
);
1311 if (res
.type
& T_RETURN
)
1315 case FI_IP_MASK
: /* IP.MASK(val) */
1317 if (v2
.type
!= T_INT
)
1318 runtime( "Integer expected");
1319 if (v1
.type
!= T_IP
)
1320 runtime( "You can mask only IP addresses" );
1322 ip_addr mask
= ipa_mkmask(v2
.val
.i
);
1324 res
.val
.px
.ip
= ipa_and(mask
, v1
.val
.px
.ip
);
1328 case FI_EMPTY
: /* Create empty attribute */
1329 res
.type
= what
->aux
;
1330 res
.val
.ad
= adata_empty(f_pool
, 0);
1332 case FI_PATH_PREPEND
: /* Path prepend */
1334 if (v1
.type
!= T_PATH
)
1335 runtime("Can't prepend to non-path");
1336 if (v2
.type
!= T_INT
)
1337 runtime("Can't prepend non-integer");
1340 res
.val
.ad
= as_path_prepend(f_pool
, v1
.val
.ad
, v2
.val
.i
);
1343 case FI_CLIST_ADD_DEL
: /* (Extended) Community list add or delete */
1345 if (v1
.type
== T_PATH
)
1347 struct f_tree
*set
= NULL
;
1351 if (v2
.type
== T_INT
)
1353 else if ((v2
.type
== T_SET
) && (v2
.val
.t
->from
.type
== T_INT
))
1356 runtime("Can't delete non-integer (set)");
1360 case 'a': runtime("Can't add to path");
1361 case 'd': pos
= 0; break;
1362 case 'f': pos
= 1; break;
1363 default: bug("unknown Ca operation");
1367 runtime("Can't filter integer");
1370 res
.val
.ad
= as_path_filter(f_pool
, v1
.val
.ad
, set
, key
, pos
);
1372 else if (v1
.type
== T_CLIST
)
1374 /* Community (or cluster) list */
1379 if ((v2
.type
== T_PAIR
) || (v2
.type
== T_QUAD
))
1382 /* IP->Quad implicit conversion */
1383 else if (v2
.type
== T_IP
)
1384 n
= ipa_to_u32(v2
.val
.px
.ip
);
1386 else if ((v2
.type
== T_SET
) && clist_set_type(v2
.val
.t
, &dummy
))
1388 else if (v2
.type
== T_CLIST
)
1391 runtime("Can't add/delete non-pair");
1398 runtime("Can't add set");
1400 res
.val
.ad
= int_set_add(f_pool
, v1
.val
.ad
, n
);
1402 res
.val
.ad
= int_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1407 res
.val
.ad
= int_set_del(f_pool
, v1
.val
.ad
, n
);
1409 res
.val
.ad
= clist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1414 runtime("Can't filter pair");
1415 res
.val
.ad
= clist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1419 bug("unknown Ca operation");
1422 else if (v1
.type
== T_ECLIST
)
1424 /* Extended community list */
1427 /* v2.val is either EC or EC-set */
1428 if ((v2
.type
== T_SET
) && eclist_set_type(v2
.val
.t
))
1430 else if (v2
.type
== T_ECLIST
)
1432 else if (v2
.type
!= T_EC
)
1433 runtime("Can't add/delete non-ec");
1435 res
.type
= T_ECLIST
;
1440 runtime("Can't add set");
1442 res
.val
.ad
= ec_set_add(f_pool
, v1
.val
.ad
, v2
.val
.ec
);
1444 res
.val
.ad
= ec_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1449 res
.val
.ad
= ec_set_del(f_pool
, v1
.val
.ad
, v2
.val
.ec
);
1451 res
.val
.ad
= eclist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1456 runtime("Can't filter ec");
1457 res
.val
.ad
= eclist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1461 bug("unknown Ca operation");
1464 else if (v1
.type
== T_LCLIST
)
1466 /* Large community list */
1469 /* v2.val is either LC or LC-set */
1470 if ((v2
.type
== T_SET
) && lclist_set_type(v2
.val
.t
))
1472 else if (v2
.type
== T_LCLIST
)
1474 else if (v2
.type
!= T_LC
)
1475 runtime("Can't add/delete non-lc");
1477 res
.type
= T_LCLIST
;
1482 runtime("Can't add set");
1484 res
.val
.ad
= lc_set_add(f_pool
, v1
.val
.ad
, v2
.val
.lc
);
1486 res
.val
.ad
= lc_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1491 res
.val
.ad
= lc_set_del(f_pool
, v1
.val
.ad
, v2
.val
.lc
);
1493 res
.val
.ad
= lclist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1498 runtime("Can't filter lc");
1499 res
.val
.ad
= lclist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1503 bug("unknown Ca operation");
1507 runtime("Can't add/delete to non-[e|l]clist");
1511 case FI_ROA_CHECK
: /* ROA Check */
1515 if ((v1
.type
!= T_PREFIX
) || (v2
.type
!= T_INT
))
1516 runtime("Invalid argument to roa_check()");
1523 v1
.val
.px
.ip
= (*f_rte
)->net
->n
.prefix
;
1524 v1
.val
.px
.len
= (*f_rte
)->net
->n
.pxlen
;
1526 /* We ignore temporary attributes, probably not a problem here */
1527 /* 0x02 is a value of BA_AS_PATH, we don't want to include BGP headers */
1528 eattr
*e
= ea_find((*f_rte
)->attrs
->eattrs
, EA_CODE(EAP_BGP
, 0x02));
1530 if (!e
|| e
->type
!= EAF_TYPE_AS_PATH
)
1531 runtime("Missing AS_PATH attribute");
1533 as_path_get_last(e
->u
.ptr
, &as
);
1536 struct roa_table_config
*rtc
= ((struct f_inst_roa_check
*) what
)->rtc
;
1538 runtime("Missing ROA table");
1540 res
.type
= T_ENUM_ROA
;
1541 res
.val
.i
= roa_check(rtc
->table
, v1
.val
.px
.ip
, v1
.val
.px
.len
, as
);
1545 bug( "Unknown instruction %d (%c)", what
->fi_code
, what
->fi_code
& 0xff);
1552 if (!i_same(f1->y, f2->y)) \
1555 #define ONEARG ARG(v1, a1.p)
1556 #define TWOARGS ARG(v1, a1.p) \
1559 #define A2_SAME if (f1->a2.i != f2->a2.i) return 0;
1562 * i_same - function that does real comparing of instruction trees, you should call filter_same from outside
1565 i_same(struct f_inst
*f1
, struct f_inst
*f2
)
1567 if ((!!f1
) != (!!f2
))
1571 if (f1
->aux
!= f2
->aux
)
1573 if (f1
->fi_code
!= f2
->fi_code
)
1575 if (f1
== f2
) /* It looks strange, but it is possible with call rewriting trickery */
1578 switch(f1
->fi_code
) {
1579 case FI_ADD
: /* fall through */
1585 case FI_PAIR_CONSTRUCT
:
1586 case FI_EC_CONSTRUCT
:
1590 case FI_LTE
: TWOARGS
; break;
1592 case FI_PATHMASK_CONSTRUCT
: if (!pm_same(f1
->a1
.p
, f2
->a1
.p
)) return 0; break;
1594 case FI_NOT
: ONEARG
; break;
1596 case FI_MATCH
: TWOARGS
; break;
1597 case FI_DEFINED
: ONEARG
; break;
1599 case FI_LC_CONSTRUCT
:
1601 if (!i_same(INST3(f1
).p
, INST3(f2
).p
))
1608 struct symbol
*s1
, *s2
;
1611 if (strcmp(s1
->name
, s2
->name
))
1613 if (s1
->class != s2
->class)
1622 if (!trie_same(f1
->a2
.p
, f2
->a2
.p
))
1627 if (!same_tree(f1
->a2
.p
, f2
->a2
.p
))
1632 if (strcmp(f1
->a2
.p
, f2
->a2
.p
))
1641 case FI_CONSTANT_INDIRECT
:
1642 if (!val_same(* (struct f_val
*) f1
->a1
.p
, * (struct f_val
*) f2
->a1
.p
))
1647 if (strcmp((char *) f1
->a2
.p
, (char *) f2
->a2
.p
))
1650 case FI_PRINT
: case FI_LENGTH
: ONEARG
; break;
1651 case FI_CONDITION
: TWOARGS
; break;
1652 case FI_NOP
: case FI_EMPTY
: break;
1653 case FI_PRINT_AND_DIE
: ONEARG
; A2_SAME
; break;
1655 case FI_RTA_GET
: A2_SAME
; break;
1656 case FI_EA_GET
: A2_SAME
; break;
1659 case FI_EA_SET
: ONEARG
; A2_SAME
; break;
1661 case FI_RETURN
: ONEARG
; break;
1662 case FI_IP
: ONEARG
; break;
1663 case FI_CALL
: /* Call rewriting trickery to avoid exponential behaviour */
1665 if (!i_same(f1
->a2
.p
, f2
->a2
.p
))
1667 f2
->a2
.p
= f1
->a2
.p
;
1669 case FI_CLEAR_LOCAL_VARS
: break; /* internal instruction */
1670 case FI_SWITCH
: ONEARG
; if (!same_tree(f1
->a2
.p
, f2
->a2
.p
)) return 0; break;
1671 case FI_IP_MASK
: TWOARGS
; break;
1672 case FI_PATH_PREPEND
: TWOARGS
; break;
1673 case FI_CLIST_ADD_DEL
: TWOARGS
; break;
1674 case FI_AS_PATH_FIRST
:
1675 case FI_AS_PATH_LAST
:
1676 case FI_AS_PATH_LAST_NAG
: ONEARG
; break;
1679 /* Does not really make sense - ROA check resuls may change anyway */
1680 if (strcmp(((struct f_inst_roa_check
*) f1
)->rtc
->name
,
1681 ((struct f_inst_roa_check
*) f2
)->rtc
->name
))
1685 bug( "Unknown instruction %d in same (%c)", f1
->fi_code
, f1
->fi_code
& 0xff);
1687 return i_same(f1
->next
, f2
->next
);
1691 * f_run - run a filter for a route
1692 * @filter: filter to run
1693 * @rte: route being filtered, may be modified
1694 * @tmp_attrs: temporary attributes, prepared by caller or generated by f_run()
1695 * @tmp_pool: all filter allocations go from this pool
1698 * If filter needs to modify the route, there are several
1699 * posibilities. @rte might be read-only (with REF_COW flag), in that
1700 * case rw copy is obtained by rte_cow() and @rte is replaced. If
1701 * @rte is originally rw, it may be directly modified (and it is never
1704 * The returned rte may reuse the (possibly cached, cloned) rta, or
1705 * (if rta was modificied) contains a modified uncached rta, which
1706 * uses parts allocated from @tmp_pool and parts shared from original
1707 * rta. There is one exception - if @rte is rw but contains a cached
1708 * rta and that is modified, rta in returned rte is also cached.
1710 * Ownership of cached rtas is consistent with rte, i.e.
1711 * if a new rte is returned, it has its own clone of cached rta
1712 * (and cached rta of read-only source rte is intact), if rte is
1713 * modified in place, old cached rta is possibly freed.
1716 f_run(struct filter
*filter
, struct rte
**rte
, struct ea_list
**tmp_attrs
, struct linpool
*tmp_pool
, int flags
)
1718 if (filter
== FILTER_ACCEPT
)
1721 if (filter
== FILTER_REJECT
)
1724 int rte_cow
= ((*rte
)->flags
& REF_COW
);
1725 DBG( "Running filter `%s'...", filter
->name
);
1729 f_tmp_attrs
= tmp_attrs
;
1733 LOG_BUFFER_INIT(f_buf
);
1735 struct f_val res
= interpret(filter
->root
);
1739 * Cached rta was modified and f_rte contains now an uncached one,
1740 * sharing some part with the cached one. The cached rta should
1741 * be freed (if rte was originally COW, f_old_rta is a clone
1742 * obtained during rte_cow()).
1744 * This also implements the exception mentioned in f_run()
1745 * description. The reason for this is that rta reuses parts of
1746 * f_old_rta, and these may be freed during rta_free(f_old_rta).
1747 * This is not the problem if rte was COW, because original rte
1748 * also holds the same rta.
1751 (*f_rte
)->attrs
= rta_lookup((*f_rte
)->attrs
);
1753 rta_free(f_old_rta
);
1757 if (res
.type
!= T_RETURN
) {
1758 if (!(f_flags
& FF_SILENT
))
1759 log_rl(&rl_runtime_err
, L_ERR
"Filter %s did not return accept nor reject. Make up your mind", filter
->name
);
1762 DBG( "done (%u)\n", res
.val
.i
);
1766 /* TODO: perhaps we could integrate f_eval(), f_eval_rte() and f_run() */
1769 f_eval_rte(struct f_inst
*expr
, struct rte
**rte
, struct linpool
*tmp_pool
)
1771 struct ea_list
*tmp_attrs
= NULL
;
1775 f_tmp_attrs
= &tmp_attrs
;
1779 LOG_BUFFER_INIT(f_buf
);
1781 /* Note that in this function we assume that rte->attrs is private / uncached */
1782 struct f_val res
= interpret(expr
);
1784 /* Hack to include EAF_TEMP attributes to the main list */
1785 (*rte
)->attrs
->eattrs
= ea_append(tmp_attrs
, (*rte
)->attrs
->eattrs
);
1791 f_eval(struct f_inst
*expr
, struct linpool
*tmp_pool
)
1798 LOG_BUFFER_INIT(f_buf
);
1800 return interpret(expr
);
1804 f_eval_int(struct f_inst
*expr
)
1806 /* Called independently in parse-time to eval expressions */
1807 struct f_val res
= f_eval(expr
, cfg_mem
);
1809 if (res
.type
!= T_INT
)
1810 cf_error("Integer expression expected");
1816 * filter_same - compare two filters
1817 * @new: first filter to be compared
1818 * @old: second filter to be compared, notice that this filter is
1819 * damaged while comparing.
1821 * Returns 1 in case filters are same, otherwise 0. If there are
1822 * underlying bugs, it will rather say 0 on same filters than say
1826 filter_same(struct filter
*new, struct filter
*old
)
1828 if (old
== new) /* Handle FILTER_ACCEPT and FILTER_REJECT */
1830 if (old
== FILTER_ACCEPT
|| old
== FILTER_REJECT
||
1831 new == FILTER_ACCEPT
|| new == FILTER_REJECT
)
1833 return i_same(new->root
, old
->root
);