]>
git.ipfire.org Git - thirdparty/bird.git/blob - filter/filter.c
2 * Filters: utility functions
4 * Copyright 1998 Pavel Machek <pavel@ucw.cz>
6 * Can be freely distributed and used under the terms of the GNU GPL.
13 * You can find sources of the filter language in |filter/|
14 * directory. File |filter/config.Y| contains filter grammar and basically translates
15 * the source from user into a tree of &f_inst structures. These trees are
16 * later interpreted using code in |filter/filter.c|.
18 * A filter is represented by a tree of &f_inst structures, one structure per
19 * "instruction". Each &f_inst contains @code, @aux value which is
20 * usually the data type this instruction operates on and two generic
21 * arguments (@a1, @a2). Some instructions contain pointer(s) to other
22 * instructions in their (@a1, @a2) fields.
24 * Filters use a &f_val structure for their data. Each &f_val
25 * contains type and value (types are constants prefixed with %T_). Few
26 * of the types are special; %T_RETURN can be or-ed with a type to indicate
27 * that return from a function or from the whole filter should be
28 * forced. Important thing about &f_val's is that they may be copied
29 * with a simple |=|. That's fine for all currently defined types: strings
30 * are read-only (and therefore okay), paths are copied for each
31 * operation (okay too).
36 #include "nest/bird.h"
37 #include "lib/lists.h"
38 #include "lib/resource.h"
39 #include "lib/socket.h"
40 #include "lib/string.h"
41 #include "lib/unaligned.h"
44 #include "nest/route.h"
45 #include "nest/protocol.h"
46 #include "nest/iface.h"
47 #include "nest/attrs.h"
48 #include "conf/conf.h"
49 #include "filter/filter.h"
51 #define P(a,b) ((a<<8) | b)
55 void (*bt_assert_hook
)(int result
, struct f_inst
*assert);
58 adata_empty(struct linpool
*pool
, int l
)
60 struct adata
*res
= lp_alloc(pool
, sizeof(struct adata
) + l
);
66 pm_format(struct f_path_mask
*p
, buffer
*buf
)
68 buffer_puts(buf
, "[= ");
75 buffer_print(buf
, "%u ", p
->val
);
79 buffer_puts(buf
, "? ");
83 buffer_puts(buf
, "* ");
87 buffer_print(buf
, "%u..%u ", p
->val
, p
->val2
);
91 buffer_print(buf
, "%u ", f_eval_asn((struct f_inst
*) p
->val
));
98 buffer_puts(buf
, "=]");
101 static inline int val_is_ip4(const struct f_val v
)
102 { return (v
.type
== T_IP
) && ipa_is_ip4(v
.val
.ip
); }
105 lcomm_cmp(lcomm v1
, lcomm v2
)
107 if (v1
.asn
!= v2
.asn
)
108 return (v1
.asn
> v2
.asn
) ? 1 : -1;
109 if (v1
.ldp1
!= v2
.ldp1
)
110 return (v1
.ldp1
> v2
.ldp1
) ? 1 : -1;
111 if (v1
.ldp2
!= v2
.ldp2
)
112 return (v1
.ldp2
> v2
.ldp2
) ? 1 : -1;
117 * val_compare - compare two values
121 * Compares two values and returns -1, 0, 1 on <, =, > or CMP_ERROR on
122 * error. Tree module relies on this giving consistent results so
123 * that it can be used for building balanced trees.
126 val_compare(struct f_val v1
, struct f_val v2
)
128 if (v1
.type
!= v2
.type
) {
129 if (v1
.type
== T_VOID
) /* Hack for else */
131 if (v2
.type
== T_VOID
)
134 /* IP->Quad implicit conversion */
135 if ((v1
.type
== T_QUAD
) && val_is_ip4(v2
))
136 return uint_cmp(v1
.val
.i
, ipa_to_u32(v2
.val
.ip
));
137 if (val_is_ip4(v1
) && (v2
.type
== T_QUAD
))
138 return uint_cmp(ipa_to_u32(v1
.val
.ip
), v2
.val
.i
);
140 debug( "Types do not match in val_compare\n" );
152 return uint_cmp(v1
.val
.i
, v2
.val
.i
);
154 return u64_cmp(v1
.val
.ec
, v2
.val
.ec
);
156 return lcomm_cmp(v1
.val
.lc
, v2
.val
.lc
);
158 return ipa_compare(v1
.val
.ip
, v2
.val
.ip
);
160 return net_compare(v1
.val
.net
, v2
.val
.net
);
162 return strcmp(v1
.val
.s
, v2
.val
.s
);
169 pm_same(struct f_path_mask
*m1
, struct f_path_mask
*m2
)
173 if (m1
->kind
!= m2
->kind
)
176 if (m1
->kind
== PM_ASN_EXPR
)
178 if (!i_same((struct f_inst
*) m1
->val
, (struct f_inst
*) m2
->val
))
183 if ((m1
->val
!= m2
->val
) || (m1
->val2
!= m2
->val2
))
195 * val_same - compare two values
199 * Compares two values and returns 1 if they are same and 0 if not.
200 * Comparison of values of different types is valid and returns 0.
203 val_same(struct f_val v1
, struct f_val v2
)
207 rc
= val_compare(v1
, v2
);
211 if (v1
.type
!= v2
.type
)
216 return pm_same(v1
.val
.path_mask
, v2
.val
.path_mask
);
221 return adata_same(v1
.val
.ad
, v2
.val
.ad
);
223 return same_tree(v1
.val
.t
, v2
.val
.t
);
225 return trie_same(v1
.val
.ti
, v2
.val
.ti
);
227 bug("Invalid type in val_same(): %x", v1
.type
);
232 clist_set_type(struct f_tree
*set
, struct f_val
*v
)
234 switch (set
->from
.type
)
245 if (val_is_ip4(set
->from
) && val_is_ip4(set
->to
))
258 eclist_set_type(struct f_tree
*set
)
259 { return set
->from
.type
== T_EC
; }
262 lclist_set_type(struct f_tree
*set
)
263 { return set
->from
.type
== T_LC
; }
266 clist_match_set(struct adata
*clist
, struct f_tree
*set
)
272 if (!clist_set_type(set
, &v
))
275 u32
*l
= (u32
*) clist
->data
;
276 u32
*end
= l
+ clist
->length
/4;
280 if (find_tree(set
, v
))
287 eclist_match_set(struct adata
*list
, struct f_tree
*set
)
292 if (!eclist_set_type(set
))
296 u32
*l
= int_set_get_data(list
);
297 int len
= int_set_get_size(list
);
301 for (i
= 0; i
< len
; i
+= 2) {
302 v
.val
.ec
= ec_get(l
, i
);
303 if (find_tree(set
, v
))
311 lclist_match_set(struct adata
*list
, struct f_tree
*set
)
316 if (!lclist_set_type(set
))
320 u32
*l
= int_set_get_data(list
);
321 int len
= int_set_get_size(list
);
325 for (i
= 0; i
< len
; i
+= 3) {
326 v
.val
.lc
= lc_get(l
, i
);
327 if (find_tree(set
, v
))
334 static struct adata
*
335 clist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
340 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
343 clist_set_type(set
.val
.t
, &v
);
347 int len
= int_set_get_size(list
);
348 u32
*l
= int_set_get_data(list
);
355 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
356 if ((tree
? !!find_tree(set
.val
.t
, v
) : int_set_contains(set
.val
.ad
, v
.val
.i
)) == pos
)
360 uint nl
= (k
- tmp
) * sizeof(u32
);
361 if (nl
== list
->length
)
364 struct adata
*res
= adata_empty(pool
, nl
);
365 memcpy(res
->data
, tmp
, nl
);
369 static struct adata
*
370 eclist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
375 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
378 int len
= int_set_get_size(list
);
379 u32
*l
= int_set_get_data(list
);
385 for (i
= 0; i
< len
; i
+= 2) {
386 v
.val
.ec
= ec_get(l
, i
);
387 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
388 if ((tree
? !!find_tree(set
.val
.t
, v
) : ec_set_contains(set
.val
.ad
, v
.val
.ec
)) == pos
) {
394 uint nl
= (k
- tmp
) * sizeof(u32
);
395 if (nl
== list
->length
)
398 struct adata
*res
= adata_empty(pool
, nl
);
399 memcpy(res
->data
, tmp
, nl
);
403 static struct adata
*
404 lclist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
409 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
412 int len
= int_set_get_size(list
);
413 u32
*l
= int_set_get_data(list
);
419 for (i
= 0; i
< len
; i
+= 3) {
420 v
.val
.lc
= lc_get(l
, i
);
421 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
422 if ((tree
? !!find_tree(set
.val
.t
, v
) : lc_set_contains(set
.val
.ad
, v
.val
.lc
)) == pos
)
426 uint nl
= (k
- tmp
) * sizeof(u32
);
427 if (nl
== list
->length
)
430 struct adata
*res
= adata_empty(pool
, nl
);
431 memcpy(res
->data
, tmp
, nl
);
436 * val_in_range - implement |~| operator
440 * Checks if @v1 is element (|~| operator) of @v2.
443 val_in_range(struct f_val v1
, struct f_val v2
)
445 if ((v1
.type
== T_PATH
) && (v2
.type
== T_PATH_MASK
))
446 return as_path_match(v1
.val
.ad
, v2
.val
.path_mask
);
448 if ((v1
.type
== T_INT
) && (v2
.type
== T_PATH
))
449 return as_path_contains(v2
.val
.ad
, v1
.val
.i
, 1);
451 if (((v1
.type
== T_PAIR
) || (v1
.type
== T_QUAD
)) && (v2
.type
== T_CLIST
))
452 return int_set_contains(v2
.val
.ad
, v1
.val
.i
);
454 /* IP->Quad implicit conversion */
455 if (val_is_ip4(v1
) && (v2
.type
== T_CLIST
))
456 return int_set_contains(v2
.val
.ad
, ipa_to_u32(v1
.val
.ip
));
458 if ((v1
.type
== T_EC
) && (v2
.type
== T_ECLIST
))
459 return ec_set_contains(v2
.val
.ad
, v1
.val
.ec
);
461 if ((v1
.type
== T_LC
) && (v2
.type
== T_LCLIST
))
462 return lc_set_contains(v2
.val
.ad
, v1
.val
.lc
);
464 if ((v1
.type
== T_STRING
) && (v2
.type
== T_STRING
))
465 return patmatch(v2
.val
.s
, v1
.val
.s
);
467 if ((v1
.type
== T_IP
) && (v2
.type
== T_NET
))
468 return ipa_in_netX(v1
.val
.ip
, v2
.val
.net
);
470 if ((v1
.type
== T_NET
) && (v2
.type
== T_NET
))
471 return net_in_netX(v1
.val
.net
, v2
.val
.net
);
473 if ((v1
.type
== T_NET
) && (v2
.type
== T_PREFIX_SET
))
474 return trie_match_net(v2
.val
.ti
, v1
.val
.net
);
476 if (v2
.type
!= T_SET
)
479 /* With integrated Quad<->IP implicit conversion */
480 if ((v1
.type
== v2
.val
.t
->from
.type
) ||
481 ((v1
.type
== T_QUAD
) && val_is_ip4(v2
.val
.t
->from
) && val_is_ip4(v2
.val
.t
->to
)))
482 return !!find_tree(v2
.val
.t
, v1
);
484 if (v1
.type
== T_CLIST
)
485 return clist_match_set(v1
.val
.ad
, v2
.val
.t
);
487 if (v1
.type
== T_ECLIST
)
488 return eclist_match_set(v1
.val
.ad
, v2
.val
.t
);
490 if (v1
.type
== T_LCLIST
)
491 return lclist_match_set(v1
.val
.ad
, v2
.val
.t
);
493 if (v1
.type
== T_PATH
)
494 return as_path_match_set(v1
.val
.ad
, v2
.val
.t
);
500 * val_format - format filter value
503 val_format(struct f_val v
, buffer
*buf
)
508 case T_VOID
: buffer_puts(buf
, "(void)"); return;
509 case T_BOOL
: buffer_puts(buf
, v
.val
.i
? "TRUE" : "FALSE"); return;
510 case T_INT
: buffer_print(buf
, "%u", v
.val
.i
); return;
511 case T_STRING
: buffer_print(buf
, "%s", v
.val
.s
); return;
512 case T_IP
: buffer_print(buf
, "%I", v
.val
.ip
); return;
513 case T_NET
: buffer_print(buf
, "%N", v
.val
.net
); return;
514 case T_PAIR
: buffer_print(buf
, "(%u,%u)", v
.val
.i
>> 16, v
.val
.i
& 0xffff); return;
515 case T_QUAD
: buffer_print(buf
, "%R", v
.val
.i
); return;
516 case T_EC
: ec_format(buf2
, v
.val
.ec
); buffer_print(buf
, "%s", buf2
); return;
517 case T_LC
: lc_format(buf2
, v
.val
.lc
); buffer_print(buf
, "%s", buf2
); return;
518 case T_PREFIX_SET
: trie_format(v
.val
.ti
, buf
); return;
519 case T_SET
: tree_format(v
.val
.t
, buf
); return;
520 case T_ENUM
: buffer_print(buf
, "(enum %x)%u", v
.type
, v
.val
.i
); return;
521 case T_PATH
: as_path_format(v
.val
.ad
, buf2
, 1000); buffer_print(buf
, "(path %s)", buf2
); return;
522 case T_CLIST
: int_set_format(v
.val
.ad
, 1, -1, buf2
, 1000); buffer_print(buf
, "(clist %s)", buf2
); return;
523 case T_ECLIST
: ec_set_format(v
.val
.ad
, -1, buf2
, 1000); buffer_print(buf
, "(eclist %s)", buf2
); return;
524 case T_LCLIST
: lc_set_format(v
.val
.ad
, -1, buf2
, 1000); buffer_print(buf
, "(lclist %s)", buf2
); return;
525 case T_PATH_MASK
: pm_format(v
.val
.path_mask
, buf
); return;
526 default: buffer_print(buf
, "[unknown type %x]", v
.type
); return;
530 static struct rte
**f_rte
;
531 static struct rta
*f_old_rta
;
532 static struct ea_list
**f_tmp_attrs
;
533 static struct linpool
*f_pool
;
534 static struct buffer f_buf
;
537 static inline void f_rte_cow(void)
539 *f_rte
= rte_cow(*f_rte
);
543 * rta_cow - prepare rta for modification by filter
548 if (!rta_is_cached((*f_rte
)->attrs
))
551 /* Prepare to modify rte */
554 /* Store old rta to free it later, it stores reference from rte_cow() */
555 f_old_rta
= (*f_rte
)->attrs
;
558 * Get shallow copy of rta. Fields eattrs and nexthops of rta are shared
559 * with f_old_rta (they will be copied when the cached rta will be obtained
560 * at the end of f_run()), also the lock of hostentry is inherited (we
561 * suppose hostentry is not changed by filters).
563 (*f_rte
)->attrs
= rta_do_cow((*f_rte
)->attrs
, f_pool
);
566 static struct tbf rl_runtime_err
= TBF_DEFAULT_LOG_LIMITS
;
568 #define runtime(fmt, ...) do { \
569 log_rl(&rl_runtime_err, L_ERR "filters, line %d: " fmt, what->lineno, ##__VA_ARGS__); \
570 res.type = T_RETURN; \
571 res.val.i = F_ERROR; \
576 x = interpret(what->y); \
577 if (x.type & T_RETURN) \
580 #define ONEARG ARG(v1, a1.p)
581 #define TWOARGS ARG(v1, a1.p) \
583 #define TWOARGS_C TWOARGS \
584 if (v1.type != v2.type) \
585 runtime( "Can't operate with values of incompatible types" );
587 do { if (!f_rte) runtime("No route to access"); } while (0)
589 #define BITFIELD_MASK(what) \
590 (1u << (what->a2.i >> 24))
594 * @what: filter to interpret
596 * Interpret given tree of filter instructions. This is core function
597 * of filter system and does all the hard work.
599 * Each instruction has 4 fields: code (which is instruction code),
600 * aux (which is extension to instruction code, typically type),
601 * arg1 and arg2 - arguments. Depending on instruction, arguments
602 * are either integers, or pointers to instruction trees. Common
603 * instructions like +, that have two expressions as arguments use
604 * TWOARGS macro to get both of them evaluated.
606 * &f_val structures are copied around, so there are no problems with
610 interpret(struct f_inst
*what
)
613 struct f_val v1
, v2
, res
, *vp
;
627 /* Binary operators */
630 switch (res
.type
= v1
.type
) {
631 case T_VOID
: runtime( "Can't operate with values of type void" );
632 case T_INT
: res
.val
.i
= v1
.val
.i
+ v2
.val
.i
; break;
633 default: runtime( "Usage of unknown type" );
638 switch (res
.type
= v1
.type
) {
639 case T_VOID
: runtime( "Can't operate with values of type void" );
640 case T_INT
: res
.val
.i
= v1
.val
.i
- v2
.val
.i
; break;
641 default: runtime( "Usage of unknown type" );
646 switch (res
.type
= v1
.type
) {
647 case T_VOID
: runtime( "Can't operate with values of type void" );
648 case T_INT
: res
.val
.i
= v1
.val
.i
* v2
.val
.i
; break;
649 default: runtime( "Usage of unknown type" );
654 switch (res
.type
= v1
.type
) {
655 case T_VOID
: runtime( "Can't operate with values of type void" );
656 case T_INT
: if (v2
.val
.i
== 0) runtime( "Mother told me not to divide by 0" );
657 res
.val
.i
= v1
.val
.i
/ v2
.val
.i
; break;
658 default: runtime( "Usage of unknown type" );
665 if (v1
.type
!= T_BOOL
)
666 runtime( "Can't do boolean operation on non-booleans" );
667 if (v1
.val
.i
== (what
->code
== '|')) {
669 res
.val
.i
= v1
.val
.i
;
674 if (v2
.type
!= T_BOOL
)
675 runtime( "Can't do boolean operation on non-booleans" );
677 res
.val
.i
= v2
.val
.i
;
682 if ((v1
.type
!= T_INT
) || (v2
.type
!= T_INT
))
683 runtime( "Can't operate with value of non-integer type in pair constructor" );
686 if ((u1
> 0xFFFF) || (u2
> 0xFFFF))
687 runtime( "Can't operate with value out of bounds in pair constructor" );
688 res
.val
.i
= (u1
<< 16) | u2
;
696 int check
, ipv4_used
;
699 if (v1
.type
== T_INT
) {
700 ipv4_used
= 0; key
= v1
.val
.i
;
702 else if (v1
.type
== T_QUAD
) {
703 ipv4_used
= 1; key
= v1
.val
.i
;
705 /* IP->Quad implicit conversion */
706 else if (val_is_ip4(v1
)) {
707 ipv4_used
= 1; key
= ipa_to_u32(v1
.val
.ip
);
710 runtime("Can't operate with key of non-integer/IPv4 type in EC constructor");
712 if (v2
.type
!= T_INT
)
713 runtime("Can't operate with value of non-integer type in EC constructor");
719 if (what
->aux
== EC_GENERIC
) {
720 check
= 0; res
.val
.ec
= ec_generic(key
, val
);
722 else if (ipv4_used
) {
723 check
= 1; res
.val
.ec
= ec_ip4(what
->aux
, key
, val
);
725 else if (key
< 0x10000) {
726 check
= 0; res
.val
.ec
= ec_as2(what
->aux
, key
, val
);
729 check
= 1; res
.val
.ec
= ec_as4(what
->aux
, key
, val
);
732 if (check
&& (val
> 0xFFFF))
733 runtime("Can't operate with value out of bounds in EC constructor");
742 /* Third argument hack */
743 struct f_val v3
= interpret(INST3(what
).p
);
744 if (v3
.type
& T_RETURN
)
747 if ((v1
.type
!= T_INT
) || (v2
.type
!= T_INT
) || (v3
.type
!= T_INT
))
748 runtime( "Can't operate with value of non-integer type in LC constructor" );
751 res
.val
.lc
= (lcomm
) { v1
.val
.i
, v2
.val
.i
, v3
.val
.i
};
756 /* Relational operators */
760 i = val_compare(v1, v2); \
762 runtime( "Can't compare values of incompatible types" ); \
769 i = val_same(v1, v2); \
774 case P('!','='): SAME(!i
);
775 case P('=','='): SAME(i
);
776 case '<': COMPARE(i
==-1);
777 case P('<','='): COMPARE(i
!=1);
781 if (v1
.type
!= T_BOOL
)
782 runtime( "Not applied to non-boolean" );
784 res
.val
.i
= !res
.val
.i
;
790 res
.val
.i
= val_in_range(v1
, v2
);
791 if (res
.val
.i
== CMP_ERROR
)
792 runtime( "~ applied on unknown type pair" );
793 res
.val
.i
= !!res
.val
.i
;
799 res
.val
.i
= val_in_range(v1
, v2
);
800 if (res
.val
.i
== CMP_ERROR
)
801 runtime( "!~ applied on unknown type pair" );
802 res
.val
.i
= !res
.val
.i
;
808 res
.val
.i
= (v1
.type
!= T_VOID
);
811 /* Set to indirect value, a1 = variable, a2 = value */
816 if ((sym
->class != (SYM_VARIABLE
| v2
.type
)) && (v2
.type
!= T_VOID
))
818 /* IP->Quad implicit conversion */
819 if ((sym
->class == (SYM_VARIABLE
| T_QUAD
)) && val_is_ip4(v2
))
822 vp
->val
.i
= ipa_to_u32(v2
.val
.ip
);
825 runtime( "Assigning to variable of incompatible type" );
830 /* some constants have value in a2, some in *a1.p, strange. */
831 case 'c': /* integer (or simple type) constant, string, set, or prefix_set */
832 res
.type
= what
->aux
;
834 if (res
.type
== T_PREFIX_SET
)
835 res
.val
.ti
= what
->a2
.p
;
836 else if (res
.type
== T_SET
)
837 res
.val
.t
= what
->a2
.p
;
838 else if (res
.type
== T_STRING
)
839 res
.val
.s
= what
->a2
.p
;
841 res
.val
.i
= what
->a2
.i
;
845 res
= * ((struct f_val
*) what
->a1
.p
);
849 val_format(v1
, &f_buf
);
851 case '?': /* ? has really strange error value, so we can implement if ... else nicely :-) */
853 if (v1
.type
!= T_BOOL
)
854 runtime( "If requires boolean expression" );
858 } else res
.val
.i
= 1;
862 debug( "No operation\n" );
866 if (what
->a2
.i
== F_NOP
|| (what
->a2
.i
!= F_NONL
&& what
->a1
.p
))
867 log_commit(*L_INFO
, &f_buf
);
869 switch (what
->a2
.i
) {
871 die( "Filter asked me to die" );
873 /* Should take care about turning ACCEPT into MODIFY */
875 case F_REJECT
: /* FIXME (noncritical) Should print complete route along with reason to reject route */
877 res
.val
.i
= what
->a2
.i
;
878 return res
; /* We have to return now, no more processing. */
883 bug( "unknown return type: Can't happen");
886 case 'a': /* rta access */
889 struct rta
*rta
= (*f_rte
)->attrs
;
890 res
.type
= what
->aux
;
894 case SA_FROM
: res
.val
.ip
= rta
->from
; break;
895 case SA_GW
: res
.val
.ip
= rta
->gw
; break;
896 case SA_NET
: res
.val
.net
= (*f_rte
)->net
->n
.addr
; break;
897 case SA_PROTO
: res
.val
.s
= rta
->src
->proto
->name
; break;
898 case SA_SOURCE
: res
.val
.i
= rta
->source
; break;
899 case SA_SCOPE
: res
.val
.i
= rta
->scope
; break;
900 case SA_CAST
: res
.val
.i
= rta
->cast
; break;
901 case SA_DEST
: res
.val
.i
= rta
->dest
; break;
902 case SA_IFNAME
: res
.val
.s
= rta
->iface
? rta
->iface
->name
: ""; break;
903 case SA_IFINDEX
: res
.val
.i
= rta
->iface
? rta
->iface
->index
: 0; break;
906 bug("Invalid static attribute access (%x)", res
.type
);
913 if (what
->aux
!= v1
.type
)
914 runtime( "Attempt to set static attribute to incompatible type" );
918 struct rta
*rta
= (*f_rte
)->attrs
;
923 rta
->from
= v1
.val
.ip
;
928 ip_addr ip
= v1
.val
.ip
;
929 neighbor
*n
= neigh_find(rta
->src
->proto
, &ip
, 0);
930 if (!n
|| (n
->scope
== SCOPE_HOST
))
931 runtime( "Invalid gw address" );
933 rta
->dest
= RTD_ROUTER
;
935 rta
->iface
= n
->iface
;
936 rta
->nexthops
= NULL
;
937 rta
->hostentry
= NULL
;
942 rta
->scope
= v1
.val
.i
;
947 if ((i
!= RTD_BLACKHOLE
) && (i
!= RTD_UNREACHABLE
) && (i
!= RTD_PROHIBIT
))
948 runtime( "Destination can be changed only to blackhole, unreachable or prohibit" );
953 rta
->nexthops
= NULL
;
954 rta
->hostentry
= NULL
;
958 bug("Invalid static attribute access (%x)", res
.type
);
962 case P('e','a'): /* Access to extended attributes */
966 u16 code
= what
->a2
.i
;
968 if (!(f_flags
& FF_FORCE_TMPATTR
))
969 e
= ea_find((*f_rte
)->attrs
->eattrs
, code
);
971 e
= ea_find((*f_tmp_attrs
), code
);
972 if ((!e
) && (f_flags
& FF_FORCE_TMPATTR
))
973 e
= ea_find((*f_rte
)->attrs
->eattrs
, code
);
976 /* A special case: undefined int_set looks like empty int_set */
977 if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_INT_SET
) {
979 res
.val
.ad
= adata_empty(f_pool
, 0);
983 /* The same special case for ec_set */
984 if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_EC_SET
) {
986 res
.val
.ad
= adata_empty(f_pool
, 0);
990 /* The same special case for lc_set */
991 if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_LC_SET
) {
993 res
.val
.ad
= adata_empty(f_pool
, 0);
997 /* Undefined value */
1002 switch (what
->aux
& EAF_TYPE_MASK
) {
1005 res
.val
.i
= e
->u
.data
;
1007 case EAF_TYPE_ROUTER_ID
:
1009 res
.val
.i
= e
->u
.data
;
1011 case EAF_TYPE_OPAQUE
:
1012 res
.type
= T_ENUM_EMPTY
;
1015 case EAF_TYPE_IP_ADDRESS
:
1017 struct adata
* ad
= e
->u
.ptr
;
1018 res
.val
.ip
= * (ip_addr
*) ad
->data
;
1020 case EAF_TYPE_AS_PATH
:
1022 res
.val
.ad
= e
->u
.ptr
;
1024 case EAF_TYPE_BITFIELD
:
1026 res
.val
.i
= !!(e
->u
.data
& BITFIELD_MASK(what
));
1028 case EAF_TYPE_INT_SET
:
1030 res
.val
.ad
= e
->u
.ptr
;
1032 case EAF_TYPE_EC_SET
:
1033 res
.type
= T_ECLIST
;
1034 res
.val
.ad
= e
->u
.ptr
;
1036 case EAF_TYPE_LC_SET
:
1037 res
.type
= T_LCLIST
;
1038 res
.val
.ad
= e
->u
.ptr
;
1040 case EAF_TYPE_UNDEF
:
1044 bug("Unknown type in e,a");
1052 struct ea_list
*l
= lp_alloc(f_pool
, sizeof(struct ea_list
) + sizeof(eattr
));
1053 u16 code
= what
->a2
.i
;
1056 l
->flags
= EALF_SORTED
;
1058 l
->attrs
[0].id
= code
;
1059 l
->attrs
[0].flags
= 0;
1060 l
->attrs
[0].type
= what
->aux
| EAF_ORIGINATED
;
1062 switch (what
->aux
& EAF_TYPE_MASK
) {
1064 if (v1
.type
!= T_INT
)
1065 runtime( "Setting int attribute to non-int value" );
1066 l
->attrs
[0].u
.data
= v1
.val
.i
;
1069 case EAF_TYPE_ROUTER_ID
:
1070 /* IP->Quad implicit conversion */
1071 if (val_is_ip4(v1
)) {
1072 l
->attrs
[0].u
.data
= ipa_to_u32(v1
.val
.ip
);
1075 /* T_INT for backward compatibility */
1076 if ((v1
.type
!= T_QUAD
) && (v1
.type
!= T_INT
))
1077 runtime( "Setting quad attribute to non-quad value" );
1078 l
->attrs
[0].u
.data
= v1
.val
.i
;
1081 case EAF_TYPE_OPAQUE
:
1082 runtime( "Setting opaque attribute is not allowed" );
1084 case EAF_TYPE_IP_ADDRESS
:
1085 if (v1
.type
!= T_IP
)
1086 runtime( "Setting ip attribute to non-ip value" );
1087 int len
= sizeof(ip_addr
);
1088 struct adata
*ad
= lp_alloc(f_pool
, sizeof(struct adata
) + len
);
1090 (* (ip_addr
*) ad
->data
) = v1
.val
.ip
;
1091 l
->attrs
[0].u
.ptr
= ad
;
1093 case EAF_TYPE_AS_PATH
:
1094 if (v1
.type
!= T_PATH
)
1095 runtime( "Setting path attribute to non-path value" );
1096 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1098 case EAF_TYPE_BITFIELD
:
1099 if (v1
.type
!= T_BOOL
)
1100 runtime( "Setting bit in bitfield attribute to non-bool value" );
1102 /* First, we have to find the old value */
1104 if (!(f_flags
& FF_FORCE_TMPATTR
))
1105 e
= ea_find((*f_rte
)->attrs
->eattrs
, code
);
1107 e
= ea_find((*f_tmp_attrs
), code
);
1108 if ((!e
) && (f_flags
& FF_FORCE_TMPATTR
))
1109 e
= ea_find((*f_rte
)->attrs
->eattrs
, code
);
1110 u32 data
= e
? e
->u
.data
: 0;
1113 l
->attrs
[0].u
.data
= data
| BITFIELD_MASK(what
);
1115 l
->attrs
[0].u
.data
= data
& ~BITFIELD_MASK(what
);;
1118 case EAF_TYPE_INT_SET
:
1119 if (v1
.type
!= T_CLIST
)
1120 runtime( "Setting clist attribute to non-clist value" );
1121 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1123 case EAF_TYPE_EC_SET
:
1124 if (v1
.type
!= T_ECLIST
)
1125 runtime( "Setting eclist attribute to non-eclist value" );
1126 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1128 case EAF_TYPE_LC_SET
:
1129 if (v1
.type
!= T_LCLIST
)
1130 runtime( "Setting lclist attribute to non-lclist value" );
1131 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1133 case EAF_TYPE_UNDEF
:
1134 if (v1
.type
!= T_VOID
)
1135 runtime( "Setting void attribute to non-void value" );
1136 l
->attrs
[0].u
.data
= 0;
1138 default: bug("Unknown type in e,S");
1141 if (!(what
->aux
& EAF_TEMP
) && (!(f_flags
& FF_FORCE_TMPATTR
))) {
1143 l
->next
= (*f_rte
)->attrs
->eattrs
;
1144 (*f_rte
)->attrs
->eattrs
= l
;
1146 l
->next
= (*f_tmp_attrs
);
1154 res
.val
.i
= (*f_rte
)->pref
;
1159 if (v1
.type
!= T_INT
)
1160 runtime( "Can't set preference to non-integer" );
1161 if (v1
.val
.i
> 0xFFFF)
1162 runtime( "Setting preference value out of bounds" );
1164 (*f_rte
)->pref
= v1
.val
.i
;
1166 case 'L': /* Get length of */
1170 case T_NET
: res
.val
.i
= net_pxlen(v1
.val
.net
); break;
1171 case T_PATH
: res
.val
.i
= as_path_getlen(v1
.val
.ad
); break;
1172 case T_CLIST
: res
.val
.i
= int_set_get_size(v1
.val
.ad
); break;
1173 case T_ECLIST
: res
.val
.i
= ec_set_get_size(v1
.val
.ad
); break;
1174 case T_LCLIST
: res
.val
.i
= lc_set_get_size(v1
.val
.ad
); break;
1175 default: runtime( "Prefix, path, clist or eclist expected" );
1178 case P('c','p'): /* Convert prefix to ... */
1180 if (v1
.type
!= T_NET
)
1181 runtime( "Prefix expected" );
1183 res
.val
.ip
= net_prefix(v1
.val
.net
);
1185 case P('a','f'): /* Get first ASN from AS PATH */
1187 if (v1
.type
!= T_PATH
)
1188 runtime( "AS path expected" );
1191 as_path_get_first(v1
.val
.ad
, &as
);
1195 case P('a','l'): /* Get last ASN from AS PATH */
1197 if (v1
.type
!= T_PATH
)
1198 runtime( "AS path expected" );
1201 as_path_get_last(v1
.val
.ad
, &as
);
1205 case P('a','L'): /* Get last ASN from non-aggregated part of AS PATH */
1207 if (v1
.type
!= T_PATH
)
1208 runtime( "AS path expected" );
1211 res
.val
.i
= as_path_get_last_nonaggregated(v1
.val
.ad
);
1216 res
.type
|= T_RETURN
;
1218 case P('c','a'): /* CALL: this is special: if T_RETURN and returning some value, mask it out */
1220 res
= interpret(what
->a2
.p
);
1221 if (res
.type
== T_RETURN
)
1223 res
.type
&= ~T_RETURN
;
1225 case P('c','v'): /* Clear local variables */
1226 for (sym
= what
->a1
.p
; sym
!= NULL
; sym
= sym
->aux2
)
1227 ((struct f_val
*) sym
->def
)->type
= T_VOID
;
1232 struct f_tree
*t
= find_tree(what
->a2
.p
, v1
);
1235 t
= find_tree(what
->a2
.p
, v1
);
1237 debug( "No else statement?\n");
1241 /* It is actually possible to have t->data NULL */
1243 res
= interpret(t
->data
);
1244 if (res
.type
& T_RETURN
)
1248 case P('i','M'): /* IP.MASK(val) */
1250 if (v2
.type
!= T_INT
)
1251 runtime( "Integer expected");
1252 if (v1
.type
!= T_IP
)
1253 runtime( "You can mask only IP addresses" );
1256 res
.val
.ip
= ipa_is_ip4(v1
.val
.ip
) ?
1257 ipa_from_ip4(ip4_and(ipa_to_ip4(v1
.val
.ip
), ip4_mkmask(v2
.val
.i
))) :
1258 ipa_from_ip6(ip6_and(ipa_to_ip6(v1
.val
.ip
), ip6_mkmask(v2
.val
.i
)));
1261 case 'E': /* Create empty attribute */
1262 res
.type
= what
->aux
;
1263 res
.val
.ad
= adata_empty(f_pool
, 0);
1265 case P('A','p'): /* Path prepend */
1267 if (v1
.type
!= T_PATH
)
1268 runtime("Can't prepend to non-path");
1269 if (v2
.type
!= T_INT
)
1270 runtime("Can't prepend non-integer");
1273 res
.val
.ad
= as_path_prepend(f_pool
, v1
.val
.ad
, v2
.val
.i
);
1276 case P('C','a'): /* (Extended) Community list add or delete */
1278 if (v1
.type
== T_PATH
)
1280 struct f_tree
*set
= NULL
;
1284 if (v2
.type
== T_INT
)
1286 else if ((v2
.type
== T_SET
) && (v2
.val
.t
->from
.type
== T_INT
))
1289 runtime("Can't delete non-integer (set)");
1293 case 'a': runtime("Can't add to path");
1294 case 'd': pos
= 0; break;
1295 case 'f': pos
= 1; break;
1296 default: bug("unknown Ca operation");
1300 runtime("Can't filter integer");
1303 res
.val
.ad
= as_path_filter(f_pool
, v1
.val
.ad
, set
, key
, pos
);
1305 else if (v1
.type
== T_CLIST
)
1307 /* Community (or cluster) list */
1312 if ((v2
.type
== T_PAIR
) || (v2
.type
== T_QUAD
))
1314 /* IP->Quad implicit conversion */
1315 else if (val_is_ip4(v2
))
1316 n
= ipa_to_u32(v2
.val
.ip
);
1317 else if ((v2
.type
== T_SET
) && clist_set_type(v2
.val
.t
, &dummy
))
1319 else if (v2
.type
== T_CLIST
)
1322 runtime("Can't add/delete non-pair");
1329 runtime("Can't add set");
1331 res
.val
.ad
= int_set_add(f_pool
, v1
.val
.ad
, n
);
1333 res
.val
.ad
= int_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1338 res
.val
.ad
= int_set_del(f_pool
, v1
.val
.ad
, n
);
1340 res
.val
.ad
= clist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1345 runtime("Can't filter pair");
1346 res
.val
.ad
= clist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1350 bug("unknown Ca operation");
1353 else if (v1
.type
== T_ECLIST
)
1355 /* Extended community list */
1358 /* v2.val is either EC or EC-set */
1359 if ((v2
.type
== T_SET
) && eclist_set_type(v2
.val
.t
))
1361 else if (v2
.type
== T_ECLIST
)
1363 else if (v2
.type
!= T_EC
)
1364 runtime("Can't add/delete non-ec");
1366 res
.type
= T_ECLIST
;
1371 runtime("Can't add set");
1373 res
.val
.ad
= ec_set_add(f_pool
, v1
.val
.ad
, v2
.val
.ec
);
1375 res
.val
.ad
= ec_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1380 res
.val
.ad
= ec_set_del(f_pool
, v1
.val
.ad
, v2
.val
.ec
);
1382 res
.val
.ad
= eclist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1387 runtime("Can't filter ec");
1388 res
.val
.ad
= eclist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1392 bug("unknown Ca operation");
1395 else if (v1
.type
== T_LCLIST
)
1397 /* Large community list */
1400 /* v2.val is either LC or LC-set */
1401 if ((v2
.type
== T_SET
) && lclist_set_type(v2
.val
.t
))
1403 else if (v2
.type
== T_LCLIST
)
1405 else if (v2
.type
!= T_LC
)
1406 runtime("Can't add/delete non-lc");
1408 res
.type
= T_LCLIST
;
1413 runtime("Can't add set");
1415 res
.val
.ad
= lc_set_add(f_pool
, v1
.val
.ad
, v2
.val
.lc
);
1417 res
.val
.ad
= lc_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1422 res
.val
.ad
= lc_set_del(f_pool
, v1
.val
.ad
, v2
.val
.lc
);
1424 res
.val
.ad
= lclist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1429 runtime("Can't filter lc");
1430 res
.val
.ad
= lclist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1434 bug("unknown Ca operation");
1438 runtime("Can't add/delete to non-[e|l]clist");
1443 case P('R','C'): /* ROA Check */
1447 if ((v1
.type
!= T_NET
) || (v2
.type
!= T_INT
))
1448 runtime("Invalid argument to roa_check()");
1455 v1
.val
.net
= (*f_rte
)->net
->n
.addr
;
1457 /* We ignore temporary attributes, probably not a problem here */
1458 /* 0x02 is a value of BA_AS_PATH, we don't want to include BGP headers */
1459 eattr
*e
= ea_find((*f_rte
)->attrs
->eattrs
, EA_CODE(EAP_BGP
, 0x02));
1461 if (!e
|| e
->type
!= EAF_TYPE_AS_PATH
)
1462 runtime("Missing AS_PATH attribute");
1464 as_path_get_last(e
->u
.ptr
, &as
);
1467 struct rtable
*table
= ((struct f_inst_roa_check
*) what
)->rtc
->table
;
1469 runtime("Missing ROA table");
1471 /* Table type is either NET_ROA4 or NET_ROA6, checked in parser */
1472 if (v1
.val
.net
->type
!= ((table
->addr_type
== NET_ROA4
) ? NET_IP4
: NET_IP6
))
1473 runtime("Incompatible net type");
1475 res
.type
= T_ENUM_ROA
;
1476 res
.val
.i
= net_roa_check(table
, v1
.val
.net
, as
);
1480 case P('a', 's'): /* Birdtest Assert */
1483 if (v1
.type
!= T_BOOL
)
1484 runtime("Should be boolean value");
1489 CALL(bt_assert_hook
, res
.val
.i
, what
);
1493 bug( "Unknown instruction %d (%c)", what
->code
, what
->code
& 0xff);
1496 return interpret(what
->next
);
1502 if (!i_same(f1->y, f2->y)) \
1505 #define ONEARG ARG(v1, a1.p)
1506 #define TWOARGS ARG(v1, a1.p) \
1509 #define A2_SAME if (f1->a2.i != f2->a2.i) return 0;
1512 * i_same - function that does real comparing of instruction trees, you should call filter_same from outside
1515 i_same(struct f_inst
*f1
, struct f_inst
*f2
)
1517 if ((!!f1
) != (!!f2
))
1521 if (f1
->aux
!= f2
->aux
)
1523 if (f1
->code
!= f2
->code
)
1525 if (f1
== f2
) /* It looks strange, but it is possible with call rewriting trickery */
1529 case ',': /* fall through */
1541 case P('<','='): TWOARGS
; break;
1543 case '!': ONEARG
; break;
1544 case '~': TWOARGS
; break;
1545 case P('d','e'): ONEARG
; break;
1549 if (!i_same(INST3(f1
).p
, INST3(f2
).p
))
1556 struct symbol
*s1
, *s2
;
1559 if (strcmp(s1
->name
, s2
->name
))
1561 if (s1
->class != s2
->class)
1570 if (!trie_same(f1
->a2
.p
, f2
->a2
.p
))
1575 if (!same_tree(f1
->a2
.p
, f2
->a2
.p
))
1580 if (strcmp(f1
->a2
.p
, f2
->a2
.p
))
1590 if (!val_same(* (struct f_val
*) f1
->a1
.p
, * (struct f_val
*) f2
->a1
.p
))
1595 if (strcmp((char *) f1
->a2
.p
, (char *) f2
->a2
.p
))
1598 case 'p': case 'L': ONEARG
; break;
1599 case '?': TWOARGS
; break;
1600 case '0': case 'E': break;
1601 case P('p',','): ONEARG
; A2_SAME
; break;
1603 case 'a': A2_SAME
; break;
1604 case P('e','a'): A2_SAME
; break;
1607 case P('e','S'): ONEARG
; A2_SAME
; break;
1609 case 'r': ONEARG
; break;
1610 case P('c','p'): ONEARG
; break;
1611 case P('c','a'): /* Call rewriting trickery to avoid exponential behaviour */
1613 if (!i_same(f1
->a2
.p
, f2
->a2
.p
))
1615 f2
->a2
.p
= f1
->a2
.p
;
1617 case P('c','v'): break; /* internal instruction */
1618 case P('S','W'): ONEARG
; if (!same_tree(f1
->a2
.p
, f2
->a2
.p
)) return 0; break;
1619 case P('i','M'): TWOARGS
; break;
1620 case P('A','p'): TWOARGS
; break;
1621 case P('C','a'): TWOARGS
; break;
1624 case P('a','L'): ONEARG
; break;
1628 /* Does not really make sense - ROA check resuls may change anyway */
1629 if (strcmp(((struct f_inst_roa_check
*) f1
)->rtc
->name
,
1630 ((struct f_inst_roa_check
*) f2
)->rtc
->name
))
1635 bug( "Unknown instruction %d in same (%c)", f1
->code
, f1
->code
& 0xff);
1637 return i_same(f1
->next
, f2
->next
);
1641 * f_run - run a filter for a route
1642 * @filter: filter to run
1643 * @rte: route being filtered, may be modified
1644 * @tmp_attrs: temporary attributes, prepared by caller or generated by f_run()
1645 * @tmp_pool: all filter allocations go from this pool
1648 * If filter needs to modify the route, there are several
1649 * posibilities. @rte might be read-only (with REF_COW flag), in that
1650 * case rw copy is obtained by rte_cow() and @rte is replaced. If
1651 * @rte is originally rw, it may be directly modified (and it is never
1654 * The returned rte may reuse the (possibly cached, cloned) rta, or
1655 * (if rta was modificied) contains a modified uncached rta, which
1656 * uses parts allocated from @tmp_pool and parts shared from original
1657 * rta. There is one exception - if @rte is rw but contains a cached
1658 * rta and that is modified, rta in returned rte is also cached.
1660 * Ownership of cached rtas is consistent with rte, i.e.
1661 * if a new rte is returned, it has its own clone of cached rta
1662 * (and cached rta of read-only source rte is intact), if rte is
1663 * modified in place, old cached rta is possibly freed.
1666 f_run(struct filter
*filter
, struct rte
**rte
, struct ea_list
**tmp_attrs
, struct linpool
*tmp_pool
, int flags
)
1668 if (filter
== FILTER_ACCEPT
)
1671 if (filter
== FILTER_REJECT
)
1674 int rte_cow
= ((*rte
)->flags
& REF_COW
);
1675 DBG( "Running filter `%s'...", filter
->name
);
1679 f_tmp_attrs
= tmp_attrs
;
1683 LOG_BUFFER_INIT(f_buf
);
1685 struct f_val res
= interpret(filter
->root
);
1689 * Cached rta was modified and f_rte contains now an uncached one,
1690 * sharing some part with the cached one. The cached rta should
1691 * be freed (if rte was originally COW, f_old_rta is a clone
1692 * obtained during rte_cow()).
1694 * This also implements the exception mentioned in f_run()
1695 * description. The reason for this is that rta reuses parts of
1696 * f_old_rta, and these may be freed during rta_free(f_old_rta).
1697 * This is not the problem if rte was COW, because original rte
1698 * also holds the same rta.
1701 (*f_rte
)->attrs
= rta_lookup((*f_rte
)->attrs
);
1703 rta_free(f_old_rta
);
1707 if (res
.type
!= T_RETURN
) {
1708 log_rl(&rl_runtime_err
, L_ERR
"Filter %s did not return accept nor reject. Make up your mind", filter
->name
);
1711 DBG( "done (%u)\n", res
.val
.i
);
1715 /* TODO: perhaps we could integrate f_eval(), f_eval_rte() and f_run() */
1718 f_eval_rte(struct f_inst
*expr
, struct rte
**rte
, struct linpool
*tmp_pool
)
1720 struct ea_list
*tmp_attrs
= NULL
;
1724 f_tmp_attrs
= &tmp_attrs
;
1728 LOG_BUFFER_INIT(f_buf
);
1730 /* Note that in this function we assume that rte->attrs is private / uncached */
1731 struct f_val res
= interpret(expr
);
1733 /* Hack to include EAF_TEMP attributes to the main list */
1734 (*rte
)->attrs
->eattrs
= ea_append(tmp_attrs
, (*rte
)->attrs
->eattrs
);
1740 f_eval(struct f_inst
*expr
, struct linpool
*tmp_pool
)
1747 LOG_BUFFER_INIT(f_buf
);
1749 return interpret(expr
);
1753 f_eval_int(struct f_inst
*expr
)
1755 /* Called independently in parse-time to eval expressions */
1756 struct f_val res
= f_eval(expr
, cfg_mem
);
1758 if (res
.type
!= T_INT
)
1759 cf_error("Integer expression expected");
1765 f_eval_asn(struct f_inst
*expr
)
1767 /* Called as a part of another interpret call, therefore no log_reset() */
1768 struct f_val res
= interpret(expr
);
1769 return (res
.type
== T_INT
) ? res
.val
.i
: 0;
1773 * filter_same - compare two filters
1774 * @new: first filter to be compared
1775 * @old: second filter to be compared, notice that this filter is
1776 * damaged while comparing.
1778 * Returns 1 in case filters are same, otherwise 0. If there are
1779 * underlying bugs, it will rather say 0 on same filters than say
1783 filter_same(struct filter
*new, struct filter
*old
)
1785 if (old
== new) /* Handle FILTER_ACCEPT and FILTER_REJECT */
1787 if (old
== FILTER_ACCEPT
|| old
== FILTER_REJECT
||
1788 new == FILTER_ACCEPT
|| new == FILTER_REJECT
)
1790 return i_same(new->root
, old
->root
);