2 * Filters: utility functions
4 * Copyright 1998 Pavel Machek <pavel@ucw.cz>
6 * Can be freely distributed and used under the terms of the GNU GPL.
13 * You can find sources of the filter language in |filter/|
14 * directory. File |filter/config.Y| contains filter grammar and basically translates
15 * the source from user into a tree of &f_inst structures. These trees are
16 * later interpreted using code in |filter/filter.c|.
18 * A filter is represented by a tree of &f_inst structures, one structure per
19 * "instruction". Each &f_inst contains @code, @aux value which is
20 * usually the data type this instruction operates on and two generic
21 * arguments (@a1, @a2). Some instructions contain pointer(s) to other
22 * instructions in their (@a1, @a2) fields.
24 * Filters use a &f_val structure for their data. Each &f_val
25 * contains type and value (types are constants prefixed with %T_). Few
26 * of the types are special; %T_RETURN can be or-ed with a type to indicate
27 * that return from a function or from the whole filter should be
28 * forced. Important thing about &f_val's is that they may be copied
29 * with a simple |=|. That's fine for all currently defined types: strings
30 * are read-only (and therefore okay), paths are copied for each
31 * operation (okay too).
36 #include "nest/bird.h"
37 #include "lib/lists.h"
38 #include "lib/resource.h"
39 #include "lib/socket.h"
40 #include "lib/string.h"
41 #include "lib/unaligned.h"
42 #include "nest/route.h"
43 #include "nest/protocol.h"
44 #include "nest/iface.h"
45 #include "nest/attrs.h"
46 #include "conf/conf.h"
47 #include "filter/filter.h"
49 #define P(a,b) ((a<<8) | b)
54 adata_empty(struct linpool
*pool
, int l
)
56 struct adata
*res
= lp_alloc(pool
, sizeof(struct adata
) + l
);
62 pm_path_compare(struct f_path_mask
*m1
, struct f_path_mask
*m2
)
66 return !((!m1
) && (!m2
));
68 /* FIXME: buggy, should return -1, 0, 1; but it doesn't matter */
69 if ((m1
->kind
!= m2
->kind
) || (m1
->val
!= m2
->val
)) return 1;
75 u32
f_eval_asn(struct f_inst
*expr
);
78 pm_format(struct f_path_mask
*p
, byte
*buf
, unsigned int size
)
80 byte
*end
= buf
+ size
- 16;
93 buf
+= bsprintf(buf
, " %u", p
->val
);
97 buf
+= bsprintf(buf
, " ?");
101 buf
+= bsprintf(buf
, " *");
105 buf
+= bsprintf(buf
, " %u", f_eval_asn((struct f_inst
*) p
->val
));
115 static inline int int_cmp(int i1
, int i2
)
117 if (i1
== i2
) return 0;
118 if (i1
< i2
) return -1;
122 static inline int uint_cmp(unsigned int i1
, unsigned int i2
)
124 if (i1
== i2
) return 0;
125 if (i1
< i2
) return -1;
129 static inline int u64_cmp(u64 i1
, u64 i2
)
131 if (i1
== i2
) return 0;
132 if (i1
< i2
) return -1;
137 * val_compare - compare two values
141 * Compares two values and returns -1, 0, 1 on <, =, > or 999 on error.
142 * Tree module relies on this giving consistent results so that it can
143 * build balanced trees.
146 val_compare(struct f_val v1
, struct f_val v2
)
150 if ((v1
.type
== T_VOID
) && (v2
.type
== T_VOID
))
152 if (v1
.type
== T_VOID
) /* Hack for else */
154 if (v2
.type
== T_VOID
)
157 if (v1
.type
!= v2
.type
) {
159 /* IP->Quad implicit conversion */
160 if ((v1
.type
== T_QUAD
) && (v2
.type
== T_IP
))
161 return uint_cmp(v1
.val
.i
, ipa_to_u32(v2
.val
.px
.ip
));
162 if ((v1
.type
== T_IP
) && (v2
.type
== T_QUAD
))
163 return uint_cmp(ipa_to_u32(v1
.val
.px
.ip
), v2
.val
.i
);
166 debug( "Types do not match in val_compare\n" );
173 return int_cmp(v1
.val
.i
, v2
.val
.i
);
176 return uint_cmp(v1
.val
.i
, v2
.val
.i
);
178 return u64_cmp(v1
.val
.ec
, v2
.val
.ec
);
180 return ipa_compare(v1
.val
.px
.ip
, v2
.val
.px
.ip
);
182 if (rc
= ipa_compare(v1
.val
.px
.ip
, v2
.val
.px
.ip
))
184 if (v1
.val
.px
.len
< v2
.val
.px
.len
)
186 if (v1
.val
.px
.len
> v2
.val
.px
.len
)
190 return pm_path_compare(v1
.val
.path_mask
, v2
.val
.path_mask
);
192 return strcmp(v1
.val
.s
, v2
.val
.s
);
194 debug( "Compare of unknown entities: %x\n", v1
.type
);
200 tree_compare(const void *p1
, const void *p2
)
202 return val_compare((* (struct f_tree
**) p1
)->from
, (* (struct f_tree
**) p2
)->from
);
206 fprefix_get_bounds(struct f_prefix
*px
, int *l
, int *h
)
208 *l
= *h
= px
->len
& LEN_MASK
;
210 if (px
->len
& LEN_MINUS
)
213 else if (px
->len
& LEN_PLUS
)
214 *h
= MAX_PREFIX_LENGTH
;
216 else if (px
->len
& LEN_RANGE
)
218 *l
= 0xff & (px
->len
>> 16);
219 *h
= 0xff & (px
->len
>> 8);
224 * val_simple_in_range - check if @v1 ~ @v2 for everything except sets
227 val_simple_in_range(struct f_val v1
, struct f_val v2
)
229 if ((v1
.type
== T_PATH
) && (v2
.type
== T_PATH_MASK
))
230 return as_path_match(v1
.val
.ad
, v2
.val
.path_mask
);
231 if ((v1
.type
== T_INT
) && (v2
.type
== T_PATH
))
232 return as_path_is_member(v2
.val
.ad
, v1
.val
.i
);
234 if (((v1
.type
== T_PAIR
) || (v1
.type
== T_QUAD
)) && (v2
.type
== T_CLIST
))
235 return int_set_contains(v2
.val
.ad
, v1
.val
.i
);
237 /* IP->Quad implicit conversion */
238 if ((v1
.type
== T_IP
) && (v2
.type
== T_CLIST
))
239 return int_set_contains(v2
.val
.ad
, ipa_to_u32(v1
.val
.px
.ip
));
241 if ((v1
.type
== T_EC
) && (v2
.type
== T_ECLIST
))
242 return ec_set_contains(v2
.val
.ad
, v1
.val
.ec
);
244 if ((v1
.type
== T_STRING
) && (v2
.type
== T_STRING
))
245 return patmatch(v2
.val
.s
, v1
.val
.s
);
247 if ((v1
.type
== T_IP
) && (v2
.type
== T_PREFIX
))
248 return ipa_in_net(v1
.val
.px
.ip
, v2
.val
.px
.ip
, v2
.val
.px
.len
);
250 if ((v1
.type
== T_PREFIX
) && (v2
.type
== T_PREFIX
))
251 return net_in_net(v1
.val
.px
.ip
, v1
.val
.px
.len
, v2
.val
.px
.ip
, v2
.val
.px
.len
);
257 clist_set_type(struct f_tree
*set
, struct f_val
*v
)
259 switch (set
->from
.type
) {
277 eclist_set_type(struct f_tree
*set
)
278 { return set
->from
.type
== T_EC
; }
281 clist_match_set(struct adata
*clist
, struct f_tree
*set
)
287 if (!clist_set_type(set
, &v
))
290 u32
*l
= (u32
*) clist
->data
;
291 u32
*end
= l
+ clist
->length
/4;
295 if (find_tree(set
, v
))
302 eclist_match_set(struct adata
*list
, struct f_tree
*set
)
307 if (!eclist_set_type(set
))
311 u32
*l
= int_set_get_data(list
);
312 int len
= int_set_get_size(list
);
316 for (i
= 0; i
< len
; i
+= 2) {
317 v
.val
.ec
= ec_get(l
, i
);
318 if (find_tree(set
, v
))
325 static struct adata
*
326 clist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
331 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
334 clist_set_type(set
.val
.t
, &v
);
338 int len
= int_set_get_size(list
);
339 u32
*l
= int_set_get_data(list
);
346 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
347 if ((tree
? !!find_tree(set
.val
.t
, v
) : int_set_contains(set
.val
.ad
, v
.val
.i
)) == pos
)
351 int nl
= (k
- tmp
) * 4;
352 if (nl
== list
->length
)
355 struct adata
*res
= adata_empty(pool
, nl
);
356 memcpy(res
->data
, tmp
, nl
);
360 static struct adata
*
361 eclist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
366 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
369 int len
= int_set_get_size(list
);
370 u32
*l
= int_set_get_data(list
);
376 for (i
= 0; i
< len
; i
+= 2) {
377 v
.val
.ec
= ec_get(l
, i
);
378 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
379 if ((tree
? !!find_tree(set
.val
.t
, v
) : ec_set_contains(set
.val
.ad
, v
.val
.ec
)) == pos
) {
385 int nl
= (k
- tmp
) * 4;
386 if (nl
== list
->length
)
389 struct adata
*res
= adata_empty(pool
, nl
);
390 memcpy(res
->data
, tmp
, nl
);
395 * val_in_range - implement |~| operator
399 * Checks if @v1 is element (|~| operator) of @v2. Sets are internally represented as balanced trees, see
400 * |tree.c| module (this is not limited to sets, but for non-set cases, val_simple_in_range() is called early).
403 val_in_range(struct f_val v1
, struct f_val v2
)
407 res
= val_simple_in_range(v1
, v2
);
409 if (res
!= CMP_ERROR
)
412 if ((v1
.type
== T_PREFIX
) && (v2
.type
== T_PREFIX_SET
))
413 return trie_match_fprefix(v2
.val
.ti
, &v1
.val
.px
);
415 if ((v1
.type
== T_CLIST
) && (v2
.type
== T_SET
))
416 return clist_match_set(v1
.val
.ad
, v2
.val
.t
);
418 if ((v1
.type
== T_ECLIST
) && (v2
.type
== T_SET
))
419 return eclist_match_set(v1
.val
.ad
, v2
.val
.t
);
421 if (v2
.type
== T_SET
)
431 n
= find_tree(v2
.val
.t
, v1
);
434 return !! (val_simple_in_range(v1
, n
->from
)); /* We turn CMP_ERROR into compared ok, and that's fine */
440 static void val_print(struct f_val v
);
443 tree_node_print(struct f_tree
*t
, char **sep
)
448 tree_node_print(t
->left
, sep
);
452 if (val_compare(t
->from
, t
->to
) != 0)
459 tree_node_print(t
->right
, sep
);
463 tree_print(struct f_tree
*t
)
467 tree_node_print(t
, &sep
);
472 * val_print - format filter value
475 val_print(struct f_val v
)
479 case T_VOID
: logn("(void)"); return;
480 case T_BOOL
: logn(v
.val
.i
? "TRUE" : "FALSE"); return;
481 case T_INT
: logn("%d", v
.val
.i
); return;
482 case T_STRING
: logn("%s", v
.val
.s
); return;
483 case T_IP
: logn("%I", v
.val
.px
.ip
); return;
484 case T_PREFIX
: logn("%I/%d", v
.val
.px
.ip
, v
.val
.px
.len
); return;
485 case T_PAIR
: logn("(%d,%d)", v
.val
.i
>> 16, v
.val
.i
& 0xffff); return;
486 case T_QUAD
: logn("%R", v
.val
.i
); return;
487 case T_EC
: ec_format(buf2
, v
.val
.ec
); logn("%s", buf2
); return;
488 case T_PREFIX_SET
: trie_print(v
.val
.ti
); return;
489 case T_SET
: tree_print(v
.val
.t
); return;
490 case T_ENUM
: logn("(enum %x)%d", v
.type
, v
.val
.i
); return;
491 case T_PATH
: as_path_format(v
.val
.ad
, buf2
, 1000); logn("(path %s)", buf2
); return;
492 case T_CLIST
: int_set_format(v
.val
.ad
, 1, -1, buf2
, 1000); logn("(clist %s)", buf2
); return;
493 case T_ECLIST
: ec_set_format(v
.val
.ad
, -1, buf2
, 1000); logn("(eclist %s)", buf2
); return;
494 case T_PATH_MASK
: pm_format(v
.val
.path_mask
, buf2
, 1000); logn("(pathmask%s)", buf2
); return;
495 default: logn( "[unknown type %x]", v
.type
); return;
499 static struct rte
**f_rte
;
500 static struct rta
*f_old_rta
;
501 static struct ea_list
**f_tmp_attrs
;
502 static struct linpool
*f_pool
;
505 static inline void f_rte_cow(void)
507 *f_rte
= rte_cow(*f_rte
);
511 * rta_cow - prepare rta for modification by filter
516 if ((*f_rte
)->attrs
->aflags
& RTAF_CACHED
) {
518 /* Prepare to modify rte */
521 /* Store old rta to free it later */
522 f_old_rta
= (*f_rte
)->attrs
;
525 * Alloc new rta, do shallow copy and update rte. Fields eattrs
526 * and nexthops of rta are shared with f_old_rta (they will be
527 * copied when the cached rta will be obtained at the end of
528 * f_run()), also the lock of hostentry is inherited (we suppose
529 * hostentry is not changed by filters).
531 rta
*ra
= lp_alloc(f_pool
, sizeof(rta
));
532 memcpy(ra
, f_old_rta
, sizeof(rta
));
534 (*f_rte
)->attrs
= ra
;
538 static struct rate_limit rl_runtime_err
;
540 #define runtime(x) do { \
541 log_rl(&rl_runtime_err, L_ERR "filters, line %d: %s", what->lineno, x); \
542 res.type = T_RETURN; \
543 res.val.i = F_ERROR; \
548 x = interpret(what->y); \
549 if (x.type & T_RETURN) \
552 #define ONEARG ARG(v1, a1.p)
553 #define TWOARGS ARG(v1, a1.p) \
555 #define TWOARGS_C TWOARGS \
556 if (v1.type != v2.type) \
557 runtime( "Can't operate with values of incompatible types" );
561 * @what: filter to interpret
563 * Interpret given tree of filter instructions. This is core function
564 * of filter system and does all the hard work.
566 * Each instruction has 4 fields: code (which is instruction code),
567 * aux (which is extension to instruction code, typically type),
568 * arg1 and arg2 - arguments. Depending on instruction, arguments
569 * are either integers, or pointers to instruction trees. Common
570 * instructions like +, that have two expressions as arguments use
571 * TWOARGS macro to get both of them evaluated.
573 * &f_val structures are copied around, so there are no problems with
577 interpret(struct f_inst
*what
)
580 struct f_val v1
, v2
, res
, *vp
;
594 /* Binary operators */
597 switch (res
.type
= v1
.type
) {
598 case T_VOID
: runtime( "Can't operate with values of type void" );
599 case T_INT
: res
.val
.i
= v1
.val
.i
+ v2
.val
.i
; break;
600 default: runtime( "Usage of unknown type" );
605 switch (res
.type
= v1
.type
) {
606 case T_VOID
: runtime( "Can't operate with values of type void" );
607 case T_INT
: res
.val
.i
= v1
.val
.i
- v2
.val
.i
; break;
608 default: runtime( "Usage of unknown type" );
613 switch (res
.type
= v1
.type
) {
614 case T_VOID
: runtime( "Can't operate with values of type void" );
615 case T_INT
: res
.val
.i
= v1
.val
.i
* v2
.val
.i
; break;
616 default: runtime( "Usage of unknown type" );
621 switch (res
.type
= v1
.type
) {
622 case T_VOID
: runtime( "Can't operate with values of type void" );
623 case T_INT
: if (v2
.val
.i
== 0) runtime( "Mother told me not to divide by 0" );
624 res
.val
.i
= v1
.val
.i
/ v2
.val
.i
; break;
625 case T_IP
: if (v2
.type
!= T_INT
)
626 runtime( "Incompatible types in / operator" );
628 default: runtime( "Usage of unknown type" );
635 if (v1
.type
!= T_BOOL
)
636 runtime( "Can't do boolean operation on non-booleans" );
637 if (v1
.val
.i
== (what
->code
== '|')) {
639 res
.val
.i
= v1
.val
.i
;
644 if (v2
.type
!= T_BOOL
)
645 runtime( "Can't do boolean operation on non-booleans" );
647 res
.val
.i
= v2
.val
.i
;
652 if ((v1
.type
!= T_INT
) || (v2
.type
!= T_INT
))
653 runtime( "Can't operate with value of non-integer type in pair constructor" );
656 if ((u1
> 0xFFFF) || (u2
> 0xFFFF))
657 runtime( "Can't operate with value out of bounds in pair constructor" );
658 res
.val
.i
= (u1
<< 16) | u2
;
666 int check
, ipv4_used
;
669 if (v1
.type
== T_INT
) {
670 ipv4_used
= 0; key
= v1
.val
.i
;
672 else if (v1
.type
== T_QUAD
) {
673 ipv4_used
= 1; key
= v1
.val
.i
;
676 /* IP->Quad implicit conversion */
677 else if (v1
.type
== T_IP
) {
678 ipv4_used
= 1; key
= ipa_to_u32(v1
.val
.px
.ip
);
682 runtime("Can't operate with key of non-integer/IPv4 type in EC constructor");
684 if (v2
.type
!= T_INT
)
685 runtime("Can't operate with value of non-integer type in EC constructor");
690 if (what
->aux
== EC_GENERIC
) {
691 check
= 0; res
.val
.ec
= ec_generic(key
, val
);
693 else if (ipv4_used
) {
694 check
= 1; res
.val
.ec
= ec_ip4(what
->aux
, key
, val
);
696 else if (key
< 0x10000) {
697 check
= 0; res
.val
.ec
= ec_as2(what
->aux
, key
, val
);
700 check
= 1; res
.val
.ec
= ec_as4(what
->aux
, key
, val
);
703 if (check
&& (val
> 0xFFFF))
704 runtime("Can't operate with value out of bounds in EC constructor");
709 /* Relational operators */
713 i = val_compare(v1, v2); \
715 runtime( "Can't compare values of incompatible types" ); \
720 case P('!','='): COMPARE(i
!=0);
721 case P('=','='): COMPARE(i
==0);
722 case '<': COMPARE(i
==-1);
723 case P('<','='): COMPARE(i
!=1);
727 if (v1
.type
!= T_BOOL
)
728 runtime( "Not applied to non-boolean" );
730 res
.val
.i
= !res
.val
.i
;
736 res
.val
.i
= val_in_range(v1
, v2
);
737 if (res
.val
.i
== CMP_ERROR
)
738 runtime( "~ applied on unknown type pair" );
739 res
.val
.i
= !!res
.val
.i
;
744 res
.val
.i
= (v1
.type
!= T_VOID
);
747 /* Set to indirect value, a1 = variable, a2 = value */
752 if ((sym
->class != (SYM_VARIABLE
| v2
.type
)) && (v2
.type
!= T_VOID
)) {
754 /* IP->Quad implicit conversion */
755 if ((sym
->class == (SYM_VARIABLE
| T_QUAD
)) && (v2
.type
== T_IP
)) {
757 vp
->val
.i
= ipa_to_u32(v2
.val
.px
.ip
);
761 runtime( "Assigning to variable of incompatible type" );
766 /* some constants have value in a2, some in *a1.p, strange. */
767 case 'c': /* integer (or simple type) constant, string, set, or prefix_set */
768 res
.type
= what
->aux
;
770 if (res
.type
== T_PREFIX_SET
)
771 res
.val
.ti
= what
->a2
.p
;
772 else if (res
.type
== T_SET
)
773 res
.val
.t
= what
->a2
.p
;
774 else if (res
.type
== T_STRING
)
775 res
.val
.s
= what
->a2
.p
;
777 res
.val
.i
= what
->a2
.i
;
781 res
= * ((struct f_val
*) what
->a1
.p
);
787 case '?': /* ? has really strange error value, so we can implement if ... else nicely :-) */
789 if (v1
.type
!= T_BOOL
)
790 runtime( "If requires boolean expression" );
794 } else res
.val
.i
= 1;
798 debug( "No operation\n" );
802 if (what
->a2
.i
== F_NOP
|| (what
->a2
.i
!= F_NONL
&& what
->a1
.p
))
805 switch (what
->a2
.i
) {
807 die( "Filter asked me to die" );
809 /* Should take care about turning ACCEPT into MODIFY */
811 case F_REJECT
: /* FIXME (noncritical) Should print complete route along with reason to reject route */
813 res
.val
.i
= what
->a2
.i
;
814 return res
; /* We have to return now, no more processing. */
819 bug( "unknown return type: Can't happen");
822 case 'a': /* rta access */
824 struct rta
*rta
= (*f_rte
)->attrs
;
825 res
.type
= what
->aux
;
828 res
.val
.px
.ip
= * (ip_addr
*) ((char *) rta
+ what
->a2
.i
);
831 res
.val
.i
= * ((char *) rta
+ what
->a2
.i
);
833 case T_STRING
: /* Warning: this is a special case for proto attribute */
834 res
.val
.s
= rta
->proto
->name
;
836 case T_PREFIX
: /* Warning: this works only for prefix of network */
838 res
.val
.px
.ip
= (*f_rte
)->net
->n
.prefix
;
839 res
.val
.px
.len
= (*f_rte
)->net
->n
.pxlen
;
843 bug( "Invalid type for rta access (%x)", res
.type
);
849 if (what
->aux
!= v1
.type
)
850 runtime( "Attempt to set static attribute to incompatible type" );
853 struct rta
*rta
= (*f_rte
)->attrs
;
857 * (ip_addr
*) ((char *) rta
+ what
->a2
.i
) = v1
.val
.px
.ip
;
861 rta
->scope
= v1
.val
.i
;
866 if ((i
!= RTD_BLACKHOLE
) && (i
!= RTD_UNREACHABLE
) && (i
!= RTD_PROHIBIT
))
867 runtime( "Destination can be changed only to blackhole, unreachable or prohibit" );
871 rta
->nexthops
= NULL
;
875 bug( "Unknown type in set of static attribute" );
879 case P('e','a'): /* Access to extended attributes */
882 if (!(f_flags
& FF_FORCE_TMPATTR
))
883 e
= ea_find( (*f_rte
)->attrs
->eattrs
, what
->a2
.i
);
885 e
= ea_find( (*f_tmp_attrs
), what
->a2
.i
);
886 if ((!e
) && (f_flags
& FF_FORCE_TMPATTR
))
887 e
= ea_find( (*f_rte
)->attrs
->eattrs
, what
->a2
.i
);
890 /* A special case: undefined int_set looks like empty int_set */
891 if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_INT_SET
) {
893 res
.val
.ad
= adata_empty(f_pool
, 0);
896 /* The same special case for ec_set */
897 else if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_EC_SET
) {
899 res
.val
.ad
= adata_empty(f_pool
, 0);
903 /* Undefined value */
908 switch (what
->aux
& EAF_TYPE_MASK
) {
911 res
.val
.i
= e
->u
.data
;
913 case EAF_TYPE_ROUTER_ID
:
915 res
.val
.i
= e
->u
.data
;
917 case EAF_TYPE_OPAQUE
:
918 res
.type
= T_ENUM_EMPTY
;
921 case EAF_TYPE_IP_ADDRESS
:
923 struct adata
* ad
= e
->u
.ptr
;
924 res
.val
.px
.ip
= * (ip_addr
*) ad
->data
;
926 case EAF_TYPE_AS_PATH
:
928 res
.val
.ad
= e
->u
.ptr
;
930 case EAF_TYPE_INT_SET
:
932 res
.val
.ad
= e
->u
.ptr
;
934 case EAF_TYPE_EC_SET
:
936 res
.val
.ad
= e
->u
.ptr
;
942 bug("Unknown type in e,a");
949 struct ea_list
*l
= lp_alloc(f_pool
, sizeof(struct ea_list
) + sizeof(eattr
));
952 l
->flags
= EALF_SORTED
;
954 l
->attrs
[0].id
= what
->a2
.i
;
955 l
->attrs
[0].flags
= 0;
956 l
->attrs
[0].type
= what
->aux
| EAF_ORIGINATED
;
957 switch (what
->aux
& EAF_TYPE_MASK
) {
959 case EAF_TYPE_ROUTER_ID
:
960 if (v1
.type
!= T_INT
)
961 runtime( "Setting int attribute to non-int value" );
962 l
->attrs
[0].u
.data
= v1
.val
.i
;
964 case EAF_TYPE_OPAQUE
:
965 runtime( "Setting opaque attribute is not allowed" );
967 case EAF_TYPE_IP_ADDRESS
:
969 runtime( "Setting ip attribute to non-ip value" );
970 int len
= sizeof(ip_addr
);
971 struct adata
*ad
= lp_alloc(f_pool
, sizeof(struct adata
) + len
);
973 (* (ip_addr
*) ad
->data
) = v1
.val
.px
.ip
;
974 l
->attrs
[0].u
.ptr
= ad
;
976 case EAF_TYPE_AS_PATH
:
977 if (v1
.type
!= T_PATH
)
978 runtime( "Setting path attribute to non-path value" );
979 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
981 case EAF_TYPE_INT_SET
:
982 if (v1
.type
!= T_CLIST
)
983 runtime( "Setting clist attribute to non-clist value" );
984 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
986 case EAF_TYPE_EC_SET
:
987 if (v1
.type
!= T_ECLIST
)
988 runtime( "Setting eclist attribute to non-eclist value" );
989 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
992 if (v1
.type
!= T_VOID
)
993 runtime( "Setting void attribute to non-void value" );
994 l
->attrs
[0].u
.data
= 0;
996 default: bug("Unknown type in e,S");
999 if (!(what
->aux
& EAF_TEMP
) && (!(f_flags
& FF_FORCE_TMPATTR
))) {
1001 l
->next
= (*f_rte
)->attrs
->eattrs
;
1002 (*f_rte
)->attrs
->eattrs
= l
;
1004 l
->next
= (*f_tmp_attrs
);
1011 res
.val
.i
= (*f_rte
)->pref
;
1015 if (v1
.type
!= T_INT
)
1016 runtime( "Can't set preference to non-integer" );
1017 if ((v1
.val
.i
< 0) || (v1
.val
.i
> 0xFFFF))
1018 runtime( "Setting preference value out of bounds" );
1020 (*f_rte
)->pref
= v1
.val
.i
;
1022 case 'L': /* Get length of */
1026 case T_PREFIX
: res
.val
.i
= v1
.val
.px
.len
; break;
1027 case T_PATH
: res
.val
.i
= as_path_getlen(v1
.val
.ad
); break;
1028 default: runtime( "Prefix or path expected" );
1031 case P('c','p'): /* Convert prefix to ... */
1033 if (v1
.type
!= T_PREFIX
)
1034 runtime( "Prefix expected" );
1035 res
.type
= what
->aux
;
1037 /* case T_INT: res.val.i = v1.val.px.len; break; Not needed any more */
1038 case T_IP
: res
.val
.px
.ip
= v1
.val
.px
.ip
; break;
1039 default: bug( "Unknown prefix to conversion" );
1042 case P('a','f'): /* Get first ASN from AS PATH */
1044 if (v1
.type
!= T_PATH
)
1045 runtime( "AS path expected" );
1048 as_path_get_first(v1
.val
.ad
, &as
);
1052 case P('a','l'): /* Get last ASN from AS PATH */
1054 if (v1
.type
!= T_PATH
)
1055 runtime( "AS path expected" );
1058 as_path_get_last(v1
.val
.ad
, &as
);
1065 res
.type
|= T_RETURN
;
1067 case P('c','a'): /* CALL: this is special: if T_RETURN and returning some value, mask it out */
1069 res
= interpret(what
->a2
.p
);
1070 if (res
.type
== T_RETURN
)
1072 res
.type
&= ~T_RETURN
;
1074 case P('c','v'): /* Clear local variables */
1075 for (sym
= what
->a1
.p
; sym
!= NULL
; sym
= sym
->aux2
)
1076 ((struct f_val
*) sym
->def
)->type
= T_VOID
;
1081 struct f_tree
*t
= find_tree(what
->a2
.p
, v1
);
1084 t
= find_tree(what
->a2
.p
, v1
);
1086 debug( "No else statement?\n");
1090 /* It is actually possible to have t->data NULL */
1092 res
= interpret(t
->data
);
1093 if (res
.type
& T_RETURN
)
1097 case P('i','M'): /* IP.MASK(val) */
1099 if (v2
.type
!= T_INT
)
1100 runtime( "Integer expected");
1101 if (v1
.type
!= T_IP
)
1102 runtime( "You can mask only IP addresses" );
1104 ip_addr mask
= ipa_mkmask(v2
.val
.i
);
1106 res
.val
.px
.ip
= ipa_and(mask
, v1
.val
.px
.ip
);
1110 case 'E': /* Create empty attribute */
1111 res
.type
= what
->aux
;
1112 res
.val
.ad
= adata_empty(f_pool
, 0);
1114 case P('A','p'): /* Path prepend */
1116 if (v1
.type
!= T_PATH
)
1117 runtime("Can't prepend to non-path");
1118 if (v2
.type
!= T_INT
)
1119 runtime("Can't prepend non-integer");
1122 res
.val
.ad
= as_path_prepend(f_pool
, v1
.val
.ad
, v2
.val
.i
);
1125 case P('C','a'): /* (Extended) Community list add or delete */
1127 if (v1
.type
== T_CLIST
)
1129 /* Community (or cluster) list */
1134 if ((v2
.type
== T_PAIR
) || (v2
.type
== T_QUAD
))
1137 /* IP->Quad implicit conversion */
1138 else if (v2
.type
== T_IP
)
1139 i
= ipa_to_u32(v2
.val
.px
.ip
);
1141 else if ((v2
.type
== T_SET
) && clist_set_type(v2
.val
.t
, &dummy
))
1143 else if (v2
.type
== T_CLIST
)
1146 runtime("Can't add/delete non-pair");
1153 runtime("Can't add set");
1155 res
.val
.ad
= int_set_add(f_pool
, v1
.val
.ad
, i
);
1157 res
.val
.ad
= int_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1162 res
.val
.ad
= int_set_del(f_pool
, v1
.val
.ad
, i
);
1164 res
.val
.ad
= clist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1169 runtime("Can't filter pair");
1170 res
.val
.ad
= clist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1174 bug("unknown Ca operation");
1177 else if (v1
.type
== T_ECLIST
)
1179 /* Extended community list */
1182 /* v2.val is either EC or EC-set */
1183 if ((v2
.type
== T_SET
) && eclist_set_type(v2
.val
.t
))
1185 else if (v2
.type
== T_ECLIST
)
1187 else if (v2
.type
!= T_EC
)
1188 runtime("Can't add/delete non-pair");
1190 res
.type
= T_ECLIST
;
1195 runtime("Can't add set");
1197 res
.val
.ad
= ec_set_add(f_pool
, v1
.val
.ad
, v2
.val
.ec
);
1199 res
.val
.ad
= ec_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1204 res
.val
.ad
= ec_set_del(f_pool
, v1
.val
.ad
, v2
.val
.ec
);
1206 res
.val
.ad
= eclist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1211 runtime("Can't filter ec");
1212 res
.val
.ad
= eclist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1216 bug("unknown Ca operation");
1220 runtime("Can't add/delete to non-(e)clist");
1224 case P('R','C'): /* ROA Check */
1228 if ((v1
.type
!= T_PREFIX
) || (v2
.type
!= T_INT
))
1229 runtime("Invalid argument to roa_check()");
1235 v1
.val
.px
.ip
= (*f_rte
)->net
->n
.prefix
;
1236 v1
.val
.px
.len
= (*f_rte
)->net
->n
.pxlen
;
1238 /* We ignore temporary attributes, probably not a problem here */
1239 /* 0x02 is a value of BA_AS_PATH, we don't want to include BGP headers */
1240 eattr
*e
= ea_find((*f_rte
)->attrs
->eattrs
, EA_CODE(EAP_BGP
, 0x02));
1242 if (!e
|| e
->type
!= EAF_TYPE_AS_PATH
)
1243 runtime("Missing AS_PATH attribute");
1245 as_path_get_last(e
->u
.ptr
, &as
);
1248 struct roa_table_config
*rtc
= ((struct f_inst_roa_check
*) what
)->rtc
;
1250 runtime("Missing ROA table");
1252 res
.type
= T_ENUM_ROA
;
1253 res
.val
.i
= roa_check(rtc
->table
, v1
.val
.px
.ip
, v1
.val
.px
.len
, as
);
1257 bug( "Unknown instruction %d (%c)", what
->code
, what
->code
& 0xff);
1260 return interpret(what
->next
);
1266 if (!i_same(f1->y, f2->y)) \
1269 #define ONEARG ARG(v1, a1.p)
1270 #define TWOARGS ARG(v1, a1.p) \
1273 #define A2_SAME if (f1->a2.i != f2->a2.i) return 0;
1276 * i_same - function that does real comparing of instruction trees, you should call filter_same from outside
1279 i_same(struct f_inst
*f1
, struct f_inst
*f2
)
1281 if ((!!f1
) != (!!f2
))
1285 if (f1
->aux
!= f2
->aux
)
1287 if (f1
->code
!= f2
->code
)
1289 if (f1
== f2
) /* It looks strange, but it is possible with call rewriting trickery */
1293 case ',': /* fall through */
1305 case P('<','='): TWOARGS
; break;
1307 case '!': ONEARG
; break;
1308 case '~': TWOARGS
; break;
1309 case P('d','e'): ONEARG
; break;
1314 struct symbol
*s1
, *s2
;
1317 if (strcmp(s1
->name
, s2
->name
))
1319 if (s1
->class != s2
->class)
1328 if (!trie_same(f1
->a2
.p
, f2
->a2
.p
))
1333 if (!same_tree(f1
->a2
.p
, f2
->a2
.p
))
1338 if (strcmp(f1
->a2
.p
, f2
->a2
.p
))
1347 if (val_compare(* (struct f_val
*) f1
->a1
.p
, * (struct f_val
*) f2
->a1
.p
))
1351 if (strcmp((char *) f1
->a2
.p
, (char *) f2
->a2
.p
))
1354 case 'p': case 'L': ONEARG
; break;
1355 case '?': TWOARGS
; break;
1356 case '0': case 'E': break;
1357 case P('p',','): ONEARG
; A2_SAME
; break;
1359 case 'a': A2_SAME
; break;
1360 case P('e','a'): A2_SAME
; break;
1363 case P('e','S'): ONEARG
; A2_SAME
; break;
1365 case 'r': ONEARG
; break;
1366 case P('c','p'): ONEARG
; break;
1367 case P('c','a'): /* Call rewriting trickery to avoid exponential behaviour */
1369 if (!i_same(f1
->a2
.p
, f2
->a2
.p
))
1371 f2
->a2
.p
= f1
->a2
.p
;
1373 case P('c','v'): break; /* internal instruction */
1374 case P('S','W'): ONEARG
; if (!same_tree(f1
->a2
.p
, f2
->a2
.p
)) return 0; break;
1375 case P('i','M'): TWOARGS
; break;
1376 case P('A','p'): TWOARGS
; break;
1377 case P('C','a'): TWOARGS
; break;
1379 case P('a','l'): ONEARG
; break;
1382 /* Does not really make sense - ROA check resuls may change anyway */
1383 if (strcmp(((struct f_inst_roa_check
*) f1
)->rtc
->name
,
1384 ((struct f_inst_roa_check
*) f2
)->rtc
->name
))
1388 bug( "Unknown instruction %d in same (%c)", f1
->code
, f1
->code
& 0xff);
1390 return i_same(f1
->next
, f2
->next
);
1394 * f_run - run a filter for a route
1395 * @filter: filter to run
1396 * @rte: route being filtered, may be modified
1397 * @tmp_attrs: temporary attributes, prepared by caller or generated by f_run()
1398 * @tmp_pool: all filter allocations go from this pool
1401 * If filter needs to modify the route, there are several
1402 * posibilities. @rte might be read-only (with REF_COW flag), in that
1403 * case rw copy is obtained by rte_cow() and @rte is replaced. If
1404 * @rte is originally rw, it may be directly modified (and it is never
1407 * The returned rte may reuse the (possibly cached, cloned) rta, or
1408 * (if rta was modificied) contains a modified uncached rta, which
1409 * uses parts allocated from @tmp_pool and parts shared from original
1410 * rta. There is one exception - if @rte is rw but contains a cached
1411 * rta and that is modified, rta in returned rte is also cached.
1413 * Ownership of cached rtas is consistent with rte, i.e.
1414 * if a new rte is returned, it has its own clone of cached rta
1415 * (and cached rta of read-only source rte is intact), if rte is
1416 * modified in place, old cached rta is possibly freed.
1419 f_run(struct filter
*filter
, struct rte
**rte
, struct ea_list
**tmp_attrs
, struct linpool
*tmp_pool
, int flags
)
1421 int rte_cow
= ((*rte
)->flags
& REF_COW
);
1422 DBG( "Running filter `%s'...", filter
->name
);
1426 f_tmp_attrs
= tmp_attrs
;
1431 struct f_val res
= interpret(filter
->root
);
1435 * Cached rta was modified and f_rte contains now an uncached one,
1436 * sharing some part with the cached one. The cached rta should
1437 * be freed (if rte was originally COW, f_old_rta is a clone
1438 * obtained during rte_cow()).
1440 * This also implements the exception mentioned in f_run()
1441 * description. The reason for this is that rta reuses parts of
1442 * f_old_rta, and these may be freed during rta_free(f_old_rta).
1443 * This is not the problem if rte was COW, because original rte
1444 * also holds the same rta.
1447 (*f_rte
)->attrs
= rta_lookup((*f_rte
)->attrs
);
1449 rta_free(f_old_rta
);
1453 if (res
.type
!= T_RETURN
) {
1454 log( L_ERR
"Filter %s did not return accept nor reject. Make up your mind", filter
->name
);
1457 DBG( "done (%d)\n", res
.val
.i
);
1462 f_eval_int(struct f_inst
*expr
)
1464 /* Called independently in parse-time to eval expressions */
1473 res
= interpret(expr
);
1475 if (res
.type
!= T_INT
)
1476 cf_error("Integer expression expected");
1481 f_eval_asn(struct f_inst
*expr
)
1483 /* Called as a part of another interpret call, therefore no log_reset() */
1484 struct f_val res
= interpret(expr
);
1485 return (res
.type
== T_INT
) ? res
.val
.i
: 0;
1489 * filter_same - compare two filters
1490 * @new: first filter to be compared
1491 * @old: second filter to be compared, notice that this filter is
1492 * damaged while comparing.
1494 * Returns 1 in case filters are same, otherwise 0. If there are
1495 * underlying bugs, it will rather say 0 on same filters than say
1499 filter_same(struct filter
*new, struct filter
*old
)
1501 if (old
== new) /* Handle FILTER_ACCEPT and FILTER_REJECT */
1503 if (old
== FILTER_ACCEPT
|| old
== FILTER_REJECT
||
1504 new == FILTER_ACCEPT
|| new == FILTER_REJECT
)
1506 return i_same(new->root
, old
->root
);