2 * Filters: utility functions
4 * Copyright 1998 Pavel Machek <pavel@ucw.cz>
6 * Can be freely distributed and used under the terms of the GNU GPL.
13 * You can find sources of the filter language in |filter/|
14 * directory. File |filter/config.Y| contains filter grammar and basically translates
15 * the source from user into a tree of &f_inst structures. These trees are
16 * later interpreted using code in |filter/filter.c|.
18 * A filter is represented by a tree of &f_inst structures, one structure per
19 * "instruction". Each &f_inst contains @code, @aux value which is
20 * usually the data type this instruction operates on and two generic
21 * arguments (@a1, @a2). Some instructions contain pointer(s) to other
22 * instructions in their (@a1, @a2) fields.
24 * Filters use a &f_val structure for their data. Each &f_val
25 * contains type and value (types are constants prefixed with %T_). Few
26 * of the types are special; %T_RETURN can be or-ed with a type to indicate
27 * that return from a function or from the whole filter should be
28 * forced. Important thing about &f_val's is that they may be copied
29 * with a simple |=|. That's fine for all currently defined types: strings
30 * are read-only (and therefore okay), paths are copied for each
31 * operation (okay too).
36 #include "nest/bird.h"
37 #include "lib/lists.h"
38 #include "lib/resource.h"
39 #include "lib/socket.h"
40 #include "lib/string.h"
41 #include "lib/unaligned.h"
42 #include "nest/route.h"
43 #include "nest/protocol.h"
44 #include "nest/iface.h"
45 #include "nest/attrs.h"
46 #include "conf/conf.h"
47 #include "filter/filter.h"
49 #define P(a,b) ((a<<8) | b)
54 adata_empty(struct linpool
*pool
, int l
)
56 struct adata
*res
= lp_alloc(pool
, sizeof(struct adata
) + l
);
62 pm_format(struct f_path_mask
*p
, byte
*buf
, unsigned int size
)
64 byte
*end
= buf
+ size
- 16;
77 buf
+= bsprintf(buf
, " %u", p
->val
);
81 buf
+= bsprintf(buf
, " ?");
85 buf
+= bsprintf(buf
, " *");
89 buf
+= bsprintf(buf
, " %u", f_eval_asn((struct f_inst
*) p
->val
));
100 int_cmp(int i1
, int i2
)
102 return (i1
> i2
) - (i1
< i2
);
106 uint_cmp(unsigned int i1
, unsigned int i2
)
108 return (int)(i1
> i2
) - (int)(i1
< i2
);
112 u64_cmp(u64 i1
, u64 i2
)
114 return (int)(i1
> i2
) - (int)(i1
< i2
);
118 * val_compare - compare two values
122 * Compares two values and returns -1, 0, 1 on <, =, > or CMP_ERROR on
123 * error. Tree module relies on this giving consistent results so
124 * that it can be used for building balanced trees.
127 val_compare(struct f_val v1
, struct f_val v2
)
131 if (v1
.type
!= v2
.type
) {
132 if (v1
.type
== T_VOID
) /* Hack for else */
134 if (v2
.type
== T_VOID
)
138 /* IP->Quad implicit conversion */
139 if ((v1
.type
== T_QUAD
) && (v2
.type
== T_IP
))
140 return uint_cmp(v1
.val
.i
, ipa_to_u32(v2
.val
.px
.ip
));
141 if ((v1
.type
== T_IP
) && (v2
.type
== T_QUAD
))
142 return uint_cmp(ipa_to_u32(v1
.val
.px
.ip
), v2
.val
.i
);
145 debug( "Types do not match in val_compare\n" );
155 return int_cmp(v1
.val
.i
, v2
.val
.i
);
158 return uint_cmp(v1
.val
.i
, v2
.val
.i
);
160 return u64_cmp(v1
.val
.ec
, v2
.val
.ec
);
162 return ipa_compare(v1
.val
.px
.ip
, v2
.val
.px
.ip
);
164 if (rc
= ipa_compare(v1
.val
.px
.ip
, v2
.val
.px
.ip
))
166 return int_cmp(v1
.val
.px
.len
, v2
.val
.px
.len
);
168 return strcmp(v1
.val
.s
, v2
.val
.s
);
175 pm_path_same(struct f_path_mask
*m1
, struct f_path_mask
*m2
)
179 if ((m1
->kind
!= m2
->kind
) || (m1
->val
!= m2
->val
))
190 * val_same - compare two values
194 * Compares two values and returns 1 if they are same and 0 if not.
195 * Comparison of values of different types is valid and returns 0.
198 val_same(struct f_val v1
, struct f_val v2
)
202 rc
= val_compare(v1
, v2
);
206 if (v1
.type
!= v2
.type
)
211 return pm_path_same(v1
.val
.path_mask
, v2
.val
.path_mask
);
215 return adata_same(v1
.val
.ad
, v2
.val
.ad
);
217 return same_tree(v1
.val
.t
, v2
.val
.t
);
219 return trie_same(v1
.val
.ti
, v2
.val
.ti
);
221 bug("Invalid type in val_same(): %x", v1
.type
);
226 fprefix_get_bounds(struct f_prefix
*px
, int *l
, int *h
)
228 *l
= *h
= px
->len
& LEN_MASK
;
230 if (px
->len
& LEN_MINUS
)
233 else if (px
->len
& LEN_PLUS
)
234 *h
= MAX_PREFIX_LENGTH
;
236 else if (px
->len
& LEN_RANGE
)
238 *l
= 0xff & (px
->len
>> 16);
239 *h
= 0xff & (px
->len
>> 8);
244 clist_set_type(struct f_tree
*set
, struct f_val
*v
)
246 switch (set
->from
.type
) {
264 eclist_set_type(struct f_tree
*set
)
265 { return set
->from
.type
== T_EC
; }
268 clist_match_set(struct adata
*clist
, struct f_tree
*set
)
274 if (!clist_set_type(set
, &v
))
277 u32
*l
= (u32
*) clist
->data
;
278 u32
*end
= l
+ clist
->length
/4;
282 if (find_tree(set
, v
))
289 eclist_match_set(struct adata
*list
, struct f_tree
*set
)
294 if (!eclist_set_type(set
))
298 u32
*l
= int_set_get_data(list
);
299 int len
= int_set_get_size(list
);
303 for (i
= 0; i
< len
; i
+= 2) {
304 v
.val
.ec
= ec_get(l
, i
);
305 if (find_tree(set
, v
))
312 static struct adata
*
313 clist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
318 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
321 clist_set_type(set
.val
.t
, &v
);
325 int len
= int_set_get_size(list
);
326 u32
*l
= int_set_get_data(list
);
333 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
334 if ((tree
? !!find_tree(set
.val
.t
, v
) : int_set_contains(set
.val
.ad
, v
.val
.i
)) == pos
)
338 int nl
= (k
- tmp
) * 4;
339 if (nl
== list
->length
)
342 struct adata
*res
= adata_empty(pool
, nl
);
343 memcpy(res
->data
, tmp
, nl
);
347 static struct adata
*
348 eclist_filter(struct linpool
*pool
, struct adata
*list
, struct f_val set
, int pos
)
353 int tree
= (set
.type
== T_SET
); /* 1 -> set is T_SET, 0 -> set is T_CLIST */
356 int len
= int_set_get_size(list
);
357 u32
*l
= int_set_get_data(list
);
363 for (i
= 0; i
< len
; i
+= 2) {
364 v
.val
.ec
= ec_get(l
, i
);
365 /* pos && member(val, set) || !pos && !member(val, set), member() depends on tree */
366 if ((tree
? !!find_tree(set
.val
.t
, v
) : ec_set_contains(set
.val
.ad
, v
.val
.ec
)) == pos
) {
372 int nl
= (k
- tmp
) * 4;
373 if (nl
== list
->length
)
376 struct adata
*res
= adata_empty(pool
, nl
);
377 memcpy(res
->data
, tmp
, nl
);
382 * val_in_range - implement |~| operator
386 * Checks if @v1 is element (|~| operator) of @v2.
389 val_in_range(struct f_val v1
, struct f_val v2
)
391 if ((v1
.type
== T_PATH
) && (v2
.type
== T_PATH_MASK
))
392 return as_path_match(v1
.val
.ad
, v2
.val
.path_mask
);
394 if ((v1
.type
== T_INT
) && (v2
.type
== T_PATH
))
395 return as_path_contains(v2
.val
.ad
, v1
.val
.i
, 1);
397 if (((v1
.type
== T_PAIR
) || (v1
.type
== T_QUAD
)) && (v2
.type
== T_CLIST
))
398 return int_set_contains(v2
.val
.ad
, v1
.val
.i
);
400 /* IP->Quad implicit conversion */
401 if ((v1
.type
== T_IP
) && (v2
.type
== T_CLIST
))
402 return int_set_contains(v2
.val
.ad
, ipa_to_u32(v1
.val
.px
.ip
));
405 if ((v1
.type
== T_EC
) && (v2
.type
== T_ECLIST
))
406 return ec_set_contains(v2
.val
.ad
, v1
.val
.ec
);
408 if ((v1
.type
== T_STRING
) && (v2
.type
== T_STRING
))
409 return patmatch(v2
.val
.s
, v1
.val
.s
);
411 if ((v1
.type
== T_IP
) && (v2
.type
== T_PREFIX
))
412 return ipa_in_net(v1
.val
.px
.ip
, v2
.val
.px
.ip
, v2
.val
.px
.len
);
414 if ((v1
.type
== T_PREFIX
) && (v2
.type
== T_PREFIX
))
415 return net_in_net(v1
.val
.px
.ip
, v1
.val
.px
.len
, v2
.val
.px
.ip
, v2
.val
.px
.len
);
417 if ((v1
.type
== T_PREFIX
) && (v2
.type
== T_PREFIX_SET
))
418 return trie_match_fprefix(v2
.val
.ti
, &v1
.val
.px
);
420 if (v2
.type
!= T_SET
)
423 /* With integrated Quad<->IP implicit conversion */
424 if ((v1
.type
== v2
.val
.t
->from
.type
) ||
425 ((IP_VERSION
== 4) && (v1
.type
== T_QUAD
) && (v2
.val
.t
->from
.type
== T_IP
)))
426 return !!find_tree(v2
.val
.t
, v1
);
428 if (v1
.type
== T_CLIST
)
429 return clist_match_set(v1
.val
.ad
, v2
.val
.t
);
431 if (v1
.type
== T_ECLIST
)
432 return eclist_match_set(v1
.val
.ad
, v2
.val
.t
);
434 if (v1
.type
== T_PATH
)
435 return as_path_match_set(v1
.val
.ad
, v2
.val
.t
);
441 tree_node_print(struct f_tree
*t
, char **sep
)
446 tree_node_print(t
->left
, sep
);
450 if (val_compare(t
->from
, t
->to
) != 0)
457 tree_node_print(t
->right
, sep
);
461 tree_print(struct f_tree
*t
)
465 tree_node_print(t
, &sep
);
470 * val_print - format filter value
473 val_print(struct f_val v
)
477 case T_VOID
: logn("(void)"); return;
478 case T_BOOL
: logn(v
.val
.i
? "TRUE" : "FALSE"); return;
479 case T_INT
: logn("%d", v
.val
.i
); return;
480 case T_STRING
: logn("%s", v
.val
.s
); return;
481 case T_IP
: logn("%I", v
.val
.px
.ip
); return;
482 case T_PREFIX
: logn("%I/%d", v
.val
.px
.ip
, v
.val
.px
.len
); return;
483 case T_PAIR
: logn("(%d,%d)", v
.val
.i
>> 16, v
.val
.i
& 0xffff); return;
484 case T_QUAD
: logn("%R", v
.val
.i
); return;
485 case T_EC
: ec_format(buf2
, v
.val
.ec
); logn("%s", buf2
); return;
486 case T_PREFIX_SET
: trie_print(v
.val
.ti
); return;
487 case T_SET
: tree_print(v
.val
.t
); return;
488 case T_ENUM
: logn("(enum %x)%d", v
.type
, v
.val
.i
); return;
489 case T_PATH
: as_path_format(v
.val
.ad
, buf2
, 1000); logn("(path %s)", buf2
); return;
490 case T_CLIST
: int_set_format(v
.val
.ad
, 1, -1, buf2
, 1000); logn("(clist %s)", buf2
); return;
491 case T_ECLIST
: ec_set_format(v
.val
.ad
, -1, buf2
, 1000); logn("(eclist %s)", buf2
); return;
492 case T_PATH_MASK
: pm_format(v
.val
.path_mask
, buf2
, 1000); logn("(pathmask%s)", buf2
); return;
493 default: logn( "[unknown type %x]", v
.type
); return;
497 static struct rte
**f_rte
;
498 static struct rta
*f_old_rta
;
499 static struct ea_list
**f_tmp_attrs
;
500 static struct linpool
*f_pool
;
503 static inline void f_rte_cow(void)
505 *f_rte
= rte_cow(*f_rte
);
509 * rta_cow - prepare rta for modification by filter
514 if ((*f_rte
)->attrs
->aflags
& RTAF_CACHED
) {
516 /* Prepare to modify rte */
519 /* Store old rta to free it later */
520 f_old_rta
= (*f_rte
)->attrs
;
523 * Alloc new rta, do shallow copy and update rte. Fields eattrs
524 * and nexthops of rta are shared with f_old_rta (they will be
525 * copied when the cached rta will be obtained at the end of
526 * f_run()), also the lock of hostentry is inherited (we suppose
527 * hostentry is not changed by filters).
529 rta
*ra
= lp_alloc(f_pool
, sizeof(rta
));
530 memcpy(ra
, f_old_rta
, sizeof(rta
));
532 (*f_rte
)->attrs
= ra
;
536 static struct rate_limit rl_runtime_err
;
538 #define runtime(x) do { \
539 log_rl(&rl_runtime_err, L_ERR "filters, line %d: %s", what->lineno, x); \
540 res.type = T_RETURN; \
541 res.val.i = F_ERROR; \
546 x = interpret(what->y); \
547 if (x.type & T_RETURN) \
550 #define ONEARG ARG(v1, a1.p)
551 #define TWOARGS ARG(v1, a1.p) \
553 #define TWOARGS_C TWOARGS \
554 if (v1.type != v2.type) \
555 runtime( "Can't operate with values of incompatible types" );
557 do { if (!f_rte) runtime("No route to access"); } while (0)
561 * @what: filter to interpret
563 * Interpret given tree of filter instructions. This is core function
564 * of filter system and does all the hard work.
566 * Each instruction has 4 fields: code (which is instruction code),
567 * aux (which is extension to instruction code, typically type),
568 * arg1 and arg2 - arguments. Depending on instruction, arguments
569 * are either integers, or pointers to instruction trees. Common
570 * instructions like +, that have two expressions as arguments use
571 * TWOARGS macro to get both of them evaluated.
573 * &f_val structures are copied around, so there are no problems with
577 interpret(struct f_inst
*what
)
580 struct f_val v1
, v2
, res
, *vp
;
594 /* Binary operators */
597 switch (res
.type
= v1
.type
) {
598 case T_VOID
: runtime( "Can't operate with values of type void" );
599 case T_INT
: res
.val
.i
= v1
.val
.i
+ v2
.val
.i
; break;
600 default: runtime( "Usage of unknown type" );
605 switch (res
.type
= v1
.type
) {
606 case T_VOID
: runtime( "Can't operate with values of type void" );
607 case T_INT
: res
.val
.i
= v1
.val
.i
- v2
.val
.i
; break;
608 default: runtime( "Usage of unknown type" );
613 switch (res
.type
= v1
.type
) {
614 case T_VOID
: runtime( "Can't operate with values of type void" );
615 case T_INT
: res
.val
.i
= v1
.val
.i
* v2
.val
.i
; break;
616 default: runtime( "Usage of unknown type" );
621 switch (res
.type
= v1
.type
) {
622 case T_VOID
: runtime( "Can't operate with values of type void" );
623 case T_INT
: if (v2
.val
.i
== 0) runtime( "Mother told me not to divide by 0" );
624 res
.val
.i
= v1
.val
.i
/ v2
.val
.i
; break;
625 default: runtime( "Usage of unknown type" );
632 if (v1
.type
!= T_BOOL
)
633 runtime( "Can't do boolean operation on non-booleans" );
634 if (v1
.val
.i
== (what
->code
== '|')) {
636 res
.val
.i
= v1
.val
.i
;
641 if (v2
.type
!= T_BOOL
)
642 runtime( "Can't do boolean operation on non-booleans" );
644 res
.val
.i
= v2
.val
.i
;
649 if ((v1
.type
!= T_INT
) || (v2
.type
!= T_INT
))
650 runtime( "Can't operate with value of non-integer type in pair constructor" );
653 if ((u1
> 0xFFFF) || (u2
> 0xFFFF))
654 runtime( "Can't operate with value out of bounds in pair constructor" );
655 res
.val
.i
= (u1
<< 16) | u2
;
663 int check
, ipv4_used
;
666 if (v1
.type
== T_INT
) {
667 ipv4_used
= 0; key
= v1
.val
.i
;
669 else if (v1
.type
== T_QUAD
) {
670 ipv4_used
= 1; key
= v1
.val
.i
;
673 /* IP->Quad implicit conversion */
674 else if (v1
.type
== T_IP
) {
675 ipv4_used
= 1; key
= ipa_to_u32(v1
.val
.px
.ip
);
679 runtime("Can't operate with key of non-integer/IPv4 type in EC constructor");
681 if (v2
.type
!= T_INT
)
682 runtime("Can't operate with value of non-integer type in EC constructor");
687 if (what
->aux
== EC_GENERIC
) {
688 check
= 0; res
.val
.ec
= ec_generic(key
, val
);
690 else if (ipv4_used
) {
691 check
= 1; res
.val
.ec
= ec_ip4(what
->aux
, key
, val
);
693 else if (key
< 0x10000) {
694 check
= 0; res
.val
.ec
= ec_as2(what
->aux
, key
, val
);
697 check
= 1; res
.val
.ec
= ec_as4(what
->aux
, key
, val
);
700 if (check
&& (val
> 0xFFFF))
701 runtime("Can't operate with value out of bounds in EC constructor");
706 /* Relational operators */
710 i = val_compare(v1, v2); \
712 runtime( "Can't compare values of incompatible types" ); \
719 i = val_same(v1, v2); \
724 case P('!','='): SAME(!i
);
725 case P('=','='): SAME(i
);
726 case '<': COMPARE(i
==-1);
727 case P('<','='): COMPARE(i
!=1);
731 if (v1
.type
!= T_BOOL
)
732 runtime( "Not applied to non-boolean" );
734 res
.val
.i
= !res
.val
.i
;
740 res
.val
.i
= val_in_range(v1
, v2
);
741 if (res
.val
.i
== CMP_ERROR
)
742 runtime( "~ applied on unknown type pair" );
743 res
.val
.i
= !!res
.val
.i
;
748 res
.val
.i
= (v1
.type
!= T_VOID
);
751 /* Set to indirect value, a1 = variable, a2 = value */
756 if ((sym
->class != (SYM_VARIABLE
| v2
.type
)) && (v2
.type
!= T_VOID
)) {
758 /* IP->Quad implicit conversion */
759 if ((sym
->class == (SYM_VARIABLE
| T_QUAD
)) && (v2
.type
== T_IP
)) {
761 vp
->val
.i
= ipa_to_u32(v2
.val
.px
.ip
);
765 runtime( "Assigning to variable of incompatible type" );
770 /* some constants have value in a2, some in *a1.p, strange. */
771 case 'c': /* integer (or simple type) constant, string, set, or prefix_set */
772 res
.type
= what
->aux
;
774 if (res
.type
== T_PREFIX_SET
)
775 res
.val
.ti
= what
->a2
.p
;
776 else if (res
.type
== T_SET
)
777 res
.val
.t
= what
->a2
.p
;
778 else if (res
.type
== T_STRING
)
779 res
.val
.s
= what
->a2
.p
;
781 res
.val
.i
= what
->a2
.i
;
785 res
= * ((struct f_val
*) what
->a1
.p
);
791 case '?': /* ? has really strange error value, so we can implement if ... else nicely :-) */
793 if (v1
.type
!= T_BOOL
)
794 runtime( "If requires boolean expression" );
798 } else res
.val
.i
= 1;
802 debug( "No operation\n" );
806 if (what
->a2
.i
== F_NOP
|| (what
->a2
.i
!= F_NONL
&& what
->a1
.p
))
809 switch (what
->a2
.i
) {
811 die( "Filter asked me to die" );
813 /* Should take care about turning ACCEPT into MODIFY */
815 case F_REJECT
: /* FIXME (noncritical) Should print complete route along with reason to reject route */
817 res
.val
.i
= what
->a2
.i
;
818 return res
; /* We have to return now, no more processing. */
823 bug( "unknown return type: Can't happen");
826 case 'a': /* rta access */
829 struct rta
*rta
= (*f_rte
)->attrs
;
830 res
.type
= what
->aux
;
834 case SA_FROM
: res
.val
.px
.ip
= rta
->from
; break;
835 case SA_GW
: res
.val
.px
.ip
= rta
->gw
; break;
836 case SA_NET
: res
.val
.px
.ip
= (*f_rte
)->net
->n
.prefix
;
837 res
.val
.px
.len
= (*f_rte
)->net
->n
.pxlen
; break;
838 case SA_PROTO
: res
.val
.s
= rta
->proto
->name
; break;
839 case SA_SOURCE
: res
.val
.i
= rta
->source
; break;
840 case SA_SCOPE
: res
.val
.i
= rta
->scope
; break;
841 case SA_CAST
: res
.val
.i
= rta
->cast
; break;
842 case SA_DEST
: res
.val
.i
= rta
->dest
; break;
843 case SA_IFNAME
: res
.val
.s
= rta
->iface
? rta
->iface
->name
: ""; break;
844 case SA_IFINDEX
: res
.val
.i
= rta
->iface
? rta
->iface
->index
: 0; break;
847 bug("Invalid static attribute access (%x)", res
.type
);
854 if (what
->aux
!= v1
.type
)
855 runtime( "Attempt to set static attribute to incompatible type" );
859 struct rta
*rta
= (*f_rte
)->attrs
;
864 rta
->from
= v1
.val
.px
.ip
;
869 ip_addr ip
= v1
.val
.px
.ip
;
870 neighbor
*n
= neigh_find(rta
->proto
, &ip
, 0);
871 if (!n
|| (n
->scope
== SCOPE_HOST
))
872 runtime( "Invalid gw address" );
874 rta
->dest
= RTD_ROUTER
;
876 rta
->iface
= n
->iface
;
877 rta
->nexthops
= NULL
;
878 rta
->hostentry
= NULL
;
883 rta
->scope
= v1
.val
.i
;
888 if ((i
!= RTD_BLACKHOLE
) && (i
!= RTD_UNREACHABLE
) && (i
!= RTD_PROHIBIT
))
889 runtime( "Destination can be changed only to blackhole, unreachable or prohibit" );
894 rta
->nexthops
= NULL
;
895 rta
->hostentry
= NULL
;
899 bug("Invalid static attribute access (%x)", res
.type
);
903 case P('e','a'): /* Access to extended attributes */
907 if (!(f_flags
& FF_FORCE_TMPATTR
))
908 e
= ea_find( (*f_rte
)->attrs
->eattrs
, what
->a2
.i
);
910 e
= ea_find( (*f_tmp_attrs
), what
->a2
.i
);
911 if ((!e
) && (f_flags
& FF_FORCE_TMPATTR
))
912 e
= ea_find( (*f_rte
)->attrs
->eattrs
, what
->a2
.i
);
915 /* A special case: undefined int_set looks like empty int_set */
916 if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_INT_SET
) {
918 res
.val
.ad
= adata_empty(f_pool
, 0);
921 /* The same special case for ec_set */
922 else if ((what
->aux
& EAF_TYPE_MASK
) == EAF_TYPE_EC_SET
) {
924 res
.val
.ad
= adata_empty(f_pool
, 0);
928 /* Undefined value */
933 switch (what
->aux
& EAF_TYPE_MASK
) {
936 res
.val
.i
= e
->u
.data
;
938 case EAF_TYPE_ROUTER_ID
:
940 res
.val
.i
= e
->u
.data
;
942 case EAF_TYPE_OPAQUE
:
943 res
.type
= T_ENUM_EMPTY
;
946 case EAF_TYPE_IP_ADDRESS
:
948 struct adata
* ad
= e
->u
.ptr
;
949 res
.val
.px
.ip
= * (ip_addr
*) ad
->data
;
951 case EAF_TYPE_AS_PATH
:
953 res
.val
.ad
= e
->u
.ptr
;
955 case EAF_TYPE_INT_SET
:
957 res
.val
.ad
= e
->u
.ptr
;
959 case EAF_TYPE_EC_SET
:
961 res
.val
.ad
= e
->u
.ptr
;
967 bug("Unknown type in e,a");
975 struct ea_list
*l
= lp_alloc(f_pool
, sizeof(struct ea_list
) + sizeof(eattr
));
978 l
->flags
= EALF_SORTED
;
980 l
->attrs
[0].id
= what
->a2
.i
;
981 l
->attrs
[0].flags
= 0;
982 l
->attrs
[0].type
= what
->aux
| EAF_ORIGINATED
;
983 switch (what
->aux
& EAF_TYPE_MASK
) {
985 if (v1
.type
!= T_INT
)
986 runtime( "Setting int attribute to non-int value" );
987 l
->attrs
[0].u
.data
= v1
.val
.i
;
990 case EAF_TYPE_ROUTER_ID
:
992 /* IP->Quad implicit conversion */
993 if (v1
.type
== T_IP
) {
994 l
->attrs
[0].u
.data
= ipa_to_u32(v1
.val
.px
.ip
);
998 /* T_INT for backward compatibility */
999 if ((v1
.type
!= T_QUAD
) && (v1
.type
!= T_INT
))
1000 runtime( "Setting quad attribute to non-quad value" );
1001 l
->attrs
[0].u
.data
= v1
.val
.i
;
1004 case EAF_TYPE_OPAQUE
:
1005 runtime( "Setting opaque attribute is not allowed" );
1007 case EAF_TYPE_IP_ADDRESS
:
1008 if (v1
.type
!= T_IP
)
1009 runtime( "Setting ip attribute to non-ip value" );
1010 int len
= sizeof(ip_addr
);
1011 struct adata
*ad
= lp_alloc(f_pool
, sizeof(struct adata
) + len
);
1013 (* (ip_addr
*) ad
->data
) = v1
.val
.px
.ip
;
1014 l
->attrs
[0].u
.ptr
= ad
;
1016 case EAF_TYPE_AS_PATH
:
1017 if (v1
.type
!= T_PATH
)
1018 runtime( "Setting path attribute to non-path value" );
1019 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1021 case EAF_TYPE_INT_SET
:
1022 if (v1
.type
!= T_CLIST
)
1023 runtime( "Setting clist attribute to non-clist value" );
1024 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1026 case EAF_TYPE_EC_SET
:
1027 if (v1
.type
!= T_ECLIST
)
1028 runtime( "Setting eclist attribute to non-eclist value" );
1029 l
->attrs
[0].u
.ptr
= v1
.val
.ad
;
1031 case EAF_TYPE_UNDEF
:
1032 if (v1
.type
!= T_VOID
)
1033 runtime( "Setting void attribute to non-void value" );
1034 l
->attrs
[0].u
.data
= 0;
1036 default: bug("Unknown type in e,S");
1039 if (!(what
->aux
& EAF_TEMP
) && (!(f_flags
& FF_FORCE_TMPATTR
))) {
1041 l
->next
= (*f_rte
)->attrs
->eattrs
;
1042 (*f_rte
)->attrs
->eattrs
= l
;
1044 l
->next
= (*f_tmp_attrs
);
1052 res
.val
.i
= (*f_rte
)->pref
;
1057 if (v1
.type
!= T_INT
)
1058 runtime( "Can't set preference to non-integer" );
1059 if ((v1
.val
.i
< 0) || (v1
.val
.i
> 0xFFFF))
1060 runtime( "Setting preference value out of bounds" );
1062 (*f_rte
)->pref
= v1
.val
.i
;
1064 case 'L': /* Get length of */
1068 case T_PREFIX
: res
.val
.i
= v1
.val
.px
.len
; break;
1069 case T_PATH
: res
.val
.i
= as_path_getlen(v1
.val
.ad
); break;
1070 case T_CLIST
: res
.val
.i
= int_set_get_size(v1
.val
.ad
); break;
1071 case T_ECLIST
: res
.val
.i
= ec_set_get_size(v1
.val
.ad
); break;
1072 default: runtime( "Prefix, path, clist or eclist expected" );
1075 case P('c','p'): /* Convert prefix to ... */
1077 if (v1
.type
!= T_PREFIX
)
1078 runtime( "Prefix expected" );
1079 res
.type
= what
->aux
;
1081 /* case T_INT: res.val.i = v1.val.px.len; break; Not needed any more */
1082 case T_IP
: res
.val
.px
.ip
= v1
.val
.px
.ip
; break;
1083 default: bug( "Unknown prefix to conversion" );
1086 case P('a','f'): /* Get first ASN from AS PATH */
1088 if (v1
.type
!= T_PATH
)
1089 runtime( "AS path expected" );
1092 as_path_get_first(v1
.val
.ad
, &as
);
1096 case P('a','l'): /* Get last ASN from AS PATH */
1098 if (v1
.type
!= T_PATH
)
1099 runtime( "AS path expected" );
1102 as_path_get_last(v1
.val
.ad
, &as
);
1109 res
.type
|= T_RETURN
;
1111 case P('c','a'): /* CALL: this is special: if T_RETURN and returning some value, mask it out */
1113 res
= interpret(what
->a2
.p
);
1114 if (res
.type
== T_RETURN
)
1116 res
.type
&= ~T_RETURN
;
1118 case P('c','v'): /* Clear local variables */
1119 for (sym
= what
->a1
.p
; sym
!= NULL
; sym
= sym
->aux2
)
1120 ((struct f_val
*) sym
->def
)->type
= T_VOID
;
1125 struct f_tree
*t
= find_tree(what
->a2
.p
, v1
);
1128 t
= find_tree(what
->a2
.p
, v1
);
1130 debug( "No else statement?\n");
1134 /* It is actually possible to have t->data NULL */
1136 res
= interpret(t
->data
);
1137 if (res
.type
& T_RETURN
)
1141 case P('i','M'): /* IP.MASK(val) */
1143 if (v2
.type
!= T_INT
)
1144 runtime( "Integer expected");
1145 if (v1
.type
!= T_IP
)
1146 runtime( "You can mask only IP addresses" );
1148 ip_addr mask
= ipa_mkmask(v2
.val
.i
);
1150 res
.val
.px
.ip
= ipa_and(mask
, v1
.val
.px
.ip
);
1154 case 'E': /* Create empty attribute */
1155 res
.type
= what
->aux
;
1156 res
.val
.ad
= adata_empty(f_pool
, 0);
1158 case P('A','p'): /* Path prepend */
1160 if (v1
.type
!= T_PATH
)
1161 runtime("Can't prepend to non-path");
1162 if (v2
.type
!= T_INT
)
1163 runtime("Can't prepend non-integer");
1166 res
.val
.ad
= as_path_prepend(f_pool
, v1
.val
.ad
, v2
.val
.i
);
1169 case P('C','a'): /* (Extended) Community list add or delete */
1171 if (v1
.type
== T_PATH
)
1173 struct f_tree
*set
= NULL
;
1177 if (v2
.type
== T_INT
)
1179 else if ((v2
.type
== T_SET
) && (v2
.val
.t
->from
.type
== T_INT
))
1182 runtime("Can't delete non-integer (set)");
1186 case 'a': runtime("Can't add to path");
1187 case 'd': pos
= 0; break;
1188 case 'f': pos
= 1; break;
1189 default: bug("unknown Ca operation");
1193 runtime("Can't filter integer");
1196 res
.val
.ad
= as_path_filter(f_pool
, v1
.val
.ad
, set
, key
, pos
);
1198 else if (v1
.type
== T_CLIST
)
1200 /* Community (or cluster) list */
1205 if ((v2
.type
== T_PAIR
) || (v2
.type
== T_QUAD
))
1208 /* IP->Quad implicit conversion */
1209 else if (v2
.type
== T_IP
)
1210 i
= ipa_to_u32(v2
.val
.px
.ip
);
1212 else if ((v2
.type
== T_SET
) && clist_set_type(v2
.val
.t
, &dummy
))
1214 else if (v2
.type
== T_CLIST
)
1217 runtime("Can't add/delete non-pair");
1224 runtime("Can't add set");
1226 res
.val
.ad
= int_set_add(f_pool
, v1
.val
.ad
, i
);
1228 res
.val
.ad
= int_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1233 res
.val
.ad
= int_set_del(f_pool
, v1
.val
.ad
, i
);
1235 res
.val
.ad
= clist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1240 runtime("Can't filter pair");
1241 res
.val
.ad
= clist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1245 bug("unknown Ca operation");
1248 else if (v1
.type
== T_ECLIST
)
1250 /* Extended community list */
1253 /* v2.val is either EC or EC-set */
1254 if ((v2
.type
== T_SET
) && eclist_set_type(v2
.val
.t
))
1256 else if (v2
.type
== T_ECLIST
)
1258 else if (v2
.type
!= T_EC
)
1259 runtime("Can't add/delete non-pair");
1261 res
.type
= T_ECLIST
;
1266 runtime("Can't add set");
1268 res
.val
.ad
= ec_set_add(f_pool
, v1
.val
.ad
, v2
.val
.ec
);
1270 res
.val
.ad
= ec_set_union(f_pool
, v1
.val
.ad
, v2
.val
.ad
);
1275 res
.val
.ad
= ec_set_del(f_pool
, v1
.val
.ad
, v2
.val
.ec
);
1277 res
.val
.ad
= eclist_filter(f_pool
, v1
.val
.ad
, v2
, 0);
1282 runtime("Can't filter ec");
1283 res
.val
.ad
= eclist_filter(f_pool
, v1
.val
.ad
, v2
, 1);
1287 bug("unknown Ca operation");
1291 runtime("Can't add/delete to non-(e)clist");
1295 case P('R','C'): /* ROA Check */
1299 if ((v1
.type
!= T_PREFIX
) || (v2
.type
!= T_INT
))
1300 runtime("Invalid argument to roa_check()");
1307 v1
.val
.px
.ip
= (*f_rte
)->net
->n
.prefix
;
1308 v1
.val
.px
.len
= (*f_rte
)->net
->n
.pxlen
;
1310 /* We ignore temporary attributes, probably not a problem here */
1311 /* 0x02 is a value of BA_AS_PATH, we don't want to include BGP headers */
1312 eattr
*e
= ea_find((*f_rte
)->attrs
->eattrs
, EA_CODE(EAP_BGP
, 0x02));
1314 if (!e
|| e
->type
!= EAF_TYPE_AS_PATH
)
1315 runtime("Missing AS_PATH attribute");
1317 as_path_get_last(e
->u
.ptr
, &as
);
1320 struct roa_table_config
*rtc
= ((struct f_inst_roa_check
*) what
)->rtc
;
1322 runtime("Missing ROA table");
1324 res
.type
= T_ENUM_ROA
;
1325 res
.val
.i
= roa_check(rtc
->table
, v1
.val
.px
.ip
, v1
.val
.px
.len
, as
);
1329 bug( "Unknown instruction %d (%c)", what
->code
, what
->code
& 0xff);
1332 return interpret(what
->next
);
1338 if (!i_same(f1->y, f2->y)) \
1341 #define ONEARG ARG(v1, a1.p)
1342 #define TWOARGS ARG(v1, a1.p) \
1345 #define A2_SAME if (f1->a2.i != f2->a2.i) return 0;
1348 * i_same - function that does real comparing of instruction trees, you should call filter_same from outside
1351 i_same(struct f_inst
*f1
, struct f_inst
*f2
)
1353 if ((!!f1
) != (!!f2
))
1357 if (f1
->aux
!= f2
->aux
)
1359 if (f1
->code
!= f2
->code
)
1361 if (f1
== f2
) /* It looks strange, but it is possible with call rewriting trickery */
1365 case ',': /* fall through */
1377 case P('<','='): TWOARGS
; break;
1379 case '!': ONEARG
; break;
1380 case '~': TWOARGS
; break;
1381 case P('d','e'): ONEARG
; break;
1386 struct symbol
*s1
, *s2
;
1389 if (strcmp(s1
->name
, s2
->name
))
1391 if (s1
->class != s2
->class)
1400 if (!trie_same(f1
->a2
.p
, f2
->a2
.p
))
1405 if (!same_tree(f1
->a2
.p
, f2
->a2
.p
))
1410 if (strcmp(f1
->a2
.p
, f2
->a2
.p
))
1420 if (!val_same(* (struct f_val
*) f1
->a1
.p
, * (struct f_val
*) f2
->a1
.p
))
1425 if (strcmp((char *) f1
->a2
.p
, (char *) f2
->a2
.p
))
1428 case 'p': case 'L': ONEARG
; break;
1429 case '?': TWOARGS
; break;
1430 case '0': case 'E': break;
1431 case P('p',','): ONEARG
; A2_SAME
; break;
1433 case 'a': A2_SAME
; break;
1434 case P('e','a'): A2_SAME
; break;
1437 case P('e','S'): ONEARG
; A2_SAME
; break;
1439 case 'r': ONEARG
; break;
1440 case P('c','p'): ONEARG
; break;
1441 case P('c','a'): /* Call rewriting trickery to avoid exponential behaviour */
1443 if (!i_same(f1
->a2
.p
, f2
->a2
.p
))
1445 f2
->a2
.p
= f1
->a2
.p
;
1447 case P('c','v'): break; /* internal instruction */
1448 case P('S','W'): ONEARG
; if (!same_tree(f1
->a2
.p
, f2
->a2
.p
)) return 0; break;
1449 case P('i','M'): TWOARGS
; break;
1450 case P('A','p'): TWOARGS
; break;
1451 case P('C','a'): TWOARGS
; break;
1453 case P('a','l'): ONEARG
; break;
1456 /* Does not really make sense - ROA check resuls may change anyway */
1457 if (strcmp(((struct f_inst_roa_check
*) f1
)->rtc
->name
,
1458 ((struct f_inst_roa_check
*) f2
)->rtc
->name
))
1462 bug( "Unknown instruction %d in same (%c)", f1
->code
, f1
->code
& 0xff);
1464 return i_same(f1
->next
, f2
->next
);
1468 * f_run - run a filter for a route
1469 * @filter: filter to run
1470 * @rte: route being filtered, may be modified
1471 * @tmp_attrs: temporary attributes, prepared by caller or generated by f_run()
1472 * @tmp_pool: all filter allocations go from this pool
1475 * If filter needs to modify the route, there are several
1476 * posibilities. @rte might be read-only (with REF_COW flag), in that
1477 * case rw copy is obtained by rte_cow() and @rte is replaced. If
1478 * @rte is originally rw, it may be directly modified (and it is never
1481 * The returned rte may reuse the (possibly cached, cloned) rta, or
1482 * (if rta was modificied) contains a modified uncached rta, which
1483 * uses parts allocated from @tmp_pool and parts shared from original
1484 * rta. There is one exception - if @rte is rw but contains a cached
1485 * rta and that is modified, rta in returned rte is also cached.
1487 * Ownership of cached rtas is consistent with rte, i.e.
1488 * if a new rte is returned, it has its own clone of cached rta
1489 * (and cached rta of read-only source rte is intact), if rte is
1490 * modified in place, old cached rta is possibly freed.
1493 f_run(struct filter
*filter
, struct rte
**rte
, struct ea_list
**tmp_attrs
, struct linpool
*tmp_pool
, int flags
)
1495 if (filter
== FILTER_ACCEPT
)
1498 if (filter
== FILTER_REJECT
)
1501 int rte_cow
= ((*rte
)->flags
& REF_COW
);
1502 DBG( "Running filter `%s'...", filter
->name
);
1506 f_tmp_attrs
= tmp_attrs
;
1511 struct f_val res
= interpret(filter
->root
);
1515 * Cached rta was modified and f_rte contains now an uncached one,
1516 * sharing some part with the cached one. The cached rta should
1517 * be freed (if rte was originally COW, f_old_rta is a clone
1518 * obtained during rte_cow()).
1520 * This also implements the exception mentioned in f_run()
1521 * description. The reason for this is that rta reuses parts of
1522 * f_old_rta, and these may be freed during rta_free(f_old_rta).
1523 * This is not the problem if rte was COW, because original rte
1524 * also holds the same rta.
1527 (*f_rte
)->attrs
= rta_lookup((*f_rte
)->attrs
);
1529 rta_free(f_old_rta
);
1533 if (res
.type
!= T_RETURN
) {
1534 log( L_ERR
"Filter %s did not return accept nor reject. Make up your mind", filter
->name
);
1537 DBG( "done (%d)\n", res
.val
.i
);
1542 f_eval(struct f_inst
*expr
, struct linpool
*tmp_pool
)
1550 return interpret(expr
);
1554 f_eval_int(struct f_inst
*expr
)
1556 /* Called independently in parse-time to eval expressions */
1557 struct f_val res
= f_eval(expr
, cfg_mem
);
1559 if (res
.type
!= T_INT
)
1560 cf_error("Integer expression expected");
1566 f_eval_asn(struct f_inst
*expr
)
1568 /* Called as a part of another interpret call, therefore no log_reset() */
1569 struct f_val res
= interpret(expr
);
1570 return (res
.type
== T_INT
) ? res
.val
.i
: 0;
1574 * filter_same - compare two filters
1575 * @new: first filter to be compared
1576 * @old: second filter to be compared, notice that this filter is
1577 * damaged while comparing.
1579 * Returns 1 in case filters are same, otherwise 0. If there are
1580 * underlying bugs, it will rather say 0 on same filters than say
1584 filter_same(struct filter
*new, struct filter
*old
)
1586 if (old
== new) /* Handle FILTER_ACCEPT and FILTER_REJECT */
1588 if (old
== FILTER_ACCEPT
|| old
== FILTER_REJECT
||
1589 new == FILTER_ACCEPT
|| new == FILTER_REJECT
)
1591 return i_same(new->root
, old
->root
);