* the source from user into a tree of &f_inst structures. These trees are
* later interpreted using code in |filter/filter.c|.
*
- * A filter is represented by a tree of &f_inst structures, one structure per
- * "instruction". Each &f_inst contains @code, @aux value which is
- * usually the data type this instruction operates on and two generic
- * arguments (@a[0], @a[1]). Some instructions contain pointer(s) to other
- * instructions in their (@a[0], @a[1]) fields.
+ * A filter is represented by a tree of &f_inst structures, later translated
+ * into lists called &f_line. All the instructions are defined and documented
+ * in |filter/f-inst.c| definition file.
*
* Filters use a &f_val structure for their data. Each &f_val
- * contains type and value (types are constants prefixed with %T_). Few
- * of the types are special; %T_RETURN can be or-ed with a type to indicate
- * that return from a function or from the whole filter should be
- * forced. Important thing about &f_val's is that they may be copied
- * with a simple |=|. That's fine for all currently defined types: strings
- * are read-only (and therefore okay), paths are copied for each
- * operation (okay too).
+ * contains type and value (types are constants prefixed with %T_).
+ * Look into |filter/data.h| for more information and appropriate calls.
*/
#undef LOCAL_DEBUG
#include "lib/socket.h"
#include "lib/string.h"
#include "lib/unaligned.h"
-#include "lib/net.h"
#include "lib/ip.h"
+#include "lib/net.h"
+#include "lib/flowspec.h"
#include "nest/route.h"
#include "nest/protocol.h"
#include "nest/iface.h"
#include "filter/f-inst.h"
#include "filter/data.h"
+
+/* Exception bits */
+enum f_exception {
+ FE_RETURN = 0x1,
+};
+
+
+struct filter_stack {
+ /* Value stack for execution */
+#define F_VAL_STACK_MAX 4096
+ uint vcnt; /* Current value stack size; 0 for empty */
+ uint ecnt; /* Current execute stack size; 0 for empty */
+
+ struct f_val vstk[F_VAL_STACK_MAX]; /* The stack itself */
+
+ /* Instruction stack for execution */
+#define F_EXEC_STACK_MAX 4096
+ struct {
+ const struct f_line *line; /* The line that is being executed */
+ uint pos; /* Instruction index in the line */
+ uint ventry; /* Value stack depth on entry */
+ uint vbase; /* Where to index variable positions from */
+ enum f_exception emask; /* Exception mask */
+ } estk[F_EXEC_STACK_MAX];
+};
+
/* Internal filter state, to be allocated on stack when executing filters */
struct filter_state {
+ /* Stacks needed for execution */
+ struct filter_stack *stack;
+
+ /* The route we are processing. This may be NULL to indicate no route available. */
struct rte **rte;
+
+ /* The old rta to be freed after filters are done. */
struct rta *old_rta;
+
+ /* Cached pointer to ea_list */
struct ea_list **eattrs;
+
+ /* Linpool for adata allocation */
struct linpool *pool;
+
+ /* Buffer for log output */
struct buffer buf;
+
+ /* Filter execution flags */
int flags;
};
+_Thread_local static struct filter_state filter_state;
+_Thread_local static struct filter_stack filter_stack;
+
void (*bt_assert_hook)(int result, const struct f_line_item *assert);
static inline void f_cache_eattrs(struct filter_state *fs)
f_cache_eattrs(fs);
}
-static char *
-val_format_str(struct filter_state *fs, struct f_val *v) {
- buffer b;
- LOG_BUFFER_INIT(b);
- val_format(v, &b);
- return lp_strdup(fs->pool, b.start);
-}
-
static struct tbf rl_runtime_err = TBF_DEFAULT_LOG_LIMITS;
-#define INDENT (((const char *) f_dump_line_indent_str) + sizeof(f_dump_line_indent_str) - (indent) - 1)
-static const char f_dump_line_indent_str[] = " ";
-
-static void f_dump_line(const struct f_line *dest, int indent);
-
-static void
-f_dump_line_item(const struct f_line_item *item, int indent)
-{
- debug("%sInstruction %s at line %u\n", INDENT, f_instruction_name(item->fi_code), item->lineno);
- switch (item->fi_code) {
-#include "filter/f-inst-dump.c"
- }
-}
-
-static void
-f_dump_line(const struct f_line *dest, int indent)
-{
- if (!dest) {
- debug("%sNo filter line (NULL)\n", INDENT);
- return;
- }
- debug("%sFilter line %p (len=%u)\n", INDENT, dest, dest->len);
- for (uint i=0; i<dest->len; i++)
- f_dump_line_item(&dest->items[i], indent+1);
- debug("%sFilter line %p dump done\n", INDENT, dest);
-#undef INDENT
-}
-
-static uint
-postfixify(struct f_line *dest, const struct f_inst *what_, uint pos)
-{
- for ( ; what_; what_ = what_->next) {
- switch (what_->fi_code) {
-#include "filter/f-inst-postfixify.c"
- }
- pos++;
- }
- return pos;
-}
-
-struct f_line *
-f_postfixify_concat(const struct f_inst * const inst[], uint count)
-{
- uint len = 0;
- for (uint i=0; i<count; i++)
- for (const struct f_inst *what = inst[i]; what; what = what->next)
- len += what->size;
-
- struct f_line *out = cfg_allocz(sizeof(struct f_line) + sizeof(struct f_line_item)*len);
-
- for (uint i=0; i<count; i++)
- out->len = postfixify(out, inst[i], out->len);
-
-#if DEBUGGING
- f_dump_line(out, 0);
-#endif
- return out;
-}
-
/**
* interpret
* @fs: filter state
static enum filter_return
interpret(struct filter_state *fs, const struct f_line *line, struct f_val *val)
{
+ /* No arguments allowed */
+ ASSERT(line->args == 0);
-#define F_VAL_STACK_MAX 4096
- /* Value stack for execution */
- struct f_val_stack {
- uint cnt; /* Current stack size; 0 for empty */
- struct f_val val[F_VAL_STACK_MAX]; /* The stack itself */
- } vstk;
-
- /* The stack itself is intentionally kept as-is for performance reasons.
- * Do NOT rewrite this to initialization by struct literal. It's slow.
- */
- vstk.cnt = 0;
-#define F_EXEC_STACK_MAX 4096
+ /* Initialize the filter stack */
+ struct filter_stack *fstk = fs->stack;
- /* Exception bits */
- enum f_exception {
- FE_RETURN = 0x1,
- };
-
- /* Instruction stack for execution */
- struct f_exec_stack {
- struct {
- const struct f_line *line; /* The line that is being executed */
- uint pos; /* Instruction index in the line */
- uint ventry; /* Value stack depth on entry */
- enum f_exception emask; /* Exception mask */
- } item[F_EXEC_STACK_MAX];
- uint cnt; /* Current stack size; 0 for empty */
- } estk;
+ fstk->vcnt = line->vars;
+ memset(fstk->vstk, 0, sizeof(struct f_val) * line->vars);
/* The same as with the value stack. Not resetting the stack for performance reasons. */
- estk.cnt = 1;
- estk.item[0].line = line;
- estk.item[0].pos = 0;
+ fstk->ecnt = 1;
+ fstk->estk[0].line = line;
+ fstk->estk[0].pos = 0;
+
+#define curline fstk->estk[fstk->ecnt-1]
-#define curline estk.item[estk.cnt-1]
+#ifdef LOCAL_DEBUG
+ debug("Interpreting line.");
+ f_dump_line(line, 1);
+#endif
- while (estk.cnt > 0) {
+ while (fstk->ecnt > 0) {
while (curline.pos < curline.line->len) {
const struct f_line_item *what = &(curline.line->items[curline.pos++]);
-
switch (what->fi_code) {
-#define res vstk.val[vstk.cnt]
-#define v1 vstk.val[vstk.cnt]
-#define v2 vstk.val[vstk.cnt + 1]
-#define v3 vstk.val[vstk.cnt + 2]
+#define res fstk->vstk[fstk->vcnt]
+#define vv(i) fstk->vstk[fstk->vcnt + (i)]
+#define v1 vv(0)
+#define v2 vv(1)
+#define v3 vv(2)
#define runtime(fmt, ...) do { \
if (!(fs->flags & FF_SILENT)) \
return F_ERROR; \
} while(0)
-#define ACCESS_RTE do { if (!fs->rte) runtime("No route to access"); } while (0)
+#define falloc(size) lp_alloc(fs->pool, size)
+#define fpool fs->pool
+
#define ACCESS_EATTRS do { if (!fs->eattrs) f_cache_eattrs(fs); } while (0)
-#include "filter/f-inst-interpret.c"
+#include "filter/inst-interpret.c"
#undef res
#undef v1
#undef v2
#undef v3
#undef runtime
-#undef ACCESS_RTE
+#undef falloc
+#undef fpool
#undef ACCESS_EATTRS
}
}
- estk.cnt--;
+
+ /* End of current line. Drop local variables before exiting. */
+ fstk->vcnt = curline.ventry + curline.line->results;
+ fstk->ecnt--;
}
- switch (vstk.cnt) {
- case 0:
- if (val) {
- log_rl(&rl_runtime_err, L_ERR "filters: No value left on stack");
- return F_ERROR;
- }
- return F_NOP;
- case 1:
- if (val) {
- *val = vstk.val[0];
- return F_NOP;
- }
- /* fallthrough */
- default:
- log_rl(&rl_runtime_err, L_ERR "Too many items left on stack: %u", vstk.cnt);
+ if (fstk->vcnt == 0) {
+ if (val) {
+ log_rl(&rl_runtime_err, L_ERR "filters: No value left on stack");
return F_ERROR;
+ }
+ return F_NOP;
}
-}
-
-/*
- * f_same - function that does real comparing of instruction trees, you should call filter_same from outside
- */
-int
-f_same(const struct f_line *fl1, const struct f_line *fl2)
-{
- if ((!fl1) && (!fl2))
- return 1;
- if ((!fl1) || (!fl2))
- return 0;
- if (fl1->len != fl2->len)
- return 0;
- for (uint i=0; i<fl1->len; i++) {
-#define f1 (&(fl1->items[i]))
-#define f2 (&(fl2->items[i]))
- if (f1->fi_code != f2->fi_code)
- return 0;
- if (f1->flags != f2->flags)
- return 0;
-
- switch(f1->fi_code) {
-#include "filter/f-inst-same.c"
- }
+ if (val && (fstk->vcnt == 1)) {
+ *val = fstk->vstk[0];
+ return F_NOP;
}
- return 1;
+
+ log_rl(&rl_runtime_err, L_ERR "Too many items left on stack: %u", fstk->vcnt);
+ return F_ERROR;
}
+
/**
* f_run - run a filter for a route
* @filter: filter to run
* copied).
*
* The returned rte may reuse the (possibly cached, cloned) rta, or
- * (if rta was modificied) contains a modified uncached rta, which
+ * (if rta was modified) contains a modified uncached rta, which
* uses parts allocated from @tmp_pool and parts shared from original
* rta. There is one exception - if @rte is rw but contains a cached
* rta and that is modified, rta in returned rte is also cached.
int rte_cow = ((*rte)->flags & REF_COW);
DBG( "Running filter `%s'...", filter->name );
- struct filter_state fs = {
+ /* Initialize the filter state */
+ filter_state = (struct filter_state) {
+ .stack = &filter_stack,
.rte = rte,
.pool = tmp_pool,
.flags = flags,
};
- LOG_BUFFER_INIT(fs.buf);
+ LOG_BUFFER_INIT(filter_state.buf);
- enum filter_return fret = interpret(&fs, filter->root, NULL);
+ /* Run the interpreter itself */
+ enum filter_return fret = interpret(&filter_state, filter->root, NULL);
- if (fs.old_rta) {
+ if (filter_state.old_rta) {
/*
- * Cached rta was modified and fs->rte contains now an uncached one,
+ * Cached rta was modified and filter_state->rte contains now an uncached one,
* sharing some part with the cached one. The cached rta should
- * be freed (if rte was originally COW, fs->old_rta is a clone
+ * be freed (if rte was originally COW, filter_state->old_rta is a clone
* obtained during rte_cow()).
*
* This also implements the exception mentioned in f_run()
* description. The reason for this is that rta reuses parts of
- * fs->old_rta, and these may be freed during rta_free(fs->old_rta).
+ * filter_state->old_rta, and these may be freed during rta_free(filter_state->old_rta).
* This is not the problem if rte was COW, because original rte
* also holds the same rta.
*/
- if (!rte_cow)
- (*fs.rte)->attrs = rta_lookup((*fs.rte)->attrs);
+ if (!rte_cow) {
+ /* Cache the new attrs */
+ (*filter_state.rte)->attrs = rta_lookup((*filter_state.rte)->attrs);
- rta_free(fs.old_rta);
- }
+ /* Drop cached ea_list pointer */
+ filter_state.eattrs = NULL;
+ }
+ /* Uncache the old attrs and drop the pointer as it is invalid now. */
+ rta_free(filter_state.old_rta);
+ filter_state.old_rta = NULL;
+ }
+ /* Process the filter output, log it and return */
if (fret < F_ACCEPT) {
- if (!(fs.flags & FF_SILENT))
- log_rl(&rl_runtime_err, L_ERR "Filter %s did not return accept nor reject. Make up your mind", filter->name);
+ if (!(filter_state.flags & FF_SILENT))
+ log_rl(&rl_runtime_err, L_ERR "Filter %s did not return accept nor reject. Make up your mind", filter_name(filter));
return F_ERROR;
}
DBG( "done (%u)\n", res.val.i );
return fret;
}
-/* TODO: perhaps we could integrate f_eval(), f_eval_rte() and f_run() */
+/**
+ * f_eval_rte - run a filter line for an uncached route
+ * @expr: filter line to run
+ * @rte: route being filtered, may be modified
+ * @tmp_pool: all filter allocations go from this pool
+ *
+ * This specific filter entry point runs the given filter line
+ * (which must not have any arguments) on the given route.
+ *
+ * The route MUST NOT have REF_COW set and its attributes MUST NOT
+ * be cached by rta_lookup().
+ */
enum filter_return
f_eval_rte(const struct f_line *expr, struct rte **rte, struct linpool *tmp_pool)
{
-
- struct filter_state fs = {
+ filter_state = (struct filter_state) {
+ .stack = &filter_stack,
.rte = rte,
.pool = tmp_pool,
};
- LOG_BUFFER_INIT(fs.buf);
+ LOG_BUFFER_INIT(filter_state.buf);
+
+ ASSERT(!((*rte)->flags & REF_COW));
+ ASSERT(!rta_is_cached((*rte)->attrs));
- /* Note that in this function we assume that rte->attrs is private / uncached */
- return interpret(&fs, expr, NULL);
+ return interpret(&filter_state, expr, NULL);
}
+/*
+ * f_eval - get a value of a term
+ * @expr: filter line containing the term
+ * @tmp_pool: long data may get allocated from this pool
+ * @pres: here the output will be stored
+ */
enum filter_return
f_eval(const struct f_line *expr, struct linpool *tmp_pool, struct f_val *pres)
{
- struct filter_state fs = {
+ filter_state = (struct filter_state) {
+ .stack = &filter_stack,
.pool = tmp_pool,
};
- LOG_BUFFER_INIT(fs.buf);
+ LOG_BUFFER_INIT(filter_state.buf);
- enum filter_return fret = interpret(&fs, expr, pres);
+ enum filter_return fret = interpret(&filter_state, expr, pres);
return fret;
}
-uint
-f_eval_int(const struct f_line *expr)
+/*
+ * cf_eval - evaluate a value of a term and check its type
+ * Called internally from the config parser, uses its internal memory pool
+ * for allocations. Do not call in other cases.
+ */
+struct f_val
+cf_eval(const struct f_inst *inst, int type)
{
- /* Called independently in parse-time to eval expressions */
- struct filter_state fs = {
- .pool = cfg_mem,
- };
-
struct f_val val;
- LOG_BUFFER_INIT(fs.buf);
-
- if (interpret(&fs, expr, &val) > F_RETURN)
- cf_error("Runtime error while evaluating expression");
+ if (f_eval(f_linearize(inst, 1), cfg_mem, &val) > F_RETURN)
+ cf_error("Runtime error while evaluating expression; see log for details");
- if (val.type != T_INT)
- cf_error("Integer expression expected");
+ if (type != T_VOID && val.type != type)
+ cf_error("Expression of type %s expected", f_type_name(type));
- return val.val.i;
+ return val;
}
+/*
+ * f_eval_buf - get a value of a term and print it to the supplied buffer
+ */
enum filter_return
f_eval_buf(const struct f_line *expr, struct linpool *tmp_pool, buffer *buf)
{
struct f_val val;
enum filter_return fret = f_eval(expr, tmp_pool, &val);
- if (fret > F_RETURN)
+ if (fret <= F_RETURN)
val_format(&val, buf);
return fret;
}
/**
* filter_same - compare two filters
* @new: first filter to be compared
- * @old: second filter to be compared, notice that this filter is
- * damaged while comparing.
+ * @old: second filter to be compared
*
* Returns 1 in case filters are same, otherwise 0. If there are
* underlying bugs, it will rather say 0 on same filters than say
* 1 on different.
*/
int
-filter_same(struct filter *new, struct filter *old)
+filter_same(const struct filter *new, const struct filter *old)
{
if (old == new) /* Handle FILTER_ACCEPT and FILTER_REJECT */
return 1;
if (old == FILTER_ACCEPT || old == FILTER_REJECT ||
new == FILTER_ACCEPT || new == FILTER_REJECT)
return 0;
- return f_same(new->root, old->root);
+
+ if ((!old->sym) && (!new->sym))
+ return f_same(new->root, old->root);
+
+ if ((!old->sym) || (!new->sym))
+ return 0;
+
+ if (strcmp(old->sym->name, new->sym->name))
+ return 0;
+
+ return new->sym->flags & SYM_FLAG_SAME;
+}
+
+/**
+ * filter_commit - do filter comparisons on all the named functions and filters
+ */
+void
+filter_commit(struct config *new, struct config *old)
+{
+ if (!old)
+ return;
+
+ struct symbol *sym, *osym;
+ WALK_LIST(sym, new->symbols)
+ switch (sym->class) {
+ case SYM_FUNCTION:
+ if ((osym = cf_find_symbol(old, sym->name)) &&
+ (osym->class == SYM_FUNCTION) &&
+ f_same(sym->function, osym->function))
+ sym->flags |= SYM_FLAG_SAME;
+ else
+ sym->flags &= ~SYM_FLAG_SAME;
+ break;
+
+ case SYM_FILTER:
+ if ((osym = cf_find_symbol(old, sym->name)) &&
+ (osym->class == SYM_FILTER) &&
+ f_same(sym->filter->root, osym->filter->root))
+ sym->flags |= SYM_FLAG_SAME;
+ else
+ sym->flags &= ~SYM_FLAG_SAME;
+ break;
+ }
+}
+
+void filters_dump_all(void)
+{
+ struct symbol *sym;
+ WALK_LIST(sym, config->symbols) {
+ switch (sym->class) {
+ case SYM_FILTER:
+ debug("Named filter %s:\n", sym->name);
+ f_dump_line(sym->filter->root, 1);
+ break;
+ case SYM_FUNCTION:
+ debug("Function %s:\n", sym->name);
+ f_dump_line(sym->function, 1);
+ break;
+ case SYM_PROTO:
+ {
+ debug("Protocol %s:\n", sym->name);
+ struct channel *c;
+ WALK_LIST(c, sym->proto->proto->channels) {
+ debug(" Channel %s (%s) IMPORT", c->name, net_label[c->net_type]);
+ if (c->in_filter == FILTER_ACCEPT)
+ debug(" ALL\n");
+ else if (c->in_filter == FILTER_REJECT)
+ debug(" NONE\n");
+ else if (c->in_filter == FILTER_UNDEF)
+ debug(" UNDEF\n");
+ else if (c->in_filter->sym) {
+ ASSERT(c->in_filter->sym->filter == c->in_filter);
+ debug(" named filter %s\n", c->in_filter->sym->name);
+ } else {
+ debug("\n");
+ f_dump_line(c->in_filter->root, 2);
+ }
+ }
+ }
+ }
+ }
}
projects / thirdparty / bird.git / blobdiff