]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
bce67bbe SS |
2 | |
3 | #include <net/if.h> | |
4 | #include <linux/fib_rules.h> | |
5 | ||
6 | #include "alloc-util.h" | |
7 | #include "conf-parser.h" | |
8 | #include "fileio.h" | |
9 | #include "networkd-routing-policy-rule.h" | |
10 | #include "netlink-util.h" | |
11 | #include "networkd-manager.h" | |
12 | #include "parse-util.h" | |
926062f0 | 13 | #include "socket-protocol-list.h" |
bce67bbe SS |
14 | #include "socket-util.h" |
15 | #include "string-util.h" | |
51517f9e | 16 | #include "strv.h" |
bce67bbe SS |
17 | |
18 | int routing_policy_rule_new(RoutingPolicyRule **ret) { | |
19 | RoutingPolicyRule *rule; | |
20 | ||
9d66b48c | 21 | rule = new(RoutingPolicyRule, 1); |
bce67bbe SS |
22 | if (!rule) |
23 | return -ENOMEM; | |
24 | ||
9d66b48c YW |
25 | *rule = (RoutingPolicyRule) { |
26 | .family = AF_INET, | |
27 | .table = RT_TABLE_MAIN, | |
28 | }; | |
bce67bbe SS |
29 | |
30 | *ret = rule; | |
31 | return 0; | |
32 | } | |
33 | ||
34 | void routing_policy_rule_free(RoutingPolicyRule *rule) { | |
35 | ||
36 | if (!rule) | |
37 | return; | |
38 | ||
39 | if (rule->network) { | |
40 | LIST_REMOVE(rules, rule->network->rules, rule); | |
41 | assert(rule->network->n_rules > 0); | |
42 | rule->network->n_rules--; | |
43 | ||
0f7f2769 | 44 | if (rule->section) |
bce67bbe | 45 | hashmap_remove(rule->network->rules_by_section, rule->section); |
36e6e28b SS |
46 | } |
47 | ||
6964cf45 SS |
48 | if (rule->manager) { |
49 | set_remove(rule->manager->rules, rule); | |
50 | set_remove(rule->manager->rules_foreign, rule); | |
bce67bbe SS |
51 | } |
52 | ||
0f7f2769 | 53 | network_config_section_free(rule->section); |
762e2659 SS |
54 | free(rule->iif); |
55 | free(rule->oif); | |
bce67bbe SS |
56 | free(rule); |
57 | } | |
58 | ||
59 | static void routing_policy_rule_hash_func(const void *b, struct siphash *state) { | |
60 | const RoutingPolicyRule *rule = b; | |
61 | ||
62 | assert(rule); | |
63 | ||
64 | siphash24_compress(&rule->family, sizeof(rule->family), state); | |
65 | ||
66 | switch (rule->family) { | |
67 | case AF_INET: | |
68 | case AF_INET6: | |
69 | ||
70 | siphash24_compress(&rule->from, FAMILY_ADDRESS_SIZE(rule->family), state); | |
71 | siphash24_compress(&rule->from_prefixlen, sizeof(rule->from_prefixlen), state); | |
72 | ||
73 | siphash24_compress(&rule->to, FAMILY_ADDRESS_SIZE(rule->family), state); | |
74 | siphash24_compress(&rule->to_prefixlen, sizeof(rule->to_prefixlen), state); | |
75 | ||
76 | siphash24_compress(&rule->tos, sizeof(rule->tos), state); | |
77 | siphash24_compress(&rule->fwmark, sizeof(rule->fwmark), state); | |
78 | siphash24_compress(&rule->table, sizeof(rule->table), state); | |
79 | ||
926062f0 SS |
80 | siphash24_compress(&rule->protocol, sizeof(rule->protocol), state); |
81 | siphash24_compress(&rule->sport, sizeof(rule->sport), state); | |
82 | siphash24_compress(&rule->dport, sizeof(rule->dport), state); | |
83 | ||
762e2659 | 84 | if (rule->iif) |
0d7febd0 | 85 | siphash24_compress(rule->iif, strlen(rule->iif), state); |
762e2659 SS |
86 | |
87 | if (rule->oif) | |
0d7febd0 | 88 | siphash24_compress(rule->oif, strlen(rule->oif), state); |
762e2659 | 89 | |
bce67bbe SS |
90 | break; |
91 | default: | |
92 | /* treat any other address family as AF_UNSPEC */ | |
93 | break; | |
94 | } | |
95 | } | |
96 | ||
97 | static int routing_policy_rule_compare_func(const void *_a, const void *_b) { | |
98 | const RoutingPolicyRule *a = _a, *b = _b; | |
99 | int r; | |
100 | ||
a0edd02e FB |
101 | r = CMP(a->family, b->family); |
102 | if (r != 0) | |
103 | return r; | |
bce67bbe SS |
104 | |
105 | switch (a->family) { | |
106 | case AF_INET: | |
107 | case AF_INET6: | |
a0edd02e FB |
108 | r = CMP(a->from_prefixlen, b->from_prefixlen); |
109 | if (r != 0) | |
110 | return r; | |
111 | ||
112 | r = CMP(a->to_prefixlen, b->to_prefixlen); | |
113 | if (r != 0) | |
114 | return r; | |
115 | ||
116 | r = CMP(a->tos, b->tos); | |
117 | if (r != 0) | |
118 | return r; | |
119 | ||
120 | r = CMP(a->fwmask, b->fwmask); | |
121 | if (r != 0) | |
122 | return r; | |
123 | ||
124 | r = CMP(a->table, b->table); | |
125 | if (r != 0) | |
126 | return r; | |
bce67bbe | 127 | |
762e2659 SS |
128 | r = strcmp_ptr(a->iif, b->iif); |
129 | if (!r) | |
130 | return r; | |
131 | ||
132 | r = strcmp_ptr(a->oif, b->oif); | |
133 | if (!r) | |
134 | return r; | |
135 | ||
926062f0 SS |
136 | r = CMP(a->protocol, b->protocol); |
137 | if (r != 0) | |
138 | return r; | |
139 | ||
140 | r = memcmp(&a->sport, &b->sport, sizeof(a->sport)); | |
141 | if (r != 0) | |
142 | return r; | |
143 | ||
144 | r = memcmp(&a->dport, &b->dport, sizeof(a->dport)); | |
145 | if (r != 0) | |
146 | return r; | |
147 | ||
bce67bbe SS |
148 | r = memcmp(&a->from, &b->from, FAMILY_ADDRESS_SIZE(a->family)); |
149 | if (r != 0) | |
150 | return r; | |
151 | ||
152 | return memcmp(&a->to, &b->to, FAMILY_ADDRESS_SIZE(a->family)); | |
153 | ||
154 | default: | |
155 | /* treat any other address family as AF_UNSPEC */ | |
156 | return 0; | |
157 | } | |
158 | } | |
159 | ||
160 | const struct hash_ops routing_policy_rule_hash_ops = { | |
161 | .hash = routing_policy_rule_hash_func, | |
162 | .compare = routing_policy_rule_compare_func | |
163 | }; | |
164 | ||
165 | int routing_policy_rule_get(Manager *m, | |
166 | int family, | |
167 | const union in_addr_union *from, | |
168 | uint8_t from_prefixlen, | |
169 | const union in_addr_union *to, | |
170 | uint8_t to_prefixlen, | |
171 | uint8_t tos, | |
172 | uint32_t fwmark, | |
173 | uint32_t table, | |
eeab051b YW |
174 | const char *iif, |
175 | const char *oif, | |
926062f0 SS |
176 | uint8_t protocol, |
177 | struct fib_rule_port_range *sport, | |
178 | struct fib_rule_port_range *dport, | |
bce67bbe SS |
179 | RoutingPolicyRule **ret) { |
180 | ||
181 | RoutingPolicyRule rule, *existing; | |
182 | ||
183 | assert_return(m, -1); | |
184 | ||
185 | rule = (RoutingPolicyRule) { | |
186 | .family = family, | |
187 | .from = *from, | |
188 | .from_prefixlen = from_prefixlen, | |
189 | .to = *to, | |
190 | .to_prefixlen = to_prefixlen, | |
191 | .tos = tos, | |
192 | .fwmark = fwmark, | |
193 | .table = table, | |
eeab051b | 194 | .iif = (char*) iif, |
926062f0 SS |
195 | .oif = (char*) oif, |
196 | .protocol = protocol, | |
197 | .sport = *sport, | |
198 | .dport = *dport, | |
bce67bbe SS |
199 | }; |
200 | ||
b87dadcd ZJS |
201 | existing = set_get(m->rules, &rule); |
202 | if (existing) { | |
203 | if (ret) | |
204 | *ret = existing; | |
205 | return 1; | |
bce67bbe SS |
206 | } |
207 | ||
b87dadcd ZJS |
208 | existing = set_get(m->rules_foreign, &rule); |
209 | if (existing) { | |
210 | if (ret) | |
211 | *ret = existing; | |
e6b65ab7 | 212 | return 0; |
bce67bbe SS |
213 | } |
214 | ||
215 | return -ENOENT; | |
216 | } | |
217 | ||
218 | int routing_policy_rule_make_local(Manager *m, RoutingPolicyRule *rule) { | |
219 | int r; | |
220 | ||
221 | assert(m); | |
222 | ||
223 | if (set_contains(m->rules_foreign, rule)) { | |
224 | set_remove(m->rules_foreign, rule); | |
225 | ||
226 | r = set_ensure_allocated(&m->rules, &routing_policy_rule_hash_ops); | |
227 | if (r < 0) | |
228 | return r; | |
229 | ||
230 | return set_put(m->rules, rule); | |
231 | } | |
232 | ||
233 | return -ENOENT; | |
234 | } | |
235 | ||
36e6e28b SS |
236 | static int routing_policy_rule_add_internal(Manager *m, |
237 | Set **rules, | |
bce67bbe SS |
238 | int family, |
239 | const union in_addr_union *from, | |
240 | uint8_t from_prefixlen, | |
241 | const union in_addr_union *to, | |
242 | uint8_t to_prefixlen, | |
243 | uint8_t tos, | |
244 | uint32_t fwmark, | |
245 | uint32_t table, | |
eeab051b YW |
246 | const char *_iif, |
247 | const char *_oif, | |
926062f0 SS |
248 | uint8_t protocol, |
249 | const struct fib_rule_port_range *sport, | |
250 | const struct fib_rule_port_range *dport, | |
bce67bbe SS |
251 | RoutingPolicyRule **ret) { |
252 | ||
8e766630 | 253 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *rule = NULL; |
eeab051b | 254 | _cleanup_free_ char *iif = NULL, *oif = NULL; |
bce67bbe SS |
255 | int r; |
256 | ||
257 | assert_return(rules, -EINVAL); | |
258 | ||
eeab051b YW |
259 | if (_iif) { |
260 | iif = strdup(_iif); | |
261 | if (!iif) | |
262 | return -ENOMEM; | |
263 | } | |
264 | ||
265 | if (_oif) { | |
266 | oif = strdup(_oif); | |
267 | if (!oif) | |
268 | return -ENOMEM; | |
269 | } | |
270 | ||
bce67bbe SS |
271 | r = routing_policy_rule_new(&rule); |
272 | if (r < 0) | |
273 | return r; | |
274 | ||
6964cf45 | 275 | rule->manager = m; |
bce67bbe SS |
276 | rule->family = family; |
277 | rule->from = *from; | |
278 | rule->from_prefixlen = from_prefixlen; | |
279 | rule->to = *to; | |
280 | rule->to_prefixlen = to_prefixlen; | |
281 | rule->tos = tos; | |
282 | rule->fwmark = fwmark; | |
283 | rule->table = table; | |
a6276f0f YW |
284 | rule->iif = iif; |
285 | rule->oif = oif; | |
926062f0 SS |
286 | rule->protocol = protocol; |
287 | rule->sport = *sport; | |
288 | rule->dport = *dport; | |
bce67bbe SS |
289 | |
290 | r = set_ensure_allocated(rules, &routing_policy_rule_hash_ops); | |
291 | if (r < 0) | |
292 | return r; | |
293 | ||
294 | r = set_put(*rules, rule); | |
295 | if (r < 0) | |
296 | return r; | |
297 | ||
298 | if (ret) | |
299 | *ret = rule; | |
300 | ||
301 | rule = NULL; | |
a6276f0f | 302 | iif = oif = NULL; |
bce67bbe SS |
303 | |
304 | return 0; | |
305 | } | |
306 | ||
307 | int routing_policy_rule_add(Manager *m, | |
308 | int family, | |
309 | const union in_addr_union *from, | |
310 | uint8_t from_prefixlen, | |
311 | const union in_addr_union *to, | |
312 | uint8_t to_prefixlen, | |
313 | uint8_t tos, | |
314 | uint32_t fwmark, | |
315 | uint32_t table, | |
eeab051b YW |
316 | const char *iif, |
317 | const char *oif, | |
926062f0 SS |
318 | uint8_t protocol, |
319 | const struct fib_rule_port_range *sport, | |
320 | const struct fib_rule_port_range *dport, | |
bce67bbe SS |
321 | RoutingPolicyRule **ret) { |
322 | ||
926062f0 | 323 | return routing_policy_rule_add_internal(m, &m->rules, family, from, from_prefixlen, to, to_prefixlen, tos, fwmark, table, iif, oif, protocol, sport, dport, ret); |
bce67bbe SS |
324 | } |
325 | ||
326 | int routing_policy_rule_add_foreign(Manager *m, | |
327 | int family, | |
328 | const union in_addr_union *from, | |
329 | uint8_t from_prefixlen, | |
330 | const union in_addr_union *to, | |
331 | uint8_t to_prefixlen, | |
332 | uint8_t tos, | |
333 | uint32_t fwmark, | |
334 | uint32_t table, | |
eeab051b YW |
335 | const char *iif, |
336 | const char *oif, | |
926062f0 SS |
337 | uint8_t protocol, |
338 | const struct fib_rule_port_range *sport, | |
339 | const struct fib_rule_port_range *dport, | |
bce67bbe | 340 | RoutingPolicyRule **ret) { |
926062f0 | 341 | return routing_policy_rule_add_internal(m, &m->rules_foreign, family, from, from_prefixlen, to, to_prefixlen, tos, fwmark, table, iif, oif, protocol, sport, dport, ret); |
bce67bbe SS |
342 | } |
343 | ||
344 | static int routing_policy_rule_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) { | |
1046bf9b | 345 | Link *link = userdata; |
bce67bbe SS |
346 | int r; |
347 | ||
348 | assert(m); | |
349 | assert(link); | |
350 | assert(link->ifname); | |
351 | ||
7715629e | 352 | link->routing_policy_rule_remove_messages--; |
bce67bbe SS |
353 | |
354 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) | |
355 | return 1; | |
356 | ||
357 | r = sd_netlink_message_get_errno(m); | |
358 | if (r < 0) | |
359 | log_link_warning_errno(link, r, "Could not drop routing policy rule: %m"); | |
360 | ||
361 | return 1; | |
362 | } | |
363 | ||
364 | int routing_policy_rule_remove(RoutingPolicyRule *routing_policy_rule, Link *link, sd_netlink_message_handler_t callback) { | |
365 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; | |
366 | int r; | |
367 | ||
368 | assert(routing_policy_rule); | |
369 | assert(link); | |
370 | assert(link->manager); | |
371 | assert(link->manager->rtnl); | |
372 | assert(link->ifindex > 0); | |
373 | assert(IN_SET(routing_policy_rule->family, AF_INET, AF_INET6)); | |
374 | ||
375 | r = sd_rtnl_message_new_routing_policy_rule(link->manager->rtnl, &m, RTM_DELRULE, routing_policy_rule->family); | |
376 | if (r < 0) | |
377 | return log_error_errno(r, "Could not allocate RTM_DELRULE message: %m"); | |
378 | ||
379 | if (!in_addr_is_null(routing_policy_rule->family, &routing_policy_rule->from)) { | |
380 | if (routing_policy_rule->family == AF_INET) | |
381 | r = sd_netlink_message_append_in_addr(m, FRA_SRC, &routing_policy_rule->from.in); | |
382 | else | |
383 | r = sd_netlink_message_append_in6_addr(m, FRA_SRC, &routing_policy_rule->from.in6); | |
384 | ||
385 | if (r < 0) | |
386 | return log_error_errno(r, "Could not append FRA_SRC attribute: %m"); | |
387 | ||
388 | r = sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m, routing_policy_rule->from_prefixlen); | |
389 | if (r < 0) | |
390 | return log_error_errno(r, "Could not set source prefix length: %m"); | |
391 | } | |
392 | ||
393 | if (!in_addr_is_null(routing_policy_rule->family, &routing_policy_rule->to)) { | |
394 | if (routing_policy_rule->family == AF_INET) | |
395 | r = sd_netlink_message_append_in_addr(m, FRA_DST, &routing_policy_rule->to.in); | |
396 | else | |
397 | r = sd_netlink_message_append_in6_addr(m, FRA_DST, &routing_policy_rule->to.in6); | |
398 | ||
399 | if (r < 0) | |
400 | return log_error_errno(r, "Could not append FRA_DST attribute: %m"); | |
401 | ||
402 | r = sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m, routing_policy_rule->to_prefixlen); | |
403 | if (r < 0) | |
404 | return log_error_errno(r, "Could not set destination prefix length: %m"); | |
405 | } | |
406 | ||
ee38400b | 407 | r = sd_netlink_call_async(link->manager->rtnl, NULL, m, callback, |
8190a388 | 408 | link_netlink_destroy_callback, link, 0, __func__); |
bce67bbe SS |
409 | if (r < 0) |
410 | return log_error_errno(r, "Could not send rtnetlink message: %m"); | |
411 | ||
412 | link_ref(link); | |
413 | ||
414 | return 0; | |
415 | } | |
416 | ||
417 | static int routing_policy_rule_new_static(Network *network, const char *filename, unsigned section_line, RoutingPolicyRule **ret) { | |
8e766630 LP |
418 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *rule = NULL; |
419 | _cleanup_(network_config_section_freep) NetworkConfigSection *n = NULL; | |
bce67bbe SS |
420 | int r; |
421 | ||
422 | assert(network); | |
423 | assert(ret); | |
424 | assert(!!filename == (section_line > 0)); | |
425 | ||
0f7f2769 YW |
426 | if (filename) { |
427 | r = network_config_section_new(filename, section_line, &n); | |
428 | if (r < 0) | |
429 | return r; | |
bce67bbe | 430 | |
0f7f2769 YW |
431 | rule = hashmap_get(network->rules_by_section, n); |
432 | if (rule) { | |
433 | *ret = TAKE_PTR(rule); | |
bce67bbe | 434 | |
0f7f2769 YW |
435 | return 0; |
436 | } | |
bce67bbe SS |
437 | } |
438 | ||
439 | r = routing_policy_rule_new(&rule); | |
440 | if (r < 0) | |
441 | return r; | |
442 | ||
bce67bbe | 443 | rule->network = network; |
bce67bbe SS |
444 | LIST_APPEND(rules, network->rules, rule); |
445 | network->n_rules++; | |
446 | ||
0f7f2769 YW |
447 | if (filename) { |
448 | rule->section = TAKE_PTR(n); | |
449 | ||
3e570042 YW |
450 | r = hashmap_ensure_allocated(&network->rules_by_section, &network_config_hash_ops); |
451 | if (r < 0) | |
452 | return r; | |
453 | ||
0f7f2769 YW |
454 | r = hashmap_put(network->rules_by_section, rule->section, rule); |
455 | if (r < 0) | |
456 | return r; | |
457 | } | |
458 | ||
1cc6c93a | 459 | *ret = TAKE_PTR(rule); |
bce67bbe SS |
460 | |
461 | return 0; | |
462 | } | |
463 | ||
464 | int link_routing_policy_rule_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) { | |
1046bf9b | 465 | Link *link = userdata; |
bce67bbe SS |
466 | int r; |
467 | ||
468 | assert(rtnl); | |
469 | assert(m); | |
470 | assert(link); | |
471 | assert(link->ifname); | |
7715629e | 472 | assert(link->routing_policy_rule_messages > 0); |
bce67bbe | 473 | |
7715629e | 474 | link->routing_policy_rule_messages--; |
bce67bbe SS |
475 | |
476 | if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) | |
477 | return 1; | |
478 | ||
479 | r = sd_netlink_message_get_errno(m); | |
480 | if (r < 0 && r != -EEXIST) | |
481 | log_link_warning_errno(link, r, "Could not add routing policy rule: %m"); | |
482 | ||
7715629e | 483 | if (link->routing_policy_rule_messages == 0) { |
bce67bbe | 484 | log_link_debug(link, "Routing policy rule configured"); |
7715629e ST |
485 | link->routing_policy_rules_configured = true; |
486 | link_check_ready(link); | |
487 | } | |
bce67bbe SS |
488 | |
489 | return 1; | |
490 | } | |
491 | ||
492 | int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, sd_netlink_message_handler_t callback, bool update) { | |
493 | _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL; | |
494 | int r; | |
495 | ||
496 | assert(rule); | |
497 | assert(link); | |
498 | assert(link->ifindex > 0); | |
499 | assert(link->manager); | |
500 | assert(link->manager->rtnl); | |
501 | ||
502 | r = sd_rtnl_message_new_routing_policy_rule(link->manager->rtnl, &m, RTM_NEWRULE, rule->family); | |
503 | if (r < 0) | |
504 | return log_error_errno(r, "Could not allocate RTM_NEWRULE message: %m"); | |
505 | ||
506 | if (!in_addr_is_null(rule->family, &rule->from)) { | |
507 | if (rule->family == AF_INET) | |
508 | r = sd_netlink_message_append_in_addr(m, FRA_SRC, &rule->from.in); | |
509 | else | |
510 | r = sd_netlink_message_append_in6_addr(m, FRA_SRC, &rule->from.in6); | |
511 | ||
512 | if (r < 0) | |
513 | return log_error_errno(r, "Could not append FRA_SRC attribute: %m"); | |
514 | ||
515 | r = sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m, rule->from_prefixlen); | |
516 | if (r < 0) | |
517 | return log_error_errno(r, "Could not set source prefix length: %m"); | |
518 | } | |
519 | ||
520 | if (!in_addr_is_null(rule->family, &rule->to)) { | |
521 | if (rule->family == AF_INET) | |
522 | r = sd_netlink_message_append_in_addr(m, FRA_DST, &rule->to.in); | |
523 | else | |
524 | r = sd_netlink_message_append_in6_addr(m, FRA_DST, &rule->to.in6); | |
525 | ||
526 | if (r < 0) | |
527 | return log_error_errno(r, "Could not append FRA_DST attribute: %m"); | |
528 | ||
529 | r = sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m, rule->to_prefixlen); | |
530 | if (r < 0) | |
531 | return log_error_errno(r, "Could not set destination prefix length: %m"); | |
532 | } | |
533 | ||
534 | r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); | |
535 | if (r < 0) | |
536 | return log_error_errno(r, "Could not append FRA_PRIORITY attribute: %m"); | |
537 | ||
538 | if (rule->tos > 0) { | |
539 | r = sd_rtnl_message_routing_policy_rule_set_tos(m, rule->tos); | |
540 | if (r < 0) | |
541 | return log_error_errno(r, "Could not set ip rule tos: %m"); | |
542 | } | |
543 | ||
544 | if (rule->table < 256) { | |
545 | r = sd_rtnl_message_routing_policy_rule_set_table(m, rule->table); | |
546 | if (r < 0) | |
547 | return log_error_errno(r, "Could not set ip rule table: %m"); | |
548 | } else { | |
549 | r = sd_rtnl_message_routing_policy_rule_set_table(m, RT_TABLE_UNSPEC); | |
550 | if (r < 0) | |
551 | return log_error_errno(r, "Could not set ip rule table: %m"); | |
552 | ||
553 | r = sd_netlink_message_append_u32(m, FRA_TABLE, rule->table); | |
554 | if (r < 0) | |
555 | return log_error_errno(r, "Could not append FRA_TABLE attribute: %m"); | |
556 | } | |
557 | ||
558 | if (rule->fwmark > 0) { | |
559 | r = sd_netlink_message_append_u32(m, FRA_FWMARK, rule->fwmark); | |
560 | if (r < 0) | |
561 | return log_error_errno(r, "Could not append FRA_FWMARK attribute: %m"); | |
562 | } | |
563 | ||
564 | if (rule->fwmask > 0) { | |
565 | r = sd_netlink_message_append_u32(m, FRA_FWMASK, rule->fwmask); | |
566 | if (r < 0) | |
567 | return log_error_errno(r, "Could not append FRA_FWMASK attribute: %m"); | |
568 | } | |
569 | ||
762e2659 SS |
570 | if (rule->iif) { |
571 | r = sd_netlink_message_append_string(m, FRA_IFNAME, rule->iif); | |
572 | if (r < 0) | |
573 | return log_error_errno(r, "Could not append FRA_IFNAME attribute: %m"); | |
574 | } | |
575 | ||
576 | if (rule->oif) { | |
577 | r = sd_netlink_message_append_string(m, FRA_OIFNAME, rule->oif); | |
578 | if (r < 0) | |
579 | return log_error_errno(r, "Could not append FRA_OIFNAME attribute: %m"); | |
580 | } | |
581 | ||
926062f0 SS |
582 | r = sd_netlink_message_append_u8(m, FRA_IP_PROTO, rule->protocol); |
583 | if (r < 0) | |
584 | return log_error_errno(r, "Could not append FRA_IP_PROTO attribute: %m"); | |
585 | ||
586 | if (rule->sport.start != 0 || rule->sport.end != 0) { | |
587 | r = sd_netlink_message_append_data(m, FRA_SPORT_RANGE, &rule->sport, sizeof(rule->sport)); | |
588 | if (r < 0) | |
589 | return log_error_errno(r, "Could not append FRA_SPORT_RANGE attribute: %m"); | |
590 | } | |
591 | ||
592 | if (rule->dport.start != 0 || rule->dport.end != 0) { | |
593 | r = sd_netlink_message_append_data(m, FRA_DPORT_RANGE, &rule->dport, sizeof(rule->dport)); | |
594 | if (r < 0) | |
595 | return log_error_errno(r, "Could not append FRA_DPORT_RANGE attribute: %m"); | |
596 | } | |
597 | ||
bce67bbe SS |
598 | rule->link = link; |
599 | ||
ee38400b | 600 | r = sd_netlink_call_async(link->manager->rtnl, NULL, m, callback, |
8190a388 | 601 | link_netlink_destroy_callback, link, 0, __func__); |
bce67bbe SS |
602 | if (r < 0) |
603 | return log_error_errno(r, "Could not send rtnetlink message: %m"); | |
604 | ||
605 | link_ref(link); | |
606 | ||
607 | r = routing_policy_rule_add(link->manager, rule->family, &rule->from, rule->from_prefixlen, &rule->to, | |
926062f0 | 608 | rule->to_prefixlen, rule->tos, rule->fwmark, rule->table, rule->iif, rule->oif, rule->protocol, &rule->sport, &rule->dport, NULL); |
bce67bbe | 609 | if (r < 0) |
cb700a11 | 610 | return log_error_errno(r, "Could not add rule: %m"); |
bce67bbe SS |
611 | |
612 | return 0; | |
613 | } | |
614 | ||
615 | static int parse_fwmark_fwmask(const char *s, uint32_t *fwmark, uint32_t *fwmask) { | |
616 | _cleanup_free_ char *f = NULL; | |
617 | char *p; | |
618 | int r; | |
619 | ||
620 | assert(s); | |
621 | ||
622 | f = strdup(s); | |
623 | if (!f) | |
624 | return -ENOMEM; | |
625 | ||
626 | p = strchr(f, '/'); | |
627 | if (p) | |
628 | *p++ = '\0'; | |
629 | ||
630 | r = safe_atou32(f, fwmark); | |
631 | if (r < 0) | |
632 | return log_error_errno(r, "Failed to parse RPDB rule firewall mark, ignoring: %s", f); | |
633 | ||
634 | if (p) { | |
635 | r = safe_atou32(p, fwmask); | |
636 | if (r < 0) | |
637 | return log_error_errno(r, "Failed to parse RPDB rule mask, ignoring: %s", f); | |
638 | } | |
639 | ||
640 | return 0; | |
641 | } | |
642 | ||
643 | int config_parse_routing_policy_rule_tos( | |
644 | const char *unit, | |
645 | const char *filename, | |
646 | unsigned line, | |
647 | const char *section, | |
648 | unsigned section_line, | |
649 | const char *lvalue, | |
650 | int ltype, | |
651 | const char *rvalue, | |
652 | void *data, | |
653 | void *userdata) { | |
654 | ||
8e766630 | 655 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL; |
bce67bbe SS |
656 | Network *network = userdata; |
657 | int r; | |
658 | ||
659 | assert(filename); | |
660 | assert(section); | |
661 | assert(lvalue); | |
662 | assert(rvalue); | |
663 | assert(data); | |
664 | ||
665 | r = routing_policy_rule_new_static(network, filename, section_line, &n); | |
666 | if (r < 0) | |
667 | return r; | |
668 | ||
669 | r = safe_atou8(rvalue, &n->tos); | |
670 | if (r < 0) { | |
671 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse RPDB rule tos, ignoring: %s", rvalue); | |
672 | return 0; | |
673 | } | |
674 | ||
675 | n = NULL; | |
676 | ||
677 | return 0; | |
678 | } | |
679 | ||
680 | int config_parse_routing_policy_rule_priority( | |
681 | const char *unit, | |
682 | const char *filename, | |
683 | unsigned line, | |
684 | const char *section, | |
685 | unsigned section_line, | |
686 | const char *lvalue, | |
687 | int ltype, | |
688 | const char *rvalue, | |
689 | void *data, | |
690 | void *userdata) { | |
691 | ||
8e766630 | 692 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL; |
bce67bbe SS |
693 | Network *network = userdata; |
694 | int r; | |
695 | ||
696 | assert(filename); | |
697 | assert(section); | |
698 | assert(lvalue); | |
699 | assert(rvalue); | |
700 | assert(data); | |
701 | ||
702 | r = routing_policy_rule_new_static(network, filename, section_line, &n); | |
703 | if (r < 0) | |
704 | return r; | |
705 | ||
706 | r = safe_atou32(rvalue, &n->priority); | |
707 | if (r < 0) { | |
708 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse RPDB rule priority, ignoring: %s", rvalue); | |
709 | return 0; | |
710 | } | |
711 | ||
712 | n = NULL; | |
713 | ||
714 | return 0; | |
715 | } | |
716 | ||
717 | int config_parse_routing_policy_rule_table( | |
718 | const char *unit, | |
719 | const char *filename, | |
720 | unsigned line, | |
721 | const char *section, | |
722 | unsigned section_line, | |
723 | const char *lvalue, | |
724 | int ltype, | |
725 | const char *rvalue, | |
726 | void *data, | |
727 | void *userdata) { | |
728 | ||
8e766630 | 729 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL; |
bce67bbe SS |
730 | Network *network = userdata; |
731 | int r; | |
732 | ||
733 | assert(filename); | |
734 | assert(section); | |
735 | assert(lvalue); | |
736 | assert(rvalue); | |
737 | assert(data); | |
738 | ||
739 | r = routing_policy_rule_new_static(network, filename, section_line, &n); | |
740 | if (r < 0) | |
741 | return r; | |
742 | ||
743 | r = safe_atou32(rvalue, &n->table); | |
744 | if (r < 0) { | |
745 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse RPDB rule table, ignoring: %s", rvalue); | |
746 | return 0; | |
747 | } | |
748 | ||
749 | n = NULL; | |
750 | ||
751 | return 0; | |
752 | } | |
753 | ||
754 | int config_parse_routing_policy_rule_fwmark_mask( | |
755 | const char *unit, | |
756 | const char *filename, | |
757 | unsigned line, | |
758 | const char *section, | |
759 | unsigned section_line, | |
760 | const char *lvalue, | |
761 | int ltype, | |
762 | const char *rvalue, | |
763 | void *data, | |
764 | void *userdata) { | |
765 | ||
8e766630 | 766 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL; |
bce67bbe SS |
767 | Network *network = userdata; |
768 | int r; | |
769 | ||
770 | assert(filename); | |
771 | assert(section); | |
772 | assert(lvalue); | |
773 | assert(rvalue); | |
774 | assert(data); | |
775 | ||
776 | r = routing_policy_rule_new_static(network, filename, section_line, &n); | |
777 | if (r < 0) | |
778 | return r; | |
779 | ||
780 | r = parse_fwmark_fwmask(rvalue, &n->fwmark, &n->fwmask); | |
781 | if (r < 0) { | |
782 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse RPDB rule firewall mark or mask, ignoring: %s", rvalue); | |
783 | return 0; | |
784 | } | |
785 | ||
786 | n = NULL; | |
787 | ||
788 | return 0; | |
789 | } | |
790 | ||
791 | int config_parse_routing_policy_rule_prefix( | |
792 | const char *unit, | |
793 | const char *filename, | |
794 | unsigned line, | |
795 | const char *section, | |
796 | unsigned section_line, | |
797 | const char *lvalue, | |
798 | int ltype, | |
799 | const char *rvalue, | |
800 | void *data, | |
801 | void *userdata) { | |
802 | ||
8e766630 | 803 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL; |
bce67bbe SS |
804 | Network *network = userdata; |
805 | union in_addr_union buffer; | |
806 | uint8_t prefixlen; | |
807 | int r; | |
808 | ||
809 | assert(filename); | |
810 | assert(section); | |
811 | assert(lvalue); | |
812 | assert(rvalue); | |
813 | assert(data); | |
814 | ||
815 | r = routing_policy_rule_new_static(network, filename, section_line, &n); | |
816 | if (r < 0) | |
817 | return r; | |
818 | ||
819 | r = in_addr_prefix_from_string(rvalue, AF_INET, &buffer, &prefixlen); | |
820 | if (r < 0) { | |
821 | r = in_addr_prefix_from_string(rvalue, AF_INET6, &buffer, &prefixlen); | |
822 | if (r < 0) { | |
823 | log_syntax(unit, LOG_ERR, filename, line, r, "RPDB rule prefix is invalid, ignoring assignment: %s", rvalue); | |
824 | return 0; | |
825 | } | |
826 | ||
827 | n->family = AF_INET6; | |
828 | } else | |
829 | n->family = AF_INET; | |
830 | ||
831 | if (streq(lvalue, "To")) { | |
832 | n->to = buffer; | |
833 | n->to_prefixlen = prefixlen; | |
834 | } else { | |
835 | n->from = buffer; | |
836 | n->from_prefixlen = prefixlen; | |
837 | } | |
838 | ||
839 | n = NULL; | |
840 | ||
841 | return 0; | |
842 | } | |
843 | ||
762e2659 SS |
844 | int config_parse_routing_policy_rule_device( |
845 | const char *unit, | |
846 | const char *filename, | |
847 | unsigned line, | |
848 | const char *section, | |
849 | unsigned section_line, | |
850 | const char *lvalue, | |
851 | int ltype, | |
852 | const char *rvalue, | |
853 | void *data, | |
854 | void *userdata) { | |
855 | ||
8e766630 | 856 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL; |
762e2659 SS |
857 | Network *network = userdata; |
858 | int r; | |
859 | ||
860 | assert(filename); | |
861 | assert(section); | |
862 | assert(lvalue); | |
863 | assert(rvalue); | |
864 | assert(data); | |
865 | ||
866 | r = routing_policy_rule_new_static(network, filename, section_line, &n); | |
867 | if (r < 0) | |
868 | return r; | |
869 | ||
870 | if (!ifname_valid(rvalue)) { | |
871 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse '%s' interface name, ignoring: %s", lvalue, rvalue); | |
872 | return 0; | |
873 | } | |
874 | ||
875 | if (streq(lvalue, "IncomingInterface")) { | |
876 | r = free_and_strdup(&n->iif, rvalue); | |
877 | if (r < 0) | |
878 | return log_oom(); | |
879 | } else { | |
880 | r = free_and_strdup(&n->oif, rvalue); | |
881 | if (r < 0) | |
882 | return log_oom(); | |
883 | } | |
884 | ||
885 | n = NULL; | |
886 | ||
887 | return 0; | |
888 | } | |
889 | ||
926062f0 SS |
890 | int config_parse_routing_policy_rule_port_range( |
891 | const char *unit, | |
892 | const char *filename, | |
893 | unsigned line, | |
894 | const char *section, | |
895 | unsigned section_line, | |
896 | const char *lvalue, | |
897 | int ltype, | |
898 | const char *rvalue, | |
899 | void *data, | |
900 | void *userdata) { | |
901 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL; | |
902 | Network *network = userdata; | |
903 | uint16_t low, high; | |
904 | int r; | |
905 | ||
906 | assert(filename); | |
907 | assert(section); | |
908 | assert(lvalue); | |
909 | assert(rvalue); | |
910 | assert(data); | |
911 | ||
912 | r = routing_policy_rule_new_static(network, filename, section_line, &n); | |
913 | if (r < 0) | |
914 | return r; | |
915 | ||
916 | r = parse_ip_port_range(rvalue, &low, &high); | |
917 | if (r < 0) { | |
918 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse routing policy rule port range '%s'", rvalue); | |
919 | return 0; | |
920 | } | |
921 | ||
922 | if (streq(lvalue, "SourcePort")) { | |
923 | n->sport.start = low; | |
924 | n->sport.end = high; | |
925 | } else { | |
926 | n->dport.start = low; | |
927 | n->dport.end = high; | |
928 | } | |
929 | ||
930 | n = NULL; | |
931 | ||
932 | return 0; | |
933 | } | |
934 | ||
935 | int config_parse_routing_policy_rule_protocol( | |
936 | const char *unit, | |
937 | const char *filename, | |
938 | unsigned line, | |
939 | const char *section, | |
940 | unsigned section_line, | |
941 | const char *lvalue, | |
942 | int ltype, | |
943 | const char *rvalue, | |
944 | void *data, | |
945 | void *userdata) { | |
946 | ||
947 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL; | |
948 | Network *network = userdata; | |
949 | int r; | |
950 | ||
951 | assert(filename); | |
952 | assert(section); | |
953 | assert(lvalue); | |
954 | assert(rvalue); | |
955 | assert(data); | |
956 | ||
957 | r = routing_policy_rule_new_static(network, filename, section_line, &n); | |
958 | if (r < 0) | |
959 | return r; | |
960 | ||
961 | r = socket_protocol_from_name(rvalue); | |
962 | if (r < 0) { | |
963 | log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse routing policy rule protocol, ignoring: %s", rvalue); | |
964 | return 0; | |
965 | } | |
966 | ||
967 | if (!IN_SET(r, IPPROTO_TCP, IPPROTO_UDP, IPPROTO_SCTP)) { | |
968 | log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid protocol '%s'. Protocol should be tcp/udp/sctp, ignoring", rvalue); | |
969 | return 0; | |
970 | } | |
971 | ||
972 | n->protocol = r; | |
973 | ||
974 | n = NULL; | |
975 | ||
976 | return 0; | |
977 | } | |
978 | ||
458d8ae3 | 979 | static int routing_policy_rule_read_full_file(const char *state_file, char **ret) { |
ac097c84 | 980 | _cleanup_free_ char *s = NULL; |
bce67bbe SS |
981 | size_t size; |
982 | int r; | |
983 | ||
984 | assert(state_file); | |
985 | ||
986 | r = read_full_file(state_file, &s, &size); | |
987 | if (r == -ENOENT) | |
988 | return -ENODATA; | |
989 | if (r < 0) | |
990 | return r; | |
991 | if (size <= 0) | |
992 | return -ENODATA; | |
993 | ||
ae2a15bc | 994 | *ret = TAKE_PTR(s); |
bce67bbe SS |
995 | |
996 | return size; | |
997 | } | |
998 | ||
458d8ae3 ZJS |
999 | int routing_policy_serialize_rules(Set *rules, FILE *f) { |
1000 | RoutingPolicyRule *rule = NULL; | |
1001 | Iterator i; | |
1002 | int r; | |
1003 | ||
1004 | assert(f); | |
1005 | ||
1006 | SET_FOREACH(rule, rules, i) { | |
1007 | _cleanup_free_ char *from_str = NULL, *to_str = NULL; | |
1008 | bool space = false; | |
1009 | ||
1010 | fputs("RULE=", f); | |
1011 | ||
1012 | if (!in_addr_is_null(rule->family, &rule->from)) { | |
1013 | r = in_addr_to_string(rule->family, &rule->from, &from_str); | |
1014 | if (r < 0) | |
1015 | return r; | |
1016 | ||
1017 | fprintf(f, "from=%s/%hhu", | |
1018 | from_str, rule->from_prefixlen); | |
1019 | space = true; | |
1020 | } | |
1021 | ||
1022 | if (!in_addr_is_null(rule->family, &rule->to)) { | |
1023 | r = in_addr_to_string(rule->family, &rule->to, &to_str); | |
1024 | if (r < 0) | |
1025 | return r; | |
1026 | ||
1027 | fprintf(f, "%sto=%s/%hhu", | |
1028 | space ? " " : "", | |
1029 | to_str, rule->to_prefixlen); | |
1030 | space = true; | |
1031 | } | |
1032 | ||
1033 | if (rule->tos != 0) { | |
1034 | fprintf(f, "%stos=%hhu", | |
1035 | space ? " " : "", | |
1036 | rule->tos); | |
1037 | space = true; | |
1038 | } | |
1039 | ||
1040 | if (rule->fwmark != 0) { | |
1041 | fprintf(f, "%sfwmark=%"PRIu32"/%"PRIu32, | |
1042 | space ? " " : "", | |
1043 | rule->fwmark, rule->fwmask); | |
1044 | space = true; | |
1045 | } | |
1046 | ||
9491f55f ZJS |
1047 | if (rule->iif) { |
1048 | fprintf(f, "%siif=%s", | |
1049 | space ? " " : "", | |
1050 | rule->iif); | |
1051 | space = true; | |
1052 | } | |
1053 | ||
1054 | if (rule->oif) { | |
1055 | fprintf(f, "%soif=%s", | |
1056 | space ? " " : "", | |
1057 | rule->oif); | |
1058 | space = true; | |
1059 | } | |
1060 | ||
926062f0 SS |
1061 | if (rule->protocol != 0) { |
1062 | fprintf(f, "%sprotocol=%hhu", | |
1063 | space ? " " : "", | |
1064 | rule->protocol); | |
1065 | space = true; | |
1066 | } | |
1067 | ||
1068 | if (rule->sport.start != 0 || rule->sport.end != 0) { | |
58a02e4c | 1069 | fprintf(f, "%ssourcesport=%"PRIu16"-%"PRIu16, |
926062f0 SS |
1070 | space ? " " : "", |
1071 | rule->sport.start, rule->sport.end); | |
1072 | space = true; | |
1073 | } | |
1074 | ||
1075 | if (rule->dport.start != 0 || rule->dport.end != 0) { | |
58a02e4c | 1076 | fprintf(f, "%sdestinationport=%"PRIu16"-%"PRIu16, |
926062f0 SS |
1077 | space ? " " : "", |
1078 | rule->dport.start, rule->dport.end); | |
1079 | space = true; | |
1080 | } | |
1081 | ||
458d8ae3 ZJS |
1082 | fprintf(f, "%stable=%"PRIu32 "\n", |
1083 | space ? " " : "", | |
1084 | rule->table); | |
1085 | } | |
1086 | ||
1087 | return 0; | |
1088 | } | |
1089 | ||
1090 | int routing_policy_load_rules(const char *state_file, Set **rules) { | |
bce67bbe SS |
1091 | _cleanup_strv_free_ char **l = NULL; |
1092 | _cleanup_free_ char *data = NULL; | |
926062f0 | 1093 | uint16_t low = 0, high = 0; |
bce67bbe SS |
1094 | const char *p; |
1095 | char **i; | |
1096 | int r; | |
1097 | ||
458d8ae3 ZJS |
1098 | assert(state_file); |
1099 | assert(rules); | |
bce67bbe | 1100 | |
458d8ae3 | 1101 | r = routing_policy_rule_read_full_file(state_file, &data); |
bce67bbe SS |
1102 | if (r <= 0) |
1103 | return r; | |
1104 | ||
1105 | l = strv_split_newlines(data); | |
1106 | if (!l) | |
1107 | return -ENOMEM; | |
1108 | ||
458d8ae3 | 1109 | r = set_ensure_allocated(rules, &routing_policy_rule_hash_ops); |
bce67bbe SS |
1110 | if (r < 0) |
1111 | return r; | |
1112 | ||
1113 | STRV_FOREACH(i, l) { | |
8e766630 | 1114 | _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *rule = NULL; |
bce67bbe SS |
1115 | |
1116 | p = startswith(*i, "RULE="); | |
1117 | if (!p) | |
1118 | continue; | |
1119 | ||
bce67bbe SS |
1120 | r = routing_policy_rule_new(&rule); |
1121 | if (r < 0) | |
1122 | return r; | |
1123 | ||
1124 | for (;;) { | |
1125 | _cleanup_free_ char *word = NULL, *a = NULL, *b = NULL; | |
1126 | union in_addr_union buffer; | |
1127 | uint8_t prefixlen; | |
1128 | ||
1129 | r = extract_first_word(&p, &word, NULL, 0); | |
1130 | if (r < 0) | |
1131 | return r; | |
1132 | if (r == 0) | |
1133 | break; | |
1134 | ||
1135 | r = split_pair(word, "=", &a, &b); | |
1136 | if (r < 0) | |
1137 | continue; | |
1138 | ||
1139 | if (STR_IN_SET(a, "from", "to")) { | |
1140 | ||
1141 | r = in_addr_prefix_from_string(b, AF_INET, &buffer, &prefixlen); | |
1142 | if (r < 0) { | |
1143 | r = in_addr_prefix_from_string(b, AF_INET6, &buffer, &prefixlen); | |
1144 | if (r < 0) { | |
1145 | log_error_errno(r, "RPDB rule prefix is invalid, ignoring assignment: %s", b); | |
1146 | continue; | |
1147 | } | |
1148 | ||
1149 | rule->family = AF_INET6; | |
1150 | } else | |
1151 | rule->family = AF_INET; | |
1152 | ||
1153 | if (streq(a, "to")) { | |
1154 | rule->to = buffer; | |
1155 | rule->to_prefixlen = prefixlen; | |
1156 | } else { | |
1157 | rule->from = buffer; | |
1158 | rule->from_prefixlen = prefixlen; | |
1159 | } | |
1160 | } else if (streq(a, "tos")) { | |
1161 | r = safe_atou8(b, &rule->tos); | |
1162 | if (r < 0) { | |
1163 | log_error_errno(r, "Failed to parse RPDB rule tos, ignoring: %s", b); | |
1164 | continue; | |
1165 | } | |
1166 | } else if (streq(a, "table")) { | |
1167 | r = safe_atou32(b, &rule->table); | |
1168 | if (r < 0) { | |
1169 | log_error_errno(r, "Failed to parse RPDB rule table, ignoring: %s", b); | |
1170 | continue; | |
1171 | } | |
1172 | } else if (streq(a, "fwmark")) { | |
1173 | ||
e4aca57d | 1174 | r = parse_fwmark_fwmask(b, &rule->fwmark, &rule->fwmask); |
bce67bbe SS |
1175 | if (r < 0) { |
1176 | log_error_errno(r, "Failed to parse RPDB rule firewall mark or mask, ignoring: %s", a); | |
1177 | continue; | |
1178 | } | |
9491f55f | 1179 | } else if (streq(a, "iif")) { |
762e2659 | 1180 | |
93f9da6e | 1181 | if (free_and_strdup(&rule->iif, b) < 0) |
762e2659 | 1182 | return log_oom(); |
93f9da6e | 1183 | |
9491f55f | 1184 | } else if (streq(a, "oif")) { |
762e2659 | 1185 | |
93f9da6e | 1186 | if (free_and_strdup(&rule->oif, b) < 0) |
762e2659 | 1187 | return log_oom(); |
926062f0 SS |
1188 | } else if (streq(a, "protocol")) { |
1189 | r = safe_atou8(b, &rule->protocol); | |
1190 | if (r < 0) { | |
1191 | log_error_errno(r, "Failed to parse RPDB rule protocol, ignoring: %s", b); | |
1192 | continue; | |
1193 | } | |
1194 | } else if (streq(a, "sourceport")) { | |
1195 | ||
1196 | r = parse_ip_port_range(b, &low, &high); | |
1197 | if (r < 0) { | |
1198 | log_error_errno(r, "Invalid routing policy rule source port range, ignoring assignment:'%s'", b); | |
1199 | continue; | |
1200 | } | |
1201 | ||
1202 | rule->sport.start = low; | |
1203 | rule->sport.end = high; | |
1204 | ||
1205 | } else if (streq(a, "destinationport")) { | |
1206 | ||
1207 | r = parse_ip_port_range(b, &low, &high); | |
1208 | if (r < 0) { | |
1209 | log_error_errno(r, "Invalid routing policy rule destination port range, ignoring assignment:'%s'", b); | |
1210 | continue; | |
1211 | } | |
1212 | ||
1213 | rule->dport.start = low; | |
1214 | rule->dport.end = high; | |
bce67bbe SS |
1215 | } |
1216 | } | |
1217 | ||
458d8ae3 | 1218 | r = set_put(*rules, rule); |
bce67bbe SS |
1219 | if (r < 0) { |
1220 | log_warning_errno(r, "Failed to add RPDB rule to saved DB, ignoring: %s", p); | |
1221 | continue; | |
1222 | } | |
1223 | ||
1224 | rule = NULL; | |
1225 | } | |
1226 | ||
1227 | return 0; | |
1228 | } | |
1229 | ||
1230 | void routing_policy_rule_purge(Manager *m, Link *link) { | |
1231 | RoutingPolicyRule *rule, *existing; | |
1232 | Iterator i; | |
1233 | int r; | |
1234 | ||
1235 | assert(m); | |
1236 | assert(link); | |
1237 | ||
1238 | SET_FOREACH(rule, m->rules_saved, i) { | |
1239 | existing = set_get(m->rules_foreign, rule); | |
1240 | if (existing) { | |
1241 | ||
1242 | r = routing_policy_rule_remove(rule, link, routing_policy_rule_remove_handler); | |
1243 | if (r < 0) { | |
1244 | log_warning_errno(r, "Could not remove routing policy rules: %m"); | |
1245 | continue; | |
1246 | } | |
1247 | ||
7715629e | 1248 | link->routing_policy_rule_remove_messages++; |
bce67bbe SS |
1249 | } |
1250 | } | |
1251 | } |