1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <linux/fib_rules.h>
6 #include "alloc-util.h"
7 #include "conf-parser.h"
9 #include "ip-protocol-list.h"
10 #include "networkd-routing-policy-rule.h"
11 #include "netlink-util.h"
12 #include "networkd-manager.h"
13 #include "parse-util.h"
14 #include "socket-util.h"
15 #include "string-util.h"
18 int routing_policy_rule_new(RoutingPolicyRule
**ret
) {
19 RoutingPolicyRule
*rule
;
21 rule
= new(RoutingPolicyRule
, 1);
25 *rule
= (RoutingPolicyRule
) {
27 .table
= RT_TABLE_MAIN
,
34 void routing_policy_rule_free(RoutingPolicyRule
*rule
) {
40 LIST_REMOVE(rules
, rule
->network
->rules
, rule
);
41 assert(rule
->network
->n_rules
> 0);
42 rule
->network
->n_rules
--;
45 hashmap_remove(rule
->network
->rules_by_section
, rule
->section
);
49 set_remove(rule
->manager
->rules
, rule
);
50 set_remove(rule
->manager
->rules_foreign
, rule
);
53 network_config_section_free(rule
->section
);
59 static void routing_policy_rule_hash_func(const RoutingPolicyRule
*rule
, struct siphash
*state
) {
62 siphash24_compress(&rule
->family
, sizeof(rule
->family
), state
);
64 switch (rule
->family
) {
68 siphash24_compress(&rule
->from
, FAMILY_ADDRESS_SIZE(rule
->family
), state
);
69 siphash24_compress(&rule
->from_prefixlen
, sizeof(rule
->from_prefixlen
), state
);
71 siphash24_compress(&rule
->to
, FAMILY_ADDRESS_SIZE(rule
->family
), state
);
72 siphash24_compress(&rule
->to_prefixlen
, sizeof(rule
->to_prefixlen
), state
);
74 siphash24_compress(&rule
->tos
, sizeof(rule
->tos
), state
);
75 siphash24_compress(&rule
->fwmark
, sizeof(rule
->fwmark
), state
);
76 siphash24_compress(&rule
->table
, sizeof(rule
->table
), state
);
78 siphash24_compress(&rule
->protocol
, sizeof(rule
->protocol
), state
);
79 siphash24_compress(&rule
->sport
, sizeof(rule
->sport
), state
);
80 siphash24_compress(&rule
->dport
, sizeof(rule
->dport
), state
);
83 siphash24_compress(rule
->iif
, strlen(rule
->iif
), state
);
86 siphash24_compress(rule
->oif
, strlen(rule
->oif
), state
);
90 /* treat any other address family as AF_UNSPEC */
95 static int routing_policy_rule_compare_func(const RoutingPolicyRule
*a
, const RoutingPolicyRule
*b
) {
98 r
= CMP(a
->family
, b
->family
);
105 r
= CMP(a
->from_prefixlen
, b
->from_prefixlen
);
109 r
= CMP(a
->to_prefixlen
, b
->to_prefixlen
);
113 r
= CMP(a
->tos
, b
->tos
);
117 r
= CMP(a
->fwmask
, b
->fwmask
);
121 r
= CMP(a
->table
, b
->table
);
125 r
= strcmp_ptr(a
->iif
, b
->iif
);
129 r
= strcmp_ptr(a
->oif
, b
->oif
);
133 r
= CMP(a
->protocol
, b
->protocol
);
137 r
= memcmp(&a
->sport
, &b
->sport
, sizeof(a
->sport
));
141 r
= memcmp(&a
->dport
, &b
->dport
, sizeof(a
->dport
));
145 r
= memcmp(&a
->from
, &b
->from
, FAMILY_ADDRESS_SIZE(a
->family
));
149 return memcmp(&a
->to
, &b
->to
, FAMILY_ADDRESS_SIZE(a
->family
));
152 /* treat any other address family as AF_UNSPEC */
157 DEFINE_PRIVATE_HASH_OPS(routing_policy_rule_hash_ops
, RoutingPolicyRule
, routing_policy_rule_hash_func
, routing_policy_rule_compare_func
);
159 int routing_policy_rule_get(Manager
*m
,
161 const union in_addr_union
*from
,
162 uint8_t from_prefixlen
,
163 const union in_addr_union
*to
,
164 uint8_t to_prefixlen
,
171 struct fib_rule_port_range
*sport
,
172 struct fib_rule_port_range
*dport
,
173 RoutingPolicyRule
**ret
) {
175 RoutingPolicyRule rule
, *existing
;
177 assert_return(m
, -1);
179 rule
= (RoutingPolicyRule
) {
182 .from_prefixlen
= from_prefixlen
,
184 .to_prefixlen
= to_prefixlen
,
190 .protocol
= protocol
,
195 existing
= set_get(m
->rules
, &rule
);
202 existing
= set_get(m
->rules_foreign
, &rule
);
212 int routing_policy_rule_make_local(Manager
*m
, RoutingPolicyRule
*rule
) {
217 if (set_contains(m
->rules_foreign
, rule
)) {
218 set_remove(m
->rules_foreign
, rule
);
220 r
= set_ensure_allocated(&m
->rules
, &routing_policy_rule_hash_ops
);
224 return set_put(m
->rules
, rule
);
230 static int routing_policy_rule_add_internal(Manager
*m
,
233 const union in_addr_union
*from
,
234 uint8_t from_prefixlen
,
235 const union in_addr_union
*to
,
236 uint8_t to_prefixlen
,
243 const struct fib_rule_port_range
*sport
,
244 const struct fib_rule_port_range
*dport
,
245 RoutingPolicyRule
**ret
) {
247 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*rule
= NULL
;
248 _cleanup_free_
char *iif
= NULL
, *oif
= NULL
;
251 assert_return(rules
, -EINVAL
);
265 r
= routing_policy_rule_new(&rule
);
270 rule
->family
= family
;
272 rule
->from_prefixlen
= from_prefixlen
;
274 rule
->to_prefixlen
= to_prefixlen
;
276 rule
->fwmark
= fwmark
;
280 rule
->protocol
= protocol
;
281 rule
->sport
= *sport
;
282 rule
->dport
= *dport
;
284 r
= set_ensure_allocated(rules
, &routing_policy_rule_hash_ops
);
288 r
= set_put(*rules
, rule
);
301 int routing_policy_rule_add(Manager
*m
,
303 const union in_addr_union
*from
,
304 uint8_t from_prefixlen
,
305 const union in_addr_union
*to
,
306 uint8_t to_prefixlen
,
313 const struct fib_rule_port_range
*sport
,
314 const struct fib_rule_port_range
*dport
,
315 RoutingPolicyRule
**ret
) {
317 return routing_policy_rule_add_internal(m
, &m
->rules
, family
, from
, from_prefixlen
, to
, to_prefixlen
, tos
, fwmark
, table
, iif
, oif
, protocol
, sport
, dport
, ret
);
320 int routing_policy_rule_add_foreign(Manager
*m
,
322 const union in_addr_union
*from
,
323 uint8_t from_prefixlen
,
324 const union in_addr_union
*to
,
325 uint8_t to_prefixlen
,
332 const struct fib_rule_port_range
*sport
,
333 const struct fib_rule_port_range
*dport
,
334 RoutingPolicyRule
**ret
) {
335 return routing_policy_rule_add_internal(m
, &m
->rules_foreign
, family
, from
, from_prefixlen
, to
, to_prefixlen
, tos
, fwmark
, table
, iif
, oif
, protocol
, sport
, dport
, ret
);
338 static int routing_policy_rule_remove_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
343 assert(link
->ifname
);
345 link
->routing_policy_rule_remove_messages
--;
347 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
350 r
= sd_netlink_message_get_errno(m
);
352 log_link_warning_errno(link
, r
, "Could not drop routing policy rule: %m");
357 int routing_policy_rule_remove(RoutingPolicyRule
*routing_policy_rule
, Link
*link
, link_netlink_message_handler_t callback
) {
358 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
361 assert(routing_policy_rule
);
363 assert(link
->manager
);
364 assert(link
->manager
->rtnl
);
365 assert(link
->ifindex
> 0);
366 assert(IN_SET(routing_policy_rule
->family
, AF_INET
, AF_INET6
));
368 r
= sd_rtnl_message_new_routing_policy_rule(link
->manager
->rtnl
, &m
, RTM_DELRULE
, routing_policy_rule
->family
);
370 return log_error_errno(r
, "Could not allocate RTM_DELRULE message: %m");
372 if (in_addr_is_null(routing_policy_rule
->family
, &routing_policy_rule
->from
) == 0) {
373 if (routing_policy_rule
->family
== AF_INET
)
374 r
= sd_netlink_message_append_in_addr(m
, FRA_SRC
, &routing_policy_rule
->from
.in
);
376 r
= sd_netlink_message_append_in6_addr(m
, FRA_SRC
, &routing_policy_rule
->from
.in6
);
378 return log_error_errno(r
, "Could not append FRA_SRC attribute: %m");
380 r
= sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m
, routing_policy_rule
->from_prefixlen
);
382 return log_error_errno(r
, "Could not set source prefix length: %m");
385 if (in_addr_is_null(routing_policy_rule
->family
, &routing_policy_rule
->to
) == 0) {
386 if (routing_policy_rule
->family
== AF_INET
)
387 r
= sd_netlink_message_append_in_addr(m
, FRA_DST
, &routing_policy_rule
->to
.in
);
389 r
= sd_netlink_message_append_in6_addr(m
, FRA_DST
, &routing_policy_rule
->to
.in6
);
391 return log_error_errno(r
, "Could not append FRA_DST attribute: %m");
393 r
= sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m
, routing_policy_rule
->to_prefixlen
);
395 return log_error_errno(r
, "Could not set destination prefix length: %m");
398 r
= netlink_call_async(link
->manager
->rtnl
, NULL
, m
,
399 callback
?: routing_policy_rule_remove_handler
,
400 link_netlink_destroy_callback
, link
);
402 return log_error_errno(r
, "Could not send rtnetlink message: %m");
409 static int routing_policy_rule_new_static(Network
*network
, const char *filename
, unsigned section_line
, RoutingPolicyRule
**ret
) {
410 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*rule
= NULL
;
411 _cleanup_(network_config_section_freep
) NetworkConfigSection
*n
= NULL
;
416 assert(!!filename
== (section_line
> 0));
419 r
= network_config_section_new(filename
, section_line
, &n
);
423 rule
= hashmap_get(network
->rules_by_section
, n
);
425 *ret
= TAKE_PTR(rule
);
431 r
= routing_policy_rule_new(&rule
);
435 rule
->network
= network
;
436 LIST_APPEND(rules
, network
->rules
, rule
);
440 rule
->section
= TAKE_PTR(n
);
442 r
= hashmap_ensure_allocated(&network
->rules_by_section
, &network_config_hash_ops
);
446 r
= hashmap_put(network
->rules_by_section
, rule
->section
, rule
);
451 *ret
= TAKE_PTR(rule
);
456 static int routing_policy_rule_handler(sd_netlink
*rtnl
, sd_netlink_message
*m
, Link
*link
) {
462 assert(link
->ifname
);
463 assert(link
->routing_policy_rule_messages
> 0);
465 link
->routing_policy_rule_messages
--;
467 if (IN_SET(link
->state
, LINK_STATE_FAILED
, LINK_STATE_LINGER
))
470 r
= sd_netlink_message_get_errno(m
);
471 if (r
< 0 && r
!= -EEXIST
)
472 log_link_warning_errno(link
, r
, "Could not add routing policy rule: %m");
474 if (link
->routing_policy_rule_messages
== 0) {
475 log_link_debug(link
, "Routing policy rule configured");
476 link
->routing_policy_rules_configured
= true;
477 link_check_ready(link
);
483 int routing_policy_rule_configure(RoutingPolicyRule
*rule
, Link
*link
, link_netlink_message_handler_t callback
, bool update
) {
484 _cleanup_(sd_netlink_message_unrefp
) sd_netlink_message
*m
= NULL
;
489 assert(link
->ifindex
> 0);
490 assert(link
->manager
);
491 assert(link
->manager
->rtnl
);
493 r
= sd_rtnl_message_new_routing_policy_rule(link
->manager
->rtnl
, &m
, RTM_NEWRULE
, rule
->family
);
495 return log_error_errno(r
, "Could not allocate RTM_NEWRULE message: %m");
497 if (in_addr_is_null(rule
->family
, &rule
->from
) == 0) {
498 if (rule
->family
== AF_INET
)
499 r
= sd_netlink_message_append_in_addr(m
, FRA_SRC
, &rule
->from
.in
);
501 r
= sd_netlink_message_append_in6_addr(m
, FRA_SRC
, &rule
->from
.in6
);
503 return log_error_errno(r
, "Could not append FRA_SRC attribute: %m");
505 r
= sd_rtnl_message_routing_policy_rule_set_rtm_src_prefixlen(m
, rule
->from_prefixlen
);
507 return log_error_errno(r
, "Could not set source prefix length: %m");
510 if (in_addr_is_null(rule
->family
, &rule
->to
) == 0) {
511 if (rule
->family
== AF_INET
)
512 r
= sd_netlink_message_append_in_addr(m
, FRA_DST
, &rule
->to
.in
);
514 r
= sd_netlink_message_append_in6_addr(m
, FRA_DST
, &rule
->to
.in6
);
516 return log_error_errno(r
, "Could not append FRA_DST attribute: %m");
518 r
= sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(m
, rule
->to_prefixlen
);
520 return log_error_errno(r
, "Could not set destination prefix length: %m");
523 r
= sd_netlink_message_append_u32(m
, FRA_PRIORITY
, rule
->priority
);
525 return log_error_errno(r
, "Could not append FRA_PRIORITY attribute: %m");
528 r
= sd_rtnl_message_routing_policy_rule_set_tos(m
, rule
->tos
);
530 return log_error_errno(r
, "Could not set ip rule tos: %m");
533 if (rule
->table
< 256) {
534 r
= sd_rtnl_message_routing_policy_rule_set_table(m
, rule
->table
);
536 return log_error_errno(r
, "Could not set ip rule table: %m");
538 r
= sd_rtnl_message_routing_policy_rule_set_table(m
, RT_TABLE_UNSPEC
);
540 return log_error_errno(r
, "Could not set ip rule table: %m");
542 r
= sd_netlink_message_append_u32(m
, FRA_TABLE
, rule
->table
);
544 return log_error_errno(r
, "Could not append FRA_TABLE attribute: %m");
547 if (rule
->fwmark
> 0) {
548 r
= sd_netlink_message_append_u32(m
, FRA_FWMARK
, rule
->fwmark
);
550 return log_error_errno(r
, "Could not append FRA_FWMARK attribute: %m");
553 if (rule
->fwmask
> 0) {
554 r
= sd_netlink_message_append_u32(m
, FRA_FWMASK
, rule
->fwmask
);
556 return log_error_errno(r
, "Could not append FRA_FWMASK attribute: %m");
560 r
= sd_netlink_message_append_string(m
, FRA_IFNAME
, rule
->iif
);
562 return log_error_errno(r
, "Could not append FRA_IFNAME attribute: %m");
566 r
= sd_netlink_message_append_string(m
, FRA_OIFNAME
, rule
->oif
);
568 return log_error_errno(r
, "Could not append FRA_OIFNAME attribute: %m");
571 r
= sd_netlink_message_append_u8(m
, FRA_IP_PROTO
, rule
->protocol
);
573 return log_error_errno(r
, "Could not append FRA_IP_PROTO attribute: %m");
575 if (rule
->sport
.start
!= 0 || rule
->sport
.end
!= 0) {
576 r
= sd_netlink_message_append_data(m
, FRA_SPORT_RANGE
, &rule
->sport
, sizeof(rule
->sport
));
578 return log_error_errno(r
, "Could not append FRA_SPORT_RANGE attribute: %m");
581 if (rule
->dport
.start
!= 0 || rule
->dport
.end
!= 0) {
582 r
= sd_netlink_message_append_data(m
, FRA_DPORT_RANGE
, &rule
->dport
, sizeof(rule
->dport
));
584 return log_error_errno(r
, "Could not append FRA_DPORT_RANGE attribute: %m");
587 if (rule
->invert_rule
) {
588 r
= sd_rtnl_message_routing_policy_rule_set_flags(m
, FIB_RULE_INVERT
);
590 return log_error_errno(r
, "Could not append FIB_RULE_INVERT attribute: %m");
595 r
= netlink_call_async(link
->manager
->rtnl
, NULL
, m
,
596 callback
?: routing_policy_rule_handler
,
597 link_netlink_destroy_callback
, link
);
599 return log_error_errno(r
, "Could not send rtnetlink message: %m");
603 r
= routing_policy_rule_add(link
->manager
, rule
->family
, &rule
->from
, rule
->from_prefixlen
, &rule
->to
,
604 rule
->to_prefixlen
, rule
->tos
, rule
->fwmark
, rule
->table
, rule
->iif
, rule
->oif
, rule
->protocol
, &rule
->sport
, &rule
->dport
, NULL
);
606 return log_error_errno(r
, "Could not add rule: %m");
611 static int parse_fwmark_fwmask(const char *s
, uint32_t *fwmark
, uint32_t *fwmask
) {
612 _cleanup_free_
char *f
= NULL
;
626 r
= safe_atou32(f
, fwmark
);
628 return log_error_errno(r
, "Failed to parse RPDB rule firewall mark, ignoring: %s", f
);
631 r
= safe_atou32(p
, fwmask
);
633 return log_error_errno(r
, "Failed to parse RPDB rule mask, ignoring: %s", f
);
639 int config_parse_routing_policy_rule_tos(
641 const char *filename
,
644 unsigned section_line
,
651 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
652 Network
*network
= userdata
;
661 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
665 r
= safe_atou8(rvalue
, &n
->tos
);
667 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse RPDB rule tos, ignoring: %s", rvalue
);
676 int config_parse_routing_policy_rule_priority(
678 const char *filename
,
681 unsigned section_line
,
688 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
689 Network
*network
= userdata
;
698 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
702 r
= safe_atou32(rvalue
, &n
->priority
);
704 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse RPDB rule priority, ignoring: %s", rvalue
);
713 int config_parse_routing_policy_rule_table(
715 const char *filename
,
718 unsigned section_line
,
725 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
726 Network
*network
= userdata
;
735 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
739 r
= safe_atou32(rvalue
, &n
->table
);
741 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse RPDB rule table, ignoring: %s", rvalue
);
750 int config_parse_routing_policy_rule_fwmark_mask(
752 const char *filename
,
755 unsigned section_line
,
762 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
763 Network
*network
= userdata
;
772 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
776 r
= parse_fwmark_fwmask(rvalue
, &n
->fwmark
, &n
->fwmask
);
778 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse RPDB rule firewall mark or mask, ignoring: %s", rvalue
);
787 int config_parse_routing_policy_rule_prefix(
789 const char *filename
,
792 unsigned section_line
,
799 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
800 Network
*network
= userdata
;
801 union in_addr_union
*buffer
;
811 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
815 if (streq(lvalue
, "To")) {
817 prefixlen
= &n
->to_prefixlen
;
820 prefixlen
= &n
->from_prefixlen
;
823 r
= in_addr_prefix_from_string_auto(rvalue
, &n
->family
, buffer
, prefixlen
);
825 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "RPDB rule prefix is invalid, ignoring assignment: %s", rvalue
);
834 int config_parse_routing_policy_rule_device(
836 const char *filename
,
839 unsigned section_line
,
846 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
847 Network
*network
= userdata
;
856 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
860 if (!ifname_valid(rvalue
)) {
861 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse '%s' interface name, ignoring: %s", lvalue
, rvalue
);
865 if (streq(lvalue
, "IncomingInterface")) {
866 r
= free_and_strdup(&n
->iif
, rvalue
);
870 r
= free_and_strdup(&n
->oif
, rvalue
);
880 int config_parse_routing_policy_rule_port_range(
882 const char *filename
,
885 unsigned section_line
,
891 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
892 Network
*network
= userdata
;
902 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
906 r
= parse_ip_port_range(rvalue
, &low
, &high
);
908 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse routing policy rule port range '%s'", rvalue
);
912 if (streq(lvalue
, "SourcePort")) {
913 n
->sport
.start
= low
;
916 n
->dport
.start
= low
;
925 int config_parse_routing_policy_rule_ip_protocol(
927 const char *filename
,
930 unsigned section_line
,
937 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
938 Network
*network
= userdata
;
947 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
951 r
= parse_ip_protocol(rvalue
);
953 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse IP protocol '%s' for routing policy rule, ignoring: %m", rvalue
);
964 int config_parse_routing_policy_rule_invert(
966 const char *filename
,
969 unsigned section_line
,
976 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*n
= NULL
;
977 Network
*network
= userdata
;
986 r
= routing_policy_rule_new_static(network
, filename
, section_line
, &n
);
990 r
= parse_boolean(rvalue
);
992 log_syntax(unit
, LOG_ERR
, filename
, line
, r
, "Failed to parse RPDB rule invert, ignoring: %s", rvalue
);
1003 static int routing_policy_rule_read_full_file(const char *state_file
, char **ret
) {
1004 _cleanup_free_
char *s
= NULL
;
1010 r
= read_full_file(state_file
, &s
, &size
);
1023 int routing_policy_serialize_rules(Set
*rules
, FILE *f
) {
1024 RoutingPolicyRule
*rule
= NULL
;
1030 SET_FOREACH(rule
, rules
, i
) {
1031 _cleanup_free_
char *from_str
= NULL
, *to_str
= NULL
;
1036 if (!in_addr_is_null(rule
->family
, &rule
->from
)) {
1037 r
= in_addr_to_string(rule
->family
, &rule
->from
, &from_str
);
1041 fprintf(f
, "from=%s/%hhu",
1042 from_str
, rule
->from_prefixlen
);
1046 if (!in_addr_is_null(rule
->family
, &rule
->to
)) {
1047 r
= in_addr_to_string(rule
->family
, &rule
->to
, &to_str
);
1051 fprintf(f
, "%sto=%s/%hhu",
1053 to_str
, rule
->to_prefixlen
);
1057 if (rule
->tos
!= 0) {
1058 fprintf(f
, "%stos=%hhu",
1064 if (rule
->fwmark
!= 0) {
1065 fprintf(f
, "%sfwmark=%"PRIu32
"/%"PRIu32
,
1067 rule
->fwmark
, rule
->fwmask
);
1072 fprintf(f
, "%siif=%s",
1079 fprintf(f
, "%soif=%s",
1085 if (rule
->protocol
!= 0) {
1086 fprintf(f
, "%sprotocol=%hhu",
1092 if (rule
->sport
.start
!= 0 || rule
->sport
.end
!= 0) {
1093 fprintf(f
, "%ssourcesport=%"PRIu16
"-%"PRIu16
,
1095 rule
->sport
.start
, rule
->sport
.end
);
1099 if (rule
->dport
.start
!= 0 || rule
->dport
.end
!= 0) {
1100 fprintf(f
, "%sdestinationport=%"PRIu16
"-%"PRIu16
,
1102 rule
->dport
.start
, rule
->dport
.end
);
1106 fprintf(f
, "%stable=%"PRIu32
"\n",
1114 int routing_policy_load_rules(const char *state_file
, Set
**rules
) {
1115 _cleanup_strv_free_
char **l
= NULL
;
1116 _cleanup_free_
char *data
= NULL
;
1117 uint16_t low
= 0, high
= 0;
1125 r
= routing_policy_rule_read_full_file(state_file
, &data
);
1129 l
= strv_split_newlines(data
);
1133 r
= set_ensure_allocated(rules
, &routing_policy_rule_hash_ops
);
1137 STRV_FOREACH(i
, l
) {
1138 _cleanup_(routing_policy_rule_freep
) RoutingPolicyRule
*rule
= NULL
;
1140 p
= startswith(*i
, "RULE=");
1144 r
= routing_policy_rule_new(&rule
);
1149 _cleanup_free_
char *word
= NULL
, *a
= NULL
, *b
= NULL
;
1151 r
= extract_first_word(&p
, &word
, NULL
, 0);
1157 r
= split_pair(word
, "=", &a
, &b
);
1161 if (STR_IN_SET(a
, "from", "to")) {
1162 union in_addr_union
*buffer
;
1165 if (streq(a
, "to")) {
1167 prefixlen
= &rule
->to_prefixlen
;
1169 buffer
= &rule
->from
;
1170 prefixlen
= &rule
->from_prefixlen
;
1173 r
= in_addr_prefix_from_string_auto(b
, &rule
->family
, buffer
, prefixlen
);
1175 log_error_errno(r
, "RPDB rule prefix is invalid, ignoring assignment: %s", b
);
1179 } else if (streq(a
, "tos")) {
1180 r
= safe_atou8(b
, &rule
->tos
);
1182 log_error_errno(r
, "Failed to parse RPDB rule tos, ignoring: %s", b
);
1185 } else if (streq(a
, "table")) {
1186 r
= safe_atou32(b
, &rule
->table
);
1188 log_error_errno(r
, "Failed to parse RPDB rule table, ignoring: %s", b
);
1191 } else if (streq(a
, "fwmark")) {
1193 r
= parse_fwmark_fwmask(b
, &rule
->fwmark
, &rule
->fwmask
);
1195 log_error_errno(r
, "Failed to parse RPDB rule firewall mark or mask, ignoring: %s", a
);
1198 } else if (streq(a
, "iif")) {
1200 if (free_and_strdup(&rule
->iif
, b
) < 0)
1203 } else if (streq(a
, "oif")) {
1205 if (free_and_strdup(&rule
->oif
, b
) < 0)
1207 } else if (streq(a
, "protocol")) {
1208 r
= safe_atou8(b
, &rule
->protocol
);
1210 log_error_errno(r
, "Failed to parse RPDB rule protocol, ignoring: %s", b
);
1213 } else if (streq(a
, "sourceport")) {
1215 r
= parse_ip_port_range(b
, &low
, &high
);
1217 log_error_errno(r
, "Invalid routing policy rule source port range, ignoring assignment:'%s'", b
);
1221 rule
->sport
.start
= low
;
1222 rule
->sport
.end
= high
;
1224 } else if (streq(a
, "destinationport")) {
1226 r
= parse_ip_port_range(b
, &low
, &high
);
1228 log_error_errno(r
, "Invalid routing policy rule destination port range, ignoring assignment:'%s'", b
);
1232 rule
->dport
.start
= low
;
1233 rule
->dport
.end
= high
;
1237 r
= set_put(*rules
, rule
);
1239 log_warning_errno(r
, "Failed to add RPDB rule to saved DB, ignoring: %s", p
);
1249 void routing_policy_rule_purge(Manager
*m
, Link
*link
) {
1250 RoutingPolicyRule
*rule
, *existing
;
1257 SET_FOREACH(rule
, m
->rules_saved
, i
) {
1258 existing
= set_get(m
->rules_foreign
, rule
);
1261 r
= routing_policy_rule_remove(rule
, link
, NULL
);
1263 log_warning_errno(r
, "Could not remove routing policy rules: %m");
1267 link
->routing_policy_rule_remove_messages
++;