#include "netlink-util.h"
#include "networkd-manager.h"
#include "parse-util.h"
+#include "socket-protocol-list.h"
#include "socket-util.h"
#include "string-util.h"
+#include "strv.h"
int routing_policy_rule_new(RoutingPolicyRule **ret) {
RoutingPolicyRule *rule;
- rule = new0(RoutingPolicyRule, 1);
+ rule = new(RoutingPolicyRule, 1);
if (!rule)
return -ENOMEM;
- rule->family = AF_INET;
- rule->table = RT_TABLE_MAIN;
+ *rule = (RoutingPolicyRule) {
+ .family = AF_INET,
+ .table = RT_TABLE_MAIN,
+ };
*ret = rule;
return 0;
assert(rule->network->n_rules > 0);
rule->network->n_rules--;
- if (rule->section) {
+ if (rule->section)
hashmap_remove(rule->network->rules_by_section, rule->section);
- network_config_section_free(rule->section);
- }
-
}
if (rule->manager) {
set_remove(rule->manager->rules_foreign, rule);
}
+ network_config_section_free(rule->section);
free(rule->iif);
free(rule->oif);
free(rule);
siphash24_compress(&rule->fwmark, sizeof(rule->fwmark), state);
siphash24_compress(&rule->table, sizeof(rule->table), state);
+ siphash24_compress(&rule->protocol, sizeof(rule->protocol), state);
+ siphash24_compress(&rule->sport, sizeof(rule->sport), state);
+ siphash24_compress(&rule->dport, sizeof(rule->dport), state);
+
if (rule->iif)
- siphash24_compress(&rule->iif, strlen(rule->iif), state);
+ siphash24_compress(rule->iif, strlen(rule->iif), state);
if (rule->oif)
- siphash24_compress(&rule->oif, strlen(rule->oif), state);
+ siphash24_compress(rule->oif, strlen(rule->oif), state);
break;
default:
if (!r)
return r;
+ r = CMP(a->protocol, b->protocol);
+ if (r != 0)
+ return r;
+
+ r = memcmp(&a->sport, &b->sport, sizeof(a->sport));
+ if (r != 0)
+ return r;
+
+ r = memcmp(&a->dport, &b->dport, sizeof(a->dport));
+ if (r != 0)
+ return r;
+
r = memcmp(&a->from, &b->from, FAMILY_ADDRESS_SIZE(a->family));
if (r != 0)
return r;
uint8_t tos,
uint32_t fwmark,
uint32_t table,
- char *iif,
- char *oif,
+ const char *iif,
+ const char *oif,
+ uint8_t protocol,
+ struct fib_rule_port_range *sport,
+ struct fib_rule_port_range *dport,
RoutingPolicyRule **ret) {
RoutingPolicyRule rule, *existing;
.tos = tos,
.fwmark = fwmark,
.table = table,
- .iif = iif,
- .oif = oif
+ .iif = (char*) iif,
+ .oif = (char*) oif,
+ .protocol = protocol,
+ .sport = *sport,
+ .dport = *dport,
};
- if (m->rules) {
- existing = set_get(m->rules, &rule);
- if (existing) {
- if (ret)
- *ret = existing;
- return 1;
- }
+ existing = set_get(m->rules, &rule);
+ if (existing) {
+ if (ret)
+ *ret = existing;
+ return 1;
}
- if (m->rules_foreign) {
- existing = set_get(m->rules_foreign, &rule);
- if (existing) {
- if (ret)
- *ret = existing;
- return 1;
- }
+ existing = set_get(m->rules_foreign, &rule);
+ if (existing) {
+ if (ret)
+ *ret = existing;
+ return 0;
}
return -ENOENT;
uint8_t tos,
uint32_t fwmark,
uint32_t table,
- char *iif,
- char *oif,
+ const char *_iif,
+ const char *_oif,
+ uint8_t protocol,
+ const struct fib_rule_port_range *sport,
+ const struct fib_rule_port_range *dport,
RoutingPolicyRule **ret) {
_cleanup_(routing_policy_rule_freep) RoutingPolicyRule *rule = NULL;
+ _cleanup_free_ char *iif = NULL, *oif = NULL;
int r;
assert_return(rules, -EINVAL);
+ if (_iif) {
+ iif = strdup(_iif);
+ if (!iif)
+ return -ENOMEM;
+ }
+
+ if (_oif) {
+ oif = strdup(_oif);
+ if (!oif)
+ return -ENOMEM;
+ }
+
r = routing_policy_rule_new(&rule);
if (r < 0)
return r;
rule->table = table;
rule->iif = iif;
rule->oif = oif;
+ rule->protocol = protocol;
+ rule->sport = *sport;
+ rule->dport = *dport;
r = set_ensure_allocated(rules, &routing_policy_rule_hash_ops);
if (r < 0)
*ret = rule;
rule = NULL;
+ iif = oif = NULL;
return 0;
}
uint8_t tos,
uint32_t fwmark,
uint32_t table,
- char *iif,
- char *oif,
+ const char *iif,
+ const char *oif,
+ uint8_t protocol,
+ const struct fib_rule_port_range *sport,
+ const struct fib_rule_port_range *dport,
RoutingPolicyRule **ret) {
- return routing_policy_rule_add_internal(m, &m->rules, family, from, from_prefixlen, to, to_prefixlen, tos, fwmark, table, iif, oif, ret);
+ return routing_policy_rule_add_internal(m, &m->rules, family, from, from_prefixlen, to, to_prefixlen, tos, fwmark, table, iif, oif, protocol, sport, dport, ret);
}
int routing_policy_rule_add_foreign(Manager *m,
uint8_t tos,
uint32_t fwmark,
uint32_t table,
- char *iif,
- char *oif,
+ const char *iif,
+ const char *oif,
+ uint8_t protocol,
+ const struct fib_rule_port_range *sport,
+ const struct fib_rule_port_range *dport,
RoutingPolicyRule **ret) {
- return routing_policy_rule_add_internal(m, &m->rules_foreign, family, from, from_prefixlen, to, to_prefixlen, tos, fwmark, table, iif, oif, ret);
+ return routing_policy_rule_add_internal(m, &m->rules_foreign, family, from, from_prefixlen, to, to_prefixlen, tos, fwmark, table, iif, oif, protocol, sport, dport, ret);
}
static int routing_policy_rule_remove_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
- _cleanup_(link_unrefp) Link *link = userdata;
+ Link *link = userdata;
int r;
assert(m);
return log_error_errno(r, "Could not set destination prefix length: %m");
}
- r = sd_netlink_call_async(link->manager->rtnl, m, callback, link, 0, NULL);
+ r = sd_netlink_call_async(link->manager->rtnl, NULL, m, callback,
+ link_netlink_destroy_callback, link, 0, __func__);
if (r < 0)
return log_error_errno(r, "Could not send rtnetlink message: %m");
assert(ret);
assert(!!filename == (section_line > 0));
- r = network_config_section_new(filename, section_line, &n);
- if (r < 0)
- return r;
+ if (filename) {
+ r = network_config_section_new(filename, section_line, &n);
+ if (r < 0)
+ return r;
- rule = hashmap_get(network->rules_by_section, n);
- if (rule) {
- *ret = TAKE_PTR(rule);
+ rule = hashmap_get(network->rules_by_section, n);
+ if (rule) {
+ *ret = TAKE_PTR(rule);
- return 0;
+ return 0;
+ }
}
r = routing_policy_rule_new(&rule);
if (r < 0)
return r;
- rule->section = n;
rule->network = network;
- n = NULL;
-
- r = hashmap_put(network->rules_by_section, rule->section, rule);
- if (r < 0)
- return r;
-
LIST_APPEND(rules, network->rules, rule);
network->n_rules++;
+ if (filename) {
+ rule->section = TAKE_PTR(n);
+
+ r = hashmap_ensure_allocated(&network->rules_by_section, &network_config_hash_ops);
+ if (r < 0)
+ return r;
+
+ r = hashmap_put(network->rules_by_section, rule->section, rule);
+ if (r < 0)
+ return r;
+ }
+
*ret = TAKE_PTR(rule);
return 0;
}
int link_routing_policy_rule_handler(sd_netlink *rtnl, sd_netlink_message *m, void *userdata) {
- _cleanup_(link_unrefp) Link *link = userdata;
+ Link *link = userdata;
int r;
assert(rtnl);
return log_error_errno(r, "Could not append FRA_OIFNAME attribute: %m");
}
+ r = sd_netlink_message_append_u8(m, FRA_IP_PROTO, rule->protocol);
+ if (r < 0)
+ return log_error_errno(r, "Could not append FRA_IP_PROTO attribute: %m");
+
+ if (rule->sport.start != 0 || rule->sport.end != 0) {
+ r = sd_netlink_message_append_data(m, FRA_SPORT_RANGE, &rule->sport, sizeof(rule->sport));
+ if (r < 0)
+ return log_error_errno(r, "Could not append FRA_SPORT_RANGE attribute: %m");
+ }
+
+ if (rule->dport.start != 0 || rule->dport.end != 0) {
+ r = sd_netlink_message_append_data(m, FRA_DPORT_RANGE, &rule->dport, sizeof(rule->dport));
+ if (r < 0)
+ return log_error_errno(r, "Could not append FRA_DPORT_RANGE attribute: %m");
+ }
+
rule->link = link;
- r = sd_netlink_call_async(link->manager->rtnl, m, callback, link, 0, NULL);
+ r = sd_netlink_call_async(link->manager->rtnl, NULL, m, callback,
+ link_netlink_destroy_callback, link, 0, __func__);
if (r < 0)
return log_error_errno(r, "Could not send rtnetlink message: %m");
link_ref(link);
r = routing_policy_rule_add(link->manager, rule->family, &rule->from, rule->from_prefixlen, &rule->to,
- rule->to_prefixlen, rule->tos, rule->fwmark, rule->table, rule->iif, rule->oif, NULL);
+ rule->to_prefixlen, rule->tos, rule->fwmark, rule->table, rule->iif, rule->oif, rule->protocol, &rule->sport, &rule->dport, NULL);
if (r < 0)
- return log_error_errno(r, "Could not add rule : %m");
+ return log_error_errno(r, "Could not add rule: %m");
return 0;
}
return 0;
}
+int config_parse_routing_policy_rule_port_range(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL;
+ Network *network = userdata;
+ uint16_t low, high;
+ int r;
+
+ assert(filename);
+ assert(section);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ r = routing_policy_rule_new_static(network, filename, section_line, &n);
+ if (r < 0)
+ return r;
+
+ r = parse_ip_port_range(rvalue, &low, &high);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse routing policy rule port range '%s'", rvalue);
+ return 0;
+ }
+
+ if (streq(lvalue, "SourcePort")) {
+ n->sport.start = low;
+ n->sport.end = high;
+ } else {
+ n->dport.start = low;
+ n->dport.end = high;
+ }
+
+ n = NULL;
+
+ return 0;
+}
+
+int config_parse_routing_policy_rule_protocol(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL;
+ Network *network = userdata;
+ int r;
+
+ assert(filename);
+ assert(section);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ r = routing_policy_rule_new_static(network, filename, section_line, &n);
+ if (r < 0)
+ return r;
+
+ r = socket_protocol_from_name(rvalue);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse routing policy rule protocol, ignoring: %s", rvalue);
+ return 0;
+ }
+
+ if (!IN_SET(r, IPPROTO_TCP, IPPROTO_UDP, IPPROTO_SCTP)) {
+ log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid protocol '%s'. Protocol should be tcp/udp/sctp, ignoring", rvalue);
+ return 0;
+ }
+
+ n->protocol = r;
+
+ n = NULL;
+
+ return 0;
+}
+
static int routing_policy_rule_read_full_file(const char *state_file, char **ret) {
_cleanup_free_ char *s = NULL;
size_t size;
space = true;
}
+ if (rule->protocol != 0) {
+ fprintf(f, "%sprotocol=%hhu",
+ space ? " " : "",
+ rule->protocol);
+ space = true;
+ }
+
+ if (rule->sport.start != 0 || rule->sport.end != 0) {
+ fprintf(f, "%ssourcesport=%"PRIu16"-%"PRIu16,
+ space ? " " : "",
+ rule->sport.start, rule->sport.end);
+ space = true;
+ }
+
+ if (rule->dport.start != 0 || rule->dport.end != 0) {
+ fprintf(f, "%sdestinationport=%"PRIu16"-%"PRIu16,
+ space ? " " : "",
+ rule->dport.start, rule->dport.end);
+ space = true;
+ }
+
fprintf(f, "%stable=%"PRIu32 "\n",
space ? " " : "",
rule->table);
int routing_policy_load_rules(const char *state_file, Set **rules) {
_cleanup_strv_free_ char **l = NULL;
_cleanup_free_ char *data = NULL;
+ uint16_t low = 0, high = 0;
const char *p;
char **i;
int r;
if (free_and_strdup(&rule->oif, b) < 0)
return log_oom();
+ } else if (streq(a, "protocol")) {
+ r = safe_atou8(b, &rule->protocol);
+ if (r < 0) {
+ log_error_errno(r, "Failed to parse RPDB rule protocol, ignoring: %s", b);
+ continue;
+ }
+ } else if (streq(a, "sourceport")) {
+
+ r = parse_ip_port_range(b, &low, &high);
+ if (r < 0) {
+ log_error_errno(r, "Invalid routing policy rule source port range, ignoring assignment:'%s'", b);
+ continue;
+ }
+
+ rule->sport.start = low;
+ rule->sport.end = high;
+
+ } else if (streq(a, "destinationport")) {
+
+ r = parse_ip_port_range(b, &low, &high);
+ if (r < 0) {
+ log_error_errno(r, "Invalid routing policy rule destination port range, ignoring assignment:'%s'", b);
+ continue;
+ }
+
+ rule->dport.start = low;
+ rule->dport.end = high;
}
}