return r;
}
-static void routing_policy_rule_purge(Manager *m) {
- RoutingPolicyRule *rule;
- int r;
-
- assert(m);
-
- SET_FOREACH(rule, m->rules_saved) {
- RoutingPolicyRule *existing;
-
- existing = set_get(m->rules_foreign, rule);
- if (!existing)
- continue; /* Saved rule does not exist anymore. */
-
- if (links_have_routing_policy_rule(m, existing, NULL))
- continue; /* Existing links have the saved rule. */
-
- /* Existing links do not have the saved rule. Let's drop the rule now, and re-configure it
- * later when it is requested. */
-
- r = routing_policy_rule_remove(existing, m);
- if (r < 0) {
- log_warning_errno(r, "Could not remove routing policy rules: %m");
- continue;
- }
-
- assert_se(set_remove(m->rules_foreign, existing) == existing);
- routing_policy_rule_free(existing);
- }
-}
-
int link_set_routing_policy_rules(Link *link) {
RoutingPolicyRule *rule;
int r;
return log_link_warning_errno(link, r, "Could not set routing policy rule: %m");
}
- routing_policy_rule_purge(link->manager);
if (link->routing_policy_rule_messages == 0)
link->routing_policy_rules_configured = true;
else {
if (routing_policy_rule_section_verify(rule) < 0)
routing_policy_rule_free(rule);
}
-
-int routing_policy_serialize_rules(Set *rules, FILE *f) {
- RoutingPolicyRule *rule;
- int r;
-
- assert(f);
-
- SET_FOREACH(rule, rules) {
- const char *family_str;
- bool space = false;
-
- fputs("RULE=", f);
-
- family_str = af_to_name(rule->family);
- if (family_str) {
- fprintf(f, "family=%s",
- family_str);
- space = true;
- }
-
- if (!in_addr_is_null(rule->family, &rule->from)) {
- _cleanup_free_ char *str = NULL;
-
- r = in_addr_to_string(rule->family, &rule->from, &str);
- if (r < 0)
- return r;
-
- fprintf(f, "%sfrom=%s/%hhu",
- space ? " " : "",
- str, rule->from_prefixlen);
- space = true;
- }
-
- if (!in_addr_is_null(rule->family, &rule->to)) {
- _cleanup_free_ char *str = NULL;
-
- r = in_addr_to_string(rule->family, &rule->to, &str);
- if (r < 0)
- return r;
-
- fprintf(f, "%sto=%s/%hhu",
- space ? " " : "",
- str, rule->to_prefixlen);
- space = true;
- }
-
- if (rule->tos != 0) {
- fprintf(f, "%stos=%hhu",
- space ? " " : "",
- rule->tos);
- space = true;
- }
-
- if (rule->type != 0) {
- fprintf(f, "%stype=%hhu",
- space ? " " : "",
- rule->type);
- space = true;
- }
-
- if (rule->priority != 0) {
- fprintf(f, "%spriority=%"PRIu32,
- space ? " " : "",
- rule->priority);
- space = true;
- }
-
- if (rule->fwmark != 0) {
- fprintf(f, "%sfwmark=%"PRIu32,
- space ? " " : "",
- rule->fwmark);
- if (rule->fwmask != UINT32_MAX)
- fprintf(f, "/%"PRIu32, rule->fwmask);
- space = true;
- }
-
- if (rule->iif) {
- fprintf(f, "%siif=%s",
- space ? " " : "",
- rule->iif);
- space = true;
- }
-
- if (rule->oif) {
- fprintf(f, "%soif=%s",
- space ? " " : "",
- rule->oif);
- space = true;
- }
-
- if (rule->ipproto != 0) {
- fprintf(f, "%sipproto=%hhu",
- space ? " " : "",
- rule->ipproto);
- space = true;
- }
-
- if (rule->sport.start != 0 || rule->sport.end != 0) {
- fprintf(f, "%ssourcesport=%"PRIu16"-%"PRIu16,
- space ? " " : "",
- rule->sport.start, rule->sport.end);
- space = true;
- }
-
- if (rule->dport.start != 0 || rule->dport.end != 0) {
- fprintf(f, "%sdestinationport=%"PRIu16"-%"PRIu16,
- space ? " " : "",
- rule->dport.start, rule->dport.end);
- space = true;
- }
-
- if (rule->uid_range.start != UID_INVALID && rule->uid_range.end != UID_INVALID) {
- assert_cc(sizeof(uid_t) == sizeof(uint32_t));
- fprintf(f, "%suidrange="UID_FMT"-"UID_FMT,
- space ? " " : "",
- rule->uid_range.start, rule->uid_range.end);
- space = true;
- }
-
- if (rule->suppress_prefixlen >= 0) {
- fprintf(f, "%ssuppress_prefixlen=%d",
- space ? " " : "",
- rule->suppress_prefixlen);
- space = true;
- }
-
- fprintf(f, "%sinvert_rule=%s table=%"PRIu32"\n",
- space ? " " : "",
- yes_no(rule->invert_rule),
- rule->table);
- }
-
- return 0;
-}
-
-static int routing_policy_rule_read_full_file(const char *state_file, char ***ret) {
- _cleanup_strv_free_ char **lines = NULL;
- _cleanup_free_ char *s = NULL;
- int r;
-
- assert(state_file);
-
- r = read_full_file(state_file, &s, NULL);
- if (r == -ENOENT) {
- *ret = NULL;
- return 0;
- }
- if (r < 0)
- return r;
-
- lines = strv_split_newlines(s);
- if (!lines)
- return -ENOMEM;
-
- *ret = TAKE_PTR(lines);
- return 0;
-}
-
-int routing_policy_load_rules(const char *state_file, Set **rules) {
- _cleanup_strv_free_ char **data = NULL;
- char **i;
- int r;
-
- assert(state_file);
- assert(rules);
-
- r = routing_policy_rule_read_full_file(state_file, &data);
- if (r < 0)
- return log_warning_errno(r, "Failed to read %s, ignoring: %m", state_file);
-
- STRV_FOREACH(i, data) {
- _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *rule = NULL;
- const char *p;
-
- p = startswith(*i, "RULE=");
- if (!p)
- continue;
-
- r = routing_policy_rule_new(&rule);
- if (r < 0)
- return log_oom();
-
- for (;;) {
- _cleanup_free_ char *a = NULL;
- char *b;
-
- r = extract_first_word(&p, &a, NULL, 0);
- if (r < 0)
- return log_oom();
- if (r == 0)
- break;
-
- b = strchr(a, '=');
- if (!b) {
- log_warning_errno(r, "Failed to parse RPDB rule, ignoring: %s", a);
- continue;
- }
- *b++ = '\0';
-
- if (streq(a, "family")) {
- r = af_from_name(b);
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule family, ignoring: %s", b);
- continue;
- }
- if (rule->family != AF_UNSPEC && rule->family != r) {
- log_warning("RPDB rule family is already specified, ignoring assignment: %s", b);
- continue;
- }
- rule->family = r;
- } else if (STR_IN_SET(a, "from", "to")) {
- union in_addr_union *buffer;
- uint8_t *prefixlen;
-
- if (streq(a, "to")) {
- buffer = &rule->to;
- prefixlen = &rule->to_prefixlen;
- } else {
- buffer = &rule->from;
- prefixlen = &rule->from_prefixlen;
- }
-
- if (rule->family == AF_UNSPEC)
- r = in_addr_prefix_from_string_auto(b, &rule->family, buffer, prefixlen);
- else
- r = in_addr_prefix_from_string(b, rule->family, buffer, prefixlen);
- if (r < 0) {
- log_warning_errno(r, "RPDB rule prefix is invalid, ignoring assignment: %s", b);
- continue;
- }
- } else if (streq(a, "tos")) {
- r = safe_atou8(b, &rule->tos);
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule TOS, ignoring: %s", b);
- continue;
- }
- } else if (streq(a, "type")) {
- r = safe_atou8(b, &rule->type);
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule type, ignoring: %s", b);
- continue;
- }
- } else if (streq(a, "table")) {
- r = safe_atou32(b, &rule->table);
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule table, ignoring: %s", b);
- continue;
- }
- } else if (streq(a, "priority")) {
- r = safe_atou32(b, &rule->priority);
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule priority, ignoring: %s", b);
- continue;
- }
- } else if (streq(a, "fwmark")) {
- r = parse_fwmark_fwmask(b, &rule->fwmark, &rule->fwmask);
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule firewall mark or mask, ignoring: %s", a);
- continue;
- }
- } else if (streq(a, "iif")) {
- if (free_and_strdup(&rule->iif, b) < 0)
- return log_oom();
-
- } else if (streq(a, "oif")) {
-
- if (free_and_strdup(&rule->oif, b) < 0)
- return log_oom();
- } else if (streq(a, "ipproto")) {
- r = safe_atou8(b, &rule->ipproto);
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule IP protocol, ignoring: %s", b);
- continue;
- }
- } else if (streq(a, "sourceport")) {
- uint16_t low, high;
-
- r = parse_ip_port_range(b, &low, &high);
- if (r < 0) {
- log_warning_errno(r, "Invalid routing policy rule source port range, ignoring assignment: '%s'", b);
- continue;
- }
-
- rule->sport.start = low;
- rule->sport.end = high;
- } else if (streq(a, "destinationport")) {
- uint16_t low, high;
-
- r = parse_ip_port_range(b, &low, &high);
- if (r < 0) {
- log_warning_errno(r, "Invalid routing policy rule destination port range, ignoring assignment: '%s'", b);
- continue;
- }
-
- rule->dport.start = low;
- rule->dport.end = high;
- } else if (streq(a, "uidrange")) {
- uid_t lower, upper;
-
- r = parse_uid_range(b, &lower, &upper);
- if (r < 0) {
- log_warning_errno(r, "Invalid routing policy rule uid range, ignoring assignment: '%s'", b);
- continue;
- }
-
- rule->uid_range.start = lower;
- rule->uid_range.end = upper;
- } else if (streq(a, "suppress_prefixlen")) {
- r = parse_ip_prefix_length(b, &rule->suppress_prefixlen);
- if (r == -ERANGE) {
- log_warning_errno(r, "Prefix length outside of valid range 0-128, ignoring: %s", b);
- continue;
- }
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule suppress_prefixlen, ignoring: %s", b);
- continue;
- }
- } else if (streq(a, "invert_rule")) {
- r = parse_boolean(b);
- if (r < 0) {
- log_warning_errno(r, "Failed to parse RPDB rule invert_rule, ignoring: %s", b);
- continue;
- }
- rule->invert_rule = r;
- } else
- log_warning("Unknown RPDB rule, ignoring: %s", a);
- }
-
- r = set_ensure_put(rules, &routing_policy_rule_hash_ops, rule);
- if (r < 0) {
- log_warning_errno(r, "Failed to add RPDB rule to saved DB, ignoring: %s", *i);
- continue;
- }
- if (r > 0)
- rule = NULL;
- }
-
- return 0;
-}
+++ /dev/null
-/* SPDX-License-Identifier: LGPL-2.1-or-later */
-
-#include "fd-util.h"
-#include "fileio.h"
-#include "networkd-routing-policy-rule.h"
-#include "string-util.h"
-#include "tests.h"
-#include "tmpfile-util.h"
-
-static void test_rule_serialization(const char *title, const char *ruleset, const char *expected) {
- char pattern[] = "/tmp/systemd-test-routing-policy-rule.XXXXXX",
- pattern2[] = "/tmp/systemd-test-routing-policy-rule.XXXXXX",
- pattern3[] = "/tmp/systemd-test-routing-policy-rule.XXXXXX";
- const char *cmd;
- int fd, fd2, fd3;
- _cleanup_fclose_ FILE *f = NULL, *f2 = NULL, *f3 = NULL;
- Set *rules = NULL;
- _cleanup_free_ char *buf = NULL;
- size_t buf_size;
-
- log_info("========== %s ==========", title);
- log_info("put:\n%s\n", ruleset);
-
- fd = mkostemp_safe(pattern);
- assert_se(fd >= 0);
- assert_se(f = fdopen(fd, "a+"));
- assert_se(write_string_stream(f, ruleset, 0) == 0);
-
- assert_se(routing_policy_load_rules(pattern, &rules) == 0);
-
- fd2 = mkostemp_safe(pattern2);
- assert_se(fd2 >= 0);
- assert_se(f2 = fdopen(fd2, "a+"));
-
- assert_se(routing_policy_serialize_rules(rules, f2) == 0);
- assert_se(fflush_and_check(f2) == 0);
-
- assert_se(read_full_file(pattern2, &buf, &buf_size) == 0);
-
- log_info("got:\n%s", buf);
-
- fd3 = mkostemp_safe(pattern3);
- assert_se(fd3 >= 0);
- assert_se(f3 = fdopen(fd3, "w"));
- assert_se(write_string_stream(f3, expected ?: ruleset, 0) == 0);
-
- cmd = strjoina("diff -u ", pattern3, " ", pattern2);
- log_info("$ %s", cmd);
- assert_se(system(cmd) == 0);
-
- set_free(rules);
-}
-
-int main(int argc, char **argv) {
- _cleanup_free_ char *p = NULL;
-
- test_setup_logging(LOG_DEBUG);
-
- test_rule_serialization("basic parsing",
- "RULE=family=AF_INET from=1.2.3.4/32 to=2.3.4.5/32 tos=5 type=1 priority=10 fwmark=1/2 invert_rule=yes table=10", NULL);
-
- test_rule_serialization("ignored values",
- "RULE=something=to=ignore from=1.2.3.4/32 from=1.2.3.4/32"
- " \t to=2.3.4.5/24 to=2.3.4.5/32 tos=5 type=1 fwmark=2 fwmark=1 table=10 table=20",
- "RULE=family=AF_INET from=1.2.3.4/32 to=2.3.4.5/32 tos=5 type=1 fwmark=1 invert_rule=no table=20");
-
- test_rule_serialization("ipv6",
- "RULE=family=AF_INET6 from=1::2/64 to=2::3/64 type=1 invert_rule=yes table=6", NULL);
-
- assert_se(asprintf(&p, "RULE=family=AF_INET6 from=1::2/64 to=2::3/64 type=1 invert_rule=no table=%d", RT_TABLE_MAIN) >= 0);
- test_rule_serialization("default table",
- "RULE=from=1::2/64 to=2::3/64", p);
-
- test_rule_serialization("incoming interface",
- "RULE=from=1::2/64 to=2::3/64 table=1 iif=lo",
- "RULE=family=AF_INET6 from=1::2/64 to=2::3/64 type=1 iif=lo invert_rule=no table=1");
-
- test_rule_serialization("outgoing interface",
- "RULE=family=AF_INET6 from=1::2/64 to=2::3/64 type=1 oif=eth0 invert_rule=no table=1", NULL);
-
- test_rule_serialization("freeing interface names",
- "RULE=from=1::2/64 to=2::3/64 family=AF_INET6 type=1 iif=e0 iif=e1 oif=e0 oif=e1 table=1",
- "RULE=family=AF_INET6 from=1::2/64 to=2::3/64 type=1 iif=e1 oif=e1 invert_rule=no table=1");
-
- test_rule_serialization("ignoring invalid family",
- "RULE=from=1::2/64 to=2::3/64 family=AF_UNSEPC family=AF_INET table=1",
- "RULE=family=AF_INET6 from=1::2/64 to=2::3/64 type=1 invert_rule=no table=1");
-
- return 0;
-}
projects / thirdparty / systemd.git / commitdiff
