This also adds GoTo= to specify the target priority of goto rule.
Note, table was the default but could not be specified in Type=.
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>GoTo=</varname></term>
+ <listitem>
+ <para>Specifies the target priority used by <literal>goto</literal> type of rule. Takes an integer
+ in the range 1…4294967295. This must be larger than the priority of this rule specified in
+ <varname>Priority=</varname>. When specified, <varname>Type=goto</varname> is implied. This is
+ mandatory when <varname>Type=goto</varname>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v257"/>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>IncomingInterface=</varname></term>
<listitem>
<term><varname>Type=</varname></term>
<listitem>
<para>Specifies Routing Policy Database (RPDB) rule type. Takes one of
- <literal>blackhole</literal>, <literal>unreachable</literal> or <literal>prohibit</literal>.
- </para>
+ <literal>table</literal>, <literal>goto</literal>, <literal>nop</literal>,
+ <literal>blackhole</literal>, <literal>unreachable</literal>, or <literal>prohibit</literal>.
+ When <literal>goto</literal>, the target priority must be specified in <varname>GoTo=</varname>.
+ Defaults to <literal>table</literal>.</para>
<xi:include href="version-info.xml" xpointer="v248"/>
</listitem>
SD_JSON_BUILD_PAIR_STRING("ProtocolString", protocol),
SD_JSON_BUILD_PAIR_UNSIGNED("TOS", rule->tos),
SD_JSON_BUILD_PAIR_UNSIGNED("Type", rule->type),
- SD_JSON_BUILD_PAIR_STRING("TypeString", fr_act_type_full_to_string(rule->type)),
+ SD_JSON_BUILD_PAIR_STRING("TypeString", fr_act_type_to_string(rule->type)),
SD_JSON_BUILD_PAIR_UNSIGNED("IPProtocol", rule->ipproto),
SD_JSON_BUILD_PAIR_STRING("IPProtocolString", ip_protocol_to_name(rule->ipproto)),
SD_JSON_BUILD_PAIR_UNSIGNED("Priority", rule->priority),
Neighbor.MACAddress, config_parse_neighbor_lladdr, 0, 0 /* deprecated */
RoutingPolicyRule.TypeOfService, config_parse_routing_policy_rule_tos, 0, 0
RoutingPolicyRule.Priority, config_parse_routing_policy_rule_priority, 0, 0
+RoutingPolicyRule.GoTo, config_parse_routing_policy_rule_goto, 0, 0
RoutingPolicyRule.Table, config_parse_routing_policy_rule_table, 0, 0
RoutingPolicyRule.FirewallMark, config_parse_routing_policy_rule_fwmark_mask, 0, 0
RoutingPolicyRule.From, config_parse_routing_policy_rule_prefix, 0, 0
#include "user-util.h"
static const char *const fr_act_type_table[__FR_ACT_MAX] = {
- [FR_ACT_BLACKHOLE] = "blackhole",
- [FR_ACT_UNREACHABLE] = "unreachable",
- [FR_ACT_PROHIBIT] = "prohibit",
-};
-
-static const char *const fr_act_type_full_table[__FR_ACT_MAX] = {
[FR_ACT_TO_TBL] = "table",
[FR_ACT_GOTO] = "goto",
[FR_ACT_NOP] = "nop",
};
assert_cc(__FR_ACT_MAX <= UINT8_MAX);
-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(fr_act_type, int);
-DEFINE_STRING_TABLE_LOOKUP_TO_STRING(fr_act_type_full, int);
+DEFINE_STRING_TABLE_LOOKUP(fr_act_type, int);
static RoutingPolicyRule* routing_policy_rule_detach_impl(RoutingPolicyRule *rule) {
assert(rule);
return r;
}
- for (priority = 32765; priority > 0; priority--)
+ /* priority must be smaller than goto target */
+ for (priority = rule->type == FR_ACT_GOTO ? rule->priority_goto - 1 : 32765; priority > 0; priority--)
if (!set_contains(priorities, UINT32_TO_PTR(priority)))
break;
return 0;
}
+int config_parse_routing_policy_rule_goto(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ _cleanup_(routing_policy_rule_unref_or_set_invalidp) RoutingPolicyRule *n = NULL;
+ Network *network = ASSERT_PTR(userdata);
+ uint32_t priority;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+
+ r = routing_policy_rule_new_static(network, filename, section_line, &n);
+ if (r < 0)
+ return log_oom();
+
+ r = safe_atou32(rvalue, &priority);
+ if (r < 0) {
+ log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to parse %s=%s, ignoring assignment: %m", lvalue, rvalue);
+ return 0;
+ }
+ if (priority <= 0) {
+ log_syntax(unit, LOG_WARNING, filename, line, 0, "Invalid goto target priority, ignoring assignment.");
+ return 0;
+ }
+
+ n->type = FR_ACT_GOTO;
+ n->priority_goto = priority;
+
+ TAKE_PTR(n);
+ return 0;
+}
+
int config_parse_routing_policy_rule_table(
const char *unit,
const char *filename,
if (rule->l3mdev)
rule->table = RT_TABLE_UNSPEC;
+ if (rule->type == FR_ACT_GOTO) {
+ if (rule->priority_goto <= 0)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "%s: Type=goto is specified but the target priority GoTo= is unspecified. "
+ "Ignoring [RoutingPolicyRule] section from line %u.",
+ rule->section->filename,
+ rule->section->line);
+
+ if (rule->priority_set && rule->priority >= rule->priority_goto)
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+ "%s: goto target priority %"PRIu32" must be larger than the priority of this rule %"PRIu32". "
+ "Ignoring [RoutingPolicyRule] section from line %u.",
+ rule->section->filename,
+ rule->priority_goto, rule->priority,
+ rule->section->line);
+ }
+
return 0;
}
struct fib_rule_port_range dport; /* FRA_DPORT_RANGE */
} RoutingPolicyRule;
-const char* fr_act_type_full_to_string(int t) _const_;
+int fr_act_type_from_string(const char *s) _pure_;
+const char* fr_act_type_to_string(int t) _const_;
RoutingPolicyRule* routing_policy_rule_ref(RoutingPolicyRule *rule);
RoutingPolicyRule* routing_policy_rule_unref(RoutingPolicyRule *rule);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_fwmark_mask);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_prefix);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_priority);
+CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_goto);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_device);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_l3mdev);
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_port_range);
projects / thirdparty / systemd.git / commitdiff
