|
Packit |
c5a612 |
/*
|
|
Packit |
c5a612 |
* Routing expression related definition and types.
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* Copyright (c) 2016 Anders K. Pedersen <akp@cohaesio.com>
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* This program is free software; you can redistribute it and/or modify
|
|
Packit |
c5a612 |
* it under the terms of the GNU General Public License version 2 as
|
|
Packit |
c5a612 |
* published by the Free Software Foundation.
|
|
Packit |
c5a612 |
*/
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#include <errno.h>
|
|
Packit |
c5a612 |
#include <stddef.h>
|
|
Packit |
c5a612 |
#include <stdlib.h>
|
|
Packit |
c5a612 |
#include <stdio.h>
|
|
Packit |
c5a612 |
#include <stdint.h>
|
|
Packit |
c5a612 |
#include <string.h>
|
|
Packit |
c5a612 |
#include <arpa/inet.h>
|
|
Packit |
c5a612 |
#include <linux/netfilter.h>
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#include <nftables.h>
|
|
Packit |
c5a612 |
#include <expression.h>
|
|
Packit |
c5a612 |
#include <datatype.h>
|
|
Packit |
c5a612 |
#include <rt.h>
|
|
Packit |
c5a612 |
#include <rule.h>
|
|
Packit |
c5a612 |
#include <json.h>
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
void realm_table_rt_init(struct nft_ctx *ctx)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
ctx->output.tbl.realm = rt_symbol_table_init("/etc/iproute2/rt_realms");
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
void realm_table_rt_exit(struct nft_ctx *ctx)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
rt_symbol_table_free(ctx->output.tbl.realm);
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
static void realm_type_print(const struct expr *expr, struct output_ctx *octx)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
return symbolic_constant_print(octx->tbl.realm, expr, true, octx);
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
static struct error_record *realm_type_parse(struct parse_ctx *ctx,
|
|
Packit |
c5a612 |
const struct expr *sym,
|
|
Packit |
c5a612 |
struct expr **res)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
return symbolic_constant_parse(ctx, sym, ctx->tbl->realm, res);
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
const struct datatype realm_type = {
|
|
Packit |
c5a612 |
.type = TYPE_REALM,
|
|
Packit |
c5a612 |
.name = "realm",
|
|
Packit |
c5a612 |
.desc = "routing realm",
|
|
Packit |
c5a612 |
.byteorder = BYTEORDER_HOST_ENDIAN,
|
|
Packit |
c5a612 |
.size = 4 * BITS_PER_BYTE,
|
|
Packit |
c5a612 |
.basetype = &integer_type,
|
|
Packit |
c5a612 |
.print = realm_type_print,
|
|
Packit |
c5a612 |
.parse = realm_type_parse,
|
|
Packit |
c5a612 |
.flags = DTYPE_F_PREFIX,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
const struct rt_template rt_templates[] = {
|
|
Packit |
c5a612 |
[NFT_RT_CLASSID] = RT_TEMPLATE("classid",
|
|
Packit |
c5a612 |
&realm_type,
|
|
Packit |
c5a612 |
4 * BITS_PER_BYTE,
|
|
Packit |
c5a612 |
BYTEORDER_HOST_ENDIAN,
|
|
Packit |
c5a612 |
false),
|
|
Packit |
c5a612 |
[NFT_RT_NEXTHOP4] = RT_TEMPLATE("nexthop",
|
|
Packit |
c5a612 |
&ipaddr_type,
|
|
Packit |
c5a612 |
4 * BITS_PER_BYTE,
|
|
Packit |
c5a612 |
BYTEORDER_BIG_ENDIAN,
|
|
Packit |
c5a612 |
true),
|
|
Packit |
c5a612 |
[NFT_RT_NEXTHOP6] = RT_TEMPLATE("nexthop",
|
|
Packit |
c5a612 |
&ip6addr_type,
|
|
Packit |
c5a612 |
16 * BITS_PER_BYTE,
|
|
Packit |
c5a612 |
BYTEORDER_BIG_ENDIAN,
|
|
Packit |
c5a612 |
true),
|
|
Packit |
c5a612 |
[NFT_RT_TCPMSS] = RT_TEMPLATE("mtu",
|
|
Packit |
c5a612 |
&integer_type,
|
|
Packit |
c5a612 |
2 * BITS_PER_BYTE,
|
|
Packit |
c5a612 |
BYTEORDER_HOST_ENDIAN,
|
|
Packit |
c5a612 |
false),
|
|
Packit |
c5a612 |
[NFT_RT_XFRM] = RT_TEMPLATE("ipsec",
|
|
Packit |
c5a612 |
&boolean_type,
|
|
Packit |
c5a612 |
BITS_PER_BYTE,
|
|
Packit |
c5a612 |
BYTEORDER_HOST_ENDIAN,
|
|
Packit |
c5a612 |
false),
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
static void rt_expr_print(const struct expr *expr, struct output_ctx *octx)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
const char *ip = "";
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
switch (expr->rt.key) {
|
|
Packit |
c5a612 |
case NFT_RT_NEXTHOP4:
|
|
Packit |
c5a612 |
ip = "ip ";
|
|
Packit |
c5a612 |
break;
|
|
Packit |
c5a612 |
case NFT_RT_NEXTHOP6:
|
|
Packit |
c5a612 |
ip = "ip6 ";
|
|
Packit |
c5a612 |
break;
|
|
Packit |
c5a612 |
default:
|
|
Packit |
c5a612 |
break;
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
nft_print(octx, "rt %s%s", ip, rt_templates[expr->rt.key].token);
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
static bool rt_expr_cmp(const struct expr *e1, const struct expr *e2)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
return e1->rt.key == e2->rt.key;
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
static void rt_expr_clone(struct expr *new, const struct expr *expr)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
new->rt.key = expr->rt.key;
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
const struct expr_ops rt_expr_ops = {
|
|
Packit |
c5a612 |
.type = EXPR_RT,
|
|
Packit |
c5a612 |
.name = "rt",
|
|
Packit |
c5a612 |
.print = rt_expr_print,
|
|
Packit |
c5a612 |
.json = rt_expr_json,
|
|
Packit |
c5a612 |
.cmp = rt_expr_cmp,
|
|
Packit |
c5a612 |
.clone = rt_expr_clone,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
struct expr *rt_expr_alloc(const struct location *loc, enum nft_rt_keys key,
|
|
Packit |
c5a612 |
bool invalid)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
const struct rt_template *tmpl = &rt_templates[key];
|
|
Packit |
c5a612 |
struct expr *expr;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
if (invalid && tmpl->invalid)
|
|
Packit |
c5a612 |
expr = expr_alloc(loc, EXPR_RT, &invalid_type,
|
|
Packit |
c5a612 |
tmpl->byteorder, 0);
|
|
Packit |
c5a612 |
else
|
|
Packit |
c5a612 |
expr = expr_alloc(loc, EXPR_RT, tmpl->dtype,
|
|
Packit |
c5a612 |
tmpl->byteorder, tmpl->len);
|
|
Packit |
c5a612 |
expr->rt.key = key;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
return expr;
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
void rt_expr_update_type(struct proto_ctx *ctx, struct expr *expr)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
const struct proto_desc *desc;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
switch (expr->rt.key) {
|
|
Packit |
c5a612 |
case NFT_RT_NEXTHOP4:
|
|
Packit |
c5a612 |
desc = ctx->protocol[PROTO_BASE_NETWORK_HDR].desc;
|
|
Packit |
c5a612 |
if (desc == &proto_ip)
|
|
Packit |
c5a612 |
datatype_set(expr, &ipaddr_type);
|
|
Packit |
c5a612 |
else if (desc == &proto_ip6) {
|
|
Packit |
c5a612 |
expr->rt.key++;
|
|
Packit |
c5a612 |
datatype_set(expr, &ip6addr_type);
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
expr->len = expr->dtype->size;
|
|
Packit |
c5a612 |
break;
|
|
Packit |
c5a612 |
default:
|
|
Packit |
c5a612 |
break;
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
}
|