Commit 21d6d879 authored by Julien Muchembled's avatar Julien Muchembled

New install filter and pref-src action

The purpose of the this new filter is to override *locally*:
- RTA_SRC ('from' option in ip-route)
- RTA_PREFSRC ('src' in ip-route)

We also force use of ipv6 subtrees because:
- even Linux 2.6.32 has them
- the fallback implementation using a separate table is not equivalent,
  at least not for Nexedi (and we don't need RTA_SRC for ipv4)

TODO: documentation

To be pushed upstream.
parent 12815d7d
Pipeline #303 skipped
......@@ -80,11 +80,7 @@ THE SOFTWARE.
#endif
#endif
#ifdef IPV6_SUBTREES
#define has_ipv6_subtrees 1
#else
#define has_ipv6_subtrees 0
#endif
extern struct timeval now;
extern int debug;
......
......@@ -42,6 +42,7 @@ THE SOFTWARE.
struct filter *input_filters = NULL;
struct filter *output_filters = NULL;
struct filter *redistribute_filters = NULL;
struct filter *install_filters = NULL;
struct interface_conf *default_interface_conf = NULL;
struct interface_conf *interface_confs = NULL;
......@@ -403,6 +404,15 @@ parse_filter(int c, gnc_t gnc, void *closure, struct filter **filter_return)
goto error;
if(af == AF_INET && filter->action.src_plen == 96)
memset(&filter->action.src_prefix, 0, 16);
} else if(strcmp(token, "pref-src") == 0) {
int af;
c = getip(c, &filter->action.pref_src, &af, gnc, closure);
if(c < -1)
goto error;
if(filter->af == AF_UNSPEC)
filter->af = af;
else if(filter->af != af)
goto error;
} else {
goto error;
}
......@@ -832,6 +842,12 @@ parse_config(gnc_t gnc, void *closure)
if(c < -1)
return -1;
add_filter(filter, &redistribute_filters);
} else if(strcmp(token, "install") == 0) {
struct filter *filter;
c = parse_filter(c, gnc, closure, &filter);
if(c < -1)
return -1;
add_filter(filter, &install_filters);
} else if(strcmp(token, "interface") == 0) {
struct interface_conf *if_conf;
c = parse_ifconf(c, gnc, closure, &if_conf);
......@@ -1064,6 +1080,19 @@ redistribute_filter(const unsigned char *prefix, unsigned short plen,
return res;
}
int
install_filter(const unsigned char *prefix, unsigned short plen,
const unsigned char *src_prefix, unsigned short src_plen,
struct filter_result *result)
{
int res;
res = do_filter(install_filters, NULL, prefix, plen,
src_prefix, src_plen, NULL, 0, 0, result);
if(res < 0)
res = INFINITY;
return res;
}
int
finalise_config()
{
......
......@@ -24,6 +24,7 @@ struct filter_result {
unsigned int add_metric; /* allow = 0, deny = INF, metric = <0..INF> */
unsigned char *src_prefix;
unsigned char src_plen;
unsigned char *pref_src;
};
struct filter {
......@@ -61,4 +62,7 @@ int redistribute_filter(const unsigned char *prefix, unsigned short plen,
const unsigned char *src_prefix, unsigned short src_plen,
unsigned int ifindex, int proto,
struct filter_result *result);
int install_filter(const unsigned char *prefix, unsigned short plen,
const unsigned char *src_prefix, unsigned short src_plen,
struct filter_result *result);
int finalise_config(void);
......@@ -34,6 +34,7 @@ THE SOFTWARE.
#include "route.h"
#include "source.h"
#include "neighbour.h"
#include "configuration.h"
struct zone {
const unsigned char *dst_prefix;
......@@ -207,32 +208,51 @@ is_installed(struct zone *zone)
zone->src_prefix, zone->src_plen) != NULL;
}
static const unsigned char *install_zone(struct zone *zone)
{
struct filter_result filter_result;
if(INFINITY == install_filter(zone->dst_prefix, zone->dst_plen,
zone->src_prefix, zone->src_plen,
&filter_result))
return NULL;
if(filter_result.src_prefix) {
zone->src_prefix = filter_result.src_prefix;
zone->src_plen = filter_result.src_plen;
}
return filter_result.pref_src;
}
static int
add_route(const struct zone *zone, const struct babel_route *route)
add_route(struct zone *zone, const struct babel_route *route)
{
const unsigned char *pref_src = install_zone(zone);
return kernel_route(ROUTE_ADD, zone->dst_prefix, zone->dst_plen,
zone->src_prefix, zone->src_plen,
zone->src_prefix, zone->src_plen, pref_src,
route->nexthop,
route->neigh->ifp->ifindex,
metric_to_kernel(route_metric(route)), NULL, 0, 0);
}
static int
del_route(const struct zone *zone, const struct babel_route *route)
del_route(struct zone *zone, const struct babel_route *route)
{
const unsigned char *pref_src = install_zone(zone);
return kernel_route(ROUTE_FLUSH, zone->dst_prefix, zone->dst_plen,
zone->src_prefix, zone->src_plen,
zone->src_prefix, zone->src_plen, pref_src,
route->nexthop,
route->neigh->ifp->ifindex,
metric_to_kernel(route_metric(route)), NULL, 0, 0);
}
static int
chg_route(const struct zone *zone, const struct babel_route *old,
chg_route(struct zone *zone, const struct babel_route *old,
const struct babel_route *new)
{
const unsigned char *pref_src = install_zone(zone);
return kernel_route(ROUTE_MODIFY, zone->dst_prefix, zone->dst_plen,
zone->src_prefix, zone->src_plen,
zone->src_prefix, zone->src_plen, pref_src,
old->nexthop, old->neigh->ifp->ifindex,
metric_to_kernel(route_metric(old)),
new->nexthop, new->neigh->ifp->ifindex,
......@@ -240,11 +260,12 @@ chg_route(const struct zone *zone, const struct babel_route *old,
}
static int
chg_route_metric(const struct zone *zone, const struct babel_route *route,
chg_route_metric(struct zone *zone, const struct babel_route *route,
int old_metric, int new_metric)
{
const unsigned char *pref_src = install_zone(zone);
return kernel_route(ROUTE_MODIFY, zone->dst_prefix, zone->dst_plen,
zone->src_prefix, zone->src_plen,
zone->src_prefix, zone->src_plen, pref_src,
route->nexthop, route->neigh->ifp->ifindex,
old_metric,
route->nexthop, route->neigh->ifp->ifindex,
......
......@@ -67,6 +67,7 @@ int kernel_interface_wireless(const char *ifname, int ifindex);
int kernel_interface_channel(const char *ifname, int ifindex);
int kernel_route(int operation, const unsigned char *dest, unsigned short plen,
const unsigned char *src, unsigned short src_plen,
const unsigned char *pref_src,
const unsigned char *gate, int ifindex, unsigned int metric,
const unsigned char *newgate, int newifindex,
unsigned int newmetric);
......
......@@ -921,6 +921,7 @@ kernel_interface_channel(const char *ifname, int ifindex)
int
kernel_route(int operation, const unsigned char *dest, unsigned short plen,
const unsigned char *src, unsigned short src_plen,
const unsigned char *pref_src,
const unsigned char *gate, int ifindex, unsigned int metric,
const unsigned char *newgate, int newifindex,
unsigned int newmetric)
......@@ -974,11 +975,11 @@ kernel_route(int operation, const unsigned char *dest, unsigned short plen,
stick with the naive approach, and hope that the window is
small enough to be negligible. */
kernel_route(ROUTE_FLUSH, dest, plen,
src, src_plen,
src, src_plen, pref_src,
gate, ifindex, metric,
NULL, 0, 0);
rc = kernel_route(ROUTE_ADD, dest, plen,
src, src_plen,
src, src_plen, pref_src,
newgate, newifindex, newmetric,
NULL, 0, 0);
if(rc < 0) {
......@@ -1070,17 +1071,24 @@ kernel_route(int operation, const unsigned char *dest, unsigned short plen,
rta->rta_type = RTA_OIF;
*(int*)RTA_DATA(rta) = ifindex;
if(ipv4) {
rta = RTA_NEXT(rta, len);
rta->rta_len = RTA_LENGTH(sizeof(struct in_addr));
rta->rta_type = RTA_GATEWAY;
memcpy(RTA_DATA(rta), gate + 12, sizeof(struct in_addr));
} else {
rta = RTA_NEXT(rta, len);
rta->rta_len = RTA_LENGTH(sizeof(struct in6_addr));
rta->rta_type = RTA_GATEWAY;
memcpy(RTA_DATA(rta), gate, sizeof(struct in6_addr));
}
#define ADD_IPARG(type, addr) \
do if(ipv4) { \
rta = RTA_NEXT(rta, len); \
rta->rta_len = RTA_LENGTH(sizeof(struct in_addr)); \
rta->rta_type = type; \
memcpy(RTA_DATA(rta), addr + 12, sizeof(struct in_addr)); \
} else { \
rta = RTA_NEXT(rta, len); \
rta->rta_len = RTA_LENGTH(sizeof(struct in6_addr)); \
rta->rta_type = type; \
memcpy(RTA_DATA(rta), addr, sizeof(struct in6_addr)); \
} while (0)
ADD_IPARG(RTA_GATEWAY, gate);
if(pref_src)
ADD_IPARG(RTA_PREFSRC, pref_src);
#undef ADD_IPARG
} else {
*(int*)RTA_DATA(rta) = -1;
}
......
......@@ -385,6 +385,7 @@ kernel_interface_channel(const char *ifname, int ifindex)
int
kernel_route(int operation, const unsigned char *dest, unsigned short plen,
const unsigned char *src, unsigned short src_plen,
const unsigned char *pref_src,
const unsigned char *gate, int ifindex, unsigned int metric,
const unsigned char *newgate, int newifindex,
unsigned int newmetric)
......@@ -401,8 +402,9 @@ kernel_route(int operation, const unsigned char *dest, unsigned short plen,
{{{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x7f, 0x00, 0x00, 0x01 }}};
/* Source-specific routes are not implemented yet for BSD. */
if(src_plen > 0) {
/* Source-specific routes & preferred source IPs
* are not implemented yet for BSD. */
if(src_plen > 0 || pref_src) {
errno = ENOSYS;
return -1;
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment