Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
B
babeld
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
babeld
Commits
4d28c156
Commit
4d28c156
authored
Nov 04, 2015
by
Matthieu Boutier
Committed by
Juliusz Chroboczek
Nov 12, 2015
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor netlink: rule import (+ new file for rules).
parent
9bbcc9f8
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
385 additions
and
263 deletions
+385
-263
Makefile
Makefile
+2
-2
babeld.c
babeld.c
+25
-0
configuration.c
configuration.c
+1
-0
kernel.c
kernel.c
+0
-3
kernel.h
kernel.h
+9
-3
kernel_netlink.c
kernel_netlink.c
+19
-255
rule.c
rule.c
+297
-0
rule.h
rule.h
+32
-0
No files found.
Makefile
View file @
4d28c156
...
...
@@ -11,11 +11,11 @@ LDLIBS = -lrt
SRCS
=
babeld.c net.c kernel.c util.c interface.c source.c neighbour.c
\
route.c xroute.c message.c resend.c configuration.c local.c
\
disambiguation.c
disambiguation.c
rule.c
OBJS
=
babeld.o net.o kernel.o util.o interface.o source.o neighbour.o
\
route.o xroute.o message.o resend.o configuration.o local.o
\
disambiguation.o
disambiguation.o
rule.o
babeld
:
$(OBJS)
$(CC)
$(CFLAGS)
$(LDFLAGS)
-o
babeld
$(OBJS)
$(LDLIBS)
...
...
babeld.c
View file @
4d28c156
...
...
@@ -52,6 +52,7 @@ THE SOFTWARE.
#include "resend.h"
#include "configuration.h"
#include "local.h"
#include "rule.h"
struct
timeval
now
;
...
...
@@ -125,6 +126,22 @@ kernel_link_notify(struct kernel_link *link, void *closure)
return
0
;
}
static
int
kernel_rule_notify
(
struct
kernel_rule
*
rule
,
void
*
closure
)
{
int
i
;
if
(
martian_prefix
(
rule
->
src
,
rule
->
src_plen
))
return
0
;
i
=
rule
->
priority
-
src_table_prio
;
if
(
i
<
0
||
SRC_TABLE_NUM
<=
i
)
return
0
;
kernel_rules_changed
=
1
;
return
-
1
;
}
int
main
(
int
argc
,
char
**
argv
)
{
...
...
@@ -517,6 +534,9 @@ main(int argc, char **argv)
rc
=
check_xroutes
(
0
);
if
(
rc
<
0
)
fprintf
(
stderr
,
"Warning: couldn't check exported routes.
\n
"
);
rc
=
check_rules
();
if
(
rc
<
0
)
fprintf
(
stderr
,
"Warning: couldn't check rules.
\n
"
);
kernel_routes_changed
=
0
;
kernel_rules_changed
=
0
;
...
...
@@ -619,6 +639,7 @@ main(int argc, char **argv)
filter
.
route
=
kernel_route_notify
;
filter
.
addr
=
kernel_addr_notify
;
filter
.
link
=
kernel_link_notify
;
filter
.
rule
=
kernel_rule_notify
;
kernel_callback
(
&
filter
);
}
...
...
@@ -690,6 +711,9 @@ main(int argc, char **argv)
rc
=
check_xroutes
(
1
);
if
(
rc
<
0
)
fprintf
(
stderr
,
"Warning: couldn't check exported routes.
\n
"
);
rc
=
check_rules
();
if
(
rc
<
0
)
fprintf
(
stderr
,
"Warning: couldn't check rules.
\n
"
);
kernel_routes_changed
=
kernel_rules_changed
=
kernel_addr_changed
=
0
;
if
(
kernel_socket
>=
0
)
...
...
@@ -787,6 +811,7 @@ main(int argc, char **argv)
gettime
(
&
now
);
interface_up
(
ifp
,
0
);
}
release_tables
();
kernel_setup_socket
(
0
);
kernel_setup
(
0
);
...
...
configuration.c
View file @
4d28c156
...
...
@@ -38,6 +38,7 @@ THE SOFTWARE.
#include "route.h"
#include "kernel.h"
#include "configuration.h"
#include "rule.h"
struct
filter
*
input_filters
=
NULL
;
struct
filter
*
output_filters
=
NULL
;
...
...
kernel.c
View file @
4d28c156
...
...
@@ -33,9 +33,6 @@ THE SOFTWARE.
#include "kernel_socket.c"
#endif
int
src_table_idx
=
10
;
int
src_table_prio
=
100
;
/* Like gettimeofday, but returns monotonic time. If POSIX clocks are not
available, falls back to gettimeofday but enforces monotonicity. */
int
...
...
kernel.h
View file @
4d28c156
...
...
@@ -45,6 +45,13 @@ struct kernel_link {
char
*
ifname
;
};
struct
kernel_rule
{
unsigned
int
priority
;
unsigned
int
table
;
unsigned
char
src
[
16
];
unsigned
char
src_plen
;
};
struct
kernel_filter
{
/* return -1 to interrupt search. */
int
(
*
addr
)(
struct
kernel_addr
*
,
void
*
);
...
...
@@ -53,6 +60,8 @@ struct kernel_filter {
void
*
route_closure
;
int
(
*
link
)(
struct
kernel_link
*
,
void
*
);
void
*
link_closure
;
int
(
*
rule
)(
struct
kernel_rule
*
,
void
*
);
void
*
rule_closure
;
};
#define ROUTE_FLUSH 0
...
...
@@ -71,9 +80,6 @@ struct kernel_filter {
extern
int
export_table
,
import_tables
[
MAX_IMPORT_TABLES
],
import_table_count
;
int
add_import_table
(
int
table
);
#define SRC_TABLE_NUM 10
extern
int
src_table_idx
;
/* number of the first table */
extern
int
src_table_prio
;
/* first prio range */
int
kernel_setup
(
int
setup
);
int
kernel_setup_socket
(
int
setup
);
...
...
kernel_netlink.c
View file @
4d28c156
...
...
@@ -90,11 +90,7 @@ static int dgram_socket = -1;
#endif
static
int
filter_netlink
(
struct
nlmsghdr
*
nh
,
struct
kernel_filter
*
filter
);
static
int
find_table
(
const
unsigned
char
*
src
,
unsigned
short
src_plen
);
static
void
release_tables
(
void
);
static
int
filter_kernel_rules
(
struct
nlmsghdr
*
nh
,
void
*
data
);
static
void
install_missing_rules
(
char
rule_exists
[
SRC_TABLE_NUM
],
int
v4
);
static
int
filter_kernel_rules
(
struct
nlmsghdr
*
nh
,
struct
kernel_rule
*
rule
);
/* Determine an interface's hardware address, in modified EUI-64 format */
...
...
@@ -536,7 +532,6 @@ kernel_setup(int setup)
return
1
;
}
else
{
release_tables
();
close
(
dgram_socket
);
dgram_socket
=
-
1
;
...
...
@@ -1257,7 +1252,7 @@ kernel_dump(int operation, struct kernel_filter *filter)
return
-
1
;
rc
=
netlink_read
(
&
nl_command
,
NULL
,
1
,
filter_
kernel_rules
,
rule_exists
);
filter_
netlink
,
(
void
*
)
filter
);
if
(
rc
<
0
)
return
-
1
;
}
...
...
@@ -1398,11 +1393,11 @@ static int
filter_netlink
(
struct
nlmsghdr
*
nh
,
struct
kernel_filter
*
filter
)
{
int
rc
;
int
*
changed
=
data
;
union
{
struct
kernel_route
route
;
struct
kernel_addr
addr
;
struct
kernel_link
link
;
struct
kernel_rule
rule
;
}
u
;
switch
(
nh
->
nlmsg_type
)
{
...
...
@@ -1426,10 +1421,10 @@ filter_netlink(struct nlmsghdr *nh, struct kernel_filter *filter)
return
filter
->
addr
(
&
u
.
addr
,
filter
->
addr_closure
);
case
RTM_NEWRULE
:
case
RTM_DELRULE
:
rc
=
filter_kernel_rules
(
nh
,
NULL
)
;
if
(
changed
&&
rc
>
0
)
*
changed
|=
CHANGE_RULE
;
return
rc
;
if
(
!
filter
->
rule
)
break
;
rc
=
filter_kernel_rules
(
nh
,
&
u
.
rule
);
if
(
rc
<=
0
)
break
;
return
filter
->
rule
(
&
u
.
rule
,
filter
->
rule_closure
)
;
default:
kdebugf
(
"filter_netlink: unexpected message type %d
\n
"
,
nh
->
nlmsg_type
);
...
...
@@ -1602,201 +1597,22 @@ change_rule(int new_prio, int old_prio,
return
flush_rule
(
old_prio
,
v4mapped
(
src
)
?
AF_INET
:
AF_INET6
);
}
/* Source specific functions and data structures */
/* The table used for non-specific routes is "export_table", therefore, we can
take the convention of plen == 0 <=> empty table. */
struct
rule
{
unsigned
char
src
[
16
];
unsigned
char
plen
;
unsigned
char
table
;
};
/* rules contains informations about the rules we installed. It is an array
indexed by: <table priority> - src_table_prio.
(First entries are the most specific, since they have priority.) */
static
struct
rule
rules
[
SRC_TABLE_NUM
];
/* used tables is indexed by: <table number> - src_table_idx
used_tables[i] == 1 <=> the table number (i + src_table_idx) is used */
static
char
used_tables
[
SRC_TABLE_NUM
]
=
{
0
};
static
int
get_free_table
(
void
)
{
int
i
;
for
(
i
=
0
;
i
<
SRC_TABLE_NUM
;
i
++
)
if
(
!
used_tables
[
i
])
{
used_tables
[
i
]
=
1
;
return
i
+
src_table_idx
;
}
return
-
1
;
}
static
void
release_table
(
int
i
)
{
used_tables
[
i
-
src_table_idx
]
=
0
;
}
static
int
find_hole_around
(
int
i
)
{
int
j
;
for
(
j
=
i
;
j
<
SRC_TABLE_NUM
;
j
++
)
if
(
rules
[
j
].
plen
==
0
)
return
j
;
for
(
j
=
i
-
1
;
j
>=
0
;
j
--
)
if
(
rules
[
j
].
plen
==
0
)
return
j
;
return
-
1
;
}
static
int
shift_rule
(
int
from
,
int
to
)
{
int
dec
=
(
from
<
to
)
?
1
/* right */
:
-
1
/* left */
;
while
(
to
!=
from
)
{
to
=-
dec
;
rc
=
change_rule
(
to
+
dec
+
src_table_prio
,
to
+
src_table_prio
,
rules
[
to
].
src
,
rules
[
to
].
plen
,
rules
[
to
].
table
);
if
(
rc
<
0
)
{
perror
(
"change_table_priority"
);
return
NULL
;
}
rules
[
to
+
dec
]
=
rules
[
to
];
rules
[
to
].
plen
=
0
;
}
}
/* Return a new table at index [idx] of rules. If cell at that index is not
free, we need to shift cells (and rules). If it's full, return NULL. */
static
struct
rule
*
insert_table
(
const
unsigned
char
*
src
,
unsigned
short
src_plen
,
int
idx
)
{
int
table
;
int
rc
;
int
hole
;
if
(
idx
<
0
||
idx
>=
SRC_TABLE_NUM
)
{
fprintf
(
stderr
,
"Incorrect table number %d
\n
"
,
idx
);
return
NULL
;
}
table
=
get_free_table
();
if
(
table
<
0
)
{
kdebugf
(
"All allowed routing tables are used!
\n
"
);
return
NULL
;
}
hole
=
find_hole_around
(
idx
);
if
(
hole
<
0
)
{
fprintf
(
stderr
,
"Have free table but not free rule.
\n
"
);
goto
fail
;
}
rc
=
shift_rule
(
idx
,
hole
);
if
(
rc
<
0
)
{
goto
fail
;
rc
=
add_rule
(
idx
+
src_table_prio
,
src
,
src_plen
,
table
);
if
(
rc
<
0
)
{
perror
(
"add rule"
);
goto
fail
;
}
memcpy
(
rules
[
idx
].
src
,
src
,
16
);
rules
[
idx
].
plen
=
src_plen
;
rules
[
idx
].
table
=
table
;
return
&
rules
[
idx
];
fail:
release_table
(
table
);
return
NULL
;
}
/* Sorting rules in a well ordered fashion will increase code complexity and
decrease performances, because more rule shifs will be required, so more
system calls invoked. */
static
int
fi
nd_table_slot
(
const
unsigned
char
*
src
,
unsigned
short
src_plen
,
int
*
found
)
fi
lter_kernel_rules
(
struct
nlmsghdr
*
nh
,
struct
kernel_rule
*
rule
)
{
struct
rule
*
kr
=
NULL
;
int
i
;
*
found
=
false
;
for
(
i
=
0
;
i
<
SRC_TABLE_NUM
;
i
++
)
{
kr
=
&
rules
[
i
];
if
(
kr
->
plen
==
0
)
return
i
;
switch
(
prefix_cmp
(
src
,
src_plen
,
kr
->
src
,
kr
->
plen
))
{
case
PST_LESS_SPECIFIC
:
case
PST_DISJOINT
:
continue
;
case
PST_MORE_SPECIFIC
:
return
i
;
case
PST_EQUALS
:
*
found
=
true
;
return
i
;
}
}
return
-
1
;
}
static
int
find_table
(
const
unsigned
char
*
src
,
unsigned
short
src_plen
)
{
struct
rule
*
kr
=
NULL
;
int
i
,
found
;
if
(
src_plen
==
0
||
(
kernel_disambiguate
(
src_plen
>=
96
&&
v4mapped
(
src
))))
{
fprintf
(
stderr
,
"Find_table called for route handled by kernel "
"(this shouldn't happen)."
);
return
-
1
;
}
i
=
find_table_slot
(
src
,
src_plen
,
&
found
);
if
(
found
)
return
rules
[
i
].
table
;
if
(
i
<
0
)
return
-
1
;
kr
=
insert_table
(
src
,
src_plen
,
i
);
return
kr
==
NULL
?
-
1
:
kr
->
table
;
}
static
void
release_tables
(
void
)
{
int
i
;
for
(
i
=
0
;
i
<
SRC_TABLE_NUM
;
i
++
)
{
if
(
rules
[
i
].
plen
!=
0
)
{
flush_rule
(
i
+
src_table_prio
,
v4mapped
(
rules
[
i
].
src
)
?
AF_INET
:
AF_INET6
);
rules
[
i
].
plen
=
0
;
}
used_tables
[
i
]
=
0
;
}
}
static
int
filter_kernel_rules
(
struct
nlmsghdr
*
nh
,
void
*
data
)
{
int
i
,
len
,
has_priority
=
0
;
int
len
,
has_priority
=
0
;
unsigned
int
rta_len
;
struct
rtmsg
*
rtm
=
NULL
;
struct
rtattr
*
rta
=
NULL
;
int
is_v4
=
0
;
char
*
rule_exists
=
data
;
unsigned
char
src
[
16
];
unsigned
char
src_plen
;
unsigned
int
table
,
priority
=
0xFFFFFFFF
;
len
=
nh
->
nlmsg_len
;
rtm
=
(
struct
rtmsg
*
)
NLMSG_DATA
(
nh
);
len
-=
NLMSG_LENGTH
(
0
);
src_plen
=
rtm
->
rtm_src_len
;
table
=
rtm
->
rtm_table
;
rule
->
src_plen
=
rtm
->
rtm_src_len
;
rule
->
table
=
rtm
->
rtm_table
;
if
(
rtm
->
rtm_family
!=
AF_INET
&&
rtm
->
rtm_family
!=
AF_INET6
)
{
kdebugf
(
"filter_rules: Unknown family: %d
\n
"
,
rtm
->
rtm_family
);
...
...
@@ -1807,6 +1623,7 @@ filter_kernel_rules(struct nlmsghdr *nh, void *data)
rta
=
RTM_RTA
(
rtm
);
len
-=
NLMSG_ALIGN
(
sizeof
(
*
rtm
));
/* TODO: merge GET_PLEN && COPY_ADDR with the parse_routes ones ? */
#define GET_PLEN(p) (rtm->rtm_family == AF_INET) ? p + 96 : p
#define COPY_ADDR(d, s) \
do { \
...
...
@@ -1830,15 +1647,15 @@ filter_kernel_rules(struct nlmsghdr *nh, void *data)
switch
(
rta
->
rta_type
)
{
case
FRA_UNSPEC
:
break
;
case
FRA_SRC
:
src_plen
=
GET_PLEN
(
rtm
->
rtm_src_len
);
COPY_ADDR
(
src
,
RTA_DATA
(
rta
));
rule
->
src_plen
=
GET_PLEN
(
rtm
->
rtm_src_len
);
COPY_ADDR
(
rule
->
src
,
RTA_DATA
(
rta
));
break
;
case
FRA_PRIORITY
:
priority
=
*
(
unsigned
int
*
)
RTA_DATA
(
rta
);
rule
->
priority
=
*
(
unsigned
int
*
)
RTA_DATA
(
rta
);
has_priority
=
1
;
break
;
case
FRA_TABLE
:
table
=
*
(
int
*
)
RTA_DATA
(
rta
);
rule
->
table
=
*
(
int
*
)
RTA_DATA
(
rta
);
break
;
default:
kdebugf
(
"filter_rules: Unknown rule attribute: %d.
\n
"
,
...
...
@@ -1850,64 +1667,11 @@ filter_kernel_rules(struct nlmsghdr *nh, void *data)
#undef GET_PLEN
kdebugf
(
"filter_rules: from %s prio %d table %d
\n
"
,
format_prefix
(
src
,
src_plen
),
priority
,
table
);
format_prefix
(
rule
->
src
,
rule
->
src_plen
),
has_priority
?
rule
->
priority
:
-
1
,
rule
->
table
);
if
(
martian_prefix
(
src
,
src_plen
)
||
!
has_priority
)
if
(
!
has_priority
)
return
0
;
i
=
priority
-
src_table_prio
;
if
(
i
<
0
||
SRC_TABLE_NUM
<=
i
)
return
0
;
/* There is an unexpected change on one of our rules. */
if
(
!
rule_exists
)
return
1
;
if
(
prefix_cmp
(
src
,
src_plen
,
rules
[
i
].
src
,
rules
[
i
].
plen
)
==
PST_EQUALS
&&
table
==
rules
[
i
].
table
&&
!
rule_exists
[
i
])
{
rule_exists
[
i
]
=
1
;
}
else
{
int
rc
;
do
{
rc
=
flush_rule
(
i
+
src_table_prio
,
is_v4
?
AF_INET
:
AF_INET6
);
}
while
(
rc
>=
0
);
/* flush unexpected rules, but keep information in rules[i]. It
will be used afterwards to reinstall the rule. */
if
(
errno
!=
ENOENT
&&
errno
!=
EEXIST
)
fprintf
(
stderr
,
"filter_rules: cannot remove from %s prio %d table %d"
"(%s)
\n
"
,
format_prefix
(
src
,
src_plen
),
priority
,
table
,
strerror
(
errno
));
rule_exists
[
i
]
=
0
;
}
return
1
;
}
/* This functions should be executed wrt the code just bellow: [rule_exists]
contains is a boolean array telling whether the rules we should have
installed in the kernel are installed or not. If they aren't, then reinstall
them (this can append when rules are modified by third parties). */
static
void
install_missing_rules
(
char
rule_exists
[
SRC_TABLE_NUM
],
int
v4
)
{
int
i
,
rc
;
for
(
i
=
0
;
i
<
SRC_TABLE_NUM
;
i
++
)
if
(
v4mapped
(
rules
[
i
].
src
)
==
v4
&&
!
rule_exists
[
i
]
&&
rules
[
i
].
plen
!=
0
)
{
rc
=
add_rule
(
i
+
src_table_prio
,
rules
[
i
].
src
,
rules
[
i
].
plen
,
rules
[
i
].
table
);
if
(
rc
<
0
)
fprintf
(
stderr
,
"install_missing_rules: "
"Cannot install rule: table %d prio %d from %s
\n
"
,
rules
[
i
].
table
,
i
+
src_table_prio
,
format_prefix
(
rules
[
i
].
src
,
rules
[
i
].
plen
));
}
}
rule.c
0 → 100644
View file @
4d28c156
/*
Copyright (c) 2015 by Matthieu Boutier and Juliusz Chroboczek.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include "babeld.h"
#include "util.h"
#include "kernel.h"
#include "configuration.h"
#include "rule.h"
int
src_table_idx
=
10
;
int
src_table_prio
=
100
;
/* The table used for non-specific routes is "export_table", therefore, we can
take the convention of plen == 0 <=> empty table. */
struct
rule
{
unsigned
char
src
[
16
];
unsigned
char
plen
;
unsigned
char
table
;
};
/* rules contains informations about the rules we installed. It is an array
indexed by: <table priority> - src_table_prio.
(First entries are the most specific, since they have priority.) */
static
struct
rule
rules
[
SRC_TABLE_NUM
];
/* used tables is indexed by: <table number> - src_table_idx
used_tables[i] == 1 <=> the table number (i + src_table_idx) is used */
static
char
used_tables
[
SRC_TABLE_NUM
]
=
{
0
};
static
int
get_free_table
(
void
)
{
int
i
;
for
(
i
=
0
;
i
<
SRC_TABLE_NUM
;
i
++
)
if
(
!
used_tables
[
i
])
{
used_tables
[
i
]
=
1
;
return
i
+
src_table_idx
;
}
return
-
1
;
}
static
void
release_table
(
int
i
)
{
used_tables
[
i
-
src_table_idx
]
=
0
;
}
static
int
find_hole_around
(
int
i
)
{
int
j
;
for
(
j
=
i
;
j
<
SRC_TABLE_NUM
;
j
++
)
if
(
rules
[
j
].
plen
==
0
)
return
j
;
for
(
j
=
i
-
1
;
j
>=
0
;
j
--
)
if
(
rules
[
j
].
plen
==
0
)
return
j
;
return
-
1
;
}
static
int
shift_rule
(
int
from
,
int
to
)
{
int
dec
=
(
from
<
to
)
?
1
/* right */
:
-
1
/* left */
;
int
rc
;
while
(
to
!=
from
)
{
to
-=
dec
;
rc
=
change_rule
(
to
+
dec
+
src_table_prio
,
to
+
src_table_prio
,
rules
[
to
].
src
,
rules
[
to
].
plen
,
rules
[
to
].
table
);
if
(
rc
<
0
)
{
perror
(
"change_table_priority"
);
return
-
1
;
}
rules
[
to
+
dec
]
=
rules
[
to
];
rules
[
to
].
plen
=
0
;
}
return
0
;
}
/* Return a new table at index [idx] of rules. If cell at that index is not
free, we need to shift cells (and rules). If it's full, return NULL. */
static
struct
rule
*
insert_table
(
const
unsigned
char
*
src
,
unsigned
short
src_plen
,
int
idx
)
{
int
table
;
int
rc
;
int
hole
;
if
(
idx
<
0
||
idx
>=
SRC_TABLE_NUM
)
{
fprintf
(
stderr
,
"Incorrect table number %d
\n
"
,
idx
);
return
NULL
;
}
table
=
get_free_table
();
if
(
table
<
0
)
{
kdebugf
(
"All allowed routing tables are used!
\n
"
);
return
NULL
;
}
hole
=
find_hole_around
(
idx
);
if
(
hole
<
0
)
{
fprintf
(
stderr
,
"Have free table but not free rule.
\n
"
);
goto
fail
;
}
rc
=
shift_rule
(
idx
,
hole
);
if
(
rc
<
0
)
goto
fail
;
rc
=
add_rule
(
idx
+
src_table_prio
,
src
,
src_plen
,
table
);
if
(
rc
<
0
)
{
perror
(
"add rule"
);
goto
fail
;
}
memcpy
(
rules
[
idx
].
src
,
src
,
16
);
rules
[
idx
].
plen
=
src_plen
;
rules
[
idx
].
table
=
table
;
return
&
rules
[
idx
];
fail:
release_table
(
table
);
return
NULL
;
}
/* Sorting rules in a well ordered fashion will increase code complexity and
decrease performances, because more rule shifs will be required, so more
system calls invoked. */
static
int
find_table_slot
(
const
unsigned
char
*
src
,
unsigned
short
src_plen
,
int
*
found
)
{
struct
rule
*
kr
=
NULL
;
int
i
;
*
found
=
0
;
for
(
i
=
0
;
i
<
SRC_TABLE_NUM
;
i
++
)
{
kr
=
&
rules
[
i
];
if
(
kr
->
plen
==
0
)
return
i
;
switch
(
prefix_cmp
(
src
,
src_plen
,
kr
->
src
,
kr
->
plen
))
{
case
PST_LESS_SPECIFIC
:
case
PST_DISJOINT
:
continue
;
case
PST_MORE_SPECIFIC
:
return
i
;
case
PST_EQUALS
:
*
found
=
1
;
return
i
;
}
}
return
-
1
;
}
int
find_table
(
const
unsigned
char
*
src
,
unsigned
short
src_plen
)
{
struct
rule
*
kr
=
NULL
;
int
i
,
found
;
if
(
src_plen
==
0
||
(
kernel_disambiguate
(
src_plen
>=
96
&&
v4mapped
(
src
))))
{
fprintf
(
stderr
,
"Find_table called for route handled by kernel "
"(this shouldn't happen)."
);
return
-
1
;
}
i
=
find_table_slot
(
src
,
src_plen
,
&
found
);
if
(
found
)
return
rules
[
i
].
table
;
if
(
i
<
0
)
return
-
1
;
kr
=
insert_table
(
src
,
src_plen
,
i
);
return
kr
==
NULL
?
-
1
:
kr
->
table
;
}
void
release_tables
(
void
)
{
int
i
;
for
(
i
=
0
;
i
<
SRC_TABLE_NUM
;
i
++
)
{
if
(
rules
[
i
].
plen
!=
0
)
{
flush_rule
(
i
+
src_table_prio
,
v4mapped
(
rules
[
i
].
src
)
?
AF_INET
:
AF_INET6
);
rules
[
i
].
plen
=
0
;
}
used_tables
[
i
]
=
0
;
}
}
static
int
filter_rule
(
struct
kernel_rule
*
rule
,
void
*
data
)
{
int
i
;
char
(
*
rule_exists
)[
2
][
SRC_TABLE_NUM
]
=
data
;
int
is_v4
=
v4mapped
(
rule
->
src
);
int
r
=
is_v4
?
0
:
1
;
if
(
martian_prefix
(
rule
->
src
,
rule
->
src_plen
))
return
0
;
i
=
rule
->
priority
-
src_table_prio
;
if
(
i
<
0
||
SRC_TABLE_NUM
<=
i
)
return
0
;
if
(
prefix_cmp
(
rule
->
src
,
rule
->
src_plen
,
rules
[
i
].
src
,
rules
[
i
].
plen
)
==
PST_EQUALS
&&
rule
->
table
==
rules
[
i
].
table
&&
(
*
rule_exists
)[
r
][
i
]
==
0
)
(
*
rule_exists
)[
r
][
i
]
=
1
;
else
(
*
rule_exists
)[
r
][
i
]
=
-
1
;
return
1
;
}
/* This functions should be executed wrt the code just bellow: [rule_exists]
contains is a boolean array telling whether the rules we should have
installed in the kernel are installed or not. If they aren't, then reinstall
them (this can append when rules are modified by third parties). */
static
void
install_missing_rules
(
char
rule_exists
[
SRC_TABLE_NUM
],
int
v4
)
{
int
i
,
rc
;
for
(
i
=
0
;
i
<
SRC_TABLE_NUM
;
i
++
)
{
int
priority
=
i
+
src_table_prio
;
if
(
rule_exists
[
i
]
==
1
)
continue
;
if
(
rule_exists
[
i
]
!=
0
)
{
int
rc
;
do
{
rc
=
flush_rule
(
priority
,
v4
?
AF_INET
:
AF_INET6
);
}
while
(
rc
>=
0
);
if
(
errno
!=
ENOENT
&&
errno
!=
EEXIST
)
fprintf
(
stderr
,
"Cannot remove rule %d: from %s table %d (%s)
\n
"
,
priority
,
format_prefix
(
rules
[
i
].
src
,
rules
[
i
].
plen
),
rules
[
i
].
table
,
strerror
(
errno
));
}
/* Be wise, our priority are both for v4 and v6 (does not overlap). */
if
(
!!
v4mapped
(
rules
[
i
].
src
)
==
!!
v4
&&
rules
[
i
].
plen
!=
0
)
{
rc
=
add_rule
(
priority
,
rules
[
i
].
src
,
rules
[
i
].
plen
,
rules
[
i
].
table
);
if
(
rc
<
0
)
fprintf
(
stderr
,
"Cannot install rule %d: from %s table %d (%s)
\n
"
,
priority
,
format_prefix
(
rules
[
i
].
src
,
rules
[
i
].
plen
),
rules
[
i
].
table
,
strerror
(
errno
));
}
}
}
int
check_rules
(
void
)
{
int
rc
;
char
rule_exists
[
2
][
SRC_TABLE_NUM
];
/* v4, v6 */
struct
kernel_filter
filter
=
{
0
};
filter
.
rule
=
filter_rule
;
filter
.
rule_closure
=
(
void
*
)
rule_exists
;
memset
(
rule_exists
,
0
,
sizeof
(
rule_exists
));
rc
=
kernel_dump
(
CHANGE_RULE
,
&
filter
);
if
(
rc
<
0
)
return
-
1
;
install_missing_rules
(
rule_exists
[
0
],
1
);
install_missing_rules
(
rule_exists
[
1
],
0
);
return
0
;
}
rule.h
0 → 100644
View file @
4d28c156
/*
Copyright (c) 2015 by Matthieu Boutier and Juliusz Chroboczek.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
*/
#define SRC_TABLE_NUM 10
extern
int
src_table_idx
;
/* number of the first table */
extern
int
src_table_prio
;
/* first prio range */
/* Return the number of the table using src_plen, allocate the table in the
kernel if necessary. */
int
find_table
(
const
unsigned
char
*
src
,
unsigned
short
src_plen
);
void
release_tables
(
void
);
int
check_rules
(
void
);
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment