2 * netifd - network interface daemon
3 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
5 * Copyright (C) 2018 Alexander Couzens <lynxis@fe80.eu>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2
9 * as published by the Free Software Foundation
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
20 #include <arpa/inet.h>
24 #include "interface.h"
30 struct vlist_tree iprules
;
31 static bool iprules_flushed
= false;
32 static unsigned int iprules_counter
[2];
52 static const struct blobmsg_policy rule_attr
[__RULE_MAX
] = {
53 [RULE_INTERFACE_IN
] = { .name
= "in", .type
= BLOBMSG_TYPE_STRING
},
54 [RULE_INTERFACE_OUT
] = { .name
= "out", .type
= BLOBMSG_TYPE_STRING
},
55 [RULE_INVERT
] = { .name
= "invert", .type
= BLOBMSG_TYPE_BOOL
},
56 [RULE_SRC
] = { .name
= "src", .type
= BLOBMSG_TYPE_STRING
},
57 [RULE_DEST
] = { .name
= "dest", .type
= BLOBMSG_TYPE_STRING
},
58 [RULE_PRIORITY
] = { .name
= "priority", .type
= BLOBMSG_TYPE_INT32
},
59 [RULE_TOS
] = { .name
= "tos", .type
= BLOBMSG_TYPE_INT32
},
60 [RULE_FWMARK
] = { .name
= "mark", .type
= BLOBMSG_TYPE_STRING
},
61 [RULE_LOOKUP
] = { .name
= "lookup", .type
= BLOBMSG_TYPE_STRING
},
62 [RULE_SUP_PREFIXLEN
] = { .name
= "suppress_prefixlength", .type
= BLOBMSG_TYPE_INT32
},
63 [RULE_UIDRANGE
] = { .name
= "uidrange", .type
= BLOBMSG_TYPE_STRING
},
64 [RULE_ACTION
] = { .name
= "action", .type
= BLOBMSG_TYPE_STRING
},
65 [RULE_GOTO
] = { .name
= "goto", .type
= BLOBMSG_TYPE_INT32
},
66 [RULE_DISABLED
] = { .name
= "disabled", .type
= BLOBMSG_TYPE_BOOL
},
69 const struct uci_blob_param_list rule_attr_list
= {
70 .n_params
= __RULE_MAX
,
74 /* interface based rules are dynamic. */
76 rule_ready(struct iprule
*rule
)
78 if (rule
->flags
& IPRULE_OUT
&& !rule
->out_dev
[0])
81 if (rule
->flags
& IPRULE_IN
&& !rule
->in_dev
[0])
88 iprule_parse_mark(const char *mark
, struct iprule
*rule
)
93 if ((s
= strchr(mark
, '/')) != NULL
)
96 n
= strtoul(mark
, &e
, 0);
102 rule
->flags
|= IPRULE_FWMARK
;
105 n
= strtoul(s
, &e
, 0);
111 rule
->flags
|= IPRULE_FWMASK
;
117 /* called on interface changes of the incoming interface */
119 rule_in_cb(struct interface_user
*dep
, struct interface
*iface
, enum interface_event ev
)
121 struct iprule
*rule
= container_of(dep
, struct iprule
, in_iface_user
);
125 if (!iface
->l3_dev
.dev
)
128 strcpy(rule
->in_dev
, iface
->l3_dev
.dev
->ifname
);
129 if (rule_ready(rule
))
130 system_add_iprule(rule
);
135 if (rule_ready(rule
))
136 system_del_iprule(rule
);
145 /* called on interface changes of the outgoing interface */
147 rule_out_cb(struct interface_user
*dep
, struct interface
*iface
, enum interface_event ev
)
149 struct iprule
*rule
= container_of(dep
, struct iprule
, out_iface_user
);
153 if (!iface
->l3_dev
.dev
)
156 strcpy(rule
->out_dev
, iface
->l3_dev
.dev
->ifname
);
157 if (rule_ready(rule
))
158 system_add_iprule(rule
);
163 if (rule_ready(rule
))
164 system_del_iprule(rule
);
166 rule
->out_dev
[0] = 0;
173 /* called on all interface events */
175 generic_interface_cb(struct interface_user
*dep
,
176 struct interface
*iface
, enum interface_event ev
)
180 if (ev
!= IFEV_CREATE
)
183 /* add new interfaces to rules */
184 vlist_for_each_element(&iprules
, rule
, node
) {
185 if (rule_ready(rule
))
188 if ((rule
->flags
& IPRULE_OUT
) && !strcmp(rule
->out_iface
, iface
->name
))
189 interface_add_user(&rule
->out_iface_user
, iface
);
191 if ((rule
->flags
& IPRULE_IN
) && !strcmp(rule
->in_iface
, iface
->name
))
192 interface_add_user(&rule
->in_iface_user
, iface
);
196 struct interface_user generic_listener
= {
197 .cb
= generic_interface_cb
201 iprule_add(struct blob_attr
*attr
, bool v6
)
203 struct blob_attr
*tb
[__RULE_MAX
], *cur
;
206 int af
= v6
? AF_INET6
: AF_INET
;
208 blobmsg_parse(rule_attr
, __RULE_MAX
, tb
, blobmsg_data(attr
), blobmsg_data_len(attr
));
210 if ((cur
= tb
[RULE_DISABLED
]) != NULL
&& blobmsg_get_bool(cur
))
213 rule
= calloc(1, sizeof(*rule
));
217 rule
->flags
= v6
? IPRULE_INET6
: IPRULE_INET4
;
218 rule
->order
= iprules_counter
[rule
->flags
]++;
220 if ((cur
= tb
[RULE_INVERT
]) != NULL
)
221 rule
->invert
= blobmsg_get_bool(cur
);
223 if ((cur
= tb
[RULE_INTERFACE_IN
]) != NULL
) {
224 iface_name
= calloc(1, strlen(blobmsg_data(cur
)) + 1);
225 rule
->in_iface
= strcpy(iface_name
, blobmsg_data(cur
));
226 rule
->in_iface_user
.cb
= &rule_in_cb
;
227 rule
->flags
|= IPRULE_IN
;
230 if ((cur
= tb
[RULE_INTERFACE_OUT
]) != NULL
) {
231 iface_name
= calloc(1, strlen(blobmsg_data(cur
)) + 1);
232 rule
->out_iface
= strcpy(iface_name
, blobmsg_data(cur
));
233 rule
->out_iface_user
.cb
= &rule_out_cb
;
234 rule
->flags
|= IPRULE_OUT
;
237 if ((cur
= tb
[RULE_SRC
]) != NULL
) {
238 if (!parse_ip_and_netmask(af
, blobmsg_data(cur
), &rule
->src_addr
, &rule
->src_mask
)) {
239 DPRINTF("Failed to parse rule source: %s\n", (char *) blobmsg_data(cur
));
242 rule
->flags
|= IPRULE_SRC
;
245 if ((cur
= tb
[RULE_DEST
]) != NULL
) {
246 if (!parse_ip_and_netmask(af
, blobmsg_data(cur
), &rule
->dest_addr
, &rule
->dest_mask
)) {
247 DPRINTF("Failed to parse rule destination: %s\n", (char *) blobmsg_data(cur
));
250 rule
->flags
|= IPRULE_DEST
;
253 if ((cur
= tb
[RULE_PRIORITY
]) != NULL
) {
254 rule
->priority
= blobmsg_get_u32(cur
);
255 rule
->flags
|= IPRULE_PRIORITY
;
258 if ((cur
= tb
[RULE_TOS
]) != NULL
) {
259 if ((rule
->tos
= blobmsg_get_u32(cur
)) > 255) {
260 DPRINTF("Invalid TOS value: %u\n", blobmsg_get_u32(cur
));
263 rule
->flags
|= IPRULE_TOS
;
266 if ((cur
= tb
[RULE_FWMARK
]) != NULL
) {
267 if (!iprule_parse_mark(blobmsg_data(cur
), rule
)) {
268 DPRINTF("Failed to parse rule fwmark: %s\n", (char *) blobmsg_data(cur
));
271 /* flags set by iprule_parse_mark() */
274 if ((cur
= tb
[RULE_LOOKUP
]) != NULL
) {
275 if (!system_resolve_rt_table(blobmsg_data(cur
), &rule
->lookup
)) {
276 DPRINTF("Failed to parse rule lookup table: %s\n", (char *) blobmsg_data(cur
));
279 rule
->flags
|= IPRULE_LOOKUP
;
282 if ((cur
= tb
[RULE_SUP_PREFIXLEN
]) != NULL
) {
283 rule
->sup_prefixlen
= blobmsg_get_u32(cur
);
284 rule
->flags
|= IPRULE_SUP_PREFIXLEN
;
287 if ((cur
= tb
[RULE_UIDRANGE
]) != NULL
) {
288 int ret
= sscanf(blobmsg_get_string(cur
), "%u-%u", &rule
->uidrange_start
, &rule
->uidrange_end
);
291 rule
->uidrange_end
= rule
->uidrange_start
;
293 DPRINTF("Failed to parse UID range: %s\n", (char *) blobmsg_data(cur
));
296 rule
->flags
|= IPRULE_UIDRANGE
;
299 if ((cur
= tb
[RULE_ACTION
]) != NULL
) {
300 if (!system_resolve_iprule_action(blobmsg_data(cur
), &rule
->action
)) {
301 DPRINTF("Failed to parse rule action: %s\n", (char *) blobmsg_data(cur
));
304 rule
->flags
|= IPRULE_ACTION
;
307 if ((cur
= tb
[RULE_GOTO
]) != NULL
) {
308 rule
->gotoid
= blobmsg_get_u32(cur
);
309 rule
->flags
|= IPRULE_GOTO
;
312 vlist_add(&iprules
, &rule
->node
, rule
);
320 iprule_update_start(void)
322 if (!iprules_flushed
) {
323 system_flush_iprules();
324 iprules_flushed
= true;
327 iprules_counter
[0] = 1;
328 iprules_counter
[1] = 1;
329 vlist_update(&iprules
);
333 iprule_update_complete(void)
335 vlist_flush(&iprules
);
340 rule_cmp(const void *k1
, const void *k2
, void *ptr
)
342 const struct iprule
*r1
= k1
, *r2
= k2
;
345 /* First compare the interface names */
346 if (r1
->flags
& IPRULE_IN
|| r2
->flags
& IPRULE_IN
) {
347 char *str1
= r1
->flags
& IPRULE_IN
? r1
->in_iface
: "";
348 char *str2
= r2
->flags
& IPRULE_IN
? r2
->in_iface
: "";
350 ret
= strcmp(str1
, str2
);
355 if (r1
->flags
& IPRULE_OUT
|| r2
->flags
& IPRULE_OUT
) {
356 char *str1
= r1
->flags
& IPRULE_OUT
? r1
->out_iface
: "";
357 char *str2
= r2
->flags
& IPRULE_OUT
? r2
->out_iface
: "";
359 ret
= strcmp(str1
, str2
);
364 /* Next compare everything after the flags field */
365 return memcmp(k1
+ offsetof(struct iprule
, flags
),
366 k2
+ offsetof(struct iprule
, flags
),
367 sizeof(struct iprule
) - offsetof(struct iprule
, flags
));
370 static void deregister_interfaces(struct iprule
*rule
)
372 if (rule
->flags
& IPRULE_IN
&& rule
->in_iface_user
.iface
)
373 interface_remove_user(&rule
->in_iface_user
);
375 if (rule
->flags
& IPRULE_OUT
&& rule
->out_iface_user
.iface
)
376 interface_remove_user(&rule
->out_iface_user
);
379 static void register_interfaces(struct iprule
*rule
)
381 struct interface
*iface
, *tmp
;
383 if (rule
->flags
& IPRULE_IN
) {
384 tmp
= vlist_find(&interfaces
, rule
->in_iface
, iface
, node
);
386 interface_add_user(&rule
->in_iface_user
, tmp
);
388 if (rule
->flags
& IPRULE_OUT
) {
389 tmp
= vlist_find(&interfaces
, rule
->out_iface
, iface
, node
);
391 interface_add_user(&rule
->out_iface_user
, tmp
);
396 iprule_update_rule(struct vlist_tree
*tree
,
397 struct vlist_node
*node_new
, struct vlist_node
*node_old
)
399 struct iprule
*rule_old
, *rule_new
;
401 rule_old
= container_of(node_old
, struct iprule
, node
);
402 rule_new
= container_of(node_new
, struct iprule
, node
);
405 if (rule_ready(rule_old
))
406 system_del_iprule(rule_old
);
408 if (rule_old
->flags
& (IPRULE_IN
| IPRULE_OUT
))
409 deregister_interfaces(rule_old
);
411 if (rule_old
->in_iface
)
412 free(rule_old
->in_iface
);
414 if (rule_old
->out_iface
)
415 free(rule_old
->out_iface
);
421 /* interface based rules calls system_add_iprule over the event cb */
422 if (rule_new
->flags
& (IPRULE_IN
| IPRULE_OUT
)) {
423 register_interfaces(rule_new
);
425 system_add_iprule(rule_new
);
431 iprule_init_list(void)
433 vlist_init(&iprules
, rule_cmp
, iprule_update_rule
);
434 interface_add_user(&generic_listener
, NULL
);