2 * netifd - network interface daemon
3 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2
8 * as published by the Free Software Foundation
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
19 #include <arpa/inet.h>
23 #include "interface.h"
29 struct vlist_tree iprules
;
30 static bool iprules_flushed
= false;
31 static unsigned int iprules_counter
[2];
49 static const struct blobmsg_policy rule_attr
[__RULE_MAX
] = {
50 [RULE_INTERFACE_IN
] = { .name
= "in", .type
= BLOBMSG_TYPE_STRING
},
51 [RULE_INTERFACE_OUT
] = { .name
= "out", .type
= BLOBMSG_TYPE_STRING
},
52 [RULE_INVERT
] = { .name
= "invert", .type
= BLOBMSG_TYPE_BOOL
},
53 [RULE_SRC
] = { .name
= "src", .type
= BLOBMSG_TYPE_STRING
},
54 [RULE_DEST
] = { .name
= "dest", .type
= BLOBMSG_TYPE_STRING
},
55 [RULE_PRIORITY
] = { .name
= "priority", .type
= BLOBMSG_TYPE_INT32
},
56 [RULE_TOS
] = { .name
= "tos", .type
= BLOBMSG_TYPE_INT32
},
57 [RULE_FWMARK
] = { .name
= "mark", .type
= BLOBMSG_TYPE_STRING
},
58 [RULE_LOOKUP
] = { .name
= "lookup", .type
= BLOBMSG_TYPE_STRING
},
59 [RULE_SUP_PREFIXLEN
] = { .name
= "suppress_prefixlength", .type
= BLOBMSG_TYPE_INT32
},
60 [RULE_ACTION
] = { .name
= "action", .type
= BLOBMSG_TYPE_STRING
},
61 [RULE_GOTO
] = { .name
= "goto", .type
= BLOBMSG_TYPE_INT32
},
64 const struct uci_blob_param_list rule_attr_list
= {
65 .n_params
= __RULE_MAX
,
71 iprule_parse_mark(const char *mark
, struct iprule
*rule
)
76 if ((s
= strchr(mark
, '/')) != NULL
)
79 n
= strtoul(mark
, &e
, 0);
85 rule
->flags
|= IPRULE_FWMARK
;
88 n
= strtoul(s
, &e
, 0);
94 rule
->flags
|= IPRULE_FWMASK
;
101 iprule_add(struct blob_attr
*attr
, bool v6
)
103 struct interface
*iif
= NULL
, *oif
= NULL
;
104 struct blob_attr
*tb
[__RULE_MAX
], *cur
;
105 struct interface
*iface
;
107 int af
= v6
? AF_INET6
: AF_INET
;
109 blobmsg_parse(rule_attr
, __RULE_MAX
, tb
, blobmsg_data(attr
), blobmsg_data_len(attr
));
111 rule
= calloc(1, sizeof(*rule
));
115 rule
->flags
= v6
? IPRULE_INET6
: IPRULE_INET4
;
116 rule
->order
= iprules_counter
[rule
->flags
]++;
118 if ((cur
= tb
[RULE_INVERT
]) != NULL
)
119 rule
->invert
= blobmsg_get_bool(cur
);
121 if ((cur
= tb
[RULE_INTERFACE_IN
]) != NULL
) {
122 iif
= vlist_find(&interfaces
, blobmsg_data(cur
), iface
, node
);
124 if (!iif
|| !iif
->l3_dev
.dev
) {
125 DPRINTF("Failed to resolve device of network: %s\n", (char *) blobmsg_data(cur
));
129 memcpy(rule
->in_dev
, iif
->l3_dev
.dev
->ifname
, sizeof(rule
->in_dev
));
130 rule
->flags
|= IPRULE_IN
;
133 if ((cur
= tb
[RULE_INTERFACE_OUT
]) != NULL
) {
134 oif
= vlist_find(&interfaces
, blobmsg_data(cur
), iface
, node
);
136 if (!oif
|| !oif
->l3_dev
.dev
) {
137 DPRINTF("Failed to resolve device of network: %s\n", (char *) blobmsg_data(cur
));
141 memcpy(rule
->out_dev
, oif
->l3_dev
.dev
->ifname
, sizeof(rule
->out_dev
));
142 rule
->flags
|= IPRULE_OUT
;
145 if ((cur
= tb
[RULE_SRC
]) != NULL
) {
146 if (!parse_ip_and_netmask(af
, blobmsg_data(cur
), &rule
->src_addr
, &rule
->src_mask
)) {
147 DPRINTF("Failed to parse rule source: %s\n", (char *) blobmsg_data(cur
));
150 rule
->flags
|= IPRULE_SRC
;
153 if ((cur
= tb
[RULE_DEST
]) != NULL
) {
154 if (!parse_ip_and_netmask(af
, blobmsg_data(cur
), &rule
->dest_addr
, &rule
->dest_mask
)) {
155 DPRINTF("Failed to parse rule destination: %s\n", (char *) blobmsg_data(cur
));
158 rule
->flags
|= IPRULE_DEST
;
161 if ((cur
= tb
[RULE_PRIORITY
]) != NULL
) {
162 rule
->priority
= blobmsg_get_u32(cur
);
163 rule
->flags
|= IPRULE_PRIORITY
;
166 if ((cur
= tb
[RULE_TOS
]) != NULL
) {
167 if ((rule
->tos
= blobmsg_get_u32(cur
)) > 255) {
168 DPRINTF("Invalid TOS value: %u\n", blobmsg_get_u32(cur
));
171 rule
->flags
|= IPRULE_TOS
;
174 if ((cur
= tb
[RULE_FWMARK
]) != NULL
) {
175 if (!iprule_parse_mark(blobmsg_data(cur
), rule
)) {
176 DPRINTF("Failed to parse rule fwmark: %s\n", (char *) blobmsg_data(cur
));
179 /* flags set by iprule_parse_mark() */
182 if ((cur
= tb
[RULE_LOOKUP
]) != NULL
) {
183 if (!system_resolve_rt_table(blobmsg_data(cur
), &rule
->lookup
)) {
184 DPRINTF("Failed to parse rule lookup table: %s\n", (char *) blobmsg_data(cur
));
187 rule
->flags
|= IPRULE_LOOKUP
;
190 if ((cur
= tb
[RULE_SUP_PREFIXLEN
]) != NULL
) {
191 rule
->sup_prefixlen
= blobmsg_get_u32(cur
);
192 rule
->flags
|= IPRULE_SUP_PREFIXLEN
;
195 if ((cur
= tb
[RULE_ACTION
]) != NULL
) {
196 if (!system_resolve_iprule_action(blobmsg_data(cur
), &rule
->action
)) {
197 DPRINTF("Failed to parse rule action: %s\n", (char *) blobmsg_data(cur
));
200 rule
->flags
|= IPRULE_ACTION
;
203 if ((cur
= tb
[RULE_GOTO
]) != NULL
) {
204 rule
->gotoid
= blobmsg_get_u32(cur
);
205 rule
->flags
|= IPRULE_GOTO
;
208 vlist_add(&iprules
, &rule
->node
, &rule
->flags
);
216 iprule_update_start(void)
218 if (!iprules_flushed
) {
219 system_flush_iprules();
220 iprules_flushed
= true;
223 iprules_counter
[0] = 1;
224 iprules_counter
[1] = 1;
225 vlist_update(&iprules
);
229 iprule_update_complete(void)
231 vlist_flush(&iprules
);
236 rule_cmp(const void *k1
, const void *k2
, void *ptr
)
238 return memcmp(k1
, k2
, sizeof(struct iprule
)-offsetof(struct iprule
, flags
));
242 iprule_update_rule(struct vlist_tree
*tree
,
243 struct vlist_node
*node_new
, struct vlist_node
*node_old
)
245 struct iprule
*rule_old
, *rule_new
;
247 rule_old
= container_of(node_old
, struct iprule
, node
);
248 rule_new
= container_of(node_new
, struct iprule
, node
);
251 system_del_iprule(rule_old
);
256 system_add_iprule(rule_new
);
260 iprule_init_list(void)
262 vlist_init(&iprules
, rule_cmp
, iprule_update_rule
);