projects / project / netifd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CMake: bump the minimum required CMake version to 3.5
[project/netifd.git] / iprule.c
1 /*
2 * netifd - network interface daemon
3 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
5 * Copyright (C) 2018 Alexander Couzens <lynxis@fe80.eu>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2
9 * as published by the Free Software Foundation
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 */
16 #include <string.h>
17 #include <stdlib.h>
18 #include <stdio.h>
19
20 #include <arpa/inet.h>
21
22 #include "netifd.h"
23 #include "device.h"
24 #include "interface.h"
25 #include "iprule.h"
26 #include "proto.h"
27 #include "ubus.h"
28 #include "system.h"
29
30 struct vlist_tree iprules;
31 static bool iprules_flushed = false;
32 static unsigned int iprules_counter[2];
33
34 enum {
35 RULE_INTERFACE_IN,
36 RULE_INTERFACE_OUT,
37 RULE_INVERT,
38 RULE_SRC,
39 RULE_DEST,
40 RULE_PRIORITY,
41 RULE_TOS,
42 RULE_FWMARK,
43 RULE_LOOKUP,
44 RULE_ACTION,
45 RULE_GOTO,
46 RULE_SUP_PREFIXLEN,
47 __RULE_MAX
48 };
49
50 static const struct blobmsg_policy rule_attr[__RULE_MAX] = {
51 [RULE_INTERFACE_IN] = { .name = "in", .type = BLOBMSG_TYPE_STRING },
52 [RULE_INTERFACE_OUT] = { .name = "out", .type = BLOBMSG_TYPE_STRING },
53 [RULE_INVERT] = { .name = "invert", .type = BLOBMSG_TYPE_BOOL },
54 [RULE_SRC] = { .name = "src", .type = BLOBMSG_TYPE_STRING },
55 [RULE_DEST] = { .name = "dest", .type = BLOBMSG_TYPE_STRING },
56 [RULE_PRIORITY] = { .name = "priority", .type = BLOBMSG_TYPE_INT32 },
57 [RULE_TOS] = { .name = "tos", .type = BLOBMSG_TYPE_INT32 },
58 [RULE_FWMARK] = { .name = "mark", .type = BLOBMSG_TYPE_STRING },
59 [RULE_LOOKUP] = { .name = "lookup", .type = BLOBMSG_TYPE_STRING },
60 [RULE_SUP_PREFIXLEN] = { .name = "suppress_prefixlength", .type = BLOBMSG_TYPE_INT32 },
61 [RULE_ACTION] = { .name = "action", .type = BLOBMSG_TYPE_STRING },
62 [RULE_GOTO] = { .name = "goto", .type = BLOBMSG_TYPE_INT32 },
63 };
64
65 const struct uci_blob_param_list rule_attr_list = {
66 .n_params = __RULE_MAX,
67 .params = rule_attr,
68 };
69
70 /* interface based rules are dynamic. */
71 static bool
72 rule_ready(struct iprule *rule)
73 {
74 if (rule->flags & IPRULE_OUT && !rule->out_dev[0])
75 return false;
76
77 if (rule->flags & IPRULE_IN && !rule->in_dev[0])
78 return false;
79
80 return true;
81 }
82
83 static bool
84 iprule_parse_mark(const char *mark, struct iprule *rule)
85 {
86 char *s, *e;
87 unsigned int n;
88
89 if ((s = strchr(mark, '/')) != NULL)
90 *s++ = 0;
91
92 n = strtoul(mark, &e, 0);
93
94 if (e == mark || *e)
95 return false;
96
97 rule->fwmark = n;
98 rule->flags |= IPRULE_FWMARK;
99
100 if (s) {
101 n = strtoul(s, &e, 0);
102
103 if (e == s || *e)
104 return false;
105
106 rule->fwmask = n;
107 rule->flags |= IPRULE_FWMASK;
108 }
109
110 return true;
111 }
112
113 /* called on interface changes of the incoming interface */
114 static void
115 rule_in_cb(struct interface_user *dep, struct interface *iface, enum interface_event ev)
116 {
117 struct iprule *rule = container_of(dep, struct iprule, in_iface_user);
118
119 switch (ev) {
120 case IFEV_UP:
121 if (!iface->l3_dev.dev)
122 break;
123
124 strcpy(rule->in_dev, iface->l3_dev.dev->ifname);
125 if (rule_ready(rule))
126 system_add_iprule(rule);
127 break;
128 case IFEV_DOWN:
129 case IFEV_UP_FAILED:
130 case IFEV_FREE:
131 if (rule_ready(rule))
132 system_del_iprule(rule);
133
134 rule->in_dev[0] = 0;
135 break;
136 default:
137 break;
138 }
139 }
140
141 /* called on interface changes of the outgoing interface */
142 static void
143 rule_out_cb(struct interface_user *dep, struct interface *iface, enum interface_event ev)
144 {
145 struct iprule *rule = container_of(dep, struct iprule, out_iface_user);
146
147 switch (ev) {
148 case IFEV_UP:
149 if (!iface->l3_dev.dev)
150 break;
151
152 strcpy(rule->out_dev, iface->l3_dev.dev->ifname);
153 if (rule_ready(rule))
154 system_add_iprule(rule);
155 break;
156 case IFEV_DOWN:
157 case IFEV_UP_FAILED:
158 case IFEV_FREE:
159 if (rule_ready(rule))
160 system_del_iprule(rule);
161
162 rule->out_dev[0] = 0;
163 break;
164 default:
165 break;
166 }
167 }
168
169 /* called on all interface events */
170 static void
171 generic_interface_cb(struct interface_user *dep,
172 struct interface *iface, enum interface_event ev)
173 {
174 struct iprule *rule;
175
176 if (ev != IFEV_CREATE)
177 return;
178
179 /* add new interfaces to rules */
180 vlist_for_each_element(&iprules, rule, node) {
181 if (rule_ready(rule))
182 continue;
183
184 if ((rule->flags & IPRULE_OUT) && !strcmp(rule->out_iface, iface->name))
185 interface_add_user(&rule->out_iface_user, iface);
186
187 if ((rule->flags & IPRULE_IN) && !strcmp(rule->in_iface, iface->name))
188 interface_add_user(&rule->in_iface_user, iface);
189 }
190 }
191
192 struct interface_user generic_listener = {
193 .cb = generic_interface_cb
194 };
195
196 void
197 iprule_add(struct blob_attr *attr, bool v6)
198 {
199 struct blob_attr *tb[__RULE_MAX], *cur;
200 struct iprule *rule;
201 char *iface_name;
202 int af = v6 ? AF_INET6 : AF_INET;
203
204 blobmsg_parse(rule_attr, __RULE_MAX, tb, blobmsg_data(attr), blobmsg_data_len(attr));
205
206 rule = calloc(1, sizeof(*rule));
207 if (!rule)
208 return;
209
210 rule->flags = v6 ? IPRULE_INET6 : IPRULE_INET4;
211 rule->order = iprules_counter[rule->flags]++;
212
213 if ((cur = tb[RULE_INVERT]) != NULL)
214 rule->invert = blobmsg_get_bool(cur);
215
216 if ((cur = tb[RULE_INTERFACE_IN]) != NULL) {
217 iface_name = calloc(1, strlen(blobmsg_data(cur)) + 1);
218 rule->in_iface = strcpy(iface_name, blobmsg_data(cur));
219 rule->in_iface_user.cb = &rule_in_cb;
220 rule->flags |= IPRULE_IN;
221 }
222
223 if ((cur = tb[RULE_INTERFACE_OUT]) != NULL) {
224 iface_name = calloc(1, strlen(blobmsg_data(cur)) + 1);
225 rule->out_iface = strcpy(iface_name, blobmsg_data(cur));
226 rule->out_iface_user.cb = &rule_out_cb;
227 rule->flags |= IPRULE_OUT;
228 }
229
230 if ((cur = tb[RULE_SRC]) != NULL) {
231 if (!parse_ip_and_netmask(af, blobmsg_data(cur), &rule->src_addr, &rule->src_mask)) {
232 DPRINTF("Failed to parse rule source: %s\n", (char *) blobmsg_data(cur));
233 goto error;
234 }
235 rule->flags |= IPRULE_SRC;
236 }
237
238 if ((cur = tb[RULE_DEST]) != NULL) {
239 if (!parse_ip_and_netmask(af, blobmsg_data(cur), &rule->dest_addr, &rule->dest_mask)) {
240 DPRINTF("Failed to parse rule destination: %s\n", (char *) blobmsg_data(cur));
241 goto error;
242 }
243 rule->flags |= IPRULE_DEST;
244 }
245
246 if ((cur = tb[RULE_PRIORITY]) != NULL) {
247 rule->priority = blobmsg_get_u32(cur);
248 rule->flags |= IPRULE_PRIORITY;
249 }
250
251 if ((cur = tb[RULE_TOS]) != NULL) {
252 if ((rule->tos = blobmsg_get_u32(cur)) > 255) {
253 DPRINTF("Invalid TOS value: %u\n", blobmsg_get_u32(cur));
254 goto error;
255 }
256 rule->flags |= IPRULE_TOS;
257 }
258
259 if ((cur = tb[RULE_FWMARK]) != NULL) {
260 if (!iprule_parse_mark(blobmsg_data(cur), rule)) {
261 DPRINTF("Failed to parse rule fwmark: %s\n", (char *) blobmsg_data(cur));
262 goto error;
263 }
264 /* flags set by iprule_parse_mark() */
265 }
266
267 if ((cur = tb[RULE_LOOKUP]) != NULL) {
268 if (!system_resolve_rt_table(blobmsg_data(cur), &rule->lookup)) {
269 DPRINTF("Failed to parse rule lookup table: %s\n", (char *) blobmsg_data(cur));
270 goto error;
271 }
272 rule->flags |= IPRULE_LOOKUP;
273 }
274
275 if ((cur = tb[RULE_SUP_PREFIXLEN]) != NULL) {
276 rule->sup_prefixlen = blobmsg_get_u32(cur);
277 rule->flags |= IPRULE_SUP_PREFIXLEN;
278 }
279
280 if ((cur = tb[RULE_ACTION]) != NULL) {
281 if (!system_resolve_iprule_action(blobmsg_data(cur), &rule->action)) {
282 DPRINTF("Failed to parse rule action: %s\n", (char *) blobmsg_data(cur));
283 goto error;
284 }
285 rule->flags |= IPRULE_ACTION;
286 }
287
288 if ((cur = tb[RULE_GOTO]) != NULL) {
289 rule->gotoid = blobmsg_get_u32(cur);
290 rule->flags |= IPRULE_GOTO;
291 }
292
293 vlist_add(&iprules, &rule->node, rule);
294 return;
295
296 error:
297 free(rule);
298 }
299
300 void
301 iprule_update_start(void)
302 {
303 if (!iprules_flushed) {
304 system_flush_iprules();
305 iprules_flushed = true;
306 }
307
308 iprules_counter[0] = 1;
309 iprules_counter[1] = 1;
310 vlist_update(&iprules);
311 }
312
313 void
314 iprule_update_complete(void)
315 {
316 vlist_flush(&iprules);
317 }
318
319
320 static int
321 rule_cmp(const void *k1, const void *k2, void *ptr)
322 {
323 const struct iprule *r1 = k1, *r2 = k2;
324 int ret;
325
326 /* First compare the interface names */
327 if (r1->flags & IPRULE_IN || r2->flags & IPRULE_IN) {
328 char *str1 = r1->flags & IPRULE_IN ? r1->in_iface : "";
329 char *str2 = r2->flags & IPRULE_IN ? r2->in_iface : "";
330
331 ret = strcmp(str1, str2);
332 if (ret)
333 return ret;
334 }
335
336 if (r1->flags & IPRULE_OUT || r2->flags & IPRULE_OUT) {
337 char *str1 = r1->flags & IPRULE_OUT ? r1->out_iface : "";
338 char *str2 = r2->flags & IPRULE_OUT ? r2->out_iface : "";
339
340 ret = strcmp(str1, str2);
341 if (ret)
342 return ret;
343 }
344
345 /* Next compare everything after the flags field */
346 return memcmp(k1 + offsetof(struct iprule, flags),
347 k2 + offsetof(struct iprule, flags),
348 sizeof(struct iprule) - offsetof(struct iprule, flags));
349 }
350
351 static void deregister_interfaces(struct iprule *rule)
352 {
353 if (rule->flags & IPRULE_IN && rule->in_iface_user.iface)
354 interface_remove_user(&rule->in_iface_user);
355
356 if (rule->flags & IPRULE_OUT && rule->out_iface_user.iface)
357 interface_remove_user(&rule->out_iface_user);
358 }
359
360 static void register_interfaces(struct iprule *rule)
361 {
362 struct interface *iface, *tmp;
363
364 if (rule->flags & IPRULE_IN) {
365 tmp = vlist_find(&interfaces, rule->in_iface, iface, node);
366 if (tmp)
367 interface_add_user(&rule->in_iface_user, tmp);
368 }
369 if (rule->flags & IPRULE_OUT) {
370 tmp = vlist_find(&interfaces, rule->out_iface, iface, node);
371 if (tmp)
372 interface_add_user(&rule->out_iface_user, tmp);
373 }
374 }
375
376 static void
377 iprule_update_rule(struct vlist_tree *tree,
378 struct vlist_node *node_new, struct vlist_node *node_old)
379 {
380 struct iprule *rule_old, *rule_new;
381
382 rule_old = container_of(node_old, struct iprule, node);
383 rule_new = container_of(node_new, struct iprule, node);
384
385 if (node_old) {
386 if (rule_ready(rule_old))
387 system_del_iprule(rule_old);
388
389 if (rule_old->flags & (IPRULE_IN | IPRULE_OUT))
390 deregister_interfaces(rule_old);
391
392 if (rule_old->in_iface)
393 free(rule_old->in_iface);
394
395 if (rule_old->out_iface)
396 free(rule_old->out_iface);
397
398 free(rule_old);
399 }
400
401 if (node_new) {
402 /* interface based rules calls system_add_iprule over the event cb */
403 if (rule_new->flags & (IPRULE_IN | IPRULE_OUT)) {
404 register_interfaces(rule_new);
405 } else {
406 system_add_iprule(rule_new);
407 }
408 }
409 }
410
411 static void __init
412 iprule_init_list(void)
413 {
414 vlist_init(&iprules, rule_cmp, iprule_update_rule);
415 interface_add_user(&generic_listener, NULL);
416 }
OpenWrt Network interface configuration daemon