summaryrefslogtreecommitdiff
path: root/filter
diff options
context:
space:
mode:
authorOndrej Zajicek <santiago@crfreenet.org>2009-03-31 12:55:57 +0200
committerOndrej Zajicek <santiago@crfreenet.org>2009-03-31 12:55:57 +0200
commitb1a597e0c3821c791a41278454e74261cf1b95fb (patch)
treefec1fdf523429e3afdcdaec6b0a96ef297723729 /filter
parent1733d080c9f60de69e843f22e138f27240a8176c (diff)
Reimplementation of prefix sets.
Prefix sets were broken beyond any repair and have to be reimplemented. They are reimplemented using a trie with bitmasks in nodes. There is also change in the interpretation of minus prefix pattern, but the old interpretation was already inconsistent with the documentation and broken. There is also some bugfixes in filter code related to set variables.
Diffstat (limited to 'filter')
-rw-r--r--filter/Doc1
-rw-r--r--filter/Makefile2
-rw-r--r--filter/config.Y69
-rw-r--r--filter/filter.c76
-rw-r--r--filter/filter.h21
-rw-r--r--filter/test.conf38
-rw-r--r--filter/test6.conf182
-rw-r--r--filter/trie.c325
8 files changed, 662 insertions, 52 deletions
diff --git a/filter/Doc b/filter/Doc
index 50a42383..8e9c6b35 100644
--- a/filter/Doc
+++ b/filter/Doc
@@ -1,3 +1,4 @@
H Filters
S filter.c
S tree.c
+S trie.c \ No newline at end of file
diff --git a/filter/Makefile b/filter/Makefile
index f41d7a3d..2de598da 100644
--- a/filter/Makefile
+++ b/filter/Makefile
@@ -1,4 +1,4 @@
-source=f-util.c filter.c tree.c
+source=f-util.c filter.c tree.c trie.c
root-rel=../
dir-name=filter
diff --git a/filter/config.Y b/filter/config.Y
index 688464d9..b6a0f470 100644
--- a/filter/config.Y
+++ b/filter/config.Y
@@ -36,6 +36,7 @@ CF_KEYWORDS(FUNCTION, PRINT, PRINTN, UNSET, RETURN,
%type <f> filter filter_body where_filter
%type <i> type break_command pair
%type <e> set_item set_items switch_body
+%type <trie> fprefix_set
%type <v> set_atom fprefix fprefix_s fipa
%type <s> decls declsn one_decl function_params
%type <h> bgp_path bgp_path_tail1 bgp_path_tail2
@@ -69,12 +70,20 @@ type:
| CLIST { $$ = T_CLIST; }
| type SET {
switch ($1) {
+ case T_INT:
+ case T_IP:
+ case T_PAIR:
+ $$ = T_SET;
+ break;
+
+ case T_PREFIX:
+ $$ = T_PREFIX_SET;
+ break;
+
default:
cf_error( "You can't create sets of this type." );
- case T_INT: case T_IP: case T_PREFIX: case T_PAIR: ;
- }
- $$ = $1 | T_SET;
}
+ }
;
one_decl:
@@ -201,20 +210,6 @@ pair:
/*
* Complex types, their bison value is struct f_val
*/
-fprefix_s:
- IPA '/' NUM %prec '/' {
- if (!ip_is_prefix($1, $3)) cf_error("Invalid network prefix: %I/%d.", $1, $3);
- $$.type = T_PREFIX; $$.val.px.ip = $1; $$.val.px.len = $3;
- }
- ;
-
-fprefix:
- fprefix_s { $$ = $1; }
- | fprefix_s '+' { $$ = $1; $$.val.px.len |= LEN_PLUS; }
- | fprefix_s '-' { $$ = $1; $$.val.px.len |= LEN_MINUS; }
- | fprefix_s '{' NUM ',' NUM '}' { $$ = $1; $$.val.px.len |= LEN_RANGE | ($3 << 16) | ($5 << 8); }
- ;
-
fipa:
IPA %prec PREFIX_DUMMY { $$.type = T_IP; $$.val.px.ip = $1; }
;
@@ -223,7 +218,6 @@ set_atom:
NUM { $$.type = T_INT; $$.val.i = $1; }
| pair { $$.type = T_PAIR; $$.val.i = $1; }
| fipa { $$ = $1; }
- | fprefix { $$ = $1; }
| ENUM { $$.type = $1 >> 16; $$.val.i = $1 & 0xffff; }
;
@@ -231,18 +225,12 @@ set_item:
set_atom {
$$ = f_new_tree();
$$->from = $1;
- if ($1.type != T_PREFIX)
- $$->to = $1;
- else {
- $$->to = $1;
- $$->to.val.px.ip = ipa_or( $$->to.val.px.ip, ipa_not( ipa_mkmask( $$->to.val.px.len ) ));
- }
+ $$->to = $1;
}
| set_atom '.' '.' set_atom {
$$ = f_new_tree();
$$->from = $1;
$$->to = $4;
- if (($1.type == T_PREFIX) || ($4.type == T_PREFIX)) cf_error( "You can't use prefixes for range." );
}
;
@@ -251,6 +239,28 @@ set_items:
| set_items ',' set_item { $$ = $3; $$->left = $1; }
;
+fprefix_s:
+ IPA '/' NUM %prec '/' {
+ if (($3 < 0) || ($3 > MAX_PREFIX_LENGTH) || !ip_is_prefix($1, $3)) cf_error("Invalid network prefix: %I/%d.", $1, $3);
+ $$.type = T_PREFIX; $$.val.px.ip = $1; $$.val.px.len = $3;
+ }
+ ;
+
+fprefix:
+ fprefix_s { $$ = $1; }
+ | fprefix_s '+' { $$ = $1; $$.val.px.len |= LEN_PLUS; }
+ | fprefix_s '-' { $$ = $1; $$.val.px.len |= LEN_MINUS; }
+ | fprefix_s '{' NUM ',' NUM '}' {
+ if (! ((0 <= $3) && ($3 <= $5) && ($5 <= MAX_PREFIX_LENGTH))) cf_error("Invalid prefix pattern range: {%d, %d}.", $3, $5);
+ $$ = $1; $$.val.px.len |= LEN_RANGE | ($3 << 16) | ($5 << 8);
+ }
+ ;
+
+fprefix_set:
+ fprefix { $$ = f_new_trie(); trie_add_prefix($$, &($1.val.px)); }
+ | fprefix_set ',' fprefix { $$ = $1; trie_add_prefix($$, &($3.val.px)); }
+ ;
+
switch_body: /* EMPTY */ { $$ = NULL; }
| set_item ':' cmds switch_body {
$$ = $1;
@@ -294,6 +304,7 @@ constant:
| fipa { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; *val = $1; }
| fprefix_s {NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; *val = $1; }
| '[' set_items ']' { DBG( "We've got a set here..." ); $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_SET; $$->a2.p = build_tree($2); DBG( "ook\n" ); }
+ | '[' fprefix_set ']' { $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_PREFIX_SET; $$->a2.p = $2; }
| ENUM { $$ = f_new_inst(); $$->code = 'c'; $$->aux = $1 >> 16; $$->a2.i = $1 & 0xffff; }
| bgp_path { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; val->type = T_PATH_MASK; val->val.path_mask = $1; $$->a1.p = val; }
;
@@ -374,12 +385,16 @@ term:
case SYM_IPA:
{ NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; val->type = T_IP; val->val.px.ip = * (ip_addr *) ($1->def); }
break;
+ case SYM_VARIABLE | T_BOOL:
case SYM_VARIABLE | T_INT:
case SYM_VARIABLE | T_PAIR:
- case SYM_VARIABLE | T_PREFIX:
+ case SYM_VARIABLE | T_STRING:
case SYM_VARIABLE | T_IP:
- case SYM_VARIABLE | T_PATH_MASK:
+ case SYM_VARIABLE | T_PREFIX:
+ case SYM_VARIABLE | T_PREFIX_SET:
+ case SYM_VARIABLE | T_SET:
case SYM_VARIABLE | T_PATH:
+ case SYM_VARIABLE | T_PATH_MASK:
case SYM_VARIABLE | T_CLIST:
$$->code = 'C';
$$->a1.p = $1->def;
diff --git a/filter/filter.c b/filter/filter.c
index 623ab291..2e13c752 100644
--- a/filter/filter.c
+++ b/filter/filter.c
@@ -145,6 +145,25 @@ val_compare(struct f_val v1, struct f_val v2)
}
}
+
+void
+f_prefix_get_bounds(struct f_prefix *px, int *l, int *h)
+{
+ *l = *h = px->len & LEN_MASK;
+
+ if (px->len & LEN_MINUS)
+ *l = 0;
+
+ else if (px->len & LEN_PLUS)
+ *h = MAX_PREFIX_LENGTH;
+
+ else if (px->len & LEN_RANGE)
+ {
+ *l = 0xff & (px->len >> 16);
+ *h = 0xff & (px->len >> 8);
+ }
+}
+
/*
* val_simple_in_range - check if @v1 ~ @v2 for everything except sets
*/
@@ -162,21 +181,21 @@ val_simple_in_range(struct f_val v1, struct f_val v2)
return !(ipa_compare(ipa_and(v2.val.px.ip, ipa_mkmask(v2.val.px.len)), ipa_and(v1.val.px.ip, ipa_mkmask(v2.val.px.len))));
if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX)) {
- ip_addr mask;
+
if (v1.val.px.len & (LEN_PLUS | LEN_MINUS | LEN_RANGE))
return CMP_ERROR;
- mask = ipa_mkmask( v2.val.px.len & LEN_MASK );
+
+ int p1 = v1.val.px.len & LEN_MASK;
+ int p2 = v2.val.px.len & LEN_MASK;
+ ip_addr mask = ipa_mkmask(MIN(p1, p2));
+
if (ipa_compare(ipa_and(v2.val.px.ip, mask), ipa_and(v1.val.px.ip, mask)))
return 0;
- if ((v2.val.px.len & LEN_MINUS) && (v1.val.px.len <= (v2.val.px.len & LEN_MASK)))
- return 0;
- if ((v2.val.px.len & LEN_PLUS) && (v1.val.px.len < (v2.val.px.len & LEN_MASK)))
- return 0;
- if ((v2.val.px.len & LEN_RANGE) && ((v1.val.px.len < (0xff & (v2.val.px.len >> 16)))
- || (v1.val.px.len > (0xff & (v2.val.px.len >> 8)))))
- return 0;
- return 1;
+ int l, h;
+ f_prefix_get_bounds(&v2.val.px, &l, &h);
+
+ return ((l <= v1.val.px.len) && (v1.val.px.len <= h));
}
return CMP_ERROR;
}
@@ -199,6 +218,9 @@ val_in_range(struct f_val v1, struct f_val v2)
if (res != CMP_ERROR)
return res;
+ if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX_SET))
+ return trie_match_prefix(v2.val.ti, &v1.val.px);
+
if (v2.type == T_SET)
switch (v1.type) {
case T_ENUM:
@@ -248,6 +270,7 @@ val_print(struct f_val v)
case T_IP: PRINTF( "%I", v.val.px.ip ); break;
case T_PREFIX: PRINTF( "%I/%d", v.val.px.ip, v.val.px.len ); break;
case T_PAIR: PRINTF( "(%d,%d)", v.val.i >> 16, v.val.i & 0xffff ); break;
+ case T_PREFIX_SET: trie_print(v.val.ti, buf, 2040); break;
case T_SET: tree_print( v.val.t ); PRINTF( "\n" ); break;
case T_ENUM: PRINTF( "(enum %x)%d", v.type, v.val.i ); break;
case T_PATH: as_path_format(v.val.ad, buf2, 1020); PRINTF( "(path %s)", buf2 ); break;
@@ -430,13 +453,17 @@ interpret(struct f_inst *what)
switch (res.type = v2.type) {
case T_VOID: runtime( "Can't assign void values" );
case T_ENUM:
- case T_INT:
- case T_IP:
- case T_PREFIX:
- case T_PAIR:
+ case T_BOOL:
+ case T_INT:
+ case T_PAIR:
+ case T_STRING:
+ case T_IP:
+ case T_PREFIX:
+ case T_PREFIX_SET:
+ case T_SET:
case T_PATH:
- case T_CLIST:
case T_PATH_MASK:
+ case T_CLIST:
if (sym->class != (SYM_VARIABLE | v2.type))
runtime( "Assigning to variable of incompatible type" );
* (struct f_val *) sym->def = v2;
@@ -447,10 +474,12 @@ interpret(struct f_inst *what)
break;
/* some constants have value in a2, some in *a1.p, strange. */
- case 'c': /* integer (or simple type) constant, or string, or set */
+ case 'c': /* integer (or simple type) constant, string, set, or prefix_set */
res.type = what->aux;
- if (res.type == T_SET)
+ if (res.type == T_PREFIX_SET)
+ res.val.ti = what->a2.p;
+ else if (res.type == T_SET)
res.val.t = what->a2.p;
else if (res.type == T_STRING)
res.val.s = what->a2.p;
@@ -818,16 +847,21 @@ i_same(struct f_inst *f1, struct f_inst *f2)
break;
case 'c':
- if (f1->aux & T_SET) {
+ switch (f1->aux) {
+
+ case T_PREFIX_SET:
+ if (!trie_same(f1->a2.p, f2->a2.p))
+ return 0;
+
+ case T_SET:
if (!same_tree(f1->a2.p, f2->a2.p))
return 0;
- break;
- }
- switch (f1->aux) {
+
case T_STRING:
if (strcmp(f1->a2.p, f2->a2.p))
return 0;
break;
+
default:
A2_SAME;
}
diff --git a/filter/filter.h b/filter/filter.h
index f71e54d3..2277f519 100644
--- a/filter/filter.h
+++ b/filter/filter.h
@@ -50,6 +50,7 @@ struct f_val {
struct f_prefix px;
char *s;
struct f_tree *t;
+ struct f_trie *ti;
struct adata *ad;
struct f_path_mask *path_mask;
} val;
@@ -69,6 +70,12 @@ struct f_tree *build_tree(struct f_tree *);
struct f_tree *find_tree(struct f_tree *t, struct f_val val);
int same_tree(struct f_tree *t1, struct f_tree *t2);
+struct f_trie *f_new_trie(void);
+void trie_add_prefix(struct f_trie *t, struct f_prefix *px);
+int trie_match_prefix(struct f_trie *t, struct f_prefix *px);
+int trie_same(struct f_trie *t1, struct f_trie *t2);
+int trie_print(struct f_trie *t, char *buf, int blen);
+
struct ea_list;
struct rte;
@@ -128,6 +135,7 @@ void val_print(struct f_val v);
#define T_RETURN 0x40
#define T_SET 0x80
+#define T_PREFIX_SET 0x81
struct f_tree {
struct f_tree *left, *right;
@@ -135,6 +143,19 @@ struct f_tree {
void *data;
};
+struct f_trie_node
+{
+ ip_addr addr, mask, accept;
+ int plen;
+ struct f_trie_node *c[2];
+};
+
+struct f_trie
+{
+ int zero;
+ struct f_trie_node root;
+};
+
#define NEW_F_VAL struct f_val * val; val = cfg_alloc(sizeof(struct f_val));
#define FF_FORCE_TMPATTR 1 /* Force all attributes to be temporary */
diff --git a/filter/test.conf b/filter/test.conf
index 96859e53..af889073 100644
--- a/filter/test.conf
+++ b/filter/test.conf
@@ -100,10 +100,25 @@ function __test2()
} reject;
}
+function test_pxset(prefix set pxs)
+{
+ print " must be true: ", 10.0.0.0/8 ~ pxs, ",", 10.0.0.0/10 ~ pxs, ",", 10.0.0.0/12 ~ pxs, ",",
+ 20.0.0.0/24 ~ pxs, ",", 20.0.40.0/24 ~ pxs, ",", 20.0.0.0/26 ~ pxs, ",",
+ 20.0.100.0/26 ~ pxs, ",", 20.0.0.0/28 ~ pxs, ",", 20.0.255.0/28 ~ pxs;
+ print " must be false: ", 10.0.0.0/7 ~ pxs, ",", 10.0.0.0/13 ~ pxs, ",", 10.0.0.0/16 ~ pxs, ",",
+ 20.0.0.0/16 ~ pxs, ",", 20.0.0.0/23 ~ pxs, ",", 20.0.0.0/29 ~ pxs, ",",
+ 11.0.0.0/10 ~ pxs, ",", 20.1.0.0/26 ~ pxs;
+}
+
function __startup()
int i;
+bool b;
prefix px;
ip p;
+pair pp;
+int set is;
+prefix set pxs;
+string s;
{
print "Testing filter language:";
i = four;
@@ -118,20 +133,37 @@ ip p;
if 1234 = i then printn "."; else { print "*** FAIL: if 1 else"; }
# if 1 <= 1 then printn "."; else { print "*** FAIL: test 3"; }
if 1234 < 1234 then { print "*** FAIL: test 4"; quitbird; } else print "ok";
+ is = [ 2, 3, 4, 7..11 ];
print " must be true: ", 1.2.0.0/16 ~ [ 1.0.0.0/8{ 15 , 17 } ];
- print " data types; must be true: ", 1.2.3.4 = 1.2.3.4, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 1.2.3.4 ~ [ 1.2.3.3..1.2.3.5 ], ",", 1.2.3.4 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ [ 1.0.0.0/8+ ];
+ print " data types; must be true: ", 1.2.3.4 = 1.2.3.4, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 10 ~ is, ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 1.2.3.4 ~ [ 1.2.3.3..1.2.3.5 ], ",", 1.2.3.4 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ [ 1.0.0.0/8+ ];
print " must be true: ", true && true, ",", true || false;
# print " must be true: ", defined(1), ",", defined(1.2.3.4), ",", 1 != 2, ",", 1 <= 2;
- print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ [ 2, 3, 4, 7..11 ], ",", 1.2.3.4 ~ [ 1.2.3.3, 1.2.3.5 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1.0.0.0/8 ~ [ 1.0.0.0/8- ], ",", 1.2.0.0/17 ~ [ 1.0.0.0/8{ 15 , 16 } ], ",", true && false;
+ print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ is, ",", 1.2.3.4 ~ [ 1.2.3.3, 1.2.3.5 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1.0.0.0/9 ~ [ 1.0.0.0/8- ], ",", 1.2.0.0/17 ~ [ 1.0.0.0/8{ 15 , 16 } ], ",", true && false;
px = 1.2.0.0/18;
print "Testing prefixes: 1.2.0.0/18 = ", px;
p = 127.1.2.3;
print "Testing mask : 127.0.0.0 = ", p.mask(8);
- print "Testing pairs: (1,2) = ", (1,2);
+
+ pp = (1, 2);
+ print "Testing pairs: (1,2) = ", (1,2), " = ", pp;
print "Testing enums: ", RTS_DUMMY, " ", RTS_STATIC;
+ s = "Hello";
+ print "Testing string: ", s, " true: ", s ~ "Hell*", " false: ", s ~ "ell*";
+
+ b = true;
+ print "Testing bool: ", b, ", ", !b;
+
+ pxs = [ 1.2.0.0/16, 1.4.0.0/16+];
+ print "Testing prefix sets: ";
+ print pxs;
+ print " must be true: ", 1.2.0.0/16 ~ pxs, ",", 1.4.0.0/16 ~ pxs, ",", 1.4.0.0/18 ~ pxs, ",", 1.4.0.0/32 ~ pxs;
+ print " must be false: ", 1.1.0.0/16 ~ pxs, ",", 1.3.0.0/16 ~ pxs, ",", 1.2.0.0/15 ~ pxs, ",", 1.2.0.0/17 ~ pxs, ",",
+ 1.2.0.0/32 ~ pxs, ",", 1.4.0.0/15 ~ pxs;
+
+ test_pxset([ 10.0.0.0/16{8,12}, 20.0.0.0/16{24,28} ]);
print "What will this do? ", [ 1, 2, 1, 1, 1, 3, 4, 1, 1, 1, 5 ];
print "Testing functions...";
diff --git a/filter/test6.conf b/filter/test6.conf
new file mode 100644
index 00000000..f25ffc47
--- /dev/null
+++ b/filter/test6.conf
@@ -0,0 +1,182 @@
+/*
+ * This is an example configuration file.
+ * FIXME: add all examples from docs here.
+ */
+
+# Yet another comment
+
+router id 62.168.0.1;
+
+define xyzzy = (120+10);
+
+function callme(int arg1; int arg2)
+int local1;
+int local2;
+int i;
+{
+ printn "Function callme called arguments ", arg1, " and ", arg2, ":" ;
+ i = arg2;
+
+ case arg1 {
+ 2: print "dva"; print "jeste jednou dva";
+ 3 .. 5: print "tri az pet";
+ else: print "neco jineho";
+ }
+}
+
+function fifteen()
+{
+ print "fifteen called";
+ return 15;
+}
+
+function paths()
+bgpmask pm1;
+bgpmask pm2;
+bgppath p2;
+clist l;
+{
+ pm1 = / 4 3 2 1 /;
+ pm2 = [= 4 3 2 1 =];
+ print "Testing path masks: ", pm1, " ", pm2;
+ p2 = prepend( + empty +, 1 );
+ p2 = prepend( p2, 2 );
+ p2 = prepend( p2, 3 );
+ p2 = prepend( p2, 4 );
+ print "Testing paths: ", p2;
+ print "Should be true: ", p2 ~ pm1, " ", p2 ~ pm2;
+ print "4 = ", p2.len;
+ p2 = prepend( p2, 5 );
+ print "Should be false: ", p2 ~ pm1, " ", p2 ~ pm2;
+ print "Should be true: ", p2 ~ / ? 4 3 2 1 /, " ", p2, " ", / ? 4 3 2 1 /;
+ print "Should be true: ", p2 ~ [= * 4 3 * 1 =], " ", p2, " ", [= * 4 3 * 1 =];
+ print "5 = ", p2.len;
+
+ pm1 = [= 1 2 * 3 4 5 =];
+ p2 = prepend( + empty +, 5 );
+ p2 = prepend( p2, 4 );
+ p2 = prepend( p2, 3 );
+ p2 = prepend( p2, 3 );
+ p2 = prepend( p2, 2 );
+ p2 = prepend( p2, 1 );
+ print "Should be true: ", p2 ~ pm1, " ", p2, " ", pm1;
+
+ l = - empty -;
+ l = add( l, (1,2) );
+ l = add( l, (2,3) );
+ print "Community list (1,2) (2,3) ", l;
+ print "Should be true: ", (2,3) ~ l;
+ l = delete( l, (2,3) );
+ print "Community list (1,2) ", l;
+ print "Should be false: ", (2,3) ~ l;
+}
+
+function bla()
+{
+ print "fifteen called";
+ return 15;
+}
+
+define four=4;
+
+function test_pxset(prefix set pxs)
+{
+ print " must be true: ", 1000::/8 ~ pxs, ",", 1000::/10 ~ pxs, ",", 1000::/12 ~ pxs, ",",
+ 2000::/24 ~ pxs, ",", 2000:4000::/24 ~ pxs, ",", 2000::/26 ~ pxs, ",",
+ 2000:8000::/26 ~ pxs, ",", 2000::/28 ~ pxs, ",", 2000:FFF0::/28 ~ pxs;
+ print " must be false: ", 1000::/7 ~ pxs, ",", 1000::/13 ~ pxs, ",", 1000::/16 ~ pxs, ",",
+ 2000::/16 ~ pxs, ",", 2000::/23 ~ pxs, ",", 2000::/29 ~ pxs, ",",
+ 1100::/10 ~ pxs, ",", 2010::/26 ~ pxs;
+}
+
+function __startup()
+int i;
+bool b;
+prefix px;
+ip p;
+pair pp;
+int set is;
+prefix set pxs;
+string s;
+{
+ print "Testing filter language:";
+ i = four;
+ i = 12*100 + 60/2 + i;
+ i = ( i + 0 );
+ print " arithmetics: 1234 = ", i;
+ printn " if statements ";
+ print "what happens here?";
+ printn ".";
+ if (i = 4) then { print "*** FAIL: if 0"; quitbird; } else printn ".";
+# if !(i = 3) then { print "*** FAIL: if 0"; quitbird; } else printn ".";
+ if 1234 = i then printn "."; else { print "*** FAIL: if 1 else"; }
+# if 1 <= 1 then printn "."; else { print "*** FAIL: test 3"; }
+ if 1234 < 1234 then { print "*** FAIL: test 4"; quitbird; } else print "ok";
+ is = [ 2, 3, 4, 7..11 ];
+ print " must be true: ", 1180::/16 ~ [ 1100::/8{ 15 , 17 } ];
+ print " data types; must be true: ", 12::34 = 12::34, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 10 ~ is, ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 12::34 ~ [ 12::33..12::35 ], ",", 1020::34 ~ 1000::/8, ",", 1000::/8 ~ 1000::/8, ",", 1000::/8 ~ [ 1000::/8+ ];
+ print " must be true: ", true && true, ",", true || false;
+
+# print " must be true: ", defined(1), ",", defined(1.2.3.4), ",", 1 != 2, ",", 1 <= 2;
+ print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ is, ",", 12::34 ~ [ 12::33, 12::35 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1000::/9 ~ [ 1000::/8- ], ",", 1000::/17 ~ [ 1000::/8{ 15 , 16 } ], ",", true && false;
+
+ px = 1020::/18;
+ print "Testing prefixes: 1020::/18 = ", px;
+ p = 1234:5678::;
+ print "Testing mask : 1200:: = ", p.mask(8);
+
+ pp = (1, 2);
+ print "Testing pairs: (1,2) = ", (1,2), " = ", pp;
+ print "Testing enums: ", RTS_DUMMY, " ", RTS_STATIC;
+
+ s = "Hello";
+ print "Testing string: ", s, " true: ", s ~ "Hell*", " false: ", s ~ "ell*";
+
+ b = true;
+ print "Testing bool: ", b, ", ", !b;
+
+ pxs = [ 1102::/16, 1104::/16+];
+ print "Testing prefix sets: ";
+ print pxs;
+ print " must be true: ", 1102::/16 ~ pxs, ",", 1104::/16 ~ pxs, ",", 1104::/18 ~ pxs, ",", 1104::/32 ~ pxs;
+ print " must be false: ", 1101::/16 ~ pxs, ",", 1103::/16 ~ pxs, ",", 1102::/15 ~ pxs, ",", 1102::/17 ~ pxs, ",",
+ 1102::/32 ~ pxs, ",", 1104::/15 ~ pxs;
+
+ test_pxset([ 1000::/16{8,12}, 2000::/16{24,28} ]);
+ print "What will this do? ", [ 1, 2, 1, 1, 1, 3, 4, 1, 1, 1, 5 ];
+
+ print "Testing functions...";
+# callme ( 1, 2 );
+ callme ( 2, 2 );
+ callme ( 2, 2 );
+ callme ( 3, 2 );
+ callme ( 4, 2 );
+ callme ( 7, 2 );
+
+ i = fifteen();
+ print "Testing function calls: 15 = ", i;
+
+ paths();
+
+ print "done";
+ quitbird;
+# print "*** FAIL: this is unreachable";
+}
+
+filter testf
+int j;
+{
+ print "Heya, filtering route to ", net.ip, " prefixlen ", net.len, " source ", source;
+ print "This route was from ", from;
+ j = 7;
+ j = 17;
+ if rip_metric > 15 then {
+ reject "RIP Metric is more than infinity";
+ }
+ rip_metric = 14;
+ unset(rip_metric);
+
+ accept "ok I take that";
+}
+
+eval __startup(); \ No newline at end of file
diff --git a/filter/trie.c b/filter/trie.c
new file mode 100644
index 00000000..7f9f5f88
--- /dev/null
+++ b/filter/trie.c
@@ -0,0 +1,325 @@
+/*
+ * Filters: Trie for prefix sets
+ *
+ * Copyright 2009 Ondrej Zajicek <santiago@crfreenet.org>
+ *
+ * Can be freely distributed and used under the terms of the GNU GPL.
+ */
+
+/**
+ * DOC: Trie for prefix sets
+ *
+ * We use a (compressed) trie to represent prefix sets. Every node
+ * in the trie represents one prefix (&addr/&plen) and &plen also
+ * indicates the index of the bit in the address that is used to
+ * branch at the node. If we need to represent just a set of
+ * prefixes, it would be simple, but we have to represent a
+ * set of prefix pattern. Each prefix pattern consists of
+ * &ppaddr/&pplen and two integers: &low and &high, and a prefix
+ * &paddr/&plen matches that pattern if the first MIN(&plen, &pplen)
+ * bits of &paddr and &ppaddr are the same and &low <= &plen <= &high.
+ *
+ * We use a bitmask (&accept) to represent accepted prefix lengths
+ * at a node. As there are 33 prefix lengths (0..32 for IPv4), but
+ * there is just one prefix of zero length in the whole trie so we
+ * have &zero flag in &f_trie (indicating whether the trie accepts
+ * prefix 0.0.0.0/0) as a special case, and &accept bitmask
+ * represents accepted prefix lengths from 1 to 32.
+ *
+ * There are two cases in prefix matching - a match when the length
+ * of the prefix is smaller that the length of the prefix pattern,
+ * (&plen < &pplen) and otherwise. The second case is simple - we
+ * just walk through the trie and look at every visited node
+ * whether that prefix accepts our prefix length (&plen). The
+ * first case is tricky - we don't want to examine every descendant
+ * of a final node, so (when we create the trie) we have to propagate
+ * that information from nodes to their ascendants.
+ *
+ * Suppose that we have two masks (M1 and M2) for a node. Mask M1
+ * represents accepted prefix lengths by just the node and mask M2
+ * represents accepted prefix lengths by the node or any of its
+ * descendants. Therefore M2 is a bitwise or of M1 and children's
+ * M2 and this is a maintained invariant during trie building.
+ * Basically, when we want to match a prefix, we walk through the trie,
+ * check mask M1 for our prefix length and when we came to
+ * final node, we check mask M2.
+ *
+ * There are two differences in the real implementation. First,
+ * we use a compressed trie so there is a case that we skip our
+ * final node (if it is not in the trie) and we came to node that
+ * is either extension of our prefix, or completely out of path
+ * In the first case, we also have to check M2.
+
+ * There also might be
+ * a problem that interval of acceptance (on path from root to the
+ * final node) might be completely missing (for example if we have
+ * prefix patterns 192.168.128.0/24{8,10} and 192.168.1.0/24
+ *
+ * Second, we really need not to maintain two separate bitmasks.
+ * Checks for mask M1 are always larger than &applen and we need
+ * just the first &pplen bits of mask M2 (if trie compression
+ * hadn't been used it would suffice to know just $applen-th bit),
+ * so we have to store them together in &accept mask - the first
+ * &pplen bits of mask M2 and then mask M1.
+ *
+ * There are four cases when we walk through a trie:
+ *
+ * - we are in NULL
+ * - we are out of path (prefixes are inconsistent)
+ * - we are in the wanted (final) node (node length == &plen)
+ * - we are beyond the end of path (node length > &plen)
+ * - we are still on path and keep walking (node length < &plen)
+ *
+ * The walking code in add_node_to_trie() and trie_match_prefix()
+ * is structured according to these cases.
+ */
+
+#include "nest/bird.h"
+#include "conf/conf.h"
+#include "filter/filter.h"
+
+/**
+ * f_new_trie
+ *
+ * Allocates and returns a new empty trie.
+ */
+struct f_trie *
+f_new_trie(void)
+{
+ struct f_trie * ret;
+ ret = cfg_allocz(sizeof(struct f_trie));
+ return ret;
+}
+
+static inline struct f_trie_node *
+new_node(int plen, ip_addr paddr, ip_addr pmask, ip_addr amask)
+{
+ struct f_trie_node *n = cfg_allocz(sizeof(struct f_trie_node));
+ n->plen = plen;
+ n->addr = paddr;
+ n->mask = pmask;
+ n->accept = amask;
+ return n;
+}
+
+static inline void
+attach_node(struct f_trie_node *parent, struct f_trie_node *child)
+{
+ parent->c[ipa_getbit(child->addr, parent->plen) ? 1 : 0] = child;
+}
+
+static void
+add_node_to_trie(struct f_trie *t, int plen, ip_addr ip, ip_addr amask)
+{
+ ip_addr pmask = ipa_mkmask(plen);
+ ip_addr paddr = ipa_and(ip, pmask);
+ struct f_trie_node *o = NULL;
+ struct f_trie_node *n = &t->root;
+
+ while(n)
+ {
+ ip_addr cmask = ipa_and(n->mask, pmask);
+
+ if (ipa_compare(ipa_and(paddr, cmask), ipa_and(n->addr, cmask)))
+ {
+ /* We are out of path - we have to add branching node 'b'
+ between node 'o' and node 'n', and attach new node 'a'
+ as the other child of 'b'. */
+ int blen = ipa_pxlen(paddr, n->addr);
+ ip_addr bmask = ipa_mkmask(blen);
+ ip_addr baddr = ipa_and(ip, bmask);
+
+ /* Merge accept masks from children to get accept mask for node 'b' */
+ ip_addr baccm = ipa_and(ipa_or(amask, n->accept), bmask);
+
+ struct f_trie_node *a = new_node(plen, paddr, pmask, amask);
+ struct f_trie_node *b = new_node(blen, baddr, bmask, baccm);
+ attach_node(o, b);
+ attach_node(b, n);
+ attach_node(b, a);
+ return;
+ }
+
+ if (plen < n->plen)
+ {
+ /* We add new node 'a' between node 'o' and node 'n' */
+ amask = ipa_or(amask, ipa_and(n->accept, pmask));
+ struct f_trie_node *a = new_node(plen, paddr, pmask, amask);
+ attach_node(o, a);
+ attach_node(a, n);
+ return;
+ }
+
+ if (plen == n->plen)
+ {
+ /* We already found added node in trie. Just update accept mask */
+ n->accept = ipa_or(n->accept, amask);
+ return;
+ }
+
+ /* Update accept mask part M2 and go deeper */
+ n->accept = ipa_or(n->accept, ipa_and(amask, n->mask));
+
+ /* n->plen < plen and plen <= 32 */
+ o = n;
+ n = n->c[ipa_getbit(paddr, n->plen) ? 1 : 0];
+ }
+
+ /* We add new tail node 'a' after node 'o' */
+ struct f_trie_node *a = new_node(plen, paddr, pmask, amask);
+ attach_node(o, a);
+}
+
+/**
+ * trie_add_prefix
+ * @t: trie to add to
+ * @px: prefix to add
+ *
+ * Adds prefix (prefix pattern) @px to trie @t.
+ */
+void
+trie_add_prefix(struct f_trie *t, struct f_prefix *px)
+{
+ int l, h;
+ int plen = px->len & LEN_MASK;
+ ip_addr pmask = ipa_mkmask(plen);
+
+ /* 'l' and 'h' are lower and upper bounds on accepted
+ prefix lengths, both inclusive. 0 <= l, h <= 32 */
+ f_prefix_get_bounds(px, &l, &h);
+
+ if (l == 0)
+ t->zero = 1;
+ else
+ l--;
+
+ ip_addr amask = ipa_xor(ipa_mkmask(l), ipa_mkmask(h));
+ /* MIN(plen, h) instead of just plen is a little trick. */
+ add_node_to_trie(t, MIN(plen, h), px->ip, amask);
+}
+
+/**
+ * trie_match_prefix
+ * @t: trie
+ * @px: prefix
+ *
+ * Tries to find a matching prefix pattern in the trie such that
+ * prefix @px matches that prefix pattern. Returns 1 if there
+ * is such prefix pattern in the trie.
+ */
+int
+trie_match_prefix(struct f_trie *t, struct f_prefix *px)
+{
+ int plen = px->len & LEN_MASK;
+ ip_addr pmask = ipa_mkmask(plen);
+ ip_addr paddr = ipa_and(px->ip, pmask);
+
+ if (plen == 0)
+ return t->zero;
+
+ int plentest = plen - 1;
+ struct f_trie_node *n = &t->root;
+
+ while(n)
+ {
+ ip_addr cmask = ipa_and(n->mask, pmask);
+
+ /* We are out of path */
+ if (ipa_compare(ipa_and(paddr, cmask), ipa_and(n->addr, cmask)))
+ return 0;
+
+ /* Check accept mask */
+ if (ipa_getbit(n->accept, plentest))
+ return 1;
+
+ /* We finished trie walk and still no match */
+ if (plen <= n->plen)
+ return 0;
+
+ /* Choose children */
+ n = n->c[(ipa_getbit(paddr, n->plen)) ? 1 : 0];
+ }
+
+ return 0;
+}
+
+static int
+trie_node_same(struct f_trie_node *t1, struct f_trie_node *t2)
+{
+ if ((t1 == NULL) && (t2 == NULL))
+ return 1;
+
+ if ((t1 == NULL) || (t2 == NULL))
+ return 0;
+
+ if ((t1->plen != t2->plen) ||
+ (! ipa_equal(t1->addr, t2->addr)) ||
+ (! ipa_equal(t1->accept, t2->accept)))
+ return 0;
+
+ return trie_node_same(t1->c[0], t2->c[0]) && trie_node_same(t1->c[1], t2->c[1]);
+}
+
+/**
+ * trie_same
+ * @t1: first trie to be compared
+ * @t2: second one
+ *
+ * Compares two tries and returns 1 if they are same
+ */
+int
+trie_same(struct f_trie *t1, struct f_trie *t2)
+{
+ return (t1->zero == t2->zero) && trie_node_same(&t1->root, &t2->root);
+}
+
+static int
+trie_node_print(struct f_trie_node *t, char *buf, int blen)
+{
+ if (t == NULL)
+ return;
+
+ int old_blen = blen;
+ int wb = 0; // bsnprintf(buf, blen, "%I/%d accept %I\n", t->addr, t->plen, t->accept);
+debug("%I/%d accept %I\n", t->addr, t->plen, t->accept);
+
+ if ((wb < 0) || ((blen - wb) < 10))
+ {
+ bsnprintf(buf, blen, "...\n");
+ return -1;
+ }
+
+ buf += wb;
+ blen -= wb;
+
+ wb = trie_node_print(t->c[0], buf, blen);
+ if (wb < 0)
+ return -1;
+
+ buf += wb;
+ blen -= wb;
+
+ wb = trie_node_print(t->c[1], buf, blen);
+ if (wb < 0)
+ return -1;
+
+ blen -= wb;
+
+ return (old_blen - blen);
+}
+
+/**
+ * trie_print
+ * @t: trie to be printed
+ * @buf: buffer
+ * @blen: buffer length
+ *
+ * Prints the trie to the buffer, using at most blen bytes.
+ * Returns the number of used bytes, or -1 if there is not
+ * enough space in the buffer.
+ */
+int
+trie_print(struct f_trie *t, char *buf, int blen)
+{
+ return trie_node_print(&t->root, buf, blen);
+}