diff options
| author | Jan Moskyto Matejka <mq@ucw.cz> | 2017-03-13 13:50:32 +0100 |
|---|---|---|
| committer | Jan Moskyto Matejka <mq@ucw.cz> | 2017-03-13 13:51:20 +0100 |
| commit | 8c9986d310c58b26c000375be00be0deb9c2e360 (patch) | |
| tree | 9e3dba54bc82bb2bb9e0b6a25591eb471b107550 /filter | |
| parent | 54334b5667158d4b0af55201f327faeb80c05e0e (diff) | |
Filters: VPN Route Distinguishers, Prefix Type, Docs Update
Diffstat (limited to 'filter')
| -rw-r--r-- | filter/config.Y | 6 | ||||
| -rw-r--r-- | filter/filter.c | 27 | ||||
| -rw-r--r-- | filter/filter.h | 3 | ||||
| -rw-r--r-- | filter/test.conf | 36 |
4 files changed, 68 insertions, 4 deletions
diff --git a/filter/config.Y b/filter/config.Y index 94a7e307..f84360ff 100644 --- a/filter/config.Y +++ b/filter/config.Y @@ -393,7 +393,7 @@ CF_DECLS CF_KEYWORDS(FUNCTION, PRINT, PRINTN, UNSET, RETURN, ACCEPT, REJECT, ERROR, QUITBIRD, - INT, BOOL, IP, PREFIX, PAIR, QUAD, EC, LC, + INT, BOOL, IP, TYPE, PREFIX, RD, PAIR, QUAD, EC, LC, SET, STRING, BGPMASK, BGPPATH, CLIST, ECLIST, LCLIST, IF, THEN, ELSE, CASE, TRUE, FALSE, RT, RO, UNKNOWN, GENERIC, @@ -460,6 +460,7 @@ type: INT { $$ = T_INT; } | BOOL { $$ = T_BOOL; } | IP { $$ = T_IP; } + | RD { $$ = T_RD; } | PREFIX { $$ = T_NET; } | PAIR { $$ = T_PAIR; } | QUAD { $$ = T_QUAD; } @@ -786,6 +787,7 @@ constant: | FALSE { $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_BOOL; $$->a2.i = 0; } | TEXT { $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_STRING; $$->a2.p = $1; } | fipa { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; *val = $1; } + | VPN_RD { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; val->type = T_RD; val->val.ec = $1; $$->a1.p = val; } | net_ { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; val->type = T_NET; val->val.net = $1; $$->a1.p = val; } | '[' set_items ']' { DBG( "We've got a set here..." ); $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_SET; $$->a2.p = build_tree($2); DBG( "ook\n" ); } | '[' fprefix_set ']' { $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_PREFIX_SET; $$->a2.p = $2; } @@ -888,7 +890,9 @@ term: | rtadot dynamic_attr { $$ = $2; $$->code = P('e','a'); } + | term '.' TYPE { $$ = f_new_inst(); $$->code = 'T'; $$->a1.p = $1; } | term '.' IP { $$ = f_new_inst(); $$->code = P('c','p'); $$->a1.p = $1; $$->aux = T_IP; } + | term '.' RD { $$ = f_new_inst(); $$->code = P('R','D'); $$->a1.p = $1; $$->aux = T_RD; } | term '.' LEN { $$ = f_new_inst(); $$->code = 'L'; $$->a1.p = $1; } | term '.' MAXLEN { $$ = f_new_inst(); $$->code = P('R','m'); $$->a1.p = $1; } | term '.' ASN { $$ = f_new_inst(); $$->code = P('R','a'); $$->a1.p = $1; } diff --git a/filter/filter.c b/filter/filter.c index 79a594bf..a3caaf96 100644 --- a/filter/filter.c +++ b/filter/filter.c @@ -151,6 +151,7 @@ val_compare(struct f_val v1, struct f_val v2) case T_QUAD: return uint_cmp(v1.val.i, v2.val.i); case T_EC: + case T_RD: return u64_cmp(v1.val.ec, v2.val.ec); case T_LC: return lcomm_cmp(v1.val.lc, v2.val.lc); @@ -515,6 +516,7 @@ val_format(struct f_val v, buffer *buf) case T_QUAD: buffer_print(buf, "%R", v.val.i); return; case T_EC: ec_format(buf2, v.val.ec); buffer_print(buf, "%s", buf2); return; case T_LC: lc_format(buf2, v.val.lc); buffer_print(buf, "%s", buf2); return; + case T_RD: rd_format(v.val.ec, buf2, 1024); buffer_print(buf, "%s", buf2); return; case T_PREFIX_SET: trie_format(v.val.ti, buf); return; case T_SET: tree_format(v.val.t, buf); return; case T_ENUM: buffer_print(buf, "(enum %x)%u", v.type, v.val.i); return; @@ -815,6 +817,18 @@ interpret(struct f_inst *what) res.type = T_BOOL; res.val.i = (v1.type != T_VOID); break; + case 'T': + ONEARG; + switch (v1.type) + { + case T_NET: + res.type = T_ENUM_NETTYPE; + res.val.i = v1.val.net->type; + break; + default: + runtime( "Can't determine type of this item" ); + } + break; /* Set to indirect value, a1 = variable, a2 = value */ case 's': @@ -1209,6 +1223,16 @@ interpret(struct f_inst *what) res.type = T_IP; res.val.ip = net_prefix(v1.val.net); break; + case P('R','D'): + ONEARG; + if (v1.type != T_NET) + runtime( "Prefix expected" ); + res.type = T_RD; + if ((1 << v1.val.net->type) & (NB_VPN4 | NB_VPN6)) + res.val.ec = net_rd(v1.val.net); + else + runtime( "VPN address expected" ); + break; case P('a','f'): /* Get first ASN from AS PATH */ ONEARG; if (v1.type != T_PATH) @@ -1581,6 +1605,8 @@ i_same(struct f_inst *f1, struct f_inst *f2) case P('!', '~'): case '~': TWOARGS; break; case P('d','e'): ONEARG; break; + case 'T': ONEARG; break; + case P('n','T'): break; case P('m','l'): TWOARGS; @@ -1646,6 +1672,7 @@ i_same(struct f_inst *f1, struct f_inst *f2) case 'r': ONEARG; break; case P('c','p'): ONEARG; break; + case P('R','D'): ONEARG; break; case P('c','a'): /* Call rewriting trickery to avoid exponential behaviour */ ONEARG; if (!i_same(f1->a2.p, f2->a2.p)) diff --git a/filter/filter.h b/filter/filter.h index 855219ec..0beac679 100644 --- a/filter/filter.h +++ b/filter/filter.h @@ -146,6 +146,8 @@ void val_format(struct f_val v, buffer *buf); #define T_ENUM_RTC 0x33 #define T_ENUM_RTD 0x34 #define T_ENUM_ROA 0x35 +#define T_ENUM_NETTYPE 0x36 + /* new enums go here */ #define T_ENUM_EMPTY 0x3f /* Special hack for atomic_aggr */ @@ -162,6 +164,7 @@ void val_format(struct f_val v, buffer *buf); #define T_ECLIST 0x27 /* Extended community list */ #define T_LC 0x28 /* Large community value, lcomm */ #define T_LCLIST 0x29 /* Large community list */ +#define T_RD 0x2a /* Route distinguisher for VPN addresses */ #define T_RETURN 0x40 #define T_SET 0x80 diff --git a/filter/test.conf b/filter/test.conf index dc94f817..89c882ae 100644 --- a/filter/test.conf +++ b/filter/test.conf @@ -1167,9 +1167,7 @@ int j; filter roa_filter { - print(net); if net ~ [ 10.0.0.0/8{16,24}, 2000::/3{16,96} ] then { - print("accepted"); accept; } reject; @@ -1263,7 +1261,6 @@ prefix set pxs; prefix set pxt; { pxs = [ 98.45.0.0/16, 128.128.0.0/12+, 2200::/42-, ::ffff:d000:0/100{98,102}]; - print format(pxs); bt_assert(format(pxs) = "[::/0, ::/2{c000::}, 98.45.0.0/112{::0.1.0.0}, 128.128.0.0/108{::0.31.255.255}, 208.0.0.0/100{::124.0.0.0}, 2200::/42{ffff:ffff:ffc0::}]"); bt_assert(::fe00:0:0/88 !~ pxs); bt_assert(::fffe:0:0/95 !~ pxs); @@ -1275,6 +1272,39 @@ prefix set pxt; bt_assert(::/0 ~ pxs); bt_assert(0.0.0.0/0 !~ pxs); bt_assert(128.135.64.17/32 ~ pxs); + +# pxt = [ 0:1:2 10.1.10.0/24, 0:5:10000 10.1.10.0/24 ]; +# print pxt; + + bt_assert(format(NET_IP4) = "(enum 36)1"); ## if (net.type = NET_IP4) ... + bt_assert(format(NET_VPN6) = "(enum 36)4"); + bt_assert(format(0:1:2) = "0:1:2"); } bt_test_suite(t_mixed_prefix, "Testing mixed net types"); + + +filter vpn_filter +{ + bt_assert(format(net) = "0:1:2 10.1.10.0/24"); + bt_assert(net.type = NET_VPN4); + bt_assert(net.type != NET_IP4); + bt_assert(net.type != NET_IP6); + bt_assert(net.rd = 0:1:2); + + case (net.type) { + NET_IP4: print "IPV4"; + NET_IP6: print "IPV6"; + } + + accept; +} + +vpn4 table v4; +vpn4 table v6; + +protocol static +{ + vpn4 { table v4; import filter vpn_filter; }; + route 0:1:2 10.1.10.0/24 unreachable; +} |