diff options
Diffstat (limited to 'conf')
| -rw-r--r-- | conf/Makefile | 36 | ||||
| -rw-r--r-- | conf/cf-lex.l | 112 | ||||
| -rw-r--r-- | conf/conf.c | 36 | ||||
| -rw-r--r-- | conf/conf.h | 20 | ||||
| -rw-r--r-- | conf/confbase.Y | 212 | ||||
| -rw-r--r-- | conf/flowspec.Y | 209 |
6 files changed, 518 insertions, 107 deletions
diff --git a/conf/Makefile b/conf/Makefile index cd78c821..fb3dd052 100644 --- a/conf/Makefile +++ b/conf/Makefile @@ -1,33 +1,33 @@ -source=cf-parse.tab.c cf-lex.c conf.c -root-rel=../ +src := cf-parse.tab.c cf-lex.c conf.c +obj := $(src-o-files) -include ../Rules +$(all-daemon) -conf-src=$(srcdir)/conf -conf-fragments=$(conf-src)/confbase.Y @CONFS@ $(addsuffix /config.Y,$(static-dir-paths)) +tests_objs := $(tests_objs) $(src-o-files) ifdef DEBUG BISON_DEBUG=-t #FLEX_DEBUG=-d endif -cf-parse.tab.h: cf-parse.tab.c +$(conf-y-targets): $(s)confbase.Y $(s)flowspec.Y + $(M4) -P $| $^ >$@ -cf-parse.tab.c: cf-parse.y - $(BISON) -bcf-parse -dv -pcf_ $(BISON_DEBUG) cf-parse.y +$(o)cf-parse.y: | $(s)gen_parser.m4 +$(o)keywords.h: | $(s)gen_keywords.m4 +$(o)commands.h: | $(s)gen_commands.m4 $(srcdir)/client/cmds.m4 -cf-parse.y: $(conf-fragments) $(conf-src)/gen_parser.m4 - $(M4) -P $(conf-src)/gen_parser.m4 $(conf-fragments) >cf-parse.y +$(o)cf-parse.tab.h: $(o)cf-parse.tab.c -keywords.h: $(conf-fragments) $(conf-src)/gen_keywords.m4 - $(M4) -P $(conf-src)/gen_keywords.m4 $(conf-fragments) >keywords.h +$(o)cf-parse.tab.c: $(o)cf-parse.y + $(BISON) $(BISON_DEBUG) -dv -pcf_ -b $(@:.tab.c=) $< -commands.h: $(conf-fragments) $(conf-src)/gen_commands.m4 $(srcdir)/client/cmds.m4 - $(M4) -P $(conf-src)/gen_commands.m4 $(srcdir)/client/cmds.m4 $(conf-fragments) | sort >commands.h +$(o)cf-lex.c: $(s)cf-lex.l + $(FLEX) $(FLEX_DEBUG) -s -B -8 -Pcf_ -o$@ $< -cf-lex.c: cf-lex.l - $(FLEX) $(FLEX_DEBUG) -s -B -8 -ocf-lex.c -Pcf_ cf-lex.l +$(o)cf-lex.o: $(o)cf-parse.tab.h $(o)keywords.h +$(o)cf-lex.o: CFLAGS+=-Wno-sign-compare -Wno-unused-function -depend: keywords.h commands.h cf-parse.tab.c cf-lex.c +$(addprefix $(o), cf-parse.y keywords.h commands.h cf-parse.tab.h cf-parse.tab.c cf-lex.c): $(objdir)/.dir-stamp -cf-lex.o: CFLAGS+=-Wno-sign-compare -Wno-unused-function +$(call clean,cf-parse.tab.h cf-parse.tab.c cf-parse.y keywords.h commands.h cf-lex.c cf-parse.output) diff --git a/conf/cf-lex.l b/conf/cf-lex.l index 66be3811..c3154b36 100644 --- a/conf/cf-lex.l +++ b/conf/cf-lex.l @@ -139,28 +139,103 @@ include ^{WHITE}*include{WHITE}*\".*\"{WHITE}*; cf_include(start, end-start); } +{DIGIT}+:{DIGIT}+ { + uint len1 UNUSED, len2; + u64 l; + char *e; + + errno = 0; + l = strtoul(yytext, &e, 10); + if (e && (*e != ':') || (errno == ERANGE) || (l >> 32)) + cf_error("ASN out of range"); + + if (l >> 16) + { + len1 = 32; + len2 = 16; + cf_lval.i64 = (2ULL << 48) | (((u64) l) << len2); + } + else + { + len1 = 16; + len2 = 32; + cf_lval.i64 = 0 | (((u64) l) << len2); + } + + errno = 0; + l = strtoul(e+1, &e, 10); + if (e && *e || (errno == ERANGE) || (l >> len2)) + cf_error("Number out of range"); + cf_lval.i64 |= l; + + return VPN_RD; +} + +[02]:{DIGIT}+:{DIGIT}+ { + uint len1, len2; + u64 l; + char *e; + + if (yytext[0] == '0') + { + cf_lval.i64 = 0; + len1 = 16; + len2 = 32; + } + else + { + cf_lval.i64 = 2ULL << 48; + len1 = 32; + len2 = 16; + } + + errno = 0; + l = strtoul(yytext+2, &e, 10); + if (e && (*e != ':') || (errno == ERANGE) || (l >> len1)) + cf_error("ASN out of range"); + cf_lval.i64 |= ((u64) l) << len2; + + errno = 0; + l = strtoul(e+1, &e, 10); + if (e && *e || (errno == ERANGE) || (l >> len2)) + cf_error("Number out of range"); + cf_lval.i64 |= l; + + return VPN_RD; +} + +{DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+:{DIGIT}+ { + unsigned long int l; + ip4_addr ip4; + char *e; + + cf_lval.i64 = 1ULL << 48; + + e = strchr(yytext, ':'); + *e++ = '\0'; + if (!ip4_pton(yytext, &ip4)) + cf_error("Invalid IPv4 address %s in Route Distinguisher", yytext); + cf_lval.i64 |= ((u64) ip4_to_u32(ip4)) << 16; + + errno = 0; + l = strtoul(e, &e, 10); + if (e && *e || (errno == ERANGE) || (l >> 16)) + cf_error("Number out of range"); + cf_lval.i64 |= l; + + return VPN_RD; +} + {DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+ { - ip4_addr a; - if (!ip4_pton(yytext, &a)) + if (!ip4_pton(yytext, &cf_lval.ip4)) cf_error("Invalid IPv4 address %s", yytext); - -#ifdef IPV6 - cf_lval.i32 = ip4_to_u32(a); - return RTRID; -#else - cf_lval.a = ipa_from_ip4(a); - return IPA; -#endif + return IP4; } ({XIGIT}*::|({XIGIT}*:){3,})({XIGIT}*|{DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+) { -#ifdef IPV6 - if (ipa_pton(yytext, &cf_lval.a)) - return IPA; - cf_error("Invalid IPv6 address %s", yytext); -#else - cf_error("This is an IPv4 router, therefore IPv6 addresses are not supported"); -#endif + if (!ip6_pton(yytext, &cf_lval.ip6)) + cf_error("Invalid IPv6 address %s", yytext); + return IP6; } 0x{XIGIT}+ { @@ -228,6 +303,7 @@ else: { ["][^"\n]*["] { yytext[yyleng-1] = 0; cf_lval.t = cfg_strdup(yytext+1); + yytext[yyleng-1] = '"'; return TEXT; } @@ -662,8 +738,6 @@ cf_symbol_class_name(struct symbol *sym) return "filter"; case SYM_TABLE: return "routing table"; - case SYM_ROA: - return "ROA table"; default: return "unknown type"; } diff --git a/conf/conf.c b/conf/conf.c index 7f4eb7e8..62477331 100644 --- a/conf/conf.c +++ b/conf/conf.c @@ -56,6 +56,7 @@ #include "conf/conf.h" #include "filter/filter.h" + static jmp_buf conf_jmpbuf; struct config *config, *new_config; @@ -85,10 +86,10 @@ int undo_available; /* Undo was not requested from last reconfiguration */ * further use. Returns a pointer to the structure. */ struct config * -config_alloc(const byte *name) +config_alloc(const char *name) { pool *p = rp_new(&root_pool, "Config"); - linpool *l = lp_new(p, 4080); + linpool *l = lp_new_default(p); struct config *c = lp_allocz(l, sizeof(struct config)); /* Duplication of name string in local linear pool */ @@ -96,13 +97,14 @@ config_alloc(const byte *name) char *ndup = lp_allocu(l, nlen); memcpy(ndup, name, nlen); + init_list(&c->tests); c->mrtdump_file = -1; /* Hack, this should be sysdep-specific */ c->pool = p; c->mem = l; c->file_name = ndup; - c->load_time = now; - c->tf_route = c->tf_proto = (struct timeformat){"%T", "%F", 20*3600}; - c->tf_base = c->tf_log = (struct timeformat){"%F %T", NULL, 0}; + c->load_time = current_time(); + c->tf_route = c->tf_proto = TM_ISO_SHORT_MS; + c->tf_base = c->tf_log = TM_ISO_LONG_MS; c->gr_wait = DEFAULT_GR_WAIT; return c; @@ -135,15 +137,16 @@ config_parse(struct config *c) sysdep_preconfig(c); protos_preconfig(c); rt_preconfig(c); - roa_preconfig(c); cf_parse(); - protos_postconfig(c); + if (EMPTY_LIST(c->protos)) cf_error("No protocol is specified in the config file"); -#ifdef IPV6 + + /* if (!c->router_id) - cf_error("Router ID must be configured manually on IPv6 routers"); -#endif + cf_error("Router ID must be configured manually"); + */ + done = 1; cleanup: @@ -266,7 +269,6 @@ config_do_commit(struct config *c, int type) force_restart |= global_commit(c, old_config); DBG("rt_commit\n"); rt_commit(c, old_config); - roa_commit(c, old_config); DBG("protos_commit\n"); protos_commit(c, old_config, force_restart, type); @@ -305,7 +307,7 @@ config_done(void *unused UNUSED) * config_commit - commit a configuration * @c: new configuration * @type: type of reconfiguration (RECONFIG_SOFT or RECONFIG_HARD) - * @timeout: timeout for undo (or 0 for no timeout) + * @timeout: timeout for undo (in seconds; or 0 for no timeout) * * When a configuration is parsed and prepared for use, the * config_commit() function starts the process of reconfiguration. @@ -329,7 +331,7 @@ config_done(void *unused UNUSED) * are accepted. */ int -config_commit(struct config *c, int type, int timeout) +config_commit(struct config *c, int type, uint timeout) { if (shutting_down) { @@ -338,8 +340,8 @@ config_commit(struct config *c, int type, int timeout) } undo_available = 1; - if (timeout > 0) - tm_start(config_timer, timeout); + if (timeout) + tm_start(config_timer, timeout S); else tm_stop(config_timer); @@ -450,7 +452,7 @@ config_undo(void) extern void cmd_reconfig_undo_notify(void); static void -config_timeout(struct timer *t UNUSED) +config_timeout(timer *t UNUSED) { log(L_INFO "Config timeout expired, starting undo"); cmd_reconfig_undo_notify(); @@ -504,7 +506,7 @@ order_shutdown(void) * error in the configuration. */ void -cf_error(char *msg, ...) +cf_error(const char *msg, ...) { char buf[1024]; va_list args; diff --git a/conf/conf.h b/conf/conf.h index bf74b76b..d6f59eac 100644 --- a/conf/conf.h +++ b/conf/conf.h @@ -9,9 +9,11 @@ #ifndef _BIRD_CONF_H_ #define _BIRD_CONF_H_ +#include "sysdep/config.h" +#include "lib/ip.h" +#include "lib/hash.h" #include "lib/resource.h" #include "lib/timer.h" -#include "lib/hash.h" /* Configuration structure */ @@ -21,12 +23,12 @@ struct config { linpool *mem; /* Linear pool containing configuration data */ list protos; /* Configured protocol instances (struct proto_config) */ list tables; /* Configured routing tables (struct rtable_config) */ - list roa_tables; /* Configured ROA tables (struct roa_table_config) */ list logfiles; /* Configured log files (sysdep) */ + list tests; /* Configured unit tests (f_bt_test_suite) */ int mrtdump_file; /* Configured MRTDump file (sysdep, fd in unix) */ char *syslog_name; /* Name used for syslog (NULL -> no syslog) */ - struct rtable_config *master_rtc; /* Configuration of master routing table */ + struct rtable_config *def_tables[NET_MAX]; /* Default routing tables for each network */ struct iface_patt *router_id_from; /* Configured list of router ID iface patterns */ u32 router_id; /* Our Router ID */ @@ -39,7 +41,7 @@ struct config { struct timeformat tf_proto; /* Time format for 'show protocol' */ struct timeformat tf_log; /* Time format for the logfile */ struct timeformat tf_base; /* Time format for other purposes */ - u32 gr_wait; /* Graceful restart wait timeout */ + u32 gr_wait; /* Graceful restart wait timeout (sec) */ int cli_debug; /* Tracing of CLI connections and commands */ int latency_debug; /* I/O loop tracks duration of each event */ @@ -55,22 +57,22 @@ struct config { struct config *fallback; /* Link to regular config for CLI parsing */ int obstacle_count; /* Number of items blocking freeing of this config */ int shutdown; /* This is a pseudo-config for daemon shutdown */ - bird_clock_t load_time; /* When we've got this configuration */ + btime load_time; /* When we've got this configuration */ }; /* Please don't use these variables in protocols. Use proto_config->global instead. */ extern struct config *config; /* Currently active configuration */ extern struct config *new_config; /* Configuration being parsed */ -struct config *config_alloc(const byte *name); +struct config *config_alloc(const char *name); int config_parse(struct config *); int cli_parse(struct config *); void config_free(struct config *); -int config_commit(struct config *, int type, int timeout); +int config_commit(struct config *, int type, uint timeout); int config_confirm(void); int config_undo(void); void config_init(void); -void cf_error(char *msg, ...) NORET; +void cf_error(const char *msg, ...) NORET; void config_add_obstacle(struct config *); void config_del_obstacle(struct config *); void order_shutdown(void); @@ -128,7 +130,6 @@ struct sym_scope { #define SYM_FUNCTION 3 #define SYM_FILTER 4 #define SYM_TABLE 5 -#define SYM_ROA 6 #define SYM_VARIABLE 0x100 /* 0x100-0x1ff are variable types */ #define SYM_CONSTANT 0x200 /* 0x200-0x2ff are variable types */ @@ -169,6 +170,7 @@ static inline int cf_symbol_is_constant(struct symbol *sym) /* Parser */ +extern char *cf_text; int cf_parse(void); /* Sysdep hooks */ diff --git a/conf/confbase.Y b/conf/confbase.Y index 96b32028..16330984 100644 --- a/conf/confbase.Y +++ b/conf/confbase.Y @@ -27,21 +27,27 @@ CF_HDR CF_DEFINES static void -check_u16(unsigned val) +check_u16(uint val) { if (val > 0xFFFF) - cf_error("Value %d out of range (0-65535)", val); + cf_error("Value %u out of range (0-65535)", val); } CF_DECLS %union { - int i; + uint i; u32 i32; + u64 i64; ip_addr a; + ip4_addr ip4; + ip6_addr ip6; + net_addr net; + net_addr *net_ptr; struct symbol *s; char *t; struct rtable_config *r; + struct channel_config *cc; struct f_inst *x; struct filter *f; struct f_tree *e; @@ -50,35 +56,37 @@ CF_DECLS struct f_path_mask *h; struct password_item *p; struct rt_show_data *ra; - struct roa_show_data *ro; struct sym_show_data *sd; struct lsadb_show_data *ld; struct iface *iface; - struct roa_table *rot; void *g; - bird_clock_t time; - struct prefix px; + btime time; + struct f_prefix px; struct proto_spec ps; + struct channel_limit cl; struct timeformat *tf; + mpls_label_stack *mls; } %token END CLI_MARKER INVALID_TOKEN ELSECOL DDOT %token GEQ LEQ NEQ AND OR %token PO PC %token <i> NUM ENUM -%token <i32> RTRID -%token <a> IPA +%token <ip4> IP4 +%token <ip6> IP6 +%token <i64> VPN_RD %token <s> SYM %token <t> TEXT %type <iface> ipa_scope -%type <i> expr bool pxlen -%type <i32> expr_us -%type <time> datetime +%type <i> expr bool pxlen4 +%type <time> expr_us time %type <a> ipa -%type <px> prefix prefix_or_ipa -%type <t> text -%type <t> text_or_none +%type <net> net_ip4_ net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa +%type <net_ptr> net_ net_any net_vpn4_ net_vpn6_ net_vpn_ net_roa4_ net_roa6_ net_roa_ +%type <mls> label_stack_start label_stack + +%type <t> text opttext %nonassoc PREFIX_DUMMY %left AND OR @@ -88,7 +96,7 @@ CF_DECLS %left '!' %nonassoc '.' -CF_KEYWORDS(DEFINE, ON, OFF, YES, NO, S, MS, US, PORT) +CF_KEYWORDS(DEFINE, ON, OFF, YES, NO, S, MS, US, PORT, VPN) CF_GRAMMAR @@ -128,13 +136,11 @@ expr: expr_us: - expr S { $$ = (u32) $1 * 1000000; } - | expr MS { $$ = (u32) $1 * 1000; } - | expr US { $$ = (u32) $1 * 1; } + expr S { $$ = $1 S_; } + | expr MS { $$ = $1 MS_; } + | expr US { $$ = $1 US_; } ; -/* expr_u16: expr { check_u16($1); $$ = $1; }; */ - /* Switches */ bool: @@ -146,13 +152,15 @@ bool: | /* Silence means agreement */ { $$ = 1; } ; -/* Addresses, prefixes and netmasks */ + +/* Addresses */ ipa: - IPA + IP4 { $$ = ipa_from_ip4($1); } + | IP6 { $$ = ipa_from_ip6($1); } | SYM { if ($1->class != (SYM_CONSTANT | T_IP)) cf_error("IP address expected"); - $$ = SYM_VAL($1).px.ip; + $$ = SYM_VAL($1).ip; } ; @@ -161,34 +169,149 @@ ipa_scope: | '%' SYM { $$ = if_get_by_name($2->name); } ; -prefix: - ipa pxlen { - if (!ip_is_prefix($1, $2)) cf_error("Invalid prefix"); - $$.addr = $1; $$.len = $2; + +/* Networks - internal */ + +pxlen4: + '/' NUM { + if ($2 > IP4_MAX_PREFIX_LENGTH) cf_error("Invalid prefix length %u", $2); + $$ = $2; + } + | ':' IP4 { + $$ = ip4_masklen($2); + if ($$ == 255) cf_error("Invalid netmask %I4", $2); + } + ; + +net_ip4_: IP4 pxlen4 +{ + net_fill_ip4(&($$), $1, $2); + + net_addr_ip4 *n = (void *) &($$); + if (!net_validate_ip4(n)) + cf_error("Invalid IPv4 prefix %I4/%d, maybe you wanted %I4/%d", + n->prefix, n->pxlen, ip4_and(n->prefix, ip4_mkmask(n->pxlen)), n->pxlen); +}; + +net_ip6_: IP6 '/' NUM +{ + if ($3 > IP6_MAX_PREFIX_LENGTH) + cf_error("Invalid prefix length %u", $3); + + net_fill_ip6(&($$), $1, $3); + + net_addr_ip6 *n = (void *) &($$); + if (!net_validate_ip6(n)) + cf_error("Invalid IPv6 prefix %I6/%d, maybe you wanted %I6/%d", + n->prefix, n->pxlen, ip6_and(n->prefix, ip6_mkmask(n->pxlen)), n->pxlen); +}; + +net_vpn4_: VPN_RD net_ip4_ +{ + $$ = cfg_alloc(sizeof(net_addr_vpn4)); + net_fill_vpn4($$, net4_prefix(&$2), net4_pxlen(&$2), $1); +} + +net_vpn6_: VPN_RD net_ip6_ +{ + $$ = cfg_alloc(sizeof(net_addr_vpn6)); + net_fill_vpn6($$, net6_prefix(&$2), net6_pxlen(&$2), $1); +} + +net_roa4_: net_ip4_ MAX NUM AS NUM +{ + $$ = cfg_alloc(sizeof(net_addr_roa4)); + net_fill_roa4($$, net4_prefix(&$1), net4_pxlen(&$1), $3, $5); + if ($3 < net4_pxlen(&$1) || $3 > IP4_MAX_PREFIX_LENGTH) + cf_error("Invalid max prefix length %u", $3); +}; + +net_roa6_: net_ip6_ MAX NUM AS NUM +{ + $$ = cfg_alloc(sizeof(net_addr_roa6)); + net_fill_roa6($$, net6_prefix(&$1), net6_pxlen(&$1), $3, $5); + if ($3 < net6_pxlen(&$1) || $3 > IP6_MAX_PREFIX_LENGTH) + cf_error("Invalid max prefix length %u", $3); +}; + +net_ip_: net_ip4_ | net_ip6_ ; +net_vpn_: net_vpn4_ | net_vpn6_ ; +net_roa_: net_roa4_ | net_roa6_ ; + +net_: + net_ip_ { $$ = cfg_alloc($1.length); net_copy($$, &($1)); } + | net_vpn_ + | net_roa_ + | net_flow_ + ; + + +/* Networks - regular */ + +net_ip6: + net_ip6_ + | SYM { + if (($1->class != (SYM_CONSTANT | T_NET)) || (SYM_VAL($1).net->type != NET_IP6)) + cf_error("IPv6 network expected"); + $$ = * SYM_VAL($1).net; } ; -prefix_or_ipa: - prefix - | ipa { $$.addr = $1; $$.len = BITS_PER_IP_ADDRESS; } +net_ip: + net_ip_ + | SYM { + if (($1->class != (SYM_CONSTANT | T_NET)) || !net_is_ip(SYM_VAL($1).net)) + cf_error("IP network expected"); + $$ = * SYM_VAL($1).net; + } ; -pxlen: - '/' expr { - if ($2 < 0 || $2 > BITS_PER_IP_ADDRESS) cf_error("Invalid prefix length %d", $2); - $$ = $2; +net_any: + net_ + | SYM { + if ($1->class != (SYM_CONSTANT | T_NET)) + cf_error("Network expected"); + $$ = (net_addr *) SYM_VAL($1).net; /* Avoid const warning */ } - | ':' ipa { - $$ = ipa_masklen($2); - if ($$ < 0) cf_error("Invalid netmask %I", $2); + ; + +net_or_ipa: + net_ip4_ + | net_ip6_ + | IP4 { net_fill_ip4(&($$), $1, IP4_MAX_PREFIX_LENGTH); } + | IP6 { net_fill_ip6(&($$), $1, IP6_MAX_PREFIX_LENGTH); } + | SYM { + if ($1->class == (SYM_CONSTANT | T_IP)) + net_fill_ip_host(&($$), SYM_VAL($1).ip); + else if (($1->class == (SYM_CONSTANT | T_NET)) && net_is_ip(SYM_VAL($1).net)) + $$ = * SYM_VAL($1).net; + else + cf_error("IP address or network expected"); } ; -datetime: +label_stack_start: NUM +{ + $$ = cfg_allocz(sizeof(mpls_label_stack)); + $$->len = 1; + $$->stack[0] = $1; +}; + +label_stack: + label_stack_start + | label_stack '/' NUM { + if ($1->len >= MPLS_MAX_LABEL_STACK) + cf_error("Too many labels in stack"); + $1->stack[$1->len++] = $3; + $$ = $1; + } +; + +time: TEXT { - $$ = tm_parse_datetime($1); + $$ = tm_parse_time($1); if (!$$) - cf_error("Invalid date and time"); + cf_error("Invalid date/time"); } ; @@ -200,11 +323,12 @@ text: } ; -text_or_none: - TEXT { $$ = $1; } - | { $$ = NULL; } +opttext: + TEXT + | /* empty */ { $$ = NULL; } ; + CF_CODE CF_END diff --git a/conf/flowspec.Y b/conf/flowspec.Y new file mode 100644 index 00000000..4d259763 --- /dev/null +++ b/conf/flowspec.Y @@ -0,0 +1,209 @@ +/* + * BIRD -- Flow specification (RFC 5575) grammar + * + * (c) 2016 CZ.NIC z.s.p.o. + * + * Can be freely distributed and used under the terms of the GNU GPL. + */ + +CF_HDR + +#define PARSER 1 + +#include "nest/bird.h" +#include "lib/flowspec.h" + + +CF_DEFINES + +struct flow_builder *this_flow; + + +CF_DECLS + +%type <i32> flow_num_op flow_srcdst flow_logic_op flow_num_type_ flow_frag_val flow_neg +%type <net_ptr> net_flow4_ net_flow6_ net_flow_ + +CF_KEYWORDS(FLOW4, FLOW6, DST, SRC, PROTO, NEXT, HEADER, DPORT, SPORT, ICMP, + TYPE, CODE, TCP, FLAGS, LENGTH, DSCP, DONT_FRAGMENT, IS_FRAGMENT, + FIRST_FRAGMENT, LAST_FRAGMENT, FRAGMENT, LABEL, OFFSET) + + +CF_GRAMMAR + +/* Network Flow Specification */ + +flow_num_op: + TRUE { $$ = FLOW_OP_TRUE; } + | '=' { $$ = FLOW_OP_EQ; } + | NEQ { $$ = FLOW_OP_NEQ; } + | '<' { $$ = FLOW_OP_LT; } + | LEQ { $$ = FLOW_OP_LEQ; } + | '>' { $$ = FLOW_OP_GT; } + | GEQ { $$ = FLOW_OP_GEQ; } + | FALSE { $$ = FLOW_OP_FALSE; } + ; + +flow_logic_op: + OR { $$ = FLOW_OP_OR; } + | AND { $$ = FLOW_OP_AND; } + ; + +flow_num_type_: + PROTO { $$ = FLOW_TYPE_IP_PROTOCOL; } + | NEXT HEADER { $$ = FLOW_TYPE_NEXT_HEADER; } + | PORT { $$ = FLOW_TYPE_PORT; } + | DPORT { $$ = FLOW_TYPE_DST_PORT; } + | SPORT { $$ = FLOW_TYPE_SRC_PORT; } + | ICMP TYPE { $$ = FLOW_TYPE_ICMP_TYPE; } + | ICMP CODE { $$ = FLOW_TYPE_ICMP_CODE; } + | LENGTH { $$ = FLOW_TYPE_PACKET_LENGTH; } + | DSCP { $$ = FLOW_TYPE_DSCP; } + ; + +flow_num_type: flow_num_type_{ flow_builder_set_type(this_flow, $1); }; +flow_flag_type: TCP FLAGS { flow_builder_set_type(this_flow, FLOW_TYPE_TCP_FLAGS); }; +flow_frag_type: FRAGMENT { flow_builder_set_type(this_flow, FLOW_TYPE_FRAGMENT); }; +flow_label_type: LABEL { flow_builder_set_type(this_flow, FLOW_TYPE_LABEL); }; + +flow_srcdst: + DST { $$ = FLOW_TYPE_DST_PREFIX; } + | SRC { $$ = FLOW_TYPE_SRC_PREFIX; } + ; + +flow_num_opts: + flow_num_op expr { + flow_check_cf_value_length(this_flow, $2); + flow_builder_add_op_val(this_flow, $1, $2); + } + | flow_num_opts flow_logic_op flow_num_op expr { + flow_check_cf_value_length(this_flow, $4); + flow_builder_add_op_val(this_flow, $2 | $3, $4); + } + | flow_num_opt_ext + | flow_num_opts OR flow_num_opt_ext + ; + +flow_num_opt_ext_expr: + expr { + flow_check_cf_value_length(this_flow, $1); + flow_builder_add_op_val(this_flow, FLOW_OP_EQ, $1); + } + | expr DDOT expr { + flow_check_cf_value_length(this_flow, $1); + flow_check_cf_value_length(this_flow, $3); + flow_builder_add_op_val(this_flow, FLOW_OP_GEQ, $1); + flow_builder_add_op_val(this_flow, FLOW_OP_AND | FLOW_OP_LEQ, $3); + } + ; + +flow_num_opt_ext: + flow_num_opt_ext_expr + | flow_num_opt_ext ',' flow_num_opt_ext_expr + ; + +flow_bmk_opts: + flow_neg expr '/' expr { + flow_check_cf_bmk_values(this_flow, $1, $2, $4); + flow_builder_add_val_mask(this_flow, $1, $2, $4); + } + | flow_bmk_opts flow_logic_op flow_neg expr '/' expr { + flow_check_cf_bmk_values(this_flow, $3, $4, $6); + flow_builder_add_val_mask(this_flow, $2 | $3, $4, $6); + } + | flow_bmk_opts ',' flow_neg expr '/' expr { + flow_check_cf_bmk_values(this_flow, $3, $4, $6); + flow_builder_add_val_mask(this_flow, 0x40 | $3, $4, $6); /* AND */ + } + ; + +flow_neg: + /* empty */ { $$ = 0x00; } + | '!' { $$ = 0x02; } + ; + +flow_frag_val: + DONT_FRAGMENT { $$ = 1; } + | IS_FRAGMENT { $$ = 2; } + | FIRST_FRAGMENT { $$ = 4; } + | LAST_FRAGMENT { $$ = 8; } + ; + +flow_frag_opts: + flow_neg flow_frag_val { + flow_builder_add_val_mask(this_flow, 0, ($1 ? 0 : $2), $2); + } + | flow_frag_opts flow_logic_op flow_neg flow_frag_val { + flow_builder_add_val_mask(this_flow, $2, ($3 ? 0 : $4), $4); + } + | flow_frag_opts ',' flow_neg flow_frag_val { + flow_builder_add_val_mask(this_flow, 0x40, ($3 ? 0 : $4), $4); /* AND */ + } + ; + +flow4_item: + flow_srcdst net_ip { + flow_builder_set_type(this_flow, $1); + flow_builder4_add_pfx(this_flow, (net_addr_ip4 *) &($2)); + } + | flow_num_type flow_num_opts + | flow_flag_type flow_bmk_opts + | flow_frag_type flow_frag_opts + ; + +flow6_item: + flow_srcdst net_ip6 { + flow_builder_set_type(this_flow, $1); + flow_builder6_add_pfx(this_flow, (net_addr_ip6 *) &($2), 0); + } + | flow_srcdst net_ip6 OFFSET NUM { + if ($4 > $2.pxlen) + cf_error("Prefix offset is higher than prefix length"); + flow_builder_set_type(this_flow, $1); + flow_builder6_add_pfx(this_flow, (net_addr_ip6 *) &($2), $4); + } + | flow_num_type flow_num_opts + | flow_flag_type flow_bmk_opts + | flow_frag_type flow_frag_opts + | flow_label_type flow_bmk_opts + ; + +flow4_opts: + /* empty */ + | flow4_opts flow4_item ';' + ; + +flow6_opts: + /* empty */ + | flow6_opts flow6_item ';' + ; + +flow_builder_init: +{ + if (this_flow == NULL) + this_flow = flow_builder_init(&root_pool); + else + flow_builder_clear(this_flow); +}; + +flow_builder_set_ipv4: { this_flow->ipv6 = 0; }; +flow_builder_set_ipv6: { this_flow->ipv6 = 1; }; + +net_flow4_: FLOW4 '{' flow_builder_init flow_builder_set_ipv4 flow4_opts '}' +{ + $$ = (net_addr *) flow_builder4_finalize(this_flow, cfg_mem); + flow4_validate_cf((net_addr_flow4 *) $$); +}; + +net_flow6_: FLOW6 '{' flow_builder_init flow_builder_set_ipv6 flow6_opts '}' +{ + $$ = (net_addr *) flow_builder6_finalize(this_flow, cfg_mem); + flow6_validate_cf((net_addr_flow6 *) $$); +}; + +net_flow_: net_flow4_ | net_flow6_ ; + + +CF_CODE + +CF_END |