summaryrefslogtreecommitdiff
path: root/conf
diff options
context:
space:
mode:
Diffstat (limited to 'conf')
-rw-r--r--conf/Makefile36
-rw-r--r--conf/cf-lex.l112
-rw-r--r--conf/conf.c22
-rw-r--r--conf/conf.h14
-rw-r--r--conf/confbase.Y197
-rw-r--r--conf/flowspec.Y219
6 files changed, 511 insertions, 89 deletions
diff --git a/conf/Makefile b/conf/Makefile
index cd78c821..fb3dd052 100644
--- a/conf/Makefile
+++ b/conf/Makefile
@@ -1,33 +1,33 @@
-source=cf-parse.tab.c cf-lex.c conf.c
-root-rel=../
+src := cf-parse.tab.c cf-lex.c conf.c
+obj := $(src-o-files)
-include ../Rules
+$(all-daemon)
-conf-src=$(srcdir)/conf
-conf-fragments=$(conf-src)/confbase.Y @CONFS@ $(addsuffix /config.Y,$(static-dir-paths))
+tests_objs := $(tests_objs) $(src-o-files)
ifdef DEBUG
BISON_DEBUG=-t
#FLEX_DEBUG=-d
endif
-cf-parse.tab.h: cf-parse.tab.c
+$(conf-y-targets): $(s)confbase.Y $(s)flowspec.Y
+ $(M4) -P $| $^ >$@
-cf-parse.tab.c: cf-parse.y
- $(BISON) -bcf-parse -dv -pcf_ $(BISON_DEBUG) cf-parse.y
+$(o)cf-parse.y: | $(s)gen_parser.m4
+$(o)keywords.h: | $(s)gen_keywords.m4
+$(o)commands.h: | $(s)gen_commands.m4 $(srcdir)/client/cmds.m4
-cf-parse.y: $(conf-fragments) $(conf-src)/gen_parser.m4
- $(M4) -P $(conf-src)/gen_parser.m4 $(conf-fragments) >cf-parse.y
+$(o)cf-parse.tab.h: $(o)cf-parse.tab.c
-keywords.h: $(conf-fragments) $(conf-src)/gen_keywords.m4
- $(M4) -P $(conf-src)/gen_keywords.m4 $(conf-fragments) >keywords.h
+$(o)cf-parse.tab.c: $(o)cf-parse.y
+ $(BISON) $(BISON_DEBUG) -dv -pcf_ -b $(@:.tab.c=) $<
-commands.h: $(conf-fragments) $(conf-src)/gen_commands.m4 $(srcdir)/client/cmds.m4
- $(M4) -P $(conf-src)/gen_commands.m4 $(srcdir)/client/cmds.m4 $(conf-fragments) | sort >commands.h
+$(o)cf-lex.c: $(s)cf-lex.l
+ $(FLEX) $(FLEX_DEBUG) -s -B -8 -Pcf_ -o$@ $<
-cf-lex.c: cf-lex.l
- $(FLEX) $(FLEX_DEBUG) -s -B -8 -ocf-lex.c -Pcf_ cf-lex.l
+$(o)cf-lex.o: $(o)cf-parse.tab.h $(o)keywords.h
+$(o)cf-lex.o: CFLAGS+=-Wno-sign-compare -Wno-unused-function
-depend: keywords.h commands.h cf-parse.tab.c cf-lex.c
+$(addprefix $(o), cf-parse.y keywords.h commands.h cf-parse.tab.h cf-parse.tab.c cf-lex.c): $(objdir)/.dir-stamp
-cf-lex.o: CFLAGS+=-Wno-sign-compare -Wno-unused-function
+$(call clean,cf-parse.tab.h cf-parse.tab.c cf-parse.y keywords.h commands.h cf-lex.c cf-parse.output)
diff --git a/conf/cf-lex.l b/conf/cf-lex.l
index e9e385a6..a24f5ad7 100644
--- a/conf/cf-lex.l
+++ b/conf/cf-lex.l
@@ -123,28 +123,103 @@ include ^{WHITE}*include{WHITE}*\".*\"{WHITE}*;
cf_include(start, end-start);
}
+{DIGIT}+:{DIGIT}+ {
+ uint len1 UNUSED, len2;
+ u64 l;
+ char *e;
+
+ errno = 0;
+ l = strtoul(yytext, &e, 10);
+ if (e && (*e != ':') || (errno == ERANGE) || (l >> 32))
+ cf_error("ASN out of range");
+
+ if (l >> 16)
+ {
+ len1 = 32;
+ len2 = 16;
+ cf_lval.i64 = (2ULL << 48) | (((u64) l) << len2);
+ }
+ else
+ {
+ len1 = 16;
+ len2 = 32;
+ cf_lval.i64 = 0 | (((u64) l) << len2);
+ }
+
+ errno = 0;
+ l = strtoul(e+1, &e, 10);
+ if (e && *e || (errno == ERANGE) || (l >> len2))
+ cf_error("Number out of range");
+ cf_lval.i64 |= l;
+
+ return VPN_RD;
+}
+
+[02]:{DIGIT}+:{DIGIT}+ {
+ uint len1, len2;
+ u64 l;
+ char *e;
+
+ if (yytext[0] == '0')
+ {
+ cf_lval.i64 = 0;
+ len1 = 16;
+ len2 = 32;
+ }
+ else
+ {
+ cf_lval.i64 = 2ULL << 48;
+ len1 = 32;
+ len2 = 16;
+ }
+
+ errno = 0;
+ l = strtoul(yytext+2, &e, 10);
+ if (e && (*e != ':') || (errno == ERANGE) || (l >> len1))
+ cf_error("ASN out of range");
+ cf_lval.i64 |= ((u64) l) << len2;
+
+ errno = 0;
+ l = strtoul(e+1, &e, 10);
+ if (e && *e || (errno == ERANGE) || (l >> len2))
+ cf_error("Number out of range");
+ cf_lval.i64 |= l;
+
+ return VPN_RD;
+}
+
+{DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+:{DIGIT}+ {
+ unsigned long int l;
+ ip4_addr ip4;
+ char *e;
+
+ cf_lval.i64 = 1ULL << 48;
+
+ e = strchr(yytext, ':');
+ *e++ = '\0';
+ if (!ip4_pton(yytext, &ip4))
+ cf_error("Invalid IPv4 address %s in Route Distinguisher", yytext);
+ cf_lval.i64 |= ((u64) ip4_to_u32(ip4)) << 16;
+
+ errno = 0;
+ l = strtoul(e, &e, 10);
+ if (e && *e || (errno == ERANGE) || (l >> 16))
+ cf_error("Number out of range");
+ cf_lval.i64 |= l;
+
+ return VPN_RD;
+}
+
{DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+ {
- ip4_addr a;
- if (!ip4_pton(yytext, &a))
+ if (!ip4_pton(yytext, &cf_lval.ip4))
cf_error("Invalid IPv4 address %s", yytext);
-
-#ifdef IPV6
- cf_lval.i32 = ip4_to_u32(a);
- return RTRID;
-#else
- cf_lval.a = ipa_from_ip4(a);
- return IPA;
-#endif
+ return IP4;
}
({XIGIT}*::|({XIGIT}*:){3,})({XIGIT}*|{DIGIT}+\.{DIGIT}+\.{DIGIT}+\.{DIGIT}+) {
-#ifdef IPV6
- if (ipa_pton(yytext, &cf_lval.a))
- return IPA;
- cf_error("Invalid IPv6 address %s", yytext);
-#else
- cf_error("This is an IPv4 router, therefore IPv6 addresses are not supported");
-#endif
+ if (!ip6_pton(yytext, &cf_lval.ip6))
+ cf_error("Invalid IPv6 address %s", yytext);
+ return IP6;
}
0x{XIGIT}+ {
@@ -215,6 +290,7 @@ else: {
["][^"\n]*["] {
yytext[yyleng-1] = 0;
cf_lval.t = cfg_strdup(yytext+1);
+ yytext[yyleng-1] = '"';
return TEXT;
}
@@ -689,8 +765,6 @@ cf_symbol_class_name(struct symbol *sym)
return "filter";
case SYM_TABLE:
return "routing table";
- case SYM_ROA:
- return "ROA table";
default:
return "unknown type";
}
diff --git a/conf/conf.c b/conf/conf.c
index 0a4e3f8c..9978ef23 100644
--- a/conf/conf.c
+++ b/conf/conf.c
@@ -52,10 +52,11 @@
#include "lib/resource.h"
#include "lib/string.h"
#include "lib/event.h"
-#include "lib/timer.h"
+#include "sysdep/unix/timer.h"
#include "conf/conf.h"
#include "filter/filter.h"
+
static jmp_buf conf_jmpbuf;
struct config *config, *new_config;
@@ -85,10 +86,10 @@ int undo_available; /* Undo was not requested from last reconfiguration */
* further use. Returns a pointer to the structure.
*/
struct config *
-config_alloc(const byte *name)
+config_alloc(const char *name)
{
pool *p = rp_new(&root_pool, "Config");
- linpool *l = lp_new(p, 4080);
+ linpool *l = lp_new_default(p);
struct config *c = lp_allocz(l, sizeof(struct config));
/* Duplication of name string in local linear pool */
@@ -96,6 +97,7 @@ config_alloc(const byte *name)
char *ndup = lp_allocu(l, nlen);
memcpy(ndup, name, nlen);
+ init_list(&c->tests);
c->mrtdump_file = -1; /* Hack, this should be sysdep-specific */
c->pool = p;
c->mem = l;
@@ -135,15 +137,16 @@ config_parse(struct config *c)
sysdep_preconfig(c);
protos_preconfig(c);
rt_preconfig(c);
- roa_preconfig(c);
cf_parse();
- protos_postconfig(c);
+
if (EMPTY_LIST(c->protos))
cf_error("No protocol is specified in the config file");
-#ifdef IPV6
+
+ /*
if (!c->router_id)
- cf_error("Router ID must be configured manually on IPv6 routers");
-#endif
+ cf_error("Router ID must be configured manually");
+ */
+
done = 1;
cleanup:
@@ -266,7 +269,6 @@ config_do_commit(struct config *c, int type)
force_restart |= global_commit(c, old_config);
DBG("rt_commit\n");
rt_commit(c, old_config);
- roa_commit(c, old_config);
DBG("protos_commit\n");
protos_commit(c, old_config, force_restart, type);
@@ -504,7 +506,7 @@ order_shutdown(void)
* error in the configuration.
*/
void
-cf_error(char *msg, ...)
+cf_error(const char *msg, ...)
{
char buf[1024];
va_list args;
diff --git a/conf/conf.h b/conf/conf.h
index 41cb434f..4b245e00 100644
--- a/conf/conf.h
+++ b/conf/conf.h
@@ -9,8 +9,10 @@
#ifndef _BIRD_CONF_H_
#define _BIRD_CONF_H_
+#include "sysdep/config.h"
+#include "lib/ip.h"
#include "lib/resource.h"
-#include "lib/timer.h"
+#include "sysdep/unix/timer.h"
/* Configuration structure */
@@ -20,12 +22,12 @@ struct config {
linpool *mem; /* Linear pool containing configuration data */
list protos; /* Configured protocol instances (struct proto_config) */
list tables; /* Configured routing tables (struct rtable_config) */
- list roa_tables; /* Configured ROA tables (struct roa_table_config) */
list logfiles; /* Configured log files (sysdep) */
+ list tests; /* Configured unit tests (f_bt_test_suite) */
int mrtdump_file; /* Configured MRTDump file (sysdep, fd in unix) */
char *syslog_name; /* Name used for syslog (NULL -> no syslog) */
- struct rtable_config *master_rtc; /* Configuration of master routing table */
+ struct rtable_config *def_tables[NET_MAX]; /* Default routing tables for each network */
struct iface_patt *router_id_from; /* Configured list of router ID iface patterns */
u32 router_id; /* Our Router ID */
@@ -61,7 +63,7 @@ struct config {
extern struct config *config; /* Currently active configuration */
extern struct config *new_config; /* Configuration being parsed */
-struct config *config_alloc(const byte *name);
+struct config *config_alloc(const char *name);
int config_parse(struct config *);
int cli_parse(struct config *);
void config_free(struct config *);
@@ -69,7 +71,7 @@ int config_commit(struct config *, int type, int timeout);
int config_confirm(void);
int config_undo(void);
void config_init(void);
-void cf_error(char *msg, ...) NORET;
+void cf_error(const char *msg, ...) NORET;
void config_add_obstacle(struct config *);
void config_del_obstacle(struct config *);
void order_shutdown(void);
@@ -121,7 +123,6 @@ struct symbol {
#define SYM_FUNCTION 3
#define SYM_FILTER 4
#define SYM_TABLE 5
-#define SYM_ROA 6
#define SYM_VARIABLE 0x100 /* 0x100-0x1ff are variable types */
#define SYM_CONSTANT 0x200 /* 0x200-0x2ff are variable types */
@@ -163,6 +164,7 @@ static inline int cf_symbol_is_constant(struct symbol *sym)
/* Parser */
+extern char *cf_text;
int cf_parse(void);
/* Sysdep hooks */
diff --git a/conf/confbase.Y b/conf/confbase.Y
index 96b32028..901ca2b2 100644
--- a/conf/confbase.Y
+++ b/conf/confbase.Y
@@ -14,7 +14,7 @@ CF_HDR
#include "conf/conf.h"
#include "lib/resource.h"
#include "lib/socket.h"
-#include "lib/timer.h"
+#include "sysdep/unix/timer.h"
#include "lib/string.h"
#include "nest/protocol.h"
#include "nest/iface.h"
@@ -27,21 +27,27 @@ CF_HDR
CF_DEFINES
static void
-check_u16(unsigned val)
+check_u16(uint val)
{
if (val > 0xFFFF)
- cf_error("Value %d out of range (0-65535)", val);
+ cf_error("Value %u out of range (0-65535)", val);
}
CF_DECLS
%union {
- int i;
+ uint i;
u32 i32;
+ u64 i64;
ip_addr a;
+ ip4_addr ip4;
+ ip6_addr ip6;
+ net_addr net;
+ net_addr *net_ptr;
struct symbol *s;
char *t;
struct rtable_config *r;
+ struct channel_config *cc;
struct f_inst *x;
struct filter *f;
struct f_tree *e;
@@ -50,35 +56,38 @@ CF_DECLS
struct f_path_mask *h;
struct password_item *p;
struct rt_show_data *ra;
- struct roa_show_data *ro;
struct sym_show_data *sd;
struct lsadb_show_data *ld;
struct iface *iface;
- struct roa_table *rot;
void *g;
bird_clock_t time;
- struct prefix px;
+ struct f_prefix px;
struct proto_spec ps;
+ struct channel_limit cl;
struct timeformat *tf;
+ mpls_label_stack *mls;
}
%token END CLI_MARKER INVALID_TOKEN ELSECOL DDOT
%token GEQ LEQ NEQ AND OR
%token PO PC
%token <i> NUM ENUM
-%token <i32> RTRID
-%token <a> IPA
+%token <ip4> IP4
+%token <ip6> IP6
+%token <i64> VPN_RD
%token <s> SYM
%token <t> TEXT
%type <iface> ipa_scope
-%type <i> expr bool pxlen
+%type <i> expr bool pxlen4
%type <i32> expr_us
%type <time> datetime
%type <a> ipa
-%type <px> prefix prefix_or_ipa
-%type <t> text
-%type <t> text_or_none
+%type <net> net_ip4_ net_ip6_ net_ip6 net_ip_ net_ip net_or_ipa
+%type <net_ptr> net_ net_any net_vpn4_ net_vpn6_ net_vpn_ net_roa4_ net_roa6_ net_roa_
+%type <mls> label_stack_start label_stack
+
+%type <t> text opttext
%nonassoc PREFIX_DUMMY
%left AND OR
@@ -88,7 +97,7 @@ CF_DECLS
%left '!'
%nonassoc '.'
-CF_KEYWORDS(DEFINE, ON, OFF, YES, NO, S, MS, US, PORT)
+CF_KEYWORDS(DEFINE, ON, OFF, YES, NO, S, MS, US, PORT, VPN)
CF_GRAMMAR
@@ -133,8 +142,6 @@ expr_us:
| expr US { $$ = (u32) $1 * 1; }
;
-/* expr_u16: expr { check_u16($1); $$ = $1; }; */
-
/* Switches */
bool:
@@ -146,13 +153,15 @@ bool:
| /* Silence means agreement */ { $$ = 1; }
;
-/* Addresses, prefixes and netmasks */
+
+/* Addresses */
ipa:
- IPA
+ IP4 { $$ = ipa_from_ip4($1); }
+ | IP6 { $$ = ipa_from_ip6($1); }
| SYM {
if ($1->class != (SYM_CONSTANT | T_IP)) cf_error("IP address expected");
- $$ = SYM_VAL($1).px.ip;
+ $$ = SYM_VAL($1).ip;
}
;
@@ -161,29 +170,144 @@ ipa_scope:
| '%' SYM { $$ = if_get_by_name($2->name); }
;
-prefix:
- ipa pxlen {
- if (!ip_is_prefix($1, $2)) cf_error("Invalid prefix");
- $$.addr = $1; $$.len = $2;
+
+/* Networks - internal */
+
+pxlen4:
+ '/' NUM {
+ if ($2 > IP4_MAX_PREFIX_LENGTH) cf_error("Invalid prefix length %u", $2);
+ $$ = $2;
+ }
+ | ':' IP4 {
+ $$ = ip4_masklen($2);
+ if ($$ == 255) cf_error("Invalid netmask %I4", $2);
}
;
-prefix_or_ipa:
- prefix
- | ipa { $$.addr = $1; $$.len = BITS_PER_IP_ADDRESS; }
+net_ip4_: IP4 pxlen4
+{
+ net_fill_ip4(&($$), $1, $2);
+
+ net_addr_ip4 *n = (void *) &($$);
+ if (!net_validate_ip4(n))
+ cf_error("Invalid IPv4 prefix %I4/%d, maybe you wanted %I4/%d",
+ n->prefix, n->pxlen, ip4_and(n->prefix, ip4_mkmask(n->pxlen)), n->pxlen);
+};
+
+net_ip6_: IP6 '/' NUM
+{
+ if ($3 > IP6_MAX_PREFIX_LENGTH)
+ cf_error("Invalid prefix length %u", $3);
+
+ net_fill_ip6(&($$), $1, $3);
+
+ net_addr_ip6 *n = (void *) &($$);
+ if (!net_validate_ip6(n))
+ cf_error("Invalid IPv6 prefix %I6/%d, maybe you wanted %I6/%d",
+ n->prefix, n->pxlen, ip6_and(n->prefix, ip6_mkmask(n->pxlen)), n->pxlen);
+};
+
+net_vpn4_: VPN_RD net_ip4_
+{
+ $$ = cfg_alloc(sizeof(net_addr_vpn4));
+ net_fill_vpn4($$, net4_prefix(&$2), net4_pxlen(&$2), $1);
+}
+
+net_vpn6_: VPN_RD net_ip6_
+{
+ $$ = cfg_alloc(sizeof(net_addr_vpn6));
+ net_fill_vpn6($$, net6_prefix(&$2), net6_pxlen(&$2), $1);
+}
+
+net_roa4_: net_ip4_ MAX NUM AS NUM
+{
+ $$ = cfg_alloc(sizeof(net_addr_roa4));
+ net_fill_roa4($$, net4_prefix(&$1), net4_pxlen(&$1), $3, $5);
+ if ($3 < net4_pxlen(&$1) || $3 > IP4_MAX_PREFIX_LENGTH)
+ cf_error("Invalid max prefix length %u", $3);
+};
+
+net_roa6_: net_ip6_ MAX NUM AS NUM
+{
+ $$ = cfg_alloc(sizeof(net_addr_roa6));
+ net_fill_roa6($$, net6_prefix(&$1), net6_pxlen(&$1), $3, $5);
+ if ($3 < net6_pxlen(&$1) || $3 > IP6_MAX_PREFIX_LENGTH)
+ cf_error("Invalid max prefix length %u", $3);
+};
+
+net_ip_: net_ip4_ | net_ip6_ ;
+net_vpn_: net_vpn4_ | net_vpn6_ ;
+net_roa_: net_roa4_ | net_roa6_ ;
+
+net_:
+ net_ip_ { $$ = cfg_alloc($1.length); net_copy($$, &($1)); }
+ | net_vpn_
+ | net_roa_
+ | net_flow_
;
-pxlen:
- '/' expr {
- if ($2 < 0 || $2 > BITS_PER_IP_ADDRESS) cf_error("Invalid prefix length %d", $2);
- $$ = $2;
+
+/* Networks - regular */
+
+net_ip6:
+ net_ip6_
+ | SYM {
+ if (($1->class != (SYM_CONSTANT | T_NET)) || (SYM_VAL($1).net->type != NET_IP6))
+ cf_error("IPv6 network expected");
+ $$ = * SYM_VAL($1).net;
+ }
+ ;
+
+net_ip:
+ net_ip_
+ | SYM {
+ if (($1->class != (SYM_CONSTANT | T_NET)) || !net_is_ip(SYM_VAL($1).net))
+ cf_error("IP network expected");
+ $$ = * SYM_VAL($1).net;
}
- | ':' ipa {
- $$ = ipa_masklen($2);
- if ($$ < 0) cf_error("Invalid netmask %I", $2);
+ ;
+
+net_any:
+ net_
+ | SYM {
+ if ($1->class != (SYM_CONSTANT | T_NET))
+ cf_error("Network expected");
+ $$ = (net_addr *) SYM_VAL($1).net; /* Avoid const warning */
+ }
+ ;
+
+net_or_ipa:
+ net_ip4_
+ | net_ip6_
+ | IP4 { net_fill_ip4(&($$), $1, IP4_MAX_PREFIX_LENGTH); }
+ | IP6 { net_fill_ip6(&($$), $1, IP6_MAX_PREFIX_LENGTH); }
+ | SYM {
+ if ($1->class == (SYM_CONSTANT | T_IP))
+ net_fill_ip_host(&($$), SYM_VAL($1).ip);
+ else if (($1->class == (SYM_CONSTANT | T_NET)) && net_is_ip(SYM_VAL($1).net))
+ $$ = * SYM_VAL($1).net;
+ else
+ cf_error("IP address or network expected");
}
;
+label_stack_start: NUM
+{
+ $$ = cfg_allocz(sizeof(mpls_label_stack));
+ $$->len = 1;
+ $$->stack[0] = $1;
+};
+
+label_stack:
+ label_stack_start
+ | label_stack '/' NUM {
+ if ($1->len >= MPLS_MAX_LABEL_STACK)
+ cf_error("Too many labels in stack");
+ $1->stack[$1->len++] = $3;
+ $$ = $1;
+ }
+;
+
datetime:
TEXT {
$$ = tm_parse_datetime($1);
@@ -200,11 +324,12 @@ text:
}
;
-text_or_none:
- TEXT { $$ = $1; }
- | { $$ = NULL; }
+opttext:
+ TEXT
+ | /* empty */ { $$ = NULL; }
;
+
CF_CODE
CF_END
diff --git a/conf/flowspec.Y b/conf/flowspec.Y
new file mode 100644
index 00000000..8c72854c
--- /dev/null
+++ b/conf/flowspec.Y
@@ -0,0 +1,219 @@
+/*
+ * BIRD -- Flow specification (RFC 5575) grammar
+ *
+ * (c) 2016 CZ.NIC z.s.p.o.
+ *
+ * Can be freely distributed and used under the terms of the GNU GPL.
+ */
+
+CF_HDR
+
+#define PARSER 1
+
+#include "nest/bird.h"
+#include "conf/conf.h"
+#include "lib/resource.h"
+#include "lib/socket.h"
+#include "sysdep/unix/timer.h"
+#include "lib/string.h"
+#include "nest/protocol.h"
+#include "nest/iface.h"
+#include "nest/route.h"
+#include "nest/cli.h"
+#include "filter/filter.h"
+#include "lib/flowspec.h"
+
+
+CF_DEFINES
+
+struct flow_builder *this_flow;
+
+
+CF_DECLS
+
+%type <i32> flow_num_op flow_srcdst flow_logic_op flow_num_type_ flow_frag_val flow_neg
+%type <net_ptr> net_flow4_ net_flow6_ net_flow_
+
+CF_KEYWORDS(FLOW4, FLOW6, DST, SRC, PROTO, NEXT, HEADER, DPORT, SPORT, ICMP,
+ TYPE, CODE, TCP, FLAGS, LENGTH, DSCP, DONT_FRAGMENT, IS_FRAGMENT,
+ FIRST_FRAGMENT, LAST_FRAGMENT, FRAGMENT, LABEL, OFFSET)
+
+
+CF_GRAMMAR
+
+/* Network Flow Specification */
+
+flow_num_op:
+ TRUE { $$ = FLOW_OP_TRUE; }
+ | '=' { $$ = FLOW_OP_EQ; }
+ | NEQ { $$ = FLOW_OP_NEQ; }
+ | '<' { $$ = FLOW_OP_LT; }
+ | LEQ { $$ = FLOW_OP_LEQ; }
+ | '>' { $$ = FLOW_OP_GT; }
+ | GEQ { $$ = FLOW_OP_GEQ; }
+ | FALSE { $$ = FLOW_OP_FALSE; }
+ ;
+
+flow_logic_op:
+ OR { $$ = FLOW_OP_OR; }
+ | AND { $$ = FLOW_OP_AND; }
+ ;
+
+flow_num_type_:
+ PROTO { $$ = FLOW_TYPE_IP_PROTOCOL; }
+ | NEXT HEADER { $$ = FLOW_TYPE_NEXT_HEADER; }
+ | PORT { $$ = FLOW_TYPE_PORT; }
+ | DPORT { $$ = FLOW_TYPE_DST_PORT; }
+ | SPORT { $$ = FLOW_TYPE_SRC_PORT; }
+ | ICMP TYPE { $$ = FLOW_TYPE_ICMP_TYPE; }
+ | ICMP CODE { $$ = FLOW_TYPE_ICMP_CODE; }
+ | LENGTH { $$ = FLOW_TYPE_PACKET_LENGTH; }
+ | DSCP { $$ = FLOW_TYPE_DSCP; }
+ ;
+
+flow_num_type: flow_num_type_{ flow_builder_set_type(this_flow, $1); };
+flow_flag_type: TCP FLAGS { flow_builder_set_type(this_flow, FLOW_TYPE_TCP_FLAGS); };
+flow_frag_type: FRAGMENT { flow_builder_set_type(this_flow, FLOW_TYPE_FRAGMENT); };
+flow_label_type: LABEL { flow_builder_set_type(this_flow, FLOW_TYPE_LABEL); };
+
+flow_srcdst:
+ DST { $$ = FLOW_TYPE_DST_PREFIX; }
+ | SRC { $$ = FLOW_TYPE_SRC_PREFIX; }
+ ;
+
+flow_num_opts:
+ flow_num_op expr {
+ flow_check_cf_value_length(this_flow, $2);
+ flow_builder_add_op_val(this_flow, $1, $2);
+ }
+ | flow_num_opts flow_logic_op flow_num_op expr {
+ flow_check_cf_value_length(this_flow, $4);
+ flow_builder_add_op_val(this_flow, $2 | $3, $4);
+ }
+ | flow_num_opt_ext
+ | flow_num_opts OR flow_num_opt_ext
+ ;
+
+flow_num_opt_ext_expr:
+ expr {
+ flow_check_cf_value_length(this_flow, $1);
+ flow_builder_add_op_val(this_flow, FLOW_OP_EQ, $1);
+ }
+ | expr DDOT expr {
+ flow_check_cf_value_length(this_flow, $1);
+ flow_check_cf_value_length(this_flow, $3);
+ flow_builder_add_op_val(this_flow, FLOW_OP_GEQ, $1);
+ flow_builder_add_op_val(this_flow, FLOW_OP_AND | FLOW_OP_LEQ, $3);
+ }
+ ;
+
+flow_num_opt_ext:
+ flow_num_opt_ext_expr
+ | flow_num_opt_ext ',' flow_num_opt_ext_expr
+ ;
+
+flow_bmk_opts:
+ flow_neg expr '/' expr {
+ flow_check_cf_bmk_values(this_flow, $1, $2, $4);
+ flow_builder_add_val_mask(this_flow, $1, $2, $4);
+ }
+ | flow_bmk_opts flow_logic_op flow_neg expr '/' expr {
+ flow_check_cf_bmk_values(this_flow, $3, $4, $6);
+ flow_builder_add_val_mask(this_flow, $2 | $3, $4, $6);
+ }
+ | flow_bmk_opts ',' flow_neg expr '/' expr {
+ flow_check_cf_bmk_values(this_flow, $3, $4, $6);
+ flow_builder_add_val_mask(this_flow, 0x40 | $3, $4, $6); /* AND */
+ }
+ ;
+
+flow_neg:
+ /* empty */ { $$ = 0x00; }
+ | '!' { $$ = 0x02; }
+ ;
+
+flow_frag_val:
+ DONT_FRAGMENT { $$ = 1; }
+ | IS_FRAGMENT { $$ = 2; }
+ | FIRST_FRAGMENT { $$ = 4; }
+ | LAST_FRAGMENT { $$ = 8; }
+ ;
+
+flow_frag_opts:
+ flow_neg flow_frag_val {
+ flow_builder_add_val_mask(this_flow, 0, ($1 ? 0 : $2), $2);
+ }
+ | flow_frag_opts flow_logic_op flow_neg flow_frag_val {
+ flow_builder_add_val_mask(this_flow, $2, ($3 ? 0 : $4), $4);
+ }
+ | flow_frag_opts ',' flow_neg flow_frag_val {
+ flow_builder_add_val_mask(this_flow, 0x40, ($3 ? 0 : $4), $4); /* AND */
+ }
+ ;
+
+flow4_item:
+ flow_srcdst net_ip {
+ flow_builder_set_type(this_flow, $1);
+ flow_builder4_add_pfx(this_flow, (net_addr_ip4 *) &($2));
+ }
+ | flow_num_type flow_num_opts
+ | flow_flag_type flow_bmk_opts
+ | flow_frag_type flow_frag_opts
+ ;
+
+flow6_item:
+ flow_srcdst net_ip6 {
+ flow_builder_set_type(this_flow, $1);
+ flow_builder6_add_pfx(this_flow, (net_addr_ip6 *) &($2), 0);
+ }
+ | flow_srcdst net_ip6 OFFSET NUM {
+ if ($4 > $2.pxlen)
+ cf_error("Prefix offset is higher than prefix length");
+ flow_builder_set_type(this_flow, $1);
+ flow_builder6_add_pfx(this_flow, (net_addr_ip6 *) &($2), $4);
+ }
+ | flow_num_type flow_num_opts
+ | flow_flag_type flow_bmk_opts
+ | flow_frag_type flow_frag_opts
+ | flow_label_type flow_bmk_opts
+ ;
+
+flow4_opts:
+ /* empty */
+ | flow4_opts flow4_item ';'
+ ;
+
+flow6_opts:
+ /* empty */
+ | flow6_opts flow6_item ';'
+ ;
+
+flow_builder_init:
+{
+ if (this_flow == NULL)
+ this_flow = flow_builder_init(&root_pool);
+ else
+ flow_builder_clear(this_flow);
+};
+
+flow_builder_set_ipv4: { this_flow->ipv6 = 0; };
+flow_builder_set_ipv6: { this_flow->ipv6 = 1; };
+
+net_flow4_: FLOW4 '{' flow_builder_init flow_builder_set_ipv4 flow4_opts '}'
+{
+ $$ = (net_addr *) flow_builder4_finalize(this_flow, cfg_mem);
+ flow4_validate_cf((net_addr_flow4 *) $$);
+};
+
+net_flow6_: FLOW6 '{' flow_builder_init flow_builder_set_ipv6 flow6_opts '}'
+{
+ $$ = (net_addr *) flow_builder6_finalize(this_flow, cfg_mem);
+ flow6_validate_cf((net_addr_flow6 *) $$);
+};
+
+net_flow_: net_flow4_ | net_flow6_ ;
+
+
+CF_CODE
+
+CF_END