X-Git-Url: https://git.archive.openwrt.org/?p=project%2Fnetifd.git;a=blobdiff_plain;f=system-linux.c;h=d788a01a5d4b0b0e777130d68d31e60f865b370d;hp=8345e5d206e710e1f9bd4eeafba87edd375b0f2b;hb=800e5e5f50b62af1b7054f41331a4cc0d7802f65;hpb=d7f7f002e3d168aedb5f2bc92180f5966482d7d9 diff --git a/system-linux.c b/system-linux.c index 8345e5d..d788a01 100644 --- a/system-linux.c +++ b/system-linux.c @@ -1,6 +1,8 @@ /* * netifd - network interface daemon * Copyright (C) 2012 Felix Fietkau + * Copyright (C) 2013 Jo-Philipp Wich + * Copyright (C) 2013 Steven Barth * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 @@ -31,6 +33,7 @@ #include #include #include +#include #include #include @@ -396,6 +399,11 @@ static bool check_route(struct nlmsghdr *hdr, int ifindex) return *(int *)RTA_DATA(tb[RTA_OIF]) == ifindex; } +static bool check_rule(struct nlmsghdr *hdr, int ifindex) +{ + return true; +} + static int cb_clear_event(struct nl_msg *msg, void *arg) { struct clear_data *clr = arg; @@ -418,16 +426,26 @@ static int cb_clear_event(struct nl_msg *msg, void *arg) cb = check_route; break; + case RTM_GETRULE: + type = RTM_DELRULE; + if (hdr->nlmsg_type != RTM_NEWRULE) + return NL_SKIP; + + cb = check_rule; + break; default: return NL_SKIP; } - if (!cb(hdr, clr->dev->ifindex)) + if (!cb(hdr, clr->dev ? clr->dev->ifindex : 0)) return NL_SKIP; - D(SYSTEM, "Remove %s from device %s\n", - type == RTM_DELADDR ? "an address" : "a route", - clr->dev->ifname); + if (type == RTM_DELRULE) + D(SYSTEM, "Remove a rule\n"); + else + D(SYSTEM, "Remove %s from device %s\n", + type == RTM_DELADDR ? "an address" : "a route", + clr->dev->ifname); memcpy(nlmsg_hdr(clr->msg), hdr, hdr->nlmsg_len); hdr = nlmsg_hdr(clr->msg); hdr->nlmsg_type = type; @@ -472,6 +490,7 @@ system_if_clear_entries(struct device *dev, int type, int af) clr.type = type; switch (type) { case RTM_GETADDR: + case RTM_GETRULE: clr.size = sizeof(struct rtgenmsg); break; case RTM_GETROUTE: @@ -942,10 +961,12 @@ static int system_rt(struct device *dev, struct device_route *route, int cmd) unsigned char scope = (cmd == RTM_DELROUTE) ? RT_SCOPE_NOWHERE : (have_gw) ? RT_SCOPE_UNIVERSE : RT_SCOPE_LINK; + unsigned int table = (route->flags & DEVROUTE_TABLE) ? route->table : RT_TABLE_MAIN; + struct rtmsg rtm = { .rtm_family = (alen == 4) ? AF_INET : AF_INET6, .rtm_dst_len = route->mask, - .rtm_table = RT_TABLE_MAIN, + .rtm_table = (table < 256) ? table : RT_TABLE_UNSPEC, .rtm_protocol = (route->flags & DEVADDR_KERNEL) ? RTPROT_KERNEL : RTPROT_STATIC, .rtm_scope = scope, .rtm_type = (cmd == RTM_DELROUTE) ? 0: RTN_UNICAST, @@ -979,6 +1000,9 @@ static int system_rt(struct device *dev, struct device_route *route, int cmd) if (dev) nla_put_u32(msg, RTA_OIF, dev->ifindex); + if (table >= 256) + nla_put_u32(msg, RTA_TABLE, table); + return system_rtnl_call(msg); } @@ -1011,6 +1035,226 @@ int system_flush_routes(void) return 0; } +bool system_resolve_rt_table(const char *name, unsigned int *id) +{ + FILE *f; + char *e, buf[128]; + unsigned int n, table = RT_TABLE_UNSPEC; + + /* first try to parse table as number */ + if ((n = strtoul(name, &e, 0)) > 0 && !*e) + table = n; + + /* handle well known aliases */ + else if (!strcmp(name, "default")) + table = RT_TABLE_DEFAULT; + else if (!strcmp(name, "main")) + table = RT_TABLE_MAIN; + else if (!strcmp(name, "local")) + table = RT_TABLE_LOCAL; + + /* try to look up name in /etc/iproute2/rt_tables */ + else if ((f = fopen("/etc/iproute2/rt_tables", "r")) != NULL) + { + while (fgets(buf, sizeof(buf) - 1, f) != NULL) + { + if ((e = strtok(buf, " \t\n")) == NULL || *e == '#') + continue; + + n = strtoul(e, NULL, 10); + e = strtok(NULL, " \t\n"); + + if (e && !strcmp(e, name)) + { + table = n; + break; + } + } + + fclose(f); + } + + if (table == RT_TABLE_UNSPEC) + return false; + + /* do not consider main table special */ + if (table == RT_TABLE_MAIN) + table = RT_TABLE_UNSPEC; + + *id = table; + return true; +} + +static int system_iprule(struct iprule *rule, int cmd) +{ + int alen = ((rule->flags & IPRULE_FAMILY) == IPRULE_INET4) ? 4 : 16; + + struct nl_msg *msg; + struct rtmsg rtm = { + .rtm_family = (alen == 4) ? AF_INET : AF_INET6, + .rtm_protocol = RTPROT_STATIC, + .rtm_scope = RT_SCOPE_UNIVERSE, + .rtm_table = RT_TABLE_UNSPEC, + .rtm_type = RTN_UNSPEC, + .rtm_flags = 0, + }; + + if (cmd == RTM_NEWRULE) { + rtm.rtm_type = RTN_UNICAST; + rtm.rtm_flags |= NLM_F_REPLACE | NLM_F_EXCL; + } + + if (rule->invert) + rtm.rtm_flags |= FIB_RULE_INVERT; + + if (rule->flags & IPRULE_SRC) + rtm.rtm_src_len = rule->src_mask; + + if (rule->flags & IPRULE_DEST) + rtm.rtm_dst_len = rule->dest_mask; + + if (rule->flags & IPRULE_TOS) + rtm.rtm_tos = rule->tos; + + if (rule->flags & IPRULE_LOOKUP) { + if (rule->lookup < 256) + rtm.rtm_table = rule->lookup; + } + + if (rule->flags & IPRULE_ACTION) + rtm.rtm_type = rule->action; + else if (rule->flags & IPRULE_GOTO) + rtm.rtm_type = FR_ACT_GOTO; + else if (!(rule->flags & (IPRULE_LOOKUP | IPRULE_ACTION | IPRULE_GOTO))) + rtm.rtm_type = FR_ACT_NOP; + + msg = nlmsg_alloc_simple(cmd, NLM_F_REQUEST); + + if (!msg) + return -1; + + nlmsg_append(msg, &rtm, sizeof(rtm), 0); + + if (rule->flags & IPRULE_IN) + nla_put(msg, FRA_IFNAME, strlen(rule->in_dev) + 1, rule->in_dev); + + if (rule->flags & IPRULE_OUT) + nla_put(msg, FRA_OIFNAME, strlen(rule->out_dev) + 1, rule->out_dev); + + if (rule->flags & IPRULE_SRC) + nla_put(msg, FRA_SRC, alen, &rule->src_addr); + + if (rule->flags & IPRULE_DEST) + nla_put(msg, FRA_DST, alen, &rule->dest_addr); + + if (rule->flags & IPRULE_PRIORITY) + nla_put_u32(msg, FRA_PRIORITY, rule->priority); + else if (cmd == RTM_NEWRULE) + nla_put_u32(msg, FRA_PRIORITY, rule->order); + + if (rule->flags & IPRULE_FWMARK) + nla_put_u32(msg, FRA_FWMARK, rule->fwmark); + + if (rule->flags & IPRULE_FWMASK) + nla_put_u32(msg, FRA_FWMASK, rule->fwmask); + + if (rule->flags & IPRULE_LOOKUP) { + if (rule->lookup >= 256) + nla_put_u32(msg, FRA_TABLE, rule->lookup); + } + + if (rule->flags & IPRULE_GOTO) + nla_put_u32(msg, FRA_GOTO, rule->gotoid); + + return system_rtnl_call(msg); +} + +int system_add_iprule(struct iprule *rule) +{ + return system_iprule(rule, RTM_NEWRULE); +} + +int system_del_iprule(struct iprule *rule) +{ + return system_iprule(rule, RTM_DELRULE); +} + +int system_flush_iprules(void) +{ + int rv = 0; + struct iprule rule; + + system_if_clear_entries(NULL, RTM_GETRULE, AF_INET); + system_if_clear_entries(NULL, RTM_GETRULE, AF_INET6); + + memset(&rule, 0, sizeof(rule)); + + + rule.flags = IPRULE_INET4 | IPRULE_PRIORITY | IPRULE_LOOKUP; + + rule.priority = 0; + rule.lookup = RT_TABLE_LOCAL; + rv |= system_iprule(&rule, RTM_NEWRULE); + + rule.priority = 32766; + rule.lookup = RT_TABLE_MAIN; + rv |= system_iprule(&rule, RTM_NEWRULE); + + rule.priority = 32767; + rule.lookup = RT_TABLE_DEFAULT; + rv |= system_iprule(&rule, RTM_NEWRULE); + + + rule.flags = IPRULE_INET6 | IPRULE_PRIORITY | IPRULE_LOOKUP; + + rule.priority = 0; + rule.lookup = RT_TABLE_LOCAL; + rv |= system_iprule(&rule, RTM_NEWRULE); + + rule.priority = 32766; + rule.lookup = RT_TABLE_MAIN; + rv |= system_iprule(&rule, RTM_NEWRULE); + + return rv; +} + +bool system_resolve_iprule_action(const char *action, unsigned int *id) +{ + char *e; + unsigned int n; + + if (!strcmp(action, "local")) + n = RTN_LOCAL; + else if (!strcmp(action, "nat")) + n = RTN_NAT; + else if (!strcmp(action, "broadcast")) + n = RTN_BROADCAST; + else if (!strcmp(action, "anycast")) + n = RTN_ANYCAST; + else if (!strcmp(action, "multicast")) + n = RTN_MULTICAST; + else if (!strcmp(action, "prohibit")) + n = RTN_PROHIBIT; + else if (!strcmp(action, "unreachable")) + n = RTN_UNREACHABLE; + else if (!strcmp(action, "blackhole")) + n = RTN_BLACKHOLE; + else if (!strcmp(action, "xresolve")) + n = RTN_XRESOLVE; + else if (!strcmp(action, "unicast")) + n = RTN_UNICAST; + else if (!strcmp(action, "throw")) + n = RTN_THROW; + else { + n = strtoul(action, &e, 0); + if (!e || *e || e == action || n > 255) + return false; + } + + *id = n; + return true; +} + time_t system_get_rtime(void) { struct timespec ts;