0
0
mirror of https://gitlab.nic.cz/labs/bird.git synced 2024-12-21 09:11:54 +00:00

Reimplementation of prefix sets.

Prefix sets were broken beyond any repair and have to be reimplemented.
They are reimplemented using a trie with bitmasks in nodes.
There is also change in the interpretation of minus prefix pattern,
but the old interpretation was already inconsistent with
the documentation and broken.

There is also some bugfixes in filter code related to set variables.
This commit is contained in:
Ondrej Zajicek 2009-03-31 12:55:57 +02:00
parent 1733d080c9
commit b1a597e0c3
14 changed files with 743 additions and 58 deletions

View File

@ -34,6 +34,7 @@ CF_DECLS
struct f_inst *x;
struct filter *f;
struct f_tree *e;
struct f_trie *trie;
struct f_val v;
struct f_path_mask *h;
struct password_item *p;

View File

@ -508,12 +508,33 @@ incompatible with each other (that is to prevent you from shooting in the foot).
Filters recognize four types of sets. Sets are similar to strings: you can pass them around
but you can't modify them. Literals of type <cf>set int</cf> look like <cf>
[ 1, 2, 5..7 ]</cf>. As you can see, both simple values and ranges are permitted in
sets. Sets of prefixes are special: you can specify which prefix lengths should match them by
using <cf>[ 1.0.0.0/8+, 2.0.0.0/8-, 3.0.0.0/8{5,6} ]</cf>. <cf>3.0.0.0/8{5,6}</cf> matches
prefixes <cf/3.X.X.X/ whose prefix length is 5 to 6. <cf><m>address</m>/<m>num</m>+</cf> is a shorthand for <cf><m>address</m>/{0,<m/num/}</cf>,
<cf><m>address</m>/<m/num/-</cf> is a shorthand for <cf><m>address</m>/{0,<m/num-1/}</cf>. For example,
<cf>1.2.0.0/16 &tilde; [ 1.0.0.0/8{ 15 , 17 } ]</cf> is true, but
<cf>1.0.0.0/8 &tilde; [ 1.0.0.0/8- ]</cf> is false.
sets.
Sets of prefixes are special: their literals does not allow ranges, but allows
prefix patterns that are written as <cf><M>ipaddress</M>/<M>pxlen</M>{<M>low</M>,<M>high</M>}</cf>.
Prefix <cf><m>ip1</m>/<m>len1</m></cf> matches prefix pattern <cf><m>ip2</m>/<m>len2</m>{<m>l</m>, <m>h</m>}</cf> iff
the first <cf>min(len1, len2)</cf> bits of <cf/ip1/> and <cf/ip2/ are identical and <cf>len1 &le; ip1 &le; len2</cf>.
A valid prefix pattern has to satisfy <cf/low &le; high/, but <cf/pxlen> is not constrained by <cf/low/
or <cf/high/. Obviously, a prefix matches a prefix set literal iff it matches any prefix pattern in the
prefix set literal.
There are also two shorthands for prefix patterns: <cf><m>address</m>/<m/len/+</cf> is a shorthand for
<cf><m>address</m>/<m/len/{<m/len/,<m/maxlen/}</cf> (where <cf><m>maxlen</m></c> is 32 for IPv4 and 128 for IPv6),
that means prefix <cf><m>address</m>/<m/len/</cf> and all its subprefixes. <cf><m>address</m>/<m/len/-</cf>
is a shorthand for <cf><m>address</m>/<m/len/{0,<m/len/}</cf>, that means prefix <cf><m>address</m>/<m/len/</cf>
and all its superprefixes (prefixes that contain it).
For example, <cf>[ 1.0.0.0/8, 2.0.0.0/8+, 3.0.0.0/8-, 4.0.0.0/8{16,24} ]</cf> matches
prefix <cf>1.0.0.0/8</cf>, all subprefixes of <cf>2.0.0.0/8</cf>, all superprefixes of <cf>3.0.0.0/8</cf> and prefixes
<cf/4.X.X.X/ whose prefix length is 16 to 24. <cf>[ 0.0.0.0/0{20,24} ]</cf> matches all prefixes (regardless of
IP address) whose prefix length is 20 to 24, <cf>[ 1.2.3.4/32- ]</cf> matches any prefix that contains IP address
<cf>1.2.3.4</cf>. <cf>1.2.0.0/16 &tilde; [ 1.0.0.0/8{ 15 , 17 } ]</cf> is true,
but <cf>1.0.0.0/16 &tilde; [ 1.0.0.0/8- ]</cf> is false.
Cisco-style patterns like <cf>10.0.0.0/8 ge 16 le 24</cf> can be expressed
in Bird as <cf>10.0.0.0/8{16,24}</cf>, <cf>192.168.0.0/16 le 24</cf> as
<cf>192.168.0.0/16{16,24}</cf> and <cf>192.168.0.0/16 ge 24</cf> as
<cf>192.168.0.0/16{24,32}</cf>.
<tag/enum/
Enumeration types are fixed sets of possibilities. You can't define your own

View File

@ -1,3 +1,4 @@
H Filters
S filter.c
S tree.c
S trie.c

View File

@ -1,4 +1,4 @@
source=f-util.c filter.c tree.c
source=f-util.c filter.c tree.c trie.c
root-rel=../
dir-name=filter

View File

@ -36,6 +36,7 @@ CF_KEYWORDS(FUNCTION, PRINT, PRINTN, UNSET, RETURN,
%type <f> filter filter_body where_filter
%type <i> type break_command pair
%type <e> set_item set_items switch_body
%type <trie> fprefix_set
%type <v> set_atom fprefix fprefix_s fipa
%type <s> decls declsn one_decl function_params
%type <h> bgp_path bgp_path_tail1 bgp_path_tail2
@ -69,12 +70,20 @@ type:
| CLIST { $$ = T_CLIST; }
| type SET {
switch ($1) {
case T_INT:
case T_IP:
case T_PAIR:
$$ = T_SET;
break;
case T_PREFIX:
$$ = T_PREFIX_SET;
break;
default:
cf_error( "You can't create sets of this type." );
case T_INT: case T_IP: case T_PREFIX: case T_PAIR: ;
}
$$ = $1 | T_SET;
}
}
;
one_decl:
@ -201,20 +210,6 @@ pair:
/*
* Complex types, their bison value is struct f_val
*/
fprefix_s:
IPA '/' NUM %prec '/' {
if (!ip_is_prefix($1, $3)) cf_error("Invalid network prefix: %I/%d.", $1, $3);
$$.type = T_PREFIX; $$.val.px.ip = $1; $$.val.px.len = $3;
}
;
fprefix:
fprefix_s { $$ = $1; }
| fprefix_s '+' { $$ = $1; $$.val.px.len |= LEN_PLUS; }
| fprefix_s '-' { $$ = $1; $$.val.px.len |= LEN_MINUS; }
| fprefix_s '{' NUM ',' NUM '}' { $$ = $1; $$.val.px.len |= LEN_RANGE | ($3 << 16) | ($5 << 8); }
;
fipa:
IPA %prec PREFIX_DUMMY { $$.type = T_IP; $$.val.px.ip = $1; }
;
@ -223,7 +218,6 @@ set_atom:
NUM { $$.type = T_INT; $$.val.i = $1; }
| pair { $$.type = T_PAIR; $$.val.i = $1; }
| fipa { $$ = $1; }
| fprefix { $$ = $1; }
| ENUM { $$.type = $1 >> 16; $$.val.i = $1 & 0xffff; }
;
@ -231,18 +225,12 @@ set_item:
set_atom {
$$ = f_new_tree();
$$->from = $1;
if ($1.type != T_PREFIX)
$$->to = $1;
else {
$$->to = $1;
$$->to.val.px.ip = ipa_or( $$->to.val.px.ip, ipa_not( ipa_mkmask( $$->to.val.px.len ) ));
}
$$->to = $1;
}
| set_atom '.' '.' set_atom {
$$ = f_new_tree();
$$->from = $1;
$$->to = $4;
if (($1.type == T_PREFIX) || ($4.type == T_PREFIX)) cf_error( "You can't use prefixes for range." );
}
;
@ -251,6 +239,28 @@ set_items:
| set_items ',' set_item { $$ = $3; $$->left = $1; }
;
fprefix_s:
IPA '/' NUM %prec '/' {
if (($3 < 0) || ($3 > MAX_PREFIX_LENGTH) || !ip_is_prefix($1, $3)) cf_error("Invalid network prefix: %I/%d.", $1, $3);
$$.type = T_PREFIX; $$.val.px.ip = $1; $$.val.px.len = $3;
}
;
fprefix:
fprefix_s { $$ = $1; }
| fprefix_s '+' { $$ = $1; $$.val.px.len |= LEN_PLUS; }
| fprefix_s '-' { $$ = $1; $$.val.px.len |= LEN_MINUS; }
| fprefix_s '{' NUM ',' NUM '}' {
if (! ((0 <= $3) && ($3 <= $5) && ($5 <= MAX_PREFIX_LENGTH))) cf_error("Invalid prefix pattern range: {%d, %d}.", $3, $5);
$$ = $1; $$.val.px.len |= LEN_RANGE | ($3 << 16) | ($5 << 8);
}
;
fprefix_set:
fprefix { $$ = f_new_trie(); trie_add_prefix($$, &($1.val.px)); }
| fprefix_set ',' fprefix { $$ = $1; trie_add_prefix($$, &($3.val.px)); }
;
switch_body: /* EMPTY */ { $$ = NULL; }
| set_item ':' cmds switch_body {
$$ = $1;
@ -294,6 +304,7 @@ constant:
| fipa { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; *val = $1; }
| fprefix_s {NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; *val = $1; }
| '[' set_items ']' { DBG( "We've got a set here..." ); $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_SET; $$->a2.p = build_tree($2); DBG( "ook\n" ); }
| '[' fprefix_set ']' { $$ = f_new_inst(); $$->code = 'c'; $$->aux = T_PREFIX_SET; $$->a2.p = $2; }
| ENUM { $$ = f_new_inst(); $$->code = 'c'; $$->aux = $1 >> 16; $$->a2.i = $1 & 0xffff; }
| bgp_path { NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; val->type = T_PATH_MASK; val->val.path_mask = $1; $$->a1.p = val; }
;
@ -374,12 +385,16 @@ term:
case SYM_IPA:
{ NEW_F_VAL; $$ = f_new_inst(); $$->code = 'C'; $$->a1.p = val; val->type = T_IP; val->val.px.ip = * (ip_addr *) ($1->def); }
break;
case SYM_VARIABLE | T_BOOL:
case SYM_VARIABLE | T_INT:
case SYM_VARIABLE | T_PAIR:
case SYM_VARIABLE | T_PREFIX:
case SYM_VARIABLE | T_STRING:
case SYM_VARIABLE | T_IP:
case SYM_VARIABLE | T_PATH_MASK:
case SYM_VARIABLE | T_PREFIX:
case SYM_VARIABLE | T_PREFIX_SET:
case SYM_VARIABLE | T_SET:
case SYM_VARIABLE | T_PATH:
case SYM_VARIABLE | T_PATH_MASK:
case SYM_VARIABLE | T_CLIST:
$$->code = 'C';
$$->a1.p = $1->def;

View File

@ -145,6 +145,25 @@ val_compare(struct f_val v1, struct f_val v2)
}
}
void
f_prefix_get_bounds(struct f_prefix *px, int *l, int *h)
{
*l = *h = px->len & LEN_MASK;
if (px->len & LEN_MINUS)
*l = 0;
else if (px->len & LEN_PLUS)
*h = MAX_PREFIX_LENGTH;
else if (px->len & LEN_RANGE)
{
*l = 0xff & (px->len >> 16);
*h = 0xff & (px->len >> 8);
}
}
/*
* val_simple_in_range - check if @v1 ~ @v2 for everything except sets
*/
@ -162,21 +181,21 @@ val_simple_in_range(struct f_val v1, struct f_val v2)
return !(ipa_compare(ipa_and(v2.val.px.ip, ipa_mkmask(v2.val.px.len)), ipa_and(v1.val.px.ip, ipa_mkmask(v2.val.px.len))));
if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX)) {
ip_addr mask;
if (v1.val.px.len & (LEN_PLUS | LEN_MINUS | LEN_RANGE))
return CMP_ERROR;
mask = ipa_mkmask( v2.val.px.len & LEN_MASK );
int p1 = v1.val.px.len & LEN_MASK;
int p2 = v2.val.px.len & LEN_MASK;
ip_addr mask = ipa_mkmask(MIN(p1, p2));
if (ipa_compare(ipa_and(v2.val.px.ip, mask), ipa_and(v1.val.px.ip, mask)))
return 0;
if ((v2.val.px.len & LEN_MINUS) && (v1.val.px.len <= (v2.val.px.len & LEN_MASK)))
return 0;
if ((v2.val.px.len & LEN_PLUS) && (v1.val.px.len < (v2.val.px.len & LEN_MASK)))
return 0;
if ((v2.val.px.len & LEN_RANGE) && ((v1.val.px.len < (0xff & (v2.val.px.len >> 16)))
|| (v1.val.px.len > (0xff & (v2.val.px.len >> 8)))))
return 0;
return 1;
int l, h;
f_prefix_get_bounds(&v2.val.px, &l, &h);
return ((l <= v1.val.px.len) && (v1.val.px.len <= h));
}
return CMP_ERROR;
}
@ -199,6 +218,9 @@ val_in_range(struct f_val v1, struct f_val v2)
if (res != CMP_ERROR)
return res;
if ((v1.type == T_PREFIX) && (v2.type == T_PREFIX_SET))
return trie_match_prefix(v2.val.ti, &v1.val.px);
if (v2.type == T_SET)
switch (v1.type) {
case T_ENUM:
@ -248,6 +270,7 @@ val_print(struct f_val v)
case T_IP: PRINTF( "%I", v.val.px.ip ); break;
case T_PREFIX: PRINTF( "%I/%d", v.val.px.ip, v.val.px.len ); break;
case T_PAIR: PRINTF( "(%d,%d)", v.val.i >> 16, v.val.i & 0xffff ); break;
case T_PREFIX_SET: trie_print(v.val.ti, buf, 2040); break;
case T_SET: tree_print( v.val.t ); PRINTF( "\n" ); break;
case T_ENUM: PRINTF( "(enum %x)%d", v.type, v.val.i ); break;
case T_PATH: as_path_format(v.val.ad, buf2, 1020); PRINTF( "(path %s)", buf2 ); break;
@ -430,13 +453,17 @@ interpret(struct f_inst *what)
switch (res.type = v2.type) {
case T_VOID: runtime( "Can't assign void values" );
case T_ENUM:
case T_INT:
case T_IP:
case T_PREFIX:
case T_PAIR:
case T_BOOL:
case T_INT:
case T_PAIR:
case T_STRING:
case T_IP:
case T_PREFIX:
case T_PREFIX_SET:
case T_SET:
case T_PATH:
case T_CLIST:
case T_PATH_MASK:
case T_CLIST:
if (sym->class != (SYM_VARIABLE | v2.type))
runtime( "Assigning to variable of incompatible type" );
* (struct f_val *) sym->def = v2;
@ -447,10 +474,12 @@ interpret(struct f_inst *what)
break;
/* some constants have value in a2, some in *a1.p, strange. */
case 'c': /* integer (or simple type) constant, or string, or set */
case 'c': /* integer (or simple type) constant, string, set, or prefix_set */
res.type = what->aux;
if (res.type == T_SET)
if (res.type == T_PREFIX_SET)
res.val.ti = what->a2.p;
else if (res.type == T_SET)
res.val.t = what->a2.p;
else if (res.type == T_STRING)
res.val.s = what->a2.p;
@ -818,16 +847,21 @@ i_same(struct f_inst *f1, struct f_inst *f2)
break;
case 'c':
if (f1->aux & T_SET) {
switch (f1->aux) {
case T_PREFIX_SET:
if (!trie_same(f1->a2.p, f2->a2.p))
return 0;
case T_SET:
if (!same_tree(f1->a2.p, f2->a2.p))
return 0;
break;
}
switch (f1->aux) {
case T_STRING:
if (strcmp(f1->a2.p, f2->a2.p))
return 0;
break;
default:
A2_SAME;
}

View File

@ -50,6 +50,7 @@ struct f_val {
struct f_prefix px;
char *s;
struct f_tree *t;
struct f_trie *ti;
struct adata *ad;
struct f_path_mask *path_mask;
} val;
@ -69,6 +70,12 @@ struct f_tree *build_tree(struct f_tree *);
struct f_tree *find_tree(struct f_tree *t, struct f_val val);
int same_tree(struct f_tree *t1, struct f_tree *t2);
struct f_trie *f_new_trie(void);
void trie_add_prefix(struct f_trie *t, struct f_prefix *px);
int trie_match_prefix(struct f_trie *t, struct f_prefix *px);
int trie_same(struct f_trie *t1, struct f_trie *t2);
int trie_print(struct f_trie *t, char *buf, int blen);
struct ea_list;
struct rte;
@ -128,6 +135,7 @@ void val_print(struct f_val v);
#define T_RETURN 0x40
#define T_SET 0x80
#define T_PREFIX_SET 0x81
struct f_tree {
struct f_tree *left, *right;
@ -135,6 +143,19 @@ struct f_tree {
void *data;
};
struct f_trie_node
{
ip_addr addr, mask, accept;
int plen;
struct f_trie_node *c[2];
};
struct f_trie
{
int zero;
struct f_trie_node root;
};
#define NEW_F_VAL struct f_val * val; val = cfg_alloc(sizeof(struct f_val));
#define FF_FORCE_TMPATTR 1 /* Force all attributes to be temporary */

View File

@ -100,10 +100,25 @@ function __test2()
} reject;
}
function test_pxset(prefix set pxs)
{
print " must be true: ", 10.0.0.0/8 ~ pxs, ",", 10.0.0.0/10 ~ pxs, ",", 10.0.0.0/12 ~ pxs, ",",
20.0.0.0/24 ~ pxs, ",", 20.0.40.0/24 ~ pxs, ",", 20.0.0.0/26 ~ pxs, ",",
20.0.100.0/26 ~ pxs, ",", 20.0.0.0/28 ~ pxs, ",", 20.0.255.0/28 ~ pxs;
print " must be false: ", 10.0.0.0/7 ~ pxs, ",", 10.0.0.0/13 ~ pxs, ",", 10.0.0.0/16 ~ pxs, ",",
20.0.0.0/16 ~ pxs, ",", 20.0.0.0/23 ~ pxs, ",", 20.0.0.0/29 ~ pxs, ",",
11.0.0.0/10 ~ pxs, ",", 20.1.0.0/26 ~ pxs;
}
function __startup()
int i;
bool b;
prefix px;
ip p;
pair pp;
int set is;
prefix set pxs;
string s;
{
print "Testing filter language:";
i = four;
@ -118,20 +133,37 @@ ip p;
if 1234 = i then printn "."; else { print "*** FAIL: if 1 else"; }
# if 1 <= 1 then printn "."; else { print "*** FAIL: test 3"; }
if 1234 < 1234 then { print "*** FAIL: test 4"; quitbird; } else print "ok";
is = [ 2, 3, 4, 7..11 ];
print " must be true: ", 1.2.0.0/16 ~ [ 1.0.0.0/8{ 15 , 17 } ];
print " data types; must be true: ", 1.2.3.4 = 1.2.3.4, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 1.2.3.4 ~ [ 1.2.3.3..1.2.3.5 ], ",", 1.2.3.4 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ [ 1.0.0.0/8+ ];
print " data types; must be true: ", 1.2.3.4 = 1.2.3.4, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 10 ~ is, ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 1.2.3.4 ~ [ 1.2.3.3..1.2.3.5 ], ",", 1.2.3.4 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ 1.0.0.0/8, ",", 1.0.0.0/8 ~ [ 1.0.0.0/8+ ];
print " must be true: ", true && true, ",", true || false;
# print " must be true: ", defined(1), ",", defined(1.2.3.4), ",", 1 != 2, ",", 1 <= 2;
print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ [ 2, 3, 4, 7..11 ], ",", 1.2.3.4 ~ [ 1.2.3.3, 1.2.3.5 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1.0.0.0/8 ~ [ 1.0.0.0/8- ], ",", 1.2.0.0/17 ~ [ 1.0.0.0/8{ 15 , 16 } ], ",", true && false;
print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ is, ",", 1.2.3.4 ~ [ 1.2.3.3, 1.2.3.5 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1.0.0.0/9 ~ [ 1.0.0.0/8- ], ",", 1.2.0.0/17 ~ [ 1.0.0.0/8{ 15 , 16 } ], ",", true && false;
px = 1.2.0.0/18;
print "Testing prefixes: 1.2.0.0/18 = ", px;
p = 127.1.2.3;
print "Testing mask : 127.0.0.0 = ", p.mask(8);
print "Testing pairs: (1,2) = ", (1,2);
pp = (1, 2);
print "Testing pairs: (1,2) = ", (1,2), " = ", pp;
print "Testing enums: ", RTS_DUMMY, " ", RTS_STATIC;
s = "Hello";
print "Testing string: ", s, " true: ", s ~ "Hell*", " false: ", s ~ "ell*";
b = true;
print "Testing bool: ", b, ", ", !b;
pxs = [ 1.2.0.0/16, 1.4.0.0/16+];
print "Testing prefix sets: ";
print pxs;
print " must be true: ", 1.2.0.0/16 ~ pxs, ",", 1.4.0.0/16 ~ pxs, ",", 1.4.0.0/18 ~ pxs, ",", 1.4.0.0/32 ~ pxs;
print " must be false: ", 1.1.0.0/16 ~ pxs, ",", 1.3.0.0/16 ~ pxs, ",", 1.2.0.0/15 ~ pxs, ",", 1.2.0.0/17 ~ pxs, ",",
1.2.0.0/32 ~ pxs, ",", 1.4.0.0/15 ~ pxs;
test_pxset([ 10.0.0.0/16{8,12}, 20.0.0.0/16{24,28} ]);
print "What will this do? ", [ 1, 2, 1, 1, 1, 3, 4, 1, 1, 1, 5 ];
print "Testing functions...";

182
filter/test6.conf Normal file
View File

@ -0,0 +1,182 @@
/*
* This is an example configuration file.
* FIXME: add all examples from docs here.
*/
# Yet another comment
router id 62.168.0.1;
define xyzzy = (120+10);
function callme(int arg1; int arg2)
int local1;
int local2;
int i;
{
printn "Function callme called arguments ", arg1, " and ", arg2, ":" ;
i = arg2;
case arg1 {
2: print "dva"; print "jeste jednou dva";
3 .. 5: print "tri az pet";
else: print "neco jineho";
}
}
function fifteen()
{
print "fifteen called";
return 15;
}
function paths()
bgpmask pm1;
bgpmask pm2;
bgppath p2;
clist l;
{
pm1 = / 4 3 2 1 /;
pm2 = [= 4 3 2 1 =];
print "Testing path masks: ", pm1, " ", pm2;
p2 = prepend( + empty +, 1 );
p2 = prepend( p2, 2 );
p2 = prepend( p2, 3 );
p2 = prepend( p2, 4 );
print "Testing paths: ", p2;
print "Should be true: ", p2 ~ pm1, " ", p2 ~ pm2;
print "4 = ", p2.len;
p2 = prepend( p2, 5 );
print "Should be false: ", p2 ~ pm1, " ", p2 ~ pm2;
print "Should be true: ", p2 ~ / ? 4 3 2 1 /, " ", p2, " ", / ? 4 3 2 1 /;
print "Should be true: ", p2 ~ [= * 4 3 * 1 =], " ", p2, " ", [= * 4 3 * 1 =];
print "5 = ", p2.len;
pm1 = [= 1 2 * 3 4 5 =];
p2 = prepend( + empty +, 5 );
p2 = prepend( p2, 4 );
p2 = prepend( p2, 3 );
p2 = prepend( p2, 3 );
p2 = prepend( p2, 2 );
p2 = prepend( p2, 1 );
print "Should be true: ", p2 ~ pm1, " ", p2, " ", pm1;
l = - empty -;
l = add( l, (1,2) );
l = add( l, (2,3) );
print "Community list (1,2) (2,3) ", l;
print "Should be true: ", (2,3) ~ l;
l = delete( l, (2,3) );
print "Community list (1,2) ", l;
print "Should be false: ", (2,3) ~ l;
}
function bla()
{
print "fifteen called";
return 15;
}
define four=4;
function test_pxset(prefix set pxs)
{
print " must be true: ", 1000::/8 ~ pxs, ",", 1000::/10 ~ pxs, ",", 1000::/12 ~ pxs, ",",
2000::/24 ~ pxs, ",", 2000:4000::/24 ~ pxs, ",", 2000::/26 ~ pxs, ",",
2000:8000::/26 ~ pxs, ",", 2000::/28 ~ pxs, ",", 2000:FFF0::/28 ~ pxs;
print " must be false: ", 1000::/7 ~ pxs, ",", 1000::/13 ~ pxs, ",", 1000::/16 ~ pxs, ",",
2000::/16 ~ pxs, ",", 2000::/23 ~ pxs, ",", 2000::/29 ~ pxs, ",",
1100::/10 ~ pxs, ",", 2010::/26 ~ pxs;
}
function __startup()
int i;
bool b;
prefix px;
ip p;
pair pp;
int set is;
prefix set pxs;
string s;
{
print "Testing filter language:";
i = four;
i = 12*100 + 60/2 + i;
i = ( i + 0 );
print " arithmetics: 1234 = ", i;
printn " if statements ";
print "what happens here?";
printn ".";
if (i = 4) then { print "*** FAIL: if 0"; quitbird; } else printn ".";
# if !(i = 3) then { print "*** FAIL: if 0"; quitbird; } else printn ".";
if 1234 = i then printn "."; else { print "*** FAIL: if 1 else"; }
# if 1 <= 1 then printn "."; else { print "*** FAIL: test 3"; }
if 1234 < 1234 then { print "*** FAIL: test 4"; quitbird; } else print "ok";
is = [ 2, 3, 4, 7..11 ];
print " must be true: ", 1180::/16 ~ [ 1100::/8{ 15 , 17 } ];
print " data types; must be true: ", 12::34 = 12::34, ",", 1 ~ [1,2,3], ",", 5 ~ [1..20], ",", 10 ~ is, ",", 2 ~ [ 1, 2, 3 ], ",", 5 ~ [ 4 .. 7 ], ",", 12::34 ~ [ 12::33..12::35 ], ",", 1020::34 ~ 1000::/8, ",", 1000::/8 ~ 1000::/8, ",", 1000::/8 ~ [ 1000::/8+ ];
print " must be true: ", true && true, ",", true || false;
# print " must be true: ", defined(1), ",", defined(1.2.3.4), ",", 1 != 2, ",", 1 <= 2;
print " data types: must be false: ", 1 ~ [ 2, 3, 4 ], ",", 5 ~ is, ",", 12::34 ~ [ 12::33, 12::35 ], ",", (1,2) > (2,2), ",", (1,1) > (1,1), ",", 1000::/9 ~ [ 1000::/8- ], ",", 1000::/17 ~ [ 1000::/8{ 15 , 16 } ], ",", true && false;
px = 1020::/18;
print "Testing prefixes: 1020::/18 = ", px;
p = 1234:5678::;
print "Testing mask : 1200:: = ", p.mask(8);
pp = (1, 2);
print "Testing pairs: (1,2) = ", (1,2), " = ", pp;
print "Testing enums: ", RTS_DUMMY, " ", RTS_STATIC;
s = "Hello";
print "Testing string: ", s, " true: ", s ~ "Hell*", " false: ", s ~ "ell*";
b = true;
print "Testing bool: ", b, ", ", !b;
pxs = [ 1102::/16, 1104::/16+];
print "Testing prefix sets: ";
print pxs;
print " must be true: ", 1102::/16 ~ pxs, ",", 1104::/16 ~ pxs, ",", 1104::/18 ~ pxs, ",", 1104::/32 ~ pxs;
print " must be false: ", 1101::/16 ~ pxs, ",", 1103::/16 ~ pxs, ",", 1102::/15 ~ pxs, ",", 1102::/17 ~ pxs, ",",
1102::/32 ~ pxs, ",", 1104::/15 ~ pxs;
test_pxset([ 1000::/16{8,12}, 2000::/16{24,28} ]);
print "What will this do? ", [ 1, 2, 1, 1, 1, 3, 4, 1, 1, 1, 5 ];
print "Testing functions...";
# callme ( 1, 2 );
callme ( 2, 2 );
callme ( 2, 2 );
callme ( 3, 2 );
callme ( 4, 2 );
callme ( 7, 2 );
i = fifteen();
print "Testing function calls: 15 = ", i;
paths();
print "done";
quitbird;
# print "*** FAIL: this is unreachable";
}
filter testf
int j;
{
print "Heya, filtering route to ", net.ip, " prefixlen ", net.len, " source ", source;
print "This route was from ", from;
j = 7;
j = 17;
if rip_metric > 15 then {
reject "RIP Metric is more than infinity";
}
rip_metric = 14;
unset(rip_metric);
accept "ok I take that";
}
eval __startup();

325
filter/trie.c Normal file
View File

@ -0,0 +1,325 @@
/*
* Filters: Trie for prefix sets
*
* Copyright 2009 Ondrej Zajicek <santiago@crfreenet.org>
*
* Can be freely distributed and used under the terms of the GNU GPL.
*/
/**
* DOC: Trie for prefix sets
*
* We use a (compressed) trie to represent prefix sets. Every node
* in the trie represents one prefix (&addr/&plen) and &plen also
* indicates the index of the bit in the address that is used to
* branch at the node. If we need to represent just a set of
* prefixes, it would be simple, but we have to represent a
* set of prefix pattern. Each prefix pattern consists of
* &ppaddr/&pplen and two integers: &low and &high, and a prefix
* &paddr/&plen matches that pattern if the first MIN(&plen, &pplen)
* bits of &paddr and &ppaddr are the same and &low <= &plen <= &high.
*
* We use a bitmask (&accept) to represent accepted prefix lengths
* at a node. As there are 33 prefix lengths (0..32 for IPv4), but
* there is just one prefix of zero length in the whole trie so we
* have &zero flag in &f_trie (indicating whether the trie accepts
* prefix 0.0.0.0/0) as a special case, and &accept bitmask
* represents accepted prefix lengths from 1 to 32.
*
* There are two cases in prefix matching - a match when the length
* of the prefix is smaller that the length of the prefix pattern,
* (&plen < &pplen) and otherwise. The second case is simple - we
* just walk through the trie and look at every visited node
* whether that prefix accepts our prefix length (&plen). The
* first case is tricky - we don't want to examine every descendant
* of a final node, so (when we create the trie) we have to propagate
* that information from nodes to their ascendants.
*
* Suppose that we have two masks (M1 and M2) for a node. Mask M1
* represents accepted prefix lengths by just the node and mask M2
* represents accepted prefix lengths by the node or any of its
* descendants. Therefore M2 is a bitwise or of M1 and children's
* M2 and this is a maintained invariant during trie building.
* Basically, when we want to match a prefix, we walk through the trie,
* check mask M1 for our prefix length and when we came to
* final node, we check mask M2.
*
* There are two differences in the real implementation. First,
* we use a compressed trie so there is a case that we skip our
* final node (if it is not in the trie) and we came to node that
* is either extension of our prefix, or completely out of path
* In the first case, we also have to check M2.
* There also might be
* a problem that interval of acceptance (on path from root to the
* final node) might be completely missing (for example if we have
* prefix patterns 192.168.128.0/24{8,10} and 192.168.1.0/24
*
* Second, we really need not to maintain two separate bitmasks.
* Checks for mask M1 are always larger than &applen and we need
* just the first &pplen bits of mask M2 (if trie compression
* hadn't been used it would suffice to know just $applen-th bit),
* so we have to store them together in &accept mask - the first
* &pplen bits of mask M2 and then mask M1.
*
* There are four cases when we walk through a trie:
*
* - we are in NULL
* - we are out of path (prefixes are inconsistent)
* - we are in the wanted (final) node (node length == &plen)
* - we are beyond the end of path (node length > &plen)
* - we are still on path and keep walking (node length < &plen)
*
* The walking code in add_node_to_trie() and trie_match_prefix()
* is structured according to these cases.
*/
#include "nest/bird.h"
#include "conf/conf.h"
#include "filter/filter.h"
/**
* f_new_trie
*
* Allocates and returns a new empty trie.
*/
struct f_trie *
f_new_trie(void)
{
struct f_trie * ret;
ret = cfg_allocz(sizeof(struct f_trie));
return ret;
}
static inline struct f_trie_node *
new_node(int plen, ip_addr paddr, ip_addr pmask, ip_addr amask)
{
struct f_trie_node *n = cfg_allocz(sizeof(struct f_trie_node));
n->plen = plen;
n->addr = paddr;
n->mask = pmask;
n->accept = amask;
return n;
}
static inline void
attach_node(struct f_trie_node *parent, struct f_trie_node *child)
{
parent->c[ipa_getbit(child->addr, parent->plen) ? 1 : 0] = child;
}
static void
add_node_to_trie(struct f_trie *t, int plen, ip_addr ip, ip_addr amask)
{
ip_addr pmask = ipa_mkmask(plen);
ip_addr paddr = ipa_and(ip, pmask);
struct f_trie_node *o = NULL;
struct f_trie_node *n = &t->root;
while(n)
{
ip_addr cmask = ipa_and(n->mask, pmask);
if (ipa_compare(ipa_and(paddr, cmask), ipa_and(n->addr, cmask)))
{
/* We are out of path - we have to add branching node 'b'
between node 'o' and node 'n', and attach new node 'a'
as the other child of 'b'. */
int blen = ipa_pxlen(paddr, n->addr);
ip_addr bmask = ipa_mkmask(blen);
ip_addr baddr = ipa_and(ip, bmask);
/* Merge accept masks from children to get accept mask for node 'b' */
ip_addr baccm = ipa_and(ipa_or(amask, n->accept), bmask);
struct f_trie_node *a = new_node(plen, paddr, pmask, amask);
struct f_trie_node *b = new_node(blen, baddr, bmask, baccm);
attach_node(o, b);
attach_node(b, n);
attach_node(b, a);
return;
}
if (plen < n->plen)
{
/* We add new node 'a' between node 'o' and node 'n' */
amask = ipa_or(amask, ipa_and(n->accept, pmask));
struct f_trie_node *a = new_node(plen, paddr, pmask, amask);
attach_node(o, a);
attach_node(a, n);
return;
}
if (plen == n->plen)
{
/* We already found added node in trie. Just update accept mask */
n->accept = ipa_or(n->accept, amask);
return;
}
/* Update accept mask part M2 and go deeper */
n->accept = ipa_or(n->accept, ipa_and(amask, n->mask));
/* n->plen < plen and plen <= 32 */
o = n;
n = n->c[ipa_getbit(paddr, n->plen) ? 1 : 0];
}
/* We add new tail node 'a' after node 'o' */
struct f_trie_node *a = new_node(plen, paddr, pmask, amask);
attach_node(o, a);
}
/**
* trie_add_prefix
* @t: trie to add to
* @px: prefix to add
*
* Adds prefix (prefix pattern) @px to trie @t.
*/
void
trie_add_prefix(struct f_trie *t, struct f_prefix *px)
{
int l, h;
int plen = px->len & LEN_MASK;
ip_addr pmask = ipa_mkmask(plen);
/* 'l' and 'h' are lower and upper bounds on accepted
prefix lengths, both inclusive. 0 <= l, h <= 32 */
f_prefix_get_bounds(px, &l, &h);
if (l == 0)
t->zero = 1;
else
l--;
ip_addr amask = ipa_xor(ipa_mkmask(l), ipa_mkmask(h));
/* MIN(plen, h) instead of just plen is a little trick. */
add_node_to_trie(t, MIN(plen, h), px->ip, amask);
}
/**
* trie_match_prefix
* @t: trie
* @px: prefix
*
* Tries to find a matching prefix pattern in the trie such that
* prefix @px matches that prefix pattern. Returns 1 if there
* is such prefix pattern in the trie.
*/
int
trie_match_prefix(struct f_trie *t, struct f_prefix *px)
{
int plen = px->len & LEN_MASK;
ip_addr pmask = ipa_mkmask(plen);
ip_addr paddr = ipa_and(px->ip, pmask);
if (plen == 0)
return t->zero;
int plentest = plen - 1;
struct f_trie_node *n = &t->root;
while(n)
{
ip_addr cmask = ipa_and(n->mask, pmask);
/* We are out of path */
if (ipa_compare(ipa_and(paddr, cmask), ipa_and(n->addr, cmask)))
return 0;
/* Check accept mask */
if (ipa_getbit(n->accept, plentest))
return 1;
/* We finished trie walk and still no match */
if (plen <= n->plen)
return 0;
/* Choose children */
n = n->c[(ipa_getbit(paddr, n->plen)) ? 1 : 0];
}
return 0;
}
static int
trie_node_same(struct f_trie_node *t1, struct f_trie_node *t2)
{
if ((t1 == NULL) && (t2 == NULL))
return 1;
if ((t1 == NULL) || (t2 == NULL))
return 0;
if ((t1->plen != t2->plen) ||
(! ipa_equal(t1->addr, t2->addr)) ||
(! ipa_equal(t1->accept, t2->accept)))
return 0;
return trie_node_same(t1->c[0], t2->c[0]) && trie_node_same(t1->c[1], t2->c[1]);
}
/**
* trie_same
* @t1: first trie to be compared
* @t2: second one
*
* Compares two tries and returns 1 if they are same
*/
int
trie_same(struct f_trie *t1, struct f_trie *t2)
{
return (t1->zero == t2->zero) && trie_node_same(&t1->root, &t2->root);
}
static int
trie_node_print(struct f_trie_node *t, char *buf, int blen)
{
if (t == NULL)
return;
int old_blen = blen;
int wb = 0; // bsnprintf(buf, blen, "%I/%d accept %I\n", t->addr, t->plen, t->accept);
debug("%I/%d accept %I\n", t->addr, t->plen, t->accept);
if ((wb < 0) || ((blen - wb) < 10))
{
bsnprintf(buf, blen, "...\n");
return -1;
}
buf += wb;
blen -= wb;
wb = trie_node_print(t->c[0], buf, blen);
if (wb < 0)
return -1;
buf += wb;
blen -= wb;
wb = trie_node_print(t->c[1], buf, blen);
if (wb < 0)
return -1;
blen -= wb;
return (old_blen - blen);
}
/**
* trie_print
* @t: trie to be printed
* @buf: buffer
* @blen: buffer length
*
* Prints the trie to the buffer, using at most blen bytes.
* Returns the number of used bytes, or -1 if there is not
* enough space in the buffer.
*/
int
trie_print(struct f_trie *t, char *buf, int blen)
{
return trie_node_print(&t->root, buf, blen);
}

View File

@ -45,3 +45,24 @@ u32_masklen(u32 x)
if (x & 0xaaaaaaaa) l++;
return l;
}
/**
* u32_log2 - compute a binary logarithm.
* @v: number
*
* This function computes a integral part of binary logarithm of given
* integer @v and returns it. The computed value is also an index of the
* first non-zero bit position.
*/
u32
u32_log2(u32 v)
{
u32 r, shift;
r = (v > 0xFFFF) << 4; v >>= r;
shift = (v > 0xFF ) << 3; v >>= shift; r |= shift;
shift = (v > 0xF ) << 2; v >>= shift; r |= shift;
shift = (v > 0x3 ) << 1; v >>= shift; r |= shift;
r |= (v >> 1);
return r;
}

View File

@ -17,3 +17,5 @@
u32 u32_mkmask(unsigned n);
int u32_masklen(u32 x);
u32 u32_log2(u32 v);

View File

@ -35,6 +35,7 @@ typedef u32 ip_addr;
#endif
#define MAX_PREFIX_LENGTH 32
#define BITS_PER_IP_ADDRESS 32
#define STD_ADDRESS_P_LENGTH 15
#define SIZE_OF_IP_HEADER 24
@ -58,6 +59,9 @@ typedef u32 ip_addr;
#define ipa_from_u32(x) _MI(x)
#define ipa_to_u32(x) _I(x)
#define ipa_compare(x,y) ipv4_compare(_I(x),_I(y))
/* ipa_pxlen() requires that x != y */
#define ipa_pxlen(x, y) ipv4_pxlen(_I(x), _I(y))
#define ipa_getbit(x, y) (_I(x) & (0x80000000 >> (y)))
#define ip_skip_header(x, y) ipv4_skip_header(x, y)
@ -78,6 +82,12 @@ static inline int ipv4_compare(u32 x, u32 y)
return (x > y) - (x < y);
}
static inline u32 ipv4_pxlen(u32 a, u32 b)
{
return 31 - u32_log2(a ^ b);
}
#define IP_PREC_INTERNET_CONTROL 0xc0
#endif

View File

@ -12,6 +12,7 @@
#include <sys/types.h>
#include <netinet/in.h>
#include "lib/string.h"
#include "lib/bitops.h"
typedef struct ipv6_addr {
u32 addr[4];
@ -23,6 +24,7 @@ typedef struct ipv6_addr {
#define _I2(a) ((a).addr[2])
#define _I3(a) ((a).addr[3])
#define MAX_PREFIX_LENGTH 128
#define BITS_PER_IP_ADDRESS 128
#define STD_ADDRESS_P_LENGTH 39
#define SIZE_OF_IP_HEADER 40
@ -57,6 +59,9 @@ typedef struct ipv6_addr {
/* ipa_from_u32 and ipa_to_u32 replaced by ipa_build */
#define ipa_build(a,b,c,d) _MI(a,b,c,d)
#define ipa_compare(x,y) ipv6_compare(x,y)
/* ipa_pxlen() requires that x != y */
#define ipa_pxlen(x, y) ipv6_pxlen(x, y)
#define ipa_getbit(x, y) ipv6_getbit(x, y)
#define ipa_absolutize(x,y) ipv6_absolutize(x,y)
ip_addr ipv6_mkmask(unsigned);
@ -81,6 +86,21 @@ static inline unsigned ipv6_hash(ip_addr *a)
return (x ^ (x >> 16) ^ (x >> 8)) & 0xffff;
}
static inline u32 ipv6_getbit(ip_addr a, u32 y)
{
return a.addr[y / 32] & (0x80000000 >> (y % 32));
}
static inline u32 ipv6_pxlen(ip_addr a, ip_addr b)
{
int i = 0;
i+= (a.addr[i] == b.addr[i]);
i+= (a.addr[i] == b.addr[i]);
i+= (a.addr[i] == b.addr[i]);
i+= (a.addr[i] == b.addr[i]);
return 32 * i + 31 - u32_log2(a.addr[i] ^ b.addr[i]);
}
/*
* RFC 1883 defines packet precendece, but RFC 2460 replaces it
* by generic Traffic Class ID with no defined semantics. Better