Removes vstate argument from rde_filter().
Rename prefix_vstate() to prefix_roa_vstate().
OK tb@
-/* $OpenBSD: rde.c,v 1.583 2023/01/11 13:53:17 claudio Exp $ */
+/* $OpenBSD: rde.c,v 1.584 2023/01/11 17:10:25 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
memcpy(&netconf_s, imsg.data, sizeof(netconf_s));
TAILQ_INIT(&netconf_s.attrset);
rde_filterstate_prep(&netconf_state, NULL, NULL, NULL,
- 0);
+ 0, 0);
asp = &netconf_state.aspath;
asp->aspath = aspath_get(NULL, 0);
asp->origin = ORIGIN_IGP;
case IMSG_NETWORK_DONE:
TAILQ_CONCAT(&netconf_p.attrset, &parent_set, entry);
- rde_filterstate_prep(&state, NULL, NULL, NULL, 0);
+ rde_filterstate_prep(&state, NULL, NULL, NULL, 0, 0);
asp = &state.aspath;
asp->aspath = aspath_get(NULL, 0);
asp->origin = ORIGIN_IGP;
}
memset(&mpa, 0, sizeof(mpa));
- rde_filterstate_prep(&state, NULL, NULL, NULL, 0);
+ rde_filterstate_prep(&state, NULL, NULL, NULL, 0, 0);
if (attrpath_len != 0) { /* 0 = no NLRI information in this message */
/* parse path attributes */
while (len > 0) {
{
struct filterstate state;
enum filter_actions action;
- uint8_t vstate;
uint16_t i;
uint32_t path_id_tx;
const char *wmsg = "filtered, withdraw";
peer->prefix_rcvd_update++;
- vstate = rde_roa_validity(&rde_roa, prefix, prefixlen,
+ in->vstate = rde_roa_validity(&rde_roa, prefix, prefixlen,
aspath_origin(in->aspath.aspath));
path_id_tx = pathid_assign(peer, path_id, prefix, prefixlen);
/* add original path to the Adj-RIB-In */
if (prefix_update(rib_byid(RIB_ADJ_IN), peer, path_id, path_id_tx,
- in, prefix, prefixlen, vstate) == 1)
+ in, prefix, prefixlen, in->vstate) == 1)
peer->prefix_cnt++;
/* max prefix checker */
if (rib == NULL)
continue;
rde_filterstate_prep(&state, &in->aspath, &in->communities,
- in->nexthop, in->nhflags);
+ in->nexthop, in->nhflags, in->vstate);
/* input filter */
action = rde_filter(rib->in_rules, peer, peer, prefix,
- prefixlen, vstate, &state);
+ prefixlen, &state);
if (action == ACTION_ALLOW) {
rde_update_log("update", i, peer,
&state.nexthop->exit_nexthop, prefix,
prefixlen);
prefix_update(rib, peer, path_id, path_id_tx, &state,
- prefix, prefixlen, vstate);
+ prefix, prefixlen, in->vstate);
} else if (prefix_withdraw(rib, peer, path_id, prefix,
prefixlen)) {
rde_update_log(wmsg, i, peer,
pt_getaddr(p->pt, &rib.prefix);
rib.prefixlen = p->pt->prefixlen;
rib.origin = asp->origin;
- rib.validation_state = p->validation_state;
+ rib.validation_state = prefix_roa_vstate(p);
rib.dmetric = p->dmetric;
rib.flags = 0;
if (!adjout) {
continue;
rde_filterstate_prep(&state, asp, prefix_communities(p),
- prefix_nexthop(p), prefix_nhflags(p));
+ prefix_nexthop(p), prefix_nhflags(p),
+ prefix_roa_vstate(p));
action = rde_filter(rib->in_rules, peer, peer, &prefix,
- pt->prefixlen, p->validation_state, &state);
+ pt->prefixlen, &state);
if (action == ACTION_ALLOW) {
/* update Local-RIB */
prefix_update(rib, peer, p->path_id,
p->path_id_tx, &state,
&prefix, pt->prefixlen,
- p->validation_state);
+ prefix_roa_vstate(p));
} else if (action == ACTION_DENY) {
/* remove from Local-RIB */
prefix_withdraw(rib, peer, p->path_id, &prefix,
/* ROA validation state update */
vstate = rde_roa_validity(&rde_roa,
&prefix, pt->prefixlen, aspath_origin(asp->aspath));
- if (vstate == p->validation_state)
+ if (vstate == prefix_roa_vstate(p))
continue;
p->validation_state = vstate;
continue;
rde_filterstate_prep(&state, asp, prefix_communities(p),
- prefix_nexthop(p), prefix_nhflags(p));
+ prefix_nexthop(p), prefix_nhflags(p),
+ prefix_roa_vstate(p));
action = rde_filter(rib->in_rules, peer, peer, &prefix,
- pt->prefixlen, p->validation_state, &state);
+ pt->prefixlen, &state);
if (action == ACTION_ALLOW) {
/* update Local-RIB */
prefix_update(rib, peer, p->path_id,
p->path_id_tx, &state,
&prefix, pt->prefixlen,
- p->validation_state);
+ prefix_roa_vstate(p));
} else if (action == ACTION_DENY) {
/* remove from Local-RIB */
prefix_withdraw(rib, peer, p->path_id, &prefix,
ovs_match(struct prefix *p, uint32_t flag)
{
if (flag & (F_CTL_OVS_VALID|F_CTL_OVS_INVALID|F_CTL_OVS_NOTFOUND)) {
- switch (prefix_vstate(p)) {
+ switch (prefix_roa_vstate(p)) {
case ROA_VALID:
if (!(flag & F_CTL_OVS_VALID))
return 0;
-/* $OpenBSD: rde.h,v 1.276 2023/01/11 13:53:17 claudio Exp $ */
+/* $OpenBSD: rde.h,v 1.277 2023/01/11 17:10:26 claudio Exp $ */
/*
* Copyright (c) 2003, 2004 Claudio Jeker <claudio@openbsd.org> and
struct rde_community communities;
struct nexthop *nexthop;
uint8_t nhflags;
+ uint8_t vstate;
};
enum eval_mode {
void rde_apply_set(struct filter_set_head *, struct rde_peer *,
struct rde_peer *, struct filterstate *, uint8_t);
void rde_filterstate_prep(struct filterstate *, struct rde_aspath *,
- struct rde_community *, struct nexthop *, uint8_t);
+ struct rde_community *, struct nexthop *, uint8_t, uint8_t);
void rde_filterstate_clean(struct filterstate *);
int rde_filter_equal(struct filter_head *, struct filter_head *,
struct rde_peer *);
void rde_filter_calc_skip_steps(struct filter_head *);
enum filter_actions rde_filter(struct filter_head *, struct rde_peer *,
- struct rde_peer *, struct bgpd_addr *, uint8_t, uint8_t,
+ struct rde_peer *, struct bgpd_addr *, uint8_t,
struct filterstate *);
/* rde_prefix.c */
}
static inline uint8_t
-prefix_vstate(struct prefix *p)
+prefix_roa_vstate(struct prefix *p)
{
return (p->validation_state & ROA_MASK);
}
-/* $OpenBSD: rde_filter.c,v 1.129 2022/07/28 13:11:51 deraadt Exp $ */
+/* $OpenBSD: rde_filter.c,v 1.130 2023/01/11 17:10:26 claudio Exp $ */
/*
* Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
static int
rde_filter_match(struct filter_rule *f, struct rde_peer *peer,
struct rde_peer *from, struct filterstate *state,
- struct bgpd_addr *prefix, uint8_t plen, uint8_t vstate)
+ struct bgpd_addr *prefix, uint8_t plen)
{
struct rde_aspath *asp = &state->aspath;
int i;
return (0);
if (f->match.ovs.is_set) {
- if (vstate != f->match.ovs.validity)
+ if (state->vstate != f->match.ovs.validity)
return (0);
}
void
rde_filterstate_prep(struct filterstate *state, struct rde_aspath *asp,
- struct rde_community *communities, struct nexthop *nh, uint8_t nhflags)
+ struct rde_community *communities, struct nexthop *nh, uint8_t nhflags,
+ uint8_t vstate)
{
memset(state, 0, sizeof(*state));
communities_copy(&state->communities, communities);
state->nexthop = nexthop_ref(nh);
state->nhflags = nhflags;
+ state->vstate = vstate;
}
void
enum filter_actions
rde_filter(struct filter_head *rules, struct rde_peer *peer,
struct rde_peer *from, struct bgpd_addr *prefix, uint8_t plen,
- uint8_t vstate, struct filterstate *state)
+ struct filterstate *state)
{
struct filter_rule *f;
enum filter_actions action = ACTION_DENY; /* default deny */
f->peer.peerid != peer->conf.id),
f->skip[RDE_FILTER_SKIP_PEERID]);
- if (rde_filter_match(f, peer, from, state, prefix, plen,
- vstate)) {
+ if (rde_filter_match(f, peer, from, state, prefix, plen)) {
rde_apply_set(&f->set, peer, from, state, prefix->aid);
if (f->action != ACTION_NONE)
action = f->action;
-/* $OpenBSD: rde_update.c,v 1.149 2023/01/11 13:53:17 claudio Exp $ */
+/* $OpenBSD: rde_update.c,v 1.150 2023/01/11 17:10:26 claudio Exp $ */
/*
* Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org>
rde_filterstate_prep(&state, prefix_aspath(new),
prefix_communities(new), prefix_nexthop(new),
- prefix_nhflags(new));
+ prefix_nhflags(new), prefix_roa_vstate(new));
if (rde_filter(rules, peer, prefix_peer(new), &addr,
- prefixlen, prefix_vstate(new), &state) == ACTION_DENY) {
+ prefixlen, &state) == ACTION_DENY) {
rde_filterstate_clean(&state);
if (peer->flags & PEERFLAG_EVALUATE_ALL) {
new = TAILQ_NEXT(new, entry.list.rib);
up_prep_adjout(peer, &state, addr.aid);
prefix_adjout_update(p, peer, &state, &addr,
- new->pt->prefixlen, new->path_id_tx, prefix_vstate(new));
+ new->pt->prefixlen, new->path_id_tx,
+ prefix_roa_vstate(new));
rde_filterstate_clean(&state);
/* max prefix checker outbound */
rde_filterstate_prep(&state, prefix_aspath(new),
prefix_communities(new), prefix_nexthop(new),
- prefix_nhflags(new));
+ prefix_nhflags(new), prefix_roa_vstate(new));
if (rde_filter(rules, peer, prefix_peer(new), &addr,
- prefixlen, prefix_vstate(new), &state) == ACTION_DENY) {
+ prefixlen, &state) == ACTION_DENY) {
rde_filterstate_clean(&state);
continue;
}
up_prep_adjout(peer, &state, addr.aid);
prefix_adjout_update(p, peer, &state, &addr,
- new->pt->prefixlen, new->path_id_tx, prefix_vstate(new));
+ new->pt->prefixlen, new->path_id_tx,
+ prefix_roa_vstate(new));
rde_filterstate_clean(&state);
/* max prefix checker outbound */
rde_filterstate_prep(&state, prefix_aspath(new),
prefix_communities(new), prefix_nexthop(new),
- prefix_nhflags(new));
+ prefix_nhflags(new), prefix_roa_vstate(new));
if (rde_filter(rules, peer, prefix_peer(new), &addr,
- prefixlen, prefix_vstate(new), &state) == ACTION_DENY) {
+ prefixlen, &state) == ACTION_DENY) {
rde_filterstate_clean(&state);
continue;
}
up_prep_adjout(peer, &state, addr.aid);
prefix_adjout_update(p, peer, &state, &addr,
- prefixlen, new->path_id_tx, prefix_vstate(new));
+ prefixlen, new->path_id_tx, prefix_roa_vstate(new));
rde_filterstate_clean(&state);
/* max prefix checker outbound */
if (peer->capa.mp[aid] == 0)
return;
- rde_filterstate_prep(&state, NULL, NULL, NULL, 0);
+ rde_filterstate_prep(&state, NULL, NULL, NULL, 0, ROA_NOTFOUND);
asp = &state.aspath;
asp->aspath = aspath_get(NULL, 0);
asp->origin = ORIGIN_IGP;
p = prefix_adjout_lookup(peer, &addr, 0);
/* outbound filter as usual */
- if (rde_filter(rules, peer, peerself, &addr, 0, ROA_NOTFOUND,
- &state) == ACTION_DENY) {
+ if (rde_filter(rules, peer, peerself, &addr, 0, &state) ==
+ ACTION_DENY) {
rde_filterstate_clean(&state);
return;
}
goto done;
rde_filterstate_prep(&state, prefix_aspath(p), prefix_communities(p),
- prefix_nexthop(p), prefix_nhflags(p));
+ prefix_nexthop(p), prefix_nhflags(p), prefix_roa_vstate(p));
r = up_generate_attr(buf + 2, len - 2, peer, &state, AID_INET);
rde_filterstate_clean(&state);
wpos = 4; /* reserve space for length fields */
rde_filterstate_prep(&state, prefix_aspath(p), prefix_communities(p),
- prefix_nexthop(p), prefix_nhflags(p));
+ prefix_nexthop(p), prefix_nhflags(p), prefix_roa_vstate(p));
/* write regular path attributes */
r = up_generate_attr(buf + wpos, len - wpos, peer, &state, aid);
projects / openbsd / commitdiff