networkd: RPDB rule - add support to configure inverted rule.
Closes #10706
This commit is contained in:
parent
253de60634
commit
8b220643b1
|
@ -1015,6 +1015,12 @@
|
||||||
Defaults to unset.</para>
|
Defaults to unset.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><varname>InvertRule=</varname></term>
|
||||||
|
<listitem>
|
||||||
|
<para>A boolean. Specifies wheather the rule to be inverted. Defaults to false.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
|
|
@ -852,6 +852,32 @@ int sd_rtnl_message_routing_policy_rule_get_table(sd_netlink_message *m, unsigne
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int sd_rtnl_message_routing_policy_rule_set_flags(sd_netlink_message *m, unsigned flags) {
|
||||||
|
struct rtmsg *routing_policy_rule;
|
||||||
|
|
||||||
|
assert_return(m, -EINVAL);
|
||||||
|
assert_return(m->hdr, -EINVAL);
|
||||||
|
assert_return(rtnl_message_type_is_routing_policy_rule(m->hdr->nlmsg_type), -EINVAL);
|
||||||
|
|
||||||
|
routing_policy_rule = NLMSG_DATA(m->hdr);
|
||||||
|
routing_policy_rule->rtm_flags |= flags;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int sd_rtnl_message_routing_policy_rule_get_flags(sd_netlink_message *m, unsigned *flags) {
|
||||||
|
struct rtmsg *routing_policy_rule;
|
||||||
|
|
||||||
|
assert_return(m, -EINVAL);
|
||||||
|
assert_return(m->hdr, -EINVAL);
|
||||||
|
assert_return(rtnl_message_type_is_routing_policy_rule(m->hdr->nlmsg_type), -EINVAL);
|
||||||
|
|
||||||
|
routing_policy_rule = NLMSG_DATA(m->hdr);
|
||||||
|
*flags = routing_policy_rule->rtm_flags;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int sd_rtnl_message_routing_policy_rule_set_rtm_type(sd_netlink_message *m, unsigned char type) {
|
int sd_rtnl_message_routing_policy_rule_set_rtm_type(sd_netlink_message *m, unsigned char type) {
|
||||||
struct rtmsg *routing_policy_rule;
|
struct rtmsg *routing_policy_rule;
|
||||||
|
|
||||||
|
|
|
@ -104,6 +104,7 @@ RoutingPolicyRule.OutgoingInterface, config_parse_routing_policy_rule_device,
|
||||||
RoutingPolicyRule.IPProtocol, config_parse_routing_policy_rule_ip_protocol, 0, 0
|
RoutingPolicyRule.IPProtocol, config_parse_routing_policy_rule_ip_protocol, 0, 0
|
||||||
RoutingPolicyRule.SourcePort, config_parse_routing_policy_rule_port_range, 0, 0
|
RoutingPolicyRule.SourcePort, config_parse_routing_policy_rule_port_range, 0, 0
|
||||||
RoutingPolicyRule.DestinationPort, config_parse_routing_policy_rule_port_range, 0, 0
|
RoutingPolicyRule.DestinationPort, config_parse_routing_policy_rule_port_range, 0, 0
|
||||||
|
RoutingPolicyRule.InvertRule, config_parse_routing_policy_rule_invert, 0, 0
|
||||||
Route.Gateway, config_parse_gateway, 0, 0
|
Route.Gateway, config_parse_gateway, 0, 0
|
||||||
Route.Destination, config_parse_destination, 0, 0
|
Route.Destination, config_parse_destination, 0, 0
|
||||||
Route.Source, config_parse_destination, 0, 0
|
Route.Source, config_parse_destination, 0, 0
|
||||||
|
|
|
@ -588,6 +588,12 @@ int routing_policy_rule_configure(RoutingPolicyRule *rule, Link *link, link_netl
|
||||||
return log_error_errno(r, "Could not append FRA_DPORT_RANGE attribute: %m");
|
return log_error_errno(r, "Could not append FRA_DPORT_RANGE attribute: %m");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (rule->invert_rule) {
|
||||||
|
r = sd_rtnl_message_routing_policy_rule_set_flags(m, FIB_RULE_INVERT);
|
||||||
|
if (r < 0)
|
||||||
|
return log_error_errno(r, "Could not append FIB_RULE_INVERT attribute: %m");
|
||||||
|
}
|
||||||
|
|
||||||
rule->link = link;
|
rule->link = link;
|
||||||
|
|
||||||
r = netlink_call_async(link->manager->rtnl, NULL, m,
|
r = netlink_call_async(link->manager->rtnl, NULL, m,
|
||||||
|
@ -959,6 +965,45 @@ int config_parse_routing_policy_rule_ip_protocol(
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int config_parse_routing_policy_rule_invert(
|
||||||
|
const char *unit,
|
||||||
|
const char *filename,
|
||||||
|
unsigned line,
|
||||||
|
const char *section,
|
||||||
|
unsigned section_line,
|
||||||
|
const char *lvalue,
|
||||||
|
int ltype,
|
||||||
|
const char *rvalue,
|
||||||
|
void *data,
|
||||||
|
void *userdata) {
|
||||||
|
|
||||||
|
_cleanup_(routing_policy_rule_freep) RoutingPolicyRule *n = NULL;
|
||||||
|
Network *network = userdata;
|
||||||
|
int r;
|
||||||
|
|
||||||
|
assert(filename);
|
||||||
|
assert(section);
|
||||||
|
assert(lvalue);
|
||||||
|
assert(rvalue);
|
||||||
|
assert(data);
|
||||||
|
|
||||||
|
r = routing_policy_rule_new_static(network, filename, section_line, &n);
|
||||||
|
if (r < 0)
|
||||||
|
return r;
|
||||||
|
|
||||||
|
r = parse_boolean(rvalue);
|
||||||
|
if (r < 0) {
|
||||||
|
log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse RPDB rule invert, ignoring: %s", rvalue);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
n->invert_rule = r;
|
||||||
|
|
||||||
|
n = NULL;
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static int routing_policy_rule_read_full_file(const char *state_file, char **ret) {
|
static int routing_policy_rule_read_full_file(const char *state_file, char **ret) {
|
||||||
_cleanup_free_ char *s = NULL;
|
_cleanup_free_ char *s = NULL;
|
||||||
size_t size;
|
size_t size;
|
||||||
|
|
|
@ -25,6 +25,8 @@ struct RoutingPolicyRule {
|
||||||
Link *link;
|
Link *link;
|
||||||
NetworkConfigSection *section;
|
NetworkConfigSection *section;
|
||||||
|
|
||||||
|
bool invert_rule;
|
||||||
|
|
||||||
uint8_t tos;
|
uint8_t tos;
|
||||||
uint8_t protocol;
|
uint8_t protocol;
|
||||||
|
|
||||||
|
@ -79,3 +81,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_priority);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_device);
|
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_device);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_port_range);
|
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_port_range);
|
||||||
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_ip_protocol);
|
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_ip_protocol);
|
||||||
|
CONFIG_PARSER_PROTOTYPE(config_parse_routing_policy_rule_invert);
|
||||||
|
|
|
@ -179,6 +179,8 @@ int sd_rtnl_message_routing_policy_rule_set_rtm_dst_prefixlen(sd_netlink_message
|
||||||
int sd_rtnl_message_routing_policy_rule_get_rtm_dst_prefixlen(sd_netlink_message *m, unsigned char *len);
|
int sd_rtnl_message_routing_policy_rule_get_rtm_dst_prefixlen(sd_netlink_message *m, unsigned char *len);
|
||||||
int sd_rtnl_message_routing_policy_rule_set_rtm_type(sd_netlink_message *m, unsigned char type);
|
int sd_rtnl_message_routing_policy_rule_set_rtm_type(sd_netlink_message *m, unsigned char type);
|
||||||
int sd_rtnl_message_routing_policy_rule_get_rtm_type(sd_netlink_message *m, unsigned char *type);
|
int sd_rtnl_message_routing_policy_rule_get_rtm_type(sd_netlink_message *m, unsigned char *type);
|
||||||
|
int sd_rtnl_message_routing_policy_rule_set_flags(sd_netlink_message *m, unsigned flags);
|
||||||
|
int sd_rtnl_message_routing_policy_rule_get_flags(sd_netlink_message *m, unsigned *flags);
|
||||||
|
|
||||||
/* genl */
|
/* genl */
|
||||||
int sd_genl_socket_open(sd_netlink **nl);
|
int sd_genl_socket_open(sd_netlink **nl);
|
||||||
|
|
|
@ -153,6 +153,7 @@ FirewallMark=
|
||||||
SourcePort=
|
SourcePort=
|
||||||
DestinationPort=
|
DestinationPort=
|
||||||
IPProtocol=
|
IPProtocol=
|
||||||
|
InvertRule=
|
||||||
[IPv6PrefixDelegation]
|
[IPv6PrefixDelegation]
|
||||||
RouterPreference=
|
RouterPreference=
|
||||||
DNSLifetimeSec=
|
DNSLifetimeSec=
|
||||||
|
|
|
@ -442,6 +442,7 @@ Independent=
|
||||||
InitialAdvertisedReceiveWindow=
|
InitialAdvertisedReceiveWindow=
|
||||||
InitialCongestionWindow=
|
InitialCongestionWindow=
|
||||||
InputKey=
|
InputKey=
|
||||||
|
InvertRule=
|
||||||
KernelCommandLine=
|
KernelCommandLine=
|
||||||
KernelVersion=
|
KernelVersion=
|
||||||
Key=
|
Key=
|
||||||
|
|
Loading…
Reference in a new issue