1/*
2 *  This file is free software: you may copy, redistribute and/or modify it
3 *  under the terms of the GNU General Public License as published by the
4 *  Free Software Foundation, either version 2 of the License, or (at your
5 *  option) any later version.
6 *
7 *  This file is distributed in the hope that it will be useful, but
8 *  WITHOUT ANY WARRANTY; without even the implied warranty of
9 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
10 *  General Public License for more details.
11 *
12 *  You should have received a copy of the GNU General Public License
13 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
14 *
15 * This file incorporates work covered by the following copyright and
16 * permission notice:
17 *
18
19Copyright 2011 by Matthieu Boutier and Juliusz Chroboczek
20
21Permission is hereby granted, free of charge, to any person obtaining a copy
22of this software and associated documentation files (the "Software"), to deal
23in the Software without restriction, including without limitation the rights
24to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
25copies of the Software, and to permit persons to whom the Software is
26furnished to do so, subject to the following conditions:
27
28The above copyright notice and this permission notice shall be included in
29all copies or substantial portions of the Software.
30
31THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
32IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
33FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
34AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
35LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
36OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
37THE SOFTWARE.
38*/
39
40#include "babel_filter.h"
41#include "vty.h"
42#include "filter.h"
43#include "log.h"
44#include "plist.h"
45#include "distribute.h"
46#include "util.h"
47
48int
49babel_filter(int output, const unsigned char *prefix, unsigned short plen,
50             unsigned int ifindex)
51{
52    struct interface *ifp = if_lookup_by_index(ifindex);
53    babel_interface_nfo *babel_ifp = ifp ? babel_get_if_nfo(ifp) : NULL;
54    struct prefix p;
55    struct distribute *dist;
56    struct access_list *alist;
57    struct prefix_list *plist;
58    int filter = output ? BABEL_FILTER_OUT : BABEL_FILTER_IN;
59    int distribute = output ? DISTRIBUTE_OUT : DISTRIBUTE_IN;
60
61    p.family = v4mapped(prefix) ? AF_INET : AF_INET6;
62    p.prefixlen = v4mapped(prefix) ? plen - 96 : plen;
63    if (p.family == AF_INET)
64        uchar_to_inaddr(&p.u.prefix4, prefix);
65    else
66        uchar_to_in6addr(&p.u.prefix6, prefix);
67
68    if (babel_ifp != NULL && babel_ifp->list[filter]) {
69        if (access_list_apply (babel_ifp->list[filter], &p)
70            == FILTER_DENY) {
71            debugf(BABEL_DEBUG_FILTER,
72                   "%s/%d filtered by distribute in",
73                   p.family == AF_INET ?
74                   inet_ntoa(p.u.prefix4) :
75                   inet6_ntoa (p.u.prefix6),
76                   p.prefixlen);
77            return INFINITY;
78	}
79    }
80    if (babel_ifp != NULL && babel_ifp->prefix[filter]) {
81        if (prefix_list_apply (babel_ifp->prefix[filter], &p)
82            == PREFIX_DENY) {
83            debugf(BABEL_DEBUG_FILTER, "%s/%d filtered by distribute in",
84                        p.family == AF_INET ?
85                        inet_ntoa(p.u.prefix4) :
86                        inet6_ntoa (p.u.prefix6),
87                        p.prefixlen);
88            return INFINITY;
89	}
90    }
91
92    /* All interface filter check. */
93    dist = distribute_lookup (NULL);
94    if (dist) {
95        if (dist->list[distribute]) {
96            alist = access_list_lookup (AFI_IP6, dist->list[distribute]);
97
98            if (alist) {
99                if (access_list_apply (alist, &p) == FILTER_DENY) {
100                    debugf(BABEL_DEBUG_FILTER, "%s/%d filtered by distribute in",
101                                p.family == AF_INET ?
102                                inet_ntoa(p.u.prefix4) :
103                                inet6_ntoa (p.u.prefix6),
104                                p.prefixlen);
105                    return INFINITY;
106		}
107	    }
108	}
109        if (dist->prefix[distribute]) {
110            plist = prefix_list_lookup (AFI_IP6, dist->prefix[distribute]);
111            if (plist) {
112                if (prefix_list_apply (plist, &p) == PREFIX_DENY) {
113                    debugf(BABEL_DEBUG_FILTER, "%s/%d filtered by distribute in",
114                                p.family == AF_INET ?
115                                inet_ntoa(p.u.prefix4) :
116                                inet6_ntoa (p.u.prefix6),
117                                p.prefixlen);
118                    return INFINITY;
119		}
120	    }
121	}
122    }
123    return 0;
124}
125