ipoe: restored local-net function

local-net is used to filter incomming packets which may start UP session

3 files changed, 156 insertions, 0 deletions

diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c
index 63df0660..49e32a7e 100644
--- a/accel-pppd/ctrl/ipoe/ipoe.c
+++ b/accel-pppd/ctrl/ipoe/ipoe.c
@@ -89,6 +89,13 @@ struct request_item {
 	int cnt;
 };
 
+struct local_net {
+	struct list_head entry;
+	in_addr_t addr;
+	int mask;
+	int active;
+};
+
 enum {SID_MAC, SID_IP};
 
 static int conf_dhcpv4 = 1;
@@ -171,6 +178,8 @@ static LIST_HEAD(uc_list);
 static int uc_size;
 static mempool_t uc_pool;
 
+static LIST_HEAD(local_nets);
+
 static pthread_rwlock_t l4_list_lock = PTHREAD_RWLOCK_INITIALIZER;
 static LIST_HEAD(l4_redirect_list);
 static struct triton_timer_t l4_redirect_timer;
@@ -3019,6 +3028,79 @@ static void load_vlan_mon(struct conf_sect_t *sect)
 	}
 }
 
+static void parse_local_net(const char *opt)
+{
+	const char *ptr;
+	char str[17];
+	in_addr_t addr;
+	int mask;
+	char *endptr;
+	struct local_net *n;
+
+	ptr = strchr(opt, '/');
+	if (ptr) {
+		memcpy(str, opt, ptr - opt);
+		str[ptr - opt] = 0;
+		addr = inet_addr(str);
+		if (addr == INADDR_NONE)
+			goto out_err;
+		mask = strtoul(ptr + 1, &endptr, 10);
+		if (mask > 32)
+			goto out_err;
+	} else {
+		addr = inet_addr(opt);
+		if (addr == INADDR_NONE)
+			goto out_err;
+		mask = 24;
+	}
+
+	list_for_each_entry(n, &local_nets, entry) {
+		if (n->addr == addr && n->mask == mask) {
+			n->active = 1;
+			return;
+		}
+	}
+
+	n = _malloc(sizeof(*n));
+	n->addr = addr;
+	n->mask = mask;
+	n->active = 1;
+	list_add_tail(&n->entry, &local_nets);
+
+	ipoe_nl_add_net(addr, mask);
+
+	return;
+
+out_err:
+	log_error("ipoe: failed to parse 'local-net=%s'\n", opt);
+}
+
+static void load_local_nets(struct conf_sect_t *sect)
+{
+	struct conf_option_t *opt;
+	struct local_net *n;
+	struct list_head *pos, *t;
+
+	list_for_each_entry(n, &local_nets, entry)
+		n->active = 0;
+
+	list_for_each_entry(opt, &sect->items, entry) {
+		if (strcmp(opt->name, "local-net"))
+			continue;
+		if (!opt->val)
+			continue;
+		parse_local_net(opt->val);
+	}
+
+	list_for_each_safe(pos, t, &local_nets) {
+		n = list_entry(pos, typeof(*n), entry);
+		if (!n->active) {
+			ipoe_nl_del_net(n->addr);
+			list_del(&n->entry);
+			_free(n);
+		}
+	}
+}
 
 static void load_config(void)
 {
@@ -3280,6 +3362,7 @@ static void load_config(void)
 	load_interfaces(s);
 	load_vlan_mon(s);
 	load_gw_addr(s);
+	load_local_nets(s);
 }
 
 static struct triton_context_t l4_redirect_ctx = {
diff --git a/accel-pppd/ctrl/ipoe/ipoe.h b/accel-pppd/ctrl/ipoe/ipoe.h
index 5561646d..825ffcaa 100644
--- a/accel-pppd/ctrl/ipoe/ipoe.h
+++ b/accel-pppd/ctrl/ipoe/ipoe.h
@@ -128,6 +128,8 @@ int ipoe_nl_modify(int ifindex, uint32_t peer_addr, uint32_t addr, uint32_t gw,
 void ipoe_nl_get_sessions(struct list_head *list);
 int ipoe_nl_add_exclude(uint32_t addr, int mask);
 void ipoe_nl_del_exclude(uint32_t addr);
+int ipoe_nl_add_net(uint32_t addr, int mask);
+void ipoe_nl_del_net(uint32_t addr);
 
 void *arpd_start(struct ipoe_serv *ipoe);
 void arpd_stop(void *arp);
diff --git a/accel-pppd/ctrl/ipoe/ipoe_netlink.c b/accel-pppd/ctrl/ipoe/ipoe_netlink.c
index 7e61fb84..9372a94c 100644
--- a/accel-pppd/ctrl/ipoe/ipoe_netlink.c
+++ b/accel-pppd/ctrl/ipoe/ipoe_netlink.c
@@ -98,6 +98,76 @@ void ipoe_nl_del_exclude(uint32_t addr)
 	rtnl_close(&rth);
 }
 
+int ipoe_nl_add_net(uint32_t addr, int mask)
+{
+	struct rtnl_handle rth;
+	struct nlmsghdr *nlh;
+	struct genlmsghdr *ghdr;
+	struct {
+		struct nlmsghdr n;
+		char buf[1024];
+	} req;
+	int ret = 0;
+
+	if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC)) {
+		log_ppp_error("ipoe: cannot open generic netlink socket\n");
+		return -1;
+	}
+
+	nlh = &req.n;
+	nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN);
+	nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+	nlh->nlmsg_type = ipoe_genl_id;
+
+	ghdr = NLMSG_DATA(&req.n);
+	ghdr->cmd = IPOE_CMD_ADD_NET;
+
+	mask = mask ? ~0 << (32 - mask) : 0;
+
+	addattr32(nlh, 1024, IPOE_ATTR_ADDR, addr);
+	addattr32(nlh, 1024, IPOE_ATTR_MASK, mask);
+
+	if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 ) {
+		log_ppp_error("ipoe: nl_add_net: error talking to kernel\n");
+		ret = -1;
+	}
+
+	rtnl_close(&rth);
+
+	return ret;
+}
+
+void ipoe_nl_del_net(uint32_t addr)
+{
+	struct rtnl_handle rth;
+	struct nlmsghdr *nlh;
+	struct genlmsghdr *ghdr;
+	struct {
+		struct nlmsghdr n;
+		char buf[1024];
+	} req;
+
+	if (rtnl_open_byproto(&rth, 0, NETLINK_GENERIC)) {
+		log_ppp_error("ipoe: cannot open generic netlink socket\n");
+		return;
+	}
+
+	nlh = &req.n;
+	nlh->nlmsg_len = NLMSG_LENGTH(GENL_HDRLEN);
+	nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+	nlh->nlmsg_type = ipoe_genl_id;
+
+	ghdr = NLMSG_DATA(&req.n);
+	ghdr->cmd = IPOE_CMD_DEL_NET;
+
+	addattr32(nlh, 1024, IPOE_ATTR_ADDR, addr);
+
+	if (rtnl_talk(&rth, nlh, 0, 0, nlh, NULL, NULL, 0) < 0 )
+		log_ppp_error("ipoe: nl_del_net: error talking to kernel\n");
+
+	rtnl_close(&rth);
+}
+
 void ipoe_nl_add_interface(int ifindex, uint8_t mode)
 {
 	struct rtnl_handle rth;
@@ -544,6 +614,7 @@ static void init(void)
 	triton_context_wakeup(&mc_ctx);
 
 	ipoe_nl_del_exclude(0);
+	ipoe_nl_del_net(0);
 	ipoe_nl_delete_interfaces();
 }