ped_policy_table.c File Reference

helper to keep track of managed interfaces (policy table) More...

#include <sync/common.h>
#include <hashtable.h>
#include <hashtable_itr.h>
#include "ped_policy_table.h"
#include "ped_filter.h"
#include "ped_ssd.h"

Go to the source code of this file.

Data Structures

struct  key_s

Typedefs

typedef key_s hash_key_t

Functions

static DEFINE_HASHTABLE_INSERT (ht_insert, hash_key_t, policy_table_entry_t)
static DEFINE_HASHTABLE_SEARCH (ht_get, hash_key_t, policy_table_entry_t)
static DEFINE_HASHTABLE_REMOVE (ht_remove, hash_key_t, policy_table_entry_t)
static unsigned int hashFromKey (void *ky)
static int equalKeys (void *k1, void *k2)
static boolean equalRoutes (policy_route_msg_t *r1, policy_route_msg_t *r2)
static policy_table_entry_tget_or_create_policy (char *ifname, uint8_t af)
static boolean mark_route (policy_route_msg_t *route, policy_route_status_e status)
static void ssd_request_status (ssd_reply_e reply, void *user_data)
static boolean add_route (policy_route_msg_t *route_data)
static void remove_route (ped_policy_route_t *route)
void policy_table_add_filter (policy_filter_msg_t *filter_data)
void policy_table_add_route (policy_route_msg_t *route_data)
void policy_table_clear_policy (char *ifname, uint8_t af)
void policy_table_delete_policy (char *ifname, uint8_t af, boolean interface_exists)
boolean policy_table_unverify_all (void)
void policy_table_clean (void)
void init_table (void)
void destroy_table (void)
int policy_table_entry_count (void)
void policy_table_iterator_reset (void)
policy_table_entry_tpolicy_table_next (void)

Variables

static struct hashtable * if_table = NULL
static struct hashtable_itr * itr = NULL
static boolean itr_broken = TRUE
static uint32_t changes_pending = 0
static boolean clean_table = FALSE


Detailed Description

helper to keep track of managed interfaces (policy table)

We introduce functions to wrap-up and hide the hashtable implementation of the table storing all managed interfaces. With each interface and family pair are associated a policy. A policy consists of an input and an output filter that we (ped) apply on the interface/family (iff).

Definition in file ped_policy_table.c.


Typedef Documentation

typedef struct key_s hash_key_t

The key for the hashtable


Function Documentation

static boolean add_route ( policy_route_msg_t route_data  )  [static]

Add or change a route through our SSD module

Parameters:
[in] route_data The pointer to route data
Returns:
TRUE if route could be added and confirmation will be received upon a respose from SSD; FALSE if the SSD module would bto accept the route- add request

Definition at line 393 of file ped_policy_table.c.

References ssd_client_add_route_request(), and ssd_request_status().

Referenced by policy_table_add_route().

static DEFINE_HASHTABLE_INSERT ( ht_insert  ,
hash_key_t  ,
policy_table_entry_t   
) [static]

We use ht_insert to insert a (key,value) safely into the hashtable

static DEFINE_HASHTABLE_REMOVE ( ht_remove  ,
hash_key_t  ,
policy_table_entry_t   
) [static]

We use ht_remove to remove a (key,value) safely from the hashtable

static DEFINE_HASHTABLE_SEARCH ( ht_get  ,
hash_key_t  ,
policy_table_entry_t   
) [static]

We use ht_get to get a (key,value) safely from the hashtable

void destroy_table ( void   ) 

Destroy the table. It should be empty or this will cause a memory leak.

Definition at line 934 of file ped_policy_table.c.

References if_table.

Referenced by init_table().

static int equalKeys ( void *  k1,
void *  k2 
) [static]

Compare two keys:

Parameters:
[in] k1 First key
[in] k2 Second key
Returns:
1 is keys are equal, 0 otherwise

Definition at line 135 of file ped_policy_table.c.

Referenced by init_table().

static boolean equalRoutes ( policy_route_msg_t r1,
policy_route_msg_t r2 
) [static]

Compare two routes:

Parameters:
[in] r1 First route
[in] r2 Second route
Returns:
TRUE if routes are equal, FALSE otherwise

Definition at line 157 of file ped_policy_table.c.

References policy_route_msg_s::preferences, and policy_route_msg_s::route_addr.

Referenced by mark_route(), and policy_table_add_route().

static policy_table_entry_t* get_or_create_policy ( char *  ifname,
uint8_t  af 
) [static]

Get or create the policy in the table

Parameters:
[in] ifname Interface name
[in] af Address family
Returns:
the entry in the table

Definition at line 176 of file ped_policy_table.c.

References policy_table_entry_s::af, key_s::af, if_table, policy_table_entry_s::ifname, and key_s::ifname.

Referenced by policy_table_add_filter(), policy_table_add_route(), and policy_table_clear_policy().

static unsigned int hashFromKey ( void *  ky  )  [static]

Returns the hash value of a key:

Parameters:
[in] ky The key to be typecasted to (hash_key_t *)
Returns:
a hash of the key (key's contents)

Definition at line 105 of file ped_policy_table.c.

References key_s::af, and key_s::ifname.

Referenced by init_table().

void init_table ( void   ) 

Initializes the table for first use.

Definition at line 917 of file ped_policy_table.c.

References destroy_table(), equalKeys(), hashFromKey(), and if_table.

Referenced by ped_init().

static boolean mark_route ( policy_route_msg_t route,
policy_route_status_e  status 
) [static]

Change the status of a route. If status is becoming failed, then we will also break the policy (set broken to true).

Parameters:
[in] route Route data containing ifname and family as well
[in] status New status
Returns:
TRUE if successfully changed; otherwise FALSE (policy or route not found)

Definition at line 219 of file ped_policy_table.c.

References policy_route_msg_s::af, key_s::af, policy_table_entry_s::broken, changes_pending, clean_table, equalRoutes(), if_table, key_s::ifname, policy_route_msg_s::ifname, MAX_IF_NAME_LEN, ped_policy_route_s::next, policy_table_entry_s::route, ped_policy_route_s::route_data, ROUTE_FAILED, ROUTE_PENDING, and ped_policy_route_s::status.

Referenced by ssd_request_status().

void policy_table_add_filter ( policy_filter_msg_t filter_data  ) 

Adds a filter with the given interface name and address family to the table. Only adds it if it does not yet exist in the table.

Parameters:
[in] filter_data Filter part of policy, containing interface name and address family

Definition at line 463 of file ped_policy_table.c.

References policy_filter_msg_s::af, apply_filters_to_interface(), apply_pfd_filter_to_interface(), policy_table_entry_s::broken, clean_table, policy_table_entry_s::filter, FILTER_ADDED, ped_policy_filter_s::filter_data, FILTER_FAILED, FILTER_PENDING, get_or_create_policy(), if_table, policy_filter_msg_s::ifname, policy_table_entry_s::ifname, MAX_IF_NAME_LEN, policy_table_entry_s::pfd_filter, and ped_policy_filter_s::status.

Referenced by psd_ipc_read().

void policy_table_add_route ( policy_route_msg_t route_data  ) 

Adds a route with the given interface name and address family to the table. Only adds it if it does not yet exist in the table.

Parameters:
[in] route_data Route data

Definition at line 520 of file ped_policy_table.c.

References add_route(), policy_route_msg_s::af, apply_pfd_filter_to_interface(), policy_table_entry_s::broken, changes_pending, clean_table, equalRoutes(), get_or_create_policy(), if_table, policy_route_msg_s::ifname, policy_table_entry_s::ifname, MAX_IF_NAME_LEN, ped_policy_route_s::next, policy_table_entry_s::pfd_filter, policy_table_entry_s::route, ped_policy_route_s::route_data, ROUTE_FAILED, ROUTE_PENDING, and ped_policy_route_s::status.

Referenced by psd_ipc_read().

void policy_table_clean ( void   ) 

Clean policy table, remove all UNVERIFIED filters and routes. Anything left in the UNVERIFIED state (status) will be deleted.

Definition at line 772 of file ped_policy_table.c.

References apply_pfd_filter_to_interface(), policy_table_entry_s::broken, changes_pending, clean_table, policy_table_entry_s::filter, FILTER_UNVERIFIED, get_ssd_idle(), get_ssd_ready(), if_table, policy_table_entry_s::ifname, ped_policy_route_s::next, policy_table_entry_s::pfd_filter, remove_filters_from_interface(), remove_pfd_filter_from_interface(), remove_route(), policy_table_entry_s::route, ROUTE_FAILED, ROUTE_PENDING, ROUTE_UNVERIFIED, ped_policy_route_s::status, and ped_policy_filter_s::status.

Referenced by psd_ipc_read().

void policy_table_clear_policy ( char *  ifname,
uint8_t  af 
)

Clear everything except for the pfd_filter (no PSD policy for interface). The policy will have no routes or filters afterward. If the policy does not exist it will be created.

Parameters:
[in] ifname The interface name of the policy
[in] af The address family for the interface name of the policy

Definition at line 597 of file ped_policy_table.c.

References policy_table_entry_s::broken, changes_pending, policy_table_entry_s::filter, get_or_create_policy(), if_table, MAX_IF_NAME_LEN, ped_policy_route_s::next, remove_filters_from_interface(), remove_route(), policy_table_entry_s::route, ROUTE_PENDING, and ped_policy_route_s::status.

Referenced by psd_ipc_read().

void policy_table_delete_policy ( char *  ifname,
uint8_t  af,
boolean  interface_exists 
)

Removes an interface with the given name from the table

Parameters:
[in] ifname Interface name
[in] af Address family
[in] interface_exists TRUE if the interface still exists (we need to remvoe filters from it); FALSE if it was deleted so we don't need to worry about deleting filters

Definition at line 657 of file ped_policy_table.c.

References key_s::af, changes_pending, policy_table_entry_s::filter, if_table, key_s::ifname, policy_table_entry_s::ifname, MAX_IF_NAME_LEN, ped_policy_route_s::next, policy_table_entry_s::pfd_filter, remove_filters_from_interface(), remove_pfd_filter_from_interface(), remove_route(), policy_table_entry_s::route, ROUTE_FAILED, ROUTE_PENDING, and ped_policy_route_s::status.

Referenced by update_interface().

int policy_table_entry_count ( void   ) 

Get the number of entries in the table of managed interfaces.

Returns:
The number of entries in the table

Definition at line 949 of file ped_policy_table.c.

References if_table.

Referenced by handler_if_count(), and show_managed().

void policy_table_iterator_reset ( void   ) 

Reset the iterator. This should always be called before using policy_table_next() to start iterating over entries.

Definition at line 961 of file ped_policy_table.c.

References itr_broken.

Referenced by show_managed(), and table_get_first_data_point().

policy_table_entry_t* policy_table_next ( void   ) 

Use this function iterator-style to go through the entries in the table of managed interfaces. You should call policy_table_iterator_reset before iterating over entries with this function.

Returns:
Pointer to policy table entry if successful, otherwise NULL.

Definition at line 978 of file ped_policy_table.c.

References if_table, itr, and itr_broken.

Referenced by show_managed(), and table_get_next_data_point().

boolean policy_table_unverify_all ( void   ) 

Mark all policies in the table UNVERIFIED. Since we can't delete routes or filters, all that are left unverified (i.e. they don't get added again) when calling policy_table_clean() get removed.

Returns:
TRUE upon success; FALSE if aborted because there's still changes pending in which case all route statuses stay the same

Definition at line 720 of file ped_policy_table.c.

References policy_table_entry_s::broken, changes_pending, clean_table, policy_table_entry_s::filter, FILTER_UNVERIFIED, if_table, ped_policy_route_s::next, policy_table_entry_s::route, ROUTE_PENDING, ROUTE_UNVERIFIED, ped_policy_filter_s::status, and ped_policy_route_s::status.

Referenced by psd_ipc_read().

static void remove_route ( ped_policy_route_t route  )  [static]

Remove a route through our SSD module. If we can't request confirmation, we log a warning message and attempt removal without a callback for confirmation

Parameters:
[in] route The pointer to route in the table

Definition at line 424 of file ped_policy_table.c.

References ped_policy_route_s::route_data, ssd_client_del_route_request(), and ssd_request_status().

Referenced by policy_table_clean(), policy_table_clear_policy(), and policy_table_delete_policy().

static void ssd_request_status ( ssd_reply_e  reply,
void *  user_data 
) [static]

Callback when making a request of our SSD module. If the request was accepted, then this function will be called when the request status has changed. In other words, a request to add or delete a route has succeeded or failed.

Parameters:
[in] reply the status of the request
[in] user_data user_data passed to ssd_client_add/delete_route_request that's getting passed back here. This is a (policy_route_msg_t *) that we need to free. (Will be NULL when associated policy was broken).

Definition at line 277 of file ped_policy_table.c.

References ADD_FAILED, ADD_SUCCESS, clean_table, DELETE_FAILED, DELETE_SUCCESS, mark_route(), ROUTE_ADDED, policy_route_msg_s::route_addr, ROUTE_FAILED, and ssd_client_del_route_request().

Referenced by add_route(), and remove_route().


Variable Documentation

uint32_t changes_pending = 0 [static]

How many changes are pending within the table (for now, just routes)

Definition at line 57 of file ped_policy_table.c.

Referenced by mark_route(), policy_table_add_route(), policy_table_clean(), policy_table_clear_policy(), policy_table_delete_policy(), and policy_table_unverify_all().

boolean clean_table = FALSE [static]

Cleaning of the table is necessary

Definition at line 62 of file ped_policy_table.c.

Referenced by mark_route(), policy_table_add_filter(), policy_table_add_route(), policy_table_clean(), policy_table_unverify_all(), and ssd_request_status().

struct hashtable* if_table = NULL [static]

Table contains policy information with managed interfaces

Definition at line 40 of file ped_policy_table.c.

Referenced by destroy_table(), get_or_create_policy(), init_table(), mark_route(), policy_table_add_filter(), policy_table_add_route(), policy_table_clean(), policy_table_clear_policy(), policy_table_delete_policy(), policy_table_entry_count(), policy_table_next(), and policy_table_unverify_all().

struct hashtable_itr* itr = NULL [static]

Iterator over table for public use

Definition at line 46 of file ped_policy_table.c.

Referenced by policy_table_next().

boolean itr_broken = TRUE [static]

Is the iterator broken, or in others words, need re-initializing

Definition at line 52 of file ped_policy_table.c.

Referenced by policy_table_iterator_reset(), and policy_table_next().


2007-2009 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Generated on Sun May 30 20:27:06 2010 for SDK Your Net Corporation Policy Manager Example: Policy Enforcement Daemon 1.0 by Doxygen 1.5.1