]>
Commit | Line | Data |
---|---|---|
aba5acdf SH |
1 | /* |
2 | * iprule.c "ip rule". | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or | |
5 | * modify it under the terms of the GNU General Public License | |
6 | * as published by the Free Software Foundation; either version | |
7 | * 2 of the License, or (at your option) any later version. | |
8 | * | |
9 | * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> | |
10 | * | |
aba5acdf SH |
11 | */ |
12 | ||
13 | #include <stdio.h> | |
14 | #include <stdlib.h> | |
15 | #include <unistd.h> | |
aba5acdf SH |
16 | #include <fcntl.h> |
17 | #include <sys/socket.h> | |
18 | #include <netinet/in.h> | |
19 | #include <netinet/ip.h> | |
20 | #include <arpa/inet.h> | |
21 | #include <string.h> | |
ca89c521 | 22 | #include <linux/if.h> |
3123a0cc | 23 | #include <linux/fib_rules.h> |
2f4e171f | 24 | #include <errno.h> |
aba5acdf SH |
25 | |
26 | #include "rt_names.h" | |
27 | #include "utils.h" | |
34e95647 | 28 | #include "ip_common.h" |
0dd4ccc5 | 29 | #include "json_print.h" |
aba5acdf | 30 | |
cb294a1d HL |
31 | enum list_action { |
32 | IPRULE_LIST, | |
33 | IPRULE_FLUSH, | |
34 | IPRULE_SAVE, | |
35 | }; | |
36 | ||
351efcde SH |
37 | extern struct rtnl_handle rth; |
38 | ||
aba5acdf SH |
39 | static void usage(void) __attribute__((noreturn)); |
40 | ||
41 | static void usage(void) | |
42 | { | |
e147161b SH |
43 | fprintf(stderr, |
44 | "Usage: ip rule { add | del } SELECTOR ACTION\n" | |
45 | " ip rule { flush | save | restore }\n" | |
46 | " ip rule [ list [ SELECTOR ]]\n" | |
47 | "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n" | |
48 | " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n" | |
82252cdc | 49 | " [ uidrange NUMBER-NUMBER ]\n" |
f686f764 RP |
50 | " [ ipproto PROTOCOL ]\n" |
51 | " [ sport [ NUMBER | NUMBER-NUMBER ]\n" | |
52 | " [ dport [ NUMBER | NUMBER-NUMBER ] ]\n" | |
e147161b | 53 | "ACTION := [ table TABLE_ID ]\n" |
7c083da7 | 54 | " [ protocol PROTO ]\n" |
e147161b SH |
55 | " [ nat ADDRESS ]\n" |
56 | " [ realms [SRCREALM/]DSTREALM ]\n" | |
57 | " [ goto NUMBER ]\n" | |
58 | " SUPPRESSOR\n" | |
59 | "SUPPRESSOR := [ suppress_prefixlength NUMBER ]\n" | |
60 | " [ suppress_ifgroup DEVGROUP ]\n" | |
61 | "TABLE_ID := [ local | main | default | NUMBER ]\n"); | |
aba5acdf SH |
62 | exit(-1); |
63 | } | |
64 | ||
ca89c521 HL |
65 | static struct |
66 | { | |
67 | int not; | |
68 | int l3mdev; | |
82252cdc | 69 | int iifmask, oifmask, uidrange; |
ca89c521 HL |
70 | unsigned int tb; |
71 | unsigned int tos, tosmask; | |
72 | unsigned int pref, prefmask; | |
73 | unsigned int fwmark, fwmask; | |
74 | char iif[IFNAMSIZ]; | |
75 | char oif[IFNAMSIZ]; | |
82252cdc | 76 | struct fib_rule_uid_range range; |
ca89c521 HL |
77 | inet_prefix src; |
78 | inet_prefix dst; | |
7c083da7 DS |
79 | int protocol; |
80 | int protocolmask; | |
b2e8bf15 DA |
81 | struct fib_rule_port_range sport; |
82 | struct fib_rule_port_range dport; | |
83 | __u8 ipproto; | |
ca89c521 HL |
84 | } filter; |
85 | ||
5baaf07c DS |
86 | static inline int frh_get_table(struct fib_rule_hdr *frh, struct rtattr **tb) |
87 | { | |
88 | __u32 table = frh->table; | |
89 | if (tb[RTA_TABLE]) | |
90 | table = rta_getattr_u32(tb[RTA_TABLE]); | |
91 | return table; | |
92 | } | |
93 | ||
ca89c521 HL |
94 | static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len) |
95 | { | |
5baaf07c | 96 | struct fib_rule_hdr *frh = NLMSG_DATA(n); |
ca89c521 HL |
97 | __u32 table; |
98 | ||
5baaf07c | 99 | if (preferred_family != AF_UNSPEC && frh->family != preferred_family) |
ca89c521 HL |
100 | return false; |
101 | ||
102 | if (filter.prefmask && | |
103 | filter.pref ^ (tb[FRA_PRIORITY] ? rta_getattr_u32(tb[FRA_PRIORITY]) : 0)) | |
104 | return false; | |
5baaf07c | 105 | if (filter.not && !(frh->flags & FIB_RULE_INVERT)) |
ca89c521 HL |
106 | return false; |
107 | ||
108 | if (filter.src.family) { | |
746035b4 SP |
109 | inet_prefix *f_src = &filter.src; |
110 | ||
5baaf07c DS |
111 | if (f_src->family != frh->family || |
112 | f_src->bitlen > frh->src_len) | |
746035b4 SP |
113 | return false; |
114 | ||
115 | if (inet_addr_match_rta(f_src, tb[FRA_SRC])) | |
ca89c521 HL |
116 | return false; |
117 | } | |
118 | ||
119 | if (filter.dst.family) { | |
746035b4 SP |
120 | inet_prefix *f_dst = &filter.dst; |
121 | ||
5baaf07c DS |
122 | if (f_dst->family != frh->family || |
123 | f_dst->bitlen > frh->dst_len) | |
746035b4 SP |
124 | return false; |
125 | ||
126 | if (inet_addr_match_rta(f_dst, tb[FRA_DST])) | |
ca89c521 HL |
127 | return false; |
128 | } | |
129 | ||
5baaf07c | 130 | if (filter.tosmask && filter.tos ^ frh->tos) |
ca89c521 HL |
131 | return false; |
132 | ||
133 | if (filter.fwmark) { | |
134 | __u32 mark = 0; | |
e147161b | 135 | |
ca89c521 HL |
136 | if (tb[FRA_FWMARK]) |
137 | mark = rta_getattr_u32(tb[FRA_FWMARK]); | |
138 | if (filter.fwmark ^ mark) | |
139 | return false; | |
140 | } | |
141 | if (filter.fwmask) { | |
142 | __u32 mask = 0; | |
e147161b | 143 | |
ca89c521 HL |
144 | if (tb[FRA_FWMASK]) |
145 | mask = rta_getattr_u32(tb[FRA_FWMASK]); | |
146 | if (filter.fwmask ^ mask) | |
147 | return false; | |
148 | } | |
149 | ||
150 | if (filter.iifmask) { | |
151 | if (tb[FRA_IFNAME]) { | |
152 | if (strcmp(filter.iif, rta_getattr_str(tb[FRA_IFNAME])) != 0) | |
153 | return false; | |
154 | } else { | |
155 | return false; | |
156 | } | |
157 | } | |
158 | ||
159 | if (filter.oifmask) { | |
160 | if (tb[FRA_OIFNAME]) { | |
161 | if (strcmp(filter.oif, rta_getattr_str(tb[FRA_OIFNAME])) != 0) | |
162 | return false; | |
163 | } else { | |
164 | return false; | |
165 | } | |
166 | } | |
167 | ||
168 | if (filter.l3mdev && !(tb[FRA_L3MDEV] && rta_getattr_u8(tb[FRA_L3MDEV]))) | |
169 | return false; | |
170 | ||
82252cdc LC |
171 | if (filter.uidrange) { |
172 | struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]); | |
173 | ||
174 | if (!tb[FRA_UID_RANGE] || | |
175 | r->start != filter.range.start || | |
176 | r->end != filter.range.end) | |
177 | return false; | |
178 | } | |
179 | ||
b2e8bf15 DA |
180 | if (filter.ipproto) { |
181 | __u8 ipproto = 0; | |
182 | ||
183 | if (tb[FRA_IP_PROTO]) | |
184 | ipproto = rta_getattr_u8(tb[FRA_IP_PROTO]); | |
185 | if (filter.ipproto != ipproto) | |
186 | return false; | |
187 | } | |
188 | ||
189 | if (filter.sport.start) { | |
190 | const struct fib_rule_port_range *r; | |
191 | ||
192 | if (!tb[FRA_SPORT_RANGE]) | |
193 | return false; | |
194 | ||
195 | r = RTA_DATA(tb[FRA_SPORT_RANGE]); | |
196 | if (r->start != filter.sport.start || | |
197 | r->end != filter.sport.end) | |
198 | return false; | |
199 | } | |
200 | ||
201 | if (filter.dport.start) { | |
202 | const struct fib_rule_port_range *r; | |
203 | ||
204 | if (!tb[FRA_DPORT_RANGE]) | |
205 | return false; | |
206 | ||
207 | r = RTA_DATA(tb[FRA_DPORT_RANGE]); | |
208 | if (r->start != filter.dport.start || | |
209 | r->end != filter.dport.end) | |
210 | return false; | |
211 | } | |
212 | ||
5baaf07c | 213 | table = frh_get_table(frh, tb); |
ca89c521 HL |
214 | if (filter.tb > 0 && filter.tb ^ table) |
215 | return false; | |
216 | ||
217 | return true; | |
218 | } | |
219 | ||
cd554f2c | 220 | int print_rule(struct nlmsghdr *n, void *arg) |
aba5acdf | 221 | { |
0dd4ccc5 | 222 | FILE *fp = arg; |
5baaf07c | 223 | struct fib_rule_hdr *frh = NLMSG_DATA(n); |
aba5acdf SH |
224 | int len = n->nlmsg_len; |
225 | int host_len = -1; | |
0dd4ccc5 | 226 | __u32 table, prio = 0; |
56f5daac | 227 | struct rtattr *tb[FRA_MAX+1]; |
aba5acdf SH |
228 | SPRINT_BUF(b1); |
229 | ||
98bde989 | 230 | if (n->nlmsg_type != RTM_NEWRULE && n->nlmsg_type != RTM_DELRULE) |
aba5acdf SH |
231 | return 0; |
232 | ||
5baaf07c | 233 | len -= NLMSG_LENGTH(sizeof(*frh)); |
aba5acdf SH |
234 | if (len < 0) |
235 | return -1; | |
236 | ||
5baaf07c | 237 | parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len); |
aba5acdf | 238 | |
5baaf07c | 239 | host_len = af_bit_len(frh->family); |
aba5acdf | 240 | |
e147161b | 241 | if (!filter_nlmsg(n, tb, host_len)) |
ca89c521 HL |
242 | return 0; |
243 | ||
0dd4ccc5 | 244 | open_json_object(NULL); |
98bde989 | 245 | if (n->nlmsg_type == RTM_DELRULE) |
0dd4ccc5 | 246 | print_bool(PRINT_ANY, "deleted", "Deleted ", true); |
98bde989 | 247 | |
ad1a12db | 248 | if (tb[FRA_PRIORITY]) |
0dd4ccc5 SH |
249 | prio = rta_getattr_u32(tb[FRA_PRIORITY]); |
250 | ||
251 | print_uint(PRINT_ANY, "priority", "%u:\t", prio); | |
aba5acdf | 252 | |
5baaf07c | 253 | if (frh->flags & FIB_RULE_INVERT) |
0dd4ccc5 | 254 | print_null(PRINT_ANY, "not", "not ", NULL); |
3123a0cc | 255 | |
ad1a12db | 256 | if (tb[FRA_SRC]) { |
0dd4ccc5 SH |
257 | const char *src = rt_addr_n2a_rta(frh->family, tb[FRA_SRC]); |
258 | ||
259 | print_string(PRINT_FP, NULL, "from ", NULL); | |
260 | print_color_string(PRINT_ANY, ifa_family_color(frh->family), | |
261 | "src", "%s", src); | |
262 | if (frh->src_len != host_len) | |
263 | print_uint(PRINT_ANY, "srclen", "/%u ", frh->src_len); | |
264 | else | |
265 | print_string(PRINT_FP, NULL, " ", NULL); | |
5baaf07c | 266 | } else if (frh->src_len) { |
0dd4ccc5 SH |
267 | print_string(PRINT_ANY, "src", "from %s", "0"); |
268 | print_uint(PRINT_ANY, "srclen", "/%u ", frh->src_len); | |
aba5acdf | 269 | } else { |
0dd4ccc5 | 270 | print_string(PRINT_ANY, "src", "from %s ", "all"); |
aba5acdf SH |
271 | } |
272 | ||
ad1a12db | 273 | if (tb[FRA_DST]) { |
0dd4ccc5 SH |
274 | const char *dst = rt_addr_n2a_rta(frh->family, tb[FRA_DST]); |
275 | ||
276 | print_string(PRINT_FP, NULL, "to ", NULL); | |
277 | print_color_string(PRINT_ANY, ifa_family_color(frh->family), | |
1a75322c | 278 | "dst", "%s", dst); |
0dd4ccc5 SH |
279 | if (frh->dst_len != host_len) |
280 | print_uint(PRINT_ANY, "dstlen", "/%u ", frh->dst_len); | |
281 | else | |
282 | print_string(PRINT_FP, NULL, " ", NULL); | |
5baaf07c | 283 | } else if (frh->dst_len) { |
0dd4ccc5 SH |
284 | print_string(PRINT_ANY, "dst", "to %s", "0"); |
285 | print_uint(PRINT_ANY, "dstlen", "/%u ", frh->dst_len); | |
aba5acdf SH |
286 | } |
287 | ||
5baaf07c | 288 | if (frh->tos) { |
0dd4ccc5 SH |
289 | print_string(PRINT_ANY, "tos", |
290 | "tos %s ", | |
291 | rtnl_dsfield_n2a(frh->tos, b1, sizeof(b1))); | |
aba5acdf | 292 | } |
ad1a12db | 293 | |
4806867a | 294 | if (tb[FRA_FWMARK] || tb[FRA_FWMASK]) { |
be7f286e PM |
295 | __u32 mark = 0, mask = 0; |
296 | ||
ad1a12db | 297 | if (tb[FRA_FWMARK]) |
ff24746c | 298 | mark = rta_getattr_u32(tb[FRA_FWMARK]); |
be7f286e | 299 | |
ad1a12db | 300 | if (tb[FRA_FWMASK] && |
0dd4ccc5 | 301 | (mask = rta_getattr_u32(tb[FRA_FWMASK])) != 0xFFFFFFFF) { |
90c5c969 SH |
302 | print_0xhex(PRINT_ANY, "fwmark", "fwmark %#llx", mark); |
303 | print_0xhex(PRINT_ANY, "fwmask", "/%#llx ", mask); | |
0dd4ccc5 | 304 | } else { |
90c5c969 | 305 | print_0xhex(PRINT_ANY, "fwmark", "fwmark %#llx ", mark); |
0dd4ccc5 | 306 | } |
aba5acdf SH |
307 | } |
308 | ||
ad1a12db | 309 | if (tb[FRA_IFNAME]) { |
0dd4ccc5 SH |
310 | if (!is_json_context()) |
311 | fprintf(fp, "iif "); | |
312 | print_color_string(PRINT_ANY, COLOR_IFNAME, | |
313 | "iif", "%s ", | |
314 | rta_getattr_str(tb[FRA_IFNAME])); | |
315 | ||
5baaf07c | 316 | if (frh->flags & FIB_RULE_IIF_DETACHED) |
0dd4ccc5 SH |
317 | print_null(PRINT_ANY, "iif_detached", "[detached] ", |
318 | NULL); | |
85eae222 PM |
319 | } |
320 | ||
321 | if (tb[FRA_OIFNAME]) { | |
0dd4ccc5 SH |
322 | if (!is_json_context()) |
323 | fprintf(fp, "oif "); | |
324 | ||
325 | print_color_string(PRINT_ANY, COLOR_IFNAME, "oif", "%s ", | |
326 | rta_getattr_str(tb[FRA_OIFNAME])); | |
327 | ||
5baaf07c | 328 | if (frh->flags & FIB_RULE_OIF_DETACHED) |
0dd4ccc5 SH |
329 | print_null(PRINT_ANY, "oif_detached", "[detached] ", |
330 | NULL); | |
aba5acdf SH |
331 | } |
332 | ||
8c92e122 | 333 | if (tb[FRA_L3MDEV]) { |
0dd4ccc5 SH |
334 | __u8 mdev = rta_getattr_u8(tb[FRA_L3MDEV]); |
335 | ||
336 | if (mdev) | |
337 | print_null(PRINT_ANY, "l3mdev", | |
338 | "lookup [l3mdev-table] ", NULL); | |
8c92e122 DA |
339 | } |
340 | ||
82252cdc LC |
341 | if (tb[FRA_UID_RANGE]) { |
342 | struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]); | |
343 | ||
0dd4ccc5 SH |
344 | print_uint(PRINT_ANY, "uid_start", "uidrange %u", r->start); |
345 | print_uint(PRINT_ANY, "uid_end", "-%u ", r->end); | |
82252cdc LC |
346 | } |
347 | ||
f686f764 RP |
348 | if (tb[FRA_IP_PROTO]) { |
349 | SPRINT_BUF(pbuf); | |
350 | print_string(PRINT_ANY, "ipproto", "ipproto %s ", | |
351 | inet_proto_n2a(rta_getattr_u8(tb[FRA_IP_PROTO]), | |
352 | pbuf, sizeof(pbuf))); | |
353 | } | |
354 | ||
355 | if (tb[FRA_SPORT_RANGE]) { | |
356 | struct fib_rule_port_range *r = RTA_DATA(tb[FRA_SPORT_RANGE]); | |
357 | ||
358 | if (r->start == r->end) { | |
359 | print_uint(PRINT_ANY, "sport", "sport %u ", r->start); | |
360 | } else { | |
361 | print_uint(PRINT_ANY, "sport_start", "sport %u", | |
362 | r->start); | |
363 | print_uint(PRINT_ANY, "sport_end", "-%u ", r->end); | |
364 | } | |
365 | } | |
366 | ||
367 | if (tb[FRA_DPORT_RANGE]) { | |
368 | struct fib_rule_port_range *r = RTA_DATA(tb[FRA_DPORT_RANGE]); | |
369 | ||
370 | if (r->start == r->end) { | |
371 | print_uint(PRINT_ANY, "dport", "dport %u ", r->start); | |
372 | } else { | |
373 | print_uint(PRINT_ANY, "dport_start", "dport %u", | |
374 | r->start); | |
375 | print_uint(PRINT_ANY, "dport_end", "-%u ", r->end); | |
376 | } | |
377 | } | |
378 | ||
5baaf07c | 379 | table = frh_get_table(frh, tb); |
b1d0525f | 380 | if (table) { |
0dd4ccc5 SH |
381 | print_string(PRINT_ANY, "table", |
382 | "lookup %s ", | |
383 | rtnl_rttable_n2a(table, b1, sizeof(b1))); | |
aba5acdf | 384 | |
b1d0525f ST |
385 | if (tb[FRA_SUPPRESS_PREFIXLEN]) { |
386 | int pl = rta_getattr_u32(tb[FRA_SUPPRESS_PREFIXLEN]); | |
56f5daac | 387 | |
d831cc7c | 388 | if (pl != -1) |
0dd4ccc5 SH |
389 | print_int(PRINT_ANY, "suppress_prefixlen", |
390 | "suppress_prefixlength %d ", pl); | |
b1d0525f | 391 | } |
0dd4ccc5 | 392 | |
b1d0525f ST |
393 | if (tb[FRA_SUPPRESS_IFGROUP]) { |
394 | int group = rta_getattr_u32(tb[FRA_SUPPRESS_IFGROUP]); | |
56f5daac | 395 | |
b1d0525f | 396 | if (group != -1) { |
0dd4ccc5 SH |
397 | const char *grname |
398 | = rtnl_group_n2a(group, b1, sizeof(b1)); | |
399 | ||
400 | print_string(PRINT_ANY, "suppress_ifgroup", | |
401 | "suppress_ifgroup %s ", grname); | |
b1d0525f ST |
402 | } |
403 | } | |
404 | } | |
405 | ||
ad1a12db | 406 | if (tb[FRA_FLOW]) { |
ff24746c | 407 | __u32 to = rta_getattr_u32(tb[FRA_FLOW]); |
aba5acdf | 408 | __u32 from = to>>16; |
56f5daac | 409 | |
aba5acdf | 410 | to &= 0xFFFF; |
0dd4ccc5 SH |
411 | if (from) |
412 | print_string(PRINT_ANY, | |
413 | "flow_from", "realms %s/", | |
414 | rtnl_rtrealm_n2a(from, b1, sizeof(b1))); | |
415 | ||
416 | print_string(PRINT_ANY, "flow_to", "%s ", | |
417 | rtnl_rtrealm_n2a(to, b1, sizeof(b1))); | |
aba5acdf SH |
418 | } |
419 | ||
5baaf07c | 420 | if (frh->action == RTN_NAT) { |
aba5acdf | 421 | if (tb[RTA_GATEWAY]) { |
0dd4ccc5 SH |
422 | const char *gateway; |
423 | ||
424 | gateway = format_host_rta(frh->family, tb[RTA_GATEWAY]); | |
425 | ||
426 | print_string(PRINT_ANY, "nat_gateway", | |
427 | "map-to %s ", gateway); | |
428 | } else { | |
429 | print_null(PRINT_ANY, "masquerade", "masquerade", NULL); | |
430 | } | |
5baaf07c | 431 | } else if (frh->action == FR_ACT_GOTO) { |
6b469cae | 432 | if (tb[FRA_GOTO]) |
0dd4ccc5 SH |
433 | print_uint(PRINT_ANY, "goto", "goto %u", |
434 | rta_getattr_u32(tb[FRA_GOTO])); | |
6b469cae | 435 | else |
0dd4ccc5 SH |
436 | print_string(PRINT_ANY, "goto", "goto %s", "none"); |
437 | ||
5baaf07c | 438 | if (frh->flags & FIB_RULE_UNRESOLVED) |
0dd4ccc5 SH |
439 | print_null(PRINT_ANY, "unresolved", "unresolved", NULL); |
440 | } else if (frh->action == FR_ACT_NOP) { | |
441 | print_null(PRINT_ANY, "nop", "nop", NULL); | |
442 | } else if (frh->action != FR_ACT_TO_TBL) { | |
443 | print_string(PRINT_ANY, "to_tbl", "%s", | |
444 | rtnl_rtntype_n2a(frh->action, b1, sizeof(b1))); | |
445 | } | |
aba5acdf | 446 | |
7c083da7 DS |
447 | if (tb[FRA_PROTOCOL]) { |
448 | __u8 protocol = rta_getattr_u8(tb[FRA_PROTOCOL]); | |
449 | ||
0dd4ccc5 SH |
450 | if ((protocol && protocol != RTPROT_KERNEL) || show_details > 0) { |
451 | print_string(PRINT_ANY, "protocol", " proto %s ", | |
452 | rtnl_rtprot_n2a(protocol, b1, sizeof(b1))); | |
7c083da7 DS |
453 | } |
454 | } | |
0dd4ccc5 SH |
455 | print_string(PRINT_FP, NULL, "\n", ""); |
456 | close_json_object(); | |
aba5acdf SH |
457 | fflush(fp); |
458 | return 0; | |
459 | } | |
460 | ||
2f4e171f KT |
461 | static __u32 rule_dump_magic = 0x71706986; |
462 | ||
463 | static int save_rule_prep(void) | |
464 | { | |
465 | int ret; | |
466 | ||
467 | if (isatty(STDOUT_FILENO)) { | |
468 | fprintf(stderr, "Not sending a binary stream to stdout\n"); | |
469 | return -1; | |
470 | } | |
471 | ||
472 | ret = write(STDOUT_FILENO, &rule_dump_magic, sizeof(rule_dump_magic)); | |
473 | if (ret != sizeof(rule_dump_magic)) { | |
474 | fprintf(stderr, "Can't write magic to dump file\n"); | |
475 | return -1; | |
476 | } | |
477 | ||
478 | return 0; | |
479 | } | |
480 | ||
cd554f2c | 481 | static int save_rule(struct nlmsghdr *n, void *arg) |
aba5acdf | 482 | { |
2f4e171f KT |
483 | int ret; |
484 | ||
485 | ret = write(STDOUT_FILENO, n, n->nlmsg_len); | |
486 | if ((ret > 0) && (ret != n->nlmsg_len)) { | |
487 | fprintf(stderr, "Short write while saving nlmsg\n"); | |
488 | ret = -EIO; | |
489 | } | |
490 | ||
491 | return ret == n->nlmsg_len ? 0 : ret; | |
492 | } | |
493 | ||
cd554f2c | 494 | static int flush_rule(struct nlmsghdr *n, void *arg) |
cb294a1d HL |
495 | { |
496 | struct rtnl_handle rth2; | |
5baaf07c | 497 | struct fib_rule_hdr *frh = NLMSG_DATA(n); |
cb294a1d HL |
498 | int len = n->nlmsg_len; |
499 | struct rtattr *tb[FRA_MAX+1]; | |
b65b4c08 | 500 | int host_len = -1; |
cb294a1d | 501 | |
5baaf07c | 502 | len -= NLMSG_LENGTH(sizeof(*frh)); |
cb294a1d HL |
503 | if (len < 0) |
504 | return -1; | |
505 | ||
5baaf07c | 506 | parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len); |
cb294a1d | 507 | |
b65b4c08 DA |
508 | host_len = af_bit_len(frh->family); |
509 | if (!filter_nlmsg(n, tb, host_len)) | |
510 | return 0; | |
511 | ||
7c083da7 DS |
512 | if (tb[FRA_PROTOCOL]) { |
513 | __u8 protocol = rta_getattr_u8(tb[FRA_PROTOCOL]); | |
514 | ||
515 | if ((filter.protocol ^ protocol) & filter.protocolmask) | |
516 | return 0; | |
517 | } | |
518 | ||
cb294a1d HL |
519 | if (tb[FRA_PRIORITY]) { |
520 | n->nlmsg_type = RTM_DELRULE; | |
521 | n->nlmsg_flags = NLM_F_REQUEST; | |
522 | ||
523 | if (rtnl_open(&rth2, 0) < 0) | |
524 | return -1; | |
525 | ||
86bf43c7 | 526 | if (rtnl_talk(&rth2, n, NULL) < 0) |
cb294a1d HL |
527 | return -2; |
528 | ||
529 | rtnl_close(&rth2); | |
530 | } | |
531 | ||
532 | return 0; | |
533 | } | |
534 | ||
535 | static int iprule_list_flush_or_save(int argc, char **argv, int action) | |
2f4e171f | 536 | { |
cb294a1d | 537 | rtnl_filter_t filter_fn; |
aba5acdf SH |
538 | int af = preferred_family; |
539 | ||
540 | if (af == AF_UNSPEC) | |
541 | af = AF_INET; | |
542 | ||
7c083da7 DS |
543 | if (action == IPRULE_SAVE && argc > 0) { |
544 | fprintf(stderr, "\"ip rule save\" does not take any arguments.\n"); | |
aba5acdf SH |
545 | return -1; |
546 | } | |
547 | ||
cb294a1d HL |
548 | switch (action) { |
549 | case IPRULE_SAVE: | |
2f4e171f KT |
550 | if (save_rule_prep()) |
551 | return -1; | |
cb294a1d HL |
552 | filter_fn = save_rule; |
553 | break; | |
554 | case IPRULE_FLUSH: | |
555 | filter_fn = flush_rule; | |
556 | break; | |
557 | default: | |
558 | filter_fn = print_rule; | |
2f4e171f KT |
559 | } |
560 | ||
ca89c521 HL |
561 | memset(&filter, 0, sizeof(filter)); |
562 | ||
563 | while (argc > 0) { | |
564 | if (matches(*argv, "preference") == 0 || | |
565 | matches(*argv, "order") == 0 || | |
566 | matches(*argv, "priority") == 0) { | |
567 | __u32 pref; | |
e147161b | 568 | |
ca89c521 HL |
569 | NEXT_ARG(); |
570 | if (get_u32(&pref, *argv, 0)) | |
571 | invarg("preference value is invalid\n", *argv); | |
572 | filter.pref = pref; | |
573 | filter.prefmask = 1; | |
574 | } else if (strcmp(*argv, "not") == 0) { | |
575 | filter.not = 1; | |
576 | } else if (strcmp(*argv, "tos") == 0) { | |
577 | __u32 tos; | |
e147161b | 578 | |
ca89c521 HL |
579 | NEXT_ARG(); |
580 | if (rtnl_dsfield_a2n(&tos, *argv)) | |
581 | invarg("TOS value is invalid\n", *argv); | |
582 | filter.tos = tos; | |
583 | filter.tosmask = 1; | |
584 | } else if (strcmp(*argv, "fwmark") == 0) { | |
585 | char *slash; | |
586 | __u32 fwmark, fwmask; | |
e147161b | 587 | |
ca89c521 HL |
588 | NEXT_ARG(); |
589 | slash = strchr(*argv, '/'); | |
590 | if (slash != NULL) | |
591 | *slash = '\0'; | |
592 | if (get_u32(&fwmark, *argv, 0)) | |
593 | invarg("fwmark value is invalid\n", *argv); | |
594 | filter.fwmark = fwmark; | |
595 | if (slash) { | |
596 | if (get_u32(&fwmask, slash+1, 0)) | |
597 | invarg("fwmask value is invalid\n", | |
598 | slash+1); | |
599 | filter.fwmask = fwmask; | |
600 | } | |
601 | } else if (strcmp(*argv, "dev") == 0 || | |
602 | strcmp(*argv, "iif") == 0) { | |
603 | NEXT_ARG(); | |
625df645 PS |
604 | if (get_ifname(filter.iif, *argv)) |
605 | invarg("\"iif\"/\"dev\" not a valid ifname", *argv); | |
ca89c521 HL |
606 | filter.iifmask = 1; |
607 | } else if (strcmp(*argv, "oif") == 0) { | |
608 | NEXT_ARG(); | |
625df645 PS |
609 | if (get_ifname(filter.oif, *argv)) |
610 | invarg("\"oif\" not a valid ifname", *argv); | |
ca89c521 HL |
611 | filter.oifmask = 1; |
612 | } else if (strcmp(*argv, "l3mdev") == 0) { | |
613 | filter.l3mdev = 1; | |
82252cdc LC |
614 | } else if (strcmp(*argv, "uidrange") == 0) { |
615 | NEXT_ARG(); | |
616 | filter.uidrange = 1; | |
617 | if (sscanf(*argv, "%u-%u", | |
618 | &filter.range.start, | |
619 | &filter.range.end) != 2) | |
620 | invarg("invalid UID range\n", *argv); | |
621 | ||
ca89c521 | 622 | } else if (matches(*argv, "lookup") == 0 || |
e147161b | 623 | matches(*argv, "table") == 0) { |
ca89c521 | 624 | __u32 tid; |
e147161b | 625 | |
ca89c521 HL |
626 | NEXT_ARG(); |
627 | if (rtnl_rttable_a2n(&tid, *argv)) | |
628 | invarg("table id value is invalid\n", *argv); | |
629 | filter.tb = tid; | |
630 | } else if (matches(*argv, "from") == 0 || | |
631 | matches(*argv, "src") == 0) { | |
632 | NEXT_ARG(); | |
746035b4 SP |
633 | if (get_prefix(&filter.src, *argv, af)) |
634 | invarg("from value is invalid\n", *argv); | |
7c083da7 DS |
635 | } else if (matches(*argv, "protocol") == 0) { |
636 | __u32 prot; | |
637 | NEXT_ARG(); | |
638 | filter.protocolmask = -1; | |
639 | if (rtnl_rtprot_a2n(&prot, *argv)) { | |
640 | if (strcmp(*argv, "all") != 0) | |
641 | invarg("invalid \"protocol\"\n", *argv); | |
642 | prot = 0; | |
643 | filter.protocolmask = 0; | |
644 | } | |
645 | filter.protocol = prot; | |
b2e8bf15 DA |
646 | } else if (strcmp(*argv, "ipproto") == 0) { |
647 | int ipproto; | |
648 | ||
649 | NEXT_ARG(); | |
650 | ipproto = inet_proto_a2n(*argv); | |
651 | if (ipproto < 0) | |
652 | invarg("Invalid \"ipproto\" value\n", *argv); | |
653 | filter.ipproto = ipproto; | |
654 | } else if (strcmp(*argv, "sport") == 0) { | |
655 | struct fib_rule_port_range r; | |
656 | int ret; | |
657 | ||
658 | NEXT_ARG(); | |
659 | ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); | |
660 | if (ret == 1) | |
661 | r.end = r.start; | |
662 | else if (ret != 2) | |
663 | invarg("invalid port range\n", *argv); | |
664 | filter.sport = r; | |
665 | } else if (strcmp(*argv, "dport") == 0) { | |
666 | struct fib_rule_port_range r; | |
667 | int ret; | |
668 | ||
669 | NEXT_ARG(); | |
670 | ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); | |
671 | if (ret == 1) | |
672 | r.end = r.start; | |
673 | else if (ret != 2) | |
674 | invarg("invalid dport range\n", *argv); | |
675 | filter.dport = r; | |
7c083da7 | 676 | } else{ |
ca89c521 HL |
677 | if (matches(*argv, "dst") == 0 || |
678 | matches(*argv, "to") == 0) { | |
679 | NEXT_ARG(); | |
680 | } | |
746035b4 SP |
681 | if (get_prefix(&filter.dst, *argv, af)) |
682 | invarg("to value is invalid\n", *argv); | |
ca89c521 HL |
683 | } |
684 | argc--; argv++; | |
685 | } | |
686 | ||
b05d9a3d | 687 | if (rtnl_ruledump_req(&rth, af) < 0) { |
aba5acdf SH |
688 | perror("Cannot send dump request"); |
689 | return 1; | |
690 | } | |
691 | ||
0dd4ccc5 | 692 | new_json_obj(json); |
cb294a1d | 693 | if (rtnl_dump_filter(&rth, filter_fn, stdout) < 0) { |
aba5acdf SH |
694 | fprintf(stderr, "Dump terminated\n"); |
695 | return 1; | |
696 | } | |
0dd4ccc5 | 697 | delete_json_obj(); |
aba5acdf SH |
698 | |
699 | return 0; | |
700 | } | |
701 | ||
2f4e171f KT |
702 | static int rule_dump_check_magic(void) |
703 | { | |
704 | int ret; | |
705 | __u32 magic = 0; | |
706 | ||
707 | if (isatty(STDIN_FILENO)) { | |
708 | fprintf(stderr, "Can't restore rule dump from a terminal\n"); | |
709 | return -1; | |
710 | } | |
711 | ||
712 | ret = fread(&magic, sizeof(magic), 1, stdin); | |
713 | if (magic != rule_dump_magic) { | |
d831cc7c SH |
714 | fprintf(stderr, "Magic mismatch (%d elems, %x magic)\n", |
715 | ret, magic); | |
2f4e171f KT |
716 | return -1; |
717 | } | |
718 | ||
719 | return 0; | |
720 | } | |
721 | ||
cd554f2c | 722 | static int restore_handler(struct rtnl_ctrl_data *ctrl, |
2f4e171f KT |
723 | struct nlmsghdr *n, void *arg) |
724 | { | |
725 | int ret; | |
726 | ||
727 | n->nlmsg_flags |= NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK; | |
728 | ||
729 | ll_init_map(&rth); | |
730 | ||
86bf43c7 | 731 | ret = rtnl_talk(&rth, n, NULL); |
2f4e171f KT |
732 | if ((ret < 0) && (errno == EEXIST)) |
733 | ret = 0; | |
734 | ||
735 | return ret; | |
736 | } | |
737 | ||
738 | ||
739 | static int iprule_restore(void) | |
740 | { | |
741 | if (rule_dump_check_magic()) | |
742 | exit(-1); | |
743 | ||
744 | exit(rtnl_from_file(stdin, &restore_handler, NULL)); | |
745 | } | |
aba5acdf | 746 | |
50772dc5 | 747 | static int iprule_modify(int cmd, int argc, char **argv) |
aba5acdf | 748 | { |
8c92e122 | 749 | int l3mdev_rule = 0; |
aba5acdf | 750 | int table_ok = 0; |
8c92e122 | 751 | __u32 tid = 0; |
aba5acdf | 752 | struct { |
4806867a | 753 | struct nlmsghdr n; |
5baaf07c | 754 | struct fib_rule_hdr frh; |
56f5daac | 755 | char buf[1024]; |
d17b136f PS |
756 | } req = { |
757 | .n.nlmsg_type = cmd, | |
5baaf07c | 758 | .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct fib_rule_hdr)), |
d17b136f | 759 | .n.nlmsg_flags = NLM_F_REQUEST, |
5baaf07c DS |
760 | .frh.family = preferred_family, |
761 | .frh.action = FR_ACT_UNSPEC, | |
d17b136f | 762 | }; |
aba5acdf SH |
763 | |
764 | if (cmd == RTM_NEWRULE) { | |
23801209 DA |
765 | if (argc == 0) { |
766 | fprintf(stderr, | |
767 | "\"ip rule add\" requires arguments.\n"); | |
768 | return -1; | |
769 | } | |
aba5acdf | 770 | req.n.nlmsg_flags |= NLM_F_CREATE|NLM_F_EXCL; |
5baaf07c | 771 | req.frh.action = FR_ACT_TO_TBL; |
aba5acdf SH |
772 | } |
773 | ||
67a990b8 AJM |
774 | if (cmd == RTM_DELRULE && argc == 0) { |
775 | fprintf(stderr, "\"ip rule del\" requires arguments.\n"); | |
776 | return -1; | |
777 | } | |
778 | ||
aba5acdf | 779 | while (argc > 0) { |
3123a0cc | 780 | if (strcmp(*argv, "not") == 0) { |
5baaf07c | 781 | req.frh.flags |= FIB_RULE_INVERT; |
3123a0cc | 782 | } else if (strcmp(*argv, "from") == 0) { |
aba5acdf | 783 | inet_prefix dst; |
56f5daac | 784 | |
aba5acdf | 785 | NEXT_ARG(); |
5baaf07c DS |
786 | get_prefix(&dst, *argv, req.frh.family); |
787 | req.frh.src_len = dst.bitlen; | |
d831cc7c SH |
788 | addattr_l(&req.n, sizeof(req), FRA_SRC, |
789 | &dst.data, dst.bytelen); | |
aba5acdf SH |
790 | } else if (strcmp(*argv, "to") == 0) { |
791 | inet_prefix dst; | |
56f5daac | 792 | |
aba5acdf | 793 | NEXT_ARG(); |
5baaf07c DS |
794 | get_prefix(&dst, *argv, req.frh.family); |
795 | req.frh.dst_len = dst.bitlen; | |
d831cc7c SH |
796 | addattr_l(&req.n, sizeof(req), FRA_DST, |
797 | &dst.data, dst.bytelen); | |
aba5acdf SH |
798 | } else if (matches(*argv, "preference") == 0 || |
799 | matches(*argv, "order") == 0 || | |
800 | matches(*argv, "priority") == 0) { | |
801 | __u32 pref; | |
56f5daac | 802 | |
aba5acdf SH |
803 | NEXT_ARG(); |
804 | if (get_u32(&pref, *argv, 0)) | |
805 | invarg("preference value is invalid\n", *argv); | |
ad1a12db | 806 | addattr32(&req.n, sizeof(req), FRA_PRIORITY, pref); |
dec01609 AH |
807 | } else if (strcmp(*argv, "tos") == 0 || |
808 | matches(*argv, "dsfield") == 0) { | |
aba5acdf | 809 | __u32 tos; |
56f5daac | 810 | |
aba5acdf SH |
811 | NEXT_ARG(); |
812 | if (rtnl_dsfield_a2n(&tos, *argv)) | |
813 | invarg("TOS value is invalid\n", *argv); | |
5baaf07c | 814 | req.frh.tos = tos; |
aba5acdf | 815 | } else if (strcmp(*argv, "fwmark") == 0) { |
be7f286e PM |
816 | char *slash; |
817 | __u32 fwmark, fwmask; | |
56f5daac | 818 | |
aba5acdf | 819 | NEXT_ARG(); |
d831cc7c SH |
820 | |
821 | slash = strchr(*argv, '/'); | |
822 | if (slash != NULL) | |
be7f286e | 823 | *slash = '\0'; |
4fb466f9 | 824 | if (get_u32(&fwmark, *argv, 0)) |
aba5acdf | 825 | invarg("fwmark value is invalid\n", *argv); |
ad1a12db | 826 | addattr32(&req.n, sizeof(req), FRA_FWMARK, fwmark); |
be7f286e PM |
827 | if (slash) { |
828 | if (get_u32(&fwmask, slash+1, 0)) | |
d831cc7c SH |
829 | invarg("fwmask value is invalid\n", |
830 | slash+1); | |
831 | addattr32(&req.n, sizeof(req), | |
832 | FRA_FWMASK, fwmask); | |
be7f286e | 833 | } |
aba5acdf SH |
834 | } else if (matches(*argv, "realms") == 0) { |
835 | __u32 realm; | |
56f5daac | 836 | |
aba5acdf | 837 | NEXT_ARG(); |
d583e88e | 838 | if (get_rt_realms_or_raw(&realm, *argv)) |
aba5acdf | 839 | invarg("invalid realms\n", *argv); |
ad1a12db | 840 | addattr32(&req.n, sizeof(req), FRA_FLOW, realm); |
33f1e250 DS |
841 | } else if (matches(*argv, "protocol") == 0) { |
842 | __u32 proto; | |
843 | ||
844 | NEXT_ARG(); | |
845 | if (rtnl_rtprot_a2n(&proto, *argv)) | |
846 | invarg("\"protocol\" value is invalid\n", *argv); | |
847 | addattr8(&req.n, sizeof(req), FRA_PROTOCOL, proto); | |
aba5acdf SH |
848 | } else if (matches(*argv, "table") == 0 || |
849 | strcmp(*argv, "lookup") == 0) { | |
aba5acdf SH |
850 | NEXT_ARG(); |
851 | if (rtnl_rttable_a2n(&tid, *argv)) | |
852 | invarg("invalid table ID\n", *argv); | |
34e95647 | 853 | if (tid < 256) |
5baaf07c | 854 | req.frh.table = tid; |
34e95647 | 855 | else { |
5baaf07c | 856 | req.frh.table = RT_TABLE_UNSPEC; |
ad1a12db | 857 | addattr32(&req.n, sizeof(req), FRA_TABLE, tid); |
34e95647 | 858 | } |
aba5acdf | 859 | table_ok = 1; |
b1d0525f ST |
860 | } else if (matches(*argv, "suppress_prefixlength") == 0 || |
861 | strcmp(*argv, "sup_pl") == 0) { | |
862 | int pl; | |
56f5daac | 863 | |
b1d0525f ST |
864 | NEXT_ARG(); |
865 | if (get_s32(&pl, *argv, 0) || pl < 0) | |
d831cc7c SH |
866 | invarg("suppress_prefixlength value is invalid\n", |
867 | *argv); | |
868 | addattr32(&req.n, sizeof(req), | |
869 | FRA_SUPPRESS_PREFIXLEN, pl); | |
b1d0525f ST |
870 | } else if (matches(*argv, "suppress_ifgroup") == 0 || |
871 | strcmp(*argv, "sup_group") == 0) { | |
872 | NEXT_ARG(); | |
873 | int group; | |
56f5daac | 874 | |
b1d0525f | 875 | if (rtnl_group_a2n(&group, *argv)) |
d831cc7c SH |
876 | invarg("Invalid \"suppress_ifgroup\" value\n", |
877 | *argv); | |
878 | addattr32(&req.n, sizeof(req), | |
879 | FRA_SUPPRESS_IFGROUP, group); | |
aba5acdf SH |
880 | } else if (strcmp(*argv, "dev") == 0 || |
881 | strcmp(*argv, "iif") == 0) { | |
882 | NEXT_ARG(); | |
625df645 PS |
883 | if (check_ifname(*argv)) |
884 | invarg("\"iif\"/\"dev\" not a valid ifname", *argv); | |
d831cc7c SH |
885 | addattr_l(&req.n, sizeof(req), FRA_IFNAME, |
886 | *argv, strlen(*argv)+1); | |
85eae222 PM |
887 | } else if (strcmp(*argv, "oif") == 0) { |
888 | NEXT_ARG(); | |
625df645 PS |
889 | if (check_ifname(*argv)) |
890 | invarg("\"oif\" not a valid ifname", *argv); | |
d831cc7c SH |
891 | addattr_l(&req.n, sizeof(req), FRA_OIFNAME, |
892 | *argv, strlen(*argv)+1); | |
8c92e122 DA |
893 | } else if (strcmp(*argv, "l3mdev") == 0) { |
894 | addattr8(&req.n, sizeof(req), FRA_L3MDEV, 1); | |
895 | table_ok = 1; | |
896 | l3mdev_rule = 1; | |
82252cdc LC |
897 | } else if (strcmp(*argv, "uidrange") == 0) { |
898 | struct fib_rule_uid_range r; | |
899 | ||
900 | NEXT_ARG(); | |
901 | if (sscanf(*argv, "%u-%u", &r.start, &r.end) != 2) | |
902 | invarg("invalid UID range\n", *argv); | |
903 | addattr_l(&req.n, sizeof(req), FRA_UID_RANGE, &r, | |
904 | sizeof(r)); | |
aba5acdf SH |
905 | } else if (strcmp(*argv, "nat") == 0 || |
906 | matches(*argv, "map-to") == 0) { | |
907 | NEXT_ARG(); | |
526afe40 | 908 | fprintf(stderr, "Warning: route NAT is deprecated\n"); |
d831cc7c SH |
909 | addattr32(&req.n, sizeof(req), RTA_GATEWAY, |
910 | get_addr32(*argv)); | |
5baaf07c | 911 | req.frh.action = RTN_NAT; |
f686f764 RP |
912 | } else if (strcmp(*argv, "ipproto") == 0) { |
913 | int ipproto; | |
914 | ||
915 | NEXT_ARG(); | |
916 | ipproto = inet_proto_a2n(*argv); | |
917 | if (ipproto < 0) | |
918 | invarg("Invalid \"ipproto\" value\n", | |
919 | *argv); | |
920 | addattr8(&req.n, sizeof(req), FRA_IP_PROTO, ipproto); | |
921 | } else if (strcmp(*argv, "sport") == 0) { | |
922 | struct fib_rule_port_range r; | |
923 | int ret = 0; | |
924 | ||
925 | NEXT_ARG(); | |
926 | ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); | |
927 | if (ret == 1) | |
928 | r.end = r.start; | |
929 | else if (ret != 2) | |
930 | invarg("invalid port range\n", *argv); | |
931 | addattr_l(&req.n, sizeof(req), FRA_SPORT_RANGE, &r, | |
932 | sizeof(r)); | |
933 | } else if (strcmp(*argv, "dport") == 0) { | |
934 | struct fib_rule_port_range r; | |
935 | int ret = 0; | |
936 | ||
937 | NEXT_ARG(); | |
938 | ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); | |
939 | if (ret == 1) | |
940 | r.end = r.start; | |
941 | else if (ret != 2) | |
942 | invarg("invalid dport range\n", *argv); | |
943 | addattr_l(&req.n, sizeof(req), FRA_DPORT_RANGE, &r, | |
944 | sizeof(r)); | |
aba5acdf SH |
945 | } else { |
946 | int type; | |
947 | ||
d831cc7c | 948 | if (strcmp(*argv, "type") == 0) |
aba5acdf | 949 | NEXT_ARG(); |
d831cc7c | 950 | |
aba5acdf SH |
951 | if (matches(*argv, "help") == 0) |
952 | usage(); | |
6b469cae TG |
953 | else if (matches(*argv, "goto") == 0) { |
954 | __u32 target; | |
56f5daac | 955 | |
6b469cae TG |
956 | type = FR_ACT_GOTO; |
957 | NEXT_ARG(); | |
958 | if (get_u32(&target, *argv, 0)) | |
959 | invarg("invalid target\n", *argv); | |
d831cc7c SH |
960 | addattr32(&req.n, sizeof(req), |
961 | FRA_GOTO, target); | |
6b469cae TG |
962 | } else if (matches(*argv, "nop") == 0) |
963 | type = FR_ACT_NOP; | |
964 | else if (rtnl_rtntype_a2n(&type, *argv)) | |
aba5acdf | 965 | invarg("Failed to parse rule type", *argv); |
5baaf07c | 966 | req.frh.action = type; |
6b469cae | 967 | table_ok = 1; |
aba5acdf SH |
968 | } |
969 | argc--; | |
970 | argv++; | |
971 | } | |
972 | ||
8c92e122 DA |
973 | if (l3mdev_rule && tid != 0) { |
974 | fprintf(stderr, | |
975 | "table can not be specified for l3mdev rules\n"); | |
976 | return -EINVAL; | |
977 | } | |
978 | ||
5baaf07c DS |
979 | if (req.frh.family == AF_UNSPEC) |
980 | req.frh.family = AF_INET; | |
aba5acdf SH |
981 | |
982 | if (!table_ok && cmd == RTM_NEWRULE) | |
5baaf07c | 983 | req.frh.table = RT_TABLE_MAIN; |
aba5acdf | 984 | |
86bf43c7 | 985 | if (rtnl_talk(&rth, &req.n, NULL) < 0) |
076ae708 | 986 | return -2; |
aba5acdf SH |
987 | |
988 | return 0; | |
989 | } | |
990 | ||
991 | int do_iprule(int argc, char **argv) | |
992 | { | |
993 | if (argc < 1) { | |
cb294a1d | 994 | return iprule_list_flush_or_save(0, NULL, IPRULE_LIST); |
aba5acdf SH |
995 | } else if (matches(argv[0], "list") == 0 || |
996 | matches(argv[0], "lst") == 0 || | |
997 | matches(argv[0], "show") == 0) { | |
cb294a1d | 998 | return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_LIST); |
2f4e171f | 999 | } else if (matches(argv[0], "save") == 0) { |
cb294a1d | 1000 | return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_SAVE); |
2f4e171f KT |
1001 | } else if (matches(argv[0], "restore") == 0) { |
1002 | return iprule_restore(); | |
aba5acdf SH |
1003 | } else if (matches(argv[0], "add") == 0) { |
1004 | return iprule_modify(RTM_NEWRULE, argc-1, argv+1); | |
1005 | } else if (matches(argv[0], "delete") == 0) { | |
1006 | return iprule_modify(RTM_DELRULE, argc-1, argv+1); | |
50772dc5 | 1007 | } else if (matches(argv[0], "flush") == 0) { |
cb294a1d | 1008 | return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_FLUSH); |
aba5acdf SH |
1009 | } else if (matches(argv[0], "help") == 0) |
1010 | usage(); | |
1011 | ||
d831cc7c SH |
1012 | fprintf(stderr, |
1013 | "Command \"%s\" is unknown, try \"ip rule help\".\n", *argv); | |
aba5acdf SH |
1014 | exit(-1); |
1015 | } | |
1016 | ||
b6c8e808 PM |
1017 | int do_multirule(int argc, char **argv) |
1018 | { | |
1019 | switch (preferred_family) { | |
1020 | case AF_UNSPEC: | |
1021 | case AF_INET: | |
1022 | preferred_family = RTNL_FAMILY_IPMR; | |
1023 | break; | |
1024 | case AF_INET6: | |
1025 | preferred_family = RTNL_FAMILY_IP6MR; | |
1026 | break; | |
0d1c9b57 BG |
1027 | case RTNL_FAMILY_IPMR: |
1028 | case RTNL_FAMILY_IP6MR: | |
1029 | break; | |
b6c8e808 | 1030 | default: |
d831cc7c SH |
1031 | fprintf(stderr, |
1032 | "Multicast rules are only supported for IPv4/IPv6, was: %i\n", | |
0d1c9b57 | 1033 | preferred_family); |
b6c8e808 PM |
1034 | exit(-1); |
1035 | } | |
1036 | ||
1037 | return do_iprule(argc, argv); | |
1038 | } |