]> git.proxmox.com Git - mirror_iproute2.git/blame - ip/iprule.c
projects / mirror_iproute2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'strict-dumps' into iproute2-next
[mirror_iproute2.git] / ip / iprule.c
CommitLineData
aba5acdf
SH		 1/*
2 * iprule.c "ip rule".
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10 *
aba5acdf
SH		 11 */
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <unistd.h>
aba5acdf
SH		 16#include <fcntl.h>
17#include <sys/socket.h>
18#include <netinet/in.h>
19#include <netinet/ip.h>
20#include <arpa/inet.h>
21#include <string.h>
ca89c521 22#include <linux/if.h>
3123a0cc 23#include <linux/fib_rules.h>
2f4e171f 24#include <errno.h>
aba5acdf
SH		 25
26#include "rt_names.h"
27#include "utils.h"
34e95647 28#include "ip_common.h"
0dd4ccc5 29#include "json_print.h"
aba5acdf 30
cb294a1d
HL		 31enum list_action {
32 IPRULE_LIST,
33 IPRULE_FLUSH,
34 IPRULE_SAVE,
35};
36
351efcde
SH		 37extern struct rtnl_handle rth;
38
aba5acdf
SH		 39static void usage(void) __attribute__((noreturn));
40
41static void usage(void)
42{
e147161b
SH		 43 fprintf(stderr,
44 "Usage: ip rule { add | del } SELECTOR ACTION\n"
45 " ip rule { flush | save | restore }\n"
46 " ip rule [ list [ SELECTOR ]]\n"
47 "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n"
48 " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n"
82252cdc 49 " [ uidrange NUMBER-NUMBER ]\n"
f686f764
RP		 50 " [ ipproto PROTOCOL ]\n"
51 " [ sport [ NUMBER | NUMBER-NUMBER ]\n"
52 " [ dport [ NUMBER | NUMBER-NUMBER ] ]\n"
e147161b 53 "ACTION := [ table TABLE_ID ]\n"
7c083da7 54 " [ protocol PROTO ]\n"
e147161b
SH		 55 " [ nat ADDRESS ]\n"
56 " [ realms [SRCREALM/]DSTREALM ]\n"
57 " [ goto NUMBER ]\n"
58 " SUPPRESSOR\n"
59 "SUPPRESSOR := [ suppress_prefixlength NUMBER ]\n"
60 " [ suppress_ifgroup DEVGROUP ]\n"
61 "TABLE_ID := [ local | main | default | NUMBER ]\n");
aba5acdf
SH		 62 exit(-1);
63}
64
ca89c521
HL		 65static struct
66{
67 int not;
68 int l3mdev;
82252cdc 69 int iifmask, oifmask, uidrange;
ca89c521
HL		 70 unsigned int tb;
71 unsigned int tos, tosmask;
72 unsigned int pref, prefmask;
73 unsigned int fwmark, fwmask;
74 char iif[IFNAMSIZ];
75 char oif[IFNAMSIZ];
82252cdc 76 struct fib_rule_uid_range range;
ca89c521
HL		 77 inet_prefix src;
78 inet_prefix dst;
7c083da7
DS		 79 int protocol;
80 int protocolmask;
b2e8bf15
DA		 81 struct fib_rule_port_range sport;
82 struct fib_rule_port_range dport;
83 __u8 ipproto;
ca89c521
HL		 84} filter;
85
5baaf07c
DS		 86static inline int frh_get_table(struct fib_rule_hdr *frh, struct rtattr **tb)
87{
88 __u32 table = frh->table;
89 if (tb[RTA_TABLE])
90 table = rta_getattr_u32(tb[RTA_TABLE]);
91 return table;
92}
93
ca89c521
HL		 94static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
95{
5baaf07c 96 struct fib_rule_hdr *frh = NLMSG_DATA(n);
ca89c521
HL		 97 __u32 table;
98
5baaf07c 99 if (preferred_family != AF_UNSPEC && frh->family != preferred_family)
ca89c521
HL		 100 return false;
101
102 if (filter.prefmask &&
103 filter.pref ^ (tb[FRA_PRIORITY] ? rta_getattr_u32(tb[FRA_PRIORITY]) : 0))
104 return false;
5baaf07c 105 if (filter.not && !(frh->flags & FIB_RULE_INVERT))
ca89c521
HL		 106 return false;
107
108 if (filter.src.family) {
746035b4
SP		 109 inet_prefix *f_src = &filter.src;
110
5baaf07c
DS		 111 if (f_src->family != frh->family ||
112 f_src->bitlen > frh->src_len)
746035b4
SP		 113 return false;
114
115 if (inet_addr_match_rta(f_src, tb[FRA_SRC]))
ca89c521
HL		 116 return false;
117 }
118
119 if (filter.dst.family) {
746035b4
SP		 120 inet_prefix *f_dst = &filter.dst;
121
5baaf07c
DS		 122 if (f_dst->family != frh->family ||
123 f_dst->bitlen > frh->dst_len)
746035b4
SP		 124 return false;
125
126 if (inet_addr_match_rta(f_dst, tb[FRA_DST]))
ca89c521
HL		 127 return false;
128 }
129
5baaf07c 130 if (filter.tosmask && filter.tos ^ frh->tos)
ca89c521
HL		 131 return false;
132
133 if (filter.fwmark) {
134 __u32 mark = 0;
e147161b 135
ca89c521
HL		 136 if (tb[FRA_FWMARK])
137 mark = rta_getattr_u32(tb[FRA_FWMARK]);
138 if (filter.fwmark ^ mark)
139 return false;
140 }
141 if (filter.fwmask) {
142 __u32 mask = 0;
e147161b 143
ca89c521
HL		 144 if (tb[FRA_FWMASK])
145 mask = rta_getattr_u32(tb[FRA_FWMASK]);
146 if (filter.fwmask ^ mask)
147 return false;
148 }
149
150 if (filter.iifmask) {
151 if (tb[FRA_IFNAME]) {
152 if (strcmp(filter.iif, rta_getattr_str(tb[FRA_IFNAME])) != 0)
153 return false;
154 } else {
155 return false;
156 }
157 }
158
159 if (filter.oifmask) {
160 if (tb[FRA_OIFNAME]) {
161 if (strcmp(filter.oif, rta_getattr_str(tb[FRA_OIFNAME])) != 0)
162 return false;
163 } else {
164 return false;
165 }
166 }
167
168 if (filter.l3mdev && !(tb[FRA_L3MDEV] && rta_getattr_u8(tb[FRA_L3MDEV])))
169 return false;
170
82252cdc
LC		 171 if (filter.uidrange) {
172 struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]);
173
174 if (!tb[FRA_UID_RANGE] ||
175 r->start != filter.range.start ||
176 r->end != filter.range.end)
177 return false;
178 }
179
b2e8bf15
DA		 180 if (filter.ipproto) {
181 __u8 ipproto = 0;
182
183 if (tb[FRA_IP_PROTO])
184 ipproto = rta_getattr_u8(tb[FRA_IP_PROTO]);
185 if (filter.ipproto != ipproto)
186 return false;
187 }
188
189 if (filter.sport.start) {
190 const struct fib_rule_port_range *r;
191
192 if (!tb[FRA_SPORT_RANGE])
193 return false;
194
195 r = RTA_DATA(tb[FRA_SPORT_RANGE]);
196 if (r->start != filter.sport.start ||
197 r->end != filter.sport.end)
198 return false;
199 }
200
201 if (filter.dport.start) {
202 const struct fib_rule_port_range *r;
203
204 if (!tb[FRA_DPORT_RANGE])
205 return false;
206
207 r = RTA_DATA(tb[FRA_DPORT_RANGE]);
208 if (r->start != filter.dport.start ||
209 r->end != filter.dport.end)
210 return false;
211 }
212
5baaf07c 213 table = frh_get_table(frh, tb);
ca89c521
HL		 214 if (filter.tb > 0 && filter.tb ^ table)
215 return false;
216
217 return true;
218}
219
cd554f2c 220int print_rule(struct nlmsghdr *n, void *arg)
aba5acdf 221{
0dd4ccc5 222 FILE *fp = arg;
5baaf07c 223 struct fib_rule_hdr *frh = NLMSG_DATA(n);
aba5acdf
SH		 224 int len = n->nlmsg_len;
225 int host_len = -1;
0dd4ccc5 226 __u32 table, prio = 0;
56f5daac 227 struct rtattr *tb[FRA_MAX+1];
aba5acdf
SH		 228 SPRINT_BUF(b1);
229
98bde989 230 if (n->nlmsg_type != RTM_NEWRULE && n->nlmsg_type != RTM_DELRULE)
aba5acdf
SH		 231 return 0;
232
5baaf07c 233 len -= NLMSG_LENGTH(sizeof(*frh));
aba5acdf
SH		 234 if (len < 0)
235 return -1;
236
5baaf07c 237 parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len);
aba5acdf 238
5baaf07c 239 host_len = af_bit_len(frh->family);
aba5acdf 240
e147161b 241 if (!filter_nlmsg(n, tb, host_len))
ca89c521
HL		 242 return 0;
243
0dd4ccc5 244 open_json_object(NULL);
98bde989 245 if (n->nlmsg_type == RTM_DELRULE)
0dd4ccc5 246 print_bool(PRINT_ANY, "deleted", "Deleted ", true);
98bde989 247
ad1a12db 248 if (tb[FRA_PRIORITY])
0dd4ccc5
SH		 249 prio = rta_getattr_u32(tb[FRA_PRIORITY]);
250
251 print_uint(PRINT_ANY, "priority", "%u:\t", prio);
aba5acdf 252
5baaf07c 253 if (frh->flags & FIB_RULE_INVERT)
0dd4ccc5 254 print_null(PRINT_ANY, "not", "not ", NULL);
3123a0cc 255
ad1a12db 256 if (tb[FRA_SRC]) {
0dd4ccc5
SH		 257 const char *src = rt_addr_n2a_rta(frh->family, tb[FRA_SRC]);
258
259 print_string(PRINT_FP, NULL, "from ", NULL);
260 print_color_string(PRINT_ANY, ifa_family_color(frh->family),
261 "src", "%s", src);
262 if (frh->src_len != host_len)
263 print_uint(PRINT_ANY, "srclen", "/%u ", frh->src_len);
264 else
265 print_string(PRINT_FP, NULL, " ", NULL);
5baaf07c 266 } else if (frh->src_len) {
0dd4ccc5
SH		 267 print_string(PRINT_ANY, "src", "from %s", "0");
268 print_uint(PRINT_ANY, "srclen", "/%u ", frh->src_len);
aba5acdf 269 } else {
0dd4ccc5 270 print_string(PRINT_ANY, "src", "from %s ", "all");
aba5acdf
SH		 271 }
272
ad1a12db 273 if (tb[FRA_DST]) {
0dd4ccc5
SH		 274 const char *dst = rt_addr_n2a_rta(frh->family, tb[FRA_DST]);
275
276 print_string(PRINT_FP, NULL, "to ", NULL);
277 print_color_string(PRINT_ANY, ifa_family_color(frh->family),
1a75322c 278 "dst", "%s", dst);
0dd4ccc5
SH		 279 if (frh->dst_len != host_len)
280 print_uint(PRINT_ANY, "dstlen", "/%u ", frh->dst_len);
281 else
282 print_string(PRINT_FP, NULL, " ", NULL);
5baaf07c 283 } else if (frh->dst_len) {
0dd4ccc5
SH		 284 print_string(PRINT_ANY, "dst", "to %s", "0");
285 print_uint(PRINT_ANY, "dstlen", "/%u ", frh->dst_len);
aba5acdf
SH		 286 }
287
5baaf07c 288 if (frh->tos) {
0dd4ccc5
SH		 289 print_string(PRINT_ANY, "tos",
290 "tos %s ",
291 rtnl_dsfield_n2a(frh->tos, b1, sizeof(b1)));
aba5acdf 292 }
ad1a12db 293
4806867a 294 if (tb[FRA_FWMARK] || tb[FRA_FWMASK]) {
be7f286e
PM		 295 __u32 mark = 0, mask = 0;
296
ad1a12db 297 if (tb[FRA_FWMARK])
ff24746c 298 mark = rta_getattr_u32(tb[FRA_FWMARK]);
be7f286e 299
ad1a12db 300 if (tb[FRA_FWMASK] &&
0dd4ccc5 301 (mask = rta_getattr_u32(tb[FRA_FWMASK])) != 0xFFFFFFFF) {
90c5c969
SH		 302 print_0xhex(PRINT_ANY, "fwmark", "fwmark %#llx", mark);
303 print_0xhex(PRINT_ANY, "fwmask", "/%#llx ", mask);
0dd4ccc5 304 } else {
90c5c969 305 print_0xhex(PRINT_ANY, "fwmark", "fwmark %#llx ", mark);
0dd4ccc5 306 }
aba5acdf
SH		 307 }
308
ad1a12db 309 if (tb[FRA_IFNAME]) {
0dd4ccc5
SH		 310 if (!is_json_context())
311 fprintf(fp, "iif ");
312 print_color_string(PRINT_ANY, COLOR_IFNAME,
313 "iif", "%s ",
314 rta_getattr_str(tb[FRA_IFNAME]));
315
5baaf07c 316 if (frh->flags & FIB_RULE_IIF_DETACHED)
0dd4ccc5
SH		 317 print_null(PRINT_ANY, "iif_detached", "[detached] ",
318 NULL);
85eae222
PM		 319 }
320
321 if (tb[FRA_OIFNAME]) {
0dd4ccc5
SH		 322 if (!is_json_context())
323 fprintf(fp, "oif ");
324
325 print_color_string(PRINT_ANY, COLOR_IFNAME, "oif", "%s ",
326 rta_getattr_str(tb[FRA_OIFNAME]));
327
5baaf07c 328 if (frh->flags & FIB_RULE_OIF_DETACHED)
0dd4ccc5
SH		 329 print_null(PRINT_ANY, "oif_detached", "[detached] ",
330 NULL);
aba5acdf
SH		 331 }
332
8c92e122 333 if (tb[FRA_L3MDEV]) {
0dd4ccc5
SH		 334 __u8 mdev = rta_getattr_u8(tb[FRA_L3MDEV]);
335
336 if (mdev)
337 print_null(PRINT_ANY, "l3mdev",
338 "lookup [l3mdev-table] ", NULL);
8c92e122
DA		 339 }
340
82252cdc
LC		 341 if (tb[FRA_UID_RANGE]) {
342 struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]);
343
0dd4ccc5
SH		 344 print_uint(PRINT_ANY, "uid_start", "uidrange %u", r->start);
345 print_uint(PRINT_ANY, "uid_end", "-%u ", r->end);
82252cdc
LC		 346 }
347
f686f764
RP		 348 if (tb[FRA_IP_PROTO]) {
349 SPRINT_BUF(pbuf);
350 print_string(PRINT_ANY, "ipproto", "ipproto %s ",
351 inet_proto_n2a(rta_getattr_u8(tb[FRA_IP_PROTO]),
352 pbuf, sizeof(pbuf)));
353 }
354
355 if (tb[FRA_SPORT_RANGE]) {
356 struct fib_rule_port_range *r = RTA_DATA(tb[FRA_SPORT_RANGE]);
357
358 if (r->start == r->end) {
359 print_uint(PRINT_ANY, "sport", "sport %u ", r->start);
360 } else {
361 print_uint(PRINT_ANY, "sport_start", "sport %u",
362 r->start);
363 print_uint(PRINT_ANY, "sport_end", "-%u ", r->end);
364 }
365 }
366
367 if (tb[FRA_DPORT_RANGE]) {
368 struct fib_rule_port_range *r = RTA_DATA(tb[FRA_DPORT_RANGE]);
369
370 if (r->start == r->end) {
371 print_uint(PRINT_ANY, "dport", "dport %u ", r->start);
372 } else {
373 print_uint(PRINT_ANY, "dport_start", "dport %u",
374 r->start);
375 print_uint(PRINT_ANY, "dport_end", "-%u ", r->end);
376 }
377 }
378
5baaf07c 379 table = frh_get_table(frh, tb);
b1d0525f 380 if (table) {
0dd4ccc5
SH		 381 print_string(PRINT_ANY, "table",
382 "lookup %s ",
383 rtnl_rttable_n2a(table, b1, sizeof(b1)));
aba5acdf 384
b1d0525f
ST		 385 if (tb[FRA_SUPPRESS_PREFIXLEN]) {
386 int pl = rta_getattr_u32(tb[FRA_SUPPRESS_PREFIXLEN]);
56f5daac 387
d831cc7c 388 if (pl != -1)
0dd4ccc5
SH		 389 print_int(PRINT_ANY, "suppress_prefixlen",
390 "suppress_prefixlength %d ", pl);
b1d0525f 391 }
0dd4ccc5 392
b1d0525f
ST		 393 if (tb[FRA_SUPPRESS_IFGROUP]) {
394 int group = rta_getattr_u32(tb[FRA_SUPPRESS_IFGROUP]);
56f5daac 395
b1d0525f 396 if (group != -1) {
0dd4ccc5
SH		 397 const char *grname
398 = rtnl_group_n2a(group, b1, sizeof(b1));
399
400 print_string(PRINT_ANY, "suppress_ifgroup",
401 "suppress_ifgroup %s ", grname);
b1d0525f
ST		 402 }
403 }
404 }
405
ad1a12db 406 if (tb[FRA_FLOW]) {
ff24746c 407 __u32 to = rta_getattr_u32(tb[FRA_FLOW]);
aba5acdf 408 __u32 from = to>>16;
56f5daac 409
aba5acdf 410 to &= 0xFFFF;
0dd4ccc5
SH		 411 if (from)
412 print_string(PRINT_ANY,
413 "flow_from", "realms %s/",
414 rtnl_rtrealm_n2a(from, b1, sizeof(b1)));
415
416 print_string(PRINT_ANY, "flow_to", "%s ",
417 rtnl_rtrealm_n2a(to, b1, sizeof(b1)));
aba5acdf
SH		 418 }
419
5baaf07c 420 if (frh->action == RTN_NAT) {
aba5acdf 421 if (tb[RTA_GATEWAY]) {
0dd4ccc5
SH		 422 const char *gateway;
423
424 gateway = format_host_rta(frh->family, tb[RTA_GATEWAY]);
425
426 print_string(PRINT_ANY, "nat_gateway",
427 "map-to %s ", gateway);
428 } else {
429 print_null(PRINT_ANY, "masquerade", "masquerade", NULL);
430 }
5baaf07c 431 } else if (frh->action == FR_ACT_GOTO) {
6b469cae 432 if (tb[FRA_GOTO])
0dd4ccc5
SH		 433 print_uint(PRINT_ANY, "goto", "goto %u",
434 rta_getattr_u32(tb[FRA_GOTO]));
6b469cae 435 else
0dd4ccc5
SH		 436 print_string(PRINT_ANY, "goto", "goto %s", "none");
437
5baaf07c 438 if (frh->flags & FIB_RULE_UNRESOLVED)
0dd4ccc5
SH		 439 print_null(PRINT_ANY, "unresolved", "unresolved", NULL);
440 } else if (frh->action == FR_ACT_NOP) {
441 print_null(PRINT_ANY, "nop", "nop", NULL);
442 } else if (frh->action != FR_ACT_TO_TBL) {
443 print_string(PRINT_ANY, "to_tbl", "%s",
444 rtnl_rtntype_n2a(frh->action, b1, sizeof(b1)));
445 }
aba5acdf 446
7c083da7
DS		 447 if (tb[FRA_PROTOCOL]) {
448 __u8 protocol = rta_getattr_u8(tb[FRA_PROTOCOL]);
449
0dd4ccc5
SH		 450 if ((protocol && protocol != RTPROT_KERNEL) || show_details > 0) {
451 print_string(PRINT_ANY, "protocol", " proto %s ",
452 rtnl_rtprot_n2a(protocol, b1, sizeof(b1)));
7c083da7
DS		 453 }
454 }
0dd4ccc5
SH		 455 print_string(PRINT_FP, NULL, "\n", "");
456 close_json_object();
aba5acdf
SH		 457 fflush(fp);
458 return 0;
459}
460
2f4e171f
KT		 461static __u32 rule_dump_magic = 0x71706986;
462
463static int save_rule_prep(void)
464{
465 int ret;
466
467 if (isatty(STDOUT_FILENO)) {
468 fprintf(stderr, "Not sending a binary stream to stdout\n");
469 return -1;
470 }
471
472 ret = write(STDOUT_FILENO, &rule_dump_magic, sizeof(rule_dump_magic));
473 if (ret != sizeof(rule_dump_magic)) {
474 fprintf(stderr, "Can't write magic to dump file\n");
475 return -1;
476 }
477
478 return 0;
479}
480
cd554f2c 481static int save_rule(struct nlmsghdr *n, void *arg)
aba5acdf 482{
2f4e171f
KT		 483 int ret;
484
485 ret = write(STDOUT_FILENO, n, n->nlmsg_len);
486 if ((ret > 0) && (ret != n->nlmsg_len)) {
487 fprintf(stderr, "Short write while saving nlmsg\n");
488 ret = -EIO;
489 }
490
491 return ret == n->nlmsg_len ? 0 : ret;
492}
493
cd554f2c 494static int flush_rule(struct nlmsghdr *n, void *arg)
cb294a1d
HL		 495{
496 struct rtnl_handle rth2;
5baaf07c 497 struct fib_rule_hdr *frh = NLMSG_DATA(n);
cb294a1d
HL		 498 int len = n->nlmsg_len;
499 struct rtattr *tb[FRA_MAX+1];
b65b4c08 500 int host_len = -1;
cb294a1d 501
5baaf07c 502 len -= NLMSG_LENGTH(sizeof(*frh));
cb294a1d
HL		 503 if (len < 0)
504 return -1;
505
5baaf07c 506 parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len);
cb294a1d 507
b65b4c08
DA		 508 host_len = af_bit_len(frh->family);
509 if (!filter_nlmsg(n, tb, host_len))
510 return 0;
511
7c083da7
DS		 512 if (tb[FRA_PROTOCOL]) {
513 __u8 protocol = rta_getattr_u8(tb[FRA_PROTOCOL]);
514
515 if ((filter.protocol ^ protocol) & filter.protocolmask)
516 return 0;
517 }
518
cb294a1d
HL		 519 if (tb[FRA_PRIORITY]) {
520 n->nlmsg_type = RTM_DELRULE;
521 n->nlmsg_flags = NLM_F_REQUEST;
522
523 if (rtnl_open(&rth2, 0) < 0)
524 return -1;
525
86bf43c7 526 if (rtnl_talk(&rth2, n, NULL) < 0)
cb294a1d
HL		 527 return -2;
528
529 rtnl_close(&rth2);
530 }
531
532 return 0;
533}
534
535static int iprule_list_flush_or_save(int argc, char **argv, int action)
2f4e171f 536{
cb294a1d 537 rtnl_filter_t filter_fn;
aba5acdf
SH		 538 int af = preferred_family;
539
540 if (af == AF_UNSPEC)
541 af = AF_INET;
542
7c083da7
DS		 543 if (action == IPRULE_SAVE && argc > 0) {
544 fprintf(stderr, "\"ip rule save\" does not take any arguments.\n");
aba5acdf
SH		 545 return -1;
546 }
547
cb294a1d
HL		 548 switch (action) {
549 case IPRULE_SAVE:
2f4e171f
KT		 550 if (save_rule_prep())
551 return -1;
cb294a1d
HL		 552 filter_fn = save_rule;
553 break;
554 case IPRULE_FLUSH:
555 filter_fn = flush_rule;
556 break;
557 default:
558 filter_fn = print_rule;
2f4e171f
KT		 559 }
560
ca89c521
HL		 561 memset(&filter, 0, sizeof(filter));
562
563 while (argc > 0) {
564 if (matches(*argv, "preference") == 0 ||
565 matches(*argv, "order") == 0 ||
566 matches(*argv, "priority") == 0) {
567 __u32 pref;
e147161b 568
ca89c521
HL		 569 NEXT_ARG();
570 if (get_u32(&pref, *argv, 0))
571 invarg("preference value is invalid\n", *argv);
572 filter.pref = pref;
573 filter.prefmask = 1;
574 } else if (strcmp(*argv, "not") == 0) {
575 filter.not = 1;
576 } else if (strcmp(*argv, "tos") == 0) {
577 __u32 tos;
e147161b 578
ca89c521
HL		 579 NEXT_ARG();
580 if (rtnl_dsfield_a2n(&tos, *argv))
581 invarg("TOS value is invalid\n", *argv);
582 filter.tos = tos;
583 filter.tosmask = 1;
584 } else if (strcmp(*argv, "fwmark") == 0) {
585 char *slash;
586 __u32 fwmark, fwmask;
e147161b 587
ca89c521
HL		 588 NEXT_ARG();
589 slash = strchr(*argv, '/');
590 if (slash != NULL)
591 *slash = '\0';
592 if (get_u32(&fwmark, *argv, 0))
593 invarg("fwmark value is invalid\n", *argv);
594 filter.fwmark = fwmark;
595 if (slash) {
596 if (get_u32(&fwmask, slash+1, 0))
597 invarg("fwmask value is invalid\n",
598 slash+1);
599 filter.fwmask = fwmask;
600 }
601 } else if (strcmp(*argv, "dev") == 0 ||
602 strcmp(*argv, "iif") == 0) {
603 NEXT_ARG();
625df645
PS		 604 if (get_ifname(filter.iif, *argv))
605 invarg("\"iif\"/\"dev\" not a valid ifname", *argv);
ca89c521
HL		 606 filter.iifmask = 1;
607 } else if (strcmp(*argv, "oif") == 0) {
608 NEXT_ARG();
625df645
PS		 609 if (get_ifname(filter.oif, *argv))
610 invarg("\"oif\" not a valid ifname", *argv);
ca89c521
HL		 611 filter.oifmask = 1;
612 } else if (strcmp(*argv, "l3mdev") == 0) {
613 filter.l3mdev = 1;
82252cdc
LC		 614 } else if (strcmp(*argv, "uidrange") == 0) {
615 NEXT_ARG();
616 filter.uidrange = 1;
617 if (sscanf(*argv, "%u-%u",
618 &filter.range.start,
619 &filter.range.end) != 2)
620 invarg("invalid UID range\n", *argv);
621
ca89c521 622 } else if (matches(*argv, "lookup") == 0 ||
e147161b 623 matches(*argv, "table") == 0) {
ca89c521 624 __u32 tid;
e147161b 625
ca89c521
HL		 626 NEXT_ARG();
627 if (rtnl_rttable_a2n(&tid, *argv))
628 invarg("table id value is invalid\n", *argv);
629 filter.tb = tid;
630 } else if (matches(*argv, "from") == 0 ||
631 matches(*argv, "src") == 0) {
632 NEXT_ARG();
746035b4
SP		 633 if (get_prefix(&filter.src, *argv, af))
634 invarg("from value is invalid\n", *argv);
7c083da7
DS		 635 } else if (matches(*argv, "protocol") == 0) {
636 __u32 prot;
637 NEXT_ARG();
638 filter.protocolmask = -1;
639 if (rtnl_rtprot_a2n(&prot, *argv)) {
640 if (strcmp(*argv, "all") != 0)
641 invarg("invalid \"protocol\"\n", *argv);
642 prot = 0;
643 filter.protocolmask = 0;
644 }
645 filter.protocol = prot;
b2e8bf15
DA		 646 } else if (strcmp(*argv, "ipproto") == 0) {
647 int ipproto;
648
649 NEXT_ARG();
650 ipproto = inet_proto_a2n(*argv);
651 if (ipproto < 0)
652 invarg("Invalid \"ipproto\" value\n", *argv);
653 filter.ipproto = ipproto;
654 } else if (strcmp(*argv, "sport") == 0) {
655 struct fib_rule_port_range r;
656 int ret;
657
658 NEXT_ARG();
659 ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end);
660 if (ret == 1)
661 r.end = r.start;
662 else if (ret != 2)
663 invarg("invalid port range\n", *argv);
664 filter.sport = r;
665 } else if (strcmp(*argv, "dport") == 0) {
666 struct fib_rule_port_range r;
667 int ret;
668
669 NEXT_ARG();
670 ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end);
671 if (ret == 1)
672 r.end = r.start;
673 else if (ret != 2)
674 invarg("invalid dport range\n", *argv);
675 filter.dport = r;
7c083da7 676 } else{
ca89c521
HL		 677 if (matches(*argv, "dst") == 0 ||
678 matches(*argv, "to") == 0) {
679 NEXT_ARG();
680 }
746035b4
SP		 681 if (get_prefix(&filter.dst, *argv, af))
682 invarg("to value is invalid\n", *argv);
ca89c521
HL		 683 }
684 argc--; argv++;
685 }
686
b05d9a3d 687 if (rtnl_ruledump_req(&rth, af) < 0) {
aba5acdf
SH		 688 perror("Cannot send dump request");
689 return 1;
690 }
691
0dd4ccc5 692 new_json_obj(json);
cb294a1d 693 if (rtnl_dump_filter(&rth, filter_fn, stdout) < 0) {
aba5acdf
SH		 694 fprintf(stderr, "Dump terminated\n");
695 return 1;
696 }
0dd4ccc5 697 delete_json_obj();
aba5acdf
SH		 698
699 return 0;
700}
701
2f4e171f
KT		 702static int rule_dump_check_magic(void)
703{
704 int ret;
705 __u32 magic = 0;
706
707 if (isatty(STDIN_FILENO)) {
708 fprintf(stderr, "Can't restore rule dump from a terminal\n");
709 return -1;
710 }
711
712 ret = fread(&magic, sizeof(magic), 1, stdin);
713 if (magic != rule_dump_magic) {
d831cc7c
SH		 714 fprintf(stderr, "Magic mismatch (%d elems, %x magic)\n",
715 ret, magic);
2f4e171f
KT		 716 return -1;
717 }
718
719 return 0;
720}
721
cd554f2c 722static int restore_handler(struct rtnl_ctrl_data *ctrl,
2f4e171f
KT		 723 struct nlmsghdr *n, void *arg)
724{
725 int ret;
726
727 n->nlmsg_flags |= NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK;
728
729 ll_init_map(&rth);
730
86bf43c7 731 ret = rtnl_talk(&rth, n, NULL);
2f4e171f
KT		 732 if ((ret < 0) && (errno == EEXIST))
733 ret = 0;
734
735 return ret;
736}
737
738
739static int iprule_restore(void)
740{
741 if (rule_dump_check_magic())
742 exit(-1);
743
744 exit(rtnl_from_file(stdin, &restore_handler, NULL));
745}
aba5acdf 746
50772dc5 747static int iprule_modify(int cmd, int argc, char **argv)
aba5acdf 748{
8c92e122 749 int l3mdev_rule = 0;
aba5acdf 750 int table_ok = 0;
8c92e122 751 __u32 tid = 0;
aba5acdf 752 struct {
4806867a 753 struct nlmsghdr n;
5baaf07c 754 struct fib_rule_hdr frh;
56f5daac 755 char buf[1024];
d17b136f
PS		 756 } req = {
757 .n.nlmsg_type = cmd,
5baaf07c 758 .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct fib_rule_hdr)),
d17b136f 759 .n.nlmsg_flags = NLM_F_REQUEST,
5baaf07c
DS		 760 .frh.family = preferred_family,
761 .frh.action = FR_ACT_UNSPEC,
d17b136f 762 };
aba5acdf
SH		 763
764 if (cmd == RTM_NEWRULE) {
23801209
DA		 765 if (argc == 0) {
766 fprintf(stderr,
767 "\"ip rule add\" requires arguments.\n");
768 return -1;
769 }
aba5acdf 770 req.n.nlmsg_flags |= NLM_F_CREATE|NLM_F_EXCL;
5baaf07c 771 req.frh.action = FR_ACT_TO_TBL;
aba5acdf
SH		 772 }
773
67a990b8
AJM		 774 if (cmd == RTM_DELRULE && argc == 0) {
775 fprintf(stderr, "\"ip rule del\" requires arguments.\n");
776 return -1;
777 }
778
aba5acdf 779 while (argc > 0) {
3123a0cc 780 if (strcmp(*argv, "not") == 0) {
5baaf07c 781 req.frh.flags |= FIB_RULE_INVERT;
3123a0cc 782 } else if (strcmp(*argv, "from") == 0) {
aba5acdf 783 inet_prefix dst;
56f5daac 784
aba5acdf 785 NEXT_ARG();
5baaf07c
DS		 786 get_prefix(&dst, *argv, req.frh.family);
787 req.frh.src_len = dst.bitlen;
d831cc7c
SH		 788 addattr_l(&req.n, sizeof(req), FRA_SRC,
789 &dst.data, dst.bytelen);
aba5acdf
SH		 790 } else if (strcmp(*argv, "to") == 0) {
791 inet_prefix dst;
56f5daac 792
aba5acdf 793 NEXT_ARG();
5baaf07c
DS		 794 get_prefix(&dst, *argv, req.frh.family);
795 req.frh.dst_len = dst.bitlen;
d831cc7c
SH		 796 addattr_l(&req.n, sizeof(req), FRA_DST,
797 &dst.data, dst.bytelen);
aba5acdf
SH		 798 } else if (matches(*argv, "preference") == 0 ||
799 matches(*argv, "order") == 0 ||
800 matches(*argv, "priority") == 0) {
801 __u32 pref;
56f5daac 802
aba5acdf
SH		 803 NEXT_ARG();
804 if (get_u32(&pref, *argv, 0))
805 invarg("preference value is invalid\n", *argv);
ad1a12db 806 addattr32(&req.n, sizeof(req), FRA_PRIORITY, pref);
dec01609
AH		 807 } else if (strcmp(*argv, "tos") == 0 ||
808 matches(*argv, "dsfield") == 0) {
aba5acdf 809 __u32 tos;
56f5daac 810
aba5acdf
SH		 811 NEXT_ARG();
812 if (rtnl_dsfield_a2n(&tos, *argv))
813 invarg("TOS value is invalid\n", *argv);
5baaf07c 814 req.frh.tos = tos;
aba5acdf 815 } else if (strcmp(*argv, "fwmark") == 0) {
be7f286e
PM		 816 char *slash;
817 __u32 fwmark, fwmask;
56f5daac 818
aba5acdf 819 NEXT_ARG();
d831cc7c
SH		 820
821 slash = strchr(*argv, '/');
822 if (slash != NULL)
be7f286e 823 *slash = '\0';
4fb466f9 824 if (get_u32(&fwmark, *argv, 0))
aba5acdf 825 invarg("fwmark value is invalid\n", *argv);
ad1a12db 826 addattr32(&req.n, sizeof(req), FRA_FWMARK, fwmark);
be7f286e
PM		 827 if (slash) {
828 if (get_u32(&fwmask, slash+1, 0))
d831cc7c
SH		 829 invarg("fwmask value is invalid\n",
830 slash+1);
831 addattr32(&req.n, sizeof(req),
832 FRA_FWMASK, fwmask);
be7f286e 833 }
aba5acdf
SH		 834 } else if (matches(*argv, "realms") == 0) {
835 __u32 realm;
56f5daac 836
aba5acdf 837 NEXT_ARG();
d583e88e 838 if (get_rt_realms_or_raw(&realm, *argv))
aba5acdf 839 invarg("invalid realms\n", *argv);
ad1a12db 840 addattr32(&req.n, sizeof(req), FRA_FLOW, realm);
33f1e250
DS		 841 } else if (matches(*argv, "protocol") == 0) {
842 __u32 proto;
843
844 NEXT_ARG();
845 if (rtnl_rtprot_a2n(&proto, *argv))
846 invarg("\"protocol\" value is invalid\n", *argv);
847 addattr8(&req.n, sizeof(req), FRA_PROTOCOL, proto);
aba5acdf
SH		 848 } else if (matches(*argv, "table") == 0 ||
849 strcmp(*argv, "lookup") == 0) {
aba5acdf
SH		 850 NEXT_ARG();
851 if (rtnl_rttable_a2n(&tid, *argv))
852 invarg("invalid table ID\n", *argv);
34e95647 853 if (tid < 256)
5baaf07c 854 req.frh.table = tid;
34e95647 855 else {
5baaf07c 856 req.frh.table = RT_TABLE_UNSPEC;
ad1a12db 857 addattr32(&req.n, sizeof(req), FRA_TABLE, tid);
34e95647 858 }
aba5acdf 859 table_ok = 1;
b1d0525f
ST		 860 } else if (matches(*argv, "suppress_prefixlength") == 0 ||
861 strcmp(*argv, "sup_pl") == 0) {
862 int pl;
56f5daac 863
b1d0525f
ST		 864 NEXT_ARG();
865 if (get_s32(&pl, *argv, 0) || pl < 0)
d831cc7c
SH		 866 invarg("suppress_prefixlength value is invalid\n",
867 *argv);
868 addattr32(&req.n, sizeof(req),
869 FRA_SUPPRESS_PREFIXLEN, pl);
b1d0525f
ST		 870 } else if (matches(*argv, "suppress_ifgroup") == 0 ||
871 strcmp(*argv, "sup_group") == 0) {
872 NEXT_ARG();
873 int group;
56f5daac 874
b1d0525f 875 if (rtnl_group_a2n(&group, *argv))
d831cc7c
SH		 876 invarg("Invalid \"suppress_ifgroup\" value\n",
877 *argv);
878 addattr32(&req.n, sizeof(req),
879 FRA_SUPPRESS_IFGROUP, group);
aba5acdf
SH		 880 } else if (strcmp(*argv, "dev") == 0 ||
881 strcmp(*argv, "iif") == 0) {
882 NEXT_ARG();
625df645
PS		 883 if (check_ifname(*argv))
884 invarg("\"iif\"/\"dev\" not a valid ifname", *argv);
d831cc7c
SH		 885 addattr_l(&req.n, sizeof(req), FRA_IFNAME,
886 *argv, strlen(*argv)+1);
85eae222
PM		 887 } else if (strcmp(*argv, "oif") == 0) {
888 NEXT_ARG();
625df645
PS		 889 if (check_ifname(*argv))
890 invarg("\"oif\" not a valid ifname", *argv);
d831cc7c
SH		 891 addattr_l(&req.n, sizeof(req), FRA_OIFNAME,
892 *argv, strlen(*argv)+1);
8c92e122
DA		 893 } else if (strcmp(*argv, "l3mdev") == 0) {
894 addattr8(&req.n, sizeof(req), FRA_L3MDEV, 1);
895 table_ok = 1;
896 l3mdev_rule = 1;
82252cdc
LC		 897 } else if (strcmp(*argv, "uidrange") == 0) {
898 struct fib_rule_uid_range r;
899
900 NEXT_ARG();
901 if (sscanf(*argv, "%u-%u", &r.start, &r.end) != 2)
902 invarg("invalid UID range\n", *argv);
903 addattr_l(&req.n, sizeof(req), FRA_UID_RANGE, &r,
904 sizeof(r));
aba5acdf
SH		 905 } else if (strcmp(*argv, "nat") == 0 ||
906 matches(*argv, "map-to") == 0) {
907 NEXT_ARG();
526afe40 908 fprintf(stderr, "Warning: route NAT is deprecated\n");
d831cc7c
SH		 909 addattr32(&req.n, sizeof(req), RTA_GATEWAY,
910 get_addr32(*argv));
5baaf07c 911 req.frh.action = RTN_NAT;
f686f764
RP		 912 } else if (strcmp(*argv, "ipproto") == 0) {
913 int ipproto;
914
915 NEXT_ARG();
916 ipproto = inet_proto_a2n(*argv);
917 if (ipproto < 0)
918 invarg("Invalid \"ipproto\" value\n",
919 *argv);
920 addattr8(&req.n, sizeof(req), FRA_IP_PROTO, ipproto);
921 } else if (strcmp(*argv, "sport") == 0) {
922 struct fib_rule_port_range r;
923 int ret = 0;
924
925 NEXT_ARG();
926 ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end);
927 if (ret == 1)
928 r.end = r.start;
929 else if (ret != 2)
930 invarg("invalid port range\n", *argv);
931 addattr_l(&req.n, sizeof(req), FRA_SPORT_RANGE, &r,
932 sizeof(r));
933 } else if (strcmp(*argv, "dport") == 0) {
934 struct fib_rule_port_range r;
935 int ret = 0;
936
937 NEXT_ARG();
938 ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end);
939 if (ret == 1)
940 r.end = r.start;
941 else if (ret != 2)
942 invarg("invalid dport range\n", *argv);
943 addattr_l(&req.n, sizeof(req), FRA_DPORT_RANGE, &r,
944 sizeof(r));
aba5acdf
SH		 945 } else {
946 int type;
947
d831cc7c 948 if (strcmp(*argv, "type") == 0)
aba5acdf 949 NEXT_ARG();
d831cc7c 950
aba5acdf
SH		 951 if (matches(*argv, "help") == 0)
952 usage();
6b469cae
TG		 953 else if (matches(*argv, "goto") == 0) {
954 __u32 target;
56f5daac 955
6b469cae
TG		 956 type = FR_ACT_GOTO;
957 NEXT_ARG();
958 if (get_u32(&target, *argv, 0))
959 invarg("invalid target\n", *argv);
d831cc7c
SH		 960 addattr32(&req.n, sizeof(req),
961 FRA_GOTO, target);
6b469cae
TG		 962 } else if (matches(*argv, "nop") == 0)
963 type = FR_ACT_NOP;
964 else if (rtnl_rtntype_a2n(&type, *argv))
aba5acdf 965 invarg("Failed to parse rule type", *argv);
5baaf07c 966 req.frh.action = type;
6b469cae 967 table_ok = 1;
aba5acdf
SH		 968 }
969 argc--;
970 argv++;
971 }
972
8c92e122
DA		 973 if (l3mdev_rule && tid != 0) {
974 fprintf(stderr,
975 "table can not be specified for l3mdev rules\n");
976 return -EINVAL;
977 }
978
5baaf07c
DS		 979 if (req.frh.family == AF_UNSPEC)
980 req.frh.family = AF_INET;
aba5acdf
SH		 981
982 if (!table_ok && cmd == RTM_NEWRULE)
5baaf07c 983 req.frh.table = RT_TABLE_MAIN;
aba5acdf 984
86bf43c7 985 if (rtnl_talk(&rth, &req.n, NULL) < 0)
076ae708 986 return -2;
aba5acdf
SH		 987
988 return 0;
989}
990
991int do_iprule(int argc, char **argv)
992{
993 if (argc < 1) {
cb294a1d 994 return iprule_list_flush_or_save(0, NULL, IPRULE_LIST);
aba5acdf
SH		 995 } else if (matches(argv[0], "list") == 0 ||
996 matches(argv[0], "lst") == 0 ||
997 matches(argv[0], "show") == 0) {
cb294a1d 998 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_LIST);
2f4e171f 999 } else if (matches(argv[0], "save") == 0) {
cb294a1d 1000 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_SAVE);
2f4e171f
KT		 1001 } else if (matches(argv[0], "restore") == 0) {
1002 return iprule_restore();
aba5acdf
SH		 1003 } else if (matches(argv[0], "add") == 0) {
1004 return iprule_modify(RTM_NEWRULE, argc-1, argv+1);
1005 } else if (matches(argv[0], "delete") == 0) {
1006 return iprule_modify(RTM_DELRULE, argc-1, argv+1);
50772dc5 1007 } else if (matches(argv[0], "flush") == 0) {
cb294a1d 1008 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_FLUSH);
aba5acdf
SH		 1009 } else if (matches(argv[0], "help") == 0)
1010 usage();
1011
d831cc7c
SH		 1012 fprintf(stderr,
1013 "Command \"%s\" is unknown, try \"ip rule help\".\n", *argv);
aba5acdf
SH		 1014 exit(-1);
1015}
1016
b6c8e808
PM		 1017int do_multirule(int argc, char **argv)
1018{
1019 switch (preferred_family) {
1020 case AF_UNSPEC:
1021 case AF_INET:
1022 preferred_family = RTNL_FAMILY_IPMR;
1023 break;
1024 case AF_INET6:
1025 preferred_family = RTNL_FAMILY_IP6MR;
1026 break;
0d1c9b57
BG		 1027 case RTNL_FAMILY_IPMR:
1028 case RTNL_FAMILY_IP6MR:
1029 break;
b6c8e808 1030 default:
d831cc7c
SH		 1031 fprintf(stderr,
1032 "Multicast rules are only supported for IPv4/IPv6, was: %i\n",
0d1c9b57 1033 preferred_family);
b6c8e808
PM		 1034 exit(-1);
1035 }
1036
1037 return do_iprule(argc, argv);
1038}
Upstream mirror of iproute2