]>
Commit | Line | Data |
---|---|---|
aba5acdf SH |
1 | /* |
2 | * iprule.c "ip rule". | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or | |
5 | * modify it under the terms of the GNU General Public License | |
6 | * as published by the Free Software Foundation; either version | |
7 | * 2 of the License, or (at your option) any later version. | |
8 | * | |
9 | * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> | |
10 | * | |
aba5acdf SH |
11 | */ |
12 | ||
13 | #include <stdio.h> | |
14 | #include <stdlib.h> | |
15 | #include <unistd.h> | |
aba5acdf SH |
16 | #include <fcntl.h> |
17 | #include <sys/socket.h> | |
18 | #include <netinet/in.h> | |
19 | #include <netinet/ip.h> | |
20 | #include <arpa/inet.h> | |
21 | #include <string.h> | |
ca89c521 | 22 | #include <linux/if.h> |
3123a0cc | 23 | #include <linux/fib_rules.h> |
2f4e171f | 24 | #include <errno.h> |
aba5acdf SH |
25 | |
26 | #include "rt_names.h" | |
27 | #include "utils.h" | |
34e95647 | 28 | #include "ip_common.h" |
0dd4ccc5 | 29 | #include "json_print.h" |
aba5acdf | 30 | |
cb294a1d HL |
31 | enum list_action { |
32 | IPRULE_LIST, | |
33 | IPRULE_FLUSH, | |
34 | IPRULE_SAVE, | |
35 | }; | |
36 | ||
351efcde SH |
37 | extern struct rtnl_handle rth; |
38 | ||
aba5acdf SH |
39 | static void usage(void) __attribute__((noreturn)); |
40 | ||
41 | static void usage(void) | |
42 | { | |
e147161b SH |
43 | fprintf(stderr, |
44 | "Usage: ip rule { add | del } SELECTOR ACTION\n" | |
45 | " ip rule { flush | save | restore }\n" | |
46 | " ip rule [ list [ SELECTOR ]]\n" | |
47 | "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n" | |
48 | " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n" | |
82252cdc | 49 | " [ uidrange NUMBER-NUMBER ]\n" |
f686f764 RP |
50 | " [ ipproto PROTOCOL ]\n" |
51 | " [ sport [ NUMBER | NUMBER-NUMBER ]\n" | |
52 | " [ dport [ NUMBER | NUMBER-NUMBER ] ]\n" | |
e147161b | 53 | "ACTION := [ table TABLE_ID ]\n" |
7c083da7 | 54 | " [ protocol PROTO ]\n" |
e147161b SH |
55 | " [ nat ADDRESS ]\n" |
56 | " [ realms [SRCREALM/]DSTREALM ]\n" | |
57 | " [ goto NUMBER ]\n" | |
58 | " SUPPRESSOR\n" | |
59 | "SUPPRESSOR := [ suppress_prefixlength NUMBER ]\n" | |
60 | " [ suppress_ifgroup DEVGROUP ]\n" | |
61 | "TABLE_ID := [ local | main | default | NUMBER ]\n"); | |
aba5acdf SH |
62 | exit(-1); |
63 | } | |
64 | ||
ca89c521 HL |
65 | static struct |
66 | { | |
67 | int not; | |
68 | int l3mdev; | |
82252cdc | 69 | int iifmask, oifmask, uidrange; |
ca89c521 HL |
70 | unsigned int tb; |
71 | unsigned int tos, tosmask; | |
72 | unsigned int pref, prefmask; | |
73 | unsigned int fwmark, fwmask; | |
cb65a9cb | 74 | uint64_t tun_id; |
ca89c521 HL |
75 | char iif[IFNAMSIZ]; |
76 | char oif[IFNAMSIZ]; | |
82252cdc | 77 | struct fib_rule_uid_range range; |
ca89c521 HL |
78 | inet_prefix src; |
79 | inet_prefix dst; | |
7c083da7 DS |
80 | int protocol; |
81 | int protocolmask; | |
ca89c521 HL |
82 | } filter; |
83 | ||
5baaf07c DS |
84 | static inline int frh_get_table(struct fib_rule_hdr *frh, struct rtattr **tb) |
85 | { | |
86 | __u32 table = frh->table; | |
87 | if (tb[RTA_TABLE]) | |
88 | table = rta_getattr_u32(tb[RTA_TABLE]); | |
89 | return table; | |
90 | } | |
91 | ||
ca89c521 HL |
92 | static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len) |
93 | { | |
5baaf07c | 94 | struct fib_rule_hdr *frh = NLMSG_DATA(n); |
ca89c521 HL |
95 | __u32 table; |
96 | ||
5baaf07c | 97 | if (preferred_family != AF_UNSPEC && frh->family != preferred_family) |
ca89c521 HL |
98 | return false; |
99 | ||
100 | if (filter.prefmask && | |
101 | filter.pref ^ (tb[FRA_PRIORITY] ? rta_getattr_u32(tb[FRA_PRIORITY]) : 0)) | |
102 | return false; | |
5baaf07c | 103 | if (filter.not && !(frh->flags & FIB_RULE_INVERT)) |
ca89c521 HL |
104 | return false; |
105 | ||
106 | if (filter.src.family) { | |
746035b4 SP |
107 | inet_prefix *f_src = &filter.src; |
108 | ||
5baaf07c DS |
109 | if (f_src->family != frh->family || |
110 | f_src->bitlen > frh->src_len) | |
746035b4 SP |
111 | return false; |
112 | ||
113 | if (inet_addr_match_rta(f_src, tb[FRA_SRC])) | |
ca89c521 HL |
114 | return false; |
115 | } | |
116 | ||
117 | if (filter.dst.family) { | |
746035b4 SP |
118 | inet_prefix *f_dst = &filter.dst; |
119 | ||
5baaf07c DS |
120 | if (f_dst->family != frh->family || |
121 | f_dst->bitlen > frh->dst_len) | |
746035b4 SP |
122 | return false; |
123 | ||
124 | if (inet_addr_match_rta(f_dst, tb[FRA_DST])) | |
ca89c521 HL |
125 | return false; |
126 | } | |
127 | ||
5baaf07c | 128 | if (filter.tosmask && filter.tos ^ frh->tos) |
ca89c521 HL |
129 | return false; |
130 | ||
131 | if (filter.fwmark) { | |
132 | __u32 mark = 0; | |
e147161b | 133 | |
ca89c521 HL |
134 | if (tb[FRA_FWMARK]) |
135 | mark = rta_getattr_u32(tb[FRA_FWMARK]); | |
136 | if (filter.fwmark ^ mark) | |
137 | return false; | |
138 | } | |
139 | if (filter.fwmask) { | |
140 | __u32 mask = 0; | |
e147161b | 141 | |
ca89c521 HL |
142 | if (tb[FRA_FWMASK]) |
143 | mask = rta_getattr_u32(tb[FRA_FWMASK]); | |
144 | if (filter.fwmask ^ mask) | |
145 | return false; | |
146 | } | |
147 | ||
148 | if (filter.iifmask) { | |
149 | if (tb[FRA_IFNAME]) { | |
150 | if (strcmp(filter.iif, rta_getattr_str(tb[FRA_IFNAME])) != 0) | |
151 | return false; | |
152 | } else { | |
153 | return false; | |
154 | } | |
155 | } | |
156 | ||
157 | if (filter.oifmask) { | |
158 | if (tb[FRA_OIFNAME]) { | |
159 | if (strcmp(filter.oif, rta_getattr_str(tb[FRA_OIFNAME])) != 0) | |
160 | return false; | |
161 | } else { | |
162 | return false; | |
163 | } | |
164 | } | |
165 | ||
166 | if (filter.l3mdev && !(tb[FRA_L3MDEV] && rta_getattr_u8(tb[FRA_L3MDEV]))) | |
167 | return false; | |
168 | ||
82252cdc LC |
169 | if (filter.uidrange) { |
170 | struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]); | |
171 | ||
172 | if (!tb[FRA_UID_RANGE] || | |
173 | r->start != filter.range.start || | |
174 | r->end != filter.range.end) | |
175 | return false; | |
176 | } | |
177 | ||
cb65a9cb | 178 | if (filter.tun_id) { |
179 | __u64 tun_id = 0; | |
180 | ||
181 | if (tb[FRA_TUN_ID]) { | |
182 | tun_id = ntohll(rta_getattr_u64(tb[FRA_TUN_ID])); | |
183 | if (filter.tun_id != tun_id) | |
184 | return false; | |
185 | } else { | |
186 | return false; | |
187 | } | |
188 | } | |
189 | ||
5baaf07c | 190 | table = frh_get_table(frh, tb); |
ca89c521 HL |
191 | if (filter.tb > 0 && filter.tb ^ table) |
192 | return false; | |
193 | ||
194 | return true; | |
195 | } | |
196 | ||
cd554f2c | 197 | int print_rule(struct nlmsghdr *n, void *arg) |
aba5acdf | 198 | { |
0dd4ccc5 | 199 | FILE *fp = arg; |
5baaf07c | 200 | struct fib_rule_hdr *frh = NLMSG_DATA(n); |
aba5acdf SH |
201 | int len = n->nlmsg_len; |
202 | int host_len = -1; | |
0dd4ccc5 | 203 | __u32 table, prio = 0; |
56f5daac | 204 | struct rtattr *tb[FRA_MAX+1]; |
aba5acdf SH |
205 | SPRINT_BUF(b1); |
206 | ||
98bde989 | 207 | if (n->nlmsg_type != RTM_NEWRULE && n->nlmsg_type != RTM_DELRULE) |
aba5acdf SH |
208 | return 0; |
209 | ||
5baaf07c | 210 | len -= NLMSG_LENGTH(sizeof(*frh)); |
aba5acdf SH |
211 | if (len < 0) |
212 | return -1; | |
213 | ||
5baaf07c | 214 | parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len); |
aba5acdf | 215 | |
5baaf07c | 216 | host_len = af_bit_len(frh->family); |
aba5acdf | 217 | |
e147161b | 218 | if (!filter_nlmsg(n, tb, host_len)) |
ca89c521 HL |
219 | return 0; |
220 | ||
0dd4ccc5 | 221 | open_json_object(NULL); |
98bde989 | 222 | if (n->nlmsg_type == RTM_DELRULE) |
0dd4ccc5 | 223 | print_bool(PRINT_ANY, "deleted", "Deleted ", true); |
98bde989 | 224 | |
ad1a12db | 225 | if (tb[FRA_PRIORITY]) |
0dd4ccc5 SH |
226 | prio = rta_getattr_u32(tb[FRA_PRIORITY]); |
227 | ||
228 | print_uint(PRINT_ANY, "priority", "%u:\t", prio); | |
aba5acdf | 229 | |
5baaf07c | 230 | if (frh->flags & FIB_RULE_INVERT) |
0dd4ccc5 | 231 | print_null(PRINT_ANY, "not", "not ", NULL); |
3123a0cc | 232 | |
ad1a12db | 233 | if (tb[FRA_SRC]) { |
0dd4ccc5 SH |
234 | const char *src = rt_addr_n2a_rta(frh->family, tb[FRA_SRC]); |
235 | ||
236 | print_string(PRINT_FP, NULL, "from ", NULL); | |
237 | print_color_string(PRINT_ANY, ifa_family_color(frh->family), | |
238 | "src", "%s", src); | |
239 | if (frh->src_len != host_len) | |
240 | print_uint(PRINT_ANY, "srclen", "/%u ", frh->src_len); | |
241 | else | |
242 | print_string(PRINT_FP, NULL, " ", NULL); | |
5baaf07c | 243 | } else if (frh->src_len) { |
0dd4ccc5 SH |
244 | print_string(PRINT_ANY, "src", "from %s", "0"); |
245 | print_uint(PRINT_ANY, "srclen", "/%u ", frh->src_len); | |
aba5acdf | 246 | } else { |
0dd4ccc5 | 247 | print_string(PRINT_ANY, "src", "from %s ", "all"); |
aba5acdf SH |
248 | } |
249 | ||
ad1a12db | 250 | if (tb[FRA_DST]) { |
0dd4ccc5 SH |
251 | const char *dst = rt_addr_n2a_rta(frh->family, tb[FRA_DST]); |
252 | ||
253 | print_string(PRINT_FP, NULL, "to ", NULL); | |
254 | print_color_string(PRINT_ANY, ifa_family_color(frh->family), | |
1a75322c | 255 | "dst", "%s", dst); |
0dd4ccc5 SH |
256 | if (frh->dst_len != host_len) |
257 | print_uint(PRINT_ANY, "dstlen", "/%u ", frh->dst_len); | |
258 | else | |
259 | print_string(PRINT_FP, NULL, " ", NULL); | |
5baaf07c | 260 | } else if (frh->dst_len) { |
0dd4ccc5 SH |
261 | print_string(PRINT_ANY, "dst", "to %s", "0"); |
262 | print_uint(PRINT_ANY, "dstlen", "/%u ", frh->dst_len); | |
aba5acdf SH |
263 | } |
264 | ||
5baaf07c | 265 | if (frh->tos) { |
0dd4ccc5 SH |
266 | print_string(PRINT_ANY, "tos", |
267 | "tos %s ", | |
268 | rtnl_dsfield_n2a(frh->tos, b1, sizeof(b1))); | |
aba5acdf | 269 | } |
ad1a12db | 270 | |
4806867a | 271 | if (tb[FRA_FWMARK] || tb[FRA_FWMASK]) { |
be7f286e PM |
272 | __u32 mark = 0, mask = 0; |
273 | ||
ad1a12db | 274 | if (tb[FRA_FWMARK]) |
ff24746c | 275 | mark = rta_getattr_u32(tb[FRA_FWMARK]); |
be7f286e | 276 | |
ad1a12db | 277 | if (tb[FRA_FWMASK] && |
0dd4ccc5 | 278 | (mask = rta_getattr_u32(tb[FRA_FWMASK])) != 0xFFFFFFFF) { |
90c5c969 SH |
279 | print_0xhex(PRINT_ANY, "fwmark", "fwmark %#llx", mark); |
280 | print_0xhex(PRINT_ANY, "fwmask", "/%#llx ", mask); | |
0dd4ccc5 | 281 | } else { |
90c5c969 | 282 | print_0xhex(PRINT_ANY, "fwmark", "fwmark %#llx ", mark); |
0dd4ccc5 | 283 | } |
aba5acdf SH |
284 | } |
285 | ||
ad1a12db | 286 | if (tb[FRA_IFNAME]) { |
0dd4ccc5 SH |
287 | if (!is_json_context()) |
288 | fprintf(fp, "iif "); | |
289 | print_color_string(PRINT_ANY, COLOR_IFNAME, | |
290 | "iif", "%s ", | |
291 | rta_getattr_str(tb[FRA_IFNAME])); | |
292 | ||
5baaf07c | 293 | if (frh->flags & FIB_RULE_IIF_DETACHED) |
0dd4ccc5 SH |
294 | print_null(PRINT_ANY, "iif_detached", "[detached] ", |
295 | NULL); | |
85eae222 PM |
296 | } |
297 | ||
298 | if (tb[FRA_OIFNAME]) { | |
0dd4ccc5 SH |
299 | if (!is_json_context()) |
300 | fprintf(fp, "oif "); | |
301 | ||
302 | print_color_string(PRINT_ANY, COLOR_IFNAME, "oif", "%s ", | |
303 | rta_getattr_str(tb[FRA_OIFNAME])); | |
304 | ||
5baaf07c | 305 | if (frh->flags & FIB_RULE_OIF_DETACHED) |
0dd4ccc5 SH |
306 | print_null(PRINT_ANY, "oif_detached", "[detached] ", |
307 | NULL); | |
aba5acdf SH |
308 | } |
309 | ||
8c92e122 | 310 | if (tb[FRA_L3MDEV]) { |
0dd4ccc5 SH |
311 | __u8 mdev = rta_getattr_u8(tb[FRA_L3MDEV]); |
312 | ||
313 | if (mdev) | |
314 | print_null(PRINT_ANY, "l3mdev", | |
315 | "lookup [l3mdev-table] ", NULL); | |
8c92e122 DA |
316 | } |
317 | ||
82252cdc LC |
318 | if (tb[FRA_UID_RANGE]) { |
319 | struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]); | |
320 | ||
0dd4ccc5 SH |
321 | print_uint(PRINT_ANY, "uid_start", "uidrange %u", r->start); |
322 | print_uint(PRINT_ANY, "uid_end", "-%u ", r->end); | |
82252cdc LC |
323 | } |
324 | ||
f686f764 RP |
325 | if (tb[FRA_IP_PROTO]) { |
326 | SPRINT_BUF(pbuf); | |
327 | print_string(PRINT_ANY, "ipproto", "ipproto %s ", | |
328 | inet_proto_n2a(rta_getattr_u8(tb[FRA_IP_PROTO]), | |
329 | pbuf, sizeof(pbuf))); | |
330 | } | |
331 | ||
332 | if (tb[FRA_SPORT_RANGE]) { | |
333 | struct fib_rule_port_range *r = RTA_DATA(tb[FRA_SPORT_RANGE]); | |
334 | ||
335 | if (r->start == r->end) { | |
336 | print_uint(PRINT_ANY, "sport", "sport %u ", r->start); | |
337 | } else { | |
338 | print_uint(PRINT_ANY, "sport_start", "sport %u", | |
339 | r->start); | |
340 | print_uint(PRINT_ANY, "sport_end", "-%u ", r->end); | |
341 | } | |
342 | } | |
343 | ||
344 | if (tb[FRA_DPORT_RANGE]) { | |
345 | struct fib_rule_port_range *r = RTA_DATA(tb[FRA_DPORT_RANGE]); | |
346 | ||
347 | if (r->start == r->end) { | |
348 | print_uint(PRINT_ANY, "dport", "dport %u ", r->start); | |
349 | } else { | |
350 | print_uint(PRINT_ANY, "dport_start", "dport %u", | |
351 | r->start); | |
352 | print_uint(PRINT_ANY, "dport_end", "-%u ", r->end); | |
353 | } | |
354 | } | |
355 | ||
cb65a9cb | 356 | if (tb[FRA_TUN_ID]) { |
357 | __u64 tun_id = ntohll(rta_getattr_u64(tb[FRA_TUN_ID])); | |
358 | ||
359 | print_u64(PRINT_ANY, "tun_id", "tun_id %llu ", tun_id); | |
360 | } | |
361 | ||
5baaf07c | 362 | table = frh_get_table(frh, tb); |
b1d0525f | 363 | if (table) { |
0dd4ccc5 SH |
364 | print_string(PRINT_ANY, "table", |
365 | "lookup %s ", | |
366 | rtnl_rttable_n2a(table, b1, sizeof(b1))); | |
aba5acdf | 367 | |
b1d0525f ST |
368 | if (tb[FRA_SUPPRESS_PREFIXLEN]) { |
369 | int pl = rta_getattr_u32(tb[FRA_SUPPRESS_PREFIXLEN]); | |
56f5daac | 370 | |
d831cc7c | 371 | if (pl != -1) |
0dd4ccc5 SH |
372 | print_int(PRINT_ANY, "suppress_prefixlen", |
373 | "suppress_prefixlength %d ", pl); | |
b1d0525f | 374 | } |
0dd4ccc5 | 375 | |
b1d0525f ST |
376 | if (tb[FRA_SUPPRESS_IFGROUP]) { |
377 | int group = rta_getattr_u32(tb[FRA_SUPPRESS_IFGROUP]); | |
56f5daac | 378 | |
b1d0525f | 379 | if (group != -1) { |
0dd4ccc5 SH |
380 | const char *grname |
381 | = rtnl_group_n2a(group, b1, sizeof(b1)); | |
382 | ||
383 | print_string(PRINT_ANY, "suppress_ifgroup", | |
384 | "suppress_ifgroup %s ", grname); | |
b1d0525f ST |
385 | } |
386 | } | |
387 | } | |
388 | ||
ad1a12db | 389 | if (tb[FRA_FLOW]) { |
ff24746c | 390 | __u32 to = rta_getattr_u32(tb[FRA_FLOW]); |
aba5acdf | 391 | __u32 from = to>>16; |
56f5daac | 392 | |
aba5acdf | 393 | to &= 0xFFFF; |
0dd4ccc5 SH |
394 | if (from) |
395 | print_string(PRINT_ANY, | |
396 | "flow_from", "realms %s/", | |
397 | rtnl_rtrealm_n2a(from, b1, sizeof(b1))); | |
398 | ||
399 | print_string(PRINT_ANY, "flow_to", "%s ", | |
400 | rtnl_rtrealm_n2a(to, b1, sizeof(b1))); | |
aba5acdf SH |
401 | } |
402 | ||
5baaf07c | 403 | if (frh->action == RTN_NAT) { |
aba5acdf | 404 | if (tb[RTA_GATEWAY]) { |
0dd4ccc5 SH |
405 | const char *gateway; |
406 | ||
407 | gateway = format_host_rta(frh->family, tb[RTA_GATEWAY]); | |
408 | ||
409 | print_string(PRINT_ANY, "nat_gateway", | |
410 | "map-to %s ", gateway); | |
411 | } else { | |
412 | print_null(PRINT_ANY, "masquerade", "masquerade", NULL); | |
413 | } | |
5baaf07c | 414 | } else if (frh->action == FR_ACT_GOTO) { |
6b469cae | 415 | if (tb[FRA_GOTO]) |
0dd4ccc5 SH |
416 | print_uint(PRINT_ANY, "goto", "goto %u", |
417 | rta_getattr_u32(tb[FRA_GOTO])); | |
6b469cae | 418 | else |
0dd4ccc5 SH |
419 | print_string(PRINT_ANY, "goto", "goto %s", "none"); |
420 | ||
5baaf07c | 421 | if (frh->flags & FIB_RULE_UNRESOLVED) |
0dd4ccc5 SH |
422 | print_null(PRINT_ANY, "unresolved", "unresolved", NULL); |
423 | } else if (frh->action == FR_ACT_NOP) { | |
424 | print_null(PRINT_ANY, "nop", "nop", NULL); | |
425 | } else if (frh->action != FR_ACT_TO_TBL) { | |
426 | print_string(PRINT_ANY, "to_tbl", "%s", | |
427 | rtnl_rtntype_n2a(frh->action, b1, sizeof(b1))); | |
428 | } | |
aba5acdf | 429 | |
7c083da7 DS |
430 | if (tb[FRA_PROTOCOL]) { |
431 | __u8 protocol = rta_getattr_u8(tb[FRA_PROTOCOL]); | |
432 | ||
0dd4ccc5 SH |
433 | if ((protocol && protocol != RTPROT_KERNEL) || show_details > 0) { |
434 | print_string(PRINT_ANY, "protocol", " proto %s ", | |
435 | rtnl_rtprot_n2a(protocol, b1, sizeof(b1))); | |
7c083da7 DS |
436 | } |
437 | } | |
0dd4ccc5 SH |
438 | print_string(PRINT_FP, NULL, "\n", ""); |
439 | close_json_object(); | |
aba5acdf SH |
440 | fflush(fp); |
441 | return 0; | |
442 | } | |
443 | ||
2f4e171f KT |
444 | static __u32 rule_dump_magic = 0x71706986; |
445 | ||
446 | static int save_rule_prep(void) | |
447 | { | |
448 | int ret; | |
449 | ||
450 | if (isatty(STDOUT_FILENO)) { | |
451 | fprintf(stderr, "Not sending a binary stream to stdout\n"); | |
452 | return -1; | |
453 | } | |
454 | ||
455 | ret = write(STDOUT_FILENO, &rule_dump_magic, sizeof(rule_dump_magic)); | |
456 | if (ret != sizeof(rule_dump_magic)) { | |
457 | fprintf(stderr, "Can't write magic to dump file\n"); | |
458 | return -1; | |
459 | } | |
460 | ||
461 | return 0; | |
462 | } | |
463 | ||
cd554f2c | 464 | static int save_rule(struct nlmsghdr *n, void *arg) |
aba5acdf | 465 | { |
2f4e171f KT |
466 | int ret; |
467 | ||
468 | ret = write(STDOUT_FILENO, n, n->nlmsg_len); | |
469 | if ((ret > 0) && (ret != n->nlmsg_len)) { | |
470 | fprintf(stderr, "Short write while saving nlmsg\n"); | |
471 | ret = -EIO; | |
472 | } | |
473 | ||
474 | return ret == n->nlmsg_len ? 0 : ret; | |
475 | } | |
476 | ||
cd554f2c | 477 | static int flush_rule(struct nlmsghdr *n, void *arg) |
cb294a1d HL |
478 | { |
479 | struct rtnl_handle rth2; | |
5baaf07c | 480 | struct fib_rule_hdr *frh = NLMSG_DATA(n); |
cb294a1d HL |
481 | int len = n->nlmsg_len; |
482 | struct rtattr *tb[FRA_MAX+1]; | |
b65b4c08 | 483 | int host_len = -1; |
cb294a1d | 484 | |
5baaf07c | 485 | len -= NLMSG_LENGTH(sizeof(*frh)); |
cb294a1d HL |
486 | if (len < 0) |
487 | return -1; | |
488 | ||
5baaf07c | 489 | parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len); |
cb294a1d | 490 | |
b65b4c08 DA |
491 | host_len = af_bit_len(frh->family); |
492 | if (!filter_nlmsg(n, tb, host_len)) | |
493 | return 0; | |
494 | ||
7c083da7 DS |
495 | if (tb[FRA_PROTOCOL]) { |
496 | __u8 protocol = rta_getattr_u8(tb[FRA_PROTOCOL]); | |
497 | ||
498 | if ((filter.protocol ^ protocol) & filter.protocolmask) | |
499 | return 0; | |
500 | } | |
501 | ||
cb294a1d HL |
502 | if (tb[FRA_PRIORITY]) { |
503 | n->nlmsg_type = RTM_DELRULE; | |
504 | n->nlmsg_flags = NLM_F_REQUEST; | |
505 | ||
506 | if (rtnl_open(&rth2, 0) < 0) | |
507 | return -1; | |
508 | ||
86bf43c7 | 509 | if (rtnl_talk(&rth2, n, NULL) < 0) |
cb294a1d HL |
510 | return -2; |
511 | ||
512 | rtnl_close(&rth2); | |
513 | } | |
514 | ||
515 | return 0; | |
516 | } | |
517 | ||
518 | static int iprule_list_flush_or_save(int argc, char **argv, int action) | |
2f4e171f | 519 | { |
cb294a1d | 520 | rtnl_filter_t filter_fn; |
aba5acdf SH |
521 | int af = preferred_family; |
522 | ||
523 | if (af == AF_UNSPEC) | |
524 | af = AF_INET; | |
525 | ||
7c083da7 DS |
526 | if (action == IPRULE_SAVE && argc > 0) { |
527 | fprintf(stderr, "\"ip rule save\" does not take any arguments.\n"); | |
aba5acdf SH |
528 | return -1; |
529 | } | |
530 | ||
cb294a1d HL |
531 | switch (action) { |
532 | case IPRULE_SAVE: | |
2f4e171f KT |
533 | if (save_rule_prep()) |
534 | return -1; | |
cb294a1d HL |
535 | filter_fn = save_rule; |
536 | break; | |
537 | case IPRULE_FLUSH: | |
538 | filter_fn = flush_rule; | |
539 | break; | |
540 | default: | |
541 | filter_fn = print_rule; | |
2f4e171f KT |
542 | } |
543 | ||
ca89c521 HL |
544 | memset(&filter, 0, sizeof(filter)); |
545 | ||
546 | while (argc > 0) { | |
547 | if (matches(*argv, "preference") == 0 || | |
548 | matches(*argv, "order") == 0 || | |
549 | matches(*argv, "priority") == 0) { | |
550 | __u32 pref; | |
e147161b | 551 | |
ca89c521 HL |
552 | NEXT_ARG(); |
553 | if (get_u32(&pref, *argv, 0)) | |
554 | invarg("preference value is invalid\n", *argv); | |
555 | filter.pref = pref; | |
556 | filter.prefmask = 1; | |
557 | } else if (strcmp(*argv, "not") == 0) { | |
558 | filter.not = 1; | |
559 | } else if (strcmp(*argv, "tos") == 0) { | |
560 | __u32 tos; | |
e147161b | 561 | |
ca89c521 HL |
562 | NEXT_ARG(); |
563 | if (rtnl_dsfield_a2n(&tos, *argv)) | |
564 | invarg("TOS value is invalid\n", *argv); | |
565 | filter.tos = tos; | |
566 | filter.tosmask = 1; | |
567 | } else if (strcmp(*argv, "fwmark") == 0) { | |
568 | char *slash; | |
569 | __u32 fwmark, fwmask; | |
e147161b | 570 | |
ca89c521 HL |
571 | NEXT_ARG(); |
572 | slash = strchr(*argv, '/'); | |
573 | if (slash != NULL) | |
574 | *slash = '\0'; | |
575 | if (get_u32(&fwmark, *argv, 0)) | |
576 | invarg("fwmark value is invalid\n", *argv); | |
577 | filter.fwmark = fwmark; | |
578 | if (slash) { | |
579 | if (get_u32(&fwmask, slash+1, 0)) | |
580 | invarg("fwmask value is invalid\n", | |
581 | slash+1); | |
582 | filter.fwmask = fwmask; | |
583 | } | |
584 | } else if (strcmp(*argv, "dev") == 0 || | |
585 | strcmp(*argv, "iif") == 0) { | |
586 | NEXT_ARG(); | |
625df645 PS |
587 | if (get_ifname(filter.iif, *argv)) |
588 | invarg("\"iif\"/\"dev\" not a valid ifname", *argv); | |
ca89c521 HL |
589 | filter.iifmask = 1; |
590 | } else if (strcmp(*argv, "oif") == 0) { | |
591 | NEXT_ARG(); | |
625df645 PS |
592 | if (get_ifname(filter.oif, *argv)) |
593 | invarg("\"oif\" not a valid ifname", *argv); | |
ca89c521 HL |
594 | filter.oifmask = 1; |
595 | } else if (strcmp(*argv, "l3mdev") == 0) { | |
596 | filter.l3mdev = 1; | |
82252cdc LC |
597 | } else if (strcmp(*argv, "uidrange") == 0) { |
598 | NEXT_ARG(); | |
599 | filter.uidrange = 1; | |
600 | if (sscanf(*argv, "%u-%u", | |
601 | &filter.range.start, | |
602 | &filter.range.end) != 2) | |
603 | invarg("invalid UID range\n", *argv); | |
604 | ||
cb65a9cb | 605 | } else if (matches(*argv, "tun_id") == 0) { |
606 | __u64 tun_id; | |
607 | ||
608 | NEXT_ARG(); | |
609 | if (get_u64(&tun_id, *argv, 0)) | |
610 | invarg("\"tun_id\" value is invalid\n", *argv); | |
611 | filter.tun_id = tun_id; | |
ca89c521 | 612 | } else if (matches(*argv, "lookup") == 0 || |
e147161b | 613 | matches(*argv, "table") == 0) { |
ca89c521 | 614 | __u32 tid; |
e147161b | 615 | |
ca89c521 HL |
616 | NEXT_ARG(); |
617 | if (rtnl_rttable_a2n(&tid, *argv)) | |
618 | invarg("table id value is invalid\n", *argv); | |
619 | filter.tb = tid; | |
620 | } else if (matches(*argv, "from") == 0 || | |
621 | matches(*argv, "src") == 0) { | |
622 | NEXT_ARG(); | |
746035b4 SP |
623 | if (get_prefix(&filter.src, *argv, af)) |
624 | invarg("from value is invalid\n", *argv); | |
7c083da7 DS |
625 | } else if (matches(*argv, "protocol") == 0) { |
626 | __u32 prot; | |
627 | NEXT_ARG(); | |
628 | filter.protocolmask = -1; | |
629 | if (rtnl_rtprot_a2n(&prot, *argv)) { | |
630 | if (strcmp(*argv, "all") != 0) | |
631 | invarg("invalid \"protocol\"\n", *argv); | |
632 | prot = 0; | |
633 | filter.protocolmask = 0; | |
634 | } | |
635 | filter.protocol = prot; | |
636 | } else{ | |
ca89c521 HL |
637 | if (matches(*argv, "dst") == 0 || |
638 | matches(*argv, "to") == 0) { | |
639 | NEXT_ARG(); | |
640 | } | |
746035b4 SP |
641 | if (get_prefix(&filter.dst, *argv, af)) |
642 | invarg("to value is invalid\n", *argv); | |
ca89c521 HL |
643 | } |
644 | argc--; argv++; | |
645 | } | |
646 | ||
b05d9a3d | 647 | if (rtnl_ruledump_req(&rth, af) < 0) { |
aba5acdf SH |
648 | perror("Cannot send dump request"); |
649 | return 1; | |
650 | } | |
651 | ||
0dd4ccc5 | 652 | new_json_obj(json); |
cb294a1d | 653 | if (rtnl_dump_filter(&rth, filter_fn, stdout) < 0) { |
aba5acdf SH |
654 | fprintf(stderr, "Dump terminated\n"); |
655 | return 1; | |
656 | } | |
0dd4ccc5 | 657 | delete_json_obj(); |
aba5acdf SH |
658 | |
659 | return 0; | |
660 | } | |
661 | ||
2f4e171f KT |
662 | static int rule_dump_check_magic(void) |
663 | { | |
664 | int ret; | |
665 | __u32 magic = 0; | |
666 | ||
667 | if (isatty(STDIN_FILENO)) { | |
668 | fprintf(stderr, "Can't restore rule dump from a terminal\n"); | |
669 | return -1; | |
670 | } | |
671 | ||
672 | ret = fread(&magic, sizeof(magic), 1, stdin); | |
673 | if (magic != rule_dump_magic) { | |
d831cc7c SH |
674 | fprintf(stderr, "Magic mismatch (%d elems, %x magic)\n", |
675 | ret, magic); | |
2f4e171f KT |
676 | return -1; |
677 | } | |
678 | ||
679 | return 0; | |
680 | } | |
681 | ||
cd554f2c | 682 | static int restore_handler(struct rtnl_ctrl_data *ctrl, |
2f4e171f KT |
683 | struct nlmsghdr *n, void *arg) |
684 | { | |
685 | int ret; | |
686 | ||
687 | n->nlmsg_flags |= NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK; | |
688 | ||
689 | ll_init_map(&rth); | |
690 | ||
86bf43c7 | 691 | ret = rtnl_talk(&rth, n, NULL); |
2f4e171f KT |
692 | if ((ret < 0) && (errno == EEXIST)) |
693 | ret = 0; | |
694 | ||
695 | return ret; | |
696 | } | |
697 | ||
698 | ||
699 | static int iprule_restore(void) | |
700 | { | |
701 | if (rule_dump_check_magic()) | |
702 | exit(-1); | |
703 | ||
704 | exit(rtnl_from_file(stdin, &restore_handler, NULL)); | |
705 | } | |
aba5acdf | 706 | |
50772dc5 | 707 | static int iprule_modify(int cmd, int argc, char **argv) |
aba5acdf | 708 | { |
8c92e122 | 709 | int l3mdev_rule = 0; |
aba5acdf | 710 | int table_ok = 0; |
8c92e122 | 711 | __u32 tid = 0; |
aba5acdf | 712 | struct { |
4806867a | 713 | struct nlmsghdr n; |
5baaf07c | 714 | struct fib_rule_hdr frh; |
56f5daac | 715 | char buf[1024]; |
d17b136f PS |
716 | } req = { |
717 | .n.nlmsg_type = cmd, | |
5baaf07c | 718 | .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct fib_rule_hdr)), |
d17b136f | 719 | .n.nlmsg_flags = NLM_F_REQUEST, |
5baaf07c DS |
720 | .frh.family = preferred_family, |
721 | .frh.action = FR_ACT_UNSPEC, | |
d17b136f | 722 | }; |
aba5acdf SH |
723 | |
724 | if (cmd == RTM_NEWRULE) { | |
23801209 DA |
725 | if (argc == 0) { |
726 | fprintf(stderr, | |
727 | "\"ip rule add\" requires arguments.\n"); | |
728 | return -1; | |
729 | } | |
aba5acdf | 730 | req.n.nlmsg_flags |= NLM_F_CREATE|NLM_F_EXCL; |
5baaf07c | 731 | req.frh.action = FR_ACT_TO_TBL; |
aba5acdf SH |
732 | } |
733 | ||
67a990b8 AJM |
734 | if (cmd == RTM_DELRULE && argc == 0) { |
735 | fprintf(stderr, "\"ip rule del\" requires arguments.\n"); | |
736 | return -1; | |
737 | } | |
738 | ||
aba5acdf | 739 | while (argc > 0) { |
3123a0cc | 740 | if (strcmp(*argv, "not") == 0) { |
5baaf07c | 741 | req.frh.flags |= FIB_RULE_INVERT; |
3123a0cc | 742 | } else if (strcmp(*argv, "from") == 0) { |
aba5acdf | 743 | inet_prefix dst; |
56f5daac | 744 | |
aba5acdf | 745 | NEXT_ARG(); |
5baaf07c DS |
746 | get_prefix(&dst, *argv, req.frh.family); |
747 | req.frh.src_len = dst.bitlen; | |
d831cc7c SH |
748 | addattr_l(&req.n, sizeof(req), FRA_SRC, |
749 | &dst.data, dst.bytelen); | |
aba5acdf SH |
750 | } else if (strcmp(*argv, "to") == 0) { |
751 | inet_prefix dst; | |
56f5daac | 752 | |
aba5acdf | 753 | NEXT_ARG(); |
5baaf07c DS |
754 | get_prefix(&dst, *argv, req.frh.family); |
755 | req.frh.dst_len = dst.bitlen; | |
d831cc7c SH |
756 | addattr_l(&req.n, sizeof(req), FRA_DST, |
757 | &dst.data, dst.bytelen); | |
aba5acdf SH |
758 | } else if (matches(*argv, "preference") == 0 || |
759 | matches(*argv, "order") == 0 || | |
760 | matches(*argv, "priority") == 0) { | |
761 | __u32 pref; | |
56f5daac | 762 | |
aba5acdf SH |
763 | NEXT_ARG(); |
764 | if (get_u32(&pref, *argv, 0)) | |
765 | invarg("preference value is invalid\n", *argv); | |
ad1a12db | 766 | addattr32(&req.n, sizeof(req), FRA_PRIORITY, pref); |
dec01609 AH |
767 | } else if (strcmp(*argv, "tos") == 0 || |
768 | matches(*argv, "dsfield") == 0) { | |
aba5acdf | 769 | __u32 tos; |
56f5daac | 770 | |
aba5acdf SH |
771 | NEXT_ARG(); |
772 | if (rtnl_dsfield_a2n(&tos, *argv)) | |
773 | invarg("TOS value is invalid\n", *argv); | |
5baaf07c | 774 | req.frh.tos = tos; |
aba5acdf | 775 | } else if (strcmp(*argv, "fwmark") == 0) { |
be7f286e PM |
776 | char *slash; |
777 | __u32 fwmark, fwmask; | |
56f5daac | 778 | |
aba5acdf | 779 | NEXT_ARG(); |
d831cc7c SH |
780 | |
781 | slash = strchr(*argv, '/'); | |
782 | if (slash != NULL) | |
be7f286e | 783 | *slash = '\0'; |
4fb466f9 | 784 | if (get_u32(&fwmark, *argv, 0)) |
aba5acdf | 785 | invarg("fwmark value is invalid\n", *argv); |
ad1a12db | 786 | addattr32(&req.n, sizeof(req), FRA_FWMARK, fwmark); |
be7f286e PM |
787 | if (slash) { |
788 | if (get_u32(&fwmask, slash+1, 0)) | |
d831cc7c SH |
789 | invarg("fwmask value is invalid\n", |
790 | slash+1); | |
791 | addattr32(&req.n, sizeof(req), | |
792 | FRA_FWMASK, fwmask); | |
be7f286e | 793 | } |
aba5acdf SH |
794 | } else if (matches(*argv, "realms") == 0) { |
795 | __u32 realm; | |
56f5daac | 796 | |
aba5acdf | 797 | NEXT_ARG(); |
d583e88e | 798 | if (get_rt_realms_or_raw(&realm, *argv)) |
aba5acdf | 799 | invarg("invalid realms\n", *argv); |
ad1a12db | 800 | addattr32(&req.n, sizeof(req), FRA_FLOW, realm); |
33f1e250 DS |
801 | } else if (matches(*argv, "protocol") == 0) { |
802 | __u32 proto; | |
803 | ||
804 | NEXT_ARG(); | |
805 | if (rtnl_rtprot_a2n(&proto, *argv)) | |
806 | invarg("\"protocol\" value is invalid\n", *argv); | |
807 | addattr8(&req.n, sizeof(req), FRA_PROTOCOL, proto); | |
cb65a9cb | 808 | } else if (matches(*argv, "tun_id") == 0) { |
809 | __u64 tun_id; | |
810 | ||
811 | NEXT_ARG(); | |
812 | if (get_be64(&tun_id, *argv, 0)) | |
813 | invarg("\"tun_id\" value is invalid\n", *argv); | |
814 | addattr64(&req.n, sizeof(req), FRA_TUN_ID, tun_id); | |
aba5acdf SH |
815 | } else if (matches(*argv, "table") == 0 || |
816 | strcmp(*argv, "lookup") == 0) { | |
aba5acdf SH |
817 | NEXT_ARG(); |
818 | if (rtnl_rttable_a2n(&tid, *argv)) | |
819 | invarg("invalid table ID\n", *argv); | |
34e95647 | 820 | if (tid < 256) |
5baaf07c | 821 | req.frh.table = tid; |
34e95647 | 822 | else { |
5baaf07c | 823 | req.frh.table = RT_TABLE_UNSPEC; |
ad1a12db | 824 | addattr32(&req.n, sizeof(req), FRA_TABLE, tid); |
34e95647 | 825 | } |
aba5acdf | 826 | table_ok = 1; |
b1d0525f ST |
827 | } else if (matches(*argv, "suppress_prefixlength") == 0 || |
828 | strcmp(*argv, "sup_pl") == 0) { | |
829 | int pl; | |
56f5daac | 830 | |
b1d0525f ST |
831 | NEXT_ARG(); |
832 | if (get_s32(&pl, *argv, 0) || pl < 0) | |
d831cc7c SH |
833 | invarg("suppress_prefixlength value is invalid\n", |
834 | *argv); | |
835 | addattr32(&req.n, sizeof(req), | |
836 | FRA_SUPPRESS_PREFIXLEN, pl); | |
b1d0525f ST |
837 | } else if (matches(*argv, "suppress_ifgroup") == 0 || |
838 | strcmp(*argv, "sup_group") == 0) { | |
839 | NEXT_ARG(); | |
840 | int group; | |
56f5daac | 841 | |
b1d0525f | 842 | if (rtnl_group_a2n(&group, *argv)) |
d831cc7c SH |
843 | invarg("Invalid \"suppress_ifgroup\" value\n", |
844 | *argv); | |
845 | addattr32(&req.n, sizeof(req), | |
846 | FRA_SUPPRESS_IFGROUP, group); | |
aba5acdf SH |
847 | } else if (strcmp(*argv, "dev") == 0 || |
848 | strcmp(*argv, "iif") == 0) { | |
849 | NEXT_ARG(); | |
625df645 PS |
850 | if (check_ifname(*argv)) |
851 | invarg("\"iif\"/\"dev\" not a valid ifname", *argv); | |
d831cc7c SH |
852 | addattr_l(&req.n, sizeof(req), FRA_IFNAME, |
853 | *argv, strlen(*argv)+1); | |
85eae222 PM |
854 | } else if (strcmp(*argv, "oif") == 0) { |
855 | NEXT_ARG(); | |
625df645 PS |
856 | if (check_ifname(*argv)) |
857 | invarg("\"oif\" not a valid ifname", *argv); | |
d831cc7c SH |
858 | addattr_l(&req.n, sizeof(req), FRA_OIFNAME, |
859 | *argv, strlen(*argv)+1); | |
8c92e122 DA |
860 | } else if (strcmp(*argv, "l3mdev") == 0) { |
861 | addattr8(&req.n, sizeof(req), FRA_L3MDEV, 1); | |
862 | table_ok = 1; | |
863 | l3mdev_rule = 1; | |
82252cdc LC |
864 | } else if (strcmp(*argv, "uidrange") == 0) { |
865 | struct fib_rule_uid_range r; | |
866 | ||
867 | NEXT_ARG(); | |
868 | if (sscanf(*argv, "%u-%u", &r.start, &r.end) != 2) | |
869 | invarg("invalid UID range\n", *argv); | |
870 | addattr_l(&req.n, sizeof(req), FRA_UID_RANGE, &r, | |
871 | sizeof(r)); | |
aba5acdf SH |
872 | } else if (strcmp(*argv, "nat") == 0 || |
873 | matches(*argv, "map-to") == 0) { | |
874 | NEXT_ARG(); | |
526afe40 | 875 | fprintf(stderr, "Warning: route NAT is deprecated\n"); |
d831cc7c SH |
876 | addattr32(&req.n, sizeof(req), RTA_GATEWAY, |
877 | get_addr32(*argv)); | |
5baaf07c | 878 | req.frh.action = RTN_NAT; |
f686f764 RP |
879 | } else if (strcmp(*argv, "ipproto") == 0) { |
880 | int ipproto; | |
881 | ||
882 | NEXT_ARG(); | |
883 | ipproto = inet_proto_a2n(*argv); | |
884 | if (ipproto < 0) | |
885 | invarg("Invalid \"ipproto\" value\n", | |
886 | *argv); | |
887 | addattr8(&req.n, sizeof(req), FRA_IP_PROTO, ipproto); | |
888 | } else if (strcmp(*argv, "sport") == 0) { | |
889 | struct fib_rule_port_range r; | |
890 | int ret = 0; | |
891 | ||
892 | NEXT_ARG(); | |
893 | ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); | |
894 | if (ret == 1) | |
895 | r.end = r.start; | |
896 | else if (ret != 2) | |
897 | invarg("invalid port range\n", *argv); | |
898 | addattr_l(&req.n, sizeof(req), FRA_SPORT_RANGE, &r, | |
899 | sizeof(r)); | |
900 | } else if (strcmp(*argv, "dport") == 0) { | |
901 | struct fib_rule_port_range r; | |
902 | int ret = 0; | |
903 | ||
904 | NEXT_ARG(); | |
905 | ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end); | |
906 | if (ret == 1) | |
907 | r.end = r.start; | |
908 | else if (ret != 2) | |
909 | invarg("invalid dport range\n", *argv); | |
910 | addattr_l(&req.n, sizeof(req), FRA_DPORT_RANGE, &r, | |
911 | sizeof(r)); | |
aba5acdf SH |
912 | } else { |
913 | int type; | |
914 | ||
d831cc7c | 915 | if (strcmp(*argv, "type") == 0) |
aba5acdf | 916 | NEXT_ARG(); |
d831cc7c | 917 | |
aba5acdf SH |
918 | if (matches(*argv, "help") == 0) |
919 | usage(); | |
6b469cae TG |
920 | else if (matches(*argv, "goto") == 0) { |
921 | __u32 target; | |
56f5daac | 922 | |
6b469cae TG |
923 | type = FR_ACT_GOTO; |
924 | NEXT_ARG(); | |
925 | if (get_u32(&target, *argv, 0)) | |
926 | invarg("invalid target\n", *argv); | |
d831cc7c SH |
927 | addattr32(&req.n, sizeof(req), |
928 | FRA_GOTO, target); | |
6b469cae TG |
929 | } else if (matches(*argv, "nop") == 0) |
930 | type = FR_ACT_NOP; | |
931 | else if (rtnl_rtntype_a2n(&type, *argv)) | |
aba5acdf | 932 | invarg("Failed to parse rule type", *argv); |
5baaf07c | 933 | req.frh.action = type; |
6b469cae | 934 | table_ok = 1; |
aba5acdf SH |
935 | } |
936 | argc--; | |
937 | argv++; | |
938 | } | |
939 | ||
8c92e122 DA |
940 | if (l3mdev_rule && tid != 0) { |
941 | fprintf(stderr, | |
942 | "table can not be specified for l3mdev rules\n"); | |
943 | return -EINVAL; | |
944 | } | |
945 | ||
5baaf07c DS |
946 | if (req.frh.family == AF_UNSPEC) |
947 | req.frh.family = AF_INET; | |
aba5acdf SH |
948 | |
949 | if (!table_ok && cmd == RTM_NEWRULE) | |
5baaf07c | 950 | req.frh.table = RT_TABLE_MAIN; |
aba5acdf | 951 | |
86bf43c7 | 952 | if (rtnl_talk(&rth, &req.n, NULL) < 0) |
076ae708 | 953 | return -2; |
aba5acdf SH |
954 | |
955 | return 0; | |
956 | } | |
957 | ||
958 | int do_iprule(int argc, char **argv) | |
959 | { | |
960 | if (argc < 1) { | |
cb294a1d | 961 | return iprule_list_flush_or_save(0, NULL, IPRULE_LIST); |
aba5acdf SH |
962 | } else if (matches(argv[0], "list") == 0 || |
963 | matches(argv[0], "lst") == 0 || | |
964 | matches(argv[0], "show") == 0) { | |
cb294a1d | 965 | return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_LIST); |
2f4e171f | 966 | } else if (matches(argv[0], "save") == 0) { |
cb294a1d | 967 | return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_SAVE); |
2f4e171f KT |
968 | } else if (matches(argv[0], "restore") == 0) { |
969 | return iprule_restore(); | |
aba5acdf SH |
970 | } else if (matches(argv[0], "add") == 0) { |
971 | return iprule_modify(RTM_NEWRULE, argc-1, argv+1); | |
972 | } else if (matches(argv[0], "delete") == 0) { | |
973 | return iprule_modify(RTM_DELRULE, argc-1, argv+1); | |
50772dc5 | 974 | } else if (matches(argv[0], "flush") == 0) { |
cb294a1d | 975 | return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_FLUSH); |
aba5acdf SH |
976 | } else if (matches(argv[0], "help") == 0) |
977 | usage(); | |
978 | ||
d831cc7c SH |
979 | fprintf(stderr, |
980 | "Command \"%s\" is unknown, try \"ip rule help\".\n", *argv); | |
aba5acdf SH |
981 | exit(-1); |
982 | } | |
983 | ||
b6c8e808 PM |
984 | int do_multirule(int argc, char **argv) |
985 | { | |
986 | switch (preferred_family) { | |
987 | case AF_UNSPEC: | |
988 | case AF_INET: | |
989 | preferred_family = RTNL_FAMILY_IPMR; | |
990 | break; | |
991 | case AF_INET6: | |
992 | preferred_family = RTNL_FAMILY_IP6MR; | |
993 | break; | |
0d1c9b57 BG |
994 | case RTNL_FAMILY_IPMR: |
995 | case RTNL_FAMILY_IP6MR: | |
996 | break; | |
b6c8e808 | 997 | default: |
d831cc7c SH |
998 | fprintf(stderr, |
999 | "Multicast rules are only supported for IPv4/IPv6, was: %i\n", | |
0d1c9b57 | 1000 | preferred_family); |
b6c8e808 PM |
1001 | exit(-1); |
1002 | } | |
1003 | ||
1004 | return do_iprule(argc, argv); | |
1005 | } |