[mirror_iproute2.git] / tc / f_flow.c

/*
 * f_flow.c		Flow filter
 *
 * 		This program is free software; you can redistribute it and/or
 * 		modify it under the terms of the GNU General Public License
 * 		as published by the Free Software Foundation; either version
 * 		2 of the License, or (at your option) any later version.
 *
 * Authors:	Patrick McHardy <kaber@trash.net>
 */
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>

#include "utils.h"
#include "tc_util.h"
#include "m_ematch.h"

static void explain(void)
{
	fprintf(stderr,
"Usage: ... flow ...\n"
"\n"
" [mapping mode]: map key KEY [ OPS ] ...\n"
" [hashing mode]: hash keys KEY-LIST ...\n"
"\n"
"                 [ divisor NUM ] [ baseclass ID ] [ match EMATCH_TREE ]\n"
"                 [ police POLICE_SPEC ] [ action ACTION_SPEC ]\n"
"\n"
"KEY-LIST := [ KEY-LIST , ] KEY\n"
"KEY      := [ src | dst | proto | proto-src | proto-dst | iif | priority | \n"
"              mark | nfct | nfct-src | nfct-dst | nfct-proto-src | \n"
"              nfct-proto-dst | rt-classid | sk-uid | sk-gid |\n"
"              vlan-tag ]\n"
"OPS      := [ or NUM | and NUM | xor NUM | rshift NUM | addend NUM ]\n"
"ID       := X:Y\n"
	);
}

static const char *flow_keys[FLOW_KEY_MAX+1] = {
	[FLOW_KEY_SRC]			= "src",
	[FLOW_KEY_DST]			= "dst",
	[FLOW_KEY_PROTO]		= "proto",
	[FLOW_KEY_PROTO_SRC]		= "proto-src",
	[FLOW_KEY_PROTO_DST]		= "proto-dst",
	[FLOW_KEY_IIF]			= "iif",
	[FLOW_KEY_PRIORITY]		= "priority",
	[FLOW_KEY_MARK]			= "mark",
	[FLOW_KEY_NFCT]			= "nfct",
	[FLOW_KEY_NFCT_SRC]		= "nfct-src",
	[FLOW_KEY_NFCT_DST]		= "nfct-dst",
	[FLOW_KEY_NFCT_PROTO_SRC]	= "nfct-proto-src",
	[FLOW_KEY_NFCT_PROTO_DST]	= "nfct-proto-dst",
	[FLOW_KEY_RTCLASSID]		= "rt-classid",
	[FLOW_KEY_SKUID]		= "sk-uid",
	[FLOW_KEY_SKGID]		= "sk-gid",
	[FLOW_KEY_VLAN_TAG]		= "vlan-tag",
};

static int flow_parse_keys(__u32 *keys, __u32 *nkeys, char *argv)
{
	char *s, *sep;
	unsigned int i;

	*keys = 0;
	*nkeys = 0;
	s = argv;
	while (s != NULL) {
		sep = strchr(s, ',');
		if (sep)
			*sep = '\0';

		for (i = 0; i <= FLOW_KEY_MAX; i++) {
			if (matches(s, flow_keys[i]) == 0) {
				*keys |= 1 << i;
				(*nkeys)++;
				break;
			}
		}
		if (i > FLOW_KEY_MAX) {
			fprintf(stderr, "Unknown flow key \"%s\"\n", s);
			return -1;
		}
		s = sep ? sep + 1 : NULL;
	}
	return 0;
}

static void transfer_bitop(__u32 *mask, __u32 *xor, __u32 m, __u32 x)
{
	*xor = x ^ (*xor & m);
	*mask &= m;
}

static int get_addend(__u32 *addend, char *argv, __u32 keys)
{
	inet_prefix addr;
	int sign = 0;
	__u32 tmp;

	if (*argv == '-') {
		sign = 1;
		argv++;
	}

	if (get_u32(&tmp, argv, 0) == 0)
		goto out;

	if (keys & (FLOW_KEY_SRC | FLOW_KEY_DST |
		    FLOW_KEY_NFCT_SRC | FLOW_KEY_NFCT_DST) &&
	    get_addr(&addr, argv, AF_UNSPEC) == 0) {
		switch (addr.family) {
		case AF_INET:
			tmp = ntohl(addr.data[0]);
			goto out;
		case AF_INET6:
			tmp = ntohl(addr.data[3]);
			goto out;
		}
	}

	return -1;
out:
	if (sign)
		tmp = -tmp;
	*addend = tmp;
	return 0;
}

static int flow_parse_opt(struct filter_util *fu, char *handle,
			  int argc, char **argv, struct nlmsghdr *n)
{
	struct tc_police tp;
	struct tcmsg *t = NLMSG_DATA(n);
	struct rtattr *tail;
	__u32 mask = ~0U, xor = 0;
	__u32 keys = 0, nkeys = 0;
	__u32 mode = FLOW_MODE_MAP;
	__u32 tmp;

	memset(&tp, 0, sizeof(tp));

	if (handle) {
		if (get_u32(&t->tcm_handle, handle, 0)) {
			fprintf(stderr, "Illegal \"handle\"\n");
			return -1;
		}
	}

	tail = NLMSG_TAIL(n);
	addattr_l(n, 4096, TCA_OPTIONS, NULL, 0);

	while (argc > 0) {
		if (matches(*argv, "map") == 0) {
			mode = FLOW_MODE_MAP;
		} else if (matches(*argv, "hash") == 0) {
			mode = FLOW_MODE_HASH;
		} else if (matches(*argv, "keys") == 0) {
			NEXT_ARG();
			if (flow_parse_keys(&keys, &nkeys, *argv))
				return -1;
			addattr32(n, 4096, TCA_FLOW_KEYS, keys);
		} else if (matches(*argv, "and") == 0) {
			NEXT_ARG();
			if (get_u32(&tmp, *argv, 0)) {
				fprintf(stderr, "Illegal \"mask\"\n");
				return -1;
			}
			transfer_bitop(&mask, &xor, tmp, 0);
		} else if (matches(*argv, "or") == 0) {
			NEXT_ARG();
			if (get_u32(&tmp, *argv, 0)) {
				fprintf(stderr, "Illegal \"or\"\n");
				return -1;
			}
			transfer_bitop(&mask, &xor, ~tmp, tmp);
		} else if (matches(*argv, "xor") == 0) {
			NEXT_ARG();
			if (get_u32(&tmp, *argv, 0)) {
				fprintf(stderr, "Illegal \"xor\"\n");
				return -1;
			}
			transfer_bitop(&mask, &xor, ~0, tmp);
		} else if (matches(*argv, "rshift") == 0) {
			NEXT_ARG();
			if (get_u32(&tmp, *argv, 0)) {
				fprintf(stderr, "Illegal \"rshift\"\n");
				return -1;
			}
			addattr32(n, 4096, TCA_FLOW_RSHIFT, tmp);
		} else if (matches(*argv, "addend") == 0) {
			NEXT_ARG();
			if (get_addend(&tmp, *argv, keys)) {
				fprintf(stderr, "Illegal \"addend\"\n");
				return -1;
			}
			addattr32(n, 4096, TCA_FLOW_ADDEND, tmp);
		} else if (matches(*argv, "divisor") == 0) {
			NEXT_ARG();
			if (get_u32(&tmp, *argv, 0)) {
				fprintf(stderr, "Illegal \"divisor\"\n");
				return -1;
			}
			addattr32(n, 4096, TCA_FLOW_DIVISOR, tmp);
		} else if (matches(*argv, "baseclass") == 0) {
			NEXT_ARG();
			if (get_tc_classid(&tmp, *argv) || TC_H_MIN(tmp) == 0) {
				fprintf(stderr, "Illegal \"baseclass\"\n");
				return -1;
			}
			addattr32(n, 4096, TCA_FLOW_BASECLASS, tmp);
		} else if (matches(*argv, "police") == 0) {
			NEXT_ARG();
			if (parse_police(&argc, &argv, TCA_FLOW_POLICE, n)) {
				fprintf(stderr, "Illegal \"police\"\n");
				return -1;
			}
			continue;
		} else if (matches(*argv, "action") == 0) {
			NEXT_ARG();
			if (parse_action(&argc, &argv, TCA_FLOW_ACT, n)) {
				fprintf(stderr, "Illegal \"action\"\n");
				return -1;
			}
			continue;
		} else if (matches(*argv, "match") == 0) {
			NEXT_ARG();
			if (parse_ematch(&argc, &argv, TCA_FLOW_EMATCHES, n)) {
				fprintf(stderr, "Illegal \"ematch\"\n");
				return -1;
			}
			continue;
		} else if (matches(*argv, "help") == 0) {
			explain();
			return -1;
		} else {
			fprintf(stderr, "What is \"%s\"?\n", *argv);
			explain();
			return -1;
		}
		argv++, argc--;
	}

	if (nkeys > 1 && mode != FLOW_MODE_HASH) {
		fprintf(stderr, "Invalid mode \"map\" for multiple keys\n");
		return -1;
	}
	addattr32(n, 4096, TCA_FLOW_MODE, mode);

	if (mask != ~0 || xor != 0) {
		addattr32(n, 4096, TCA_FLOW_MASK, mask);
		addattr32(n, 4096, TCA_FLOW_XOR, xor);
	}

	tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail;
	return 0;
}

static int flow_print_opt(struct filter_util *fu, FILE *f, struct rtattr *opt,
			  __u32 handle)
{
	struct rtattr *tb[TCA_FLOW_MAX+1];
	SPRINT_BUF(b1);
	unsigned int i;
	__u32 mask = ~0, val = 0;

	if (opt == NULL)
		return -EINVAL;

	parse_rtattr_nested(tb, TCA_FLOW_MAX, opt);

	fprintf(f, "handle 0x%x ", handle);

	if (tb[TCA_FLOW_MODE]) {
		__u32 mode = *(__u32 *)RTA_DATA(tb[TCA_FLOW_MODE]);

		switch (mode) {
		case FLOW_MODE_MAP:
			fprintf(f, "map ");
			break;
		case FLOW_MODE_HASH:
			fprintf(f, "hash ");
			break;
		}
	}

	if (tb[TCA_FLOW_KEYS]) {
		__u32 keymask = *(__u32 *)RTA_DATA(tb[TCA_FLOW_KEYS]);
		char *sep = "";

		fprintf(f, "keys ");
		for (i = 0; i <= FLOW_KEY_MAX; i++) {
			if (keymask & (1 << i)) {
				fprintf(f, "%s%s", sep, flow_keys[i]);
				sep = ",";
			}
		}
		fprintf(f, " ");
	}

	if (tb[TCA_FLOW_MASK])
		mask = *(__u32 *)RTA_DATA(tb[TCA_FLOW_MASK]);
	if (tb[TCA_FLOW_XOR])
		val = *(__u32 *)RTA_DATA(tb[TCA_FLOW_XOR]);

	if (mask != ~0 || val != 0) {
		__u32 or = (mask & val) ^ val;
		__u32 xor = mask & val;

		if (mask != ~0)
			fprintf(f, "and 0x%.8x ", mask);
		if (xor != 0)
			fprintf(f, "xor 0x%.8x ", xor);
		if (or != 0)
			fprintf(f, "or 0x%.8x ", or);
	}

	if (tb[TCA_FLOW_RSHIFT])
		fprintf(f, "rshift %u ",
			*(__u32 *)RTA_DATA(tb[TCA_FLOW_RSHIFT]));
	if (tb[TCA_FLOW_ADDEND])
		fprintf(f, "addend 0x%x ",
			*(__u32 *)RTA_DATA(tb[TCA_FLOW_ADDEND]));

	if (tb[TCA_FLOW_DIVISOR])
		fprintf(f, "divisor %u ",
			*(__u32 *)RTA_DATA(tb[TCA_FLOW_DIVISOR]));
	if (tb[TCA_FLOW_BASECLASS])
		fprintf(f, "baseclass %s ",
			sprint_tc_classid(*(__u32 *)RTA_DATA(tb[TCA_FLOW_BASECLASS]), b1));

	if (tb[TCA_FLOW_EMATCHES])
		print_ematch(f, tb[TCA_FLOW_EMATCHES]);
	if (tb[TCA_FLOW_POLICE])
		tc_print_police(f, tb[TCA_FLOW_POLICE]);
	if (tb[TCA_FLOW_ACT]) {
		fprintf(f, "\n");
		tc_print_action(f, tb[TCA_FLOW_ACT]);
	}
	return 0;
}

struct filter_util flow_filter_util = {
	.id		= "flow",
	.parse_fopt	= flow_parse_opt,
	.print_fopt	= flow_print_opt,
};
Commit	Line	Data
9932abb4 PM	1	/*
	2	* f_flow.c Flow filter
	3	*
	4	* This program is free software; you can redistribute it and/or
	5	* modify it under the terms of the GNU General Public License
	6	* as published by the Free Software Foundation; either version
	7	* 2 of the License, or (at your option) any later version.
	8	*
	9	* Authors: Patrick McHardy <kaber@trash.net>
	10	*/
	11	#include <stdio.h>
	12	#include <stdlib.h>
	13	#include <unistd.h>
	14	#include <string.h>
	15	#include <errno.h>
	16
	17	#include "utils.h"
	18	#include "tc_util.h"
	19	#include "m_ematch.h"
	20
	21	static void explain(void)
	22	{
	23	fprintf(stderr,
	24	"Usage: ... flow ...\n"
	25	"\n"
	26	" [mapping mode]: map key KEY [ OPS ] ...\n"
	27	" [hashing mode]: hash keys KEY-LIST ...\n"
	28	"\n"
	29	" [ divisor NUM ] [ baseclass ID ] [ match EMATCH_TREE ]\n"
	30	" [ police POLICE_SPEC ] [ action ACTION_SPEC ]\n"
	31	"\n"
	32	"KEY-LIST := [ KEY-LIST , ] KEY\n"
	33	"KEY := [ src \| dst \| proto \| proto-src \| proto-dst \| iif \| priority \| \n"
	34	" mark \| nfct \| nfct-src \| nfct-dst \| nfct-proto-src \| \n"
66862d3c PM	35	" nfct-proto-dst \| rt-classid \| sk-uid \| sk-gid \|\n"
66862d3c PM	36	" vlan-tag ]\n"
9932abb4 PM	37	"OPS := [ or NUM \| and NUM \| xor NUM \| rshift NUM \| addend NUM ]\n"
	38	"ID := X:Y\n"
	39	);
	40	}
	41
	42	static const char *flow_keys[FLOW_KEY_MAX+1] = {
	43	[FLOW_KEY_SRC] = "src",
	44	[FLOW_KEY_DST] = "dst",
	45	[FLOW_KEY_PROTO] = "proto",
	46	[FLOW_KEY_PROTO_SRC] = "proto-src",
	47	[FLOW_KEY_PROTO_DST] = "proto-dst",
	48	[FLOW_KEY_IIF] = "iif",
	49	[FLOW_KEY_PRIORITY] = "priority",
	50	[FLOW_KEY_MARK] = "mark",
	51	[FLOW_KEY_NFCT] = "nfct",
	52	[FLOW_KEY_NFCT_SRC] = "nfct-src",
	53	[FLOW_KEY_NFCT_DST] = "nfct-dst",
	54	[FLOW_KEY_NFCT_PROTO_SRC] = "nfct-proto-src",
	55	[FLOW_KEY_NFCT_PROTO_DST] = "nfct-proto-dst",
	56	[FLOW_KEY_RTCLASSID] = "rt-classid",
	57	[FLOW_KEY_SKUID] = "sk-uid",
	58	[FLOW_KEY_SKGID] = "sk-gid",
66862d3c	59	[FLOW_KEY_VLAN_TAG] = "vlan-tag",
9932abb4 PM	60	};
	61
	62	static int flow_parse_keys(__u32 keys, __u32 nkeys, char *argv)
	63	{
	64	char s, sep;
	65	unsigned int i;
	66
	67	*keys = 0;
	68	*nkeys = 0;
	69	s = argv;
	70	while (s != NULL) {
	71	sep = strchr(s, ',');
	72	if (sep)
	73	*sep = '\0';
	74
	75	for (i = 0; i <= FLOW_KEY_MAX; i++) {
	76	if (matches(s, flow_keys[i]) == 0) {
	77	*keys \|= 1 << i;
	78	(*nkeys)++;
	79	break;
	80	}
	81	}
	82	if (i > FLOW_KEY_MAX) {
	83	fprintf(stderr, "Unknown flow key \"%s\"\n", s);
	84	return -1;
	85	}
	86	s = sep ? sep + 1 : NULL;
	87	}
	88	return 0;
	89	}
	90
	91	static void transfer_bitop(__u32 mask, __u32 xor, __u32 m, __u32 x)
	92	{
	93	xor = x ^ (xor & m);
	94	*mask &= m;
	95	}
	96
	97	static int get_addend(__u32 addend, char argv, __u32 keys)
	98	{
	99	inet_prefix addr;
	100	int sign = 0;
	101	__u32 tmp;
	102
	103	if (*argv == '-') {
	104	sign = 1;
	105	argv++;
	106	}
	107
	108	if (get_u32(&tmp, argv, 0) == 0)
	109	goto out;
	110
	111	if (keys & (FLOW_KEY_SRC \| FLOW_KEY_DST \|
	112	FLOW_KEY_NFCT_SRC \| FLOW_KEY_NFCT_DST) &&
	113	get_addr(&addr, argv, AF_UNSPEC) == 0) {
	114	switch (addr.family) {
	115	case AF_INET:
	116	tmp = ntohl(addr.data[0]);
	117	goto out;
	118	case AF_INET6:
	119	tmp = ntohl(addr.data[3]);
	120	goto out;
	121	}
	122	}
	123
124	return -1;
125	out:
126	if (sign)
127	tmp = -tmp;
128	*addend = tmp;
129	return 0;
130	}
131
132	static int flow_parse_opt(struct filter_util fu, char handle,
133	int argc, char *argv, struct nlmsghdr n)
134	{
135	struct tc_police tp;
136	struct tcmsg *t = NLMSG_DATA(n);
137	struct rtattr *tail;
138	__u32 mask = ~0U, xor = 0;
139	__u32 keys = 0, nkeys = 0;
140	__u32 mode = FLOW_MODE_MAP;
141	__u32 tmp;
142
143	memset(&tp, 0, sizeof(tp));
144
145	if (handle) {
146	if (get_u32(&t->tcm_handle, handle, 0)) {
147	fprintf(stderr, "Illegal \"handle\"\n");
148	return -1;
149	}
150	}
151
152	tail = NLMSG_TAIL(n);
153	addattr_l(n, 4096, TCA_OPTIONS, NULL, 0);
154
155	while (argc > 0) {
156	if (matches(*argv, "map") == 0) {
157	mode = FLOW_MODE_MAP;
158	} else if (matches(*argv, "hash") == 0) {
159	mode = FLOW_MODE_HASH;
160	} else if (matches(*argv, "keys") == 0) {
161	NEXT_ARG();
162	if (flow_parse_keys(&keys, &nkeys, *argv))
163	return -1;
164	addattr32(n, 4096, TCA_FLOW_KEYS, keys);
165	} else if (matches(*argv, "and") == 0) {
166	NEXT_ARG();
167	if (get_u32(&tmp, *argv, 0)) {
168	fprintf(stderr, "Illegal \"mask\"\n");
169	return -1;
170	}
171	transfer_bitop(&mask, &xor, tmp, 0);
172	} else if (matches(*argv, "or") == 0) {
173	NEXT_ARG();
174	if (get_u32(&tmp, *argv, 0)) {
175	fprintf(stderr, "Illegal \"or\"\n");
176	return -1;
177	}
178	transfer_bitop(&mask, &xor, ~tmp, tmp);
179	} else if (matches(*argv, "xor") == 0) {
180	NEXT_ARG();
181	if (get_u32(&tmp, *argv, 0)) {
182	fprintf(stderr, "Illegal \"xor\"\n");
183	return -1;
184	}
185	transfer_bitop(&mask, &xor, ~0, tmp);
186	} else if (matches(*argv, "rshift") == 0) {
187	NEXT_ARG();
188	if (get_u32(&tmp, *argv, 0)) {
189	fprintf(stderr, "Illegal \"rshift\"\n");
190	return -1;
191	}
192	addattr32(n, 4096, TCA_FLOW_RSHIFT, tmp);
193	} else if (matches(*argv, "addend") == 0) {
194	NEXT_ARG();
195	if (get_addend(&tmp, *argv, keys)) {
196	fprintf(stderr, "Illegal \"addend\"\n");
197	return -1;
198	}
199	addattr32(n, 4096, TCA_FLOW_ADDEND, tmp);
200	} else if (matches(*argv, "divisor") == 0) {
201	NEXT_ARG();
202	if (get_u32(&tmp, *argv, 0)) {
203	fprintf(stderr, "Illegal \"divisor\"\n");
204	return -1;
205	}
206	addattr32(n, 4096, TCA_FLOW_DIVISOR, tmp);
207	} else if (matches(*argv, "baseclass") == 0) {
208	NEXT_ARG();
209	if (get_tc_classid(&tmp, *argv) \|\| TC_H_MIN(tmp) == 0) {
210	fprintf(stderr, "Illegal \"baseclass\"\n");
211	return -1;
212	}
213	addattr32(n, 4096, TCA_FLOW_BASECLASS, tmp);
214	} else if (matches(*argv, "police") == 0) {
215	NEXT_ARG();
216	if (parse_police(&argc, &argv, TCA_FLOW_POLICE, n)) {
217	fprintf(stderr, "Illegal \"police\"\n");
218	return -1;
219	}
220	continue;
221	} else if (matches(*argv, "action") == 0) {
222	NEXT_ARG();
223	if (parse_action(&argc, &argv, TCA_FLOW_ACT, n)) {
224	fprintf(stderr, "Illegal \"action\"\n");
225	return -1;
226	}
227	continue;
228	} else if (matches(*argv, "match") == 0) {
229	NEXT_ARG();
230	if (parse_ematch(&argc, &argv, TCA_FLOW_EMATCHES, n)) {
231	fprintf(stderr, "Illegal \"ematch\"\n");
232	return -1;
233	}
234	continue;
235	} else if (matches(*argv, "help") == 0) {
236	explain();
237	return -1;
238	} else {
239	fprintf(stderr, "What is \"%s\"?\n", *argv);
240	explain();
241	return -1;
242	}
243	argv++, argc--;
244	}
245
246	if (nkeys > 1 && mode != FLOW_MODE_HASH) {
247	fprintf(stderr, "Invalid mode \"map\" for multiple keys\n");
248	return -1;
249	}
250	addattr32(n, 4096, TCA_FLOW_MODE, mode);
251
252	if (mask != ~0 \|\| xor != 0) {
253	addattr32(n, 4096, TCA_FLOW_MASK, mask);
254	addattr32(n, 4096, TCA_FLOW_XOR, xor);
255	}
256
257	tail->rta_len = (void )NLMSG_TAIL(n) - (void )tail;
258	return 0;
259	}
260
261	static int flow_print_opt(struct filter_util fu, FILE f, struct rtattr *opt,
262	__u32 handle)
263	{
264	struct rtattr *tb[TCA_FLOW_MAX+1];
265	SPRINT_BUF(b1);
266	unsigned int i;
267	__u32 mask = ~0, val = 0;
268
269	if (opt == NULL)
270	return -EINVAL;
271
272	parse_rtattr_nested(tb, TCA_FLOW_MAX, opt);
273
274	fprintf(f, "handle 0x%x ", handle);
275
276	if (tb[TCA_FLOW_MODE]) {
277	__u32 mode = (__u32 )RTA_DATA(tb[TCA_FLOW_MODE]);
278
279	switch (mode) {
280	case FLOW_MODE_MAP:
281	fprintf(f, "map ");
282	break;
283	case FLOW_MODE_HASH:
284	fprintf(f, "hash ");
285	break;
286	}
287	}
288
289	if (tb[TCA_FLOW_KEYS]) {
290	__u32 keymask = (__u32 )RTA_DATA(tb[TCA_FLOW_KEYS]);
291	char *sep = "";
292
293	fprintf(f, "keys ");
294	for (i = 0; i <= FLOW_KEY_MAX; i++) {
295	if (keymask & (1 << i)) {
296	fprintf(f, "%s%s", sep, flow_keys[i]);
297	sep = ",";
298	}
299	}
300	fprintf(f, " ");
301	}
302
303	if (tb[TCA_FLOW_MASK])
304	mask = (__u32 )RTA_DATA(tb[TCA_FLOW_MASK]);
305	if (tb[TCA_FLOW_XOR])
306	val = (__u32 )RTA_DATA(tb[TCA_FLOW_XOR]);
307
308	if (mask != ~0 \|\| val != 0) {
309	__u32 or = (mask & val) ^ val;
310	__u32 xor = mask & val;
311
312	if (mask != ~0)
313	fprintf(f, "and 0x%.8x ", mask);
314	if (xor != 0)
315	fprintf(f, "xor 0x%.8x ", xor);
316	if (or != 0)
317	fprintf(f, "or 0x%.8x ", or);
318	}
319
320	if (tb[TCA_FLOW_RSHIFT])
321	fprintf(f, "rshift %u ",
322	(__u32 )RTA_DATA(tb[TCA_FLOW_RSHIFT]));
323	if (tb[TCA_FLOW_ADDEND])
324	fprintf(f, "addend 0x%x ",
325	(__u32 )RTA_DATA(tb[TCA_FLOW_ADDEND]));
326
327	if (tb[TCA_FLOW_DIVISOR])
328	fprintf(f, "divisor %u ",
329	(__u32 )RTA_DATA(tb[TCA_FLOW_DIVISOR]));
330	if (tb[TCA_FLOW_BASECLASS])
331	fprintf(f, "baseclass %s ",
332	sprint_tc_classid((__u32 )RTA_DATA(tb[TCA_FLOW_BASECLASS]), b1));
333
334	if (tb[TCA_FLOW_EMATCHES])
335	print_ematch(f, tb[TCA_FLOW_EMATCHES]);
336	if (tb[TCA_FLOW_POLICE])
337	tc_print_police(f, tb[TCA_FLOW_POLICE]);
338	if (tb[TCA_FLOW_ACT]) {
339	fprintf(f, "\n");
340	tc_print_action(f, tb[TCA_FLOW_ACT]);
341	}
342	return 0;
343	}
344
345	struct filter_util flow_filter_util = {
346	.id = "flow",
347	.parse_fopt = flow_parse_opt,
348	.print_fopt = flow_print_opt,
349	};