]> git.proxmox.com Git - mirror_iproute2.git/blob - ip/iprule.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into net-next
[mirror_iproute2.git] / ip / iprule.c
1 /*
2 * iprule.c "ip rule".
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10 *
11 */
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <unistd.h>
16 #include <syslog.h>
17 #include <fcntl.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <netinet/ip.h>
21 #include <arpa/inet.h>
22 #include <string.h>
23 #include <linux/if.h>
24 #include <linux/fib_rules.h>
25 #include <errno.h>
26
27 #include "rt_names.h"
28 #include "utils.h"
29 #include "ip_common.h"
30
31 enum list_action {
32 IPRULE_LIST,
33 IPRULE_FLUSH,
34 IPRULE_SAVE,
35 };
36
37 extern struct rtnl_handle rth;
38
39 static void usage(void) __attribute__((noreturn));
40
41 static void usage(void)
42 {
43 fprintf(stderr,
44 "Usage: ip rule { add | del } SELECTOR ACTION\n"
45 " ip rule { flush | save | restore }\n"
46 " ip rule [ list [ SELECTOR ]]\n"
47 "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n"
48 " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n"
49 " [ uidrange NUMBER-NUMBER ]\n"
50 "ACTION := [ table TABLE_ID ]\n"
51 " [ nat ADDRESS ]\n"
52 " [ realms [SRCREALM/]DSTREALM ]\n"
53 " [ goto NUMBER ]\n"
54 " SUPPRESSOR\n"
55 "SUPPRESSOR := [ suppress_prefixlength NUMBER ]\n"
56 " [ suppress_ifgroup DEVGROUP ]\n"
57 "TABLE_ID := [ local | main | default | NUMBER ]\n");
58 exit(-1);
59 }
60
61 static struct
62 {
63 int not;
64 int l3mdev;
65 int iifmask, oifmask, uidrange;
66 unsigned int tb;
67 unsigned int tos, tosmask;
68 unsigned int pref, prefmask;
69 unsigned int fwmark, fwmask;
70 char iif[IFNAMSIZ];
71 char oif[IFNAMSIZ];
72 struct fib_rule_uid_range range;
73 inet_prefix src;
74 inet_prefix dst;
75 } filter;
76
77 static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
78 {
79 struct rtmsg *r = NLMSG_DATA(n);
80 inet_prefix src = { .family = r->rtm_family };
81 inet_prefix dst = { .family = r->rtm_family };
82 __u32 table;
83
84 if (preferred_family != AF_UNSPEC && r->rtm_family != preferred_family)
85 return false;
86
87 if (filter.prefmask &&
88 filter.pref ^ (tb[FRA_PRIORITY] ? rta_getattr_u32(tb[FRA_PRIORITY]) : 0))
89 return false;
90 if (filter.not && !(r->rtm_flags & FIB_RULE_INVERT))
91 return false;
92
93 if (filter.src.family) {
94 if (tb[FRA_SRC]) {
95 memcpy(&src.data, RTA_DATA(tb[FRA_SRC]),
96 (r->rtm_src_len + 7) / 8);
97 }
98 if (filter.src.family != r->rtm_family ||
99 filter.src.bitlen > r->rtm_src_len ||
100 inet_addr_match(&src, &filter.src, filter.src.bitlen))
101 return false;
102 }
103
104 if (filter.dst.family) {
105 if (tb[FRA_DST]) {
106 memcpy(&dst.data, RTA_DATA(tb[FRA_DST]),
107 (r->rtm_dst_len + 7) / 8);
108 }
109 if (filter.dst.family != r->rtm_family ||
110 filter.dst.bitlen > r->rtm_dst_len ||
111 inet_addr_match(&dst, &filter.dst, filter.dst.bitlen))
112 return false;
113 }
114
115 if (filter.tosmask && filter.tos ^ r->rtm_tos)
116 return false;
117
118 if (filter.fwmark) {
119 __u32 mark = 0;
120
121 if (tb[FRA_FWMARK])
122 mark = rta_getattr_u32(tb[FRA_FWMARK]);
123 if (filter.fwmark ^ mark)
124 return false;
125 }
126 if (filter.fwmask) {
127 __u32 mask = 0;
128
129 if (tb[FRA_FWMASK])
130 mask = rta_getattr_u32(tb[FRA_FWMASK]);
131 if (filter.fwmask ^ mask)
132 return false;
133 }
134
135 if (filter.iifmask) {
136 if (tb[FRA_IFNAME]) {
137 if (strcmp(filter.iif, rta_getattr_str(tb[FRA_IFNAME])) != 0)
138 return false;
139 } else {
140 return false;
141 }
142 }
143
144 if (filter.oifmask) {
145 if (tb[FRA_OIFNAME]) {
146 if (strcmp(filter.oif, rta_getattr_str(tb[FRA_OIFNAME])) != 0)
147 return false;
148 } else {
149 return false;
150 }
151 }
152
153 if (filter.l3mdev && !(tb[FRA_L3MDEV] && rta_getattr_u8(tb[FRA_L3MDEV])))
154 return false;
155
156 if (filter.uidrange) {
157 struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]);
158
159 if (!tb[FRA_UID_RANGE] ||
160 r->start != filter.range.start ||
161 r->end != filter.range.end)
162 return false;
163 }
164
165 table = rtm_get_table(r, tb);
166 if (filter.tb > 0 && filter.tb ^ table)
167 return false;
168
169 return true;
170 }
171
172 int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
173 {
174 FILE *fp = (FILE *)arg;
175 struct rtmsg *r = NLMSG_DATA(n);
176 int len = n->nlmsg_len;
177 int host_len = -1;
178 __u32 table;
179 struct rtattr *tb[FRA_MAX+1];
180
181 SPRINT_BUF(b1);
182
183 if (n->nlmsg_type != RTM_NEWRULE && n->nlmsg_type != RTM_DELRULE)
184 return 0;
185
186 len -= NLMSG_LENGTH(sizeof(*r));
187 if (len < 0)
188 return -1;
189
190 parse_rtattr(tb, FRA_MAX, RTM_RTA(r), len);
191
192 host_len = af_bit_len(r->rtm_family);
193
194 if (!filter_nlmsg(n, tb, host_len))
195 return 0;
196
197 if (n->nlmsg_type == RTM_DELRULE)
198 fprintf(fp, "Deleted ");
199
200 if (tb[FRA_PRIORITY])
201 fprintf(fp, "%u:\t",
202 rta_getattr_u32(tb[FRA_PRIORITY]));
203 else
204 fprintf(fp, "0:\t");
205
206 if (r->rtm_flags & FIB_RULE_INVERT)
207 fprintf(fp, "not ");
208
209 if (tb[FRA_SRC]) {
210 if (r->rtm_src_len != host_len) {
211 fprintf(fp, "from %s/%u ",
212 rt_addr_n2a_rta(r->rtm_family, tb[FRA_SRC]),
213 r->rtm_src_len);
214 } else {
215 fprintf(fp, "from %s ",
216 format_host_rta(r->rtm_family, tb[FRA_SRC]));
217 }
218 } else if (r->rtm_src_len) {
219 fprintf(fp, "from 0/%d ", r->rtm_src_len);
220 } else {
221 fprintf(fp, "from all ");
222 }
223
224 if (tb[FRA_DST]) {
225 if (r->rtm_dst_len != host_len) {
226 fprintf(fp, "to %s/%u ",
227 rt_addr_n2a_rta(r->rtm_family, tb[FRA_DST]),
228 r->rtm_dst_len);
229 } else {
230 fprintf(fp, "to %s ",
231 format_host_rta(r->rtm_family, tb[FRA_DST]));
232 }
233 } else if (r->rtm_dst_len) {
234 fprintf(fp, "to 0/%d ", r->rtm_dst_len);
235 }
236
237 if (r->rtm_tos) {
238 SPRINT_BUF(b1);
239 fprintf(fp, "tos %s ",
240 rtnl_dsfield_n2a(r->rtm_tos, b1, sizeof(b1)));
241 }
242
243 if (tb[FRA_FWMARK] || tb[FRA_FWMASK]) {
244 __u32 mark = 0, mask = 0;
245
246 if (tb[FRA_FWMARK])
247 mark = rta_getattr_u32(tb[FRA_FWMARK]);
248
249 if (tb[FRA_FWMASK] &&
250 (mask = rta_getattr_u32(tb[FRA_FWMASK])) != 0xFFFFFFFF)
251 fprintf(fp, "fwmark 0x%x/0x%x ", mark, mask);
252 else
253 fprintf(fp, "fwmark 0x%x ", mark);
254 }
255
256 if (tb[FRA_IFNAME]) {
257 fprintf(fp, "iif %s ", rta_getattr_str(tb[FRA_IFNAME]));
258 if (r->rtm_flags & FIB_RULE_IIF_DETACHED)
259 fprintf(fp, "[detached] ");
260 }
261
262 if (tb[FRA_OIFNAME]) {
263 fprintf(fp, "oif %s ", rta_getattr_str(tb[FRA_OIFNAME]));
264 if (r->rtm_flags & FIB_RULE_OIF_DETACHED)
265 fprintf(fp, "[detached] ");
266 }
267
268 if (tb[FRA_L3MDEV]) {
269 if (rta_getattr_u8(tb[FRA_L3MDEV]))
270 fprintf(fp, "lookup [l3mdev-table] ");
271 }
272
273 if (tb[FRA_UID_RANGE]) {
274 struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]);
275
276 fprintf(fp, "uidrange %u-%u ", r->start, r->end);
277 }
278
279 table = rtm_get_table(r, tb);
280 if (table) {
281 fprintf(fp, "lookup %s ",
282 rtnl_rttable_n2a(table, b1, sizeof(b1)));
283
284 if (tb[FRA_SUPPRESS_PREFIXLEN]) {
285 int pl = rta_getattr_u32(tb[FRA_SUPPRESS_PREFIXLEN]);
286
287 if (pl != -1)
288 fprintf(fp, "suppress_prefixlength %d ", pl);
289 }
290 if (tb[FRA_SUPPRESS_IFGROUP]) {
291 int group = rta_getattr_u32(tb[FRA_SUPPRESS_IFGROUP]);
292
293 if (group != -1) {
294 SPRINT_BUF(b1);
295 fprintf(fp, "suppress_ifgroup %s ",
296 rtnl_group_n2a(group, b1, sizeof(b1)));
297 }
298 }
299 }
300
301 if (tb[FRA_FLOW]) {
302 __u32 to = rta_getattr_u32(tb[FRA_FLOW]);
303 __u32 from = to>>16;
304
305 to &= 0xFFFF;
306 if (from) {
307 fprintf(fp, "realms %s/",
308 rtnl_rtrealm_n2a(from, b1, sizeof(b1)));
309 }
310 fprintf(fp, "%s ",
311 rtnl_rtrealm_n2a(to, b1, sizeof(b1)));
312 }
313
314 if (r->rtm_type == RTN_NAT) {
315 if (tb[RTA_GATEWAY]) {
316 fprintf(fp, "map-to %s ",
317 format_host_rta(r->rtm_family,
318 tb[RTA_GATEWAY]));
319 } else
320 fprintf(fp, "masquerade");
321 } else if (r->rtm_type == FR_ACT_GOTO) {
322 fprintf(fp, "goto ");
323 if (tb[FRA_GOTO])
324 fprintf(fp, "%u", rta_getattr_u32(tb[FRA_GOTO]));
325 else
326 fprintf(fp, "none");
327 if (r->rtm_flags & FIB_RULE_UNRESOLVED)
328 fprintf(fp, " [unresolved]");
329 } else if (r->rtm_type == FR_ACT_NOP)
330 fprintf(fp, "nop");
331 else if (r->rtm_type != RTN_UNICAST)
332 fprintf(fp, "%s",
333 rtnl_rtntype_n2a(r->rtm_type,
334 b1, sizeof(b1)));
335
336 fprintf(fp, "\n");
337 fflush(fp);
338 return 0;
339 }
340
341 static __u32 rule_dump_magic = 0x71706986;
342
343 static int save_rule_prep(void)
344 {
345 int ret;
346
347 if (isatty(STDOUT_FILENO)) {
348 fprintf(stderr, "Not sending a binary stream to stdout\n");
349 return -1;
350 }
351
352 ret = write(STDOUT_FILENO, &rule_dump_magic, sizeof(rule_dump_magic));
353 if (ret != sizeof(rule_dump_magic)) {
354 fprintf(stderr, "Can't write magic to dump file\n");
355 return -1;
356 }
357
358 return 0;
359 }
360
361 static int save_rule(const struct sockaddr_nl *who,
362 struct nlmsghdr *n, void *arg)
363 {
364 int ret;
365
366 ret = write(STDOUT_FILENO, n, n->nlmsg_len);
367 if ((ret > 0) && (ret != n->nlmsg_len)) {
368 fprintf(stderr, "Short write while saving nlmsg\n");
369 ret = -EIO;
370 }
371
372 return ret == n->nlmsg_len ? 0 : ret;
373 }
374
375 static int flush_rule(const struct sockaddr_nl *who, struct nlmsghdr *n,
376 void *arg)
377 {
378 struct rtnl_handle rth2;
379 struct rtmsg *r = NLMSG_DATA(n);
380 int len = n->nlmsg_len;
381 struct rtattr *tb[FRA_MAX+1];
382
383 len -= NLMSG_LENGTH(sizeof(*r));
384 if (len < 0)
385 return -1;
386
387 parse_rtattr(tb, FRA_MAX, RTM_RTA(r), len);
388
389 if (tb[FRA_PRIORITY]) {
390 n->nlmsg_type = RTM_DELRULE;
391 n->nlmsg_flags = NLM_F_REQUEST;
392
393 if (rtnl_open(&rth2, 0) < 0)
394 return -1;
395
396 if (rtnl_talk(&rth2, n, NULL) < 0)
397 return -2;
398
399 rtnl_close(&rth2);
400 }
401
402 return 0;
403 }
404
405 static int iprule_list_flush_or_save(int argc, char **argv, int action)
406 {
407 rtnl_filter_t filter_fn;
408 int af = preferred_family;
409
410 if (af == AF_UNSPEC)
411 af = AF_INET;
412
413 if (action != IPRULE_LIST && argc > 0) {
414 fprintf(stderr, "\"ip rule %s\" does not take any arguments.\n",
415 action == IPRULE_SAVE ? "save" : "flush");
416 return -1;
417 }
418
419 switch (action) {
420 case IPRULE_SAVE:
421 if (save_rule_prep())
422 return -1;
423 filter_fn = save_rule;
424 break;
425 case IPRULE_FLUSH:
426 filter_fn = flush_rule;
427 break;
428 default:
429 filter_fn = print_rule;
430 }
431
432 memset(&filter, 0, sizeof(filter));
433
434 while (argc > 0) {
435 if (matches(*argv, "preference") == 0 ||
436 matches(*argv, "order") == 0 ||
437 matches(*argv, "priority") == 0) {
438 __u32 pref;
439
440 NEXT_ARG();
441 if (get_u32(&pref, *argv, 0))
442 invarg("preference value is invalid\n", *argv);
443 filter.pref = pref;
444 filter.prefmask = 1;
445 } else if (strcmp(*argv, "not") == 0) {
446 filter.not = 1;
447 } else if (strcmp(*argv, "tos") == 0) {
448 __u32 tos;
449
450 NEXT_ARG();
451 if (rtnl_dsfield_a2n(&tos, *argv))
452 invarg("TOS value is invalid\n", *argv);
453 filter.tos = tos;
454 filter.tosmask = 1;
455 } else if (strcmp(*argv, "fwmark") == 0) {
456 char *slash;
457 __u32 fwmark, fwmask;
458
459 NEXT_ARG();
460 slash = strchr(*argv, '/');
461 if (slash != NULL)
462 *slash = '\0';
463 if (get_u32(&fwmark, *argv, 0))
464 invarg("fwmark value is invalid\n", *argv);
465 filter.fwmark = fwmark;
466 if (slash) {
467 if (get_u32(&fwmask, slash+1, 0))
468 invarg("fwmask value is invalid\n",
469 slash+1);
470 filter.fwmask = fwmask;
471 }
472 } else if (strcmp(*argv, "dev") == 0 ||
473 strcmp(*argv, "iif") == 0) {
474 NEXT_ARG();
475 if (get_ifname(filter.iif, *argv))
476 invarg("\"iif\"/\"dev\" not a valid ifname", *argv);
477 filter.iifmask = 1;
478 } else if (strcmp(*argv, "oif") == 0) {
479 NEXT_ARG();
480 if (get_ifname(filter.oif, *argv))
481 invarg("\"oif\" not a valid ifname", *argv);
482 filter.oifmask = 1;
483 } else if (strcmp(*argv, "l3mdev") == 0) {
484 filter.l3mdev = 1;
485 } else if (strcmp(*argv, "uidrange") == 0) {
486 NEXT_ARG();
487 filter.uidrange = 1;
488 if (sscanf(*argv, "%u-%u",
489 &filter.range.start,
490 &filter.range.end) != 2)
491 invarg("invalid UID range\n", *argv);
492
493 } else if (matches(*argv, "lookup") == 0 ||
494 matches(*argv, "table") == 0) {
495 __u32 tid;
496
497 NEXT_ARG();
498 if (rtnl_rttable_a2n(&tid, *argv))
499 invarg("table id value is invalid\n", *argv);
500 filter.tb = tid;
501 } else if (matches(*argv, "from") == 0 ||
502 matches(*argv, "src") == 0) {
503 NEXT_ARG();
504 get_prefix(&filter.src, *argv, af);
505 } else {
506 if (matches(*argv, "dst") == 0 ||
507 matches(*argv, "to") == 0) {
508 NEXT_ARG();
509 }
510 get_prefix(&filter.dst, *argv, af);
511 }
512 argc--; argv++;
513 }
514
515 if (rtnl_wilddump_request(&rth, af, RTM_GETRULE) < 0) {
516 perror("Cannot send dump request");
517 return 1;
518 }
519
520 if (rtnl_dump_filter(&rth, filter_fn, stdout) < 0) {
521 fprintf(stderr, "Dump terminated\n");
522 return 1;
523 }
524
525 return 0;
526 }
527
528 static int rule_dump_check_magic(void)
529 {
530 int ret;
531 __u32 magic = 0;
532
533 if (isatty(STDIN_FILENO)) {
534 fprintf(stderr, "Can't restore rule dump from a terminal\n");
535 return -1;
536 }
537
538 ret = fread(&magic, sizeof(magic), 1, stdin);
539 if (magic != rule_dump_magic) {
540 fprintf(stderr, "Magic mismatch (%d elems, %x magic)\n",
541 ret, magic);
542 return -1;
543 }
544
545 return 0;
546 }
547
548 static int restore_handler(const struct sockaddr_nl *nl,
549 struct rtnl_ctrl_data *ctrl,
550 struct nlmsghdr *n, void *arg)
551 {
552 int ret;
553
554 n->nlmsg_flags |= NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK;
555
556 ll_init_map(&rth);
557
558 ret = rtnl_talk(&rth, n, NULL);
559 if ((ret < 0) && (errno == EEXIST))
560 ret = 0;
561
562 return ret;
563 }
564
565
566 static int iprule_restore(void)
567 {
568 if (rule_dump_check_magic())
569 exit(-1);
570
571 exit(rtnl_from_file(stdin, &restore_handler, NULL));
572 }
573
574 static int iprule_modify(int cmd, int argc, char **argv)
575 {
576 int l3mdev_rule = 0;
577 int table_ok = 0;
578 __u32 tid = 0;
579 struct {
580 struct nlmsghdr n;
581 struct rtmsg r;
582 char buf[1024];
583 } req = {
584 .n.nlmsg_type = cmd,
585 .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)),
586 .n.nlmsg_flags = NLM_F_REQUEST,
587 .r.rtm_family = preferred_family,
588 .r.rtm_protocol = RTPROT_BOOT,
589 .r.rtm_scope = RT_SCOPE_UNIVERSE,
590 .r.rtm_type = RTN_UNSPEC,
591 };
592
593 if (cmd == RTM_NEWRULE) {
594 req.n.nlmsg_flags |= NLM_F_CREATE|NLM_F_EXCL;
595 req.r.rtm_type = RTN_UNICAST;
596 }
597
598 if (cmd == RTM_DELRULE && argc == 0) {
599 fprintf(stderr, "\"ip rule del\" requires arguments.\n");
600 return -1;
601 }
602
603 while (argc > 0) {
604 if (strcmp(*argv, "not") == 0) {
605 req.r.rtm_flags |= FIB_RULE_INVERT;
606 } else if (strcmp(*argv, "from") == 0) {
607 inet_prefix dst;
608
609 NEXT_ARG();
610 get_prefix(&dst, *argv, req.r.rtm_family);
611 req.r.rtm_src_len = dst.bitlen;
612 addattr_l(&req.n, sizeof(req), FRA_SRC,
613 &dst.data, dst.bytelen);
614 } else if (strcmp(*argv, "to") == 0) {
615 inet_prefix dst;
616
617 NEXT_ARG();
618 get_prefix(&dst, *argv, req.r.rtm_family);
619 req.r.rtm_dst_len = dst.bitlen;
620 addattr_l(&req.n, sizeof(req), FRA_DST,
621 &dst.data, dst.bytelen);
622 } else if (matches(*argv, "preference") == 0 ||
623 matches(*argv, "order") == 0 ||
624 matches(*argv, "priority") == 0) {
625 __u32 pref;
626
627 NEXT_ARG();
628 if (get_u32(&pref, *argv, 0))
629 invarg("preference value is invalid\n", *argv);
630 addattr32(&req.n, sizeof(req), FRA_PRIORITY, pref);
631 } else if (strcmp(*argv, "tos") == 0 ||
632 matches(*argv, "dsfield") == 0) {
633 __u32 tos;
634
635 NEXT_ARG();
636 if (rtnl_dsfield_a2n(&tos, *argv))
637 invarg("TOS value is invalid\n", *argv);
638 req.r.rtm_tos = tos;
639 } else if (strcmp(*argv, "fwmark") == 0) {
640 char *slash;
641 __u32 fwmark, fwmask;
642
643 NEXT_ARG();
644
645 slash = strchr(*argv, '/');
646 if (slash != NULL)
647 *slash = '\0';
648 if (get_u32(&fwmark, *argv, 0))
649 invarg("fwmark value is invalid\n", *argv);
650 addattr32(&req.n, sizeof(req), FRA_FWMARK, fwmark);
651 if (slash) {
652 if (get_u32(&fwmask, slash+1, 0))
653 invarg("fwmask value is invalid\n",
654 slash+1);
655 addattr32(&req.n, sizeof(req),
656 FRA_FWMASK, fwmask);
657 }
658 } else if (matches(*argv, "realms") == 0) {
659 __u32 realm;
660
661 NEXT_ARG();
662 if (get_rt_realms_or_raw(&realm, *argv))
663 invarg("invalid realms\n", *argv);
664 addattr32(&req.n, sizeof(req), FRA_FLOW, realm);
665 } else if (matches(*argv, "table") == 0 ||
666 strcmp(*argv, "lookup") == 0) {
667 NEXT_ARG();
668 if (rtnl_rttable_a2n(&tid, *argv))
669 invarg("invalid table ID\n", *argv);
670 if (tid < 256)
671 req.r.rtm_table = tid;
672 else {
673 req.r.rtm_table = RT_TABLE_UNSPEC;
674 addattr32(&req.n, sizeof(req), FRA_TABLE, tid);
675 }
676 table_ok = 1;
677 } else if (matches(*argv, "suppress_prefixlength") == 0 ||
678 strcmp(*argv, "sup_pl") == 0) {
679 int pl;
680
681 NEXT_ARG();
682 if (get_s32(&pl, *argv, 0) || pl < 0)
683 invarg("suppress_prefixlength value is invalid\n",
684 *argv);
685 addattr32(&req.n, sizeof(req),
686 FRA_SUPPRESS_PREFIXLEN, pl);
687 } else if (matches(*argv, "suppress_ifgroup") == 0 ||
688 strcmp(*argv, "sup_group") == 0) {
689 NEXT_ARG();
690 int group;
691
692 if (rtnl_group_a2n(&group, *argv))
693 invarg("Invalid \"suppress_ifgroup\" value\n",
694 *argv);
695 addattr32(&req.n, sizeof(req),
696 FRA_SUPPRESS_IFGROUP, group);
697 } else if (strcmp(*argv, "dev") == 0 ||
698 strcmp(*argv, "iif") == 0) {
699 NEXT_ARG();
700 if (check_ifname(*argv))
701 invarg("\"iif\"/\"dev\" not a valid ifname", *argv);
702 addattr_l(&req.n, sizeof(req), FRA_IFNAME,
703 *argv, strlen(*argv)+1);
704 } else if (strcmp(*argv, "oif") == 0) {
705 NEXT_ARG();
706 if (check_ifname(*argv))
707 invarg("\"oif\" not a valid ifname", *argv);
708 addattr_l(&req.n, sizeof(req), FRA_OIFNAME,
709 *argv, strlen(*argv)+1);
710 } else if (strcmp(*argv, "l3mdev") == 0) {
711 addattr8(&req.n, sizeof(req), FRA_L3MDEV, 1);
712 table_ok = 1;
713 l3mdev_rule = 1;
714 } else if (strcmp(*argv, "uidrange") == 0) {
715 struct fib_rule_uid_range r;
716
717 NEXT_ARG();
718 if (sscanf(*argv, "%u-%u", &r.start, &r.end) != 2)
719 invarg("invalid UID range\n", *argv);
720 addattr_l(&req.n, sizeof(req), FRA_UID_RANGE, &r,
721 sizeof(r));
722 } else if (strcmp(*argv, "nat") == 0 ||
723 matches(*argv, "map-to") == 0) {
724 NEXT_ARG();
725 fprintf(stderr, "Warning: route NAT is deprecated\n");
726 addattr32(&req.n, sizeof(req), RTA_GATEWAY,
727 get_addr32(*argv));
728 req.r.rtm_type = RTN_NAT;
729 } else {
730 int type;
731
732 if (strcmp(*argv, "type") == 0)
733 NEXT_ARG();
734
735 if (matches(*argv, "help") == 0)
736 usage();
737 else if (matches(*argv, "goto") == 0) {
738 __u32 target;
739
740 type = FR_ACT_GOTO;
741 NEXT_ARG();
742 if (get_u32(&target, *argv, 0))
743 invarg("invalid target\n", *argv);
744 addattr32(&req.n, sizeof(req),
745 FRA_GOTO, target);
746 } else if (matches(*argv, "nop") == 0)
747 type = FR_ACT_NOP;
748 else if (rtnl_rtntype_a2n(&type, *argv))
749 invarg("Failed to parse rule type", *argv);
750 req.r.rtm_type = type;
751 table_ok = 1;
752 }
753 argc--;
754 argv++;
755 }
756
757 if (l3mdev_rule && tid != 0) {
758 fprintf(stderr,
759 "table can not be specified for l3mdev rules\n");
760 return -EINVAL;
761 }
762
763 if (req.r.rtm_family == AF_UNSPEC)
764 req.r.rtm_family = AF_INET;
765
766 if (!table_ok && cmd == RTM_NEWRULE)
767 req.r.rtm_table = RT_TABLE_MAIN;
768
769 if (rtnl_talk(&rth, &req.n, NULL) < 0)
770 return -2;
771
772 return 0;
773 }
774
775 int do_iprule(int argc, char **argv)
776 {
777 if (argc < 1) {
778 return iprule_list_flush_or_save(0, NULL, IPRULE_LIST);
779 } else if (matches(argv[0], "list") == 0 ||
780 matches(argv[0], "lst") == 0 ||
781 matches(argv[0], "show") == 0) {
782 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_LIST);
783 } else if (matches(argv[0], "save") == 0) {
784 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_SAVE);
785 } else if (matches(argv[0], "restore") == 0) {
786 return iprule_restore();
787 } else if (matches(argv[0], "add") == 0) {
788 return iprule_modify(RTM_NEWRULE, argc-1, argv+1);
789 } else if (matches(argv[0], "delete") == 0) {
790 return iprule_modify(RTM_DELRULE, argc-1, argv+1);
791 } else if (matches(argv[0], "flush") == 0) {
792 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_FLUSH);
793 } else if (matches(argv[0], "help") == 0)
794 usage();
795
796 fprintf(stderr,
797 "Command \"%s\" is unknown, try \"ip rule help\".\n", *argv);
798 exit(-1);
799 }
800
801 int do_multirule(int argc, char **argv)
802 {
803 switch (preferred_family) {
804 case AF_UNSPEC:
805 case AF_INET:
806 preferred_family = RTNL_FAMILY_IPMR;
807 break;
808 case AF_INET6:
809 preferred_family = RTNL_FAMILY_IP6MR;
810 break;
811 case RTNL_FAMILY_IPMR:
812 case RTNL_FAMILY_IP6MR:
813 break;
814 default:
815 fprintf(stderr,
816 "Multicast rules are only supported for IPv4/IPv6, was: %i\n",
817 preferred_family);
818 exit(-1);
819 }
820
821 return do_iprule(argc, argv);
822 }
Upstream mirror of iproute2