4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Patrick McHardy <kaber@trash.net>
21 static void explain(void)
24 "Usage: ... flow ...\n"
26 " [mapping mode]: map key KEY [ OPS ] ...\n"
27 " [hashing mode]: hash keys KEY-LIST ... [ perturb SECS ]\n"
29 " [ divisor NUM ] [ baseclass ID ] [ match EMATCH_TREE ]\n"
30 " [ action ACTION_SPEC ]\n"
32 "KEY-LIST := [ KEY-LIST , ] KEY\n"
33 "KEY := [ src | dst | proto | proto-src | proto-dst | iif | priority |\n"
34 " mark | nfct | nfct-src | nfct-dst | nfct-proto-src |\n"
35 " nfct-proto-dst | rt-classid | sk-uid | sk-gid |\n"
36 " vlan-tag | rxhash ]\n"
37 "OPS := [ or NUM | and NUM | xor NUM | rshift NUM | addend NUM ]\n"
42 static const char *flow_keys
[FLOW_KEY_MAX
+1] = {
43 [FLOW_KEY_SRC
] = "src",
44 [FLOW_KEY_DST
] = "dst",
45 [FLOW_KEY_PROTO
] = "proto",
46 [FLOW_KEY_PROTO_SRC
] = "proto-src",
47 [FLOW_KEY_PROTO_DST
] = "proto-dst",
48 [FLOW_KEY_IIF
] = "iif",
49 [FLOW_KEY_PRIORITY
] = "priority",
50 [FLOW_KEY_MARK
] = "mark",
51 [FLOW_KEY_NFCT
] = "nfct",
52 [FLOW_KEY_NFCT_SRC
] = "nfct-src",
53 [FLOW_KEY_NFCT_DST
] = "nfct-dst",
54 [FLOW_KEY_NFCT_PROTO_SRC
] = "nfct-proto-src",
55 [FLOW_KEY_NFCT_PROTO_DST
] = "nfct-proto-dst",
56 [FLOW_KEY_RTCLASSID
] = "rt-classid",
57 [FLOW_KEY_SKUID
] = "sk-uid",
58 [FLOW_KEY_SKGID
] = "sk-gid",
59 [FLOW_KEY_VLAN_TAG
] = "vlan-tag",
60 [FLOW_KEY_RXHASH
] = "rxhash",
63 static int flow_parse_keys(__u32
*keys
, __u32
*nkeys
, char *argv
)
76 for (i
= 0; i
<= FLOW_KEY_MAX
; i
++) {
77 if (matches(s
, flow_keys
[i
]) == 0) {
83 if (i
> FLOW_KEY_MAX
) {
84 fprintf(stderr
, "Unknown flow key \"%s\"\n", s
);
87 s
= sep
? sep
+ 1 : NULL
;
92 static void transfer_bitop(__u32
*mask
, __u32
*xor, __u32 m
, __u32 x
)
94 *xor = x
^ (*xor & m
);
98 static int get_addend(__u32
*addend
, char *argv
, __u32 keys
)
109 if (get_u32(&tmp
, argv
, 0) == 0)
112 if (keys
& (FLOW_KEY_SRC
| FLOW_KEY_DST
|
113 FLOW_KEY_NFCT_SRC
| FLOW_KEY_NFCT_DST
) &&
114 get_addr(&addr
, argv
, AF_UNSPEC
) == 0) {
115 switch (addr
.family
) {
117 tmp
= ntohl(addr
.data
[0]);
120 tmp
= ntohl(addr
.data
[3]);
133 static int flow_parse_opt(struct filter_util
*fu
, char *handle
,
134 int argc
, char **argv
, struct nlmsghdr
*n
)
136 struct tcmsg
*t
= NLMSG_DATA(n
);
138 __u32 mask
= ~0U, xor = 0;
139 __u32 keys
= 0, nkeys
= 0;
140 __u32 mode
= FLOW_MODE_MAP
;
144 if (get_u32(&t
->tcm_handle
, handle
, 0)) {
145 fprintf(stderr
, "Illegal \"handle\"\n");
150 tail
= NLMSG_TAIL(n
);
151 addattr_l(n
, 4096, TCA_OPTIONS
, NULL
, 0);
154 if (matches(*argv
, "map") == 0) {
155 mode
= FLOW_MODE_MAP
;
156 } else if (matches(*argv
, "hash") == 0) {
157 mode
= FLOW_MODE_HASH
;
158 } else if (matches(*argv
, "keys") == 0) {
160 if (flow_parse_keys(&keys
, &nkeys
, *argv
))
162 addattr32(n
, 4096, TCA_FLOW_KEYS
, keys
);
163 } else if (matches(*argv
, "and") == 0) {
165 if (get_u32(&tmp
, *argv
, 0)) {
166 fprintf(stderr
, "Illegal \"mask\"\n");
169 transfer_bitop(&mask
, &xor, tmp
, 0);
170 } else if (matches(*argv
, "or") == 0) {
172 if (get_u32(&tmp
, *argv
, 0)) {
173 fprintf(stderr
, "Illegal \"or\"\n");
176 transfer_bitop(&mask
, &xor, ~tmp
, tmp
);
177 } else if (matches(*argv
, "xor") == 0) {
179 if (get_u32(&tmp
, *argv
, 0)) {
180 fprintf(stderr
, "Illegal \"xor\"\n");
183 transfer_bitop(&mask
, &xor, ~0, tmp
);
184 } else if (matches(*argv
, "rshift") == 0) {
186 if (get_u32(&tmp
, *argv
, 0)) {
187 fprintf(stderr
, "Illegal \"rshift\"\n");
190 addattr32(n
, 4096, TCA_FLOW_RSHIFT
, tmp
);
191 } else if (matches(*argv
, "addend") == 0) {
193 if (get_addend(&tmp
, *argv
, keys
)) {
194 fprintf(stderr
, "Illegal \"addend\"\n");
197 addattr32(n
, 4096, TCA_FLOW_ADDEND
, tmp
);
198 } else if (matches(*argv
, "divisor") == 0) {
200 if (get_u32(&tmp
, *argv
, 0)) {
201 fprintf(stderr
, "Illegal \"divisor\"\n");
204 addattr32(n
, 4096, TCA_FLOW_DIVISOR
, tmp
);
205 } else if (matches(*argv
, "baseclass") == 0) {
207 if (get_tc_classid(&tmp
, *argv
) || TC_H_MIN(tmp
) == 0) {
208 fprintf(stderr
, "Illegal \"baseclass\"\n");
211 addattr32(n
, 4096, TCA_FLOW_BASECLASS
, tmp
);
212 } else if (matches(*argv
, "perturb") == 0) {
214 if (get_u32(&tmp
, *argv
, 0)) {
215 fprintf(stderr
, "Illegal \"perturb\"\n");
218 addattr32(n
, 4096, TCA_FLOW_PERTURB
, tmp
);
219 } else if (matches(*argv
, "police") == 0) {
221 if (parse_police(&argc
, &argv
, TCA_FLOW_POLICE
, n
)) {
222 fprintf(stderr
, "Illegal \"police\"\n");
226 } else if (matches(*argv
, "action") == 0) {
228 if (parse_action(&argc
, &argv
, TCA_FLOW_ACT
, n
)) {
229 fprintf(stderr
, "Illegal \"action\"\n");
233 } else if (matches(*argv
, "match") == 0) {
235 if (parse_ematch(&argc
, &argv
, TCA_FLOW_EMATCHES
, n
)) {
236 fprintf(stderr
, "Illegal \"ematch\"\n");
240 } else if (matches(*argv
, "help") == 0) {
244 fprintf(stderr
, "What is \"%s\"?\n", *argv
);
251 if (nkeys
> 1 && mode
!= FLOW_MODE_HASH
) {
252 fprintf(stderr
, "Invalid mode \"map\" for multiple keys\n");
255 addattr32(n
, 4096, TCA_FLOW_MODE
, mode
);
257 if (mask
!= ~0 || xor != 0) {
258 addattr32(n
, 4096, TCA_FLOW_MASK
, mask
);
259 addattr32(n
, 4096, TCA_FLOW_XOR
, xor);
262 tail
->rta_len
= (void *)NLMSG_TAIL(n
) - (void *)tail
;
266 static int flow_print_opt(struct filter_util
*fu
, FILE *f
, struct rtattr
*opt
,
269 struct rtattr
*tb
[TCA_FLOW_MAX
+1];
273 __u32 mask
= ~0, val
= 0;
278 parse_rtattr_nested(tb
, TCA_FLOW_MAX
, opt
);
280 fprintf(f
, "handle 0x%x ", handle
);
282 if (tb
[TCA_FLOW_MODE
]) {
283 __u32 mode
= rta_getattr_u32(tb
[TCA_FLOW_MODE
]);
295 if (tb
[TCA_FLOW_KEYS
]) {
296 __u32 keymask
= rta_getattr_u32(tb
[TCA_FLOW_KEYS
]);
300 for (i
= 0; i
<= FLOW_KEY_MAX
; i
++) {
301 if (keymask
& (1 << i
)) {
302 fprintf(f
, "%s%s", sep
, flow_keys
[i
]);
309 if (tb
[TCA_FLOW_MASK
])
310 mask
= rta_getattr_u32(tb
[TCA_FLOW_MASK
]);
311 if (tb
[TCA_FLOW_XOR
])
312 val
= rta_getattr_u32(tb
[TCA_FLOW_XOR
]);
314 if (mask
!= ~0 || val
!= 0) {
315 __u32
or = (mask
& val
) ^ val
;
316 __u32
xor = mask
& val
;
319 fprintf(f
, "and 0x%.8x ", mask
);
321 fprintf(f
, "xor 0x%.8x ", xor);
323 fprintf(f
, "or 0x%.8x ", or);
326 if (tb
[TCA_FLOW_RSHIFT
])
327 fprintf(f
, "rshift %u ",
328 rta_getattr_u32(tb
[TCA_FLOW_RSHIFT
]));
329 if (tb
[TCA_FLOW_ADDEND
])
330 fprintf(f
, "addend 0x%x ",
331 rta_getattr_u32(tb
[TCA_FLOW_ADDEND
]));
333 if (tb
[TCA_FLOW_DIVISOR
])
334 fprintf(f
, "divisor %u ",
335 rta_getattr_u32(tb
[TCA_FLOW_DIVISOR
]));
336 if (tb
[TCA_FLOW_BASECLASS
])
337 fprintf(f
, "baseclass %s ",
338 sprint_tc_classid(rta_getattr_u32(tb
[TCA_FLOW_BASECLASS
]), b1
));
340 if (tb
[TCA_FLOW_PERTURB
])
341 fprintf(f
, "perturb %usec ",
342 rta_getattr_u32(tb
[TCA_FLOW_PERTURB
]));
344 if (tb
[TCA_FLOW_EMATCHES
])
345 print_ematch(f
, tb
[TCA_FLOW_EMATCHES
]);
346 if (tb
[TCA_FLOW_POLICE
])
347 tc_print_police(f
, tb
[TCA_FLOW_POLICE
]);
348 if (tb
[TCA_FLOW_ACT
]) {
350 tc_print_action(f
, tb
[TCA_FLOW_ACT
]);
355 struct filter_util flow_filter_util
= {
357 .parse_fopt
= flow_parse_opt
,
358 .print_fopt
= flow_print_opt
,