]> git.proxmox.com Git - mirror_iproute2.git/blob - tc/f_flower.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tc: f_flower: add options support for vxlan
[mirror_iproute2.git] / tc / f_flower.c
1 /*
2 * f_flower.c Flower Classifier
3 *
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Jiri Pirko <jiri@resnulli.us>
10 */
11
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15 #include <string.h>
16 #include <net/if.h>
17 #include <linux/limits.h>
18 #include <linux/if_arp.h>
19 #include <linux/if_ether.h>
20 #include <linux/ip.h>
21 #include <linux/tc_act/tc_vlan.h>
22 #include <linux/mpls.h>
23
24 #include "utils.h"
25 #include "tc_util.h"
26 #include "rt_names.h"
27
28 enum flower_matching_flags {
29 FLOWER_IP_FLAGS,
30 };
31
32 enum flower_endpoint {
33 FLOWER_ENDPOINT_SRC,
34 FLOWER_ENDPOINT_DST
35 };
36
37 enum flower_icmp_field {
38 FLOWER_ICMP_FIELD_TYPE,
39 FLOWER_ICMP_FIELD_CODE
40 };
41
42 static void explain(void)
43 {
44 fprintf(stderr,
45 "Usage: ... flower [ MATCH-LIST ] [ verbose ]\n"
46 " [ skip_sw | skip_hw ]\n"
47 " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
48 "\n"
49 "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
50 " MATCH := { indev DEV-NAME |\n"
51 " vlan_id VID |\n"
52 " vlan_prio PRIORITY |\n"
53 " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
54 " cvlan_id VID |\n"
55 " cvlan_prio PRIORITY |\n"
56 " cvlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
57 " dst_mac MASKED-LLADDR |\n"
58 " src_mac MASKED-LLADDR |\n"
59 " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
60 " ip_tos MASKED-IP_TOS |\n"
61 " ip_ttl MASKED-IP_TTL |\n"
62 " mpls_label LABEL |\n"
63 " mpls_tc TC |\n"
64 " mpls_bos BOS |\n"
65 " mpls_ttl TTL |\n"
66 " dst_ip PREFIX |\n"
67 " src_ip PREFIX |\n"
68 " dst_port PORT-NUMBER |\n"
69 " src_port PORT-NUMBER |\n"
70 " tcp_flags MASKED-TCP_FLAGS |\n"
71 " type MASKED-ICMP-TYPE |\n"
72 " code MASKED-ICMP-CODE |\n"
73 " arp_tip IPV4-PREFIX |\n"
74 " arp_sip IPV4-PREFIX |\n"
75 " arp_op [ request | reply | OP ] |\n"
76 " arp_tha MASKED-LLADDR |\n"
77 " arp_sha MASKED-LLADDR |\n"
78 " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
79 " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
80 " enc_key_id [ KEY-ID ] |\n"
81 " enc_tos MASKED-IP_TOS |\n"
82 " enc_ttl MASKED-IP_TTL |\n"
83 " geneve_opts MASKED-OPTIONS |\n"
84 " vxlan_opts MASKED-OPTIONS |\n"
85 " ip_flags IP-FLAGS | \n"
86 " enc_dst_port [ port_number ] |\n"
87 " ct_state MASKED_CT_STATE |\n"
88 " ct_label MASKED_CT_LABEL |\n"
89 " ct_mark MASKED_CT_MARK |\n"
90 " ct_zone MASKED_CT_ZONE }\n"
91 " FILTERID := X:Y:Z\n"
92 " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
93 " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new\n"
94 " ACTION-SPEC := ... look at individual actions\n"
95 "\n"
96 "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
97 "NOTE: There can be only used one mask per one prio. If user needs\n"
98 " to specify different mask, he has to use different prio.\n");
99 }
100
101 static int flower_parse_eth_addr(char *str, int addr_type, int mask_type,
102 struct nlmsghdr *n)
103 {
104 int ret, err = -1;
105 char addr[ETH_ALEN], *slash;
106
107 slash = strchr(str, '/');
108 if (slash)
109 *slash = '\0';
110
111 ret = ll_addr_a2n(addr, sizeof(addr), str);
112 if (ret < 0)
113 goto err;
114 addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr));
115
116 if (slash) {
117 unsigned bits;
118
119 if (!get_unsigned(&bits, slash + 1, 10)) {
120 uint64_t mask;
121
122 /* Extra 16 bit shift to push mac address into
123 * high bits of uint64_t
124 */
125 mask = htonll(0xffffffffffffULL << (16 + 48 - bits));
126 memcpy(addr, &mask, ETH_ALEN);
127 } else {
128 ret = ll_addr_a2n(addr, sizeof(addr), slash + 1);
129 if (ret < 0)
130 goto err;
131 }
132 } else {
133 memset(addr, 0xff, ETH_ALEN);
134 }
135 addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr));
136
137 err = 0;
138 err:
139 if (slash)
140 *slash = '/';
141 return err;
142 }
143
144 static bool eth_type_vlan(__be16 ethertype)
145 {
146 return ethertype == htons(ETH_P_8021Q) ||
147 ethertype == htons(ETH_P_8021AD);
148 }
149
150 static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type,
151 __be16 *p_vlan_eth_type,
152 struct nlmsghdr *n)
153 {
154 __be16 vlan_eth_type;
155
156 if (!eth_type_vlan(eth_type)) {
157 fprintf(stderr, "Can't set \"%s\" if ethertype isn't 802.1Q or 802.1AD\n",
158 type == TCA_FLOWER_KEY_VLAN_ETH_TYPE ? "vlan_ethtype" : "cvlan_ethtype");
159 return -1;
160 }
161
162 if (ll_proto_a2n(&vlan_eth_type, str))
163 invarg("invalid vlan_ethtype", str);
164 addattr16(n, MAX_MSG, type, vlan_eth_type);
165 *p_vlan_eth_type = vlan_eth_type;
166 return 0;
167 }
168
169 struct flag_to_string {
170 int flag;
171 enum flower_matching_flags type;
172 char *string;
173 };
174
175 static struct flag_to_string flags_str[] = {
176 { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
177 { TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, FLOWER_IP_FLAGS, "firstfrag" },
178 };
179
180 static int flower_parse_matching_flags(char *str,
181 enum flower_matching_flags type,
182 __u32 *mtf, __u32 *mtf_mask)
183 {
184 char *token;
185 bool no;
186 bool found;
187 int i;
188
189 token = strtok(str, "/");
190
191 while (token) {
192 if (!strncmp(token, "no", 2)) {
193 no = true;
194 token += 2;
195 } else
196 no = false;
197
198 found = false;
199 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
200 if (type != flags_str[i].type)
201 continue;
202
203 if (!strcmp(token, flags_str[i].string)) {
204 if (no)
205 *mtf &= ~flags_str[i].flag;
206 else
207 *mtf |= flags_str[i].flag;
208
209 *mtf_mask |= flags_str[i].flag;
210 found = true;
211 break;
212 }
213 }
214 if (!found)
215 return -1;
216
217 token = strtok(NULL, "/");
218 }
219
220 return 0;
221 }
222
223 static int flower_parse_u16(char *str, int value_type, int mask_type,
224 struct nlmsghdr *n, bool be)
225 {
226 __u16 value, mask;
227 char *slash;
228
229 slash = strchr(str, '/');
230 if (slash)
231 *slash = '\0';
232
233 if (get_u16(&value, str, 0))
234 return -1;
235
236 if (slash) {
237 if (get_u16(&mask, slash + 1, 0))
238 return -1;
239 } else {
240 mask = UINT16_MAX;
241 }
242
243 if (be) {
244 value = htons(value);
245 mask = htons(mask);
246 }
247 addattr16(n, MAX_MSG, value_type, value);
248 addattr16(n, MAX_MSG, mask_type, mask);
249
250 return 0;
251 }
252
253 static int flower_parse_u32(char *str, int value_type, int mask_type,
254 struct nlmsghdr *n)
255 {
256 __u32 value, mask;
257 char *slash;
258
259 slash = strchr(str, '/');
260 if (slash)
261 *slash = '\0';
262
263 if (get_u32(&value, str, 0))
264 return -1;
265
266 if (slash) {
267 if (get_u32(&mask, slash + 1, 0))
268 return -1;
269 } else {
270 mask = UINT32_MAX;
271 }
272
273 addattr32(n, MAX_MSG, value_type, value);
274 addattr32(n, MAX_MSG, mask_type, mask);
275
276 return 0;
277 }
278
279 static int flower_parse_ct_mark(char *str, struct nlmsghdr *n)
280 {
281 return flower_parse_u32(str,
282 TCA_FLOWER_KEY_CT_MARK,
283 TCA_FLOWER_KEY_CT_MARK_MASK,
284 n);
285 }
286
287 static int flower_parse_ct_zone(char *str, struct nlmsghdr *n)
288 {
289 return flower_parse_u16(str,
290 TCA_FLOWER_KEY_CT_ZONE,
291 TCA_FLOWER_KEY_CT_ZONE_MASK,
292 n,
293 false);
294 }
295
296 static int flower_parse_ct_labels(char *str, struct nlmsghdr *n)
297 {
298 #define LABELS_SIZE 16
299 uint8_t labels[LABELS_SIZE], lmask[LABELS_SIZE];
300 char *slash, *mask = NULL;
301 size_t slen, slen_mask = 0;
302
303 slash = index(str, '/');
304 if (slash) {
305 *slash = 0;
306 mask = slash + 1;
307 slen_mask = strlen(mask);
308 }
309
310 slen = strlen(str);
311 if (slen > LABELS_SIZE * 2 || slen_mask > LABELS_SIZE * 2) {
312 char errmsg[128];
313
314 snprintf(errmsg, sizeof(errmsg),
315 "%zd Max allowed size %d",
316 slen, LABELS_SIZE*2);
317 invarg(errmsg, str);
318 }
319
320 if (hex2mem(str, labels, slen / 2) < 0)
321 invarg("labels must be a hex string\n", str);
322 addattr_l(n, MAX_MSG, TCA_FLOWER_KEY_CT_LABELS, labels, slen / 2);
323
324 if (mask) {
325 if (hex2mem(mask, lmask, slen_mask / 2) < 0)
326 invarg("labels mask must be a hex string\n", mask);
327 } else {
328 memset(lmask, 0xff, sizeof(lmask));
329 slen_mask = sizeof(lmask) * 2;
330 }
331 addattr_l(n, MAX_MSG, TCA_FLOWER_KEY_CT_LABELS_MASK, lmask,
332 slen_mask / 2);
333
334 return 0;
335 }
336
337 static struct flower_ct_states {
338 char *str;
339 int flag;
340 } flower_ct_states[] = {
341 { "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
342 { "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
343 { "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
344 };
345
346 static int flower_parse_ct_state(char *str, struct nlmsghdr *n)
347 {
348 int flags = 0, mask = 0, len, i;
349 bool p;
350
351 while (*str != '\0') {
352 if (*str == '+')
353 p = true;
354 else if (*str == '-')
355 p = false;
356 else
357 return -1;
358
359 for (i = 0; i < ARRAY_SIZE(flower_ct_states); i++) {
360 len = strlen(flower_ct_states[i].str);
361 if (strncmp(str + 1, flower_ct_states[i].str, len))
362 continue;
363
364 if (p)
365 flags |= flower_ct_states[i].flag;
366 mask |= flower_ct_states[i].flag;
367 break;
368 }
369
370 if (i == ARRAY_SIZE(flower_ct_states))
371 return -1;
372
373 str += len + 1;
374 }
375
376 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CT_STATE, flags);
377 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CT_STATE_MASK, mask);
378 return 0;
379 }
380
381 static int flower_parse_ip_proto(char *str, __be16 eth_type, int type,
382 __u8 *p_ip_proto, struct nlmsghdr *n)
383 {
384 int ret;
385 __u8 ip_proto;
386
387 if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6))
388 goto err;
389
390 if (matches(str, "tcp") == 0) {
391 ip_proto = IPPROTO_TCP;
392 } else if (matches(str, "udp") == 0) {
393 ip_proto = IPPROTO_UDP;
394 } else if (matches(str, "sctp") == 0) {
395 ip_proto = IPPROTO_SCTP;
396 } else if (matches(str, "icmp") == 0) {
397 if (eth_type != htons(ETH_P_IP))
398 goto err;
399 ip_proto = IPPROTO_ICMP;
400 } else if (matches(str, "icmpv6") == 0) {
401 if (eth_type != htons(ETH_P_IPV6))
402 goto err;
403 ip_proto = IPPROTO_ICMPV6;
404 } else {
405 ret = get_u8(&ip_proto, str, 16);
406 if (ret)
407 return -1;
408 }
409 addattr8(n, MAX_MSG, type, ip_proto);
410 *p_ip_proto = ip_proto;
411 return 0;
412
413 err:
414 fprintf(stderr, "Illegal \"eth_type\" for ip proto\n");
415 return -1;
416 }
417
418 static int __flower_parse_ip_addr(char *str, int family,
419 int addr4_type, int mask4_type,
420 int addr6_type, int mask6_type,
421 struct nlmsghdr *n)
422 {
423 int ret;
424 inet_prefix addr;
425 int bits;
426 int i;
427
428 ret = get_prefix(&addr, str, family);
429 if (ret)
430 return -1;
431
432 if (family && (addr.family != family)) {
433 fprintf(stderr, "Illegal \"eth_type\" for ip address\n");
434 return -1;
435 }
436
437 addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type,
438 addr.data, addr.bytelen);
439
440 memset(addr.data, 0xff, addr.bytelen);
441 bits = addr.bitlen;
442 for (i = 0; i < addr.bytelen / 4; i++) {
443 if (!bits) {
444 addr.data[i] = 0;
445 } else if (bits / 32 >= 1) {
446 bits -= 32;
447 } else {
448 addr.data[i] <<= 32 - bits;
449 addr.data[i] = htonl(addr.data[i]);
450 bits = 0;
451 }
452 }
453
454 addattr_l(n, MAX_MSG, addr.family == AF_INET ? mask4_type : mask6_type,
455 addr.data, addr.bytelen);
456
457 return 0;
458 }
459
460 static int flower_parse_ip_addr(char *str, __be16 eth_type,
461 int addr4_type, int mask4_type,
462 int addr6_type, int mask6_type,
463 struct nlmsghdr *n)
464 {
465 int family;
466
467 if (eth_type == htons(ETH_P_IP)) {
468 family = AF_INET;
469 } else if (eth_type == htons(ETH_P_IPV6)) {
470 family = AF_INET6;
471 } else if (!eth_type) {
472 family = AF_UNSPEC;
473 } else {
474 return -1;
475 }
476
477 return __flower_parse_ip_addr(str, family, addr4_type, mask4_type,
478 addr6_type, mask6_type, n);
479 }
480
481 static bool flower_eth_type_arp(__be16 eth_type)
482 {
483 return eth_type == htons(ETH_P_ARP) || eth_type == htons(ETH_P_RARP);
484 }
485
486 static int flower_parse_arp_ip_addr(char *str, __be16 eth_type,
487 int addr_type, int mask_type,
488 struct nlmsghdr *n)
489 {
490 if (!flower_eth_type_arp(eth_type))
491 return -1;
492
493 return __flower_parse_ip_addr(str, AF_INET, addr_type, mask_type,
494 TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n);
495 }
496
497 static int flower_parse_u8(char *str, int value_type, int mask_type,
498 int (*value_from_name)(const char *str,
499 __u8 *value),
500 bool (*value_validate)(__u8 value),
501 struct nlmsghdr *n)
502 {
503 char *slash;
504 int ret, err = -1;
505 __u8 value, mask;
506
507 slash = strchr(str, '/');
508 if (slash)
509 *slash = '\0';
510
511 ret = value_from_name ? value_from_name(str, &value) : -1;
512 if (ret < 0) {
513 ret = get_u8(&value, str, 10);
514 if (ret)
515 goto err;
516 }
517
518 if (value_validate && !value_validate(value))
519 goto err;
520
521 if (slash) {
522 ret = get_u8(&mask, slash + 1, 10);
523 if (ret)
524 goto err;
525 }
526 else {
527 mask = UINT8_MAX;
528 }
529
530 addattr8(n, MAX_MSG, value_type, value);
531 addattr8(n, MAX_MSG, mask_type, mask);
532
533 err = 0;
534 err:
535 if (slash)
536 *slash = '/';
537 return err;
538 }
539
540 static const char *flower_print_arp_op_to_name(__u8 op)
541 {
542 switch (op) {
543 case ARPOP_REQUEST:
544 return "request";
545 case ARPOP_REPLY:
546 return "reply";
547 default:
548 return NULL;
549 }
550 }
551
552 static int flower_arp_op_from_name(const char *name, __u8 *op)
553 {
554 if (!strcmp(name, "request"))
555 *op = ARPOP_REQUEST;
556 else if (!strcmp(name, "reply"))
557 *op = ARPOP_REPLY;
558 else
559 return -1;
560
561 return 0;
562 }
563
564 static bool flow_arp_op_validate(__u8 op)
565 {
566 return !op || op == ARPOP_REQUEST || op == ARPOP_REPLY;
567 }
568
569 static int flower_parse_arp_op(char *str, __be16 eth_type,
570 int op_type, int mask_type,
571 struct nlmsghdr *n)
572 {
573 if (!flower_eth_type_arp(eth_type))
574 return -1;
575
576 return flower_parse_u8(str, op_type, mask_type, flower_arp_op_from_name,
577 flow_arp_op_validate, n);
578 }
579
580 static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto,
581 enum flower_icmp_field field)
582 {
583 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
584 return field == FLOWER_ICMP_FIELD_CODE ?
585 TCA_FLOWER_KEY_ICMPV4_CODE :
586 TCA_FLOWER_KEY_ICMPV4_TYPE;
587 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
588 return field == FLOWER_ICMP_FIELD_CODE ?
589 TCA_FLOWER_KEY_ICMPV6_CODE :
590 TCA_FLOWER_KEY_ICMPV6_TYPE;
591
592 return -1;
593 }
594
595 static int flower_icmp_attr_mask_type(__be16 eth_type, __u8 ip_proto,
596 enum flower_icmp_field field)
597 {
598 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
599 return field == FLOWER_ICMP_FIELD_CODE ?
600 TCA_FLOWER_KEY_ICMPV4_CODE_MASK :
601 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK;
602 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
603 return field == FLOWER_ICMP_FIELD_CODE ?
604 TCA_FLOWER_KEY_ICMPV6_CODE_MASK :
605 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK;
606
607 return -1;
608 }
609
610 static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto,
611 enum flower_icmp_field field, struct nlmsghdr *n)
612 {
613 int value_type, mask_type;
614
615 value_type = flower_icmp_attr_type(eth_type, ip_proto, field);
616 mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, field);
617 if (value_type < 0 || mask_type < 0)
618 return -1;
619
620 return flower_parse_u8(str, value_type, mask_type, NULL, NULL, n);
621 }
622
623 static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint)
624 {
625 if (ip_proto == IPPROTO_TCP)
626 return endpoint == FLOWER_ENDPOINT_SRC ?
627 TCA_FLOWER_KEY_TCP_SRC :
628 TCA_FLOWER_KEY_TCP_DST;
629 else if (ip_proto == IPPROTO_UDP)
630 return endpoint == FLOWER_ENDPOINT_SRC ?
631 TCA_FLOWER_KEY_UDP_SRC :
632 TCA_FLOWER_KEY_UDP_DST;
633 else if (ip_proto == IPPROTO_SCTP)
634 return endpoint == FLOWER_ENDPOINT_SRC ?
635 TCA_FLOWER_KEY_SCTP_SRC :
636 TCA_FLOWER_KEY_SCTP_DST;
637 else
638 return -1;
639 }
640
641 static int flower_port_attr_mask_type(__u8 ip_proto,
642 enum flower_endpoint endpoint)
643 {
644 switch (ip_proto) {
645 case IPPROTO_TCP:
646 return endpoint == FLOWER_ENDPOINT_SRC ?
647 TCA_FLOWER_KEY_TCP_SRC_MASK :
648 TCA_FLOWER_KEY_TCP_DST_MASK;
649 case IPPROTO_UDP:
650 return endpoint == FLOWER_ENDPOINT_SRC ?
651 TCA_FLOWER_KEY_UDP_SRC_MASK :
652 TCA_FLOWER_KEY_UDP_DST_MASK;
653 case IPPROTO_SCTP:
654 return endpoint == FLOWER_ENDPOINT_SRC ?
655 TCA_FLOWER_KEY_SCTP_SRC_MASK :
656 TCA_FLOWER_KEY_SCTP_DST_MASK;
657 default:
658 return -1;
659 }
660 }
661
662 static int flower_port_range_attr_type(__u8 ip_proto, enum flower_endpoint type,
663 __be16 *min_port_type,
664 __be16 *max_port_type)
665 {
666 if (ip_proto == IPPROTO_TCP || ip_proto == IPPROTO_UDP ||
667 ip_proto == IPPROTO_SCTP) {
668 if (type == FLOWER_ENDPOINT_SRC) {
669 *min_port_type = TCA_FLOWER_KEY_PORT_SRC_MIN;
670 *max_port_type = TCA_FLOWER_KEY_PORT_SRC_MAX;
671 } else {
672 *min_port_type = TCA_FLOWER_KEY_PORT_DST_MIN;
673 *max_port_type = TCA_FLOWER_KEY_PORT_DST_MAX;
674 }
675 } else {
676 return -1;
677 }
678 return 0;
679 }
680
681 /* parse range args in format 10-20 */
682 static int parse_range(char *str, __be16 *min, __be16 *max)
683 {
684 char *sep;
685
686 sep = strchr(str, '-');
687 if (sep) {
688 *sep = '\0';
689
690 if (get_be16(min, str, 10))
691 return -1;
692
693 if (get_be16(max, sep + 1, 10))
694 return -1;
695 } else {
696 if (get_be16(min, str, 10))
697 return -1;
698 }
699 return 0;
700 }
701
702 static int flower_parse_port(char *str, __u8 ip_proto,
703 enum flower_endpoint endpoint,
704 struct nlmsghdr *n)
705 {
706 char *slash = NULL;
707 __be16 min = 0;
708 __be16 max = 0;
709 int ret;
710
711 ret = parse_range(str, &min, &max);
712 if (ret) {
713 slash = strchr(str, '/');
714 if (!slash)
715 return -1;
716 }
717
718 if (min && max) {
719 __be16 min_port_type, max_port_type;
720
721 if (max <= min) {
722 fprintf(stderr, "max value should be greater than min value\n");
723 return -1;
724 }
725 if (flower_port_range_attr_type(ip_proto, endpoint,
726 &min_port_type, &max_port_type))
727 return -1;
728
729 addattr16(n, MAX_MSG, min_port_type, min);
730 addattr16(n, MAX_MSG, max_port_type, max);
731 } else if (slash || (min && !max)) {
732 int type;
733
734 type = flower_port_attr_type(ip_proto, endpoint);
735 if (type < 0)
736 return -1;
737
738 if (!slash) {
739 addattr16(n, MAX_MSG, type, min);
740 } else {
741 int mask_type;
742
743 mask_type = flower_port_attr_mask_type(ip_proto,
744 endpoint);
745 if (mask_type < 0)
746 return -1;
747 return flower_parse_u16(str, type, mask_type, n, true);
748 }
749 } else {
750 return -1;
751 }
752 return 0;
753 }
754
755 #define TCP_FLAGS_MAX_MASK 0xfff
756
757 static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
758 struct nlmsghdr *n)
759 {
760 char *slash;
761 int ret, err = -1;
762 __u16 flags;
763
764 slash = strchr(str, '/');
765 if (slash)
766 *slash = '\0';
767
768 ret = get_u16(&flags, str, 16);
769 if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
770 goto err;
771
772 addattr16(n, MAX_MSG, flags_type, htons(flags));
773
774 if (slash) {
775 ret = get_u16(&flags, slash + 1, 16);
776 if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
777 goto err;
778 } else {
779 flags = TCP_FLAGS_MAX_MASK;
780 }
781 addattr16(n, MAX_MSG, mask_type, htons(flags));
782
783 err = 0;
784 err:
785 if (slash)
786 *slash = '/';
787 return err;
788 }
789
790 static int flower_parse_ip_tos_ttl(char *str, int key_type, int mask_type,
791 struct nlmsghdr *n)
792 {
793 char *slash;
794 int ret, err = -1;
795 __u8 tos_ttl;
796
797 slash = strchr(str, '/');
798 if (slash)
799 *slash = '\0';
800
801 ret = get_u8(&tos_ttl, str, 10);
802 if (ret < 0)
803 ret = get_u8(&tos_ttl, str, 16);
804 if (ret < 0)
805 goto err;
806
807 addattr8(n, MAX_MSG, key_type, tos_ttl);
808
809 if (slash) {
810 ret = get_u8(&tos_ttl, slash + 1, 16);
811 if (ret < 0)
812 goto err;
813 } else {
814 tos_ttl = 0xff;
815 }
816 addattr8(n, MAX_MSG, mask_type, tos_ttl);
817
818 err = 0;
819 err:
820 if (slash)
821 *slash = '/';
822 return err;
823 }
824
825 static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
826 {
827 int ret;
828 __be32 key_id;
829
830 ret = get_be32(&key_id, str, 10);
831 if (!ret)
832 addattr32(n, MAX_MSG, type, key_id);
833
834 return ret;
835 }
836
837 static int flower_parse_enc_port(char *str, int type, struct nlmsghdr *n)
838 {
839 int ret;
840 __be16 port;
841
842 ret = get_be16(&port, str, 10);
843 if (ret)
844 return -1;
845
846 addattr16(n, MAX_MSG, type, port);
847
848 return 0;
849 }
850
851 static int flower_parse_geneve_opt(char *str, struct nlmsghdr *n)
852 {
853 struct rtattr *nest;
854 char *token;
855 int i, err;
856
857 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
858
859 i = 1;
860 token = strsep(&str, ":");
861 while (token) {
862 switch (i) {
863 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS:
864 {
865 __be16 opt_class;
866
867 if (!strlen(token))
868 break;
869 err = get_be16(&opt_class, token, 16);
870 if (err)
871 return err;
872
873 addattr16(n, MAX_MSG, i, opt_class);
874 break;
875 }
876 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE:
877 {
878 __u8 opt_type;
879
880 if (!strlen(token))
881 break;
882 err = get_u8(&opt_type, token, 16);
883 if (err)
884 return err;
885
886 addattr8(n, MAX_MSG, i, opt_type);
887 break;
888 }
889 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA:
890 {
891 size_t token_len = strlen(token);
892 __u8 *opts;
893
894 if (!token_len)
895 break;
896 opts = malloc(token_len / 2);
897 if (!opts)
898 return -1;
899 if (hex2mem(token, opts, token_len / 2) < 0) {
900 free(opts);
901 return -1;
902 }
903 addattr_l(n, MAX_MSG, i, opts, token_len / 2);
904 free(opts);
905
906 break;
907 }
908 default:
909 fprintf(stderr, "Unknown \"geneve_opts\" type\n");
910 return -1;
911 }
912
913 token = strsep(&str, ":");
914 i++;
915 }
916 addattr_nest_end(n, nest);
917
918 return 0;
919 }
920
921 static int flower_parse_vxlan_opt(char *str, struct nlmsghdr *n)
922 {
923 struct rtattr *nest;
924 __u32 gbp;
925 int err;
926
927 nest = addattr_nest(n, MAX_MSG,
928 TCA_FLOWER_KEY_ENC_OPTS_VXLAN | NLA_F_NESTED);
929
930 err = get_u32(&gbp, str, 0);
931 if (err)
932 return err;
933 addattr32(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP, gbp);
934
935 addattr_nest_end(n, nest);
936
937 return 0;
938 }
939
940 static int flower_parse_geneve_opts(char *str, struct nlmsghdr *n)
941 {
942 char *token;
943 int err;
944
945 token = strsep(&str, ",");
946 while (token) {
947 err = flower_parse_geneve_opt(token, n);
948 if (err)
949 return err;
950
951 token = strsep(&str, ",");
952 }
953
954 return 0;
955 }
956
957 static int flower_check_enc_opt_key(char *key)
958 {
959 int key_len, col_cnt = 0;
960
961 key_len = strlen(key);
962 while ((key = strchr(key, ':'))) {
963 if (strlen(key) == key_len)
964 return -1;
965
966 key_len = strlen(key) - 1;
967 col_cnt++;
968 key++;
969 }
970
971 if (col_cnt != 2 || !key_len)
972 return -1;
973
974 return 0;
975 }
976
977 static int flower_parse_enc_opts_geneve(char *str, struct nlmsghdr *n)
978 {
979 char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];
980 int data_len, key_len, mask_len, err;
981 char *token, *slash;
982 struct rtattr *nest;
983
984 key_len = 0;
985 mask_len = 0;
986 token = strsep(&str, ",");
987 while (token) {
988 slash = strchr(token, '/');
989 if (slash)
990 *slash = '\0';
991
992 if ((key_len + strlen(token) > XATTR_SIZE_MAX) ||
993 flower_check_enc_opt_key(token))
994 return -1;
995
996 strcpy(&key[key_len], token);
997 key_len += strlen(token) + 1;
998 key[key_len - 1] = ',';
999
1000 if (!slash) {
1001 /* Pad out mask when not provided */
1002 if (mask_len + strlen(token) > XATTR_SIZE_MAX)
1003 return -1;
1004
1005 data_len = strlen(rindex(token, ':'));
1006 sprintf(&mask[mask_len], "ffff:ff:");
1007 mask_len += 8;
1008 memset(&mask[mask_len], 'f', data_len - 1);
1009 mask_len += data_len;
1010 mask[mask_len - 1] = ',';
1011 token = strsep(&str, ",");
1012 continue;
1013 }
1014
1015 if (mask_len + strlen(slash + 1) > XATTR_SIZE_MAX)
1016 return -1;
1017
1018 strcpy(&mask[mask_len], slash + 1);
1019 mask_len += strlen(slash + 1) + 1;
1020 mask[mask_len - 1] = ',';
1021
1022 *slash = '/';
1023 token = strsep(&str, ",");
1024 }
1025 key[key_len - 1] = '\0';
1026 mask[mask_len - 1] = '\0';
1027
1028 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS);
1029 err = flower_parse_geneve_opts(key, n);
1030 if (err)
1031 return err;
1032 addattr_nest_end(n, nest);
1033
1034 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_MASK);
1035 err = flower_parse_geneve_opts(mask, n);
1036 if (err)
1037 return err;
1038 addattr_nest_end(n, nest);
1039
1040 return 0;
1041 }
1042
1043 static int flower_parse_enc_opts_vxlan(char *str, struct nlmsghdr *n)
1044 {
1045 char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];
1046 struct rtattr *nest;
1047 char *slash;
1048 int err;
1049
1050 slash = strchr(str, '/');
1051 if (slash) {
1052 *slash++ = '\0';
1053 if (strlen(slash) > XATTR_SIZE_MAX)
1054 return -1;
1055 strcpy(mask, slash);
1056 } else {
1057 strcpy(mask, "0xffffffff");
1058 }
1059
1060 if (strlen(str) > XATTR_SIZE_MAX)
1061 return -1;
1062 strcpy(key, str);
1063
1064 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS | NLA_F_NESTED);
1065 err = flower_parse_vxlan_opt(str, n);
1066 if (err)
1067 return err;
1068 addattr_nest_end(n, nest);
1069
1070 nest = addattr_nest(n, MAX_MSG,
1071 TCA_FLOWER_KEY_ENC_OPTS_MASK | NLA_F_NESTED);
1072 err = flower_parse_vxlan_opt(mask, n);
1073 if (err)
1074 return err;
1075 addattr_nest_end(n, nest);
1076
1077 return 0;
1078 }
1079
1080 static int flower_parse_opt(struct filter_util *qu, char *handle,
1081 int argc, char **argv, struct nlmsghdr *n)
1082 {
1083 int ret;
1084 struct tcmsg *t = NLMSG_DATA(n);
1085 struct rtattr *tail;
1086 __be16 eth_type = TC_H_MIN(t->tcm_info);
1087 __be16 vlan_ethtype = 0;
1088 __be16 cvlan_ethtype = 0;
1089 __u8 ip_proto = 0xff;
1090 __u32 flags = 0;
1091 __u32 mtf = 0;
1092 __u32 mtf_mask = 0;
1093
1094 if (handle) {
1095 ret = get_u32(&t->tcm_handle, handle, 0);
1096 if (ret) {
1097 fprintf(stderr, "Illegal \"handle\"\n");
1098 return -1;
1099 }
1100 }
1101
1102 tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len));
1103 addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
1104
1105 if (argc == 0) {
1106 /*at minimal we will match all ethertype packets */
1107 goto parse_done;
1108 }
1109
1110 while (argc > 0) {
1111 if (matches(*argv, "classid") == 0 ||
1112 matches(*argv, "flowid") == 0) {
1113 unsigned int handle;
1114
1115 NEXT_ARG();
1116 ret = get_tc_classid(&handle, *argv);
1117 if (ret) {
1118 fprintf(stderr, "Illegal \"classid\"\n");
1119 return -1;
1120 }
1121 addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4);
1122 } else if (matches(*argv, "hw_tc") == 0) {
1123 unsigned int handle;
1124 __u32 tc;
1125 char *end;
1126
1127 NEXT_ARG();
1128 tc = strtoul(*argv, &end, 0);
1129 if (*end) {
1130 fprintf(stderr, "Illegal TC index\n");
1131 return -1;
1132 }
1133 if (tc >= TC_QOPT_MAX_QUEUE) {
1134 fprintf(stderr, "TC index exceeds max range\n");
1135 return -1;
1136 }
1137 handle = TC_H_MAKE(TC_H_MAJ(t->tcm_parent),
1138 TC_H_MIN(tc + TC_H_MIN_PRIORITY));
1139 addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle,
1140 sizeof(handle));
1141 } else if (matches(*argv, "ip_flags") == 0) {
1142 NEXT_ARG();
1143 ret = flower_parse_matching_flags(*argv,
1144 FLOWER_IP_FLAGS,
1145 &mtf,
1146 &mtf_mask);
1147 if (ret < 0) {
1148 fprintf(stderr, "Illegal \"ip_flags\"\n");
1149 return -1;
1150 }
1151 } else if (matches(*argv, "verbose") == 0) {
1152 flags |= TCA_CLS_FLAGS_VERBOSE;
1153 } else if (matches(*argv, "skip_hw") == 0) {
1154 flags |= TCA_CLS_FLAGS_SKIP_HW;
1155 } else if (matches(*argv, "skip_sw") == 0) {
1156 flags |= TCA_CLS_FLAGS_SKIP_SW;
1157 } else if (matches(*argv, "ct_state") == 0) {
1158 NEXT_ARG();
1159 ret = flower_parse_ct_state(*argv, n);
1160 if (ret < 0) {
1161 fprintf(stderr, "Illegal \"ct_state\"\n");
1162 return -1;
1163 }
1164 } else if (matches(*argv, "ct_zone") == 0) {
1165 NEXT_ARG();
1166 ret = flower_parse_ct_zone(*argv, n);
1167 if (ret < 0) {
1168 fprintf(stderr, "Illegal \"ct_zone\"\n");
1169 return -1;
1170 }
1171 } else if (matches(*argv, "ct_mark") == 0) {
1172 NEXT_ARG();
1173 ret = flower_parse_ct_mark(*argv, n);
1174 if (ret < 0) {
1175 fprintf(stderr, "Illegal \"ct_mark\"\n");
1176 return -1;
1177 }
1178 } else if (matches(*argv, "ct_label") == 0) {
1179 NEXT_ARG();
1180 ret = flower_parse_ct_labels(*argv, n);
1181 if (ret < 0) {
1182 fprintf(stderr, "Illegal \"ct_label\"\n");
1183 return -1;
1184 }
1185 } else if (matches(*argv, "indev") == 0) {
1186 NEXT_ARG();
1187 if (check_ifname(*argv))
1188 invarg("\"indev\" not a valid ifname", *argv);
1189 addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, *argv);
1190 } else if (matches(*argv, "vlan_id") == 0) {
1191 __u16 vid;
1192
1193 NEXT_ARG();
1194 if (!eth_type_vlan(eth_type)) {
1195 fprintf(stderr, "Can't set \"vlan_id\" if ethertype isn't 802.1Q or 802.1AD\n");
1196 return -1;
1197 }
1198 ret = get_u16(&vid, *argv, 10);
1199 if (ret < 0 || vid & ~0xfff) {
1200 fprintf(stderr, "Illegal \"vlan_id\"\n");
1201 return -1;
1202 }
1203 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_ID, vid);
1204 } else if (matches(*argv, "vlan_prio") == 0) {
1205 __u8 vlan_prio;
1206
1207 NEXT_ARG();
1208 if (!eth_type_vlan(eth_type)) {
1209 fprintf(stderr, "Can't set \"vlan_prio\" if ethertype isn't 802.1Q or 802.1AD\n");
1210 return -1;
1211 }
1212 ret = get_u8(&vlan_prio, *argv, 10);
1213 if (ret < 0 || vlan_prio & ~0x7) {
1214 fprintf(stderr, "Illegal \"vlan_prio\"\n");
1215 return -1;
1216 }
1217 addattr8(n, MAX_MSG,
1218 TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio);
1219 } else if (matches(*argv, "vlan_ethtype") == 0) {
1220 NEXT_ARG();
1221 ret = flower_parse_vlan_eth_type(*argv, eth_type,
1222 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1223 &vlan_ethtype, n);
1224 if (ret < 0)
1225 return -1;
1226 } else if (matches(*argv, "cvlan_id") == 0) {
1227 __u16 vid;
1228
1229 NEXT_ARG();
1230 if (!eth_type_vlan(vlan_ethtype)) {
1231 fprintf(stderr, "Can't set \"cvlan_id\" if inner vlan ethertype isn't 802.1Q or 802.1AD\n");
1232 return -1;
1233 }
1234 ret = get_u16(&vid, *argv, 10);
1235 if (ret < 0 || vid & ~0xfff) {
1236 fprintf(stderr, "Illegal \"cvlan_id\"\n");
1237 return -1;
1238 }
1239 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CVLAN_ID, vid);
1240 } else if (matches(*argv, "cvlan_prio") == 0) {
1241 __u8 cvlan_prio;
1242
1243 NEXT_ARG();
1244 if (!eth_type_vlan(vlan_ethtype)) {
1245 fprintf(stderr, "Can't set \"cvlan_prio\" if inner vlan ethertype isn't 802.1Q or 802.1AD\n");
1246 return -1;
1247 }
1248 ret = get_u8(&cvlan_prio, *argv, 10);
1249 if (ret < 0 || cvlan_prio & ~0x7) {
1250 fprintf(stderr, "Illegal \"cvlan_prio\"\n");
1251 return -1;
1252 }
1253 addattr8(n, MAX_MSG,
1254 TCA_FLOWER_KEY_CVLAN_PRIO, cvlan_prio);
1255 } else if (matches(*argv, "cvlan_ethtype") == 0) {
1256 NEXT_ARG();
1257 ret = flower_parse_vlan_eth_type(*argv, vlan_ethtype,
1258 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1259 &cvlan_ethtype, n);
1260 if (ret < 0)
1261 return -1;
1262 } else if (matches(*argv, "mpls_label") == 0) {
1263 __u32 label;
1264
1265 NEXT_ARG();
1266 if (eth_type != htons(ETH_P_MPLS_UC) &&
1267 eth_type != htons(ETH_P_MPLS_MC)) {
1268 fprintf(stderr,
1269 "Can't set \"mpls_label\" if ethertype isn't MPLS\n");
1270 return -1;
1271 }
1272 ret = get_u32(&label, *argv, 10);
1273 if (ret < 0 || label & ~(MPLS_LS_LABEL_MASK >> MPLS_LS_LABEL_SHIFT)) {
1274 fprintf(stderr, "Illegal \"mpls_label\"\n");
1275 return -1;
1276 }
1277 addattr32(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_LABEL, label);
1278 } else if (matches(*argv, "mpls_tc") == 0) {
1279 __u8 tc;
1280
1281 NEXT_ARG();
1282 if (eth_type != htons(ETH_P_MPLS_UC) &&
1283 eth_type != htons(ETH_P_MPLS_MC)) {
1284 fprintf(stderr,
1285 "Can't set \"mpls_tc\" if ethertype isn't MPLS\n");
1286 return -1;
1287 }
1288 ret = get_u8(&tc, *argv, 10);
1289 if (ret < 0 || tc & ~(MPLS_LS_TC_MASK >> MPLS_LS_TC_SHIFT)) {
1290 fprintf(stderr, "Illegal \"mpls_tc\"\n");
1291 return -1;
1292 }
1293 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_TC, tc);
1294 } else if (matches(*argv, "mpls_bos") == 0) {
1295 __u8 bos;
1296
1297 NEXT_ARG();
1298 if (eth_type != htons(ETH_P_MPLS_UC) &&
1299 eth_type != htons(ETH_P_MPLS_MC)) {
1300 fprintf(stderr,
1301 "Can't set \"mpls_bos\" if ethertype isn't MPLS\n");
1302 return -1;
1303 }
1304 ret = get_u8(&bos, *argv, 10);
1305 if (ret < 0 || bos & ~(MPLS_LS_S_MASK >> MPLS_LS_S_SHIFT)) {
1306 fprintf(stderr, "Illegal \"mpls_bos\"\n");
1307 return -1;
1308 }
1309 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_BOS, bos);
1310 } else if (matches(*argv, "mpls_ttl") == 0) {
1311 __u8 ttl;
1312
1313 NEXT_ARG();
1314 if (eth_type != htons(ETH_P_MPLS_UC) &&
1315 eth_type != htons(ETH_P_MPLS_MC)) {
1316 fprintf(stderr,
1317 "Can't set \"mpls_ttl\" if ethertype isn't MPLS\n");
1318 return -1;
1319 }
1320 ret = get_u8(&ttl, *argv, 10);
1321 if (ret < 0 || ttl & ~(MPLS_LS_TTL_MASK >> MPLS_LS_TTL_SHIFT)) {
1322 fprintf(stderr, "Illegal \"mpls_ttl\"\n");
1323 return -1;
1324 }
1325 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_TTL, ttl);
1326 } else if (matches(*argv, "dst_mac") == 0) {
1327 NEXT_ARG();
1328 ret = flower_parse_eth_addr(*argv,
1329 TCA_FLOWER_KEY_ETH_DST,
1330 TCA_FLOWER_KEY_ETH_DST_MASK,
1331 n);
1332 if (ret < 0) {
1333 fprintf(stderr, "Illegal \"dst_mac\"\n");
1334 return -1;
1335 }
1336 } else if (matches(*argv, "src_mac") == 0) {
1337 NEXT_ARG();
1338 ret = flower_parse_eth_addr(*argv,
1339 TCA_FLOWER_KEY_ETH_SRC,
1340 TCA_FLOWER_KEY_ETH_SRC_MASK,
1341 n);
1342 if (ret < 0) {
1343 fprintf(stderr, "Illegal \"src_mac\"\n");
1344 return -1;
1345 }
1346 } else if (matches(*argv, "ip_proto") == 0) {
1347 NEXT_ARG();
1348 ret = flower_parse_ip_proto(*argv, cvlan_ethtype ?
1349 cvlan_ethtype : vlan_ethtype ?
1350 vlan_ethtype : eth_type,
1351 TCA_FLOWER_KEY_IP_PROTO,
1352 &ip_proto, n);
1353 if (ret < 0) {
1354 fprintf(stderr, "Illegal \"ip_proto\"\n");
1355 return -1;
1356 }
1357 } else if (matches(*argv, "ip_tos") == 0) {
1358 NEXT_ARG();
1359 ret = flower_parse_ip_tos_ttl(*argv,
1360 TCA_FLOWER_KEY_IP_TOS,
1361 TCA_FLOWER_KEY_IP_TOS_MASK,
1362 n);
1363 if (ret < 0) {
1364 fprintf(stderr, "Illegal \"ip_tos\"\n");
1365 return -1;
1366 }
1367 } else if (matches(*argv, "ip_ttl") == 0) {
1368 NEXT_ARG();
1369 ret = flower_parse_ip_tos_ttl(*argv,
1370 TCA_FLOWER_KEY_IP_TTL,
1371 TCA_FLOWER_KEY_IP_TTL_MASK,
1372 n);
1373 if (ret < 0) {
1374 fprintf(stderr, "Illegal \"ip_ttl\"\n");
1375 return -1;
1376 }
1377 } else if (matches(*argv, "dst_ip") == 0) {
1378 NEXT_ARG();
1379 ret = flower_parse_ip_addr(*argv, cvlan_ethtype ?
1380 cvlan_ethtype : vlan_ethtype ?
1381 vlan_ethtype : eth_type,
1382 TCA_FLOWER_KEY_IPV4_DST,
1383 TCA_FLOWER_KEY_IPV4_DST_MASK,
1384 TCA_FLOWER_KEY_IPV6_DST,
1385 TCA_FLOWER_KEY_IPV6_DST_MASK,
1386 n);
1387 if (ret < 0) {
1388 fprintf(stderr, "Illegal \"dst_ip\"\n");
1389 return -1;
1390 }
1391 } else if (matches(*argv, "src_ip") == 0) {
1392 NEXT_ARG();
1393 ret = flower_parse_ip_addr(*argv, cvlan_ethtype ?
1394 cvlan_ethtype : vlan_ethtype ?
1395 vlan_ethtype : eth_type,
1396 TCA_FLOWER_KEY_IPV4_SRC,
1397 TCA_FLOWER_KEY_IPV4_SRC_MASK,
1398 TCA_FLOWER_KEY_IPV6_SRC,
1399 TCA_FLOWER_KEY_IPV6_SRC_MASK,
1400 n);
1401 if (ret < 0) {
1402 fprintf(stderr, "Illegal \"src_ip\"\n");
1403 return -1;
1404 }
1405 } else if (matches(*argv, "dst_port") == 0) {
1406 NEXT_ARG();
1407 ret = flower_parse_port(*argv, ip_proto,
1408 FLOWER_ENDPOINT_DST, n);
1409 if (ret < 0) {
1410 fprintf(stderr, "Illegal \"dst_port\"\n");
1411 return -1;
1412 }
1413 } else if (matches(*argv, "src_port") == 0) {
1414 NEXT_ARG();
1415 ret = flower_parse_port(*argv, ip_proto,
1416 FLOWER_ENDPOINT_SRC, n);
1417 if (ret < 0) {
1418 fprintf(stderr, "Illegal \"src_port\"\n");
1419 return -1;
1420 }
1421 } else if (matches(*argv, "tcp_flags") == 0) {
1422 NEXT_ARG();
1423 ret = flower_parse_tcp_flags(*argv,
1424 TCA_FLOWER_KEY_TCP_FLAGS,
1425 TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1426 n);
1427 if (ret < 0) {
1428 fprintf(stderr, "Illegal \"tcp_flags\"\n");
1429 return -1;
1430 }
1431 } else if (matches(*argv, "type") == 0) {
1432 NEXT_ARG();
1433 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
1434 FLOWER_ICMP_FIELD_TYPE, n);
1435 if (ret < 0) {
1436 fprintf(stderr, "Illegal \"icmp type\"\n");
1437 return -1;
1438 }
1439 } else if (matches(*argv, "code") == 0) {
1440 NEXT_ARG();
1441 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
1442 FLOWER_ICMP_FIELD_CODE, n);
1443 if (ret < 0) {
1444 fprintf(stderr, "Illegal \"icmp code\"\n");
1445 return -1;
1446 }
1447 } else if (matches(*argv, "arp_tip") == 0) {
1448 NEXT_ARG();
1449 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
1450 vlan_ethtype : eth_type,
1451 TCA_FLOWER_KEY_ARP_TIP,
1452 TCA_FLOWER_KEY_ARP_TIP_MASK,
1453 n);
1454 if (ret < 0) {
1455 fprintf(stderr, "Illegal \"arp_tip\"\n");
1456 return -1;
1457 }
1458 } else if (matches(*argv, "arp_sip") == 0) {
1459 NEXT_ARG();
1460 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
1461 vlan_ethtype : eth_type,
1462 TCA_FLOWER_KEY_ARP_SIP,
1463 TCA_FLOWER_KEY_ARP_SIP_MASK,
1464 n);
1465 if (ret < 0) {
1466 fprintf(stderr, "Illegal \"arp_sip\"\n");
1467 return -1;
1468 }
1469 } else if (matches(*argv, "arp_op") == 0) {
1470 NEXT_ARG();
1471 ret = flower_parse_arp_op(*argv, vlan_ethtype ?
1472 vlan_ethtype : eth_type,
1473 TCA_FLOWER_KEY_ARP_OP,
1474 TCA_FLOWER_KEY_ARP_OP_MASK,
1475 n);
1476 if (ret < 0) {
1477 fprintf(stderr, "Illegal \"arp_op\"\n");
1478 return -1;
1479 }
1480 } else if (matches(*argv, "arp_tha") == 0) {
1481 NEXT_ARG();
1482 ret = flower_parse_eth_addr(*argv,
1483 TCA_FLOWER_KEY_ARP_THA,
1484 TCA_FLOWER_KEY_ARP_THA_MASK,
1485 n);
1486 if (ret < 0) {
1487 fprintf(stderr, "Illegal \"arp_tha\"\n");
1488 return -1;
1489 }
1490 } else if (matches(*argv, "arp_sha") == 0) {
1491 NEXT_ARG();
1492 ret = flower_parse_eth_addr(*argv,
1493 TCA_FLOWER_KEY_ARP_SHA,
1494 TCA_FLOWER_KEY_ARP_SHA_MASK,
1495 n);
1496 if (ret < 0) {
1497 fprintf(stderr, "Illegal \"arp_sha\"\n");
1498 return -1;
1499 }
1500 } else if (matches(*argv, "enc_dst_ip") == 0) {
1501 NEXT_ARG();
1502 ret = flower_parse_ip_addr(*argv, 0,
1503 TCA_FLOWER_KEY_ENC_IPV4_DST,
1504 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1505 TCA_FLOWER_KEY_ENC_IPV6_DST,
1506 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1507 n);
1508 if (ret < 0) {
1509 fprintf(stderr, "Illegal \"enc_dst_ip\"\n");
1510 return -1;
1511 }
1512 } else if (matches(*argv, "enc_src_ip") == 0) {
1513 NEXT_ARG();
1514 ret = flower_parse_ip_addr(*argv, 0,
1515 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1516 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1517 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1518 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1519 n);
1520 if (ret < 0) {
1521 fprintf(stderr, "Illegal \"enc_src_ip\"\n");
1522 return -1;
1523 }
1524 } else if (matches(*argv, "enc_key_id") == 0) {
1525 NEXT_ARG();
1526 ret = flower_parse_key_id(*argv,
1527 TCA_FLOWER_KEY_ENC_KEY_ID, n);
1528 if (ret < 0) {
1529 fprintf(stderr, "Illegal \"enc_key_id\"\n");
1530 return -1;
1531 }
1532 } else if (matches(*argv, "enc_dst_port") == 0) {
1533 NEXT_ARG();
1534 ret = flower_parse_enc_port(*argv,
1535 TCA_FLOWER_KEY_ENC_UDP_DST_PORT, n);
1536 if (ret < 0) {
1537 fprintf(stderr, "Illegal \"enc_dst_port\"\n");
1538 return -1;
1539 }
1540 } else if (matches(*argv, "enc_tos") == 0) {
1541 NEXT_ARG();
1542 ret = flower_parse_ip_tos_ttl(*argv,
1543 TCA_FLOWER_KEY_ENC_IP_TOS,
1544 TCA_FLOWER_KEY_ENC_IP_TOS_MASK,
1545 n);
1546 if (ret < 0) {
1547 fprintf(stderr, "Illegal \"enc_tos\"\n");
1548 return -1;
1549 }
1550 } else if (matches(*argv, "enc_ttl") == 0) {
1551 NEXT_ARG();
1552 ret = flower_parse_ip_tos_ttl(*argv,
1553 TCA_FLOWER_KEY_ENC_IP_TTL,
1554 TCA_FLOWER_KEY_ENC_IP_TTL_MASK,
1555 n);
1556 if (ret < 0) {
1557 fprintf(stderr, "Illegal \"enc_ttl\"\n");
1558 return -1;
1559 }
1560 } else if (matches(*argv, "geneve_opts") == 0) {
1561 NEXT_ARG();
1562 ret = flower_parse_enc_opts_geneve(*argv, n);
1563 if (ret < 0) {
1564 fprintf(stderr, "Illegal \"geneve_opts\"\n");
1565 return -1;
1566 }
1567 } else if (matches(*argv, "vxlan_opts") == 0) {
1568 NEXT_ARG();
1569 ret = flower_parse_enc_opts_vxlan(*argv, n);
1570 if (ret < 0) {
1571 fprintf(stderr, "Illegal \"vxlan_opts\"\n");
1572 return -1;
1573 }
1574 } else if (matches(*argv, "action") == 0) {
1575 NEXT_ARG();
1576 ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
1577 if (ret) {
1578 fprintf(stderr, "Illegal \"action\"\n");
1579 return -1;
1580 }
1581 continue;
1582 } else if (strcmp(*argv, "help") == 0) {
1583 explain();
1584 return -1;
1585 } else {
1586 fprintf(stderr, "What is \"%s\"?\n", *argv);
1587 explain();
1588 return -1;
1589 }
1590 argc--; argv++;
1591 }
1592
1593 parse_done:
1594 ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags);
1595 if (ret)
1596 return ret;
1597
1598 if (mtf_mask) {
1599 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS, htonl(mtf));
1600 if (ret)
1601 return ret;
1602
1603 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS_MASK, htonl(mtf_mask));
1604 if (ret)
1605 return ret;
1606 }
1607
1608 if (eth_type != htons(ETH_P_ALL)) {
1609 ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type);
1610 if (ret)
1611 return ret;
1612 }
1613
1614 tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
1615
1616 return 0;
1617 }
1618
1619 static int __mask_bits(char *addr, size_t len)
1620 {
1621 int bits = 0;
1622 bool hole = false;
1623 int i;
1624 int j;
1625
1626 for (i = 0; i < len; i++, addr++) {
1627 for (j = 7; j >= 0; j--) {
1628 if (((*addr) >> j) & 0x1) {
1629 if (hole)
1630 return -1;
1631 bits++;
1632 } else if (bits) {
1633 hole = true;
1634 } else{
1635 return -1;
1636 }
1637 }
1638 }
1639 return bits;
1640 }
1641
1642 static void flower_print_eth_addr(char *name, struct rtattr *addr_attr,
1643 struct rtattr *mask_attr)
1644 {
1645 SPRINT_BUF(namefrm);
1646 SPRINT_BUF(out);
1647 SPRINT_BUF(b1);
1648 size_t done;
1649 int bits;
1650
1651 if (!addr_attr || RTA_PAYLOAD(addr_attr) != ETH_ALEN)
1652 return;
1653 done = sprintf(out, "%s",
1654 ll_addr_n2a(RTA_DATA(addr_attr), ETH_ALEN,
1655 0, b1, sizeof(b1)));
1656 if (mask_attr && RTA_PAYLOAD(mask_attr) == ETH_ALEN) {
1657 bits = __mask_bits(RTA_DATA(mask_attr), ETH_ALEN);
1658 if (bits < 0)
1659 sprintf(out + done, "/%s",
1660 ll_addr_n2a(RTA_DATA(mask_attr), ETH_ALEN,
1661 0, b1, sizeof(b1)));
1662 else if (bits < ETH_ALEN * 8)
1663 sprintf(out + done, "/%d", bits);
1664 }
1665
1666 print_nl();
1667 sprintf(namefrm, " %s %%s", name);
1668 print_string(PRINT_ANY, name, namefrm, out);
1669 }
1670
1671 static void flower_print_eth_type(__be16 *p_eth_type,
1672 struct rtattr *eth_type_attr)
1673 {
1674 SPRINT_BUF(out);
1675 __be16 eth_type;
1676
1677 if (!eth_type_attr)
1678 return;
1679
1680 eth_type = rta_getattr_u16(eth_type_attr);
1681 if (eth_type == htons(ETH_P_IP))
1682 sprintf(out, "ipv4");
1683 else if (eth_type == htons(ETH_P_IPV6))
1684 sprintf(out, "ipv6");
1685 else if (eth_type == htons(ETH_P_ARP))
1686 sprintf(out, "arp");
1687 else if (eth_type == htons(ETH_P_RARP))
1688 sprintf(out, "rarp");
1689 else
1690 sprintf(out, "%04x", ntohs(eth_type));
1691
1692 print_nl();
1693 print_string(PRINT_ANY, "eth_type", " eth_type %s", out);
1694 *p_eth_type = eth_type;
1695 }
1696
1697 static void flower_print_ip_proto(__u8 *p_ip_proto,
1698 struct rtattr *ip_proto_attr)
1699 {
1700 SPRINT_BUF(out);
1701 __u8 ip_proto;
1702
1703 if (!ip_proto_attr)
1704 return;
1705
1706 ip_proto = rta_getattr_u8(ip_proto_attr);
1707 if (ip_proto == IPPROTO_TCP)
1708 sprintf(out, "tcp");
1709 else if (ip_proto == IPPROTO_UDP)
1710 sprintf(out, "udp");
1711 else if (ip_proto == IPPROTO_SCTP)
1712 sprintf(out, "sctp");
1713 else if (ip_proto == IPPROTO_ICMP)
1714 sprintf(out, "icmp");
1715 else if (ip_proto == IPPROTO_ICMPV6)
1716 sprintf(out, "icmpv6");
1717 else
1718 sprintf(out, "%02x", ip_proto);
1719
1720 print_nl();
1721 print_string(PRINT_ANY, "ip_proto", " ip_proto %s", out);
1722 *p_ip_proto = ip_proto;
1723 }
1724
1725 static void flower_print_ip_attr(const char *name, struct rtattr *key_attr,
1726 struct rtattr *mask_attr)
1727 {
1728 print_masked_u8(name, key_attr, mask_attr, true);
1729 }
1730
1731 static void flower_print_matching_flags(char *name,
1732 enum flower_matching_flags type,
1733 struct rtattr *attr,
1734 struct rtattr *mask_attr)
1735 {
1736 int i;
1737 int count = 0;
1738 __u32 mtf;
1739 __u32 mtf_mask;
1740
1741 if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4)
1742 return;
1743
1744 mtf = ntohl(rta_getattr_u32(attr));
1745 mtf_mask = ntohl(rta_getattr_u32(mask_attr));
1746
1747 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
1748 if (type != flags_str[i].type)
1749 continue;
1750 if (mtf_mask & flags_str[i].flag) {
1751 if (++count == 1) {
1752 print_nl();
1753 print_string(PRINT_FP, NULL, " %s ", name);
1754 open_json_object(name);
1755 } else {
1756 print_string(PRINT_FP, NULL, "/", NULL);
1757 }
1758
1759 print_bool(PRINT_JSON, flags_str[i].string, NULL,
1760 mtf & flags_str[i].flag);
1761 if (mtf & flags_str[i].flag)
1762 print_string(PRINT_FP, NULL, "%s",
1763 flags_str[i].string);
1764 else
1765 print_string(PRINT_FP, NULL, "no%s",
1766 flags_str[i].string);
1767 }
1768 }
1769 if (count)
1770 close_json_object();
1771 }
1772
1773 static void flower_print_ip_addr(char *name, __be16 eth_type,
1774 struct rtattr *addr4_attr,
1775 struct rtattr *mask4_attr,
1776 struct rtattr *addr6_attr,
1777 struct rtattr *mask6_attr)
1778 {
1779 struct rtattr *addr_attr;
1780 struct rtattr *mask_attr;
1781 SPRINT_BUF(namefrm);
1782 SPRINT_BUF(out);
1783 size_t done;
1784 int family;
1785 size_t len;
1786 int bits;
1787
1788 if (eth_type == htons(ETH_P_IP)) {
1789 family = AF_INET;
1790 addr_attr = addr4_attr;
1791 mask_attr = mask4_attr;
1792 len = 4;
1793 } else if (eth_type == htons(ETH_P_IPV6)) {
1794 family = AF_INET6;
1795 addr_attr = addr6_attr;
1796 mask_attr = mask6_attr;
1797 len = 16;
1798 } else {
1799 return;
1800 }
1801 if (!addr_attr || RTA_PAYLOAD(addr_attr) != len)
1802 return;
1803 if (!mask_attr || RTA_PAYLOAD(mask_attr) != len)
1804 return;
1805 done = sprintf(out, "%s", rt_addr_n2a_rta(family, addr_attr));
1806 bits = __mask_bits(RTA_DATA(mask_attr), len);
1807 if (bits < 0)
1808 sprintf(out + done, "/%s", rt_addr_n2a_rta(family, mask_attr));
1809 else if (bits < len * 8)
1810 sprintf(out + done, "/%d", bits);
1811
1812 print_nl();
1813 sprintf(namefrm, " %s %%s", name);
1814 print_string(PRINT_ANY, name, namefrm, out);
1815 }
1816 static void flower_print_ip4_addr(char *name, struct rtattr *addr_attr,
1817 struct rtattr *mask_attr)
1818 {
1819 return flower_print_ip_addr(name, htons(ETH_P_IP),
1820 addr_attr, mask_attr, 0, 0);
1821 }
1822
1823 static void flower_print_port(char *name, struct rtattr *attr,
1824 struct rtattr *mask_attr)
1825 {
1826 print_masked_be16(name, attr, mask_attr, true);
1827 }
1828
1829 static void flower_print_port_range(char *name, struct rtattr *min_attr,
1830 struct rtattr *max_attr)
1831 {
1832 if (!min_attr || !max_attr)
1833 return;
1834
1835 if (is_json_context()) {
1836 open_json_object(name);
1837 print_hu(PRINT_JSON, "start", NULL, rta_getattr_be16(min_attr));
1838 print_hu(PRINT_JSON, "end", NULL, rta_getattr_be16(max_attr));
1839 close_json_object();
1840 } else {
1841 SPRINT_BUF(namefrm);
1842 SPRINT_BUF(out);
1843 size_t done;
1844
1845 done = sprintf(out, "%u", rta_getattr_be16(min_attr));
1846 sprintf(out + done, "-%u", rta_getattr_be16(max_attr));
1847 print_nl();
1848 sprintf(namefrm, " %s %%s", name);
1849 print_string(PRINT_ANY, name, namefrm, out);
1850 }
1851 }
1852
1853 static void flower_print_tcp_flags(const char *name, struct rtattr *flags_attr,
1854 struct rtattr *mask_attr)
1855 {
1856 SPRINT_BUF(namefrm);
1857 SPRINT_BUF(out);
1858 size_t done;
1859
1860 if (!flags_attr)
1861 return;
1862
1863 done = sprintf(out, "0x%x", rta_getattr_be16(flags_attr));
1864 if (mask_attr)
1865 sprintf(out + done, "/%x", rta_getattr_be16(mask_attr));
1866
1867 print_nl();
1868 sprintf(namefrm, " %s %%s", name);
1869 print_string(PRINT_ANY, name, namefrm, out);
1870 }
1871
1872 static void flower_print_ct_state(struct rtattr *flags_attr,
1873 struct rtattr *mask_attr)
1874 {
1875 SPRINT_BUF(out);
1876 uint16_t state;
1877 uint16_t state_mask;
1878 size_t done = 0;
1879 int i;
1880
1881 if (!flags_attr)
1882 return;
1883
1884 state = rta_getattr_u16(flags_attr);
1885 if (mask_attr)
1886 state_mask = rta_getattr_u16(mask_attr);
1887 else
1888 state_mask = UINT16_MAX;
1889
1890 for (i = 0; i < ARRAY_SIZE(flower_ct_states); i++) {
1891 if (!(state_mask & flower_ct_states[i].flag))
1892 continue;
1893
1894 if (state & flower_ct_states[i].flag)
1895 done += sprintf(out + done, "+%s",
1896 flower_ct_states[i].str);
1897 else
1898 done += sprintf(out + done, "-%s",
1899 flower_ct_states[i].str);
1900 }
1901
1902 print_nl();
1903 print_string(PRINT_ANY, "ct_state", " ct_state %s", out);
1904 }
1905
1906 static void flower_print_ct_label(struct rtattr *attr,
1907 struct rtattr *mask_attr)
1908 {
1909 const unsigned char *str;
1910 bool print_mask = false;
1911 int data_len, i;
1912 SPRINT_BUF(out);
1913 char *p;
1914
1915 if (!attr)
1916 return;
1917
1918 data_len = RTA_PAYLOAD(attr);
1919 hexstring_n2a(RTA_DATA(attr), data_len, out, sizeof(out));
1920 p = out + data_len*2;
1921
1922 data_len = RTA_PAYLOAD(attr);
1923 str = RTA_DATA(mask_attr);
1924 if (data_len != 16)
1925 print_mask = true;
1926 for (i = 0; !print_mask && i < data_len; i++) {
1927 if (str[i] != 0xff)
1928 print_mask = true;
1929 }
1930 if (print_mask) {
1931 *p++ = '/';
1932 hexstring_n2a(RTA_DATA(mask_attr), data_len, p,
1933 sizeof(out)-(p-out));
1934 p += data_len*2;
1935 }
1936 *p = '\0';
1937
1938 print_nl();
1939 print_string(PRINT_ANY, "ct_label", " ct_label %s", out);
1940 }
1941
1942 static void flower_print_ct_zone(struct rtattr *attr,
1943 struct rtattr *mask_attr)
1944 {
1945 print_masked_u16("ct_zone", attr, mask_attr, true);
1946 }
1947
1948 static void flower_print_ct_mark(struct rtattr *attr,
1949 struct rtattr *mask_attr)
1950 {
1951 print_masked_u32("ct_mark", attr, mask_attr, true);
1952 }
1953
1954 static void flower_print_key_id(const char *name, struct rtattr *attr)
1955 {
1956 SPRINT_BUF(namefrm);
1957
1958 if (!attr)
1959 return;
1960
1961 print_nl();
1962 sprintf(namefrm, " %s %%u", name);
1963 print_uint(PRINT_ANY, name, namefrm, rta_getattr_be32(attr));
1964 }
1965
1966 static void flower_print_geneve_opts(const char *name, struct rtattr *attr,
1967 char *strbuf)
1968 {
1969 struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
1970 int ii, data_len, offset = 0, slen = 0;
1971 struct rtattr *i = RTA_DATA(attr);
1972 int rem = RTA_PAYLOAD(attr);
1973 __u8 type, data_r[rem];
1974 char data[rem * 2 + 1];
1975 __u16 class;
1976
1977 open_json_array(PRINT_JSON, name);
1978 while (rem) {
1979 parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX, i, rem);
1980 class = rta_getattr_be16(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]);
1981 type = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]);
1982 data_len = RTA_PAYLOAD(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]);
1983 hexstring_n2a(RTA_DATA(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]),
1984 data_len, data, sizeof(data));
1985 hex2mem(data, data_r, data_len);
1986 offset += data_len + 20;
1987 rem -= data_len + 20;
1988 i = RTA_DATA(attr) + offset;
1989
1990 open_json_object(NULL);
1991 print_uint(PRINT_JSON, "class", NULL, class);
1992 print_uint(PRINT_JSON, "type", NULL, type);
1993 open_json_array(PRINT_JSON, "data");
1994 for (ii = 0; ii < data_len; ii++)
1995 print_uint(PRINT_JSON, NULL, NULL, data_r[ii]);
1996 close_json_array(PRINT_JSON, "data");
1997 close_json_object();
1998
1999 slen += sprintf(strbuf + slen, "%04x:%02x:%s",
2000 class, type, data);
2001 if (rem)
2002 slen += sprintf(strbuf + slen, ",");
2003 }
2004 close_json_array(PRINT_JSON, name);
2005 }
2006
2007 static void flower_print_vxlan_opts(const char *name, struct rtattr *attr,
2008 char *strbuf)
2009 {
2010 struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1];
2011 struct rtattr *i = RTA_DATA(attr);
2012 int rem = RTA_PAYLOAD(attr);
2013 __u32 gbp;
2014
2015 parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX, i, rem);
2016 gbp = rta_getattr_u32(tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]);
2017
2018 open_json_array(PRINT_JSON, name);
2019 open_json_object(NULL);
2020 print_uint(PRINT_JSON, "gbp", NULL, gbp);
2021 close_json_object();
2022 close_json_array(PRINT_JSON, name);
2023
2024 sprintf(strbuf, "%u", gbp);
2025 }
2026
2027 static void flower_print_enc_parts(const char *name, const char *namefrm,
2028 struct rtattr *attr, char *key, char *mask)
2029 {
2030 char *key_token, *mask_token, *out;
2031 int len;
2032
2033 out = malloc(RTA_PAYLOAD(attr) * 4 + 3);
2034 if (!out)
2035 return;
2036
2037 len = 0;
2038 key_token = strsep(&key, ",");
2039 mask_token = strsep(&mask, ",");
2040 while (key_token) {
2041 len += sprintf(&out[len], "%s/%s,", key_token, mask_token);
2042 mask_token = strsep(&mask, ",");
2043 key_token = strsep(&key, ",");
2044 }
2045
2046 out[len - 1] = '\0';
2047 print_nl();
2048 print_string(PRINT_FP, name, namefrm, out);
2049 free(out);
2050 }
2051
2052 static void flower_print_enc_opts(const char *name, struct rtattr *attr,
2053 struct rtattr *mask_attr)
2054 {
2055 struct rtattr *key_tb[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1];
2056 struct rtattr *msk_tb[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1];
2057 char *key, *msk;
2058
2059 if (!attr)
2060 return;
2061
2062 key = malloc(RTA_PAYLOAD(attr) * 2 + 1);
2063 if (!key)
2064 return;
2065
2066 msk = malloc(RTA_PAYLOAD(attr) * 2 + 1);
2067 if (!msk)
2068 goto err_key_free;
2069
2070 parse_rtattr_nested(key_tb, TCA_FLOWER_KEY_ENC_OPTS_MAX, attr);
2071 parse_rtattr_nested(msk_tb, TCA_FLOWER_KEY_ENC_OPTS_MAX, mask_attr);
2072
2073 if (key_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE]) {
2074 flower_print_geneve_opts("geneve_opt_key",
2075 key_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE], key);
2076
2077 if (msk_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE])
2078 flower_print_geneve_opts("geneve_opt_mask",
2079 msk_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE], msk);
2080
2081 flower_print_enc_parts(name, " geneve_opts %s", attr, key,
2082 msk);
2083 } else if (key_tb[TCA_FLOWER_KEY_ENC_OPTS_VXLAN]) {
2084 flower_print_vxlan_opts("vxlan_opt_key",
2085 key_tb[TCA_FLOWER_KEY_ENC_OPTS_VXLAN], key);
2086
2087 if (msk_tb[TCA_FLOWER_KEY_ENC_OPTS_VXLAN])
2088 flower_print_vxlan_opts("vxlan_opt_mask",
2089 msk_tb[TCA_FLOWER_KEY_ENC_OPTS_VXLAN], msk);
2090
2091 flower_print_enc_parts(name, " vxlan_opts %s", attr, key,
2092 msk);
2093 }
2094
2095 free(msk);
2096 err_key_free:
2097 free(key);
2098 }
2099
2100 static void flower_print_masked_u8(const char *name, struct rtattr *attr,
2101 struct rtattr *mask_attr,
2102 const char *(*value_to_str)(__u8 value))
2103 {
2104 const char *value_str = NULL;
2105 __u8 value, mask;
2106 SPRINT_BUF(namefrm);
2107 SPRINT_BUF(out);
2108 size_t done;
2109
2110 if (!attr)
2111 return;
2112
2113 value = rta_getattr_u8(attr);
2114 mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX;
2115 if (mask == UINT8_MAX && value_to_str)
2116 value_str = value_to_str(value);
2117
2118 if (value_str)
2119 done = sprintf(out, "%s", value_str);
2120 else
2121 done = sprintf(out, "%d", value);
2122
2123 if (mask != UINT8_MAX)
2124 sprintf(out + done, "/%d", mask);
2125
2126 print_nl();
2127 sprintf(namefrm, " %s %%s", name);
2128 print_string(PRINT_ANY, name, namefrm, out);
2129 }
2130
2131 static void flower_print_u8(const char *name, struct rtattr *attr)
2132 {
2133 flower_print_masked_u8(name, attr, NULL, NULL);
2134 }
2135
2136 static void flower_print_u32(const char *name, struct rtattr *attr)
2137 {
2138 SPRINT_BUF(namefrm);
2139
2140 if (!attr)
2141 return;
2142
2143 print_nl();
2144 sprintf(namefrm, " %s %%u", name);
2145 print_uint(PRINT_ANY, name, namefrm, rta_getattr_u32(attr));
2146 }
2147
2148 static void flower_print_arp_op(const char *name,
2149 struct rtattr *op_attr,
2150 struct rtattr *mask_attr)
2151 {
2152 flower_print_masked_u8(name, op_attr, mask_attr,
2153 flower_print_arp_op_to_name);
2154 }
2155
2156 static int flower_print_opt(struct filter_util *qu, FILE *f,
2157 struct rtattr *opt, __u32 handle)
2158 {
2159 struct rtattr *tb[TCA_FLOWER_MAX + 1];
2160 __be16 min_port_type, max_port_type;
2161 int nl_type, nl_mask_type;
2162 __be16 eth_type = 0;
2163 __u8 ip_proto = 0xff;
2164
2165 if (!opt)
2166 return 0;
2167
2168 parse_rtattr_nested(tb, TCA_FLOWER_MAX, opt);
2169
2170 if (handle)
2171 print_uint(PRINT_ANY, "handle", "handle 0x%x ", handle);
2172
2173 if (tb[TCA_FLOWER_CLASSID]) {
2174 __u32 h = rta_getattr_u32(tb[TCA_FLOWER_CLASSID]);
2175
2176 if (TC_H_MIN(h) < TC_H_MIN_PRIORITY ||
2177 TC_H_MIN(h) > (TC_H_MIN_PRIORITY + TC_QOPT_MAX_QUEUE - 1)) {
2178 SPRINT_BUF(b1);
2179 print_string(PRINT_ANY, "classid", "classid %s ",
2180 sprint_tc_classid(h, b1));
2181 } else {
2182 print_uint(PRINT_ANY, "hw_tc", "hw_tc %u ",
2183 TC_H_MIN(h) - TC_H_MIN_PRIORITY);
2184 }
2185 }
2186
2187 if (tb[TCA_FLOWER_INDEV]) {
2188 struct rtattr *attr = tb[TCA_FLOWER_INDEV];
2189
2190 print_nl();
2191 print_string(PRINT_ANY, "indev", " indev %s",
2192 rta_getattr_str(attr));
2193 }
2194
2195 open_json_object("keys");
2196
2197 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
2198 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ID];
2199
2200 print_nl();
2201 print_uint(PRINT_ANY, "vlan_id", " vlan_id %u",
2202 rta_getattr_u16(attr));
2203 }
2204
2205 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
2206 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_PRIO];
2207
2208 print_nl();
2209 print_uint(PRINT_ANY, "vlan_prio", " vlan_prio %d",
2210 rta_getattr_u8(attr));
2211 }
2212
2213 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
2214 SPRINT_BUF(buf);
2215 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE];
2216
2217 print_nl();
2218 print_string(PRINT_ANY, "vlan_ethtype", " vlan_ethtype %s",
2219 ll_proto_n2a(rta_getattr_u16(attr),
2220 buf, sizeof(buf)));
2221 }
2222
2223 if (tb[TCA_FLOWER_KEY_CVLAN_ID]) {
2224 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_ID];
2225
2226 print_nl();
2227 print_uint(PRINT_ANY, "cvlan_id", " cvlan_id %u",
2228 rta_getattr_u16(attr));
2229 }
2230
2231 if (tb[TCA_FLOWER_KEY_CVLAN_PRIO]) {
2232 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_PRIO];
2233
2234 print_nl();
2235 print_uint(PRINT_ANY, "cvlan_prio", " cvlan_prio %d",
2236 rta_getattr_u8(attr));
2237 }
2238
2239 if (tb[TCA_FLOWER_KEY_CVLAN_ETH_TYPE]) {
2240 SPRINT_BUF(buf);
2241 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_ETH_TYPE];
2242
2243 print_nl();
2244 print_string(PRINT_ANY, "cvlan_ethtype", " cvlan_ethtype %s",
2245 ll_proto_n2a(rta_getattr_u16(attr),
2246 buf, sizeof(buf)));
2247 }
2248
2249 flower_print_eth_addr("dst_mac", tb[TCA_FLOWER_KEY_ETH_DST],
2250 tb[TCA_FLOWER_KEY_ETH_DST_MASK]);
2251 flower_print_eth_addr("src_mac", tb[TCA_FLOWER_KEY_ETH_SRC],
2252 tb[TCA_FLOWER_KEY_ETH_SRC_MASK]);
2253
2254 flower_print_eth_type(&eth_type, tb[TCA_FLOWER_KEY_ETH_TYPE]);
2255 flower_print_ip_proto(&ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]);
2256
2257 flower_print_ip_attr("ip_tos", tb[TCA_FLOWER_KEY_IP_TOS],
2258 tb[TCA_FLOWER_KEY_IP_TOS_MASK]);
2259 flower_print_ip_attr("ip_ttl", tb[TCA_FLOWER_KEY_IP_TTL],
2260 tb[TCA_FLOWER_KEY_IP_TTL_MASK]);
2261
2262 flower_print_u32("mpls_label", tb[TCA_FLOWER_KEY_MPLS_LABEL]);
2263 flower_print_u8("mpls_tc", tb[TCA_FLOWER_KEY_MPLS_TC]);
2264 flower_print_u8("mpls_bos", tb[TCA_FLOWER_KEY_MPLS_BOS]);
2265 flower_print_u8("mpls_ttl", tb[TCA_FLOWER_KEY_MPLS_TTL]);
2266
2267 flower_print_ip_addr("dst_ip", eth_type,
2268 tb[TCA_FLOWER_KEY_IPV4_DST],
2269 tb[TCA_FLOWER_KEY_IPV4_DST_MASK],
2270 tb[TCA_FLOWER_KEY_IPV6_DST],
2271 tb[TCA_FLOWER_KEY_IPV6_DST_MASK]);
2272
2273 flower_print_ip_addr("src_ip", eth_type,
2274 tb[TCA_FLOWER_KEY_IPV4_SRC],
2275 tb[TCA_FLOWER_KEY_IPV4_SRC_MASK],
2276 tb[TCA_FLOWER_KEY_IPV6_SRC],
2277 tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]);
2278
2279 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST);
2280 nl_mask_type = flower_port_attr_mask_type(ip_proto, FLOWER_ENDPOINT_DST);
2281 if (nl_type >= 0)
2282 flower_print_port("dst_port", tb[nl_type], tb[nl_mask_type]);
2283 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC);
2284 nl_mask_type = flower_port_attr_mask_type(ip_proto, FLOWER_ENDPOINT_SRC);
2285 if (nl_type >= 0)
2286 flower_print_port("src_port", tb[nl_type], tb[nl_mask_type]);
2287
2288 if (!flower_port_range_attr_type(ip_proto, FLOWER_ENDPOINT_DST,
2289 &min_port_type, &max_port_type))
2290 flower_print_port_range("dst_port",
2291 tb[min_port_type], tb[max_port_type]);
2292
2293 if (!flower_port_range_attr_type(ip_proto, FLOWER_ENDPOINT_SRC,
2294 &min_port_type, &max_port_type))
2295 flower_print_port_range("src_port",
2296 tb[min_port_type], tb[max_port_type]);
2297
2298 flower_print_tcp_flags("tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
2299 tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
2300
2301 nl_type = flower_icmp_attr_type(eth_type, ip_proto,
2302 FLOWER_ICMP_FIELD_TYPE);
2303 nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
2304 FLOWER_ICMP_FIELD_TYPE);
2305 if (nl_type >= 0 && nl_mask_type >= 0)
2306 flower_print_masked_u8("icmp_type", tb[nl_type],
2307 tb[nl_mask_type], NULL);
2308
2309 nl_type = flower_icmp_attr_type(eth_type, ip_proto,
2310 FLOWER_ICMP_FIELD_CODE);
2311 nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
2312 FLOWER_ICMP_FIELD_CODE);
2313 if (nl_type >= 0 && nl_mask_type >= 0)
2314 flower_print_masked_u8("icmp_code", tb[nl_type],
2315 tb[nl_mask_type], NULL);
2316
2317 flower_print_ip4_addr("arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP],
2318 tb[TCA_FLOWER_KEY_ARP_SIP_MASK]);
2319 flower_print_ip4_addr("arp_tip", tb[TCA_FLOWER_KEY_ARP_TIP],
2320 tb[TCA_FLOWER_KEY_ARP_TIP_MASK]);
2321 flower_print_arp_op("arp_op", tb[TCA_FLOWER_KEY_ARP_OP],
2322 tb[TCA_FLOWER_KEY_ARP_OP_MASK]);
2323 flower_print_eth_addr("arp_sha", tb[TCA_FLOWER_KEY_ARP_SHA],
2324 tb[TCA_FLOWER_KEY_ARP_SHA_MASK]);
2325 flower_print_eth_addr("arp_tha", tb[TCA_FLOWER_KEY_ARP_THA],
2326 tb[TCA_FLOWER_KEY_ARP_THA_MASK]);
2327
2328 flower_print_ip_addr("enc_dst_ip",
2329 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ?
2330 htons(ETH_P_IP) : htons(ETH_P_IPV6),
2331 tb[TCA_FLOWER_KEY_ENC_IPV4_DST],
2332 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK],
2333 tb[TCA_FLOWER_KEY_ENC_IPV6_DST],
2334 tb[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]);
2335
2336 flower_print_ip_addr("enc_src_ip",
2337 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] ?
2338 htons(ETH_P_IP) : htons(ETH_P_IPV6),
2339 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC],
2340 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK],
2341 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC],
2342 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]);
2343
2344 flower_print_key_id("enc_key_id", tb[TCA_FLOWER_KEY_ENC_KEY_ID]);
2345
2346 flower_print_port("enc_dst_port", tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT],
2347 tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK]);
2348
2349 flower_print_ip_attr("enc_tos", tb[TCA_FLOWER_KEY_ENC_IP_TOS],
2350 tb[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
2351 flower_print_ip_attr("enc_ttl", tb[TCA_FLOWER_KEY_ENC_IP_TTL],
2352 tb[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
2353 flower_print_enc_opts("enc_opt", tb[TCA_FLOWER_KEY_ENC_OPTS],
2354 tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
2355
2356 flower_print_matching_flags("ip_flags", FLOWER_IP_FLAGS,
2357 tb[TCA_FLOWER_KEY_FLAGS],
2358 tb[TCA_FLOWER_KEY_FLAGS_MASK]);
2359
2360 flower_print_ct_state(tb[TCA_FLOWER_KEY_CT_STATE],
2361 tb[TCA_FLOWER_KEY_CT_STATE_MASK]);
2362 flower_print_ct_zone(tb[TCA_FLOWER_KEY_CT_ZONE],
2363 tb[TCA_FLOWER_KEY_CT_ZONE_MASK]);
2364 flower_print_ct_mark(tb[TCA_FLOWER_KEY_CT_MARK],
2365 tb[TCA_FLOWER_KEY_CT_MARK_MASK]);
2366 flower_print_ct_label(tb[TCA_FLOWER_KEY_CT_LABELS],
2367 tb[TCA_FLOWER_KEY_CT_LABELS_MASK]);
2368
2369 close_json_object();
2370
2371 if (tb[TCA_FLOWER_FLAGS]) {
2372 __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]);
2373
2374 if (flags & TCA_CLS_FLAGS_SKIP_HW) {
2375 print_nl();
2376 print_bool(PRINT_ANY, "skip_hw", " skip_hw", true);
2377 }
2378 if (flags & TCA_CLS_FLAGS_SKIP_SW) {
2379 print_nl();
2380 print_bool(PRINT_ANY, "skip_sw", " skip_sw", true);
2381 }
2382 if (flags & TCA_CLS_FLAGS_IN_HW) {
2383 print_nl();
2384 print_bool(PRINT_ANY, "in_hw", " in_hw", true);
2385
2386 if (tb[TCA_FLOWER_IN_HW_COUNT]) {
2387 __u32 count = rta_getattr_u32(tb[TCA_FLOWER_IN_HW_COUNT]);
2388
2389 print_uint(PRINT_ANY, "in_hw_count",
2390 " in_hw_count %u", count);
2391 }
2392 }
2393 else if (flags & TCA_CLS_FLAGS_NOT_IN_HW) {
2394 print_nl();
2395 print_bool(PRINT_ANY, "not_in_hw", " not_in_hw", true);
2396 }
2397 }
2398
2399 if (tb[TCA_FLOWER_ACT])
2400 tc_print_action(f, tb[TCA_FLOWER_ACT], 0);
2401
2402 return 0;
2403 }
2404
2405 struct filter_util flower_filter_util = {
2406 .id = "flower",
2407 .parse_fopt = flower_parse_opt,
2408 .print_fopt = flower_print_opt,
2409 };
Upstream mirror of iproute2