2 * m_pedit.c generic packet editor actions module
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: J Hadi Salim (hadi@cyberus.ca)
12 * 1) Big endian broken in some spots
13 * 2) A lot of this stuff was added on the fly; get a big double-double
14 * and clean it up at some point.
22 #include <sys/socket.h>
23 #include <netinet/in.h>
24 #include <arpa/inet.h>
32 static struct m_pedit_util
*pedit_list
;
33 static int pedit_debug
;
35 static void explain(void)
37 fprintf(stderr
, "Usage: ... pedit munge [ex] <MUNGE> [CONTROL]\n");
39 "Where: MUNGE := <RAW>|<LAYERED>\n"
40 "\t<RAW>:= <OFFSETC>[ATC]<CMD>\n \t\tOFFSETC:= offset <offval> <u8|u16|u32>\n"
41 "\t\tATC:= at <atval> offmask <maskval> shift <shiftval>\n"
42 "\t\tNOTE: offval is byte offset, must be multiple of 4\n"
43 "\t\tNOTE: maskval is a 32 bit hex number\n \t\tNOTE: shiftval is a shift value\n"
44 "\t\tCMD:= clear | invert | set <setval>| add <addval> | retain\n"
45 "\t<LAYERED>:= ip <ipdata> | ip6 <ip6data>\n"
46 " \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata>\n"
47 "\tCONTROL:= reclassify | pipe | drop | continue | pass |\n"
48 "\t goto chain <CHAIN_INDEX>\n"
49 "\tNOTE: if 'ex' is set, extended functionality will be supported (kernel >= 4.11)\n"
50 "For Example usage look at the examples directory\n");
54 static void usage(void)
60 static int pedit_parse_nopopt(int *argc_p
, char ***argv_p
,
61 struct m_pedit_sel
*sel
,
62 struct m_pedit_key
*tkey
)
65 char **argv
= *argv_p
;
69 "Unknown action hence option \"%s\" is unparsable\n",
78 static struct m_pedit_util
*get_pedit_kind(const char *str
)
83 struct m_pedit_util
*p
;
85 for (p
= pedit_list
; p
; p
= p
->next
) {
86 if (strcmp(p
->id
, str
) == 0)
90 snprintf(buf
, sizeof(buf
), "p_%s.so", str
);
91 dlh
= dlopen(buf
, RTLD_LAZY
);
95 dlh
= pBODY
= dlopen(NULL
, RTLD_LAZY
);
101 snprintf(buf
, sizeof(buf
), "p_pedit_%s", str
);
107 p
->next
= pedit_list
;
112 p
= calloc(1, sizeof(*p
));
114 strncpy(p
->id
, str
, sizeof(p
->id
) - 1);
115 p
->parse_peopt
= pedit_parse_nopopt
;
121 int pack_key(struct m_pedit_sel
*_sel
, struct m_pedit_key
*tkey
)
123 struct tc_pedit_sel
*sel
= &_sel
->sel
;
124 struct m_pedit_key_ex
*keys_ex
= _sel
->keys_ex
;
125 int hwm
= sel
->nkeys
;
131 fprintf(stderr
, "offsets MUST be in 32 bit boundaries\n");
135 sel
->keys
[hwm
].val
= tkey
->val
;
136 sel
->keys
[hwm
].mask
= tkey
->mask
;
137 sel
->keys
[hwm
].off
= tkey
->off
;
138 sel
->keys
[hwm
].at
= tkey
->at
;
139 sel
->keys
[hwm
].offmask
= tkey
->offmask
;
140 sel
->keys
[hwm
].shift
= tkey
->shift
;
142 if (_sel
->extended
) {
143 keys_ex
[hwm
].htype
= tkey
->htype
;
144 keys_ex
[hwm
].cmd
= tkey
->cmd
;
146 if (tkey
->htype
!= TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
||
147 tkey
->cmd
!= TCA_PEDIT_KEY_EX_CMD_SET
) {
149 "Munge parameters not supported. Use 'pedit ex munge ...'.\n");
158 int pack_key32(__u32 retain
, struct m_pedit_sel
*sel
,
159 struct m_pedit_key
*tkey
)
161 if (tkey
->off
> (tkey
->off
& ~3)) {
163 "pack_key32: 32 bit offsets must begin in 32bit boundaries\n");
167 tkey
->val
= htonl(tkey
->val
& retain
);
168 tkey
->mask
= htonl(tkey
->mask
| ~retain
);
169 return pack_key(sel
, tkey
);
172 int pack_key16(__u32 retain
, struct m_pedit_sel
*sel
,
173 struct m_pedit_key
*tkey
)
176 __u32 m
[4] = { 0x0000FFFF, 0xFF0000FF, 0xFFFF0000 };
178 if (tkey
->val
> 0xFFFF || tkey
->mask
> 0xFFFF) {
179 fprintf(stderr
, "pack_key16 bad value\n");
186 fprintf(stderr
, "pack_key16 bad index value %d\n", ind
);
190 stride
= 8 * (2 - ind
);
191 tkey
->val
= htonl((tkey
->val
& retain
) << stride
);
192 tkey
->mask
= htonl(((tkey
->mask
| ~retain
) << stride
) | m
[ind
]);
197 printf("pack_key16: Final val %08x mask %08x\n",
198 tkey
->val
, tkey
->mask
);
199 return pack_key(sel
, tkey
);
203 int pack_key8(__u32 retain
, struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
)
206 __u32 m
[4] = { 0x00FFFFFF, 0xFF00FFFF, 0xFFFF00FF, 0xFFFFFF00 };
208 if (tkey
->val
> 0xFF || tkey
->mask
> 0xFF) {
209 fprintf(stderr
, "pack_key8 bad value (val %x mask %x\n",
210 tkey
->val
, tkey
->mask
);
216 stride
= 8 * (3 - ind
);
217 tkey
->val
= htonl((tkey
->val
& retain
) << stride
);
218 tkey
->mask
= htonl(((tkey
->mask
| ~retain
) << stride
) | m
[ind
]);
223 printf("pack_key8: Final word off %d val %08x mask %08x\n",
224 tkey
->off
, tkey
->val
, tkey
->mask
);
225 return pack_key(sel
, tkey
);
228 static int pack_mac(struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
,
233 if (!(tkey
->off
& 0x3)) {
235 tkey
->val
= ntohl(*((__u32
*)mac
));
236 ret
|= pack_key32(~0, sel
, tkey
);
240 tkey
->val
= ntohs(*((__u16
*)&mac
[4]));
241 ret
|= pack_key16(~0, sel
, tkey
);
242 } else if (!(tkey
->off
& 0x1)) {
244 tkey
->val
= ntohs(*((__u16
*)mac
));
245 ret
|= pack_key16(~0, sel
, tkey
);
249 tkey
->val
= ntohl(*((__u32
*)(mac
+ 2)));
250 ret
|= pack_key32(~0, sel
, tkey
);
253 "pack_mac: mac offsets must begin in 32bit or 16bit boundaries\n");
260 static int pack_ipv6(struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
,
266 if (tkey
->off
& 0x3) {
268 "pack_ipv6: IPv6 offsets must begin in 32bit boundaries\n");
272 for (i
= 0; i
< 4; i
++) {
274 tkey
->val
= ntohl(ipv6
[i
]);
276 ret
= pack_key32(~0, sel
, tkey
);
286 int parse_val(int *argc_p
, char ***argv_p
, __u32
*val
, int type
)
289 char **argv
= *argv_p
;
295 return get_integer((int *)val
, *argv
, 0);
298 return get_u32(val
, *argv
, 0);
303 if (get_prefix_1(&addr
, *argv
, AF_INET
))
313 if (get_prefix_1(&addr
, *argv
, AF_INET6
))
316 memcpy(val
, addr
.data
, addr
.bytelen
);
323 int ret
= ll_addr_a2n((char *)val
, MAC_ALEN
, *argv
);
332 int parse_cmd(int *argc_p
, char ***argv_p
, __u32 len
, int type
, __u32 retain
,
333 struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
)
335 __u32 mask
[4] = { 0 };
336 __u32 val
[4] = { 0 };
342 char **argv
= *argv_p
;
348 printf("parse_cmd argc %d %s offset %d length %d\n",
349 argc
, *argv
, tkey
->off
, len
);
356 if (matches(*argv
, "invert") == 0) {
358 } else if (matches(*argv
, "set") == 0 ||
359 matches(*argv
, "add") == 0) {
360 if (matches(*argv
, "add") == 0)
361 tkey
->cmd
= TCA_PEDIT_KEY_EX_CMD_ADD
;
363 if (!sel
->extended
&& tkey
->cmd
) {
365 "Non extended mode. only 'set' command is supported\n");
370 if (parse_val(&argc
, &argv
, val
, type
))
372 } else if (matches(*argv
, "preserve") == 0) {
375 if (matches(*argv
, "clear") != 0)
382 if (argc
&& matches(*argv
, "retain") == 0) {
384 if (parse_val(&argc
, &argv
, &retain
, TU32
))
390 if (len
> 4 && retain
!= ~0) {
392 "retain is not supported for fields longer the 32 bits\n");
397 res
= pack_mac(sel
, tkey
, (__u8
*)val
);
402 res
= pack_ipv6(sel
, tkey
, val
);
410 tkey
->val
= ntohl(tkey
->val
);
413 res
= pack_key8(retain
, sel
, tkey
);
417 res
= pack_key16(retain
, sel
, tkey
);
421 res
= pack_key32(retain
, sel
, tkey
);
428 printf("parse_cmd done argc %d %s offset %d length %d\n",
429 argc
, *argv
, tkey
->off
, len
);
436 int parse_offset(int *argc_p
, char ***argv_p
, struct m_pedit_sel
*sel
,
437 struct m_pedit_key
*tkey
)
442 char **argv
= *argv_p
;
448 if (get_integer(&off
, *argv
, 0))
458 if (matches(*argv
, "u32") == 0) {
463 if (matches(*argv
, "u16") == 0) {
468 if (matches(*argv
, "u8") == 0) {
480 /* [at <someval> offmask <maskval> shift <shiftval>] */
481 if (matches(*argv
, "at") == 0) {
483 __u32 atv
= 0, offmask
= 0x0, shift
= 0;
486 if (get_u32(&atv
, *argv
, 0))
492 if (get_u32(&offmask
, *argv
, 16))
494 tkey
->offmask
= offmask
;
498 if (get_u32(&shift
, *argv
, 0))
505 res
= parse_cmd(&argc
, &argv
, len
, TU32
, retain
, sel
, tkey
);
512 static int parse_munge(int *argc_p
, char ***argv_p
, struct m_pedit_sel
*sel
)
514 struct m_pedit_key tkey
= {};
516 char **argv
= *argv_p
;
522 if (matches(*argv
, "offset") == 0) {
524 res
= parse_offset(&argc
, &argv
, sel
, &tkey
);
527 char k
[FILTER_NAMESZ
];
528 struct m_pedit_util
*p
= NULL
;
530 strncpy(k
, *argv
, sizeof(k
) - 1);
533 p
= get_pedit_kind(k
);
537 res
= p
->parse_peopt(&argc
, &argv
, sel
, &tkey
);
539 fprintf(stderr
, "bad pedit parsing\n");
556 static int pedit_keys_ex_getattr(struct rtattr
*attr
,
557 struct m_pedit_key_ex
*keys_ex
, int n
)
560 int rem
= RTA_PAYLOAD(attr
);
561 struct rtattr
*tb
[TCA_PEDIT_KEY_EX_MAX
+ 1];
562 struct m_pedit_key_ex
*k
= keys_ex
;
564 for (i
= RTA_DATA(attr
); RTA_OK(i
, rem
); i
= RTA_NEXT(i
, rem
)) {
568 if (i
->rta_type
!= TCA_PEDIT_KEY_EX
)
571 parse_rtattr_nested(tb
, TCA_PEDIT_KEY_EX_MAX
, i
);
573 k
->htype
= rta_getattr_u16(tb
[TCA_PEDIT_KEY_EX_HTYPE
]);
574 k
->cmd
= rta_getattr_u16(tb
[TCA_PEDIT_KEY_EX_CMD
]);
583 static int pedit_keys_ex_addattr(struct m_pedit_sel
*sel
, struct nlmsghdr
*n
)
585 struct m_pedit_key_ex
*k
= sel
->keys_ex
;
586 struct rtattr
*keys_start
;
592 keys_start
= addattr_nest(n
, MAX_MSG
, TCA_PEDIT_KEYS_EX
| NLA_F_NESTED
);
594 for (i
= 0; i
< sel
->sel
.nkeys
; i
++) {
595 struct rtattr
*key_start
;
597 key_start
= addattr_nest(n
, MAX_MSG
,
598 TCA_PEDIT_KEY_EX
| NLA_F_NESTED
);
600 if (addattr16(n
, MAX_MSG
, TCA_PEDIT_KEY_EX_HTYPE
, k
->htype
) ||
601 addattr16(n
, MAX_MSG
, TCA_PEDIT_KEY_EX_CMD
, k
->cmd
)) {
605 addattr_nest_end(n
, key_start
);
610 addattr_nest_end(n
, keys_start
);
615 int parse_pedit(struct action_util
*a
, int *argc_p
, char ***argv_p
, int tca_id
,
618 struct m_pedit_sel sel
= {};
621 char **argv
= *argv_p
;
627 fprintf(stderr
, "while pedit (%d:%s)\n", argc
, *argv
);
628 if (matches(*argv
, "pedit") == 0) {
632 if (matches(*argv
, "ex") == 0) {
635 "'ex' must be before first 'munge'\n");
644 } else if (matches(*argv
, "help") == 0) {
646 } else if (matches(*argv
, "munge") == 0) {
648 fprintf(stderr
, "Bad pedit construct (%s)\n",
655 if (parse_munge(&argc
, &argv
, &sel
)) {
656 fprintf(stderr
, "Bad pedit construct (%s)\n",
673 parse_action_control_dflt(&argc
, &argv
, &sel
.sel
.action
, false, TC_ACT_OK
);
676 if (matches(*argv
, "index") == 0) {
678 if (get_u32(&sel
.sel
.index
, *argv
, 10)) {
679 fprintf(stderr
, "Pedit: Illegal \"index\"\n");
688 tail
= NLMSG_TAIL(n
);
689 addattr_l(n
, MAX_MSG
, tca_id
, NULL
, 0);
691 addattr_l(n
, MAX_MSG
, TCA_PEDIT_PARMS
, &sel
,
693 sel
.sel
.nkeys
* sizeof(struct tc_pedit_key
));
695 addattr_l(n
, MAX_MSG
, TCA_PEDIT_PARMS_EX
, &sel
,
697 sel
.sel
.nkeys
* sizeof(struct tc_pedit_key
));
699 pedit_keys_ex_addattr(&sel
, n
);
702 tail
->rta_len
= (void *)NLMSG_TAIL(n
) - (void *)tail
;
709 const char *pedit_htype_str
[] = {
710 [TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
] = "",
711 [TCA_PEDIT_KEY_EX_HDR_TYPE_ETH
] = "eth",
712 [TCA_PEDIT_KEY_EX_HDR_TYPE_IP4
] = "ipv4",
713 [TCA_PEDIT_KEY_EX_HDR_TYPE_IP6
] = "ipv6",
714 [TCA_PEDIT_KEY_EX_HDR_TYPE_TCP
] = "tcp",
715 [TCA_PEDIT_KEY_EX_HDR_TYPE_UDP
] = "udp",
718 static void print_pedit_location(FILE *f
,
719 enum pedit_header_type htype
, __u32 off
)
721 if (htype
== TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
) {
722 fprintf(f
, "%d", (unsigned int)off
);
726 if (htype
< ARRAY_SIZE(pedit_htype_str
))
727 fprintf(f
, "%s", pedit_htype_str
[htype
]);
729 fprintf(f
, "unknown(%d)", htype
);
731 fprintf(f
, "%c%d", (int)off
>= 0 ? '+' : '-', abs((int)off
));
734 int print_pedit(struct action_util
*au
, FILE *f
, struct rtattr
*arg
)
736 struct tc_pedit_sel
*sel
;
737 struct rtattr
*tb
[TCA_PEDIT_MAX
+ 1];
738 struct m_pedit_key_ex
*keys_ex
= NULL
;
743 parse_rtattr_nested(tb
, TCA_PEDIT_MAX
, arg
);
745 if (!tb
[TCA_PEDIT_PARMS
] && !tb
[TCA_PEDIT_PARMS_EX
]) {
746 fprintf(f
, "[NULL pedit parameters]");
750 if (tb
[TCA_PEDIT_PARMS
]) {
751 sel
= RTA_DATA(tb
[TCA_PEDIT_PARMS
]);
755 sel
= RTA_DATA(tb
[TCA_PEDIT_PARMS_EX
]);
757 if (!tb
[TCA_PEDIT_KEYS_EX
]) {
758 fprintf(f
, "Netlink error\n");
762 keys_ex
= calloc(sel
->nkeys
, sizeof(*keys_ex
));
764 fprintf(f
, "Out of memory\n");
768 err
= pedit_keys_ex_getattr(tb
[TCA_PEDIT_KEYS_EX
], keys_ex
,
771 fprintf(f
, "Netlink error\n");
778 fprintf(f
, " pedit ");
779 print_action_control(f
, "action ", sel
->action
, " ");
780 fprintf(f
,"keys %d\n ", sel
->nkeys
);
781 fprintf(f
, "\t index %u ref %d bind %d", sel
->index
, sel
->refcnt
,
785 if (tb
[TCA_PEDIT_TM
]) {
786 struct tcf_t
*tm
= RTA_DATA(tb
[TCA_PEDIT_TM
]);
793 struct tc_pedit_key
*key
= sel
->keys
;
794 struct m_pedit_key_ex
*key_ex
= keys_ex
;
796 for (i
= 0; i
< sel
->nkeys
; i
++, key
++) {
797 enum pedit_header_type htype
=
798 TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
;
799 enum pedit_cmd cmd
= TCA_PEDIT_KEY_EX_CMD_SET
;
802 htype
= key_ex
->htype
;
808 fprintf(f
, "\n\t key #%d", i
);
812 print_pedit_location(f
, htype
, key
->off
);
814 fprintf(f
, ": %s %08x mask %08x",
816 (unsigned int)ntohl(key
->val
),
817 (unsigned int)ntohl(key
->mask
));
820 fprintf(f
, "\npedit %x keys %d is not LEGIT", sel
->index
,
830 int pedit_print_xstats(struct action_util
*au
, FILE *f
, struct rtattr
*xstats
)
835 struct action_util pedit_action_util
= {
837 .parse_aopt
= parse_pedit
,
838 .print_aopt
= print_pedit
,