2 * m_pedit.c generic packet editor actions module
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: J Hadi Salim (hadi@cyberus.ca)
12 * 1) Big endian broken in some spots
13 * 2) A lot of this stuff was added on the fly; get a big double-double
14 * and clean it up at some point.
23 #include <sys/socket.h>
24 #include <netinet/in.h>
25 #include <arpa/inet.h>
33 static struct m_pedit_util
*pedit_list
;
34 static int pedit_debug
;
36 static void explain(void)
38 fprintf(stderr
, "Usage: ... pedit munge [ex] <MUNGE> [CONTROL]\n");
40 "Where: MUNGE := <RAW>|<LAYERED>\n"
41 "\t<RAW>:= <OFFSETC>[ATC]<CMD>\n \t\tOFFSETC:= offset <offval> <u8|u16|u32>\n"
42 "\t\tATC:= at <atval> offmask <maskval> shift <shiftval>\n"
43 "\t\tNOTE: offval is byte offset, must be multiple of 4\n"
44 "\t\tNOTE: maskval is a 32 bit hex number\n \t\tNOTE: shiftval is a shift value\n"
45 "\t\tCMD:= clear | invert | set <setval>| add <addval> | retain\n"
46 "\t<LAYERED>:= ip <ipdata> | ip6 <ip6data>\n"
47 " \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata>\n"
48 "\tCONTROL:= reclassify | pipe | drop | continue | pass\n"
49 "\tNOTE: if 'ex' is set, extended functionality will be supported (kernel >= 4.11)\n"
50 "For Example usage look at the examples directory\n");
54 static void usage(void)
60 static int pedit_parse_nopopt(int *argc_p
, char ***argv_p
,
61 struct m_pedit_sel
*sel
,
62 struct m_pedit_key
*tkey
)
65 char **argv
= *argv_p
;
69 "Unknown action hence option \"%s\" is unparsable\n",
78 static struct m_pedit_util
*get_pedit_kind(const char *str
)
83 struct m_pedit_util
*p
;
85 for (p
= pedit_list
; p
; p
= p
->next
) {
86 if (strcmp(p
->id
, str
) == 0)
90 snprintf(buf
, sizeof(buf
), "p_%s.so", str
);
91 dlh
= dlopen(buf
, RTLD_LAZY
);
95 dlh
= pBODY
= dlopen(NULL
, RTLD_LAZY
);
101 snprintf(buf
, sizeof(buf
), "p_pedit_%s", str
);
107 p
->next
= pedit_list
;
112 p
= calloc(1, sizeof(*p
));
114 strncpy(p
->id
, str
, sizeof(p
->id
) - 1);
115 p
->parse_peopt
= pedit_parse_nopopt
;
121 int pack_key(struct m_pedit_sel
*_sel
, struct m_pedit_key
*tkey
)
123 struct tc_pedit_sel
*sel
= &_sel
->sel
;
124 struct m_pedit_key_ex
*keys_ex
= _sel
->keys_ex
;
125 int hwm
= sel
->nkeys
;
131 fprintf(stderr
, "offsets MUST be in 32 bit boundaries\n");
135 sel
->keys
[hwm
].val
= tkey
->val
;
136 sel
->keys
[hwm
].mask
= tkey
->mask
;
137 sel
->keys
[hwm
].off
= tkey
->off
;
138 sel
->keys
[hwm
].at
= tkey
->at
;
139 sel
->keys
[hwm
].offmask
= tkey
->offmask
;
140 sel
->keys
[hwm
].shift
= tkey
->shift
;
142 if (_sel
->extended
) {
143 keys_ex
[hwm
].htype
= tkey
->htype
;
144 keys_ex
[hwm
].cmd
= tkey
->cmd
;
146 if (tkey
->htype
!= TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
||
147 tkey
->cmd
!= TCA_PEDIT_KEY_EX_CMD_SET
) {
149 "Munge parameters not supported. Use 'munge ex'.\n");
158 int pack_key32(__u32 retain
, struct m_pedit_sel
*sel
,
159 struct m_pedit_key
*tkey
)
161 if (tkey
->off
> (tkey
->off
& ~3)) {
163 "pack_key32: 32 bit offsets must begin in 32bit boundaries\n");
167 tkey
->val
= htonl(tkey
->val
& retain
);
168 tkey
->mask
= htonl(tkey
->mask
| ~retain
);
169 return pack_key(sel
, tkey
);
172 int pack_key16(__u32 retain
, struct m_pedit_sel
*sel
,
173 struct m_pedit_key
*tkey
)
176 __u32 m
[4] = { 0x0000FFFF, 0xFF0000FF, 0xFFFF0000 };
178 if (tkey
->val
> 0xFFFF || tkey
->mask
> 0xFFFF) {
179 fprintf(stderr
, "pack_key16 bad value\n");
186 fprintf(stderr
, "pack_key16 bad index value %d\n", ind
);
190 stride
= 8 * (2 - ind
);
191 tkey
->val
= htonl((tkey
->val
& retain
) << stride
);
192 tkey
->mask
= htonl(((tkey
->mask
| ~retain
) << stride
) | m
[ind
]);
197 printf("pack_key16: Final val %08x mask %08x\n",
198 tkey
->val
, tkey
->mask
);
199 return pack_key(sel
, tkey
);
203 int pack_key8(__u32 retain
, struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
)
206 __u32 m
[4] = { 0x00FFFFFF, 0xFF00FFFF, 0xFFFF00FF, 0xFFFFFF00 };
208 if (tkey
->val
> 0xFF || tkey
->mask
> 0xFF) {
209 fprintf(stderr
, "pack_key8 bad value (val %x mask %x\n",
210 tkey
->val
, tkey
->mask
);
216 stride
= 8 * (3 - ind
);
217 tkey
->val
= htonl((tkey
->val
& retain
) << stride
);
218 tkey
->mask
= htonl(((tkey
->mask
| ~retain
) << stride
) | m
[ind
]);
223 printf("pack_key8: Final word off %d val %08x mask %08x\n",
224 tkey
->off
, tkey
->val
, tkey
->mask
);
225 return pack_key(sel
, tkey
);
228 static int pack_mac(struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
,
233 if (!(tkey
->off
& 0x3)) {
235 tkey
->val
= ntohl(*((__u32
*)mac
));
236 ret
|= pack_key32(~0, sel
, tkey
);
240 tkey
->val
= ntohs(*((__u16
*)&mac
[4]));
241 ret
|= pack_key16(~0, sel
, tkey
);
242 } else if (!(tkey
->off
& 0x1)) {
244 tkey
->val
= ntohs(*((__u16
*)mac
));
245 ret
|= pack_key16(~0, sel
, tkey
);
249 tkey
->val
= ntohl(*((__u32
*)(mac
+ 2)));
250 ret
|= pack_key32(~0, sel
, tkey
);
253 "pack_mac: mac offsets must begin in 32bit or 16bit boundaries\n");
260 int parse_val(int *argc_p
, char ***argv_p
, __u32
*val
, int type
)
263 char **argv
= *argv_p
;
269 return get_integer((int *)val
, *argv
, 0);
272 return get_u32(val
, *argv
, 0);
277 if (get_prefix_1(&addr
, *argv
, AF_INET
))
285 return -1; /* not implemented yet */
289 int ret
= ll_addr_a2n((char *)val
, MAC_ALEN
, *argv
);
298 int parse_cmd(int *argc_p
, char ***argv_p
, __u32 len
, int type
, __u32 retain
,
299 struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
)
301 __u32 mask
[4] = { 0 };
302 __u32 val
[4] = { 0 };
308 char **argv
= *argv_p
;
314 printf("parse_cmd argc %d %s offset %d length %d\n",
315 argc
, *argv
, tkey
->off
, len
);
322 if (matches(*argv
, "invert") == 0) {
324 } else if (matches(*argv
, "set") == 0 ||
325 matches(*argv
, "add") == 0) {
326 if (matches(*argv
, "add") == 0)
327 tkey
->cmd
= TCA_PEDIT_KEY_EX_CMD_ADD
;
329 if (!sel
->extended
&& tkey
->cmd
) {
331 "Non extended mode. only 'set' command is supported\n");
336 if (parse_val(&argc
, &argv
, val
, type
))
338 } else if (matches(*argv
, "preserve") == 0) {
341 if (matches(*argv
, "clear") != 0)
348 if (argc
&& matches(*argv
, "retain") == 0) {
350 if (parse_val(&argc
, &argv
, &retain
, TU32
))
357 res
= pack_mac(sel
, tkey
, (__u8
*)val
);
365 tkey
->val
= ntohl(tkey
->val
);
368 res
= pack_key8(retain
, sel
, tkey
);
372 res
= pack_key16(retain
, sel
, tkey
);
376 res
= pack_key32(retain
, sel
, tkey
);
383 printf("parse_cmd done argc %d %s offset %d length %d\n",
384 argc
, *argv
, tkey
->off
, len
);
391 int parse_offset(int *argc_p
, char ***argv_p
, struct m_pedit_sel
*sel
,
392 struct m_pedit_key
*tkey
)
397 char **argv
= *argv_p
;
403 if (get_integer(&off
, *argv
, 0))
413 if (matches(*argv
, "u32") == 0) {
418 if (matches(*argv
, "u16") == 0) {
423 if (matches(*argv
, "u8") == 0) {
435 /* [at <someval> offmask <maskval> shift <shiftval>] */
436 if (matches(*argv
, "at") == 0) {
438 __u32 atv
= 0, offmask
= 0x0, shift
= 0;
441 if (get_u32(&atv
, *argv
, 0))
447 if (get_u32(&offmask
, *argv
, 16))
449 tkey
->offmask
= offmask
;
453 if (get_u32(&shift
, *argv
, 0))
460 res
= parse_cmd(&argc
, &argv
, len
, TU32
, retain
, sel
, tkey
);
467 static int parse_munge(int *argc_p
, char ***argv_p
, struct m_pedit_sel
*sel
)
469 struct m_pedit_key tkey
= {};
471 char **argv
= *argv_p
;
477 if (matches(*argv
, "offset") == 0) {
479 res
= parse_offset(&argc
, &argv
, sel
, &tkey
);
483 struct m_pedit_util
*p
= NULL
;
485 strncpy(k
, *argv
, sizeof(k
) - 1);
488 p
= get_pedit_kind(k
);
492 res
= p
->parse_peopt(&argc
, &argv
, sel
, &tkey
);
494 fprintf(stderr
, "bad pedit parsing\n");
511 static int pedit_keys_ex_getattr(struct rtattr
*attr
,
512 struct m_pedit_key_ex
*keys_ex
, int n
)
515 int rem
= RTA_PAYLOAD(attr
);
516 struct rtattr
*tb
[TCA_PEDIT_KEY_EX_MAX
+ 1];
517 struct m_pedit_key_ex
*k
= keys_ex
;
519 for (i
= RTA_DATA(attr
); RTA_OK(i
, rem
); i
= RTA_NEXT(i
, rem
)) {
523 if (i
->rta_type
!= TCA_PEDIT_KEY_EX
)
526 parse_rtattr_nested(tb
, TCA_PEDIT_KEY_EX_MAX
, i
);
528 k
->htype
= rta_getattr_u16(tb
[TCA_PEDIT_KEY_EX_HTYPE
]);
529 k
->cmd
= rta_getattr_u16(tb
[TCA_PEDIT_KEY_EX_CMD
]);
538 static int pedit_keys_ex_addattr(struct m_pedit_sel
*sel
, struct nlmsghdr
*n
)
540 struct m_pedit_key_ex
*k
= sel
->keys_ex
;
541 struct rtattr
*keys_start
;
547 keys_start
= addattr_nest(n
, MAX_MSG
, TCA_PEDIT_KEYS_EX
| NLA_F_NESTED
);
549 for (i
= 0; i
< sel
->sel
.nkeys
; i
++) {
550 struct rtattr
*key_start
;
552 key_start
= addattr_nest(n
, MAX_MSG
,
553 TCA_PEDIT_KEY_EX
| NLA_F_NESTED
);
555 if (addattr16(n
, MAX_MSG
, TCA_PEDIT_KEY_EX_HTYPE
, k
->htype
) ||
556 addattr16(n
, MAX_MSG
, TCA_PEDIT_KEY_EX_CMD
, k
->cmd
)) {
560 addattr_nest_end(n
, key_start
);
565 addattr_nest_end(n
, keys_start
);
570 int parse_pedit(struct action_util
*a
, int *argc_p
, char ***argv_p
, int tca_id
,
573 struct m_pedit_sel sel
= {};
576 char **argv
= *argv_p
;
582 fprintf(stderr
, "while pedit (%d:%s)\n", argc
, *argv
);
583 if (matches(*argv
, "pedit") == 0) {
587 if (matches(*argv
, "ex") == 0) {
590 "'ex' must be before first 'munge'\n");
599 } else if (matches(*argv
, "help") == 0) {
601 } else if (matches(*argv
, "munge") == 0) {
603 fprintf(stderr
, "Bad pedit construct (%s)\n",
610 if (parse_munge(&argc
, &argv
, &sel
)) {
611 fprintf(stderr
, "Bad pedit construct (%s)\n",
628 if (argc
&& !action_a2n(*argv
, &sel
.sel
.action
, false))
632 if (matches(*argv
, "index") == 0) {
634 if (get_u32(&sel
.sel
.index
, *argv
, 10)) {
635 fprintf(stderr
, "Pedit: Illegal \"index\"\n");
644 tail
= NLMSG_TAIL(n
);
645 addattr_l(n
, MAX_MSG
, tca_id
, NULL
, 0);
647 addattr_l(n
, MAX_MSG
, TCA_PEDIT_PARMS
, &sel
,
649 sel
.sel
.nkeys
* sizeof(struct tc_pedit_key
));
651 addattr_l(n
, MAX_MSG
, TCA_PEDIT_PARMS_EX
, &sel
,
653 sel
.sel
.nkeys
* sizeof(struct tc_pedit_key
));
655 pedit_keys_ex_addattr(&sel
, n
);
658 tail
->rta_len
= (void *)NLMSG_TAIL(n
) - (void *)tail
;
665 const char *pedit_htype_str
[] = {
666 [TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
] = "",
667 [TCA_PEDIT_KEY_EX_HDR_TYPE_ETH
] = "eth",
668 [TCA_PEDIT_KEY_EX_HDR_TYPE_IP4
] = "ipv4",
669 [TCA_PEDIT_KEY_EX_HDR_TYPE_IP6
] = "ipv6",
670 [TCA_PEDIT_KEY_EX_HDR_TYPE_TCP
] = "tcp",
671 [TCA_PEDIT_KEY_EX_HDR_TYPE_UDP
] = "udp",
674 static void print_pedit_location(FILE *f
,
675 enum pedit_header_type htype
, __u32 off
)
677 if (htype
== TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
) {
678 fprintf(f
, "%d", (unsigned int)off
);
682 if (htype
< ARRAY_SIZE(pedit_htype_str
))
683 fprintf(f
, "%s", pedit_htype_str
[htype
]);
685 fprintf(f
, "unknown(%d)", htype
);
687 fprintf(f
, "%c%d", (int)off
>= 0 ? '+' : '-', abs((int)off
));
690 int print_pedit(struct action_util
*au
, FILE *f
, struct rtattr
*arg
)
692 struct tc_pedit_sel
*sel
;
693 struct rtattr
*tb
[TCA_PEDIT_MAX
+ 1];
694 struct m_pedit_key_ex
*keys_ex
= NULL
;
699 parse_rtattr_nested(tb
, TCA_PEDIT_MAX
, arg
);
701 if (!tb
[TCA_PEDIT_PARMS
] && !tb
[TCA_PEDIT_PARMS_EX
]) {
702 fprintf(f
, "[NULL pedit parameters]");
706 if (tb
[TCA_PEDIT_PARMS
]) {
707 sel
= RTA_DATA(tb
[TCA_PEDIT_PARMS
]);
711 sel
= RTA_DATA(tb
[TCA_PEDIT_PARMS_EX
]);
713 if (!tb
[TCA_PEDIT_KEYS_EX
]) {
714 fprintf(f
, "Netlink error\n");
718 keys_ex
= calloc(sel
->nkeys
, sizeof(*keys_ex
));
720 fprintf(f
, "Out of memory\n");
724 err
= pedit_keys_ex_getattr(tb
[TCA_PEDIT_KEYS_EX
], keys_ex
,
727 fprintf(f
, "Netlink error\n");
734 fprintf(f
, " pedit action %s keys %d\n ",
735 action_n2a(sel
->action
), sel
->nkeys
);
736 fprintf(f
, "\t index %u ref %d bind %d", sel
->index
, sel
->refcnt
,
740 if (tb
[TCA_PEDIT_TM
]) {
741 struct tcf_t
*tm
= RTA_DATA(tb
[TCA_PEDIT_TM
]);
748 struct tc_pedit_key
*key
= sel
->keys
;
749 struct m_pedit_key_ex
*key_ex
= keys_ex
;
751 for (i
= 0; i
< sel
->nkeys
; i
++, key
++) {
752 enum pedit_header_type htype
=
753 TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
;
754 enum pedit_cmd cmd
= TCA_PEDIT_KEY_EX_CMD_SET
;
757 htype
= key_ex
->htype
;
763 fprintf(f
, "\n\t key #%d", i
);
767 print_pedit_location(f
, htype
, key
->off
);
769 fprintf(f
, ": %s %08x mask %08x",
771 (unsigned int)ntohl(key
->val
),
772 (unsigned int)ntohl(key
->mask
));
775 fprintf(f
, "\npedit %x keys %d is not LEGIT", sel
->index
,
785 int pedit_print_xstats(struct action_util
*au
, FILE *f
, struct rtattr
*xstats
)
790 struct action_util pedit_action_util
= {
792 .parse_aopt
= parse_pedit
,
793 .print_aopt
= print_pedit
,