2 * m_pedit.c generic packet editor actions module
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: J Hadi Salim (hadi@cyberus.ca)
12 * 1) Big endian broken in some spots
13 * 2) A lot of this stuff was added on the fly; get a big double-double
14 * and clean it up at some point.
23 #include <sys/socket.h>
24 #include <netinet/in.h>
25 #include <arpa/inet.h>
32 static struct m_pedit_util
*pedit_list
;
33 static int pedit_debug
;
35 static void explain(void)
37 fprintf(stderr
, "Usage: ... pedit munge [ex] <MUNGE> [CONTROL]\n");
39 "Where: MUNGE := <RAW>|<LAYERED>\n"
40 "\t<RAW>:= <OFFSETC>[ATC]<CMD>\n \t\tOFFSETC:= offset <offval> <u8|u16|u32>\n"
41 "\t\tATC:= at <atval> offmask <maskval> shift <shiftval>\n"
42 "\t\tNOTE: offval is byte offset, must be multiple of 4\n"
43 "\t\tNOTE: maskval is a 32 bit hex number\n \t\tNOTE: shiftval is a shift value\n"
44 "\t\tCMD:= clear | invert | set <setval>| add <addval> | retain\n"
45 "\t<LAYERED>:= ip <ipdata> | ip6 <ip6data>\n"
46 " \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata>\n"
47 "\tCONTROL:= reclassify | pipe | drop | continue | pass\n"
48 "\tNOTE: if 'ex' is set, extended functionality will be supported (kernel >= 4.11)\n"
49 "For Example usage look at the examples directory\n");
53 static void usage(void)
59 static int pedit_parse_nopopt(int *argc_p
, char ***argv_p
,
60 struct m_pedit_sel
*sel
,
61 struct m_pedit_key
*tkey
)
64 char **argv
= *argv_p
;
68 "Unknown action hence option \"%s\" is unparsable\n",
77 static struct m_pedit_util
*get_pedit_kind(const char *str
)
82 struct m_pedit_util
*p
;
84 for (p
= pedit_list
; p
; p
= p
->next
) {
85 if (strcmp(p
->id
, str
) == 0)
89 snprintf(buf
, sizeof(buf
), "p_%s.so", str
);
90 dlh
= dlopen(buf
, RTLD_LAZY
);
94 dlh
= pBODY
= dlopen(NULL
, RTLD_LAZY
);
100 snprintf(buf
, sizeof(buf
), "p_pedit_%s", str
);
106 p
->next
= pedit_list
;
111 p
= calloc(1, sizeof(*p
));
113 strncpy(p
->id
, str
, sizeof(p
->id
) - 1);
114 p
->parse_peopt
= pedit_parse_nopopt
;
120 int pack_key(struct m_pedit_sel
*_sel
, struct m_pedit_key
*tkey
)
122 struct tc_pedit_sel
*sel
= &_sel
->sel
;
123 struct m_pedit_key_ex
*keys_ex
= _sel
->keys_ex
;
124 int hwm
= sel
->nkeys
;
130 fprintf(stderr
, "offsets MUST be in 32 bit boundaries\n");
134 sel
->keys
[hwm
].val
= tkey
->val
;
135 sel
->keys
[hwm
].mask
= tkey
->mask
;
136 sel
->keys
[hwm
].off
= tkey
->off
;
137 sel
->keys
[hwm
].at
= tkey
->at
;
138 sel
->keys
[hwm
].offmask
= tkey
->offmask
;
139 sel
->keys
[hwm
].shift
= tkey
->shift
;
141 if (_sel
->extended
) {
142 keys_ex
[hwm
].htype
= tkey
->htype
;
143 keys_ex
[hwm
].cmd
= tkey
->cmd
;
145 if (tkey
->htype
!= TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
||
146 tkey
->cmd
!= TCA_PEDIT_KEY_EX_CMD_SET
) {
147 fprintf(stderr
, "Munge parameters not supported. Use 'munge ex'.\n");
156 int pack_key32(__u32 retain
, struct m_pedit_sel
*sel
,
157 struct m_pedit_key
*tkey
)
159 if (tkey
->off
> (tkey
->off
& ~3)) {
161 "pack_key32: 32 bit offsets must begin in 32bit boundaries\n");
165 tkey
->val
= htonl(tkey
->val
& retain
);
166 tkey
->mask
= htonl(tkey
->mask
| ~retain
);
167 return pack_key(sel
, tkey
);
170 int pack_key16(__u32 retain
, struct m_pedit_sel
*sel
,
171 struct m_pedit_key
*tkey
)
174 __u32 m
[4] = { 0x0000FFFF, 0xFF0000FF, 0xFFFF0000 };
176 if (tkey
->val
> 0xFFFF || tkey
->mask
> 0xFFFF) {
177 fprintf(stderr
, "pack_key16 bad value\n");
184 fprintf(stderr
, "pack_key16 bad index value %d\n", ind
);
188 stride
= 8 * (2 - ind
);
189 tkey
->val
= htonl((tkey
->val
& retain
) << stride
);
190 tkey
->mask
= htonl(((tkey
->mask
| ~retain
) << stride
) | m
[ind
]);
195 printf("pack_key16: Final val %08x mask %08x\n",
196 tkey
->val
, tkey
->mask
);
197 return pack_key(sel
, tkey
);
201 int pack_key8(__u32 retain
, struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
)
204 __u32 m
[4] = { 0x00FFFFFF, 0xFF00FFFF, 0xFFFF00FF, 0xFFFFFF00 };
206 if (tkey
->val
> 0xFF || tkey
->mask
> 0xFF) {
207 fprintf(stderr
, "pack_key8 bad value (val %x mask %x\n",
208 tkey
->val
, tkey
->mask
);
214 stride
= 8 * (3 - ind
);
215 tkey
->val
= htonl((tkey
->val
& retain
) << stride
);
216 tkey
->mask
= htonl(((tkey
->mask
| ~retain
) << stride
) | m
[ind
]);
221 printf("pack_key8: Final word off %d val %08x mask %08x\n",
222 tkey
->off
, tkey
->val
, tkey
->mask
);
223 return pack_key(sel
, tkey
);
226 int parse_val(int *argc_p
, char ***argv_p
, __u32
*val
, int type
)
229 char **argv
= *argv_p
;
235 return get_integer((int *)val
, *argv
, 0);
238 return get_u32(val
, *argv
, 0);
243 if (get_prefix_1(&addr
, *argv
, AF_INET
))
251 return -1; /* not implemented yet */
256 int parse_cmd(int *argc_p
, char ***argv_p
, __u32 len
, int type
, __u32 retain
,
257 struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
)
259 __u32 mask
[4] = { 0 };
260 __u32 val
[4] = { 0 };
266 char **argv
= *argv_p
;
272 printf("parse_cmd argc %d %s offset %d length %d\n",
273 argc
, *argv
, tkey
->off
, len
);
280 if (matches(*argv
, "invert") == 0) {
282 } else if (matches(*argv
, "set") == 0 ||
283 matches(*argv
, "add") == 0) {
284 if (matches(*argv
, "add") == 0)
285 tkey
->cmd
= TCA_PEDIT_KEY_EX_CMD_ADD
;
287 if (!sel
->extended
&& tkey
->cmd
) {
288 fprintf(stderr
, "Non extended mode. only 'set' command is supported\n");
293 if (parse_val(&argc
, &argv
, val
, type
))
295 } else if (matches(*argv
, "preserve") == 0) {
298 if (matches(*argv
, "clear") != 0)
305 if (argc
&& matches(*argv
, "retain") == 0) {
307 if (parse_val(&argc
, &argv
, &retain
, TU32
))
317 tkey
->val
= ntohl(tkey
->val
);
320 res
= pack_key8(retain
, sel
, tkey
);
324 res
= pack_key16(retain
, sel
, tkey
);
328 res
= pack_key32(retain
, sel
, tkey
);
335 printf("parse_cmd done argc %d %s offset %d length %d\n",
336 argc
, *argv
, tkey
->off
, len
);
343 int parse_offset(int *argc_p
, char ***argv_p
, struct m_pedit_sel
*sel
,
344 struct m_pedit_key
*tkey
)
349 char **argv
= *argv_p
;
355 if (get_integer(&off
, *argv
, 0))
365 if (matches(*argv
, "u32") == 0) {
370 if (matches(*argv
, "u16") == 0) {
375 if (matches(*argv
, "u8") == 0) {
387 /* [at <someval> offmask <maskval> shift <shiftval>] */
388 if (matches(*argv
, "at") == 0) {
390 __u32 atv
= 0, offmask
= 0x0, shift
= 0;
393 if (get_u32(&atv
, *argv
, 0))
399 if (get_u32(&offmask
, *argv
, 16))
401 tkey
->offmask
= offmask
;
405 if (get_u32(&shift
, *argv
, 0))
412 res
= parse_cmd(&argc
, &argv
, len
, TU32
, retain
, sel
, tkey
);
419 static int parse_munge(int *argc_p
, char ***argv_p
, struct m_pedit_sel
*sel
)
421 struct m_pedit_key tkey
= {};
423 char **argv
= *argv_p
;
429 if (matches(*argv
, "offset") == 0) {
431 res
= parse_offset(&argc
, &argv
, sel
, &tkey
);
435 struct m_pedit_util
*p
= NULL
;
437 strncpy(k
, *argv
, sizeof(k
) - 1);
440 p
= get_pedit_kind(k
);
444 res
= p
->parse_peopt(&argc
, &argv
, sel
, &tkey
);
446 fprintf(stderr
, "bad pedit parsing\n");
463 static int pedit_keys_ex_getattr(struct rtattr
*attr
,
464 struct m_pedit_key_ex
*keys_ex
, int n
)
467 int rem
= RTA_PAYLOAD(attr
);
468 struct rtattr
*tb
[TCA_PEDIT_KEY_EX_MAX
+ 1];
469 struct m_pedit_key_ex
*k
= keys_ex
;
471 for (i
= RTA_DATA(attr
); RTA_OK(i
, rem
); i
= RTA_NEXT(i
, rem
)) {
475 if (i
->rta_type
!= TCA_PEDIT_KEY_EX
)
478 parse_rtattr_nested(tb
, TCA_PEDIT_KEY_EX_MAX
, i
);
480 k
->htype
= rta_getattr_u16(tb
[TCA_PEDIT_KEY_EX_HTYPE
]);
481 k
->cmd
= rta_getattr_u16(tb
[TCA_PEDIT_KEY_EX_CMD
]);
490 static int pedit_keys_ex_addattr(struct m_pedit_sel
*sel
, struct nlmsghdr
*n
)
492 struct m_pedit_key_ex
*k
= sel
->keys_ex
;
493 struct rtattr
*keys_start
;
499 keys_start
= addattr_nest(n
, MAX_MSG
, TCA_PEDIT_KEYS_EX
| NLA_F_NESTED
);
501 for (i
= 0; i
< sel
->sel
.nkeys
; i
++) {
502 struct rtattr
*key_start
;
504 key_start
= addattr_nest(n
, MAX_MSG
,
505 TCA_PEDIT_KEY_EX
| NLA_F_NESTED
);
507 if (addattr16(n
, MAX_MSG
, TCA_PEDIT_KEY_EX_HTYPE
, k
->htype
) ||
508 addattr16(n
, MAX_MSG
, TCA_PEDIT_KEY_EX_CMD
, k
->cmd
)) {
512 addattr_nest_end(n
, key_start
);
517 addattr_nest_end(n
, keys_start
);
522 int parse_pedit(struct action_util
*a
, int *argc_p
, char ***argv_p
, int tca_id
,
525 struct m_pedit_sel sel
= {};
528 char **argv
= *argv_p
;
534 fprintf(stderr
, "while pedit (%d:%s)\n", argc
, *argv
);
535 if (matches(*argv
, "pedit") == 0) {
539 if (matches(*argv
, "ex") == 0) {
541 fprintf(stderr
, "'ex' must be before first 'munge'\n");
550 } else if (matches(*argv
, "help") == 0) {
552 } else if (matches(*argv
, "munge") == 0) {
554 fprintf(stderr
, "Bad pedit construct (%s)\n",
561 if (parse_munge(&argc
, &argv
, &sel
)) {
562 fprintf(stderr
, "Bad pedit construct (%s)\n",
579 if (argc
&& !action_a2n(*argv
, &sel
.sel
.action
, false))
583 if (matches(*argv
, "index") == 0) {
585 if (get_u32(&sel
.sel
.index
, *argv
, 10)) {
586 fprintf(stderr
, "Pedit: Illegal \"index\"\n");
595 tail
= NLMSG_TAIL(n
);
596 addattr_l(n
, MAX_MSG
, tca_id
, NULL
, 0);
598 addattr_l(n
, MAX_MSG
, TCA_PEDIT_PARMS
, &sel
,
600 sel
.sel
.nkeys
* sizeof(struct tc_pedit_key
));
602 addattr_l(n
, MAX_MSG
, TCA_PEDIT_PARMS_EX
, &sel
,
604 sel
.sel
.nkeys
* sizeof(struct tc_pedit_key
));
606 pedit_keys_ex_addattr(&sel
, n
);
609 tail
->rta_len
= (void *)NLMSG_TAIL(n
) - (void *)tail
;
616 const char *pedit_htype_str
[] = {
617 [TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
] = "",
618 [TCA_PEDIT_KEY_EX_HDR_TYPE_ETH
] = "eth",
619 [TCA_PEDIT_KEY_EX_HDR_TYPE_IP4
] = "ipv4",
620 [TCA_PEDIT_KEY_EX_HDR_TYPE_IP6
] = "ipv6",
621 [TCA_PEDIT_KEY_EX_HDR_TYPE_TCP
] = "tcp",
622 [TCA_PEDIT_KEY_EX_HDR_TYPE_UDP
] = "udp",
625 static void print_pedit_location(FILE *f
,
626 enum pedit_header_type htype
, __u32 off
)
628 if (htype
== TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
) {
629 fprintf(f
, "%d", (unsigned int)off
);
633 if (htype
< ARRAY_SIZE(pedit_htype_str
))
634 fprintf(f
, "%s", pedit_htype_str
[htype
]);
636 fprintf(f
, "unknown(%d)", htype
);
638 fprintf(f
, "%c%d", (int)off
>= 0 ? '+' : '-', abs((int)off
));
641 int print_pedit(struct action_util
*au
, FILE *f
, struct rtattr
*arg
)
643 struct tc_pedit_sel
*sel
;
644 struct rtattr
*tb
[TCA_PEDIT_MAX
+ 1];
645 struct m_pedit_key_ex
*keys_ex
= NULL
;
650 parse_rtattr_nested(tb
, TCA_PEDIT_MAX
, arg
);
652 if (!tb
[TCA_PEDIT_PARMS
] && !tb
[TCA_PEDIT_PARMS_EX
]) {
653 fprintf(f
, "[NULL pedit parameters]");
657 if (tb
[TCA_PEDIT_PARMS
]) {
658 sel
= RTA_DATA(tb
[TCA_PEDIT_PARMS
]);
662 sel
= RTA_DATA(tb
[TCA_PEDIT_PARMS_EX
]);
664 if (!tb
[TCA_PEDIT_KEYS_EX
]) {
665 fprintf(f
, "Netlink error\n");
669 keys_ex
= calloc(sel
->nkeys
, sizeof(*keys_ex
));
671 fprintf(f
, "Out of memory\n");
675 err
= pedit_keys_ex_getattr(tb
[TCA_PEDIT_KEYS_EX
], keys_ex
,
678 fprintf(f
, "Netlink error\n");
685 fprintf(f
, " pedit action %s keys %d\n ",
686 action_n2a(sel
->action
), sel
->nkeys
);
687 fprintf(f
, "\t index %u ref %d bind %d", sel
->index
, sel
->refcnt
,
691 if (tb
[TCA_PEDIT_TM
]) {
692 struct tcf_t
*tm
= RTA_DATA(tb
[TCA_PEDIT_TM
]);
699 struct tc_pedit_key
*key
= sel
->keys
;
700 struct m_pedit_key_ex
*key_ex
= keys_ex
;
702 for (i
= 0; i
< sel
->nkeys
; i
++, key
++) {
703 enum pedit_header_type htype
=
704 TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
;
705 enum pedit_cmd cmd
= TCA_PEDIT_KEY_EX_CMD_SET
;
708 htype
= key_ex
->htype
;
714 fprintf(f
, "\n\t key #%d", i
);
718 print_pedit_location(f
, htype
, key
->off
);
720 fprintf(f
, ": %s %08x mask %08x",
722 (unsigned int)ntohl(key
->val
),
723 (unsigned int)ntohl(key
->mask
));
726 fprintf(f
, "\npedit %x keys %d is not LEGIT", sel
->index
,
736 int pedit_print_xstats(struct action_util
*au
, FILE *f
, struct rtattr
*xstats
)
741 struct action_util pedit_action_util
= {
743 .parse_aopt
= parse_pedit
,
744 .print_aopt
= print_pedit
,