]>
git.proxmox.com Git - mirror_iproute2.git/blob - tc/tc_filter.c
2 * tc_filter.c "tc filter".
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
17 #include <sys/socket.h>
18 #include <netinet/in.h>
19 #include <arpa/inet.h>
21 #include <linux/if_ether.h>
26 #include "tc_common.h"
28 static void usage(void)
31 "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n"
32 "Usage: tc filter get dev STRING parent CLASSID protocol PROTO handle FILTERID pref PRIO FILTER_TYPE\n"
33 " [ pref PRIO ] protocol PROTO [ chain CHAIN_INDEX ]\n"
34 " [ estimator INTERVAL TIME_CONSTANT ]\n"
35 " [ root | ingress | egress | parent CLASSID ]\n"
36 " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"
38 " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n"
40 "FILTER_TYPE := { rsvp | u32 | bpf | fw | route | etc. }\n"
41 "FILTERID := ... format depends on classifier, see there\n"
42 "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n");
45 static int tc_filter_modify(int cmd
, unsigned int flags
, int argc
, char **argv
)
52 .n
.nlmsg_len
= NLMSG_LENGTH(sizeof(struct tcmsg
)),
53 .n
.nlmsg_flags
= NLM_F_REQUEST
| flags
,
55 .t
.tcm_family
= AF_UNSPEC
,
57 struct filter_util
*q
= NULL
;
62 int chain_index_set
= 0;
64 char d
[IFNAMSIZ
] = {};
65 char k
[FILTER_NAMESZ
] = {};
66 struct tc_estimator est
= {};
68 if (cmd
== RTM_NEWTFILTER
&& flags
& NLM_F_CREATE
)
69 protocol
= htons(ETH_P_ALL
);
72 if (strcmp(*argv
, "dev") == 0) {
76 strncpy(d
, *argv
, sizeof(d
)-1);
77 } else if (strcmp(*argv
, "root") == 0) {
78 if (req
.t
.tcm_parent
) {
80 "Error: \"root\" is duplicate parent ID\n");
83 req
.t
.tcm_parent
= TC_H_ROOT
;
84 } else if (strcmp(*argv
, "ingress") == 0) {
85 if (req
.t
.tcm_parent
) {
87 "Error: \"ingress\" is duplicate parent ID\n");
90 req
.t
.tcm_parent
= TC_H_MAKE(TC_H_CLSACT
,
92 } else if (strcmp(*argv
, "egress") == 0) {
93 if (req
.t
.tcm_parent
) {
95 "Error: \"egress\" is duplicate parent ID\n");
98 req
.t
.tcm_parent
= TC_H_MAKE(TC_H_CLSACT
,
100 } else if (strcmp(*argv
, "parent") == 0) {
104 if (req
.t
.tcm_parent
)
105 duparg("parent", *argv
);
106 if (get_tc_classid(&handle
, *argv
))
107 invarg("Invalid parent ID", *argv
);
108 req
.t
.tcm_parent
= handle
;
109 } else if (strcmp(*argv
, "handle") == 0) {
112 duparg("handle", *argv
);
114 } else if (matches(*argv
, "preference") == 0 ||
115 matches(*argv
, "priority") == 0) {
118 duparg("priority", *argv
);
119 if (get_u32(&prio
, *argv
, 0) || prio
> 0xFFFF)
120 invarg("invalid priority value", *argv
);
121 } else if (matches(*argv
, "protocol") == 0) {
126 duparg("protocol", *argv
);
127 if (ll_proto_a2n(&id
, *argv
))
128 invarg("invalid protocol", *argv
);
131 } else if (matches(*argv
, "chain") == 0) {
134 duparg("chain", *argv
);
135 if (get_u32(&chain_index
, *argv
, 0))
136 invarg("invalid chain index value", *argv
);
138 } else if (matches(*argv
, "estimator") == 0) {
139 if (parse_estimator(&argc
, &argv
, &est
) < 0)
141 } else if (matches(*argv
, "help") == 0) {
145 strncpy(k
, *argv
, sizeof(k
)-1);
147 q
= get_filter_kind(k
);
155 req
.t
.tcm_info
= TC_H_MAKE(prio
<<16, protocol
);
158 addattr32(&req
.n
, sizeof(req
), TCA_CHAIN
, chain_index
);
161 addattr_l(&req
.n
, sizeof(req
), TCA_KIND
, k
, strlen(k
)+1);
166 req
.t
.tcm_ifindex
= ll_name_to_index(d
);
167 if (req
.t
.tcm_ifindex
== 0) {
168 fprintf(stderr
, "Cannot find device \"%s\"\n", d
);
174 if (q
->parse_fopt(q
, fhandle
, argc
, argv
, &req
.n
))
179 "Must specify filter type when using \"handle\"\n");
183 if (matches(*argv
, "help") == 0)
186 "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n",
193 addattr_l(&req
.n
, sizeof(req
), TCA_RATE
, &est
, sizeof(est
));
195 if (rtnl_talk(&rth
, &req
.n
, NULL
) < 0) {
196 fprintf(stderr
, "We have an error talking to the kernel\n");
203 static __u32 filter_parent
;
204 static int filter_ifindex
;
205 static __u32 filter_prio
;
206 static __u32 filter_protocol
;
207 static __u32 filter_chain_index
;
208 static int filter_chain_index_set
;
211 int print_filter(const struct sockaddr_nl
*who
, struct nlmsghdr
*n
, void *arg
)
213 FILE *fp
= (FILE *)arg
;
214 struct tcmsg
*t
= NLMSG_DATA(n
);
215 int len
= n
->nlmsg_len
;
216 struct rtattr
*tb
[TCA_MAX
+1];
217 struct filter_util
*q
;
220 if (n
->nlmsg_type
!= RTM_NEWTFILTER
&&
221 n
->nlmsg_type
!= RTM_GETTFILTER
&&
222 n
->nlmsg_type
!= RTM_DELTFILTER
) {
223 fprintf(stderr
, "Not a filter(cmd %d)\n", n
->nlmsg_type
);
226 len
-= NLMSG_LENGTH(sizeof(*t
));
228 fprintf(stderr
, "Wrong len %d\n", len
);
232 parse_rtattr(tb
, TCA_MAX
, TCA_RTA(t
), len
);
234 if (tb
[TCA_KIND
] == NULL
) {
235 fprintf(stderr
, "print_filter: NULL kind\n");
239 open_json_object(NULL
);
241 if (n
->nlmsg_type
== RTM_DELTFILTER
)
242 print_bool(PRINT_ANY
, "deleted", "deleted ", true);
244 if (n
->nlmsg_type
== RTM_NEWTFILTER
&&
245 (n
->nlmsg_flags
& NLM_F_CREATE
) &&
246 !(n
->nlmsg_flags
& NLM_F_EXCL
))
247 print_bool(PRINT_ANY
, "replaced", "replaced ", true);
249 if (n
->nlmsg_type
== RTM_NEWTFILTER
&&
250 (n
->nlmsg_flags
& NLM_F_CREATE
) &&
251 (n
->nlmsg_flags
& NLM_F_EXCL
))
252 print_bool(PRINT_ANY
, "added", "added ", true);
254 print_string(PRINT_FP
, NULL
, "filter ", NULL
);
255 if (!filter_ifindex
|| filter_ifindex
!= t
->tcm_ifindex
)
256 print_string(PRINT_ANY
, "dev", "dev %s ",
257 ll_index_to_name(t
->tcm_ifindex
));
259 if (!filter_parent
|| filter_parent
!= t
->tcm_parent
) {
260 if (t
->tcm_parent
== TC_H_ROOT
)
261 print_bool(PRINT_ANY
, "root", "root ", true);
262 else if (t
->tcm_parent
== TC_H_MAKE(TC_H_CLSACT
, TC_H_MIN_INGRESS
))
263 print_bool(PRINT_ANY
, "ingress", "ingress ", true);
264 else if (t
->tcm_parent
== TC_H_MAKE(TC_H_CLSACT
, TC_H_MIN_EGRESS
))
265 print_bool(PRINT_ANY
, "egress", "egress ", true);
267 print_tc_classid(abuf
, sizeof(abuf
), t
->tcm_parent
);
268 print_string(PRINT_ANY
, "parent", "parent %s ", abuf
);
273 f_proto
= TC_H_MIN(t
->tcm_info
);
274 __u32 prio
= TC_H_MAJ(t
->tcm_info
)>>16;
276 if (!filter_protocol
|| filter_protocol
!= f_proto
) {
279 print_string(PRINT_JSON
, "protocol",
281 ll_proto_n2a(f_proto
, b1
, sizeof(b1
)));
284 if (!filter_prio
|| filter_prio
!= prio
) {
286 print_uint(PRINT_ANY
, "pref", "pref %u ", prio
);
289 print_string(PRINT_ANY
, "kind", "%s ", rta_getattr_str(tb
[TCA_KIND
]));
292 __u32 chain_index
= rta_getattr_u32(tb
[TCA_CHAIN
]);
294 if (!filter_chain_index_set
||
295 filter_chain_index
!= chain_index
)
296 print_uint(PRINT_ANY
, "chain", "chain %u ",
300 q
= get_filter_kind(RTA_DATA(tb
[TCA_KIND
]));
301 if (tb
[TCA_OPTIONS
]) {
302 open_json_object("options");
304 q
->print_fopt(q
, fp
, tb
[TCA_OPTIONS
], t
->tcm_handle
);
306 print_string(PRINT_FP
, NULL
,
307 "[cannot parse parameters]", NULL
);
310 print_string(PRINT_FP
, NULL
, "\n", NULL
);
312 if (show_stats
&& (tb
[TCA_STATS
] || tb
[TCA_STATS2
])) {
313 print_tcstats_attr(fp
, tb
, " ", NULL
);
314 print_string(PRINT_FP
, NULL
, "\n", NULL
);
322 static int tc_filter_get(int cmd
, unsigned int flags
, int argc
, char **argv
)
329 .n
.nlmsg_len
= NLMSG_LENGTH(sizeof(struct tcmsg
)),
330 /* NLM_F_ECHO is for backward compatibility. old kernels never
331 * respond without it and newer kernels will ignore it.
332 * In old kernels there is a side effect:
333 * In addition to a response to the GET you will receive an
334 * event (if you do tc mon).
336 .n
.nlmsg_flags
= NLM_F_REQUEST
| NLM_F_ECHO
| flags
,
338 .t
.tcm_parent
= TC_H_UNSPEC
,
339 .t
.tcm_family
= AF_UNSPEC
,
341 struct nlmsghdr
*answer
;
342 struct filter_util
*q
= NULL
;
345 int protocol_set
= 0;
347 int chain_index_set
= 0;
348 __u32 parent_handle
= 0;
349 char *fhandle
= NULL
;
350 char d
[IFNAMSIZ
] = {};
351 char k
[FILTER_NAMESZ
] = {};
354 if (strcmp(*argv
, "dev") == 0) {
357 duparg("dev", *argv
);
358 strncpy(d
, *argv
, sizeof(d
)-1);
359 } else if (strcmp(*argv
, "root") == 0) {
360 if (req
.t
.tcm_parent
) {
362 "Error: \"root\" is duplicate parent ID\n");
365 req
.t
.tcm_parent
= TC_H_ROOT
;
366 } else if (strcmp(*argv
, "ingress") == 0) {
367 if (req
.t
.tcm_parent
) {
369 "Error: \"ingress\" is duplicate parent ID\n");
372 req
.t
.tcm_parent
= TC_H_MAKE(TC_H_CLSACT
,
374 } else if (strcmp(*argv
, "egress") == 0) {
375 if (req
.t
.tcm_parent
) {
377 "Error: \"egress\" is duplicate parent ID\n");
380 req
.t
.tcm_parent
= TC_H_MAKE(TC_H_CLSACT
,
382 } else if (strcmp(*argv
, "parent") == 0) {
385 if (req
.t
.tcm_parent
)
386 duparg("parent", *argv
);
387 if (get_tc_classid(&parent_handle
, *argv
))
388 invarg("Invalid parent ID", *argv
);
389 req
.t
.tcm_parent
= parent_handle
;
390 } else if (strcmp(*argv
, "handle") == 0) {
393 duparg("handle", *argv
);
395 } else if (matches(*argv
, "preference") == 0 ||
396 matches(*argv
, "priority") == 0) {
399 duparg("priority", *argv
);
400 if (get_u32(&prio
, *argv
, 0) || prio
> 0xFFFF)
401 invarg("invalid priority value", *argv
);
402 } else if (matches(*argv
, "protocol") == 0) {
407 duparg("protocol", *argv
);
408 if (ll_proto_a2n(&id
, *argv
))
409 invarg("invalid protocol", *argv
);
412 } else if (matches(*argv
, "chain") == 0) {
415 duparg("chain", *argv
);
416 if (get_u32(&chain_index
, *argv
, 0))
417 invarg("invalid chain index value", *argv
);
419 } else if (matches(*argv
, "help") == 0) {
424 invarg("invalid filter name", *argv
);
426 strncpy(k
, *argv
, sizeof(k
)-1);
428 q
= get_filter_kind(k
);
437 fprintf(stderr
, "Must specify filter protocol\n");
442 fprintf(stderr
, "Must specify filter priority\n");
446 req
.t
.tcm_info
= TC_H_MAKE(prio
<<16, protocol
);
449 addattr32(&req
.n
, sizeof(req
), TCA_CHAIN
, chain_index
);
451 if (req
.t
.tcm_parent
== TC_H_UNSPEC
) {
452 fprintf(stderr
, "Must specify filter parent\n");
457 addattr_l(&req
.n
, sizeof(req
), TCA_KIND
, k
, strlen(k
)+1);
459 fprintf(stderr
, "Must specify filter type\n");
466 req
.t
.tcm_ifindex
= ll_name_to_index(d
);
467 if (req
.t
.tcm_ifindex
== 0) {
468 fprintf(stderr
, "Cannot find device \"%s\"\n", d
);
471 filter_ifindex
= req
.t
.tcm_ifindex
;
473 fprintf(stderr
, "Must specify netdevice \"dev\"\n");
477 if (q
->parse_fopt(q
, fhandle
, argc
, argv
, &req
.n
))
481 fprintf(stderr
, "Must specify filter \"handle\"\n");
486 if (matches(*argv
, "help") == 0)
489 "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n",
494 if (rtnl_talk(&rth
, &req
.n
, &answer
) < 0) {
495 fprintf(stderr
, "We have an error talking to the kernel\n");
500 print_filter(NULL
, answer
, (void *)stdout
);
507 static int tc_filter_list(int argc
, char **argv
)
514 .n
.nlmsg_len
= NLMSG_LENGTH(sizeof(struct tcmsg
)),
515 .n
.nlmsg_type
= RTM_GETTFILTER
,
516 .t
.tcm_parent
= TC_H_UNSPEC
,
517 .t
.tcm_family
= AF_UNSPEC
,
519 char d
[IFNAMSIZ
] = {};
523 char *fhandle
= NULL
;
526 if (strcmp(*argv
, "dev") == 0) {
529 duparg("dev", *argv
);
530 strncpy(d
, *argv
, sizeof(d
)-1);
531 } else if (strcmp(*argv
, "root") == 0) {
532 if (req
.t
.tcm_parent
) {
534 "Error: \"root\" is duplicate parent ID\n");
537 filter_parent
= req
.t
.tcm_parent
= TC_H_ROOT
;
538 } else if (strcmp(*argv
, "ingress") == 0) {
539 if (req
.t
.tcm_parent
) {
541 "Error: \"ingress\" is duplicate parent ID\n");
544 filter_parent
= TC_H_MAKE(TC_H_CLSACT
,
546 req
.t
.tcm_parent
= filter_parent
;
547 } else if (strcmp(*argv
, "egress") == 0) {
548 if (req
.t
.tcm_parent
) {
550 "Error: \"egress\" is duplicate parent ID\n");
553 filter_parent
= TC_H_MAKE(TC_H_CLSACT
,
555 req
.t
.tcm_parent
= filter_parent
;
556 } else if (strcmp(*argv
, "parent") == 0) {
560 if (req
.t
.tcm_parent
)
561 duparg("parent", *argv
);
562 if (get_tc_classid(&handle
, *argv
))
563 invarg("invalid parent ID", *argv
);
564 filter_parent
= req
.t
.tcm_parent
= handle
;
565 } else if (strcmp(*argv
, "handle") == 0) {
568 duparg("handle", *argv
);
570 } else if (matches(*argv
, "preference") == 0 ||
571 matches(*argv
, "priority") == 0) {
574 duparg("priority", *argv
);
575 if (get_u32(&prio
, *argv
, 0))
576 invarg("invalid preference", *argv
);
578 } else if (matches(*argv
, "protocol") == 0) {
583 duparg("protocol", *argv
);
584 if (ll_proto_a2n(&res
, *argv
))
585 invarg("invalid protocol", *argv
);
587 filter_protocol
= protocol
;
588 } else if (matches(*argv
, "chain") == 0) {
590 if (filter_chain_index_set
)
591 duparg("chain", *argv
);
592 if (get_u32(&chain_index
, *argv
, 0))
593 invarg("invalid chain index value", *argv
);
594 filter_chain_index_set
= 1;
595 filter_chain_index
= chain_index
;
596 } else if (matches(*argv
, "help") == 0) {
600 " What is \"%s\"? Try \"tc filter help\"\n",
608 req
.t
.tcm_info
= TC_H_MAKE(prio
<<16, protocol
);
613 req
.t
.tcm_ifindex
= ll_name_to_index(d
);
614 if (req
.t
.tcm_ifindex
== 0) {
615 fprintf(stderr
, "Cannot find device \"%s\"\n", d
);
618 filter_ifindex
= req
.t
.tcm_ifindex
;
621 if (filter_chain_index_set
)
622 addattr32(&req
.n
, sizeof(req
), TCA_CHAIN
, chain_index
);
624 if (rtnl_dump_request_n(&rth
, &req
.n
) < 0) {
625 perror("Cannot send dump request");
630 if (rtnl_dump_filter(&rth
, print_filter
, stdout
) < 0) {
631 fprintf(stderr
, "Dump terminated\n");
639 int do_filter(int argc
, char **argv
)
642 return tc_filter_list(0, NULL
);
643 if (matches(*argv
, "add") == 0)
644 return tc_filter_modify(RTM_NEWTFILTER
, NLM_F_EXCL
|NLM_F_CREATE
,
646 if (matches(*argv
, "change") == 0)
647 return tc_filter_modify(RTM_NEWTFILTER
, 0, argc
-1, argv
+1);
648 if (matches(*argv
, "replace") == 0)
649 return tc_filter_modify(RTM_NEWTFILTER
, NLM_F_CREATE
, argc
-1,
651 if (matches(*argv
, "delete") == 0)
652 return tc_filter_modify(RTM_DELTFILTER
, 0, argc
-1, argv
+1);
653 if (matches(*argv
, "get") == 0)
654 return tc_filter_get(RTM_GETTFILTER
, 0, argc
-1, argv
+1);
655 if (matches(*argv
, "list") == 0 || matches(*argv
, "show") == 0
656 || matches(*argv
, "lst") == 0)
657 return tc_filter_list(argc
-1, argv
+1);
658 if (matches(*argv
, "help") == 0) {
662 fprintf(stderr
, "Command \"%s\" is unknown, try \"tc filter help\".\n",