]> git.proxmox.com Git - mirror_iproute2.git/blob - tc/tc_filter.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into net-next
[mirror_iproute2.git] / tc / tc_filter.c
1 /*
2 * tc_filter.c "tc filter".
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10 *
11 */
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <unistd.h>
16 #include <syslog.h>
17 #include <fcntl.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
21 #include <string.h>
22 #include <linux/if_ether.h>
23
24 #include "rt_names.h"
25 #include "utils.h"
26 #include "tc_util.h"
27 #include "tc_common.h"
28
29 static void usage(void)
30 {
31 fprintf(stderr,
32 "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n"
33 "Usage: tc filter get dev STRING parent CLASSID protocol PROTO handle FILTERID pref PRIO FILTER_TYPE\n"
34 " [ pref PRIO ] protocol PROTO [ chain CHAIN_INDEX ]\n"
35 " [ estimator INTERVAL TIME_CONSTANT ]\n"
36 " [ root | ingress | egress | parent CLASSID ]\n"
37 " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"
38 "\n"
39 " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n"
40 "Where:\n"
41 "FILTER_TYPE := { rsvp | u32 | bpf | fw | route | etc. }\n"
42 "FILTERID := ... format depends on classifier, see there\n"
43 "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n");
44 }
45
46 static int tc_filter_modify(int cmd, unsigned int flags, int argc, char **argv)
47 {
48 struct {
49 struct nlmsghdr n;
50 struct tcmsg t;
51 char buf[MAX_MSG];
52 } req = {
53 .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
54 .n.nlmsg_flags = NLM_F_REQUEST | flags,
55 .n.nlmsg_type = cmd,
56 .t.tcm_family = AF_UNSPEC,
57 };
58 struct filter_util *q = NULL;
59 __u32 prio = 0;
60 __u32 protocol = 0;
61 int protocol_set = 0;
62 __u32 chain_index;
63 int chain_index_set = 0;
64 char *fhandle = NULL;
65 char d[16] = {};
66 char k[16] = {};
67 struct tc_estimator est = {};
68
69 if (cmd == RTM_NEWTFILTER && flags & NLM_F_CREATE)
70 protocol = htons(ETH_P_ALL);
71
72 while (argc > 0) {
73 if (strcmp(*argv, "dev") == 0) {
74 NEXT_ARG();
75 if (d[0])
76 duparg("dev", *argv);
77 strncpy(d, *argv, sizeof(d)-1);
78 } else if (strcmp(*argv, "root") == 0) {
79 if (req.t.tcm_parent) {
80 fprintf(stderr,
81 "Error: \"root\" is duplicate parent ID\n");
82 return -1;
83 }
84 req.t.tcm_parent = TC_H_ROOT;
85 } else if (strcmp(*argv, "ingress") == 0) {
86 if (req.t.tcm_parent) {
87 fprintf(stderr,
88 "Error: \"ingress\" is duplicate parent ID\n");
89 return -1;
90 }
91 req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
92 TC_H_MIN_INGRESS);
93 } else if (strcmp(*argv, "egress") == 0) {
94 if (req.t.tcm_parent) {
95 fprintf(stderr,
96 "Error: \"egress\" is duplicate parent ID\n");
97 return -1;
98 }
99 req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
100 TC_H_MIN_EGRESS);
101 } else if (strcmp(*argv, "parent") == 0) {
102 __u32 handle;
103
104 NEXT_ARG();
105 if (req.t.tcm_parent)
106 duparg("parent", *argv);
107 if (get_tc_classid(&handle, *argv))
108 invarg("Invalid parent ID", *argv);
109 req.t.tcm_parent = handle;
110 } else if (strcmp(*argv, "handle") == 0) {
111 NEXT_ARG();
112 if (fhandle)
113 duparg("handle", *argv);
114 fhandle = *argv;
115 } else if (matches(*argv, "preference") == 0 ||
116 matches(*argv, "priority") == 0) {
117 NEXT_ARG();
118 if (prio)
119 duparg("priority", *argv);
120 if (get_u32(&prio, *argv, 0) || prio > 0xFFFF)
121 invarg("invalid priority value", *argv);
122 } else if (matches(*argv, "protocol") == 0) {
123 __u16 id;
124
125 NEXT_ARG();
126 if (protocol_set)
127 duparg("protocol", *argv);
128 if (ll_proto_a2n(&id, *argv))
129 invarg("invalid protocol", *argv);
130 protocol = id;
131 protocol_set = 1;
132 } else if (matches(*argv, "chain") == 0) {
133 NEXT_ARG();
134 if (chain_index_set)
135 duparg("chain", *argv);
136 if (get_u32(&chain_index, *argv, 0))
137 invarg("invalid chain index value", *argv);
138 chain_index_set = 1;
139 } else if (matches(*argv, "estimator") == 0) {
140 if (parse_estimator(&argc, &argv, &est) < 0)
141 return -1;
142 } else if (matches(*argv, "help") == 0) {
143 usage();
144 return 0;
145 } else {
146 strncpy(k, *argv, sizeof(k)-1);
147
148 q = get_filter_kind(k);
149 argc--; argv++;
150 break;
151 }
152
153 argc--; argv++;
154 }
155
156 req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
157
158 if (chain_index_set)
159 addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
160
161 if (k[0])
162 addattr_l(&req.n, sizeof(req), TCA_KIND, k, strlen(k)+1);
163
164 if (q) {
165 if (q->parse_fopt(q, fhandle, argc, argv, &req.n))
166 return 1;
167 } else {
168 if (fhandle) {
169 fprintf(stderr,
170 "Must specify filter type when using \"handle\"\n");
171 return -1;
172 }
173 if (argc) {
174 if (matches(*argv, "help") == 0)
175 usage();
176 fprintf(stderr,
177 "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n",
178 *argv);
179 return -1;
180 }
181 }
182
183 if (est.ewma_log)
184 addattr_l(&req.n, sizeof(req), TCA_RATE, &est, sizeof(est));
185
186
187 if (d[0]) {
188 ll_init_map(&rth);
189
190 req.t.tcm_ifindex = ll_name_to_index(d);
191 if (req.t.tcm_ifindex == 0) {
192 fprintf(stderr, "Cannot find device \"%s\"\n", d);
193 return 1;
194 }
195 }
196
197 if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) {
198 fprintf(stderr, "We have an error talking to the kernel\n");
199 return 2;
200 }
201
202 return 0;
203 }
204
205 static __u32 filter_parent;
206 static int filter_ifindex;
207 static __u32 filter_prio;
208 static __u32 filter_protocol;
209 static __u32 filter_chain_index;
210 static int filter_chain_index_set;
211 __u16 f_proto;
212
213 int print_filter(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
214 {
215 FILE *fp = (FILE *)arg;
216 struct tcmsg *t = NLMSG_DATA(n);
217 int len = n->nlmsg_len;
218 struct rtattr *tb[TCA_MAX+1];
219 struct filter_util *q;
220 char abuf[256];
221
222 if (n->nlmsg_type != RTM_NEWTFILTER &&
223 n->nlmsg_type != RTM_GETTFILTER &&
224 n->nlmsg_type != RTM_DELTFILTER) {
225 fprintf(stderr, "Not a filter(cmd %d)\n", n->nlmsg_type);
226 return 0;
227 }
228 len -= NLMSG_LENGTH(sizeof(*t));
229 if (len < 0) {
230 fprintf(stderr, "Wrong len %d\n", len);
231 return -1;
232 }
233
234 parse_rtattr(tb, TCA_MAX, TCA_RTA(t), len);
235
236 if (tb[TCA_KIND] == NULL) {
237 fprintf(stderr, "print_filter: NULL kind\n");
238 return -1;
239 }
240
241 if (n->nlmsg_type == RTM_DELTFILTER)
242 fprintf(fp, "deleted ");
243
244 if (n->nlmsg_type == RTM_NEWTFILTER &&
245 (n->nlmsg_flags & NLM_F_CREATE) &&
246 !(n->nlmsg_flags & NLM_F_EXCL))
247 fprintf(fp, "replaced ");
248
249 if (n->nlmsg_type == RTM_NEWTFILTER &&
250 (n->nlmsg_flags & NLM_F_CREATE) &&
251 (n->nlmsg_flags & NLM_F_EXCL))
252 fprintf(fp, "added ");
253
254 fprintf(fp, "filter ");
255 if (!filter_ifindex || filter_ifindex != t->tcm_ifindex)
256 fprintf(fp, "dev %s ", ll_index_to_name(t->tcm_ifindex));
257
258 if (!filter_parent || filter_parent != t->tcm_parent) {
259 if (t->tcm_parent == TC_H_ROOT)
260 fprintf(fp, "root ");
261 else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS))
262 fprintf(fp, "ingress ");
263 else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_EGRESS))
264 fprintf(fp, "egress ");
265 else {
266 print_tc_classid(abuf, sizeof(abuf), t->tcm_parent);
267 fprintf(fp, "parent %s ", abuf);
268 }
269 }
270
271 if (t->tcm_info) {
272 f_proto = TC_H_MIN(t->tcm_info);
273 __u32 prio = TC_H_MAJ(t->tcm_info)>>16;
274
275 if (!filter_protocol || filter_protocol != f_proto) {
276 if (f_proto) {
277 SPRINT_BUF(b1);
278 fprintf(fp, "protocol %s ",
279 ll_proto_n2a(f_proto, b1, sizeof(b1)));
280 }
281 }
282 if (!filter_prio || filter_prio != prio) {
283 if (prio)
284 fprintf(fp, "pref %u ", prio);
285 }
286 }
287 fprintf(fp, "%s ", rta_getattr_str(tb[TCA_KIND]));
288
289 if (tb[TCA_CHAIN]) {
290 __u32 chain_index = rta_getattr_u32(tb[TCA_CHAIN]);
291
292 if (!filter_chain_index_set ||
293 filter_chain_index != chain_index)
294 fprintf(fp, "chain %u ", chain_index);
295 }
296
297 q = get_filter_kind(RTA_DATA(tb[TCA_KIND]));
298 if (tb[TCA_OPTIONS]) {
299 if (q)
300 q->print_fopt(q, fp, tb[TCA_OPTIONS], t->tcm_handle);
301 else
302 fprintf(fp, "[cannot parse parameters]");
303 }
304 fprintf(fp, "\n");
305
306 if (show_stats && (tb[TCA_STATS] || tb[TCA_STATS2])) {
307 print_tcstats_attr(fp, tb, " ", NULL);
308 fprintf(fp, "\n");
309 }
310
311 fflush(fp);
312 return 0;
313 }
314
315 static int tc_filter_get(int cmd, unsigned int flags, int argc, char **argv)
316 {
317 struct {
318 struct nlmsghdr n;
319 struct tcmsg t;
320 char buf[MAX_MSG];
321 } req = {
322 .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
323 /* NLM_F_ECHO is for backward compatibility. old kernels never
324 * respond without it and newer kernels will ignore it.
325 * In old kernels there is a side effect:
326 * In addition to a response to the GET you will receive an
327 * event (if you do tc mon).
328 */
329 .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ECHO | flags,
330 .n.nlmsg_type = cmd,
331 .t.tcm_parent = TC_H_UNSPEC,
332 .t.tcm_family = AF_UNSPEC,
333 };
334 struct filter_util *q = NULL;
335 __u32 prio = 0;
336 __u32 protocol = 0;
337 int protocol_set = 0;
338 __u32 chain_index;
339 int chain_index_set = 0;
340 __u32 parent_handle = 0;
341 char *fhandle = NULL;
342 char d[16] = {};
343 char k[16] = {};
344
345 while (argc > 0) {
346 if (strcmp(*argv, "dev") == 0) {
347 NEXT_ARG();
348 if (d[0])
349 duparg("dev", *argv);
350 strncpy(d, *argv, sizeof(d)-1);
351 } else if (strcmp(*argv, "root") == 0) {
352 if (req.t.tcm_parent) {
353 fprintf(stderr,
354 "Error: \"root\" is duplicate parent ID\n");
355 return -1;
356 }
357 req.t.tcm_parent = TC_H_ROOT;
358 } else if (strcmp(*argv, "ingress") == 0) {
359 if (req.t.tcm_parent) {
360 fprintf(stderr,
361 "Error: \"ingress\" is duplicate parent ID\n");
362 return -1;
363 }
364 req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
365 TC_H_MIN_INGRESS);
366 } else if (strcmp(*argv, "egress") == 0) {
367 if (req.t.tcm_parent) {
368 fprintf(stderr,
369 "Error: \"egress\" is duplicate parent ID\n");
370 return -1;
371 }
372 req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
373 TC_H_MIN_EGRESS);
374 } else if (strcmp(*argv, "parent") == 0) {
375
376 NEXT_ARG();
377 if (req.t.tcm_parent)
378 duparg("parent", *argv);
379 if (get_tc_classid(&parent_handle, *argv))
380 invarg("Invalid parent ID", *argv);
381 req.t.tcm_parent = parent_handle;
382 } else if (strcmp(*argv, "handle") == 0) {
383 NEXT_ARG();
384 if (fhandle)
385 duparg("handle", *argv);
386 fhandle = *argv;
387 } else if (matches(*argv, "preference") == 0 ||
388 matches(*argv, "priority") == 0) {
389 NEXT_ARG();
390 if (prio)
391 duparg("priority", *argv);
392 if (get_u32(&prio, *argv, 0) || prio > 0xFFFF)
393 invarg("invalid priority value", *argv);
394 } else if (matches(*argv, "protocol") == 0) {
395 __u16 id;
396
397 NEXT_ARG();
398 if (protocol_set)
399 duparg("protocol", *argv);
400 if (ll_proto_a2n(&id, *argv))
401 invarg("invalid protocol", *argv);
402 protocol = id;
403 protocol_set = 1;
404 } else if (matches(*argv, "chain") == 0) {
405 NEXT_ARG();
406 if (chain_index_set)
407 duparg("chain", *argv);
408 if (get_u32(&chain_index, *argv, 0))
409 invarg("invalid chain index value", *argv);
410 chain_index_set = 1;
411 } else if (matches(*argv, "help") == 0) {
412 usage();
413 return 0;
414 } else {
415 strncpy(k, *argv, sizeof(k)-1);
416
417 q = get_filter_kind(k);
418 argc--; argv++;
419 break;
420 }
421
422 argc--; argv++;
423 }
424
425 if (!protocol_set) {
426 fprintf(stderr, "Must specify filter protocol\n");
427 return -1;
428 }
429
430 if (!prio) {
431 fprintf(stderr, "Must specify filter priority\n");
432 return -1;
433 }
434
435 req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
436
437 if (chain_index_set)
438 addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
439
440 if (req.t.tcm_parent == TC_H_UNSPEC) {
441 fprintf(stderr, "Must specify filter parent\n");
442 return -1;
443 }
444
445 if (k[0])
446 addattr_l(&req.n, sizeof(req), TCA_KIND, k, strlen(k)+1);
447 else {
448 fprintf(stderr, "Must specify filter type\n");
449 return -1;
450 }
451
452 if (q->parse_fopt(q, fhandle, argc, argv, &req.n))
453 return 1;
454
455
456 if (!fhandle) {
457 fprintf(stderr, "Must specify filter \"handle\"\n");
458 return -1;
459 }
460
461 if (argc) {
462 if (matches(*argv, "help") == 0)
463 usage();
464 fprintf(stderr,
465 "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n",
466 *argv);
467 return -1;
468 }
469
470 if (d[0]) {
471 ll_init_map(&rth);
472
473 req.t.tcm_ifindex = ll_name_to_index(d);
474 if (req.t.tcm_ifindex == 0) {
475 fprintf(stderr, "Cannot find device \"%s\"\n", d);
476 return 1;
477 }
478 filter_ifindex = req.t.tcm_ifindex;
479 } else {
480 fprintf(stderr, "Must specify netdevice \"dev\"\n");
481 return -1;
482 }
483
484 if (rtnl_talk(&rth, &req.n, &req.n, MAX_MSG) < 0) {
485 fprintf(stderr, "We have an error talking to the kernel\n");
486 return 2;
487 }
488
489 print_filter(NULL, &req.n, (void *)stdout);
490
491 return 0;
492 }
493
494 static int tc_filter_list(int argc, char **argv)
495 {
496 struct {
497 struct nlmsghdr n;
498 struct tcmsg t;
499 char buf[MAX_MSG];
500 } req = {
501 .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)),
502 .n.nlmsg_type = RTM_GETTFILTER,
503 .t.tcm_parent = TC_H_UNSPEC,
504 .t.tcm_family = AF_UNSPEC,
505 };
506 char d[16] = {};
507 __u32 prio = 0;
508 __u32 protocol = 0;
509 __u32 chain_index;
510 char *fhandle = NULL;
511
512 while (argc > 0) {
513 if (strcmp(*argv, "dev") == 0) {
514 NEXT_ARG();
515 if (d[0])
516 duparg("dev", *argv);
517 strncpy(d, *argv, sizeof(d)-1);
518 } else if (strcmp(*argv, "root") == 0) {
519 if (req.t.tcm_parent) {
520 fprintf(stderr,
521 "Error: \"root\" is duplicate parent ID\n");
522 return -1;
523 }
524 filter_parent = req.t.tcm_parent = TC_H_ROOT;
525 } else if (strcmp(*argv, "ingress") == 0) {
526 if (req.t.tcm_parent) {
527 fprintf(stderr,
528 "Error: \"ingress\" is duplicate parent ID\n");
529 return -1;
530 }
531 filter_parent = TC_H_MAKE(TC_H_CLSACT,
532 TC_H_MIN_INGRESS);
533 req.t.tcm_parent = filter_parent;
534 } else if (strcmp(*argv, "egress") == 0) {
535 if (req.t.tcm_parent) {
536 fprintf(stderr,
537 "Error: \"egress\" is duplicate parent ID\n");
538 return -1;
539 }
540 filter_parent = TC_H_MAKE(TC_H_CLSACT,
541 TC_H_MIN_EGRESS);
542 req.t.tcm_parent = filter_parent;
543 } else if (strcmp(*argv, "parent") == 0) {
544 __u32 handle;
545
546 NEXT_ARG();
547 if (req.t.tcm_parent)
548 duparg("parent", *argv);
549 if (get_tc_classid(&handle, *argv))
550 invarg("invalid parent ID", *argv);
551 filter_parent = req.t.tcm_parent = handle;
552 } else if (strcmp(*argv, "handle") == 0) {
553 NEXT_ARG();
554 if (fhandle)
555 duparg("handle", *argv);
556 fhandle = *argv;
557 } else if (matches(*argv, "preference") == 0 ||
558 matches(*argv, "priority") == 0) {
559 NEXT_ARG();
560 if (prio)
561 duparg("priority", *argv);
562 if (get_u32(&prio, *argv, 0))
563 invarg("invalid preference", *argv);
564 filter_prio = prio;
565 } else if (matches(*argv, "protocol") == 0) {
566 __u16 res;
567
568 NEXT_ARG();
569 if (protocol)
570 duparg("protocol", *argv);
571 if (ll_proto_a2n(&res, *argv))
572 invarg("invalid protocol", *argv);
573 protocol = res;
574 filter_protocol = protocol;
575 } else if (matches(*argv, "chain") == 0) {
576 NEXT_ARG();
577 if (filter_chain_index_set)
578 duparg("chain", *argv);
579 if (get_u32(&chain_index, *argv, 0))
580 invarg("invalid chain index value", *argv);
581 filter_chain_index_set = 1;
582 filter_chain_index = chain_index;
583 } else if (matches(*argv, "help") == 0) {
584 usage();
585 } else {
586 fprintf(stderr,
587 " What is \"%s\"? Try \"tc filter help\"\n",
588 *argv);
589 return -1;
590 }
591
592 argc--; argv++;
593 }
594
595 req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
596
597 ll_init_map(&rth);
598
599 if (d[0]) {
600 req.t.tcm_ifindex = ll_name_to_index(d);
601 if (req.t.tcm_ifindex == 0) {
602 fprintf(stderr, "Cannot find device \"%s\"\n", d);
603 return 1;
604 }
605 filter_ifindex = req.t.tcm_ifindex;
606 }
607
608 if (filter_chain_index_set)
609 addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index);
610
611 if (rtnl_dump_request_n(&rth, &req.n) < 0) {
612 perror("Cannot send dump request");
613 return 1;
614 }
615
616 if (rtnl_dump_filter(&rth, print_filter, stdout) < 0) {
617 fprintf(stderr, "Dump terminated\n");
618 return 1;
619 }
620
621 return 0;
622 }
623
624 int do_filter(int argc, char **argv)
625 {
626 if (argc < 1)
627 return tc_filter_list(0, NULL);
628 if (matches(*argv, "add") == 0)
629 return tc_filter_modify(RTM_NEWTFILTER, NLM_F_EXCL|NLM_F_CREATE,
630 argc-1, argv+1);
631 if (matches(*argv, "change") == 0)
632 return tc_filter_modify(RTM_NEWTFILTER, 0, argc-1, argv+1);
633 if (matches(*argv, "replace") == 0)
634 return tc_filter_modify(RTM_NEWTFILTER, NLM_F_CREATE, argc-1,
635 argv+1);
636 if (matches(*argv, "delete") == 0)
637 return tc_filter_modify(RTM_DELTFILTER, 0, argc-1, argv+1);
638 if (matches(*argv, "get") == 0)
639 return tc_filter_get(RTM_GETTFILTER, 0, argc-1, argv+1);
640 if (matches(*argv, "list") == 0 || matches(*argv, "show") == 0
641 || matches(*argv, "lst") == 0)
642 return tc_filter_list(argc-1, argv+1);
643 if (matches(*argv, "help") == 0) {
644 usage();
645 return 0;
646 }
647 fprintf(stderr, "Command \"%s\" is unknown, try \"tc filter help\".\n",
648 *argv);
649 return -1;
650 }
Upstream mirror of iproute2