]> git.proxmox.com Git - mirror_iproute2.git/blob - tc/tc_filter.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tc: filter: validate filter priority in userspace.
[mirror_iproute2.git] / tc / tc_filter.c
1 /*
2 * tc_filter.c "tc filter".
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10 *
11 */
12
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <unistd.h>
16 #include <syslog.h>
17 #include <fcntl.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
21 #include <string.h>
22 #include <linux/if_ether.h>
23
24 #include "rt_names.h"
25 #include "utils.h"
26 #include "tc_util.h"
27 #include "tc_common.h"
28
29 static void usage(void);
30
31 static void usage(void)
32 {
33 fprintf(stderr, "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n");
34 fprintf(stderr, " [ pref PRIO ] protocol PROTO\n");
35 fprintf(stderr, " [ estimator INTERVAL TIME_CONSTANT ]\n");
36 fprintf(stderr, " [ root | classid CLASSID ] [ handle FILTERID ]\n");
37 fprintf(stderr, " [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n");
38 fprintf(stderr, "\n");
39 fprintf(stderr, " tc filter show [ dev STRING ] [ root | parent CLASSID ]\n");
40 fprintf(stderr, "Where:\n");
41 fprintf(stderr, "FILTER_TYPE := { rsvp | u32 | fw | route | etc. }\n");
42 fprintf(stderr, "FILTERID := ... format depends on classifier, see there\n");
43 fprintf(stderr, "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n");
44 return;
45 }
46
47
48 int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv)
49 {
50 struct {
51 struct nlmsghdr n;
52 struct tcmsg t;
53 char buf[MAX_MSG];
54 } req;
55 struct filter_util *q = NULL;
56 __u32 prio = 0;
57 __u32 protocol = 0;
58 int protocol_set = 0;
59 char *fhandle = NULL;
60 char d[16];
61 char k[16];
62 struct tc_estimator est;
63
64 memset(&req, 0, sizeof(req));
65 memset(&est, 0, sizeof(est));
66 memset(d, 0, sizeof(d));
67 memset(k, 0, sizeof(k));
68 memset(&req, 0, sizeof(req));
69
70 req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
71 req.n.nlmsg_flags = NLM_F_REQUEST|flags;
72 req.n.nlmsg_type = cmd;
73 req.t.tcm_family = AF_UNSPEC;
74
75 if (cmd == RTM_NEWTFILTER && flags & NLM_F_CREATE)
76 protocol = htons(ETH_P_ALL);
77
78 while (argc > 0) {
79 if (strcmp(*argv, "dev") == 0) {
80 NEXT_ARG();
81 if (d[0])
82 duparg("dev", *argv);
83 strncpy(d, *argv, sizeof(d)-1);
84 } else if (strcmp(*argv, "root") == 0) {
85 if (req.t.tcm_parent) {
86 fprintf(stderr, "Error: \"root\" is duplicate parent ID\n");
87 return -1;
88 }
89 req.t.tcm_parent = TC_H_ROOT;
90 } else if (strcmp(*argv, "parent") == 0) {
91 __u32 handle;
92 NEXT_ARG();
93 if (req.t.tcm_parent)
94 duparg("parent", *argv);
95 if (get_tc_classid(&handle, *argv))
96 invarg(*argv, "Invalid parent ID");
97 req.t.tcm_parent = handle;
98 } else if (strcmp(*argv, "handle") == 0) {
99 NEXT_ARG();
100 if (fhandle)
101 duparg("handle", *argv);
102 fhandle = *argv;
103 } else if (matches(*argv, "preference") == 0 ||
104 matches(*argv, "priority") == 0) {
105 NEXT_ARG();
106 if (prio)
107 duparg("priority", *argv);
108 if (get_u32(&prio, *argv, 0) || prio > 0xFFFF)
109 invarg(*argv, "invalid priority value");
110 } else if (matches(*argv, "protocol") == 0) {
111 __u16 id;
112 NEXT_ARG();
113 if (protocol_set)
114 duparg("protocol", *argv);
115 if (ll_proto_a2n(&id, *argv))
116 invarg(*argv, "invalid protocol");
117 protocol = id;
118 protocol_set = 1;
119 } else if (matches(*argv, "estimator") == 0) {
120 if (parse_estimator(&argc, &argv, &est) < 0)
121 return -1;
122 } else if (matches(*argv, "help") == 0) {
123 usage();
124 return 0;
125 } else {
126 strncpy(k, *argv, sizeof(k)-1);
127
128 q = get_filter_kind(k);
129 argc--; argv++;
130 break;
131 }
132
133 argc--; argv++;
134 }
135
136 req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
137
138 if (k[0])
139 addattr_l(&req.n, sizeof(req), TCA_KIND, k, strlen(k)+1);
140
141 if (q) {
142 if (q->parse_fopt(q, fhandle, argc, argv, &req.n))
143 return 1;
144 } else {
145 if (fhandle) {
146 fprintf(stderr, "Must specify filter type when using "
147 "\"handle\"\n");
148 return -1;
149 }
150 if (argc) {
151 if (matches(*argv, "help") == 0)
152 usage();
153 fprintf(stderr, "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n", *argv);
154 return -1;
155 }
156 }
157 if (est.ewma_log)
158 addattr_l(&req.n, sizeof(req), TCA_RATE, &est, sizeof(est));
159
160
161 if (d[0]) {
162 ll_init_map(&rth);
163
164 if ((req.t.tcm_ifindex = ll_name_to_index(d)) == 0) {
165 fprintf(stderr, "Cannot find device \"%s\"\n", d);
166 return 1;
167 }
168 }
169
170 if (rtnl_talk(&rth, &req.n, 0, 0, NULL) < 0) {
171 fprintf(stderr, "We have an error talking to the kernel\n");
172 return 2;
173 }
174
175 return 0;
176 }
177
178 static __u32 filter_parent;
179 static int filter_ifindex;
180 static __u32 filter_prio;
181 static __u32 filter_protocol;
182 __u16 f_proto = 0;
183
184 int print_filter(const struct sockaddr_nl *who,
185 struct nlmsghdr *n,
186 void *arg)
187 {
188 FILE *fp = (FILE*)arg;
189 struct tcmsg *t = NLMSG_DATA(n);
190 int len = n->nlmsg_len;
191 struct rtattr * tb[TCA_MAX+1];
192 struct filter_util *q;
193 char abuf[256];
194
195 if (n->nlmsg_type != RTM_NEWTFILTER && n->nlmsg_type != RTM_DELTFILTER) {
196 fprintf(stderr, "Not a filter\n");
197 return 0;
198 }
199 len -= NLMSG_LENGTH(sizeof(*t));
200 if (len < 0) {
201 fprintf(stderr, "Wrong len %d\n", len);
202 return -1;
203 }
204
205 memset(tb, 0, sizeof(tb));
206 parse_rtattr(tb, TCA_MAX, TCA_RTA(t), len);
207
208 if (tb[TCA_KIND] == NULL) {
209 fprintf(stderr, "print_filter: NULL kind\n");
210 return -1;
211 }
212
213 if (n->nlmsg_type == RTM_DELTFILTER)
214 fprintf(fp, "deleted ");
215
216 fprintf(fp, "filter ");
217 if (!filter_ifindex || filter_ifindex != t->tcm_ifindex)
218 fprintf(fp, "dev %s ", ll_index_to_name(t->tcm_ifindex));
219
220 if (!filter_parent || filter_parent != t->tcm_parent) {
221 if (t->tcm_parent == TC_H_ROOT)
222 fprintf(fp, "root ");
223 else {
224 print_tc_classid(abuf, sizeof(abuf), t->tcm_parent);
225 fprintf(fp, "parent %s ", abuf);
226 }
227 }
228 if (t->tcm_info) {
229 f_proto = TC_H_MIN(t->tcm_info);
230 __u32 prio = TC_H_MAJ(t->tcm_info)>>16;
231 if (!filter_protocol || filter_protocol != f_proto) {
232 if (f_proto) {
233 SPRINT_BUF(b1);
234 fprintf(fp, "protocol %s ",
235 ll_proto_n2a(f_proto, b1, sizeof(b1)));
236 }
237 }
238 if (!filter_prio || filter_prio != prio) {
239 if (prio)
240 fprintf(fp, "pref %u ", prio);
241 }
242 }
243 fprintf(fp, "%s ", rta_getattr_str(tb[TCA_KIND]));
244 q = get_filter_kind(RTA_DATA(tb[TCA_KIND]));
245 if (tb[TCA_OPTIONS]) {
246 if (q)
247 q->print_fopt(q, fp, tb[TCA_OPTIONS], t->tcm_handle);
248 else
249 fprintf(fp, "[cannot parse parameters]");
250 }
251 fprintf(fp, "\n");
252
253 if (show_stats && (tb[TCA_STATS] || tb[TCA_STATS2])) {
254 print_tcstats_attr(fp, tb, " ", NULL);
255 fprintf(fp, "\n");
256 }
257
258 fflush(fp);
259 return 0;
260 }
261
262
263 int tc_filter_list(int argc, char **argv)
264 {
265 struct tcmsg t;
266 char d[16];
267 __u32 prio = 0;
268 __u32 protocol = 0;
269 char *fhandle = NULL;
270
271 memset(&t, 0, sizeof(t));
272 t.tcm_family = AF_UNSPEC;
273 memset(d, 0, sizeof(d));
274
275 while (argc > 0) {
276 if (strcmp(*argv, "dev") == 0) {
277 NEXT_ARG();
278 if (d[0])
279 duparg("dev", *argv);
280 strncpy(d, *argv, sizeof(d)-1);
281 } else if (strcmp(*argv, "root") == 0) {
282 if (t.tcm_parent) {
283 fprintf(stderr, "Error: \"root\" is duplicate parent ID\n");
284 return -1;
285 }
286 filter_parent = t.tcm_parent = TC_H_ROOT;
287 } else if (strcmp(*argv, "parent") == 0) {
288 __u32 handle;
289 NEXT_ARG();
290 if (t.tcm_parent)
291 duparg("parent", *argv);
292 if (get_tc_classid(&handle, *argv))
293 invarg(*argv, "invalid parent ID");
294 filter_parent = t.tcm_parent = handle;
295 } else if (strcmp(*argv, "handle") == 0) {
296 NEXT_ARG();
297 if (fhandle)
298 duparg("handle", *argv);
299 fhandle = *argv;
300 } else if (matches(*argv, "preference") == 0 ||
301 matches(*argv, "priority") == 0) {
302 NEXT_ARG();
303 if (prio)
304 duparg("priority", *argv);
305 if (get_u32(&prio, *argv, 0))
306 invarg(*argv, "invalid preference");
307 filter_prio = prio;
308 } else if (matches(*argv, "protocol") == 0) {
309 __u16 res;
310 NEXT_ARG();
311 if (protocol)
312 duparg("protocol", *argv);
313 if (ll_proto_a2n(&res, *argv))
314 invarg(*argv, "invalid protocol");
315 protocol = res;
316 filter_protocol = protocol;
317 } else if (matches(*argv, "help") == 0) {
318 usage();
319 } else {
320 fprintf(stderr, " What is \"%s\"? Try \"tc filter help\"\n", *argv);
321 return -1;
322 }
323
324 argc--; argv++;
325 }
326
327 t.tcm_info = TC_H_MAKE(prio<<16, protocol);
328
329 ll_init_map(&rth);
330
331 if (d[0]) {
332 if ((t.tcm_ifindex = ll_name_to_index(d)) == 0) {
333 fprintf(stderr, "Cannot find device \"%s\"\n", d);
334 return 1;
335 }
336 filter_ifindex = t.tcm_ifindex;
337 }
338
339 if (rtnl_dump_request(&rth, RTM_GETTFILTER, &t, sizeof(t)) < 0) {
340 perror("Cannot send dump request");
341 return 1;
342 }
343
344 if (rtnl_dump_filter(&rth, print_filter, stdout) < 0) {
345 fprintf(stderr, "Dump terminated\n");
346 return 1;
347 }
348
349 return 0;
350 }
351
352 int do_filter(int argc, char **argv)
353 {
354 if (argc < 1)
355 return tc_filter_list(0, NULL);
356 if (matches(*argv, "add") == 0)
357 return tc_filter_modify(RTM_NEWTFILTER, NLM_F_EXCL|NLM_F_CREATE, argc-1, argv+1);
358 if (matches(*argv, "change") == 0)
359 return tc_filter_modify(RTM_NEWTFILTER, 0, argc-1, argv+1);
360 if (matches(*argv, "replace") == 0)
361 return tc_filter_modify(RTM_NEWTFILTER, NLM_F_CREATE, argc-1, argv+1);
362 if (matches(*argv, "delete") == 0)
363 return tc_filter_modify(RTM_DELTFILTER, 0, argc-1, argv+1);
364 #if 0
365 if (matches(*argv, "get") == 0)
366 return tc_filter_get(RTM_GETTFILTER, 0, argc-1, argv+1);
367 #endif
368 if (matches(*argv, "list") == 0 || matches(*argv, "show") == 0
369 || matches(*argv, "lst") == 0)
370 return tc_filter_list(argc-1, argv+1);
371 if (matches(*argv, "help") == 0) {
372 usage();
373 return 0;
374 }
375 fprintf(stderr, "Command \"%s\" is unknown, try \"tc filter help\".\n", *argv);
376 return -1;
377 }
378
Upstream mirror of iproute2