]>
git.proxmox.com Git - mirror_iproute2.git/blob - tc/tc_filter.c
2 * tc_filter.c "tc filter".
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
17 #include <sys/socket.h>
18 #include <netinet/in.h>
19 #include <arpa/inet.h>
21 #include <linux/if_ether.h>
26 #include "tc_common.h"
28 static void usage(void)
31 "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n"
32 "Usage: tc filter get dev STRING parent CLASSID protocol PROTO handle FILTERID pref PRIO FILTER_TYPE\n"
33 " [ pref PRIO ] protocol PROTO [ chain CHAIN_INDEX ]\n"
34 " [ estimator INTERVAL TIME_CONSTANT ]\n"
35 " [ root | ingress | egress | parent CLASSID ]\n"
36 " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"
38 " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n"
40 "FILTER_TYPE := { rsvp | u32 | bpf | fw | route | etc. }\n"
41 "FILTERID := ... format depends on classifier, see there\n"
42 "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n");
45 struct tc_filter_req
{
51 static int tc_filter_modify(int cmd
, unsigned int flags
, int argc
, char **argv
,
52 void *buf
, size_t buflen
)
54 struct tc_filter_req
*req
, filter_req
;
55 struct filter_util
*q
= NULL
;
56 struct tc_estimator est
= {};
57 char k
[FILTER_NAMESZ
] = {};
58 int chain_index_set
= 0;
59 char d
[IFNAMSIZ
] = {};
70 if (buflen
< sizeof (struct tc_filter_req
)) {
71 fprintf(stderr
, "buffer is too small: %zu\n", buflen
);
75 memset(&filter_req
, 0, sizeof (struct tc_filter_req
));
79 req
->n
.nlmsg_len
= NLMSG_LENGTH(sizeof(struct tcmsg
));
80 req
->n
.nlmsg_flags
= NLM_F_REQUEST
| flags
;
81 req
->n
.nlmsg_type
= cmd
;
82 req
->t
.tcm_family
= AF_UNSPEC
;
84 if (cmd
== RTM_NEWTFILTER
&& flags
& NLM_F_CREATE
)
85 protocol
= htons(ETH_P_ALL
);
88 if (strcmp(*argv
, "dev") == 0) {
92 strncpy(d
, *argv
, sizeof(d
)-1);
93 } else if (strcmp(*argv
, "root") == 0) {
94 if (req
->t
.tcm_parent
) {
96 "Error: \"root\" is duplicate parent ID\n");
99 req
->t
.tcm_parent
= TC_H_ROOT
;
100 } else if (strcmp(*argv
, "ingress") == 0) {
101 if (req
->t
.tcm_parent
) {
103 "Error: \"ingress\" is duplicate parent ID\n");
106 req
->t
.tcm_parent
= TC_H_MAKE(TC_H_CLSACT
,
108 } else if (strcmp(*argv
, "egress") == 0) {
109 if (req
->t
.tcm_parent
) {
111 "Error: \"egress\" is duplicate parent ID\n");
114 req
->t
.tcm_parent
= TC_H_MAKE(TC_H_CLSACT
,
116 } else if (strcmp(*argv
, "parent") == 0) {
120 if (req
->t
.tcm_parent
)
121 duparg("parent", *argv
);
122 if (get_tc_classid(&handle
, *argv
))
123 invarg("Invalid parent ID", *argv
);
124 req
->t
.tcm_parent
= handle
;
125 } else if (strcmp(*argv
, "handle") == 0) {
128 duparg("handle", *argv
);
130 } else if (matches(*argv
, "preference") == 0 ||
131 matches(*argv
, "priority") == 0) {
134 duparg("priority", *argv
);
135 if (get_u32(&prio
, *argv
, 0) || prio
> 0xFFFF)
136 invarg("invalid priority value", *argv
);
137 } else if (matches(*argv
, "protocol") == 0) {
142 duparg("protocol", *argv
);
143 if (ll_proto_a2n(&id
, *argv
))
144 invarg("invalid protocol", *argv
);
147 } else if (matches(*argv
, "chain") == 0) {
150 duparg("chain", *argv
);
151 if (get_u32(&chain_index
, *argv
, 0))
152 invarg("invalid chain index value", *argv
);
154 } else if (matches(*argv
, "estimator") == 0) {
155 if (parse_estimator(&argc
, &argv
, &est
) < 0)
157 } else if (matches(*argv
, "help") == 0) {
161 strncpy(k
, *argv
, sizeof(k
)-1);
163 q
= get_filter_kind(k
);
171 req
->t
.tcm_info
= TC_H_MAKE(prio
<<16, protocol
);
174 addattr32(&req
->n
, sizeof(*req
), TCA_CHAIN
, chain_index
);
177 addattr_l(&req
->n
, sizeof(*req
), TCA_KIND
, k
, strlen(k
)+1);
182 req
->t
.tcm_ifindex
= ll_name_to_index(d
);
183 if (req
->t
.tcm_ifindex
== 0) {
184 fprintf(stderr
, "Cannot find device \"%s\"\n", d
);
190 if (q
->parse_fopt(q
, fhandle
, argc
, argv
, &req
->n
))
195 "Must specify filter type when using \"handle\"\n");
199 if (matches(*argv
, "help") == 0)
202 "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n",
209 addattr_l(&req
->n
, sizeof(*req
), TCA_RATE
, &est
, sizeof(est
));
214 iov
.iov_base
= &req
->n
;
215 iov
.iov_len
= req
->n
.nlmsg_len
;
216 ret
= rtnl_talk_iov(&rth
, &iov
, 1, NULL
);
218 fprintf(stderr
, "We have an error talking to the kernel, %d\n", ret
);
225 static __u32 filter_parent
;
226 static int filter_ifindex
;
227 static __u32 filter_prio
;
228 static __u32 filter_protocol
;
229 static __u32 filter_chain_index
;
230 static int filter_chain_index_set
;
233 int print_filter(const struct sockaddr_nl
*who
, struct nlmsghdr
*n
, void *arg
)
235 FILE *fp
= (FILE *)arg
;
236 struct tcmsg
*t
= NLMSG_DATA(n
);
237 int len
= n
->nlmsg_len
;
238 struct rtattr
*tb
[TCA_MAX
+1];
239 struct filter_util
*q
;
242 if (n
->nlmsg_type
!= RTM_NEWTFILTER
&&
243 n
->nlmsg_type
!= RTM_GETTFILTER
&&
244 n
->nlmsg_type
!= RTM_DELTFILTER
) {
245 fprintf(stderr
, "Not a filter(cmd %d)\n", n
->nlmsg_type
);
248 len
-= NLMSG_LENGTH(sizeof(*t
));
250 fprintf(stderr
, "Wrong len %d\n", len
);
254 parse_rtattr(tb
, TCA_MAX
, TCA_RTA(t
), len
);
256 if (tb
[TCA_KIND
] == NULL
) {
257 fprintf(stderr
, "print_filter: NULL kind\n");
261 open_json_object(NULL
);
263 if (n
->nlmsg_type
== RTM_DELTFILTER
)
264 print_bool(PRINT_ANY
, "deleted", "deleted ", true);
266 if (n
->nlmsg_type
== RTM_NEWTFILTER
&&
267 (n
->nlmsg_flags
& NLM_F_CREATE
) &&
268 !(n
->nlmsg_flags
& NLM_F_EXCL
))
269 print_bool(PRINT_ANY
, "replaced", "replaced ", true);
271 if (n
->nlmsg_type
== RTM_NEWTFILTER
&&
272 (n
->nlmsg_flags
& NLM_F_CREATE
) &&
273 (n
->nlmsg_flags
& NLM_F_EXCL
))
274 print_bool(PRINT_ANY
, "added", "added ", true);
276 print_string(PRINT_FP
, NULL
, "filter ", NULL
);
277 if (!filter_ifindex
|| filter_ifindex
!= t
->tcm_ifindex
)
278 print_string(PRINT_ANY
, "dev", "dev %s ",
279 ll_index_to_name(t
->tcm_ifindex
));
281 if (!filter_parent
|| filter_parent
!= t
->tcm_parent
) {
282 if (t
->tcm_parent
== TC_H_ROOT
)
283 print_bool(PRINT_ANY
, "root", "root ", true);
284 else if (t
->tcm_parent
== TC_H_MAKE(TC_H_CLSACT
, TC_H_MIN_INGRESS
))
285 print_bool(PRINT_ANY
, "ingress", "ingress ", true);
286 else if (t
->tcm_parent
== TC_H_MAKE(TC_H_CLSACT
, TC_H_MIN_EGRESS
))
287 print_bool(PRINT_ANY
, "egress", "egress ", true);
289 print_tc_classid(abuf
, sizeof(abuf
), t
->tcm_parent
);
290 print_string(PRINT_ANY
, "parent", "parent %s ", abuf
);
295 f_proto
= TC_H_MIN(t
->tcm_info
);
296 __u32 prio
= TC_H_MAJ(t
->tcm_info
)>>16;
298 if (!filter_protocol
|| filter_protocol
!= f_proto
) {
301 print_string(PRINT_ANY
, "protocol",
303 ll_proto_n2a(f_proto
, b1
, sizeof(b1
)));
306 if (!filter_prio
|| filter_prio
!= prio
) {
308 print_uint(PRINT_ANY
, "pref", "pref %u ", prio
);
311 print_string(PRINT_ANY
, "kind", "%s ", rta_getattr_str(tb
[TCA_KIND
]));
314 __u32 chain_index
= rta_getattr_u32(tb
[TCA_CHAIN
]);
316 if (!filter_chain_index_set
||
317 filter_chain_index
!= chain_index
)
318 print_uint(PRINT_ANY
, "chain", "chain %u ",
322 q
= get_filter_kind(RTA_DATA(tb
[TCA_KIND
]));
323 if (tb
[TCA_OPTIONS
]) {
324 open_json_object("options");
326 q
->print_fopt(q
, fp
, tb
[TCA_OPTIONS
], t
->tcm_handle
);
328 print_string(PRINT_FP
, NULL
,
329 "[cannot parse parameters]", NULL
);
332 print_string(PRINT_FP
, NULL
, "\n", NULL
);
334 if (show_stats
&& (tb
[TCA_STATS
] || tb
[TCA_STATS2
])) {
335 print_tcstats_attr(fp
, tb
, " ", NULL
);
336 print_string(PRINT_FP
, NULL
, "\n", NULL
);
344 static int tc_filter_get(int cmd
, unsigned int flags
, int argc
, char **argv
)
351 .n
.nlmsg_len
= NLMSG_LENGTH(sizeof(struct tcmsg
)),
352 /* NLM_F_ECHO is for backward compatibility. old kernels never
353 * respond without it and newer kernels will ignore it.
354 * In old kernels there is a side effect:
355 * In addition to a response to the GET you will receive an
356 * event (if you do tc mon).
358 .n
.nlmsg_flags
= NLM_F_REQUEST
| NLM_F_ECHO
| flags
,
360 .t
.tcm_parent
= TC_H_UNSPEC
,
361 .t
.tcm_family
= AF_UNSPEC
,
363 struct nlmsghdr
*answer
;
364 struct filter_util
*q
= NULL
;
367 int protocol_set
= 0;
369 int chain_index_set
= 0;
370 __u32 parent_handle
= 0;
371 char *fhandle
= NULL
;
372 char d
[IFNAMSIZ
] = {};
373 char k
[FILTER_NAMESZ
] = {};
376 if (strcmp(*argv
, "dev") == 0) {
379 duparg("dev", *argv
);
380 strncpy(d
, *argv
, sizeof(d
)-1);
381 } else if (strcmp(*argv
, "root") == 0) {
382 if (req
.t
.tcm_parent
) {
384 "Error: \"root\" is duplicate parent ID\n");
387 req
.t
.tcm_parent
= TC_H_ROOT
;
388 } else if (strcmp(*argv
, "ingress") == 0) {
389 if (req
.t
.tcm_parent
) {
391 "Error: \"ingress\" is duplicate parent ID\n");
394 req
.t
.tcm_parent
= TC_H_MAKE(TC_H_CLSACT
,
396 } else if (strcmp(*argv
, "egress") == 0) {
397 if (req
.t
.tcm_parent
) {
399 "Error: \"egress\" is duplicate parent ID\n");
402 req
.t
.tcm_parent
= TC_H_MAKE(TC_H_CLSACT
,
404 } else if (strcmp(*argv
, "parent") == 0) {
407 if (req
.t
.tcm_parent
)
408 duparg("parent", *argv
);
409 if (get_tc_classid(&parent_handle
, *argv
))
410 invarg("Invalid parent ID", *argv
);
411 req
.t
.tcm_parent
= parent_handle
;
412 } else if (strcmp(*argv
, "handle") == 0) {
415 duparg("handle", *argv
);
417 } else if (matches(*argv
, "preference") == 0 ||
418 matches(*argv
, "priority") == 0) {
421 duparg("priority", *argv
);
422 if (get_u32(&prio
, *argv
, 0) || prio
> 0xFFFF)
423 invarg("invalid priority value", *argv
);
424 } else if (matches(*argv
, "protocol") == 0) {
429 duparg("protocol", *argv
);
430 if (ll_proto_a2n(&id
, *argv
))
431 invarg("invalid protocol", *argv
);
434 } else if (matches(*argv
, "chain") == 0) {
437 duparg("chain", *argv
);
438 if (get_u32(&chain_index
, *argv
, 0))
439 invarg("invalid chain index value", *argv
);
441 } else if (matches(*argv
, "help") == 0) {
446 invarg("invalid filter name", *argv
);
448 strncpy(k
, *argv
, sizeof(k
)-1);
450 q
= get_filter_kind(k
);
459 fprintf(stderr
, "Must specify filter protocol\n");
464 fprintf(stderr
, "Must specify filter priority\n");
468 req
.t
.tcm_info
= TC_H_MAKE(prio
<<16, protocol
);
471 addattr32(&req
.n
, sizeof(req
), TCA_CHAIN
, chain_index
);
473 if (req
.t
.tcm_parent
== TC_H_UNSPEC
) {
474 fprintf(stderr
, "Must specify filter parent\n");
479 addattr_l(&req
.n
, sizeof(req
), TCA_KIND
, k
, strlen(k
)+1);
481 fprintf(stderr
, "Must specify filter type\n");
488 req
.t
.tcm_ifindex
= ll_name_to_index(d
);
489 if (req
.t
.tcm_ifindex
== 0) {
490 fprintf(stderr
, "Cannot find device \"%s\"\n", d
);
493 filter_ifindex
= req
.t
.tcm_ifindex
;
495 fprintf(stderr
, "Must specify netdevice \"dev\"\n");
499 if (q
->parse_fopt(q
, fhandle
, argc
, argv
, &req
.n
))
503 fprintf(stderr
, "Must specify filter \"handle\"\n");
508 if (matches(*argv
, "help") == 0)
511 "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n",
516 if (rtnl_talk(&rth
, &req
.n
, &answer
) < 0) {
517 fprintf(stderr
, "We have an error talking to the kernel\n");
522 print_filter(NULL
, answer
, (void *)stdout
);
529 static int tc_filter_list(int argc
, char **argv
)
536 .n
.nlmsg_len
= NLMSG_LENGTH(sizeof(struct tcmsg
)),
537 .n
.nlmsg_type
= RTM_GETTFILTER
,
538 .t
.tcm_parent
= TC_H_UNSPEC
,
539 .t
.tcm_family
= AF_UNSPEC
,
541 char d
[IFNAMSIZ
] = {};
545 char *fhandle
= NULL
;
548 if (strcmp(*argv
, "dev") == 0) {
551 duparg("dev", *argv
);
552 strncpy(d
, *argv
, sizeof(d
)-1);
553 } else if (strcmp(*argv
, "root") == 0) {
554 if (req
.t
.tcm_parent
) {
556 "Error: \"root\" is duplicate parent ID\n");
559 filter_parent
= req
.t
.tcm_parent
= TC_H_ROOT
;
560 } else if (strcmp(*argv
, "ingress") == 0) {
561 if (req
.t
.tcm_parent
) {
563 "Error: \"ingress\" is duplicate parent ID\n");
566 filter_parent
= TC_H_MAKE(TC_H_CLSACT
,
568 req
.t
.tcm_parent
= filter_parent
;
569 } else if (strcmp(*argv
, "egress") == 0) {
570 if (req
.t
.tcm_parent
) {
572 "Error: \"egress\" is duplicate parent ID\n");
575 filter_parent
= TC_H_MAKE(TC_H_CLSACT
,
577 req
.t
.tcm_parent
= filter_parent
;
578 } else if (strcmp(*argv
, "parent") == 0) {
582 if (req
.t
.tcm_parent
)
583 duparg("parent", *argv
);
584 if (get_tc_classid(&handle
, *argv
))
585 invarg("invalid parent ID", *argv
);
586 filter_parent
= req
.t
.tcm_parent
= handle
;
587 } else if (strcmp(*argv
, "handle") == 0) {
590 duparg("handle", *argv
);
592 } else if (matches(*argv
, "preference") == 0 ||
593 matches(*argv
, "priority") == 0) {
596 duparg("priority", *argv
);
597 if (get_u32(&prio
, *argv
, 0))
598 invarg("invalid preference", *argv
);
600 } else if (matches(*argv
, "protocol") == 0) {
605 duparg("protocol", *argv
);
606 if (ll_proto_a2n(&res
, *argv
))
607 invarg("invalid protocol", *argv
);
609 filter_protocol
= protocol
;
610 } else if (matches(*argv
, "chain") == 0) {
612 if (filter_chain_index_set
)
613 duparg("chain", *argv
);
614 if (get_u32(&chain_index
, *argv
, 0))
615 invarg("invalid chain index value", *argv
);
616 filter_chain_index_set
= 1;
617 filter_chain_index
= chain_index
;
618 } else if (matches(*argv
, "help") == 0) {
622 " What is \"%s\"? Try \"tc filter help\"\n",
630 req
.t
.tcm_info
= TC_H_MAKE(prio
<<16, protocol
);
635 req
.t
.tcm_ifindex
= ll_name_to_index(d
);
636 if (req
.t
.tcm_ifindex
== 0) {
637 fprintf(stderr
, "Cannot find device \"%s\"\n", d
);
640 filter_ifindex
= req
.t
.tcm_ifindex
;
643 if (filter_chain_index_set
)
644 addattr32(&req
.n
, sizeof(req
), TCA_CHAIN
, chain_index
);
646 if (rtnl_dump_request_n(&rth
, &req
.n
) < 0) {
647 perror("Cannot send dump request");
652 if (rtnl_dump_filter(&rth
, print_filter
, stdout
) < 0) {
653 fprintf(stderr
, "Dump terminated\n");
661 int do_filter(int argc
, char **argv
, void *buf
, size_t buflen
)
664 return tc_filter_list(0, NULL
);
665 if (matches(*argv
, "add") == 0)
666 return tc_filter_modify(RTM_NEWTFILTER
, NLM_F_EXCL
|NLM_F_CREATE
,
667 argc
-1, argv
+1, buf
, buflen
);
668 if (matches(*argv
, "change") == 0)
669 return tc_filter_modify(RTM_NEWTFILTER
, 0, argc
-1, argv
+1,
671 if (matches(*argv
, "replace") == 0)
672 return tc_filter_modify(RTM_NEWTFILTER
, NLM_F_CREATE
, argc
-1,
673 argv
+1, buf
, buflen
);
674 if (matches(*argv
, "delete") == 0)
675 return tc_filter_modify(RTM_DELTFILTER
, 0, argc
-1, argv
+1,
677 if (matches(*argv
, "get") == 0)
678 return tc_filter_get(RTM_GETTFILTER
, 0, argc
-1, argv
+1);
679 if (matches(*argv
, "list") == 0 || matches(*argv
, "show") == 0
680 || matches(*argv
, "lst") == 0)
681 return tc_filter_list(argc
-1, argv
+1);
682 if (matches(*argv
, "help") == 0) {
686 fprintf(stderr
, "Command \"%s\" is unknown, try \"tc filter help\".\n",