]> git.proxmox.com Git - mirror_iproute2.git/blame - ip/iprule.c
projects / mirror_iproute2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update kernel headers
[mirror_iproute2.git] / ip / iprule.c
CommitLineData
aba5acdf
SH		 1/*
2 * iprule.c "ip rule".
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10 *
aba5acdf
SH		 11 */
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <unistd.h>
aba5acdf
SH		 16#include <fcntl.h>
17#include <sys/socket.h>
18#include <netinet/in.h>
19#include <netinet/ip.h>
20#include <arpa/inet.h>
21#include <string.h>
ca89c521 22#include <linux/if.h>
3123a0cc 23#include <linux/fib_rules.h>
2f4e171f 24#include <errno.h>
aba5acdf
SH		 25
26#include "rt_names.h"
27#include "utils.h"
34e95647 28#include "ip_common.h"
0dd4ccc5 29#include "json_print.h"
aba5acdf 30
cb294a1d
HL		 31enum list_action {
32 IPRULE_LIST,
33 IPRULE_FLUSH,
34 IPRULE_SAVE,
35};
36
351efcde
SH		 37extern struct rtnl_handle rth;
38
aba5acdf
SH		 39static void usage(void) __attribute__((noreturn));
40
41static void usage(void)
42{
e147161b
SH		 43 fprintf(stderr,
44 "Usage: ip rule { add | del } SELECTOR ACTION\n"
45 " ip rule { flush | save | restore }\n"
46 " ip rule [ list [ SELECTOR ]]\n"
47 "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n"
48 " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n"
82252cdc 49 " [ uidrange NUMBER-NUMBER ]\n"
f686f764
RP		 50 " [ ipproto PROTOCOL ]\n"
51 " [ sport [ NUMBER | NUMBER-NUMBER ]\n"
52 " [ dport [ NUMBER | NUMBER-NUMBER ] ]\n"
e147161b 53 "ACTION := [ table TABLE_ID ]\n"
7c083da7 54 " [ protocol PROTO ]\n"
e147161b
SH		 55 " [ nat ADDRESS ]\n"
56 " [ realms [SRCREALM/]DSTREALM ]\n"
57 " [ goto NUMBER ]\n"
58 " SUPPRESSOR\n"
59 "SUPPRESSOR := [ suppress_prefixlength NUMBER ]\n"
60 " [ suppress_ifgroup DEVGROUP ]\n"
61 "TABLE_ID := [ local | main | default | NUMBER ]\n");
aba5acdf
SH		 62 exit(-1);
63}
64
ca89c521
HL		 65static struct
66{
67 int not;
68 int l3mdev;
82252cdc 69 int iifmask, oifmask, uidrange;
ca89c521
HL		 70 unsigned int tb;
71 unsigned int tos, tosmask;
72 unsigned int pref, prefmask;
73 unsigned int fwmark, fwmask;
cb65a9cb 74 uint64_t tun_id;
ca89c521
HL		 75 char iif[IFNAMSIZ];
76 char oif[IFNAMSIZ];
82252cdc 77 struct fib_rule_uid_range range;
ca89c521
HL		 78 inet_prefix src;
79 inet_prefix dst;
7c083da7
DS		 80 int protocol;
81 int protocolmask;
b2e8bf15
DA		 82 struct fib_rule_port_range sport;
83 struct fib_rule_port_range dport;
84 __u8 ipproto;
ca89c521
HL		 85} filter;
86
5baaf07c
DS		 87static inline int frh_get_table(struct fib_rule_hdr *frh, struct rtattr **tb)
88{
89 __u32 table = frh->table;
90 if (tb[RTA_TABLE])
91 table = rta_getattr_u32(tb[RTA_TABLE]);
92 return table;
93}
94
ca89c521
HL		 95static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
96{
5baaf07c 97 struct fib_rule_hdr *frh = NLMSG_DATA(n);
ca89c521
HL		 98 __u32 table;
99
5baaf07c 100 if (preferred_family != AF_UNSPEC && frh->family != preferred_family)
ca89c521
HL		 101 return false;
102
103 if (filter.prefmask &&
104 filter.pref ^ (tb[FRA_PRIORITY] ? rta_getattr_u32(tb[FRA_PRIORITY]) : 0))
105 return false;
5baaf07c 106 if (filter.not && !(frh->flags & FIB_RULE_INVERT))
ca89c521
HL		 107 return false;
108
109 if (filter.src.family) {
746035b4
SP		 110 inet_prefix *f_src = &filter.src;
111
5baaf07c
DS		 112 if (f_src->family != frh->family ||
113 f_src->bitlen > frh->src_len)
746035b4
SP		 114 return false;
115
116 if (inet_addr_match_rta(f_src, tb[FRA_SRC]))
ca89c521
HL		 117 return false;
118 }
119
120 if (filter.dst.family) {
746035b4
SP		 121 inet_prefix *f_dst = &filter.dst;
122
5baaf07c
DS		 123 if (f_dst->family != frh->family ||
124 f_dst->bitlen > frh->dst_len)
746035b4
SP		 125 return false;
126
127 if (inet_addr_match_rta(f_dst, tb[FRA_DST]))
ca89c521
HL		 128 return false;
129 }
130
5baaf07c 131 if (filter.tosmask && filter.tos ^ frh->tos)
ca89c521
HL		 132 return false;
133
134 if (filter.fwmark) {
135 __u32 mark = 0;
e147161b 136
ca89c521
HL		 137 if (tb[FRA_FWMARK])
138 mark = rta_getattr_u32(tb[FRA_FWMARK]);
139 if (filter.fwmark ^ mark)
140 return false;
141 }
142 if (filter.fwmask) {
143 __u32 mask = 0;
e147161b 144
ca89c521
HL		 145 if (tb[FRA_FWMASK])
146 mask = rta_getattr_u32(tb[FRA_FWMASK]);
147 if (filter.fwmask ^ mask)
148 return false;
149 }
150
151 if (filter.iifmask) {
152 if (tb[FRA_IFNAME]) {
153 if (strcmp(filter.iif, rta_getattr_str(tb[FRA_IFNAME])) != 0)
154 return false;
155 } else {
156 return false;
157 }
158 }
159
160 if (filter.oifmask) {
161 if (tb[FRA_OIFNAME]) {
162 if (strcmp(filter.oif, rta_getattr_str(tb[FRA_OIFNAME])) != 0)
163 return false;
164 } else {
165 return false;
166 }
167 }
168
169 if (filter.l3mdev && !(tb[FRA_L3MDEV] && rta_getattr_u8(tb[FRA_L3MDEV])))
170 return false;
171
82252cdc
LC		 172 if (filter.uidrange) {
173 struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]);
174
175 if (!tb[FRA_UID_RANGE] ||
176 r->start != filter.range.start ||
177 r->end != filter.range.end)
178 return false;
179 }
180
b2e8bf15
DA		 181 if (filter.ipproto) {
182 __u8 ipproto = 0;
183
184 if (tb[FRA_IP_PROTO])
185 ipproto = rta_getattr_u8(tb[FRA_IP_PROTO]);
186 if (filter.ipproto != ipproto)
187 return false;
188 }
189
190 if (filter.sport.start) {
191 const struct fib_rule_port_range *r;
192
193 if (!tb[FRA_SPORT_RANGE])
194 return false;
195
196 r = RTA_DATA(tb[FRA_SPORT_RANGE]);
197 if (r->start != filter.sport.start ||
198 r->end != filter.sport.end)
199 return false;
200 }
201
202 if (filter.dport.start) {
203 const struct fib_rule_port_range *r;
204
205 if (!tb[FRA_DPORT_RANGE])
206 return false;
207
208 r = RTA_DATA(tb[FRA_DPORT_RANGE]);
209 if (r->start != filter.dport.start ||
210 r->end != filter.dport.end)
211 return false;
212 }
213
cb65a9cb 214 if (filter.tun_id) {
215 __u64 tun_id = 0;
216
217 if (tb[FRA_TUN_ID]) {
218 tun_id = ntohll(rta_getattr_u64(tb[FRA_TUN_ID]));
219 if (filter.tun_id != tun_id)
220 return false;
221 } else {
222 return false;
223 }
224 }
225
5baaf07c 226 table = frh_get_table(frh, tb);
ca89c521
HL		 227 if (filter.tb > 0 && filter.tb ^ table)
228 return false;
229
230 return true;
231}
232
cd554f2c 233int print_rule(struct nlmsghdr *n, void *arg)
aba5acdf 234{
0dd4ccc5 235 FILE *fp = arg;
5baaf07c 236 struct fib_rule_hdr *frh = NLMSG_DATA(n);
aba5acdf
SH		 237 int len = n->nlmsg_len;
238 int host_len = -1;
0dd4ccc5 239 __u32 table, prio = 0;
56f5daac 240 struct rtattr *tb[FRA_MAX+1];
aba5acdf
SH		 241 SPRINT_BUF(b1);
242
98bde989 243 if (n->nlmsg_type != RTM_NEWRULE && n->nlmsg_type != RTM_DELRULE)
aba5acdf
SH		 244 return 0;
245
5baaf07c 246 len -= NLMSG_LENGTH(sizeof(*frh));
aba5acdf
SH		 247 if (len < 0)
248 return -1;
249
5baaf07c 250 parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len);
aba5acdf 251
5baaf07c 252 host_len = af_bit_len(frh->family);
aba5acdf 253
e147161b 254 if (!filter_nlmsg(n, tb, host_len))
ca89c521
HL		 255 return 0;
256
0dd4ccc5 257 open_json_object(NULL);
98bde989 258 if (n->nlmsg_type == RTM_DELRULE)
0dd4ccc5 259 print_bool(PRINT_ANY, "deleted", "Deleted ", true);
98bde989 260
ad1a12db 261 if (tb[FRA_PRIORITY])
0dd4ccc5
SH		 262 prio = rta_getattr_u32(tb[FRA_PRIORITY]);
263
264 print_uint(PRINT_ANY, "priority", "%u:\t", prio);
aba5acdf 265
5baaf07c 266 if (frh->flags & FIB_RULE_INVERT)
0dd4ccc5 267 print_null(PRINT_ANY, "not", "not ", NULL);
3123a0cc 268
ad1a12db 269 if (tb[FRA_SRC]) {
0dd4ccc5
SH		 270 const char *src = rt_addr_n2a_rta(frh->family, tb[FRA_SRC]);
271
272 print_string(PRINT_FP, NULL, "from ", NULL);
273 print_color_string(PRINT_ANY, ifa_family_color(frh->family),
274 "src", "%s", src);
275 if (frh->src_len != host_len)
276 print_uint(PRINT_ANY, "srclen", "/%u ", frh->src_len);
277 else
278 print_string(PRINT_FP, NULL, " ", NULL);
5baaf07c 279 } else if (frh->src_len) {
0dd4ccc5
SH		 280 print_string(PRINT_ANY, "src", "from %s", "0");
281 print_uint(PRINT_ANY, "srclen", "/%u ", frh->src_len);
aba5acdf 282 } else {
0dd4ccc5 283 print_string(PRINT_ANY, "src", "from %s ", "all");
aba5acdf
SH		 284 }
285
ad1a12db 286 if (tb[FRA_DST]) {
0dd4ccc5
SH		 287 const char *dst = rt_addr_n2a_rta(frh->family, tb[FRA_DST]);
288
289 print_string(PRINT_FP, NULL, "to ", NULL);
290 print_color_string(PRINT_ANY, ifa_family_color(frh->family),
1a75322c 291 "dst", "%s", dst);
0dd4ccc5
SH		 292 if (frh->dst_len != host_len)
293 print_uint(PRINT_ANY, "dstlen", "/%u ", frh->dst_len);
294 else
295 print_string(PRINT_FP, NULL, " ", NULL);
5baaf07c 296 } else if (frh->dst_len) {
0dd4ccc5
SH		 297 print_string(PRINT_ANY, "dst", "to %s", "0");
298 print_uint(PRINT_ANY, "dstlen", "/%u ", frh->dst_len);
aba5acdf
SH		 299 }
300
5baaf07c 301 if (frh->tos) {
0dd4ccc5
SH		 302 print_string(PRINT_ANY, "tos",
303 "tos %s ",
304 rtnl_dsfield_n2a(frh->tos, b1, sizeof(b1)));
aba5acdf 305 }
ad1a12db 306
4806867a 307 if (tb[FRA_FWMARK] || tb[FRA_FWMASK]) {
be7f286e
PM		 308 __u32 mark = 0, mask = 0;
309
ad1a12db 310 if (tb[FRA_FWMARK])
ff24746c 311 mark = rta_getattr_u32(tb[FRA_FWMARK]);
be7f286e 312
ad1a12db 313 if (tb[FRA_FWMASK] &&
0dd4ccc5 314 (mask = rta_getattr_u32(tb[FRA_FWMASK])) != 0xFFFFFFFF) {
90c5c969
SH		 315 print_0xhex(PRINT_ANY, "fwmark", "fwmark %#llx", mark);
316 print_0xhex(PRINT_ANY, "fwmask", "/%#llx ", mask);
0dd4ccc5 317 } else {
90c5c969 318 print_0xhex(PRINT_ANY, "fwmark", "fwmark %#llx ", mark);
0dd4ccc5 319 }
aba5acdf
SH		 320 }
321
ad1a12db 322 if (tb[FRA_IFNAME]) {
0dd4ccc5
SH		 323 if (!is_json_context())
324 fprintf(fp, "iif ");
325 print_color_string(PRINT_ANY, COLOR_IFNAME,
326 "iif", "%s ",
327 rta_getattr_str(tb[FRA_IFNAME]));
328
5baaf07c 329 if (frh->flags & FIB_RULE_IIF_DETACHED)
0dd4ccc5
SH		 330 print_null(PRINT_ANY, "iif_detached", "[detached] ",
331 NULL);
85eae222
PM		 332 }
333
334 if (tb[FRA_OIFNAME]) {
0dd4ccc5
SH		 335 if (!is_json_context())
336 fprintf(fp, "oif ");
337
338 print_color_string(PRINT_ANY, COLOR_IFNAME, "oif", "%s ",
339 rta_getattr_str(tb[FRA_OIFNAME]));
340
5baaf07c 341 if (frh->flags & FIB_RULE_OIF_DETACHED)
0dd4ccc5
SH		 342 print_null(PRINT_ANY, "oif_detached", "[detached] ",
343 NULL);
aba5acdf
SH		 344 }
345
8c92e122 346 if (tb[FRA_L3MDEV]) {
0dd4ccc5
SH		 347 __u8 mdev = rta_getattr_u8(tb[FRA_L3MDEV]);
348
349 if (mdev)
350 print_null(PRINT_ANY, "l3mdev",
351 "lookup [l3mdev-table] ", NULL);
8c92e122
DA		 352 }
353
82252cdc
LC		 354 if (tb[FRA_UID_RANGE]) {
355 struct fib_rule_uid_range *r = RTA_DATA(tb[FRA_UID_RANGE]);
356
0dd4ccc5
SH		 357 print_uint(PRINT_ANY, "uid_start", "uidrange %u", r->start);
358 print_uint(PRINT_ANY, "uid_end", "-%u ", r->end);
82252cdc
LC		 359 }
360
f686f764
RP		 361 if (tb[FRA_IP_PROTO]) {
362 SPRINT_BUF(pbuf);
363 print_string(PRINT_ANY, "ipproto", "ipproto %s ",
364 inet_proto_n2a(rta_getattr_u8(tb[FRA_IP_PROTO]),
365 pbuf, sizeof(pbuf)));
366 }
367
368 if (tb[FRA_SPORT_RANGE]) {
369 struct fib_rule_port_range *r = RTA_DATA(tb[FRA_SPORT_RANGE]);
370
371 if (r->start == r->end) {
372 print_uint(PRINT_ANY, "sport", "sport %u ", r->start);
373 } else {
374 print_uint(PRINT_ANY, "sport_start", "sport %u",
375 r->start);
376 print_uint(PRINT_ANY, "sport_end", "-%u ", r->end);
377 }
378 }
379
380 if (tb[FRA_DPORT_RANGE]) {
381 struct fib_rule_port_range *r = RTA_DATA(tb[FRA_DPORT_RANGE]);
382
383 if (r->start == r->end) {
384 print_uint(PRINT_ANY, "dport", "dport %u ", r->start);
385 } else {
386 print_uint(PRINT_ANY, "dport_start", "dport %u",
387 r->start);
388 print_uint(PRINT_ANY, "dport_end", "-%u ", r->end);
389 }
390 }
391
cb65a9cb 392 if (tb[FRA_TUN_ID]) {
393 __u64 tun_id = ntohll(rta_getattr_u64(tb[FRA_TUN_ID]));
394
395 print_u64(PRINT_ANY, "tun_id", "tun_id %llu ", tun_id);
396 }
397
5baaf07c 398 table = frh_get_table(frh, tb);
b1d0525f 399 if (table) {
0dd4ccc5
SH		 400 print_string(PRINT_ANY, "table",
401 "lookup %s ",
402 rtnl_rttable_n2a(table, b1, sizeof(b1)));
aba5acdf 403
b1d0525f
ST		 404 if (tb[FRA_SUPPRESS_PREFIXLEN]) {
405 int pl = rta_getattr_u32(tb[FRA_SUPPRESS_PREFIXLEN]);
56f5daac 406
d831cc7c 407 if (pl != -1)
0dd4ccc5
SH		 408 print_int(PRINT_ANY, "suppress_prefixlen",
409 "suppress_prefixlength %d ", pl);
b1d0525f 410 }
0dd4ccc5 411
b1d0525f
ST		 412 if (tb[FRA_SUPPRESS_IFGROUP]) {
413 int group = rta_getattr_u32(tb[FRA_SUPPRESS_IFGROUP]);
56f5daac 414
b1d0525f 415 if (group != -1) {
0dd4ccc5
SH		 416 const char *grname
417 = rtnl_group_n2a(group, b1, sizeof(b1));
418
419 print_string(PRINT_ANY, "suppress_ifgroup",
420 "suppress_ifgroup %s ", grname);
b1d0525f
ST		 421 }
422 }
423 }
424
ad1a12db 425 if (tb[FRA_FLOW]) {
ff24746c 426 __u32 to = rta_getattr_u32(tb[FRA_FLOW]);
aba5acdf 427 __u32 from = to>>16;
56f5daac 428
aba5acdf 429 to &= 0xFFFF;
0dd4ccc5
SH		 430 if (from)
431 print_string(PRINT_ANY,
432 "flow_from", "realms %s/",
433 rtnl_rtrealm_n2a(from, b1, sizeof(b1)));
434
435 print_string(PRINT_ANY, "flow_to", "%s ",
436 rtnl_rtrealm_n2a(to, b1, sizeof(b1)));
aba5acdf
SH		 437 }
438
5baaf07c 439 if (frh->action == RTN_NAT) {
aba5acdf 440 if (tb[RTA_GATEWAY]) {
0dd4ccc5
SH		 441 const char *gateway;
442
443 gateway = format_host_rta(frh->family, tb[RTA_GATEWAY]);
444
445 print_string(PRINT_ANY, "nat_gateway",
446 "map-to %s ", gateway);
447 } else {
448 print_null(PRINT_ANY, "masquerade", "masquerade", NULL);
449 }
5baaf07c 450 } else if (frh->action == FR_ACT_GOTO) {
6b469cae 451 if (tb[FRA_GOTO])
0dd4ccc5
SH		 452 print_uint(PRINT_ANY, "goto", "goto %u",
453 rta_getattr_u32(tb[FRA_GOTO]));
6b469cae 454 else
0dd4ccc5
SH		 455 print_string(PRINT_ANY, "goto", "goto %s", "none");
456
5baaf07c 457 if (frh->flags & FIB_RULE_UNRESOLVED)
0dd4ccc5
SH		 458 print_null(PRINT_ANY, "unresolved", "unresolved", NULL);
459 } else if (frh->action == FR_ACT_NOP) {
460 print_null(PRINT_ANY, "nop", "nop", NULL);
461 } else if (frh->action != FR_ACT_TO_TBL) {
462 print_string(PRINT_ANY, "to_tbl", "%s",
463 rtnl_rtntype_n2a(frh->action, b1, sizeof(b1)));
464 }
aba5acdf 465
7c083da7
DS		 466 if (tb[FRA_PROTOCOL]) {
467 __u8 protocol = rta_getattr_u8(tb[FRA_PROTOCOL]);
468
0dd4ccc5
SH		 469 if ((protocol && protocol != RTPROT_KERNEL) || show_details > 0) {
470 print_string(PRINT_ANY, "protocol", " proto %s ",
471 rtnl_rtprot_n2a(protocol, b1, sizeof(b1)));
7c083da7
DS		 472 }
473 }
0dd4ccc5
SH		 474 print_string(PRINT_FP, NULL, "\n", "");
475 close_json_object();
aba5acdf
SH		 476 fflush(fp);
477 return 0;
478}
479
2f4e171f
KT		 480static __u32 rule_dump_magic = 0x71706986;
481
482static int save_rule_prep(void)
483{
484 int ret;
485
486 if (isatty(STDOUT_FILENO)) {
487 fprintf(stderr, "Not sending a binary stream to stdout\n");
488 return -1;
489 }
490
491 ret = write(STDOUT_FILENO, &rule_dump_magic, sizeof(rule_dump_magic));
492 if (ret != sizeof(rule_dump_magic)) {
493 fprintf(stderr, "Can't write magic to dump file\n");
494 return -1;
495 }
496
497 return 0;
498}
499
cd554f2c 500static int save_rule(struct nlmsghdr *n, void *arg)
aba5acdf 501{
2f4e171f
KT		 502 int ret;
503
504 ret = write(STDOUT_FILENO, n, n->nlmsg_len);
505 if ((ret > 0) && (ret != n->nlmsg_len)) {
506 fprintf(stderr, "Short write while saving nlmsg\n");
507 ret = -EIO;
508 }
509
510 return ret == n->nlmsg_len ? 0 : ret;
511}
512
cd554f2c 513static int flush_rule(struct nlmsghdr *n, void *arg)
cb294a1d
HL		 514{
515 struct rtnl_handle rth2;
5baaf07c 516 struct fib_rule_hdr *frh = NLMSG_DATA(n);
cb294a1d
HL		 517 int len = n->nlmsg_len;
518 struct rtattr *tb[FRA_MAX+1];
b65b4c08 519 int host_len = -1;
cb294a1d 520
5baaf07c 521 len -= NLMSG_LENGTH(sizeof(*frh));
cb294a1d
HL		 522 if (len < 0)
523 return -1;
524
5baaf07c 525 parse_rtattr(tb, FRA_MAX, RTM_RTA(frh), len);
cb294a1d 526
b65b4c08
DA		 527 host_len = af_bit_len(frh->family);
528 if (!filter_nlmsg(n, tb, host_len))
529 return 0;
530
7c083da7
DS		 531 if (tb[FRA_PROTOCOL]) {
532 __u8 protocol = rta_getattr_u8(tb[FRA_PROTOCOL]);
533
534 if ((filter.protocol ^ protocol) & filter.protocolmask)
535 return 0;
536 }
537
cb294a1d
HL		 538 if (tb[FRA_PRIORITY]) {
539 n->nlmsg_type = RTM_DELRULE;
540 n->nlmsg_flags = NLM_F_REQUEST;
541
542 if (rtnl_open(&rth2, 0) < 0)
543 return -1;
544
86bf43c7 545 if (rtnl_talk(&rth2, n, NULL) < 0)
cb294a1d
HL		 546 return -2;
547
548 rtnl_close(&rth2);
549 }
550
551 return 0;
552}
553
554static int iprule_list_flush_or_save(int argc, char **argv, int action)
2f4e171f 555{
cb294a1d 556 rtnl_filter_t filter_fn;
aba5acdf
SH		 557 int af = preferred_family;
558
559 if (af == AF_UNSPEC)
560 af = AF_INET;
561
7c083da7
DS		 562 if (action == IPRULE_SAVE && argc > 0) {
563 fprintf(stderr, "\"ip rule save\" does not take any arguments.\n");
aba5acdf
SH		 564 return -1;
565 }
566
cb294a1d
HL		 567 switch (action) {
568 case IPRULE_SAVE:
2f4e171f
KT		 569 if (save_rule_prep())
570 return -1;
cb294a1d
HL		 571 filter_fn = save_rule;
572 break;
573 case IPRULE_FLUSH:
574 filter_fn = flush_rule;
575 break;
576 default:
577 filter_fn = print_rule;
2f4e171f
KT		 578 }
579
ca89c521
HL		 580 memset(&filter, 0, sizeof(filter));
581
582 while (argc > 0) {
583 if (matches(*argv, "preference") == 0 ||
584 matches(*argv, "order") == 0 ||
585 matches(*argv, "priority") == 0) {
586 __u32 pref;
e147161b 587
ca89c521
HL		 588 NEXT_ARG();
589 if (get_u32(&pref, *argv, 0))
590 invarg("preference value is invalid\n", *argv);
591 filter.pref = pref;
592 filter.prefmask = 1;
593 } else if (strcmp(*argv, "not") == 0) {
594 filter.not = 1;
595 } else if (strcmp(*argv, "tos") == 0) {
596 __u32 tos;
e147161b 597
ca89c521
HL		 598 NEXT_ARG();
599 if (rtnl_dsfield_a2n(&tos, *argv))
600 invarg("TOS value is invalid\n", *argv);
601 filter.tos = tos;
602 filter.tosmask = 1;
603 } else if (strcmp(*argv, "fwmark") == 0) {
604 char *slash;
605 __u32 fwmark, fwmask;
e147161b 606
ca89c521
HL		 607 NEXT_ARG();
608 slash = strchr(*argv, '/');
609 if (slash != NULL)
610 *slash = '\0';
611 if (get_u32(&fwmark, *argv, 0))
612 invarg("fwmark value is invalid\n", *argv);
613 filter.fwmark = fwmark;
614 if (slash) {
615 if (get_u32(&fwmask, slash+1, 0))
616 invarg("fwmask value is invalid\n",
617 slash+1);
618 filter.fwmask = fwmask;
619 }
620 } else if (strcmp(*argv, "dev") == 0 ||
621 strcmp(*argv, "iif") == 0) {
622 NEXT_ARG();
625df645
PS		 623 if (get_ifname(filter.iif, *argv))
624 invarg("\"iif\"/\"dev\" not a valid ifname", *argv);
ca89c521
HL		 625 filter.iifmask = 1;
626 } else if (strcmp(*argv, "oif") == 0) {
627 NEXT_ARG();
625df645
PS		 628 if (get_ifname(filter.oif, *argv))
629 invarg("\"oif\" not a valid ifname", *argv);
ca89c521
HL		 630 filter.oifmask = 1;
631 } else if (strcmp(*argv, "l3mdev") == 0) {
632 filter.l3mdev = 1;
82252cdc
LC		 633 } else if (strcmp(*argv, "uidrange") == 0) {
634 NEXT_ARG();
635 filter.uidrange = 1;
636 if (sscanf(*argv, "%u-%u",
637 &filter.range.start,
638 &filter.range.end) != 2)
639 invarg("invalid UID range\n", *argv);
640
cb65a9cb 641 } else if (matches(*argv, "tun_id") == 0) {
642 __u64 tun_id;
643
644 NEXT_ARG();
645 if (get_u64(&tun_id, *argv, 0))
646 invarg("\"tun_id\" value is invalid\n", *argv);
647 filter.tun_id = tun_id;
ca89c521 648 } else if (matches(*argv, "lookup") == 0 ||
e147161b 649 matches(*argv, "table") == 0) {
ca89c521 650 __u32 tid;
e147161b 651
ca89c521
HL		 652 NEXT_ARG();
653 if (rtnl_rttable_a2n(&tid, *argv))
654 invarg("table id value is invalid\n", *argv);
655 filter.tb = tid;
656 } else if (matches(*argv, "from") == 0 ||
657 matches(*argv, "src") == 0) {
658 NEXT_ARG();
746035b4
SP		 659 if (get_prefix(&filter.src, *argv, af))
660 invarg("from value is invalid\n", *argv);
7c083da7
DS		 661 } else if (matches(*argv, "protocol") == 0) {
662 __u32 prot;
663 NEXT_ARG();
664 filter.protocolmask = -1;
665 if (rtnl_rtprot_a2n(&prot, *argv)) {
666 if (strcmp(*argv, "all") != 0)
667 invarg("invalid \"protocol\"\n", *argv);
668 prot = 0;
669 filter.protocolmask = 0;
670 }
671 filter.protocol = prot;
b2e8bf15
DA		 672 } else if (strcmp(*argv, "ipproto") == 0) {
673 int ipproto;
674
675 NEXT_ARG();
676 ipproto = inet_proto_a2n(*argv);
677 if (ipproto < 0)
678 invarg("Invalid \"ipproto\" value\n", *argv);
679 filter.ipproto = ipproto;
680 } else if (strcmp(*argv, "sport") == 0) {
681 struct fib_rule_port_range r;
682 int ret;
683
684 NEXT_ARG();
685 ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end);
686 if (ret == 1)
687 r.end = r.start;
688 else if (ret != 2)
689 invarg("invalid port range\n", *argv);
690 filter.sport = r;
691 } else if (strcmp(*argv, "dport") == 0) {
692 struct fib_rule_port_range r;
693 int ret;
694
695 NEXT_ARG();
696 ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end);
697 if (ret == 1)
698 r.end = r.start;
699 else if (ret != 2)
700 invarg("invalid dport range\n", *argv);
701 filter.dport = r;
7c083da7 702 } else{
ca89c521
HL		 703 if (matches(*argv, "dst") == 0 ||
704 matches(*argv, "to") == 0) {
705 NEXT_ARG();
706 }
746035b4
SP		 707 if (get_prefix(&filter.dst, *argv, af))
708 invarg("to value is invalid\n", *argv);
ca89c521
HL		 709 }
710 argc--; argv++;
711 }
712
b05d9a3d 713 if (rtnl_ruledump_req(&rth, af) < 0) {
aba5acdf
SH		 714 perror("Cannot send dump request");
715 return 1;
716 }
717
0dd4ccc5 718 new_json_obj(json);
cb294a1d 719 if (rtnl_dump_filter(&rth, filter_fn, stdout) < 0) {
aba5acdf
SH		 720 fprintf(stderr, "Dump terminated\n");
721 return 1;
722 }
0dd4ccc5 723 delete_json_obj();
aba5acdf
SH		 724
725 return 0;
726}
727
2f4e171f
KT		 728static int rule_dump_check_magic(void)
729{
730 int ret;
731 __u32 magic = 0;
732
733 if (isatty(STDIN_FILENO)) {
734 fprintf(stderr, "Can't restore rule dump from a terminal\n");
735 return -1;
736 }
737
738 ret = fread(&magic, sizeof(magic), 1, stdin);
739 if (magic != rule_dump_magic) {
d831cc7c
SH		 740 fprintf(stderr, "Magic mismatch (%d elems, %x magic)\n",
741 ret, magic);
2f4e171f
KT		 742 return -1;
743 }
744
745 return 0;
746}
747
cd554f2c 748static int restore_handler(struct rtnl_ctrl_data *ctrl,
2f4e171f
KT		 749 struct nlmsghdr *n, void *arg)
750{
751 int ret;
752
753 n->nlmsg_flags |= NLM_F_REQUEST | NLM_F_CREATE | NLM_F_ACK;
754
755 ll_init_map(&rth);
756
86bf43c7 757 ret = rtnl_talk(&rth, n, NULL);
2f4e171f
KT		 758 if ((ret < 0) && (errno == EEXIST))
759 ret = 0;
760
761 return ret;
762}
763
764
765static int iprule_restore(void)
766{
767 if (rule_dump_check_magic())
768 exit(-1);
769
770 exit(rtnl_from_file(stdin, &restore_handler, NULL));
771}
aba5acdf 772
50772dc5 773static int iprule_modify(int cmd, int argc, char **argv)
aba5acdf 774{
8c92e122 775 int l3mdev_rule = 0;
aba5acdf 776 int table_ok = 0;
8c92e122 777 __u32 tid = 0;
aba5acdf 778 struct {
4806867a 779 struct nlmsghdr n;
5baaf07c 780 struct fib_rule_hdr frh;
56f5daac 781 char buf[1024];
d17b136f
PS		 782 } req = {
783 .n.nlmsg_type = cmd,
5baaf07c 784 .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct fib_rule_hdr)),
d17b136f 785 .n.nlmsg_flags = NLM_F_REQUEST,
5baaf07c
DS		 786 .frh.family = preferred_family,
787 .frh.action = FR_ACT_UNSPEC,
d17b136f 788 };
aba5acdf
SH		 789
790 if (cmd == RTM_NEWRULE) {
23801209
DA		 791 if (argc == 0) {
792 fprintf(stderr,
793 "\"ip rule add\" requires arguments.\n");
794 return -1;
795 }
aba5acdf 796 req.n.nlmsg_flags |= NLM_F_CREATE|NLM_F_EXCL;
5baaf07c 797 req.frh.action = FR_ACT_TO_TBL;
aba5acdf
SH		 798 }
799
67a990b8
AJM		 800 if (cmd == RTM_DELRULE && argc == 0) {
801 fprintf(stderr, "\"ip rule del\" requires arguments.\n");
802 return -1;
803 }
804
aba5acdf 805 while (argc > 0) {
3123a0cc 806 if (strcmp(*argv, "not") == 0) {
5baaf07c 807 req.frh.flags |= FIB_RULE_INVERT;
3123a0cc 808 } else if (strcmp(*argv, "from") == 0) {
aba5acdf 809 inet_prefix dst;
56f5daac 810
aba5acdf 811 NEXT_ARG();
5baaf07c
DS		 812 get_prefix(&dst, *argv, req.frh.family);
813 req.frh.src_len = dst.bitlen;
d831cc7c
SH		 814 addattr_l(&req.n, sizeof(req), FRA_SRC,
815 &dst.data, dst.bytelen);
aba5acdf
SH		 816 } else if (strcmp(*argv, "to") == 0) {
817 inet_prefix dst;
56f5daac 818
aba5acdf 819 NEXT_ARG();
5baaf07c
DS		 820 get_prefix(&dst, *argv, req.frh.family);
821 req.frh.dst_len = dst.bitlen;
d831cc7c
SH		 822 addattr_l(&req.n, sizeof(req), FRA_DST,
823 &dst.data, dst.bytelen);
aba5acdf
SH		 824 } else if (matches(*argv, "preference") == 0 ||
825 matches(*argv, "order") == 0 ||
826 matches(*argv, "priority") == 0) {
827 __u32 pref;
56f5daac 828
aba5acdf
SH		 829 NEXT_ARG();
830 if (get_u32(&pref, *argv, 0))
831 invarg("preference value is invalid\n", *argv);
ad1a12db 832 addattr32(&req.n, sizeof(req), FRA_PRIORITY, pref);
dec01609
AH		 833 } else if (strcmp(*argv, "tos") == 0 ||
834 matches(*argv, "dsfield") == 0) {
aba5acdf 835 __u32 tos;
56f5daac 836
aba5acdf
SH		 837 NEXT_ARG();
838 if (rtnl_dsfield_a2n(&tos, *argv))
839 invarg("TOS value is invalid\n", *argv);
5baaf07c 840 req.frh.tos = tos;
aba5acdf 841 } else if (strcmp(*argv, "fwmark") == 0) {
be7f286e
PM		 842 char *slash;
843 __u32 fwmark, fwmask;
56f5daac 844
aba5acdf 845 NEXT_ARG();
d831cc7c
SH		 846
847 slash = strchr(*argv, '/');
848 if (slash != NULL)
be7f286e 849 *slash = '\0';
4fb466f9 850 if (get_u32(&fwmark, *argv, 0))
aba5acdf 851 invarg("fwmark value is invalid\n", *argv);
ad1a12db 852 addattr32(&req.n, sizeof(req), FRA_FWMARK, fwmark);
be7f286e
PM		 853 if (slash) {
854 if (get_u32(&fwmask, slash+1, 0))
d831cc7c
SH		 855 invarg("fwmask value is invalid\n",
856 slash+1);
857 addattr32(&req.n, sizeof(req),
858 FRA_FWMASK, fwmask);
be7f286e 859 }
aba5acdf
SH		 860 } else if (matches(*argv, "realms") == 0) {
861 __u32 realm;
56f5daac 862
aba5acdf 863 NEXT_ARG();
d583e88e 864 if (get_rt_realms_or_raw(&realm, *argv))
aba5acdf 865 invarg("invalid realms\n", *argv);
ad1a12db 866 addattr32(&req.n, sizeof(req), FRA_FLOW, realm);
33f1e250
DS		 867 } else if (matches(*argv, "protocol") == 0) {
868 __u32 proto;
869
870 NEXT_ARG();
871 if (rtnl_rtprot_a2n(&proto, *argv))
872 invarg("\"protocol\" value is invalid\n", *argv);
873 addattr8(&req.n, sizeof(req), FRA_PROTOCOL, proto);
cb65a9cb 874 } else if (matches(*argv, "tun_id") == 0) {
875 __u64 tun_id;
876
877 NEXT_ARG();
878 if (get_be64(&tun_id, *argv, 0))
879 invarg("\"tun_id\" value is invalid\n", *argv);
880 addattr64(&req.n, sizeof(req), FRA_TUN_ID, tun_id);
aba5acdf
SH		 881 } else if (matches(*argv, "table") == 0 ||
882 strcmp(*argv, "lookup") == 0) {
aba5acdf
SH		 883 NEXT_ARG();
884 if (rtnl_rttable_a2n(&tid, *argv))
885 invarg("invalid table ID\n", *argv);
34e95647 886 if (tid < 256)
5baaf07c 887 req.frh.table = tid;
34e95647 888 else {
5baaf07c 889 req.frh.table = RT_TABLE_UNSPEC;
ad1a12db 890 addattr32(&req.n, sizeof(req), FRA_TABLE, tid);
34e95647 891 }
aba5acdf 892 table_ok = 1;
b1d0525f
ST		 893 } else if (matches(*argv, "suppress_prefixlength") == 0 ||
894 strcmp(*argv, "sup_pl") == 0) {
895 int pl;
56f5daac 896
b1d0525f
ST		 897 NEXT_ARG();
898 if (get_s32(&pl, *argv, 0) || pl < 0)
d831cc7c
SH		 899 invarg("suppress_prefixlength value is invalid\n",
900 *argv);
901 addattr32(&req.n, sizeof(req),
902 FRA_SUPPRESS_PREFIXLEN, pl);
b1d0525f
ST		 903 } else if (matches(*argv, "suppress_ifgroup") == 0 ||
904 strcmp(*argv, "sup_group") == 0) {
905 NEXT_ARG();
906 int group;
56f5daac 907
b1d0525f 908 if (rtnl_group_a2n(&group, *argv))
d831cc7c
SH		 909 invarg("Invalid \"suppress_ifgroup\" value\n",
910 *argv);
911 addattr32(&req.n, sizeof(req),
912 FRA_SUPPRESS_IFGROUP, group);
aba5acdf
SH		 913 } else if (strcmp(*argv, "dev") == 0 ||
914 strcmp(*argv, "iif") == 0) {
915 NEXT_ARG();
625df645
PS		 916 if (check_ifname(*argv))
917 invarg("\"iif\"/\"dev\" not a valid ifname", *argv);
d831cc7c
SH		 918 addattr_l(&req.n, sizeof(req), FRA_IFNAME,
919 *argv, strlen(*argv)+1);
85eae222
PM		 920 } else if (strcmp(*argv, "oif") == 0) {
921 NEXT_ARG();
625df645
PS		 922 if (check_ifname(*argv))
923 invarg("\"oif\" not a valid ifname", *argv);
d831cc7c
SH		 924 addattr_l(&req.n, sizeof(req), FRA_OIFNAME,
925 *argv, strlen(*argv)+1);
8c92e122
DA		 926 } else if (strcmp(*argv, "l3mdev") == 0) {
927 addattr8(&req.n, sizeof(req), FRA_L3MDEV, 1);
928 table_ok = 1;
929 l3mdev_rule = 1;
82252cdc
LC		 930 } else if (strcmp(*argv, "uidrange") == 0) {
931 struct fib_rule_uid_range r;
932
933 NEXT_ARG();
934 if (sscanf(*argv, "%u-%u", &r.start, &r.end) != 2)
935 invarg("invalid UID range\n", *argv);
936 addattr_l(&req.n, sizeof(req), FRA_UID_RANGE, &r,
937 sizeof(r));
aba5acdf
SH		 938 } else if (strcmp(*argv, "nat") == 0 ||
939 matches(*argv, "map-to") == 0) {
940 NEXT_ARG();
526afe40 941 fprintf(stderr, "Warning: route NAT is deprecated\n");
d831cc7c
SH		 942 addattr32(&req.n, sizeof(req), RTA_GATEWAY,
943 get_addr32(*argv));
5baaf07c 944 req.frh.action = RTN_NAT;
f686f764
RP		 945 } else if (strcmp(*argv, "ipproto") == 0) {
946 int ipproto;
947
948 NEXT_ARG();
949 ipproto = inet_proto_a2n(*argv);
950 if (ipproto < 0)
951 invarg("Invalid \"ipproto\" value\n",
952 *argv);
953 addattr8(&req.n, sizeof(req), FRA_IP_PROTO, ipproto);
954 } else if (strcmp(*argv, "sport") == 0) {
955 struct fib_rule_port_range r;
956 int ret = 0;
957
958 NEXT_ARG();
959 ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end);
960 if (ret == 1)
961 r.end = r.start;
962 else if (ret != 2)
963 invarg("invalid port range\n", *argv);
964 addattr_l(&req.n, sizeof(req), FRA_SPORT_RANGE, &r,
965 sizeof(r));
966 } else if (strcmp(*argv, "dport") == 0) {
967 struct fib_rule_port_range r;
968 int ret = 0;
969
970 NEXT_ARG();
971 ret = sscanf(*argv, "%hu-%hu", &r.start, &r.end);
972 if (ret == 1)
973 r.end = r.start;
974 else if (ret != 2)
975 invarg("invalid dport range\n", *argv);
976 addattr_l(&req.n, sizeof(req), FRA_DPORT_RANGE, &r,
977 sizeof(r));
aba5acdf
SH		 978 } else {
979 int type;
980
d831cc7c 981 if (strcmp(*argv, "type") == 0)
aba5acdf 982 NEXT_ARG();
d831cc7c 983
aba5acdf
SH		 984 if (matches(*argv, "help") == 0)
985 usage();
6b469cae
TG		 986 else if (matches(*argv, "goto") == 0) {
987 __u32 target;
56f5daac 988
6b469cae
TG		 989 type = FR_ACT_GOTO;
990 NEXT_ARG();
991 if (get_u32(&target, *argv, 0))
992 invarg("invalid target\n", *argv);
d831cc7c
SH		 993 addattr32(&req.n, sizeof(req),
994 FRA_GOTO, target);
6b469cae
TG		 995 } else if (matches(*argv, "nop") == 0)
996 type = FR_ACT_NOP;
997 else if (rtnl_rtntype_a2n(&type, *argv))
aba5acdf 998 invarg("Failed to parse rule type", *argv);
5baaf07c 999 req.frh.action = type;
6b469cae 1000 table_ok = 1;
aba5acdf
SH		 1001 }
1002 argc--;
1003 argv++;
1004 }
1005
8c92e122
DA		 1006 if (l3mdev_rule && tid != 0) {
1007 fprintf(stderr,
1008 "table can not be specified for l3mdev rules\n");
1009 return -EINVAL;
1010 }
1011
5baaf07c
DS		 1012 if (req.frh.family == AF_UNSPEC)
1013 req.frh.family = AF_INET;
aba5acdf
SH		 1014
1015 if (!table_ok && cmd == RTM_NEWRULE)
5baaf07c 1016 req.frh.table = RT_TABLE_MAIN;
aba5acdf 1017
86bf43c7 1018 if (rtnl_talk(&rth, &req.n, NULL) < 0)
076ae708 1019 return -2;
aba5acdf
SH		 1020
1021 return 0;
1022}
1023
1024int do_iprule(int argc, char **argv)
1025{
1026 if (argc < 1) {
cb294a1d 1027 return iprule_list_flush_or_save(0, NULL, IPRULE_LIST);
aba5acdf
SH		 1028 } else if (matches(argv[0], "list") == 0 ||
1029 matches(argv[0], "lst") == 0 ||
1030 matches(argv[0], "show") == 0) {
cb294a1d 1031 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_LIST);
2f4e171f 1032 } else if (matches(argv[0], "save") == 0) {
cb294a1d 1033 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_SAVE);
2f4e171f
KT		 1034 } else if (matches(argv[0], "restore") == 0) {
1035 return iprule_restore();
aba5acdf
SH		 1036 } else if (matches(argv[0], "add") == 0) {
1037 return iprule_modify(RTM_NEWRULE, argc-1, argv+1);
1038 } else if (matches(argv[0], "delete") == 0) {
1039 return iprule_modify(RTM_DELRULE, argc-1, argv+1);
50772dc5 1040 } else if (matches(argv[0], "flush") == 0) {
cb294a1d 1041 return iprule_list_flush_or_save(argc-1, argv+1, IPRULE_FLUSH);
aba5acdf
SH		 1042 } else if (matches(argv[0], "help") == 0)
1043 usage();
1044
d831cc7c
SH		 1045 fprintf(stderr,
1046 "Command \"%s\" is unknown, try \"ip rule help\".\n", *argv);
aba5acdf
SH		 1047 exit(-1);
1048}
1049
b6c8e808
PM		 1050int do_multirule(int argc, char **argv)
1051{
1052 switch (preferred_family) {
1053 case AF_UNSPEC:
1054 case AF_INET:
1055 preferred_family = RTNL_FAMILY_IPMR;
1056 break;
1057 case AF_INET6:
1058 preferred_family = RTNL_FAMILY_IP6MR;
1059 break;
0d1c9b57
BG		 1060 case RTNL_FAMILY_IPMR:
1061 case RTNL_FAMILY_IP6MR:
1062 break;
b6c8e808 1063 default:
d831cc7c
SH		 1064 fprintf(stderr,
1065 "Multicast rules are only supported for IPv4/IPv6, was: %i\n",
0d1c9b57 1066 preferred_family);
b6c8e808
PM		 1067 exit(-1);
1068 }
1069
1070 return do_iprule(argc, argv);
1071}
Upstream mirror of iproute2