]> git.proxmox.com Git - mirror_iproute2.git/blame - tc/f_flower.c
projects / mirror_iproute2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
man: ip-link.8: Document bridge_slave fdb_flush option
[mirror_iproute2.git] / tc / f_flower.c
CommitLineData
30eb304e
JP		 1/*
2 * f_flower.c Flower Classifier
3 *
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Jiri Pirko <jiri@resnulli.us>
10 */
11
12#include <stdio.h>
13#include <stdlib.h>
14#include <unistd.h>
15#include <syslog.h>
16#include <string.h>
17#include <net/if.h>
f888f4e2 18#include <linux/if_arp.h>
30eb304e
JP		 19#include <linux/if_ether.h>
20#include <linux/ip.h>
745d9172 21#include <linux/tc_act/tc_vlan.h>
30eb304e
JP		 22
23#include "utils.h"
24#include "tc_util.h"
25#include "rt_names.h"
26
08f66c80
PB		 27enum flower_matching_flags {
28 FLOWER_IP_FLAGS,
29};
30
6910d656
SH		 31enum flower_endpoint {
32 FLOWER_ENDPOINT_SRC,
33 FLOWER_ENDPOINT_DST
34};
35
eb3b5696
SH		 36enum flower_icmp_field {
37 FLOWER_ICMP_FIELD_TYPE,
38 FLOWER_ICMP_FIELD_CODE
39};
40
30eb304e
JP		 41static void explain(void)
42{
512caeb2
SH		 43 fprintf(stderr,
44 "Usage: ... flower [ MATCH-LIST ]\n"
45 " [ skip_sw | skip_hw ]\n"
46 " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
47 "\n"
48 "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
49 " MATCH := { indev DEV-NAME |\n"
50 " vlan_id VID |\n"
51 " vlan_prio PRIORITY |\n"
52 " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
c2078f8d
SH		 53 " dst_mac MASKED-LLADDR |\n"
54 " src_mac MASKED-LLADDR |\n"
eb3b5696 55 " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
b2a1f740
SH		 56 " dst_ip PREFIX |\n"
57 " src_ip PREFIX |\n"
512caeb2 58 " dst_port PORT-NUMBER |\n"
bb9b63b1 59 " src_port PORT-NUMBER |\n"
eb3b5696 60 " type ICMP-TYPE |\n"
bf73c650 61 " code ICMP-CODE |\n"
f888f4e2
SH		 62 " arp_tip PREFIX |\n"
63 " arp_sip PREFIX |\n"
64 " arp_op [ request | reply | OP ] |\n"
65 " arp_tha MASKED-LLADDR |\n"
66 " arp_sha MASKED-LLADDR |\n"
10da5528
SH		 67 " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
68 " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
bf73c650 69 " enc_key_id [ KEY-ID ] |\n"
08f66c80 70 " ip_flags IP-FLAGS | \n"
a5ae170e 71 " enc_dst_port [ port_number ] }\n"
512caeb2 72 " FILTERID := X:Y:Z\n"
c2078f8d 73 " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
512caeb2
SH		 74 " ACTION-SPEC := ... look at individual actions\n"
75 "\n"
328374dc 76 "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
512caeb2
SH		 77 "NOTE: There can be only used one mask per one prio. If user needs\n"
78 " to specify different mask, he has to use different prio.\n");
30eb304e
JP		 79}
80
81static int flower_parse_eth_addr(char *str, int addr_type, int mask_type,
82 struct nlmsghdr *n)
83{
c2078f8d
SH		 84 int ret, err = -1;
85 char addr[ETH_ALEN], *slash;
86
87 slash = strchr(str, '/');
88 if (slash)
89 *slash = '\0';
30eb304e
JP		 90
91 ret = ll_addr_a2n(addr, sizeof(addr), str);
92 if (ret < 0)
c2078f8d 93 goto err;
30eb304e 94 addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr));
c2078f8d
SH		 95
96 if (slash) {
97 unsigned bits;
98
99 if (!get_unsigned(&bits, slash + 1, 10)) {
100 uint64_t mask;
101
102 /* Extra 16 bit shift to push mac address into
103 * high bits of uint64_t
104 */
105 mask = htonll(0xffffffffffffULL << (16 + 48 - bits));
106 memcpy(addr, &mask, ETH_ALEN);
107 } else {
108 ret = ll_addr_a2n(addr, sizeof(addr), slash + 1);
109 if (ret < 0)
110 goto err;
111 }
112 } else {
113 memset(addr, 0xff, ETH_ALEN);
114 }
30eb304e 115 addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr));
c2078f8d
SH		 116
117 err = 0;
118err:
119 if (slash)
120 *slash = '/';
121 return err;
30eb304e
JP		 122}
123
745d9172 124static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type,
512caeb2
SH		 125 __be16 *p_vlan_eth_type,
126 struct nlmsghdr *n)
745d9172
HHZ		 127{
128 __be16 vlan_eth_type;
129
130 if (eth_type != htons(ETH_P_8021Q)) {
512caeb2
SH		 131 fprintf(stderr,
132 "Can't set \"vlan_ethtype\" if ethertype isn't 802.1Q\n");
745d9172
HHZ		 133 return -1;
134 }
135
136 if (ll_proto_a2n(&vlan_eth_type, str))
137 invarg("invalid vlan_ethtype", str);
138 addattr16(n, MAX_MSG, type, vlan_eth_type);
139 *p_vlan_eth_type = vlan_eth_type;
140 return 0;
141}
142
08f66c80
PB		 143struct flag_to_string {
144 int flag;
145 enum flower_matching_flags type;
146 char *string;
147};
22a8f019 148
08f66c80
PB		 149static struct flag_to_string flags_str[] = {
150 { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
151};
22a8f019 152
08f66c80
PB		 153static int flower_parse_matching_flags(char *str,
154 enum flower_matching_flags type,
155 __u32 *mtf, __u32 *mtf_mask)
156{
157 char *token;
158 bool no;
159 bool found;
160 int i;
22a8f019 161
08f66c80
PB		 162 token = strtok(str, "/");
163
164 while (token) {
165 if (!strncmp(token, "no", 2)) {
166 no = true;
167 token += 2;
168 } else
169 no = false;
170
171 found = false;
172 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
173 if (type != flags_str[i].type)
174 continue;
175
176 if (!strcmp(token, flags_str[i].string)) {
177 if (no)
178 *mtf &= ~flags_str[i].flag;
179 else
180 *mtf |= flags_str[i].flag;
181
182 *mtf_mask |= flags_str[i].flag;
183 found = true;
184 break;
185 }
186 }
187 if (!found)
22a8f019 188 return -1;
08f66c80
PB		 189
190 token = strtok(NULL, "/");
22a8f019
PB		 191 }
192
22a8f019
PB		 193 return 0;
194}
195
30eb304e
JP		 196static int flower_parse_ip_proto(char *str, __be16 eth_type, int type,
197 __u8 *p_ip_proto, struct nlmsghdr *n)
198{
199 int ret;
200 __u8 ip_proto;
201
eb3b5696
SH		 202 if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6))
203 goto err;
204
30eb304e
JP		 205 if (matches(str, "tcp") == 0) {
206 ip_proto = IPPROTO_TCP;
207 } else if (matches(str, "udp") == 0) {
208 ip_proto = IPPROTO_UDP;
a1fb0d48
SH		 209 } else if (matches(str, "sctp") == 0) {
210 ip_proto = IPPROTO_SCTP;
eb3b5696
SH		 211 } else if (matches(str, "icmp") == 0) {
212 if (eth_type != htons(ETH_P_IP))
213 goto err;
214 ip_proto = IPPROTO_ICMP;
215 } else if (matches(str, "icmpv6") == 0) {
216 if (eth_type != htons(ETH_P_IPV6))
217 goto err;
218 ip_proto = IPPROTO_ICMPV6;
30eb304e
JP		 219 } else {
220 ret = get_u8(&ip_proto, str, 16);
221 if (ret)
222 return -1;
223 }
224 addattr8(n, MAX_MSG, type, ip_proto);
225 *p_ip_proto = ip_proto;
226 return 0;
eb3b5696
SH		 227
228err:
229 fprintf(stderr, "Illegal \"eth_type\" for ip proto\n");
230 return -1;
30eb304e
JP		 231}
232
f888f4e2
SH		 233static int __flower_parse_ip_addr(char *str, int family,
234 int addr4_type, int mask4_type,
235 int addr6_type, int mask6_type,
236 struct nlmsghdr *n)
30eb304e
JP		 237{
238 int ret;
239 inet_prefix addr;
30eb304e
JP		 240 int bits;
241 int i;
242
30eb304e
JP		 243 ret = get_prefix(&addr, str, family);
244 if (ret)
245 return -1;
246
bb9b63b1
AV		 247 if (family && (addr.family != family)) {
248 fprintf(stderr, "Illegal \"eth_type\" for ip address\n");
30eb304e 249 return -1;
bb9b63b1 250 }
30eb304e
JP		 251
252 addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type,
253 addr.data, addr.bytelen);
254
255 memset(addr.data, 0xff, addr.bytelen);
256 bits = addr.bitlen;
257 for (i = 0; i < addr.bytelen / 4; i++) {
258 if (!bits) {
259 addr.data[i] = 0;
260 } else if (bits / 32 >= 1) {
261 bits -= 32;
262 } else {
263 addr.data[i] <<= 32 - bits;
264 addr.data[i] = htonl(addr.data[i]);
265 bits = 0;
266 }
267 }
268
269 addattr_l(n, MAX_MSG, addr.family == AF_INET ? mask4_type : mask6_type,
270 addr.data, addr.bytelen);
271
272 return 0;
273}
274
f888f4e2
SH		 275static int flower_parse_ip_addr(char *str, __be16 eth_type,
276 int addr4_type, int mask4_type,
277 int addr6_type, int mask6_type,
278 struct nlmsghdr *n)
279{
280 int family;
281
282 if (eth_type == htons(ETH_P_IP)) {
283 family = AF_INET;
284 } else if (eth_type == htons(ETH_P_IPV6)) {
285 family = AF_INET6;
286 } else if (!eth_type) {
287 family = AF_UNSPEC;
288 } else {
289 return -1;
290 }
291
292 return __flower_parse_ip_addr(str, family, addr4_type, addr6_type,
293 mask4_type, mask6_type, n);
294}
295
296static bool flower_eth_type_arp(__be16 eth_type)
297{
298 return eth_type == htons(ETH_P_ARP) || eth_type == htons(ETH_P_RARP);
299}
300
301static int flower_parse_arp_ip_addr(char *str, __be16 eth_type,
302 int addr_type, int mask_type,
303 struct nlmsghdr *n)
304{
305 if (!flower_eth_type_arp(eth_type))
306 return -1;
307
308 return __flower_parse_ip_addr(str, AF_INET, addr_type, mask_type,
309 TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n);
310}
311
312static int flower_parse_arp_op(char *str, __be16 eth_type,
313 int op_type, int mask_type,
314 struct nlmsghdr *n)
315{
316 char *slash;
317 int ret, err = -1;
318 uint8_t value, mask;
319
320 slash = strchr(str, '/');
321 if (slash)
322 *slash = '\0';
323
324 if (!flower_eth_type_arp(eth_type))
325 goto err;
326
327 if (!strcmp(str, "request")) {
328 value = ARPOP_REQUEST;
329 } else if (!strcmp(str, "reply")) {
330 value = ARPOP_REPLY;
331 } else {
332 ret = get_u8(&value, str, 10);
333 if (ret)
334 goto err;
335 if (value && value != ARPOP_REQUEST && value != ARPOP_REPLY)
336 goto err;
337 }
338
339 if (slash) {
340 ret = get_u8(&mask, slash + 1, 10);
341 if (ret)
342 goto err;
343 }
344 else {
345 mask = UINT8_MAX;
346 }
347
348 addattr8(n, MAX_MSG, op_type, value);
349 addattr8(n, MAX_MSG, mask_type, mask);
350
351 err = 0;
352err:
353 if (slash)
354 *slash = '/';
355 return err;
356}
357
eb3b5696
SH		 358static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto,
359 enum flower_icmp_field field)
360{
361 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
362 return field == FLOWER_ICMP_FIELD_CODE ?
363 TCA_FLOWER_KEY_ICMPV4_CODE :
364 TCA_FLOWER_KEY_ICMPV4_TYPE;
365 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
366 return field == FLOWER_ICMP_FIELD_CODE ?
367 TCA_FLOWER_KEY_ICMPV6_CODE :
368 TCA_FLOWER_KEY_ICMPV6_TYPE;
369
370 return -1;
371}
372
373static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto,
374 enum flower_icmp_field field, struct nlmsghdr *n)
375{
376 int ret;
377 int type;
378 uint8_t value;
379
380 type = flower_icmp_attr_type(eth_type, ip_proto, field);
381 if (type < 0)
382 return -1;
383
384 ret = get_u8(&value, str, 10);
385 if (ret)
386 return -1;
387
388 addattr8(n, MAX_MSG, type, value);
389
390 return 0;
391}
392
6910d656 393static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint)
30eb304e 394{
6bd5b80c 395 if (ip_proto == IPPROTO_TCP)
6910d656
SH		 396 return endpoint == FLOWER_ENDPOINT_SRC ?
397 TCA_FLOWER_KEY_TCP_SRC :
a1fb0d48 398 TCA_FLOWER_KEY_TCP_DST;
6bd5b80c 399 else if (ip_proto == IPPROTO_UDP)
6910d656
SH		 400 return endpoint == FLOWER_ENDPOINT_SRC ?
401 TCA_FLOWER_KEY_UDP_SRC :
a1fb0d48 402 TCA_FLOWER_KEY_UDP_DST;
6bd5b80c 403 else if (ip_proto == IPPROTO_SCTP)
6910d656
SH		 404 return endpoint == FLOWER_ENDPOINT_SRC ?
405 TCA_FLOWER_KEY_SCTP_SRC :
a1fb0d48 406 TCA_FLOWER_KEY_SCTP_DST;
6bd5b80c 407 else
30eb304e 408 return -1;
a1fb0d48
SH		 409}
410
6910d656
SH		 411static int flower_parse_port(char *str, __u8 ip_proto,
412 enum flower_endpoint endpoint,
a1fb0d48
SH		 413 struct nlmsghdr *n)
414{
415 int ret;
416 int type;
417 __be16 port;
418
6910d656 419 type = flower_port_attr_type(ip_proto, endpoint);
a1fb0d48
SH		 420 if (type < 0)
421 return -1;
30eb304e 422
9f7401fa 423 ret = get_be16(&port, str, 10);
30eb304e
JP		 424 if (ret)
425 return -1;
426
9f7401fa 427 addattr16(n, MAX_MSG, type, port);
30eb304e
JP		 428
429 return 0;
430}
431
bb9b63b1
AV		 432static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
433{
434 int ret;
435 __be32 key_id;
436
437 ret = get_be32(&key_id, str, 10);
438 if (!ret)
439 addattr32(n, MAX_MSG, type, key_id);
440
441 return ret;
442}
443
41aa17ff
HHZ		 444static int flower_parse_enc_port(char *str, int type, struct nlmsghdr *n)
445{
446 int ret;
447 __be16 port;
448
449 ret = get_be16(&port, str, 10);
450 if (ret)
451 return -1;
452
453 addattr16(n, MAX_MSG, type, port);
454
455 return 0;
456}
457
30eb304e
JP		 458static int flower_parse_opt(struct filter_util *qu, char *handle,
459 int argc, char **argv, struct nlmsghdr *n)
460{
461 int ret;
462 struct tcmsg *t = NLMSG_DATA(n);
463 struct rtattr *tail;
488b41d0 464 __be16 eth_type = TC_H_MIN(t->tcm_info);
745d9172 465 __be16 vlan_ethtype = 0;
30eb304e 466 __u8 ip_proto = 0xff;
cfcabf18 467 __u32 flags = 0;
08f66c80
PB		 468 __u32 mtf = 0;
469 __u32 mtf_mask = 0;
30eb304e 470
30eb304e
JP		 471 if (handle) {
472 ret = get_u32(&t->tcm_handle, handle, 0);
473 if (ret) {
474 fprintf(stderr, "Illegal \"handle\"\n");
475 return -1;
476 }
477 }
478
479 tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len));
480 addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
481
488b41d0
JHS		 482 if (argc == 0) {
483 /*at minimal we will match all ethertype packets */
484 goto parse_done;
485 }
486
30eb304e
JP		 487 while (argc > 0) {
488 if (matches(*argv, "classid") == 0 ||
489 matches(*argv, "flowid") == 0) {
32a121cb 490 unsigned int handle;
30eb304e
JP		 491
492 NEXT_ARG();
493 ret = get_tc_classid(&handle, *argv);
494 if (ret) {
495 fprintf(stderr, "Illegal \"classid\"\n");
496 return -1;
497 }
498 addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4);
08f66c80 499 } else if (matches(*argv, "ip_flags") == 0) {
22a8f019
PB		 500 NEXT_ARG();
501 ret = flower_parse_matching_flags(*argv,
08f66c80
PB		 502 FLOWER_IP_FLAGS,
503 &mtf,
504 &mtf_mask);
22a8f019 505 if (ret < 0) {
08f66c80 506 fprintf(stderr, "Illegal \"ip_flags\"\n");
22a8f019
PB		 507 return -1;
508 }
cfcabf18
AV		 509 } else if (matches(*argv, "skip_hw") == 0) {
510 flags |= TCA_CLS_FLAGS_SKIP_HW;
511 } else if (matches(*argv, "skip_sw") == 0) {
512 flags |= TCA_CLS_FLAGS_SKIP_SW;
30eb304e 513 } else if (matches(*argv, "indev") == 0) {
d17b136f 514 char ifname[IFNAMSIZ] = {};
30eb304e
JP		 515
516 NEXT_ARG();
30eb304e
JP		 517 strncpy(ifname, *argv, sizeof(ifname) - 1);
518 addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, ifname);
745d9172
HHZ		 519 } else if (matches(*argv, "vlan_id") == 0) {
520 __u16 vid;
521
522 NEXT_ARG();
523 if (eth_type != htons(ETH_P_8021Q)) {
512caeb2
SH		 524 fprintf(stderr,
525 "Can't set \"vlan_id\" if ethertype isn't 802.1Q\n");
745d9172
HHZ		 526 return -1;
527 }
528 ret = get_u16(&vid, *argv, 10);
529 if (ret < 0 || vid & ~0xfff) {
530 fprintf(stderr, "Illegal \"vlan_id\"\n");
531 return -1;
532 }
533 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_ID, vid);
534 } else if (matches(*argv, "vlan_prio") == 0) {
535 __u8 vlan_prio;
536
537 NEXT_ARG();
538 if (eth_type != htons(ETH_P_8021Q)) {
512caeb2
SH		 539 fprintf(stderr,
540 "Can't set \"vlan_prio\" if ethertype isn't 802.1Q\n");
745d9172
HHZ		 541 return -1;
542 }
543 ret = get_u8(&vlan_prio, *argv, 10);
544 if (ret < 0 || vlan_prio & ~0x7) {
545 fprintf(stderr, "Illegal \"vlan_prio\"\n");
546 return -1;
547 }
512caeb2
SH		 548 addattr8(n, MAX_MSG,
549 TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio);
745d9172
HHZ		 550 } else if (matches(*argv, "vlan_ethtype") == 0) {
551 NEXT_ARG();
552 ret = flower_parse_vlan_eth_type(*argv, eth_type,
512caeb2
SH		 553 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
554 &vlan_ethtype, n);
745d9172
HHZ		 555 if (ret < 0)
556 return -1;
30eb304e
JP		 557 } else if (matches(*argv, "dst_mac") == 0) {
558 NEXT_ARG();
559 ret = flower_parse_eth_addr(*argv,
560 TCA_FLOWER_KEY_ETH_DST,
561 TCA_FLOWER_KEY_ETH_DST_MASK,
562 n);
563 if (ret < 0) {
564 fprintf(stderr, "Illegal \"dst_mac\"\n");
565 return -1;
566 }
567 } else if (matches(*argv, "src_mac") == 0) {
568 NEXT_ARG();
569 ret = flower_parse_eth_addr(*argv,
570 TCA_FLOWER_KEY_ETH_SRC,
571 TCA_FLOWER_KEY_ETH_SRC_MASK,
572 n);
573 if (ret < 0) {
574 fprintf(stderr, "Illegal \"src_mac\"\n");
575 return -1;
576 }
30eb304e
JP		 577 } else if (matches(*argv, "ip_proto") == 0) {
578 NEXT_ARG();
745d9172
HHZ		 579 ret = flower_parse_ip_proto(*argv, vlan_ethtype ?
580 vlan_ethtype : eth_type,
30eb304e
JP		 581 TCA_FLOWER_KEY_IP_PROTO,
582 &ip_proto, n);
583 if (ret < 0) {
584 fprintf(stderr, "Illegal \"ip_proto\"\n");
585 return -1;
586 }
587 } else if (matches(*argv, "dst_ip") == 0) {
588 NEXT_ARG();
745d9172
HHZ		 589 ret = flower_parse_ip_addr(*argv, vlan_ethtype ?
590 vlan_ethtype : eth_type,
30eb304e
JP		 591 TCA_FLOWER_KEY_IPV4_DST,
592 TCA_FLOWER_KEY_IPV4_DST_MASK,
593 TCA_FLOWER_KEY_IPV6_DST,
594 TCA_FLOWER_KEY_IPV6_DST_MASK,
595 n);
596 if (ret < 0) {
597 fprintf(stderr, "Illegal \"dst_ip\"\n");
598 return -1;
599 }
600 } else if (matches(*argv, "src_ip") == 0) {
601 NEXT_ARG();
745d9172
HHZ		 602 ret = flower_parse_ip_addr(*argv, vlan_ethtype ?
603 vlan_ethtype : eth_type,
30eb304e
JP		 604 TCA_FLOWER_KEY_IPV4_SRC,
605 TCA_FLOWER_KEY_IPV4_SRC_MASK,
606 TCA_FLOWER_KEY_IPV6_SRC,
607 TCA_FLOWER_KEY_IPV6_SRC_MASK,
608 n);
609 if (ret < 0) {
610 fprintf(stderr, "Illegal \"src_ip\"\n");
611 return -1;
612 }
613 } else if (matches(*argv, "dst_port") == 0) {
614 NEXT_ARG();
6910d656
SH		 615 ret = flower_parse_port(*argv, ip_proto,
616 FLOWER_ENDPOINT_DST, n);
30eb304e
JP		 617 if (ret < 0) {
618 fprintf(stderr, "Illegal \"dst_port\"\n");
619 return -1;
620 }
621 } else if (matches(*argv, "src_port") == 0) {
622 NEXT_ARG();
6910d656
SH		 623 ret = flower_parse_port(*argv, ip_proto,
624 FLOWER_ENDPOINT_SRC, n);
30eb304e
JP		 625 if (ret < 0) {
626 fprintf(stderr, "Illegal \"src_port\"\n");
627 return -1;
628 }
eb3b5696
SH		 629 } else if (matches(*argv, "type") == 0) {
630 NEXT_ARG();
631 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
632 FLOWER_ICMP_FIELD_TYPE, n);
633 if (ret < 0) {
634 fprintf(stderr, "Illegal \"icmp type\"\n");
635 return -1;
636 }
637 } else if (matches(*argv, "code") == 0) {
638 NEXT_ARG();
639 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
640 FLOWER_ICMP_FIELD_CODE, n);
641 if (ret < 0) {
642 fprintf(stderr, "Illegal \"icmp code\"\n");
643 return -1;
644 }
f888f4e2
SH		 645 } else if (matches(*argv, "arp_tip") == 0) {
646 NEXT_ARG();
647 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
648 vlan_ethtype : eth_type,
649 TCA_FLOWER_KEY_ARP_TIP,
650 TCA_FLOWER_KEY_ARP_TIP_MASK,
651 n);
652 if (ret < 0) {
653 fprintf(stderr, "Illegal \"arp_tip\"\n");
654 return -1;
655 }
656 } else if (matches(*argv, "arp_sip") == 0) {
657 NEXT_ARG();
658 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
659 vlan_ethtype : eth_type,
660 TCA_FLOWER_KEY_ARP_SIP,
661 TCA_FLOWER_KEY_ARP_SIP_MASK,
662 n);
663 if (ret < 0) {
664 fprintf(stderr, "Illegal \"arp_sip\"\n");
665 return -1;
666 }
667 } else if (matches(*argv, "arp_op") == 0) {
668 NEXT_ARG();
669 ret = flower_parse_arp_op(*argv, vlan_ethtype ?
670 vlan_ethtype : eth_type,
671 TCA_FLOWER_KEY_ARP_OP,
672 TCA_FLOWER_KEY_ARP_OP_MASK,
673 n);
674 if (ret < 0) {
675 fprintf(stderr, "Illegal \"arp_op\"\n");
676 return -1;
677 }
678 } else if (matches(*argv, "arp_tha") == 0) {
679 NEXT_ARG();
680 ret = flower_parse_eth_addr(*argv,
681 TCA_FLOWER_KEY_ARP_THA,
682 TCA_FLOWER_KEY_ARP_THA_MASK,
683 n);
684 if (ret < 0) {
685 fprintf(stderr, "Illegal \"arp_tha\"\n");
686 return -1;
687 }
688 } else if (matches(*argv, "arp_sha") == 0) {
689 NEXT_ARG();
690 ret = flower_parse_eth_addr(*argv,
691 TCA_FLOWER_KEY_ARP_SHA,
692 TCA_FLOWER_KEY_ARP_SHA_MASK,
693 n);
694 if (ret < 0) {
695 fprintf(stderr, "Illegal \"arp_sha\"\n");
696 return -1;
697 }
bb9b63b1
AV		 698 } else if (matches(*argv, "enc_dst_ip") == 0) {
699 NEXT_ARG();
700 ret = flower_parse_ip_addr(*argv, 0,
701 TCA_FLOWER_KEY_ENC_IPV4_DST,
702 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
703 TCA_FLOWER_KEY_ENC_IPV6_DST,
704 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
705 n);
706 if (ret < 0) {
707 fprintf(stderr, "Illegal \"enc_dst_ip\"\n");
708 return -1;
709 }
710 } else if (matches(*argv, "enc_src_ip") == 0) {
711 NEXT_ARG();
712 ret = flower_parse_ip_addr(*argv, 0,
713 TCA_FLOWER_KEY_ENC_IPV4_SRC,
714 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
715 TCA_FLOWER_KEY_ENC_IPV6_SRC,
716 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
717 n);
718 if (ret < 0) {
719 fprintf(stderr, "Illegal \"enc_src_ip\"\n");
720 return -1;
721 }
722 } else if (matches(*argv, "enc_key_id") == 0) {
723 NEXT_ARG();
724 ret = flower_parse_key_id(*argv,
725 TCA_FLOWER_KEY_ENC_KEY_ID, n);
726 if (ret < 0) {
727 fprintf(stderr, "Illegal \"enc_key_id\"\n");
728 return -1;
729 }
41aa17ff
HHZ		 730 } else if (matches(*argv, "enc_dst_port") == 0) {
731 NEXT_ARG();
732 ret = flower_parse_enc_port(*argv,
733 TCA_FLOWER_KEY_ENC_UDP_DST_PORT, n);
734 if (ret < 0) {
735 fprintf(stderr, "Illegal \"enc_dst_port\"\n");
736 return -1;
737 }
30eb304e
JP		 738 } else if (matches(*argv, "action") == 0) {
739 NEXT_ARG();
740 ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
741 if (ret) {
742 fprintf(stderr, "Illegal \"action\"\n");
743 return -1;
744 }
745 continue;
746 } else if (strcmp(*argv, "help") == 0) {
747 explain();
748 return -1;
749 } else {
750 fprintf(stderr, "What is \"%s\"?\n", *argv);
751 explain();
752 return -1;
753 }
754 argc--; argv++;
755 }
756
488b41d0 757parse_done:
c85609b2
RD		 758 ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags);
759 if (ret)
760 return ret;
cfcabf18 761
08f66c80
PB		 762 if (mtf_mask) {
763 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS, htonl(mtf));
764 if (ret)
765 return ret;
766
767 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS_MASK, htonl(mtf_mask));
768 if (ret)
769 return ret;
770 }
771
4f7d406f
BL		 772 if (eth_type != htons(ETH_P_ALL)) {
773 ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type);
774 if (ret)
775 return ret;
776 }
488b41d0 777
32a121cb 778 tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
30eb304e
JP		 779
780 return 0;
781}
782
783static int __mask_bits(char *addr, size_t len)
784{
785 int bits = 0;
786 bool hole = false;
787 int i;
788 int j;
789
790 for (i = 0; i < len; i++, addr++) {
791 for (j = 7; j >= 0; j--) {
792 if (((*addr) >> j) & 0x1) {
793 if (hole)
794 return -1;
795 bits++;
796 } else if (bits) {
797 hole = true;
798 } else{
799 return -1;
800 }
801 }
802 }
803 return bits;
804}
805
806static void flower_print_eth_addr(FILE *f, char *name,
807 struct rtattr *addr_attr,
808 struct rtattr *mask_attr)
809{
810 SPRINT_BUF(b1);
811 int bits;
812
813 if (!addr_attr || RTA_PAYLOAD(addr_attr) != ETH_ALEN)
814 return;
815 fprintf(f, "\n %s %s", name, ll_addr_n2a(RTA_DATA(addr_attr), ETH_ALEN,
816 0, b1, sizeof(b1)));
817 if (!mask_attr || RTA_PAYLOAD(mask_attr) != ETH_ALEN)
818 return;
819 bits = __mask_bits(RTA_DATA(mask_attr), ETH_ALEN);
820 if (bits < 0)
821 fprintf(f, "/%s", ll_addr_n2a(RTA_DATA(mask_attr), ETH_ALEN,
822 0, b1, sizeof(b1)));
823 else if (bits < ETH_ALEN * 8)
824 fprintf(f, "/%d", bits);
825}
826
827static void flower_print_eth_type(FILE *f, __be16 *p_eth_type,
828 struct rtattr *eth_type_attr)
829{
830 __be16 eth_type;
831
832 if (!eth_type_attr)
833 return;
834
835 eth_type = rta_getattr_u16(eth_type_attr);
836 fprintf(f, "\n eth_type ");
837 if (eth_type == htons(ETH_P_IP))
838 fprintf(f, "ipv4");
839 else if (eth_type == htons(ETH_P_IPV6))
840 fprintf(f, "ipv6");
f888f4e2
SH		 841 else if (eth_type == htons(ETH_P_ARP))
842 fprintf(f, "arp");
843 else if (eth_type == htons(ETH_P_RARP))
844 fprintf(f, "rarp");
30eb304e
JP		 845 else
846 fprintf(f, "%04x", ntohs(eth_type));
847 *p_eth_type = eth_type;
848}
849
850static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto,
851 struct rtattr *ip_proto_attr)
852{
853 __u8 ip_proto;
854
855 if (!ip_proto_attr)
856 return;
857
858 ip_proto = rta_getattr_u8(ip_proto_attr);
859 fprintf(f, "\n ip_proto ");
860 if (ip_proto == IPPROTO_TCP)
861 fprintf(f, "tcp");
862 else if (ip_proto == IPPROTO_UDP)
863 fprintf(f, "udp");
a1fb0d48
SH		 864 else if (ip_proto == IPPROTO_SCTP)
865 fprintf(f, "sctp");
eb3b5696
SH		 866 else if (ip_proto == IPPROTO_ICMP)
867 fprintf(f, "icmp");
868 else if (ip_proto == IPPROTO_ICMPV6)
869 fprintf(f, "icmpv6");
30eb304e
JP		 870 else
871 fprintf(f, "%02x", ip_proto);
872 *p_ip_proto = ip_proto;
873}
874
22a8f019 875static void flower_print_matching_flags(FILE *f, char *name,
08f66c80 876 enum flower_matching_flags type,
22a8f019
PB		 877 struct rtattr *attr,
878 struct rtattr *mask_attr)
879{
08f66c80
PB		 880 int i;
881 int count = 0;
882 __u32 mtf;
883 __u32 mtf_mask;
884
22a8f019
PB		 885 if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4)
886 return;
887
08f66c80
PB		 888 mtf = ntohl(rta_getattr_u32(attr));
889 mtf_mask = ntohl(rta_getattr_u32(mask_attr));
890
891 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
892 if (type != flags_str[i].type)
893 continue;
894 if (mtf_mask & flags_str[i].flag) {
895 if (++count == 1)
896 fprintf(f, "\n %s ", name);
897 else
898 fprintf(f, "/");
899
900 if (mtf & flags_str[i].flag)
901 fprintf(f, "%s", flags_str[i].string);
902 else
903 fprintf(f, "no%s", flags_str[i].string);
904 }
905 }
22a8f019
PB		 906}
907
30eb304e
JP		 908static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type,
909 struct rtattr *addr4_attr,
910 struct rtattr *mask4_attr,
911 struct rtattr *addr6_attr,
912 struct rtattr *mask6_attr)
913{
30eb304e
JP		 914 struct rtattr *addr_attr;
915 struct rtattr *mask_attr;
916 int family;
917 size_t len;
918 int bits;
919
920 if (eth_type == htons(ETH_P_IP)) {
921 family = AF_INET;
922 addr_attr = addr4_attr;
923 mask_attr = mask4_attr;
924 len = 4;
925 } else if (eth_type == htons(ETH_P_IPV6)) {
926 family = AF_INET6;
927 addr_attr = addr6_attr;
928 mask_attr = mask6_attr;
929 len = 16;
930 } else {
931 return;
932 }
933 if (!addr_attr || RTA_PAYLOAD(addr_attr) != len)
934 return;
7faf1588 935 fprintf(f, "\n %s %s", name, rt_addr_n2a_rta(family, addr_attr));
30eb304e
JP		 936 if (!mask_attr || RTA_PAYLOAD(mask_attr) != len)
937 return;
938 bits = __mask_bits(RTA_DATA(mask_attr), len);
939 if (bits < 0)
7faf1588 940 fprintf(f, "/%s", rt_addr_n2a_rta(family, mask_attr));
30eb304e
JP		 941 else if (bits < len * 8)
942 fprintf(f, "/%d", bits);
943}
f888f4e2
SH		 944static void flower_print_ip4_addr(FILE *f, char *name,
945 struct rtattr *addr_attr,
946 struct rtattr *mask_attr)
947{
948 return flower_print_ip_addr(f, name, htons(ETH_P_IP),
949 addr_attr, mask_attr, 0, 0);
950}
30eb304e 951
a1fb0d48 952static void flower_print_port(FILE *f, char *name, struct rtattr *attr)
30eb304e 953{
6bd5b80c
SH		 954 if (attr)
955 fprintf(f, "\n %s %d", name, rta_getattr_be16(attr));
30eb304e
JP		 956}
957
bb9b63b1
AV		 958static void flower_print_key_id(FILE *f, const char *name,
959 struct rtattr *attr)
960{
961 if (attr)
962 fprintf(f, "\n %s %d", name, rta_getattr_be32(attr));
963}
964
eb3b5696
SH		 965static void flower_print_icmp(FILE *f, char *name, struct rtattr *attr)
966{
967 if (attr)
968 fprintf(f, "\n %s %d", name, rta_getattr_u8(attr));
969}
970
f888f4e2
SH		 971static void flower_print_arp_op(FILE *f, char *name,
972 struct rtattr *op_attr,
973 struct rtattr *mask_attr)
974{
975 uint8_t op, mask;
976
977 if (!op_attr)
978 return;
979
980 op = rta_getattr_u8(op_attr);
981 mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX;
982
983 fprintf(f, "\n %s ", name);
984
985 if (mask == UINT8_MAX && op == ARPOP_REQUEST)
986 fprintf(f, "request");
987 else if (mask == UINT8_MAX && op == ARPOP_REPLY)
988 fprintf(f, "reply");
989 else
990 fprintf(f, "%d", op);
991
992 if (mask != UINT8_MAX)
993 fprintf(f, "/%d", mask);
994}
995
30eb304e
JP		 996static int flower_print_opt(struct filter_util *qu, FILE *f,
997 struct rtattr *opt, __u32 handle)
998{
999 struct rtattr *tb[TCA_FLOWER_MAX + 1];
1000 __be16 eth_type = 0;
1001 __u8 ip_proto = 0xff;
6bd5b80c 1002 int nl_type;
30eb304e
JP		 1003
1004 if (!opt)
1005 return 0;
1006
1007 parse_rtattr_nested(tb, TCA_FLOWER_MAX, opt);
1008
1009 if (handle)
1010 fprintf(f, "handle 0x%x ", handle);
1011
1012 if (tb[TCA_FLOWER_CLASSID]) {
1013 SPRINT_BUF(b1);
1014 fprintf(f, "classid %s ",
488b41d0
JHS		 1015 sprint_tc_classid(rta_getattr_u32(tb[TCA_FLOWER_CLASSID]),
1016 b1));
30eb304e
JP		 1017 }
1018
1019 if (tb[TCA_FLOWER_INDEV]) {
1020 struct rtattr *attr = tb[TCA_FLOWER_INDEV];
1021
1022 fprintf(f, "\n indev %s", rta_getattr_str(attr));
1023 }
1024
745d9172
HHZ		 1025 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
1026 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ID];
1027
1028 fprintf(f, "\n vlan_id %d", rta_getattr_u16(attr));
1029 }
1030
1031 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
1032 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_PRIO];
1033
1034 fprintf(f, "\n vlan_prio %d", rta_getattr_u8(attr));
1035 }
1036
30eb304e
JP		 1037 flower_print_eth_addr(f, "dst_mac", tb[TCA_FLOWER_KEY_ETH_DST],
1038 tb[TCA_FLOWER_KEY_ETH_DST_MASK]);
1039 flower_print_eth_addr(f, "src_mac", tb[TCA_FLOWER_KEY_ETH_SRC],
1040 tb[TCA_FLOWER_KEY_ETH_SRC_MASK]);
1041
1042 flower_print_eth_type(f, &eth_type, tb[TCA_FLOWER_KEY_ETH_TYPE]);
1043 flower_print_ip_proto(f, &ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]);
1044
1045 flower_print_ip_addr(f, "dst_ip", eth_type,
1046 tb[TCA_FLOWER_KEY_IPV4_DST],
1047 tb[TCA_FLOWER_KEY_IPV4_DST_MASK],
1048 tb[TCA_FLOWER_KEY_IPV6_DST],
1049 tb[TCA_FLOWER_KEY_IPV6_DST_MASK]);
1050
1051 flower_print_ip_addr(f, "src_ip", eth_type,
1052 tb[TCA_FLOWER_KEY_IPV4_SRC],
1053 tb[TCA_FLOWER_KEY_IPV4_SRC_MASK],
1054 tb[TCA_FLOWER_KEY_IPV6_SRC],
1055 tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]);
1056
b2141de1 1057 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST);
6bd5b80c
SH		 1058 if (nl_type >= 0)
1059 flower_print_port(f, "dst_port", tb[nl_type]);
b2141de1 1060 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC);
6bd5b80c
SH		 1061 if (nl_type >= 0)
1062 flower_print_port(f, "src_port", tb[nl_type]);
30eb304e 1063
eb3b5696
SH		 1064 nl_type = flower_icmp_attr_type(eth_type, ip_proto, false);
1065 if (nl_type >= 0)
1066 flower_print_icmp(f, "icmp_type", tb[nl_type]);
1067 nl_type = flower_icmp_attr_type(eth_type, ip_proto, true);
1068 if (nl_type >= 0)
1069 flower_print_icmp(f, "icmp_code", tb[nl_type]);
1070
f888f4e2
SH		 1071 flower_print_ip4_addr(f, "arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP],
1072 tb[TCA_FLOWER_KEY_ARP_SIP_MASK]);
1073 flower_print_ip4_addr(f, "arp_tip", tb[TCA_FLOWER_KEY_ARP_TIP],
1074 tb[TCA_FLOWER_KEY_ARP_TIP_MASK]);
1075 flower_print_arp_op(f, "arp_op", tb[TCA_FLOWER_KEY_ARP_OP],
1076 tb[TCA_FLOWER_KEY_ARP_OP_MASK]);
1077 flower_print_eth_addr(f, "arp_sha", tb[TCA_FLOWER_KEY_ARP_SHA],
1078 tb[TCA_FLOWER_KEY_ARP_SHA_MASK]);
1079 flower_print_eth_addr(f, "arp_tha", tb[TCA_FLOWER_KEY_ARP_THA],
1080 tb[TCA_FLOWER_KEY_ARP_THA_MASK]);
1081
bb9b63b1
AV		 1082 flower_print_ip_addr(f, "enc_dst_ip",
1083 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ?
1084 htons(ETH_P_IP) : htons(ETH_P_IPV6),
1085 tb[TCA_FLOWER_KEY_ENC_IPV4_DST],
1086 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK],
1087 tb[TCA_FLOWER_KEY_ENC_IPV6_DST],
1088 tb[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]);
1089
1090 flower_print_ip_addr(f, "enc_src_ip",
1091 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] ?
1092 htons(ETH_P_IP) : htons(ETH_P_IPV6),
1093 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC],
1094 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK],
1095 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC],
1096 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]);
1097
1098 flower_print_key_id(f, "enc_key_id",
1099 tb[TCA_FLOWER_KEY_ENC_KEY_ID]);
1100
41aa17ff
HHZ		 1101 flower_print_port(f, "enc_dst_port",
1102 tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
1103
08f66c80
PB		 1104 flower_print_matching_flags(f, "ip_flags",
1105 FLOWER_IP_FLAGS,
22a8f019
PB		 1106 tb[TCA_FLOWER_KEY_FLAGS],
1107 tb[TCA_FLOWER_KEY_FLAGS_MASK]);
1108
512caeb2 1109 if (tb[TCA_FLOWER_FLAGS]) {
cfcabf18
AV		 1110 __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]);
1111
1112 if (flags & TCA_CLS_FLAGS_SKIP_HW)
1113 fprintf(f, "\n skip_hw");
1114 if (flags & TCA_CLS_FLAGS_SKIP_SW)
1115 fprintf(f, "\n skip_sw");
1116 }
1117
512caeb2 1118 if (tb[TCA_FLOWER_ACT])
30eb304e 1119 tc_print_action(f, tb[TCA_FLOWER_ACT]);
30eb304e
JP		 1120
1121 return 0;
1122}
1123
1124struct filter_util flower_filter_util = {
1125 .id = "flower",
1126 .parse_fopt = flower_parse_opt,
1127 .print_fopt = flower_print_opt,
1128};
Upstream mirror of iproute2