]> git.proxmox.com Git - mirror_iproute2.git/blob - tc/f_flower.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of git://git.kernel.org/pub/scm/network/iproute2/iproute2-next
[mirror_iproute2.git] / tc / f_flower.c
1 /*
2 * f_flower.c Flower Classifier
3 *
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Jiri Pirko <jiri@resnulli.us>
10 */
11
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15 #include <string.h>
16 #include <net/if.h>
17 #include <linux/limits.h>
18 #include <linux/if_arp.h>
19 #include <linux/if_ether.h>
20 #include <linux/ip.h>
21 #include <linux/tc_act/tc_vlan.h>
22 #include <linux/mpls.h>
23
24 #include "utils.h"
25 #include "tc_util.h"
26 #include "rt_names.h"
27
28 enum flower_matching_flags {
29 FLOWER_IP_FLAGS,
30 };
31
32 enum flower_endpoint {
33 FLOWER_ENDPOINT_SRC,
34 FLOWER_ENDPOINT_DST
35 };
36
37 enum flower_icmp_field {
38 FLOWER_ICMP_FIELD_TYPE,
39 FLOWER_ICMP_FIELD_CODE
40 };
41
42 static void explain(void)
43 {
44 fprintf(stderr,
45 "Usage: ... flower [ MATCH-LIST ] [ verbose ]\n"
46 " [ skip_sw | skip_hw ]\n"
47 " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
48 "\n"
49 "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
50 " MATCH := { indev DEV-NAME |\n"
51 " vlan_id VID |\n"
52 " vlan_prio PRIORITY |\n"
53 " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
54 " cvlan_id VID |\n"
55 " cvlan_prio PRIORITY |\n"
56 " cvlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
57 " dst_mac MASKED-LLADDR |\n"
58 " src_mac MASKED-LLADDR |\n"
59 " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
60 " ip_tos MASKED-IP_TOS |\n"
61 " ip_ttl MASKED-IP_TTL |\n"
62 " mpls_label LABEL |\n"
63 " mpls_tc TC |\n"
64 " mpls_bos BOS |\n"
65 " mpls_ttl TTL |\n"
66 " dst_ip PREFIX |\n"
67 " src_ip PREFIX |\n"
68 " dst_port PORT-NUMBER |\n"
69 " src_port PORT-NUMBER |\n"
70 " tcp_flags MASKED-TCP_FLAGS |\n"
71 " type MASKED-ICMP-TYPE |\n"
72 " code MASKED-ICMP-CODE |\n"
73 " arp_tip IPV4-PREFIX |\n"
74 " arp_sip IPV4-PREFIX |\n"
75 " arp_op [ request | reply | OP ] |\n"
76 " arp_tha MASKED-LLADDR |\n"
77 " arp_sha MASKED-LLADDR |\n"
78 " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
79 " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
80 " enc_key_id [ KEY-ID ] |\n"
81 " enc_tos MASKED-IP_TOS |\n"
82 " enc_ttl MASKED-IP_TTL |\n"
83 " geneve_opts MASKED-OPTIONS |\n"
84 " ip_flags IP-FLAGS | \n"
85 " enc_dst_port [ port_number ] |\n"
86 " ct_state MASKED_CT_STATE |\n"
87 " ct_label MASKED_CT_LABEL |\n"
88 " ct_mark MASKED_CT_MARK |\n"
89 " ct_zone MASKED_CT_ZONE }\n"
90 " FILTERID := X:Y:Z\n"
91 " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
92 " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new\n"
93 " ACTION-SPEC := ... look at individual actions\n"
94 "\n"
95 "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
96 "NOTE: There can be only used one mask per one prio. If user needs\n"
97 " to specify different mask, he has to use different prio.\n");
98 }
99
100 static int flower_parse_eth_addr(char *str, int addr_type, int mask_type,
101 struct nlmsghdr *n)
102 {
103 int ret, err = -1;
104 char addr[ETH_ALEN], *slash;
105
106 slash = strchr(str, '/');
107 if (slash)
108 *slash = '\0';
109
110 ret = ll_addr_a2n(addr, sizeof(addr), str);
111 if (ret < 0)
112 goto err;
113 addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr));
114
115 if (slash) {
116 unsigned bits;
117
118 if (!get_unsigned(&bits, slash + 1, 10)) {
119 uint64_t mask;
120
121 /* Extra 16 bit shift to push mac address into
122 * high bits of uint64_t
123 */
124 mask = htonll(0xffffffffffffULL << (16 + 48 - bits));
125 memcpy(addr, &mask, ETH_ALEN);
126 } else {
127 ret = ll_addr_a2n(addr, sizeof(addr), slash + 1);
128 if (ret < 0)
129 goto err;
130 }
131 } else {
132 memset(addr, 0xff, ETH_ALEN);
133 }
134 addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr));
135
136 err = 0;
137 err:
138 if (slash)
139 *slash = '/';
140 return err;
141 }
142
143 static bool eth_type_vlan(__be16 ethertype)
144 {
145 return ethertype == htons(ETH_P_8021Q) ||
146 ethertype == htons(ETH_P_8021AD);
147 }
148
149 static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type,
150 __be16 *p_vlan_eth_type,
151 struct nlmsghdr *n)
152 {
153 __be16 vlan_eth_type;
154
155 if (!eth_type_vlan(eth_type)) {
156 fprintf(stderr, "Can't set \"%s\" if ethertype isn't 802.1Q or 802.1AD\n",
157 type == TCA_FLOWER_KEY_VLAN_ETH_TYPE ? "vlan_ethtype" : "cvlan_ethtype");
158 return -1;
159 }
160
161 if (ll_proto_a2n(&vlan_eth_type, str))
162 invarg("invalid vlan_ethtype", str);
163 addattr16(n, MAX_MSG, type, vlan_eth_type);
164 *p_vlan_eth_type = vlan_eth_type;
165 return 0;
166 }
167
168 struct flag_to_string {
169 int flag;
170 enum flower_matching_flags type;
171 char *string;
172 };
173
174 static struct flag_to_string flags_str[] = {
175 { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
176 { TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, FLOWER_IP_FLAGS, "firstfrag" },
177 };
178
179 static int flower_parse_matching_flags(char *str,
180 enum flower_matching_flags type,
181 __u32 *mtf, __u32 *mtf_mask)
182 {
183 char *token;
184 bool no;
185 bool found;
186 int i;
187
188 token = strtok(str, "/");
189
190 while (token) {
191 if (!strncmp(token, "no", 2)) {
192 no = true;
193 token += 2;
194 } else
195 no = false;
196
197 found = false;
198 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
199 if (type != flags_str[i].type)
200 continue;
201
202 if (!strcmp(token, flags_str[i].string)) {
203 if (no)
204 *mtf &= ~flags_str[i].flag;
205 else
206 *mtf |= flags_str[i].flag;
207
208 *mtf_mask |= flags_str[i].flag;
209 found = true;
210 break;
211 }
212 }
213 if (!found)
214 return -1;
215
216 token = strtok(NULL, "/");
217 }
218
219 return 0;
220 }
221
222 static int flower_parse_u16(char *str, int value_type, int mask_type,
223 struct nlmsghdr *n, bool be)
224 {
225 __u16 value, mask;
226 char *slash;
227
228 slash = strchr(str, '/');
229 if (slash)
230 *slash = '\0';
231
232 if (get_u16(&value, str, 0))
233 return -1;
234
235 if (slash) {
236 if (get_u16(&mask, slash + 1, 0))
237 return -1;
238 } else {
239 mask = UINT16_MAX;
240 }
241
242 if (be) {
243 value = htons(value);
244 mask = htons(mask);
245 }
246 addattr16(n, MAX_MSG, value_type, value);
247 addattr16(n, MAX_MSG, mask_type, mask);
248
249 return 0;
250 }
251
252 static int flower_parse_u32(char *str, int value_type, int mask_type,
253 struct nlmsghdr *n)
254 {
255 __u32 value, mask;
256 char *slash;
257
258 slash = strchr(str, '/');
259 if (slash)
260 *slash = '\0';
261
262 if (get_u32(&value, str, 0))
263 return -1;
264
265 if (slash) {
266 if (get_u32(&mask, slash + 1, 0))
267 return -1;
268 } else {
269 mask = UINT32_MAX;
270 }
271
272 addattr32(n, MAX_MSG, value_type, value);
273 addattr32(n, MAX_MSG, mask_type, mask);
274
275 return 0;
276 }
277
278 static int flower_parse_ct_mark(char *str, struct nlmsghdr *n)
279 {
280 return flower_parse_u32(str,
281 TCA_FLOWER_KEY_CT_MARK,
282 TCA_FLOWER_KEY_CT_MARK_MASK,
283 n);
284 }
285
286 static int flower_parse_ct_zone(char *str, struct nlmsghdr *n)
287 {
288 return flower_parse_u16(str,
289 TCA_FLOWER_KEY_CT_ZONE,
290 TCA_FLOWER_KEY_CT_ZONE_MASK,
291 n,
292 false);
293 }
294
295 static int flower_parse_ct_labels(char *str, struct nlmsghdr *n)
296 {
297 #define LABELS_SIZE 16
298 uint8_t labels[LABELS_SIZE], lmask[LABELS_SIZE];
299 char *slash, *mask = NULL;
300 size_t slen, slen_mask = 0;
301
302 slash = index(str, '/');
303 if (slash) {
304 *slash = 0;
305 mask = slash + 1;
306 slen_mask = strlen(mask);
307 }
308
309 slen = strlen(str);
310 if (slen > LABELS_SIZE * 2 || slen_mask > LABELS_SIZE * 2) {
311 char errmsg[128];
312
313 snprintf(errmsg, sizeof(errmsg),
314 "%zd Max allowed size %d",
315 slen, LABELS_SIZE*2);
316 invarg(errmsg, str);
317 }
318
319 if (hex2mem(str, labels, slen / 2) < 0)
320 invarg("labels must be a hex string\n", str);
321 addattr_l(n, MAX_MSG, TCA_FLOWER_KEY_CT_LABELS, labels, slen / 2);
322
323 if (mask) {
324 if (hex2mem(mask, lmask, slen_mask / 2) < 0)
325 invarg("labels mask must be a hex string\n", mask);
326 } else {
327 memset(lmask, 0xff, sizeof(lmask));
328 slen_mask = sizeof(lmask) * 2;
329 }
330 addattr_l(n, MAX_MSG, TCA_FLOWER_KEY_CT_LABELS_MASK, lmask,
331 slen_mask / 2);
332
333 return 0;
334 }
335
336 static struct flower_ct_states {
337 char *str;
338 int flag;
339 } flower_ct_states[] = {
340 { "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
341 { "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
342 { "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
343 };
344
345 static int flower_parse_ct_state(char *str, struct nlmsghdr *n)
346 {
347 int flags = 0, mask = 0, len, i;
348 bool p;
349
350 while (*str != '\0') {
351 if (*str == '+')
352 p = true;
353 else if (*str == '-')
354 p = false;
355 else
356 return -1;
357
358 for (i = 0; i < ARRAY_SIZE(flower_ct_states); i++) {
359 len = strlen(flower_ct_states[i].str);
360 if (strncmp(str + 1, flower_ct_states[i].str, len))
361 continue;
362
363 if (p)
364 flags |= flower_ct_states[i].flag;
365 mask |= flower_ct_states[i].flag;
366 break;
367 }
368
369 if (i == ARRAY_SIZE(flower_ct_states))
370 return -1;
371
372 str += len + 1;
373 }
374
375 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CT_STATE, flags);
376 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CT_STATE_MASK, mask);
377 return 0;
378 }
379
380 static int flower_parse_ip_proto(char *str, __be16 eth_type, int type,
381 __u8 *p_ip_proto, struct nlmsghdr *n)
382 {
383 int ret;
384 __u8 ip_proto;
385
386 if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6))
387 goto err;
388
389 if (matches(str, "tcp") == 0) {
390 ip_proto = IPPROTO_TCP;
391 } else if (matches(str, "udp") == 0) {
392 ip_proto = IPPROTO_UDP;
393 } else if (matches(str, "sctp") == 0) {
394 ip_proto = IPPROTO_SCTP;
395 } else if (matches(str, "icmp") == 0) {
396 if (eth_type != htons(ETH_P_IP))
397 goto err;
398 ip_proto = IPPROTO_ICMP;
399 } else if (matches(str, "icmpv6") == 0) {
400 if (eth_type != htons(ETH_P_IPV6))
401 goto err;
402 ip_proto = IPPROTO_ICMPV6;
403 } else {
404 ret = get_u8(&ip_proto, str, 16);
405 if (ret)
406 return -1;
407 }
408 addattr8(n, MAX_MSG, type, ip_proto);
409 *p_ip_proto = ip_proto;
410 return 0;
411
412 err:
413 fprintf(stderr, "Illegal \"eth_type\" for ip proto\n");
414 return -1;
415 }
416
417 static int __flower_parse_ip_addr(char *str, int family,
418 int addr4_type, int mask4_type,
419 int addr6_type, int mask6_type,
420 struct nlmsghdr *n)
421 {
422 int ret;
423 inet_prefix addr;
424 int bits;
425 int i;
426
427 ret = get_prefix(&addr, str, family);
428 if (ret)
429 return -1;
430
431 if (family && (addr.family != family)) {
432 fprintf(stderr, "Illegal \"eth_type\" for ip address\n");
433 return -1;
434 }
435
436 addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type,
437 addr.data, addr.bytelen);
438
439 memset(addr.data, 0xff, addr.bytelen);
440 bits = addr.bitlen;
441 for (i = 0; i < addr.bytelen / 4; i++) {
442 if (!bits) {
443 addr.data[i] = 0;
444 } else if (bits / 32 >= 1) {
445 bits -= 32;
446 } else {
447 addr.data[i] <<= 32 - bits;
448 addr.data[i] = htonl(addr.data[i]);
449 bits = 0;
450 }
451 }
452
453 addattr_l(n, MAX_MSG, addr.family == AF_INET ? mask4_type : mask6_type,
454 addr.data, addr.bytelen);
455
456 return 0;
457 }
458
459 static int flower_parse_ip_addr(char *str, __be16 eth_type,
460 int addr4_type, int mask4_type,
461 int addr6_type, int mask6_type,
462 struct nlmsghdr *n)
463 {
464 int family;
465
466 if (eth_type == htons(ETH_P_IP)) {
467 family = AF_INET;
468 } else if (eth_type == htons(ETH_P_IPV6)) {
469 family = AF_INET6;
470 } else if (!eth_type) {
471 family = AF_UNSPEC;
472 } else {
473 return -1;
474 }
475
476 return __flower_parse_ip_addr(str, family, addr4_type, mask4_type,
477 addr6_type, mask6_type, n);
478 }
479
480 static bool flower_eth_type_arp(__be16 eth_type)
481 {
482 return eth_type == htons(ETH_P_ARP) || eth_type == htons(ETH_P_RARP);
483 }
484
485 static int flower_parse_arp_ip_addr(char *str, __be16 eth_type,
486 int addr_type, int mask_type,
487 struct nlmsghdr *n)
488 {
489 if (!flower_eth_type_arp(eth_type))
490 return -1;
491
492 return __flower_parse_ip_addr(str, AF_INET, addr_type, mask_type,
493 TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n);
494 }
495
496 static int flower_parse_u8(char *str, int value_type, int mask_type,
497 int (*value_from_name)(const char *str,
498 __u8 *value),
499 bool (*value_validate)(__u8 value),
500 struct nlmsghdr *n)
501 {
502 char *slash;
503 int ret, err = -1;
504 __u8 value, mask;
505
506 slash = strchr(str, '/');
507 if (slash)
508 *slash = '\0';
509
510 ret = value_from_name ? value_from_name(str, &value) : -1;
511 if (ret < 0) {
512 ret = get_u8(&value, str, 10);
513 if (ret)
514 goto err;
515 }
516
517 if (value_validate && !value_validate(value))
518 goto err;
519
520 if (slash) {
521 ret = get_u8(&mask, slash + 1, 10);
522 if (ret)
523 goto err;
524 }
525 else {
526 mask = UINT8_MAX;
527 }
528
529 addattr8(n, MAX_MSG, value_type, value);
530 addattr8(n, MAX_MSG, mask_type, mask);
531
532 err = 0;
533 err:
534 if (slash)
535 *slash = '/';
536 return err;
537 }
538
539 static const char *flower_print_arp_op_to_name(__u8 op)
540 {
541 switch (op) {
542 case ARPOP_REQUEST:
543 return "request";
544 case ARPOP_REPLY:
545 return "reply";
546 default:
547 return NULL;
548 }
549 }
550
551 static int flower_arp_op_from_name(const char *name, __u8 *op)
552 {
553 if (!strcmp(name, "request"))
554 *op = ARPOP_REQUEST;
555 else if (!strcmp(name, "reply"))
556 *op = ARPOP_REPLY;
557 else
558 return -1;
559
560 return 0;
561 }
562
563 static bool flow_arp_op_validate(__u8 op)
564 {
565 return !op || op == ARPOP_REQUEST || op == ARPOP_REPLY;
566 }
567
568 static int flower_parse_arp_op(char *str, __be16 eth_type,
569 int op_type, int mask_type,
570 struct nlmsghdr *n)
571 {
572 if (!flower_eth_type_arp(eth_type))
573 return -1;
574
575 return flower_parse_u8(str, op_type, mask_type, flower_arp_op_from_name,
576 flow_arp_op_validate, n);
577 }
578
579 static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto,
580 enum flower_icmp_field field)
581 {
582 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
583 return field == FLOWER_ICMP_FIELD_CODE ?
584 TCA_FLOWER_KEY_ICMPV4_CODE :
585 TCA_FLOWER_KEY_ICMPV4_TYPE;
586 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
587 return field == FLOWER_ICMP_FIELD_CODE ?
588 TCA_FLOWER_KEY_ICMPV6_CODE :
589 TCA_FLOWER_KEY_ICMPV6_TYPE;
590
591 return -1;
592 }
593
594 static int flower_icmp_attr_mask_type(__be16 eth_type, __u8 ip_proto,
595 enum flower_icmp_field field)
596 {
597 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
598 return field == FLOWER_ICMP_FIELD_CODE ?
599 TCA_FLOWER_KEY_ICMPV4_CODE_MASK :
600 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK;
601 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
602 return field == FLOWER_ICMP_FIELD_CODE ?
603 TCA_FLOWER_KEY_ICMPV6_CODE_MASK :
604 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK;
605
606 return -1;
607 }
608
609 static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto,
610 enum flower_icmp_field field, struct nlmsghdr *n)
611 {
612 int value_type, mask_type;
613
614 value_type = flower_icmp_attr_type(eth_type, ip_proto, field);
615 mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, field);
616 if (value_type < 0 || mask_type < 0)
617 return -1;
618
619 return flower_parse_u8(str, value_type, mask_type, NULL, NULL, n);
620 }
621
622 static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint)
623 {
624 if (ip_proto == IPPROTO_TCP)
625 return endpoint == FLOWER_ENDPOINT_SRC ?
626 TCA_FLOWER_KEY_TCP_SRC :
627 TCA_FLOWER_KEY_TCP_DST;
628 else if (ip_proto == IPPROTO_UDP)
629 return endpoint == FLOWER_ENDPOINT_SRC ?
630 TCA_FLOWER_KEY_UDP_SRC :
631 TCA_FLOWER_KEY_UDP_DST;
632 else if (ip_proto == IPPROTO_SCTP)
633 return endpoint == FLOWER_ENDPOINT_SRC ?
634 TCA_FLOWER_KEY_SCTP_SRC :
635 TCA_FLOWER_KEY_SCTP_DST;
636 else
637 return -1;
638 }
639
640 static int flower_port_attr_mask_type(__u8 ip_proto,
641 enum flower_endpoint endpoint)
642 {
643 switch (ip_proto) {
644 case IPPROTO_TCP:
645 return endpoint == FLOWER_ENDPOINT_SRC ?
646 TCA_FLOWER_KEY_TCP_SRC_MASK :
647 TCA_FLOWER_KEY_TCP_DST_MASK;
648 case IPPROTO_UDP:
649 return endpoint == FLOWER_ENDPOINT_SRC ?
650 TCA_FLOWER_KEY_UDP_SRC_MASK :
651 TCA_FLOWER_KEY_UDP_DST_MASK;
652 case IPPROTO_SCTP:
653 return endpoint == FLOWER_ENDPOINT_SRC ?
654 TCA_FLOWER_KEY_SCTP_SRC_MASK :
655 TCA_FLOWER_KEY_SCTP_DST_MASK;
656 default:
657 return -1;
658 }
659 }
660
661 static int flower_port_range_attr_type(__u8 ip_proto, enum flower_endpoint type,
662 __be16 *min_port_type,
663 __be16 *max_port_type)
664 {
665 if (ip_proto == IPPROTO_TCP || ip_proto == IPPROTO_UDP ||
666 ip_proto == IPPROTO_SCTP) {
667 if (type == FLOWER_ENDPOINT_SRC) {
668 *min_port_type = TCA_FLOWER_KEY_PORT_SRC_MIN;
669 *max_port_type = TCA_FLOWER_KEY_PORT_SRC_MAX;
670 } else {
671 *min_port_type = TCA_FLOWER_KEY_PORT_DST_MIN;
672 *max_port_type = TCA_FLOWER_KEY_PORT_DST_MAX;
673 }
674 } else {
675 return -1;
676 }
677 return 0;
678 }
679
680 /* parse range args in format 10-20 */
681 static int parse_range(char *str, __be16 *min, __be16 *max)
682 {
683 char *sep;
684
685 sep = strchr(str, '-');
686 if (sep) {
687 *sep = '\0';
688
689 if (get_be16(min, str, 10))
690 return -1;
691
692 if (get_be16(max, sep + 1, 10))
693 return -1;
694 } else {
695 if (get_be16(min, str, 10))
696 return -1;
697 }
698 return 0;
699 }
700
701 static int flower_parse_port(char *str, __u8 ip_proto,
702 enum flower_endpoint endpoint,
703 struct nlmsghdr *n)
704 {
705 char *slash = NULL;
706 __be16 min = 0;
707 __be16 max = 0;
708 int ret;
709
710 ret = parse_range(str, &min, &max);
711 if (ret) {
712 slash = strchr(str, '/');
713 if (!slash)
714 return -1;
715 }
716
717 if (min && max) {
718 __be16 min_port_type, max_port_type;
719
720 if (max <= min) {
721 fprintf(stderr, "max value should be greater than min value\n");
722 return -1;
723 }
724 if (flower_port_range_attr_type(ip_proto, endpoint,
725 &min_port_type, &max_port_type))
726 return -1;
727
728 addattr16(n, MAX_MSG, min_port_type, min);
729 addattr16(n, MAX_MSG, max_port_type, max);
730 } else if (slash || (min && !max)) {
731 int type;
732
733 type = flower_port_attr_type(ip_proto, endpoint);
734 if (type < 0)
735 return -1;
736
737 if (!slash) {
738 addattr16(n, MAX_MSG, type, min);
739 } else {
740 int mask_type;
741
742 mask_type = flower_port_attr_mask_type(ip_proto,
743 endpoint);
744 if (mask_type < 0)
745 return -1;
746 return flower_parse_u16(str, type, mask_type, n, true);
747 }
748 } else {
749 return -1;
750 }
751 return 0;
752 }
753
754 #define TCP_FLAGS_MAX_MASK 0xfff
755
756 static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
757 struct nlmsghdr *n)
758 {
759 char *slash;
760 int ret, err = -1;
761 __u16 flags;
762
763 slash = strchr(str, '/');
764 if (slash)
765 *slash = '\0';
766
767 ret = get_u16(&flags, str, 16);
768 if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
769 goto err;
770
771 addattr16(n, MAX_MSG, flags_type, htons(flags));
772
773 if (slash) {
774 ret = get_u16(&flags, slash + 1, 16);
775 if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
776 goto err;
777 } else {
778 flags = TCP_FLAGS_MAX_MASK;
779 }
780 addattr16(n, MAX_MSG, mask_type, htons(flags));
781
782 err = 0;
783 err:
784 if (slash)
785 *slash = '/';
786 return err;
787 }
788
789 static int flower_parse_ip_tos_ttl(char *str, int key_type, int mask_type,
790 struct nlmsghdr *n)
791 {
792 char *slash;
793 int ret, err = -1;
794 __u8 tos_ttl;
795
796 slash = strchr(str, '/');
797 if (slash)
798 *slash = '\0';
799
800 ret = get_u8(&tos_ttl, str, 10);
801 if (ret < 0)
802 ret = get_u8(&tos_ttl, str, 16);
803 if (ret < 0)
804 goto err;
805
806 addattr8(n, MAX_MSG, key_type, tos_ttl);
807
808 if (slash) {
809 ret = get_u8(&tos_ttl, slash + 1, 16);
810 if (ret < 0)
811 goto err;
812 } else {
813 tos_ttl = 0xff;
814 }
815 addattr8(n, MAX_MSG, mask_type, tos_ttl);
816
817 err = 0;
818 err:
819 if (slash)
820 *slash = '/';
821 return err;
822 }
823
824 static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
825 {
826 int ret;
827 __be32 key_id;
828
829 ret = get_be32(&key_id, str, 10);
830 if (!ret)
831 addattr32(n, MAX_MSG, type, key_id);
832
833 return ret;
834 }
835
836 static int flower_parse_enc_port(char *str, int type, struct nlmsghdr *n)
837 {
838 int ret;
839 __be16 port;
840
841 ret = get_be16(&port, str, 10);
842 if (ret)
843 return -1;
844
845 addattr16(n, MAX_MSG, type, port);
846
847 return 0;
848 }
849
850 static int flower_parse_geneve_opts(char *str, struct nlmsghdr *n)
851 {
852 struct rtattr *nest;
853 char *token;
854 int i, err;
855
856 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
857
858 i = 1;
859 token = strsep(&str, ":");
860 while (token) {
861 switch (i) {
862 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS:
863 {
864 __be16 opt_class;
865
866 if (!strlen(token))
867 break;
868 err = get_be16(&opt_class, token, 16);
869 if (err)
870 return err;
871
872 addattr16(n, MAX_MSG, i, opt_class);
873 break;
874 }
875 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE:
876 {
877 __u8 opt_type;
878
879 if (!strlen(token))
880 break;
881 err = get_u8(&opt_type, token, 16);
882 if (err)
883 return err;
884
885 addattr8(n, MAX_MSG, i, opt_type);
886 break;
887 }
888 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA:
889 {
890 size_t token_len = strlen(token);
891 __u8 *opts;
892
893 if (!token_len)
894 break;
895 opts = malloc(token_len / 2);
896 if (!opts)
897 return -1;
898 if (hex2mem(token, opts, token_len / 2) < 0) {
899 free(opts);
900 return -1;
901 }
902 addattr_l(n, MAX_MSG, i, opts, token_len / 2);
903 free(opts);
904
905 break;
906 }
907 default:
908 fprintf(stderr, "Unknown \"geneve_opts\" type\n");
909 return -1;
910 }
911
912 token = strsep(&str, ":");
913 i++;
914 }
915 addattr_nest_end(n, nest);
916
917 return 0;
918 }
919
920 static int flower_parse_enc_opt_part(char *str, struct nlmsghdr *n)
921 {
922 char *token;
923 int err;
924
925 token = strsep(&str, ",");
926 while (token) {
927 err = flower_parse_geneve_opts(token, n);
928 if (err)
929 return err;
930
931 token = strsep(&str, ",");
932 }
933
934 return 0;
935 }
936
937 static int flower_check_enc_opt_key(char *key)
938 {
939 int key_len, col_cnt = 0;
940
941 key_len = strlen(key);
942 while ((key = strchr(key, ':'))) {
943 if (strlen(key) == key_len)
944 return -1;
945
946 key_len = strlen(key) - 1;
947 col_cnt++;
948 key++;
949 }
950
951 if (col_cnt != 2 || !key_len)
952 return -1;
953
954 return 0;
955 }
956
957 static int flower_parse_enc_opts(char *str, struct nlmsghdr *n)
958 {
959 char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];
960 int data_len, key_len, mask_len, err;
961 char *token, *slash;
962 struct rtattr *nest;
963
964 key_len = 0;
965 mask_len = 0;
966 token = strsep(&str, ",");
967 while (token) {
968 slash = strchr(token, '/');
969 if (slash)
970 *slash = '\0';
971
972 if ((key_len + strlen(token) > XATTR_SIZE_MAX) ||
973 flower_check_enc_opt_key(token))
974 return -1;
975
976 strcpy(&key[key_len], token);
977 key_len += strlen(token) + 1;
978 key[key_len - 1] = ',';
979
980 if (!slash) {
981 /* Pad out mask when not provided */
982 if (mask_len + strlen(token) > XATTR_SIZE_MAX)
983 return -1;
984
985 data_len = strlen(rindex(token, ':'));
986 sprintf(&mask[mask_len], "ffff:ff:");
987 mask_len += 8;
988 memset(&mask[mask_len], 'f', data_len - 1);
989 mask_len += data_len;
990 mask[mask_len - 1] = ',';
991 token = strsep(&str, ",");
992 continue;
993 }
994
995 if (mask_len + strlen(slash + 1) > XATTR_SIZE_MAX)
996 return -1;
997
998 strcpy(&mask[mask_len], slash + 1);
999 mask_len += strlen(slash + 1) + 1;
1000 mask[mask_len - 1] = ',';
1001
1002 *slash = '/';
1003 token = strsep(&str, ",");
1004 }
1005 key[key_len - 1] = '\0';
1006 mask[mask_len - 1] = '\0';
1007
1008 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS);
1009 err = flower_parse_enc_opt_part(key, n);
1010 if (err)
1011 return err;
1012 addattr_nest_end(n, nest);
1013
1014 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_MASK);
1015 err = flower_parse_enc_opt_part(mask, n);
1016 if (err)
1017 return err;
1018 addattr_nest_end(n, nest);
1019
1020 return 0;
1021 }
1022
1023 static int flower_parse_opt(struct filter_util *qu, char *handle,
1024 int argc, char **argv, struct nlmsghdr *n)
1025 {
1026 int ret;
1027 struct tcmsg *t = NLMSG_DATA(n);
1028 struct rtattr *tail;
1029 __be16 eth_type = TC_H_MIN(t->tcm_info);
1030 __be16 vlan_ethtype = 0;
1031 __be16 cvlan_ethtype = 0;
1032 __u8 ip_proto = 0xff;
1033 __u32 flags = 0;
1034 __u32 mtf = 0;
1035 __u32 mtf_mask = 0;
1036
1037 if (handle) {
1038 ret = get_u32(&t->tcm_handle, handle, 0);
1039 if (ret) {
1040 fprintf(stderr, "Illegal \"handle\"\n");
1041 return -1;
1042 }
1043 }
1044
1045 tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len));
1046 addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
1047
1048 if (argc == 0) {
1049 /*at minimal we will match all ethertype packets */
1050 goto parse_done;
1051 }
1052
1053 while (argc > 0) {
1054 if (matches(*argv, "classid") == 0 ||
1055 matches(*argv, "flowid") == 0) {
1056 unsigned int handle;
1057
1058 NEXT_ARG();
1059 ret = get_tc_classid(&handle, *argv);
1060 if (ret) {
1061 fprintf(stderr, "Illegal \"classid\"\n");
1062 return -1;
1063 }
1064 addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4);
1065 } else if (matches(*argv, "hw_tc") == 0) {
1066 unsigned int handle;
1067 __u32 tc;
1068 char *end;
1069
1070 NEXT_ARG();
1071 tc = strtoul(*argv, &end, 0);
1072 if (*end) {
1073 fprintf(stderr, "Illegal TC index\n");
1074 return -1;
1075 }
1076 if (tc >= TC_QOPT_MAX_QUEUE) {
1077 fprintf(stderr, "TC index exceeds max range\n");
1078 return -1;
1079 }
1080 handle = TC_H_MAKE(TC_H_MAJ(t->tcm_parent),
1081 TC_H_MIN(tc + TC_H_MIN_PRIORITY));
1082 addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle,
1083 sizeof(handle));
1084 } else if (matches(*argv, "ip_flags") == 0) {
1085 NEXT_ARG();
1086 ret = flower_parse_matching_flags(*argv,
1087 FLOWER_IP_FLAGS,
1088 &mtf,
1089 &mtf_mask);
1090 if (ret < 0) {
1091 fprintf(stderr, "Illegal \"ip_flags\"\n");
1092 return -1;
1093 }
1094 } else if (matches(*argv, "verbose") == 0) {
1095 flags |= TCA_CLS_FLAGS_VERBOSE;
1096 } else if (matches(*argv, "skip_hw") == 0) {
1097 flags |= TCA_CLS_FLAGS_SKIP_HW;
1098 } else if (matches(*argv, "skip_sw") == 0) {
1099 flags |= TCA_CLS_FLAGS_SKIP_SW;
1100 } else if (matches(*argv, "ct_state") == 0) {
1101 NEXT_ARG();
1102 ret = flower_parse_ct_state(*argv, n);
1103 if (ret < 0) {
1104 fprintf(stderr, "Illegal \"ct_state\"\n");
1105 return -1;
1106 }
1107 } else if (matches(*argv, "ct_zone") == 0) {
1108 NEXT_ARG();
1109 ret = flower_parse_ct_zone(*argv, n);
1110 if (ret < 0) {
1111 fprintf(stderr, "Illegal \"ct_zone\"\n");
1112 return -1;
1113 }
1114 } else if (matches(*argv, "ct_mark") == 0) {
1115 NEXT_ARG();
1116 ret = flower_parse_ct_mark(*argv, n);
1117 if (ret < 0) {
1118 fprintf(stderr, "Illegal \"ct_mark\"\n");
1119 return -1;
1120 }
1121 } else if (matches(*argv, "ct_label") == 0) {
1122 NEXT_ARG();
1123 ret = flower_parse_ct_labels(*argv, n);
1124 if (ret < 0) {
1125 fprintf(stderr, "Illegal \"ct_label\"\n");
1126 return -1;
1127 }
1128 } else if (matches(*argv, "indev") == 0) {
1129 NEXT_ARG();
1130 if (check_ifname(*argv))
1131 invarg("\"indev\" not a valid ifname", *argv);
1132 addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, *argv);
1133 } else if (matches(*argv, "vlan_id") == 0) {
1134 __u16 vid;
1135
1136 NEXT_ARG();
1137 if (!eth_type_vlan(eth_type)) {
1138 fprintf(stderr, "Can't set \"vlan_id\" if ethertype isn't 802.1Q or 802.1AD\n");
1139 return -1;
1140 }
1141 ret = get_u16(&vid, *argv, 10);
1142 if (ret < 0 || vid & ~0xfff) {
1143 fprintf(stderr, "Illegal \"vlan_id\"\n");
1144 return -1;
1145 }
1146 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_ID, vid);
1147 } else if (matches(*argv, "vlan_prio") == 0) {
1148 __u8 vlan_prio;
1149
1150 NEXT_ARG();
1151 if (!eth_type_vlan(eth_type)) {
1152 fprintf(stderr, "Can't set \"vlan_prio\" if ethertype isn't 802.1Q or 802.1AD\n");
1153 return -1;
1154 }
1155 ret = get_u8(&vlan_prio, *argv, 10);
1156 if (ret < 0 || vlan_prio & ~0x7) {
1157 fprintf(stderr, "Illegal \"vlan_prio\"\n");
1158 return -1;
1159 }
1160 addattr8(n, MAX_MSG,
1161 TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio);
1162 } else if (matches(*argv, "vlan_ethtype") == 0) {
1163 NEXT_ARG();
1164 ret = flower_parse_vlan_eth_type(*argv, eth_type,
1165 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
1166 &vlan_ethtype, n);
1167 if (ret < 0)
1168 return -1;
1169 } else if (matches(*argv, "cvlan_id") == 0) {
1170 __u16 vid;
1171
1172 NEXT_ARG();
1173 if (!eth_type_vlan(vlan_ethtype)) {
1174 fprintf(stderr, "Can't set \"cvlan_id\" if inner vlan ethertype isn't 802.1Q or 802.1AD\n");
1175 return -1;
1176 }
1177 ret = get_u16(&vid, *argv, 10);
1178 if (ret < 0 || vid & ~0xfff) {
1179 fprintf(stderr, "Illegal \"cvlan_id\"\n");
1180 return -1;
1181 }
1182 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CVLAN_ID, vid);
1183 } else if (matches(*argv, "cvlan_prio") == 0) {
1184 __u8 cvlan_prio;
1185
1186 NEXT_ARG();
1187 if (!eth_type_vlan(vlan_ethtype)) {
1188 fprintf(stderr, "Can't set \"cvlan_prio\" if inner vlan ethertype isn't 802.1Q or 802.1AD\n");
1189 return -1;
1190 }
1191 ret = get_u8(&cvlan_prio, *argv, 10);
1192 if (ret < 0 || cvlan_prio & ~0x7) {
1193 fprintf(stderr, "Illegal \"cvlan_prio\"\n");
1194 return -1;
1195 }
1196 addattr8(n, MAX_MSG,
1197 TCA_FLOWER_KEY_CVLAN_PRIO, cvlan_prio);
1198 } else if (matches(*argv, "cvlan_ethtype") == 0) {
1199 NEXT_ARG();
1200 ret = flower_parse_vlan_eth_type(*argv, vlan_ethtype,
1201 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
1202 &cvlan_ethtype, n);
1203 if (ret < 0)
1204 return -1;
1205 } else if (matches(*argv, "mpls_label") == 0) {
1206 __u32 label;
1207
1208 NEXT_ARG();
1209 if (eth_type != htons(ETH_P_MPLS_UC) &&
1210 eth_type != htons(ETH_P_MPLS_MC)) {
1211 fprintf(stderr,
1212 "Can't set \"mpls_label\" if ethertype isn't MPLS\n");
1213 return -1;
1214 }
1215 ret = get_u32(&label, *argv, 10);
1216 if (ret < 0 || label & ~(MPLS_LS_LABEL_MASK >> MPLS_LS_LABEL_SHIFT)) {
1217 fprintf(stderr, "Illegal \"mpls_label\"\n");
1218 return -1;
1219 }
1220 addattr32(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_LABEL, label);
1221 } else if (matches(*argv, "mpls_tc") == 0) {
1222 __u8 tc;
1223
1224 NEXT_ARG();
1225 if (eth_type != htons(ETH_P_MPLS_UC) &&
1226 eth_type != htons(ETH_P_MPLS_MC)) {
1227 fprintf(stderr,
1228 "Can't set \"mpls_tc\" if ethertype isn't MPLS\n");
1229 return -1;
1230 }
1231 ret = get_u8(&tc, *argv, 10);
1232 if (ret < 0 || tc & ~(MPLS_LS_TC_MASK >> MPLS_LS_TC_SHIFT)) {
1233 fprintf(stderr, "Illegal \"mpls_tc\"\n");
1234 return -1;
1235 }
1236 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_TC, tc);
1237 } else if (matches(*argv, "mpls_bos") == 0) {
1238 __u8 bos;
1239
1240 NEXT_ARG();
1241 if (eth_type != htons(ETH_P_MPLS_UC) &&
1242 eth_type != htons(ETH_P_MPLS_MC)) {
1243 fprintf(stderr,
1244 "Can't set \"mpls_bos\" if ethertype isn't MPLS\n");
1245 return -1;
1246 }
1247 ret = get_u8(&bos, *argv, 10);
1248 if (ret < 0 || bos & ~(MPLS_LS_S_MASK >> MPLS_LS_S_SHIFT)) {
1249 fprintf(stderr, "Illegal \"mpls_bos\"\n");
1250 return -1;
1251 }
1252 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_BOS, bos);
1253 } else if (matches(*argv, "mpls_ttl") == 0) {
1254 __u8 ttl;
1255
1256 NEXT_ARG();
1257 if (eth_type != htons(ETH_P_MPLS_UC) &&
1258 eth_type != htons(ETH_P_MPLS_MC)) {
1259 fprintf(stderr,
1260 "Can't set \"mpls_ttl\" if ethertype isn't MPLS\n");
1261 return -1;
1262 }
1263 ret = get_u8(&ttl, *argv, 10);
1264 if (ret < 0 || ttl & ~(MPLS_LS_TTL_MASK >> MPLS_LS_TTL_SHIFT)) {
1265 fprintf(stderr, "Illegal \"mpls_ttl\"\n");
1266 return -1;
1267 }
1268 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_TTL, ttl);
1269 } else if (matches(*argv, "dst_mac") == 0) {
1270 NEXT_ARG();
1271 ret = flower_parse_eth_addr(*argv,
1272 TCA_FLOWER_KEY_ETH_DST,
1273 TCA_FLOWER_KEY_ETH_DST_MASK,
1274 n);
1275 if (ret < 0) {
1276 fprintf(stderr, "Illegal \"dst_mac\"\n");
1277 return -1;
1278 }
1279 } else if (matches(*argv, "src_mac") == 0) {
1280 NEXT_ARG();
1281 ret = flower_parse_eth_addr(*argv,
1282 TCA_FLOWER_KEY_ETH_SRC,
1283 TCA_FLOWER_KEY_ETH_SRC_MASK,
1284 n);
1285 if (ret < 0) {
1286 fprintf(stderr, "Illegal \"src_mac\"\n");
1287 return -1;
1288 }
1289 } else if (matches(*argv, "ip_proto") == 0) {
1290 NEXT_ARG();
1291 ret = flower_parse_ip_proto(*argv, cvlan_ethtype ?
1292 cvlan_ethtype : vlan_ethtype ?
1293 vlan_ethtype : eth_type,
1294 TCA_FLOWER_KEY_IP_PROTO,
1295 &ip_proto, n);
1296 if (ret < 0) {
1297 fprintf(stderr, "Illegal \"ip_proto\"\n");
1298 return -1;
1299 }
1300 } else if (matches(*argv, "ip_tos") == 0) {
1301 NEXT_ARG();
1302 ret = flower_parse_ip_tos_ttl(*argv,
1303 TCA_FLOWER_KEY_IP_TOS,
1304 TCA_FLOWER_KEY_IP_TOS_MASK,
1305 n);
1306 if (ret < 0) {
1307 fprintf(stderr, "Illegal \"ip_tos\"\n");
1308 return -1;
1309 }
1310 } else if (matches(*argv, "ip_ttl") == 0) {
1311 NEXT_ARG();
1312 ret = flower_parse_ip_tos_ttl(*argv,
1313 TCA_FLOWER_KEY_IP_TTL,
1314 TCA_FLOWER_KEY_IP_TTL_MASK,
1315 n);
1316 if (ret < 0) {
1317 fprintf(stderr, "Illegal \"ip_ttl\"\n");
1318 return -1;
1319 }
1320 } else if (matches(*argv, "dst_ip") == 0) {
1321 NEXT_ARG();
1322 ret = flower_parse_ip_addr(*argv, cvlan_ethtype ?
1323 cvlan_ethtype : vlan_ethtype ?
1324 vlan_ethtype : eth_type,
1325 TCA_FLOWER_KEY_IPV4_DST,
1326 TCA_FLOWER_KEY_IPV4_DST_MASK,
1327 TCA_FLOWER_KEY_IPV6_DST,
1328 TCA_FLOWER_KEY_IPV6_DST_MASK,
1329 n);
1330 if (ret < 0) {
1331 fprintf(stderr, "Illegal \"dst_ip\"\n");
1332 return -1;
1333 }
1334 } else if (matches(*argv, "src_ip") == 0) {
1335 NEXT_ARG();
1336 ret = flower_parse_ip_addr(*argv, cvlan_ethtype ?
1337 cvlan_ethtype : vlan_ethtype ?
1338 vlan_ethtype : eth_type,
1339 TCA_FLOWER_KEY_IPV4_SRC,
1340 TCA_FLOWER_KEY_IPV4_SRC_MASK,
1341 TCA_FLOWER_KEY_IPV6_SRC,
1342 TCA_FLOWER_KEY_IPV6_SRC_MASK,
1343 n);
1344 if (ret < 0) {
1345 fprintf(stderr, "Illegal \"src_ip\"\n");
1346 return -1;
1347 }
1348 } else if (matches(*argv, "dst_port") == 0) {
1349 NEXT_ARG();
1350 ret = flower_parse_port(*argv, ip_proto,
1351 FLOWER_ENDPOINT_DST, n);
1352 if (ret < 0) {
1353 fprintf(stderr, "Illegal \"dst_port\"\n");
1354 return -1;
1355 }
1356 } else if (matches(*argv, "src_port") == 0) {
1357 NEXT_ARG();
1358 ret = flower_parse_port(*argv, ip_proto,
1359 FLOWER_ENDPOINT_SRC, n);
1360 if (ret < 0) {
1361 fprintf(stderr, "Illegal \"src_port\"\n");
1362 return -1;
1363 }
1364 } else if (matches(*argv, "tcp_flags") == 0) {
1365 NEXT_ARG();
1366 ret = flower_parse_tcp_flags(*argv,
1367 TCA_FLOWER_KEY_TCP_FLAGS,
1368 TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1369 n);
1370 if (ret < 0) {
1371 fprintf(stderr, "Illegal \"tcp_flags\"\n");
1372 return -1;
1373 }
1374 } else if (matches(*argv, "type") == 0) {
1375 NEXT_ARG();
1376 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
1377 FLOWER_ICMP_FIELD_TYPE, n);
1378 if (ret < 0) {
1379 fprintf(stderr, "Illegal \"icmp type\"\n");
1380 return -1;
1381 }
1382 } else if (matches(*argv, "code") == 0) {
1383 NEXT_ARG();
1384 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
1385 FLOWER_ICMP_FIELD_CODE, n);
1386 if (ret < 0) {
1387 fprintf(stderr, "Illegal \"icmp code\"\n");
1388 return -1;
1389 }
1390 } else if (matches(*argv, "arp_tip") == 0) {
1391 NEXT_ARG();
1392 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
1393 vlan_ethtype : eth_type,
1394 TCA_FLOWER_KEY_ARP_TIP,
1395 TCA_FLOWER_KEY_ARP_TIP_MASK,
1396 n);
1397 if (ret < 0) {
1398 fprintf(stderr, "Illegal \"arp_tip\"\n");
1399 return -1;
1400 }
1401 } else if (matches(*argv, "arp_sip") == 0) {
1402 NEXT_ARG();
1403 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
1404 vlan_ethtype : eth_type,
1405 TCA_FLOWER_KEY_ARP_SIP,
1406 TCA_FLOWER_KEY_ARP_SIP_MASK,
1407 n);
1408 if (ret < 0) {
1409 fprintf(stderr, "Illegal \"arp_sip\"\n");
1410 return -1;
1411 }
1412 } else if (matches(*argv, "arp_op") == 0) {
1413 NEXT_ARG();
1414 ret = flower_parse_arp_op(*argv, vlan_ethtype ?
1415 vlan_ethtype : eth_type,
1416 TCA_FLOWER_KEY_ARP_OP,
1417 TCA_FLOWER_KEY_ARP_OP_MASK,
1418 n);
1419 if (ret < 0) {
1420 fprintf(stderr, "Illegal \"arp_op\"\n");
1421 return -1;
1422 }
1423 } else if (matches(*argv, "arp_tha") == 0) {
1424 NEXT_ARG();
1425 ret = flower_parse_eth_addr(*argv,
1426 TCA_FLOWER_KEY_ARP_THA,
1427 TCA_FLOWER_KEY_ARP_THA_MASK,
1428 n);
1429 if (ret < 0) {
1430 fprintf(stderr, "Illegal \"arp_tha\"\n");
1431 return -1;
1432 }
1433 } else if (matches(*argv, "arp_sha") == 0) {
1434 NEXT_ARG();
1435 ret = flower_parse_eth_addr(*argv,
1436 TCA_FLOWER_KEY_ARP_SHA,
1437 TCA_FLOWER_KEY_ARP_SHA_MASK,
1438 n);
1439 if (ret < 0) {
1440 fprintf(stderr, "Illegal \"arp_sha\"\n");
1441 return -1;
1442 }
1443 } else if (matches(*argv, "enc_dst_ip") == 0) {
1444 NEXT_ARG();
1445 ret = flower_parse_ip_addr(*argv, 0,
1446 TCA_FLOWER_KEY_ENC_IPV4_DST,
1447 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1448 TCA_FLOWER_KEY_ENC_IPV6_DST,
1449 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1450 n);
1451 if (ret < 0) {
1452 fprintf(stderr, "Illegal \"enc_dst_ip\"\n");
1453 return -1;
1454 }
1455 } else if (matches(*argv, "enc_src_ip") == 0) {
1456 NEXT_ARG();
1457 ret = flower_parse_ip_addr(*argv, 0,
1458 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1459 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1460 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1461 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1462 n);
1463 if (ret < 0) {
1464 fprintf(stderr, "Illegal \"enc_src_ip\"\n");
1465 return -1;
1466 }
1467 } else if (matches(*argv, "enc_key_id") == 0) {
1468 NEXT_ARG();
1469 ret = flower_parse_key_id(*argv,
1470 TCA_FLOWER_KEY_ENC_KEY_ID, n);
1471 if (ret < 0) {
1472 fprintf(stderr, "Illegal \"enc_key_id\"\n");
1473 return -1;
1474 }
1475 } else if (matches(*argv, "enc_dst_port") == 0) {
1476 NEXT_ARG();
1477 ret = flower_parse_enc_port(*argv,
1478 TCA_FLOWER_KEY_ENC_UDP_DST_PORT, n);
1479 if (ret < 0) {
1480 fprintf(stderr, "Illegal \"enc_dst_port\"\n");
1481 return -1;
1482 }
1483 } else if (matches(*argv, "enc_tos") == 0) {
1484 NEXT_ARG();
1485 ret = flower_parse_ip_tos_ttl(*argv,
1486 TCA_FLOWER_KEY_ENC_IP_TOS,
1487 TCA_FLOWER_KEY_ENC_IP_TOS_MASK,
1488 n);
1489 if (ret < 0) {
1490 fprintf(stderr, "Illegal \"enc_tos\"\n");
1491 return -1;
1492 }
1493 } else if (matches(*argv, "enc_ttl") == 0) {
1494 NEXT_ARG();
1495 ret = flower_parse_ip_tos_ttl(*argv,
1496 TCA_FLOWER_KEY_ENC_IP_TTL,
1497 TCA_FLOWER_KEY_ENC_IP_TTL_MASK,
1498 n);
1499 if (ret < 0) {
1500 fprintf(stderr, "Illegal \"enc_ttl\"\n");
1501 return -1;
1502 }
1503 } else if (matches(*argv, "geneve_opts") == 0) {
1504 NEXT_ARG();
1505 ret = flower_parse_enc_opts(*argv, n);
1506 if (ret < 0) {
1507 fprintf(stderr, "Illegal \"geneve_opts\"\n");
1508 return -1;
1509 }
1510 } else if (matches(*argv, "action") == 0) {
1511 NEXT_ARG();
1512 ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
1513 if (ret) {
1514 fprintf(stderr, "Illegal \"action\"\n");
1515 return -1;
1516 }
1517 continue;
1518 } else if (strcmp(*argv, "help") == 0) {
1519 explain();
1520 return -1;
1521 } else {
1522 fprintf(stderr, "What is \"%s\"?\n", *argv);
1523 explain();
1524 return -1;
1525 }
1526 argc--; argv++;
1527 }
1528
1529 parse_done:
1530 ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags);
1531 if (ret)
1532 return ret;
1533
1534 if (mtf_mask) {
1535 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS, htonl(mtf));
1536 if (ret)
1537 return ret;
1538
1539 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS_MASK, htonl(mtf_mask));
1540 if (ret)
1541 return ret;
1542 }
1543
1544 if (eth_type != htons(ETH_P_ALL)) {
1545 ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type);
1546 if (ret)
1547 return ret;
1548 }
1549
1550 tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
1551
1552 return 0;
1553 }
1554
1555 static int __mask_bits(char *addr, size_t len)
1556 {
1557 int bits = 0;
1558 bool hole = false;
1559 int i;
1560 int j;
1561
1562 for (i = 0; i < len; i++, addr++) {
1563 for (j = 7; j >= 0; j--) {
1564 if (((*addr) >> j) & 0x1) {
1565 if (hole)
1566 return -1;
1567 bits++;
1568 } else if (bits) {
1569 hole = true;
1570 } else{
1571 return -1;
1572 }
1573 }
1574 }
1575 return bits;
1576 }
1577
1578 static void flower_print_eth_addr(char *name, struct rtattr *addr_attr,
1579 struct rtattr *mask_attr)
1580 {
1581 SPRINT_BUF(namefrm);
1582 SPRINT_BUF(out);
1583 SPRINT_BUF(b1);
1584 size_t done;
1585 int bits;
1586
1587 if (!addr_attr || RTA_PAYLOAD(addr_attr) != ETH_ALEN)
1588 return;
1589 done = sprintf(out, "%s",
1590 ll_addr_n2a(RTA_DATA(addr_attr), ETH_ALEN,
1591 0, b1, sizeof(b1)));
1592 if (mask_attr && RTA_PAYLOAD(mask_attr) == ETH_ALEN) {
1593 bits = __mask_bits(RTA_DATA(mask_attr), ETH_ALEN);
1594 if (bits < 0)
1595 sprintf(out + done, "/%s",
1596 ll_addr_n2a(RTA_DATA(mask_attr), ETH_ALEN,
1597 0, b1, sizeof(b1)));
1598 else if (bits < ETH_ALEN * 8)
1599 sprintf(out + done, "/%d", bits);
1600 }
1601
1602 print_nl();
1603 sprintf(namefrm, " %s %%s", name);
1604 print_string(PRINT_ANY, name, namefrm, out);
1605 }
1606
1607 static void flower_print_eth_type(__be16 *p_eth_type,
1608 struct rtattr *eth_type_attr)
1609 {
1610 SPRINT_BUF(out);
1611 __be16 eth_type;
1612
1613 if (!eth_type_attr)
1614 return;
1615
1616 eth_type = rta_getattr_u16(eth_type_attr);
1617 if (eth_type == htons(ETH_P_IP))
1618 sprintf(out, "ipv4");
1619 else if (eth_type == htons(ETH_P_IPV6))
1620 sprintf(out, "ipv6");
1621 else if (eth_type == htons(ETH_P_ARP))
1622 sprintf(out, "arp");
1623 else if (eth_type == htons(ETH_P_RARP))
1624 sprintf(out, "rarp");
1625 else
1626 sprintf(out, "%04x", ntohs(eth_type));
1627
1628 print_nl();
1629 print_string(PRINT_ANY, "eth_type", " eth_type %s", out);
1630 *p_eth_type = eth_type;
1631 }
1632
1633 static void flower_print_ip_proto(__u8 *p_ip_proto,
1634 struct rtattr *ip_proto_attr)
1635 {
1636 SPRINT_BUF(out);
1637 __u8 ip_proto;
1638
1639 if (!ip_proto_attr)
1640 return;
1641
1642 ip_proto = rta_getattr_u8(ip_proto_attr);
1643 if (ip_proto == IPPROTO_TCP)
1644 sprintf(out, "tcp");
1645 else if (ip_proto == IPPROTO_UDP)
1646 sprintf(out, "udp");
1647 else if (ip_proto == IPPROTO_SCTP)
1648 sprintf(out, "sctp");
1649 else if (ip_proto == IPPROTO_ICMP)
1650 sprintf(out, "icmp");
1651 else if (ip_proto == IPPROTO_ICMPV6)
1652 sprintf(out, "icmpv6");
1653 else
1654 sprintf(out, "%02x", ip_proto);
1655
1656 print_nl();
1657 print_string(PRINT_ANY, "ip_proto", " ip_proto %s", out);
1658 *p_ip_proto = ip_proto;
1659 }
1660
1661 static void flower_print_ip_attr(const char *name, struct rtattr *key_attr,
1662 struct rtattr *mask_attr)
1663 {
1664 print_masked_u8(name, key_attr, mask_attr, true);
1665 }
1666
1667 static void flower_print_matching_flags(char *name,
1668 enum flower_matching_flags type,
1669 struct rtattr *attr,
1670 struct rtattr *mask_attr)
1671 {
1672 int i;
1673 int count = 0;
1674 __u32 mtf;
1675 __u32 mtf_mask;
1676
1677 if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4)
1678 return;
1679
1680 mtf = ntohl(rta_getattr_u32(attr));
1681 mtf_mask = ntohl(rta_getattr_u32(mask_attr));
1682
1683 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
1684 if (type != flags_str[i].type)
1685 continue;
1686 if (mtf_mask & flags_str[i].flag) {
1687 if (++count == 1) {
1688 print_nl();
1689 print_string(PRINT_FP, NULL, " %s ", name);
1690 open_json_object(name);
1691 } else {
1692 print_string(PRINT_FP, NULL, "/", NULL);
1693 }
1694
1695 print_bool(PRINT_JSON, flags_str[i].string, NULL,
1696 mtf & flags_str[i].flag);
1697 if (mtf & flags_str[i].flag)
1698 print_string(PRINT_FP, NULL, "%s",
1699 flags_str[i].string);
1700 else
1701 print_string(PRINT_FP, NULL, "no%s",
1702 flags_str[i].string);
1703 }
1704 }
1705 if (count)
1706 close_json_object();
1707 }
1708
1709 static void flower_print_ip_addr(char *name, __be16 eth_type,
1710 struct rtattr *addr4_attr,
1711 struct rtattr *mask4_attr,
1712 struct rtattr *addr6_attr,
1713 struct rtattr *mask6_attr)
1714 {
1715 struct rtattr *addr_attr;
1716 struct rtattr *mask_attr;
1717 SPRINT_BUF(namefrm);
1718 SPRINT_BUF(out);
1719 size_t done;
1720 int family;
1721 size_t len;
1722 int bits;
1723
1724 if (eth_type == htons(ETH_P_IP)) {
1725 family = AF_INET;
1726 addr_attr = addr4_attr;
1727 mask_attr = mask4_attr;
1728 len = 4;
1729 } else if (eth_type == htons(ETH_P_IPV6)) {
1730 family = AF_INET6;
1731 addr_attr = addr6_attr;
1732 mask_attr = mask6_attr;
1733 len = 16;
1734 } else {
1735 return;
1736 }
1737 if (!addr_attr || RTA_PAYLOAD(addr_attr) != len)
1738 return;
1739 if (!mask_attr || RTA_PAYLOAD(mask_attr) != len)
1740 return;
1741 done = sprintf(out, "%s", rt_addr_n2a_rta(family, addr_attr));
1742 bits = __mask_bits(RTA_DATA(mask_attr), len);
1743 if (bits < 0)
1744 sprintf(out + done, "/%s", rt_addr_n2a_rta(family, mask_attr));
1745 else if (bits < len * 8)
1746 sprintf(out + done, "/%d", bits);
1747
1748 print_nl();
1749 sprintf(namefrm, " %s %%s", name);
1750 print_string(PRINT_ANY, name, namefrm, out);
1751 }
1752 static void flower_print_ip4_addr(char *name, struct rtattr *addr_attr,
1753 struct rtattr *mask_attr)
1754 {
1755 return flower_print_ip_addr(name, htons(ETH_P_IP),
1756 addr_attr, mask_attr, 0, 0);
1757 }
1758
1759 static void flower_print_port(char *name, struct rtattr *attr,
1760 struct rtattr *mask_attr)
1761 {
1762 print_masked_be16(name, attr, mask_attr, true);
1763 }
1764
1765 static void flower_print_port_range(char *name, struct rtattr *min_attr,
1766 struct rtattr *max_attr)
1767 {
1768 if (!min_attr || !max_attr)
1769 return;
1770
1771 if (is_json_context()) {
1772 open_json_object(name);
1773 print_hu(PRINT_JSON, "start", NULL, rta_getattr_be16(min_attr));
1774 print_hu(PRINT_JSON, "end", NULL, rta_getattr_be16(max_attr));
1775 close_json_object();
1776 } else {
1777 SPRINT_BUF(namefrm);
1778 SPRINT_BUF(out);
1779 size_t done;
1780
1781 done = sprintf(out, "%u", rta_getattr_be16(min_attr));
1782 sprintf(out + done, "-%u", rta_getattr_be16(max_attr));
1783 print_nl();
1784 sprintf(namefrm, " %s %%s", name);
1785 print_string(PRINT_ANY, name, namefrm, out);
1786 }
1787 }
1788
1789 static void flower_print_tcp_flags(const char *name, struct rtattr *flags_attr,
1790 struct rtattr *mask_attr)
1791 {
1792 SPRINT_BUF(namefrm);
1793 SPRINT_BUF(out);
1794 size_t done;
1795
1796 if (!flags_attr)
1797 return;
1798
1799 done = sprintf(out, "0x%x", rta_getattr_be16(flags_attr));
1800 if (mask_attr)
1801 sprintf(out + done, "/%x", rta_getattr_be16(mask_attr));
1802
1803 print_nl();
1804 sprintf(namefrm, " %s %%s", name);
1805 print_string(PRINT_ANY, name, namefrm, out);
1806 }
1807
1808 static void flower_print_ct_state(struct rtattr *flags_attr,
1809 struct rtattr *mask_attr)
1810 {
1811 SPRINT_BUF(out);
1812 uint16_t state;
1813 uint16_t state_mask;
1814 size_t done = 0;
1815 int i;
1816
1817 if (!flags_attr)
1818 return;
1819
1820 state = rta_getattr_u16(flags_attr);
1821 if (mask_attr)
1822 state_mask = rta_getattr_u16(mask_attr);
1823 else
1824 state_mask = UINT16_MAX;
1825
1826 for (i = 0; i < ARRAY_SIZE(flower_ct_states); i++) {
1827 if (!(state_mask & flower_ct_states[i].flag))
1828 continue;
1829
1830 if (state & flower_ct_states[i].flag)
1831 done += sprintf(out + done, "+%s",
1832 flower_ct_states[i].str);
1833 else
1834 done += sprintf(out + done, "-%s",
1835 flower_ct_states[i].str);
1836 }
1837
1838 print_nl();
1839 print_string(PRINT_ANY, "ct_state", " ct_state %s", out);
1840 }
1841
1842 static void flower_print_ct_label(struct rtattr *attr,
1843 struct rtattr *mask_attr)
1844 {
1845 const unsigned char *str;
1846 bool print_mask = false;
1847 int data_len, i;
1848 SPRINT_BUF(out);
1849 char *p;
1850
1851 if (!attr)
1852 return;
1853
1854 data_len = RTA_PAYLOAD(attr);
1855 hexstring_n2a(RTA_DATA(attr), data_len, out, sizeof(out));
1856 p = out + data_len*2;
1857
1858 data_len = RTA_PAYLOAD(attr);
1859 str = RTA_DATA(mask_attr);
1860 if (data_len != 16)
1861 print_mask = true;
1862 for (i = 0; !print_mask && i < data_len; i++) {
1863 if (str[i] != 0xff)
1864 print_mask = true;
1865 }
1866 if (print_mask) {
1867 *p++ = '/';
1868 hexstring_n2a(RTA_DATA(mask_attr), data_len, p,
1869 sizeof(out)-(p-out));
1870 p += data_len*2;
1871 }
1872 *p = '\0';
1873
1874 print_nl();
1875 print_string(PRINT_ANY, "ct_label", " ct_label %s", out);
1876 }
1877
1878 static void flower_print_ct_zone(struct rtattr *attr,
1879 struct rtattr *mask_attr)
1880 {
1881 print_masked_u16("ct_zone", attr, mask_attr, true);
1882 }
1883
1884 static void flower_print_ct_mark(struct rtattr *attr,
1885 struct rtattr *mask_attr)
1886 {
1887 print_masked_u32("ct_mark", attr, mask_attr, true);
1888 }
1889
1890 static void flower_print_key_id(const char *name, struct rtattr *attr)
1891 {
1892 SPRINT_BUF(namefrm);
1893
1894 if (!attr)
1895 return;
1896
1897 print_nl();
1898 sprintf(namefrm, " %s %%u", name);
1899 print_uint(PRINT_ANY, name, namefrm, rta_getattr_be32(attr));
1900 }
1901
1902 static void flower_print_geneve_opts(const char *name, struct rtattr *attr,
1903 char *strbuf)
1904 {
1905 struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
1906 int ii, data_len, offset = 0, slen = 0;
1907 struct rtattr *i = RTA_DATA(attr);
1908 int rem = RTA_PAYLOAD(attr);
1909 __u8 type, data_r[rem];
1910 char data[rem * 2 + 1];
1911 __u16 class;
1912
1913 open_json_array(PRINT_JSON, name);
1914 while (rem) {
1915 parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX, i, rem);
1916 class = rta_getattr_be16(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]);
1917 type = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]);
1918 data_len = RTA_PAYLOAD(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]);
1919 hexstring_n2a(RTA_DATA(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]),
1920 data_len, data, sizeof(data));
1921 hex2mem(data, data_r, data_len);
1922 offset += data_len + 20;
1923 rem -= data_len + 20;
1924 i = RTA_DATA(attr) + offset;
1925
1926 open_json_object(NULL);
1927 print_uint(PRINT_JSON, "class", NULL, class);
1928 print_uint(PRINT_JSON, "type", NULL, type);
1929 open_json_array(PRINT_JSON, "data");
1930 for (ii = 0; ii < data_len; ii++)
1931 print_uint(PRINT_JSON, NULL, NULL, data_r[ii]);
1932 close_json_array(PRINT_JSON, "data");
1933 close_json_object();
1934
1935 slen += sprintf(strbuf + slen, "%04x:%02x:%s",
1936 class, type, data);
1937 if (rem)
1938 slen += sprintf(strbuf + slen, ",");
1939 }
1940 close_json_array(PRINT_JSON, name);
1941 }
1942
1943 static void flower_print_geneve_parts(const char *name, struct rtattr *attr,
1944 char *key, char *mask)
1945 {
1946 char *namefrm = " geneve_opt %s";
1947 char *key_token, *mask_token, *out;
1948 int len;
1949
1950 out = malloc(RTA_PAYLOAD(attr) * 4 + 3);
1951 if (!out)
1952 return;
1953
1954 len = 0;
1955 key_token = strsep(&key, ",");
1956 mask_token = strsep(&mask, ",");
1957 while (key_token) {
1958 len += sprintf(&out[len], "%s/%s,", key_token, mask_token);
1959 mask_token = strsep(&mask, ",");
1960 key_token = strsep(&key, ",");
1961 }
1962
1963 out[len - 1] = '\0';
1964 print_nl();
1965 print_string(PRINT_FP, name, namefrm, out);
1966 free(out);
1967 }
1968
1969 static void flower_print_enc_opts(const char *name, struct rtattr *attr,
1970 struct rtattr *mask_attr)
1971 {
1972 struct rtattr *key_tb[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1];
1973 struct rtattr *msk_tb[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1];
1974 char *key, *msk;
1975
1976 if (!attr)
1977 return;
1978
1979 key = malloc(RTA_PAYLOAD(attr) * 2 + 1);
1980 if (!key)
1981 return;
1982
1983 msk = malloc(RTA_PAYLOAD(attr) * 2 + 1);
1984 if (!msk)
1985 goto err_key_free;
1986
1987 parse_rtattr_nested(key_tb, TCA_FLOWER_KEY_ENC_OPTS_MAX, attr);
1988 flower_print_geneve_opts("geneve_opt_key",
1989 key_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE], key);
1990
1991 parse_rtattr_nested(msk_tb, TCA_FLOWER_KEY_ENC_OPTS_MAX, mask_attr);
1992 flower_print_geneve_opts("geneve_opt_mask",
1993 msk_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE], msk);
1994
1995 flower_print_geneve_parts(name, attr, key, msk);
1996
1997 free(msk);
1998 err_key_free:
1999 free(key);
2000 }
2001
2002 static void flower_print_masked_u8(const char *name, struct rtattr *attr,
2003 struct rtattr *mask_attr,
2004 const char *(*value_to_str)(__u8 value))
2005 {
2006 const char *value_str = NULL;
2007 __u8 value, mask;
2008 SPRINT_BUF(namefrm);
2009 SPRINT_BUF(out);
2010 size_t done;
2011
2012 if (!attr)
2013 return;
2014
2015 value = rta_getattr_u8(attr);
2016 mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX;
2017 if (mask == UINT8_MAX && value_to_str)
2018 value_str = value_to_str(value);
2019
2020 if (value_str)
2021 done = sprintf(out, "%s", value_str);
2022 else
2023 done = sprintf(out, "%d", value);
2024
2025 if (mask != UINT8_MAX)
2026 sprintf(out + done, "/%d", mask);
2027
2028 print_nl();
2029 sprintf(namefrm, " %s %%s", name);
2030 print_string(PRINT_ANY, name, namefrm, out);
2031 }
2032
2033 static void flower_print_u8(const char *name, struct rtattr *attr)
2034 {
2035 flower_print_masked_u8(name, attr, NULL, NULL);
2036 }
2037
2038 static void flower_print_u32(const char *name, struct rtattr *attr)
2039 {
2040 SPRINT_BUF(namefrm);
2041
2042 if (!attr)
2043 return;
2044
2045 print_nl();
2046 sprintf(namefrm, " %s %%u", name);
2047 print_uint(PRINT_ANY, name, namefrm, rta_getattr_u32(attr));
2048 }
2049
2050 static void flower_print_arp_op(const char *name,
2051 struct rtattr *op_attr,
2052 struct rtattr *mask_attr)
2053 {
2054 flower_print_masked_u8(name, op_attr, mask_attr,
2055 flower_print_arp_op_to_name);
2056 }
2057
2058 static int flower_print_opt(struct filter_util *qu, FILE *f,
2059 struct rtattr *opt, __u32 handle)
2060 {
2061 struct rtattr *tb[TCA_FLOWER_MAX + 1];
2062 __be16 min_port_type, max_port_type;
2063 int nl_type, nl_mask_type;
2064 __be16 eth_type = 0;
2065 __u8 ip_proto = 0xff;
2066
2067 if (!opt)
2068 return 0;
2069
2070 parse_rtattr_nested(tb, TCA_FLOWER_MAX, opt);
2071
2072 if (handle)
2073 print_uint(PRINT_ANY, "handle", "handle 0x%x ", handle);
2074
2075 if (tb[TCA_FLOWER_CLASSID]) {
2076 __u32 h = rta_getattr_u32(tb[TCA_FLOWER_CLASSID]);
2077
2078 if (TC_H_MIN(h) < TC_H_MIN_PRIORITY ||
2079 TC_H_MIN(h) > (TC_H_MIN_PRIORITY + TC_QOPT_MAX_QUEUE - 1)) {
2080 SPRINT_BUF(b1);
2081 print_string(PRINT_ANY, "classid", "classid %s ",
2082 sprint_tc_classid(h, b1));
2083 } else {
2084 print_uint(PRINT_ANY, "hw_tc", "hw_tc %u ",
2085 TC_H_MIN(h) - TC_H_MIN_PRIORITY);
2086 }
2087 }
2088
2089 if (tb[TCA_FLOWER_INDEV]) {
2090 struct rtattr *attr = tb[TCA_FLOWER_INDEV];
2091
2092 print_nl();
2093 print_string(PRINT_ANY, "indev", " indev %s",
2094 rta_getattr_str(attr));
2095 }
2096
2097 open_json_object("keys");
2098
2099 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
2100 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ID];
2101
2102 print_nl();
2103 print_uint(PRINT_ANY, "vlan_id", " vlan_id %u",
2104 rta_getattr_u16(attr));
2105 }
2106
2107 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
2108 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_PRIO];
2109
2110 print_nl();
2111 print_uint(PRINT_ANY, "vlan_prio", " vlan_prio %d",
2112 rta_getattr_u8(attr));
2113 }
2114
2115 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
2116 SPRINT_BUF(buf);
2117 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE];
2118
2119 print_nl();
2120 print_string(PRINT_ANY, "vlan_ethtype", " vlan_ethtype %s",
2121 ll_proto_n2a(rta_getattr_u16(attr),
2122 buf, sizeof(buf)));
2123 }
2124
2125 if (tb[TCA_FLOWER_KEY_CVLAN_ID]) {
2126 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_ID];
2127
2128 print_nl();
2129 print_uint(PRINT_ANY, "cvlan_id", " cvlan_id %u",
2130 rta_getattr_u16(attr));
2131 }
2132
2133 if (tb[TCA_FLOWER_KEY_CVLAN_PRIO]) {
2134 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_PRIO];
2135
2136 print_nl();
2137 print_uint(PRINT_ANY, "cvlan_prio", " cvlan_prio %d",
2138 rta_getattr_u8(attr));
2139 }
2140
2141 if (tb[TCA_FLOWER_KEY_CVLAN_ETH_TYPE]) {
2142 SPRINT_BUF(buf);
2143 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_ETH_TYPE];
2144
2145 print_nl();
2146 print_string(PRINT_ANY, "cvlan_ethtype", " cvlan_ethtype %s",
2147 ll_proto_n2a(rta_getattr_u16(attr),
2148 buf, sizeof(buf)));
2149 }
2150
2151 flower_print_eth_addr("dst_mac", tb[TCA_FLOWER_KEY_ETH_DST],
2152 tb[TCA_FLOWER_KEY_ETH_DST_MASK]);
2153 flower_print_eth_addr("src_mac", tb[TCA_FLOWER_KEY_ETH_SRC],
2154 tb[TCA_FLOWER_KEY_ETH_SRC_MASK]);
2155
2156 flower_print_eth_type(&eth_type, tb[TCA_FLOWER_KEY_ETH_TYPE]);
2157 flower_print_ip_proto(&ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]);
2158
2159 flower_print_ip_attr("ip_tos", tb[TCA_FLOWER_KEY_IP_TOS],
2160 tb[TCA_FLOWER_KEY_IP_TOS_MASK]);
2161 flower_print_ip_attr("ip_ttl", tb[TCA_FLOWER_KEY_IP_TTL],
2162 tb[TCA_FLOWER_KEY_IP_TTL_MASK]);
2163
2164 flower_print_u32("mpls_label", tb[TCA_FLOWER_KEY_MPLS_LABEL]);
2165 flower_print_u8("mpls_tc", tb[TCA_FLOWER_KEY_MPLS_TC]);
2166 flower_print_u8("mpls_bos", tb[TCA_FLOWER_KEY_MPLS_BOS]);
2167 flower_print_u8("mpls_ttl", tb[TCA_FLOWER_KEY_MPLS_TTL]);
2168
2169 flower_print_ip_addr("dst_ip", eth_type,
2170 tb[TCA_FLOWER_KEY_IPV4_DST],
2171 tb[TCA_FLOWER_KEY_IPV4_DST_MASK],
2172 tb[TCA_FLOWER_KEY_IPV6_DST],
2173 tb[TCA_FLOWER_KEY_IPV6_DST_MASK]);
2174
2175 flower_print_ip_addr("src_ip", eth_type,
2176 tb[TCA_FLOWER_KEY_IPV4_SRC],
2177 tb[TCA_FLOWER_KEY_IPV4_SRC_MASK],
2178 tb[TCA_FLOWER_KEY_IPV6_SRC],
2179 tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]);
2180
2181 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST);
2182 nl_mask_type = flower_port_attr_mask_type(ip_proto, FLOWER_ENDPOINT_DST);
2183 if (nl_type >= 0)
2184 flower_print_port("dst_port", tb[nl_type], tb[nl_mask_type]);
2185 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC);
2186 nl_mask_type = flower_port_attr_mask_type(ip_proto, FLOWER_ENDPOINT_SRC);
2187 if (nl_type >= 0)
2188 flower_print_port("src_port", tb[nl_type], tb[nl_mask_type]);
2189
2190 if (!flower_port_range_attr_type(ip_proto, FLOWER_ENDPOINT_DST,
2191 &min_port_type, &max_port_type))
2192 flower_print_port_range("dst_port",
2193 tb[min_port_type], tb[max_port_type]);
2194
2195 if (!flower_port_range_attr_type(ip_proto, FLOWER_ENDPOINT_SRC,
2196 &min_port_type, &max_port_type))
2197 flower_print_port_range("src_port",
2198 tb[min_port_type], tb[max_port_type]);
2199
2200 flower_print_tcp_flags("tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
2201 tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
2202
2203 nl_type = flower_icmp_attr_type(eth_type, ip_proto,
2204 FLOWER_ICMP_FIELD_TYPE);
2205 nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
2206 FLOWER_ICMP_FIELD_TYPE);
2207 if (nl_type >= 0 && nl_mask_type >= 0)
2208 flower_print_masked_u8("icmp_type", tb[nl_type],
2209 tb[nl_mask_type], NULL);
2210
2211 nl_type = flower_icmp_attr_type(eth_type, ip_proto,
2212 FLOWER_ICMP_FIELD_CODE);
2213 nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
2214 FLOWER_ICMP_FIELD_CODE);
2215 if (nl_type >= 0 && nl_mask_type >= 0)
2216 flower_print_masked_u8("icmp_code", tb[nl_type],
2217 tb[nl_mask_type], NULL);
2218
2219 flower_print_ip4_addr("arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP],
2220 tb[TCA_FLOWER_KEY_ARP_SIP_MASK]);
2221 flower_print_ip4_addr("arp_tip", tb[TCA_FLOWER_KEY_ARP_TIP],
2222 tb[TCA_FLOWER_KEY_ARP_TIP_MASK]);
2223 flower_print_arp_op("arp_op", tb[TCA_FLOWER_KEY_ARP_OP],
2224 tb[TCA_FLOWER_KEY_ARP_OP_MASK]);
2225 flower_print_eth_addr("arp_sha", tb[TCA_FLOWER_KEY_ARP_SHA],
2226 tb[TCA_FLOWER_KEY_ARP_SHA_MASK]);
2227 flower_print_eth_addr("arp_tha", tb[TCA_FLOWER_KEY_ARP_THA],
2228 tb[TCA_FLOWER_KEY_ARP_THA_MASK]);
2229
2230 flower_print_ip_addr("enc_dst_ip",
2231 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ?
2232 htons(ETH_P_IP) : htons(ETH_P_IPV6),
2233 tb[TCA_FLOWER_KEY_ENC_IPV4_DST],
2234 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK],
2235 tb[TCA_FLOWER_KEY_ENC_IPV6_DST],
2236 tb[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]);
2237
2238 flower_print_ip_addr("enc_src_ip",
2239 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] ?
2240 htons(ETH_P_IP) : htons(ETH_P_IPV6),
2241 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC],
2242 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK],
2243 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC],
2244 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]);
2245
2246 flower_print_key_id("enc_key_id", tb[TCA_FLOWER_KEY_ENC_KEY_ID]);
2247
2248 flower_print_port("enc_dst_port", tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT],
2249 tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK]);
2250
2251 flower_print_ip_attr("enc_tos", tb[TCA_FLOWER_KEY_ENC_IP_TOS],
2252 tb[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
2253 flower_print_ip_attr("enc_ttl", tb[TCA_FLOWER_KEY_ENC_IP_TTL],
2254 tb[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
2255 flower_print_enc_opts("enc_opt", tb[TCA_FLOWER_KEY_ENC_OPTS],
2256 tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
2257
2258 flower_print_matching_flags("ip_flags", FLOWER_IP_FLAGS,
2259 tb[TCA_FLOWER_KEY_FLAGS],
2260 tb[TCA_FLOWER_KEY_FLAGS_MASK]);
2261
2262 flower_print_ct_state(tb[TCA_FLOWER_KEY_CT_STATE],
2263 tb[TCA_FLOWER_KEY_CT_STATE_MASK]);
2264 flower_print_ct_zone(tb[TCA_FLOWER_KEY_CT_ZONE],
2265 tb[TCA_FLOWER_KEY_CT_ZONE_MASK]);
2266 flower_print_ct_mark(tb[TCA_FLOWER_KEY_CT_MARK],
2267 tb[TCA_FLOWER_KEY_CT_MARK_MASK]);
2268 flower_print_ct_label(tb[TCA_FLOWER_KEY_CT_LABELS],
2269 tb[TCA_FLOWER_KEY_CT_LABELS_MASK]);
2270
2271 close_json_object();
2272
2273 if (tb[TCA_FLOWER_FLAGS]) {
2274 __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]);
2275
2276 if (flags & TCA_CLS_FLAGS_SKIP_HW) {
2277 print_nl();
2278 print_bool(PRINT_ANY, "skip_hw", " skip_hw", true);
2279 }
2280 if (flags & TCA_CLS_FLAGS_SKIP_SW) {
2281 print_nl();
2282 print_bool(PRINT_ANY, "skip_sw", " skip_sw", true);
2283 }
2284 if (flags & TCA_CLS_FLAGS_IN_HW) {
2285 print_nl();
2286 print_bool(PRINT_ANY, "in_hw", " in_hw", true);
2287
2288 if (tb[TCA_FLOWER_IN_HW_COUNT]) {
2289 __u32 count = rta_getattr_u32(tb[TCA_FLOWER_IN_HW_COUNT]);
2290
2291 print_uint(PRINT_ANY, "in_hw_count",
2292 " in_hw_count %u", count);
2293 }
2294 }
2295 else if (flags & TCA_CLS_FLAGS_NOT_IN_HW) {
2296 print_nl();
2297 print_bool(PRINT_ANY, "not_in_hw", " not_in_hw", true);
2298 }
2299 }
2300
2301 if (tb[TCA_FLOWER_ACT])
2302 tc_print_action(f, tb[TCA_FLOWER_ACT], 0);
2303
2304 return 0;
2305 }
2306
2307 struct filter_util flower_filter_util = {
2308 .id = "flower",
2309 .parse_fopt = flower_parse_opt,
2310 .print_fopt = flower_print_opt,
2311 };
Upstream mirror of iproute2