2 * f_flower.c Flower Classifier
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Jiri Pirko <jiri@resnulli.us>
18 #include <linux/if_arp.h>
19 #include <linux/if_ether.h>
21 #include <linux/tc_act/tc_vlan.h>
27 enum flower_matching_flags
{
31 enum flower_endpoint
{
36 enum flower_icmp_field
{
37 FLOWER_ICMP_FIELD_TYPE
,
38 FLOWER_ICMP_FIELD_CODE
41 static void explain(void)
44 "Usage: ... flower [ MATCH-LIST ]\n"
45 " [ skip_sw | skip_hw ]\n"
46 " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
48 "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
49 " MATCH := { indev DEV-NAME |\n"
51 " vlan_prio PRIORITY |\n"
52 " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
53 " dst_mac MASKED-LLADDR |\n"
54 " src_mac MASKED-LLADDR |\n"
55 " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
58 " dst_port PORT-NUMBER |\n"
59 " src_port PORT-NUMBER |\n"
60 " tcp_flags MASKED-TCP_FLAGS |\n"
61 " type MASKED-ICMP-TYPE |\n"
62 " code MASKED-ICMP-CODE |\n"
63 " arp_tip IPV4-PREFIX |\n"
64 " arp_sip IPV4-PREFIX |\n"
65 " arp_op [ request | reply | OP ] |\n"
66 " arp_tha MASKED-LLADDR |\n"
67 " arp_sha MASKED-LLADDR |\n"
68 " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
69 " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
70 " enc_key_id [ KEY-ID ] |\n"
71 " ip_flags IP-FLAGS | \n"
72 " enc_dst_port [ port_number ] }\n"
73 " FILTERID := X:Y:Z\n"
74 " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
75 " ACTION-SPEC := ... look at individual actions\n"
77 "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
78 "NOTE: There can be only used one mask per one prio. If user needs\n"
79 " to specify different mask, he has to use different prio.\n");
82 static int flower_parse_eth_addr(char *str
, int addr_type
, int mask_type
,
86 char addr
[ETH_ALEN
], *slash
;
88 slash
= strchr(str
, '/');
92 ret
= ll_addr_a2n(addr
, sizeof(addr
), str
);
95 addattr_l(n
, MAX_MSG
, addr_type
, addr
, sizeof(addr
));
100 if (!get_unsigned(&bits
, slash
+ 1, 10)) {
103 /* Extra 16 bit shift to push mac address into
104 * high bits of uint64_t
106 mask
= htonll(0xffffffffffffULL
<< (16 + 48 - bits
));
107 memcpy(addr
, &mask
, ETH_ALEN
);
109 ret
= ll_addr_a2n(addr
, sizeof(addr
), slash
+ 1);
114 memset(addr
, 0xff, ETH_ALEN
);
116 addattr_l(n
, MAX_MSG
, mask_type
, addr
, sizeof(addr
));
125 static int flower_parse_vlan_eth_type(char *str
, __be16 eth_type
, int type
,
126 __be16
*p_vlan_eth_type
,
129 __be16 vlan_eth_type
;
131 if (eth_type
!= htons(ETH_P_8021Q
)) {
133 "Can't set \"vlan_ethtype\" if ethertype isn't 802.1Q\n");
137 if (ll_proto_a2n(&vlan_eth_type
, str
))
138 invarg("invalid vlan_ethtype", str
);
139 addattr16(n
, MAX_MSG
, type
, vlan_eth_type
);
140 *p_vlan_eth_type
= vlan_eth_type
;
144 struct flag_to_string
{
146 enum flower_matching_flags type
;
150 static struct flag_to_string flags_str
[] = {
151 { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT
, FLOWER_IP_FLAGS
, "frag" },
154 static int flower_parse_matching_flags(char *str
,
155 enum flower_matching_flags type
,
156 __u32
*mtf
, __u32
*mtf_mask
)
163 token
= strtok(str
, "/");
166 if (!strncmp(token
, "no", 2)) {
173 for (i
= 0; i
< ARRAY_SIZE(flags_str
); i
++) {
174 if (type
!= flags_str
[i
].type
)
177 if (!strcmp(token
, flags_str
[i
].string
)) {
179 *mtf
&= ~flags_str
[i
].flag
;
181 *mtf
|= flags_str
[i
].flag
;
183 *mtf_mask
|= flags_str
[i
].flag
;
191 token
= strtok(NULL
, "/");
197 static int flower_parse_ip_proto(char *str
, __be16 eth_type
, int type
,
198 __u8
*p_ip_proto
, struct nlmsghdr
*n
)
203 if (eth_type
!= htons(ETH_P_IP
) && eth_type
!= htons(ETH_P_IPV6
))
206 if (matches(str
, "tcp") == 0) {
207 ip_proto
= IPPROTO_TCP
;
208 } else if (matches(str
, "udp") == 0) {
209 ip_proto
= IPPROTO_UDP
;
210 } else if (matches(str
, "sctp") == 0) {
211 ip_proto
= IPPROTO_SCTP
;
212 } else if (matches(str
, "icmp") == 0) {
213 if (eth_type
!= htons(ETH_P_IP
))
215 ip_proto
= IPPROTO_ICMP
;
216 } else if (matches(str
, "icmpv6") == 0) {
217 if (eth_type
!= htons(ETH_P_IPV6
))
219 ip_proto
= IPPROTO_ICMPV6
;
221 ret
= get_u8(&ip_proto
, str
, 16);
225 addattr8(n
, MAX_MSG
, type
, ip_proto
);
226 *p_ip_proto
= ip_proto
;
230 fprintf(stderr
, "Illegal \"eth_type\" for ip proto\n");
234 static int __flower_parse_ip_addr(char *str
, int family
,
235 int addr4_type
, int mask4_type
,
236 int addr6_type
, int mask6_type
,
244 ret
= get_prefix(&addr
, str
, family
);
248 if (family
&& (addr
.family
!= family
)) {
249 fprintf(stderr
, "Illegal \"eth_type\" for ip address\n");
253 addattr_l(n
, MAX_MSG
, addr
.family
== AF_INET
? addr4_type
: addr6_type
,
254 addr
.data
, addr
.bytelen
);
256 memset(addr
.data
, 0xff, addr
.bytelen
);
258 for (i
= 0; i
< addr
.bytelen
/ 4; i
++) {
261 } else if (bits
/ 32 >= 1) {
264 addr
.data
[i
] <<= 32 - bits
;
265 addr
.data
[i
] = htonl(addr
.data
[i
]);
270 addattr_l(n
, MAX_MSG
, addr
.family
== AF_INET
? mask4_type
: mask6_type
,
271 addr
.data
, addr
.bytelen
);
276 static int flower_parse_ip_addr(char *str
, __be16 eth_type
,
277 int addr4_type
, int mask4_type
,
278 int addr6_type
, int mask6_type
,
283 if (eth_type
== htons(ETH_P_IP
)) {
285 } else if (eth_type
== htons(ETH_P_IPV6
)) {
287 } else if (!eth_type
) {
293 return __flower_parse_ip_addr(str
, family
, addr4_type
, mask4_type
,
294 addr6_type
, mask6_type
, n
);
297 static bool flower_eth_type_arp(__be16 eth_type
)
299 return eth_type
== htons(ETH_P_ARP
) || eth_type
== htons(ETH_P_RARP
);
302 static int flower_parse_arp_ip_addr(char *str
, __be16 eth_type
,
303 int addr_type
, int mask_type
,
306 if (!flower_eth_type_arp(eth_type
))
309 return __flower_parse_ip_addr(str
, AF_INET
, addr_type
, mask_type
,
310 TCA_FLOWER_UNSPEC
, TCA_FLOWER_UNSPEC
, n
);
313 static int flower_parse_u8(char *str
, int value_type
, int mask_type
,
314 int (*value_from_name
)(const char *str
,
316 bool (*value_validate
)(__u8 value
),
323 slash
= strchr(str
, '/');
327 ret
= value_from_name
? value_from_name(str
, &value
) : -1;
329 ret
= get_u8(&value
, str
, 10);
334 if (value_validate
&& !value_validate(value
))
338 ret
= get_u8(&mask
, slash
+ 1, 10);
346 addattr8(n
, MAX_MSG
, value_type
, value
);
347 addattr8(n
, MAX_MSG
, mask_type
, mask
);
356 static const char *flower_print_arp_op_to_name(__u8 op
)
368 static int flower_arp_op_from_name(const char *name
, __u8
*op
)
370 if (!strcmp(name
, "request"))
372 else if (!strcmp(name
, "reply"))
380 static bool flow_arp_op_validate(__u8 op
)
382 return !op
|| op
== ARPOP_REQUEST
|| op
== ARPOP_REPLY
;
385 static int flower_parse_arp_op(char *str
, __be16 eth_type
,
386 int op_type
, int mask_type
,
389 if (!flower_eth_type_arp(eth_type
))
392 return flower_parse_u8(str
, op_type
, mask_type
, flower_arp_op_from_name
,
393 flow_arp_op_validate
, n
);
396 static int flower_icmp_attr_type(__be16 eth_type
, __u8 ip_proto
,
397 enum flower_icmp_field field
)
399 if (eth_type
== htons(ETH_P_IP
) && ip_proto
== IPPROTO_ICMP
)
400 return field
== FLOWER_ICMP_FIELD_CODE
?
401 TCA_FLOWER_KEY_ICMPV4_CODE
:
402 TCA_FLOWER_KEY_ICMPV4_TYPE
;
403 else if (eth_type
== htons(ETH_P_IPV6
) && ip_proto
== IPPROTO_ICMPV6
)
404 return field
== FLOWER_ICMP_FIELD_CODE
?
405 TCA_FLOWER_KEY_ICMPV6_CODE
:
406 TCA_FLOWER_KEY_ICMPV6_TYPE
;
411 static int flower_icmp_attr_mask_type(__be16 eth_type
, __u8 ip_proto
,
412 enum flower_icmp_field field
)
414 if (eth_type
== htons(ETH_P_IP
) && ip_proto
== IPPROTO_ICMP
)
415 return field
== FLOWER_ICMP_FIELD_CODE
?
416 TCA_FLOWER_KEY_ICMPV4_CODE_MASK
:
417 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK
;
418 else if (eth_type
== htons(ETH_P_IPV6
) && ip_proto
== IPPROTO_ICMPV6
)
419 return field
== FLOWER_ICMP_FIELD_CODE
?
420 TCA_FLOWER_KEY_ICMPV6_CODE_MASK
:
421 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK
;
426 static int flower_parse_icmp(char *str
, __u16 eth_type
, __u8 ip_proto
,
427 enum flower_icmp_field field
, struct nlmsghdr
*n
)
429 int value_type
, mask_type
;
431 value_type
= flower_icmp_attr_type(eth_type
, ip_proto
, field
);
432 mask_type
= flower_icmp_attr_mask_type(eth_type
, ip_proto
, field
);
433 if (value_type
< 0 || mask_type
< 0)
436 return flower_parse_u8(str
, value_type
, mask_type
, NULL
, NULL
, n
);
439 static int flower_port_attr_type(__u8 ip_proto
, enum flower_endpoint endpoint
)
441 if (ip_proto
== IPPROTO_TCP
)
442 return endpoint
== FLOWER_ENDPOINT_SRC
?
443 TCA_FLOWER_KEY_TCP_SRC
:
444 TCA_FLOWER_KEY_TCP_DST
;
445 else if (ip_proto
== IPPROTO_UDP
)
446 return endpoint
== FLOWER_ENDPOINT_SRC
?
447 TCA_FLOWER_KEY_UDP_SRC
:
448 TCA_FLOWER_KEY_UDP_DST
;
449 else if (ip_proto
== IPPROTO_SCTP
)
450 return endpoint
== FLOWER_ENDPOINT_SRC
?
451 TCA_FLOWER_KEY_SCTP_SRC
:
452 TCA_FLOWER_KEY_SCTP_DST
;
457 static int flower_parse_port(char *str
, __u8 ip_proto
,
458 enum flower_endpoint endpoint
,
465 type
= flower_port_attr_type(ip_proto
, endpoint
);
469 ret
= get_be16(&port
, str
, 10);
473 addattr16(n
, MAX_MSG
, type
, port
);
478 #define TCP_FLAGS_MAX_MASK 0xfff
480 static int flower_parse_tcp_flags(char *str
, int flags_type
, int mask_type
,
487 slash
= strchr(str
, '/');
491 ret
= get_u16(&flags
, str
, 16);
492 if (ret
< 0 || flags
& ~TCP_FLAGS_MAX_MASK
)
495 addattr16(n
, MAX_MSG
, flags_type
, htons(flags
));
498 ret
= get_u16(&flags
, slash
+ 1, 16);
499 if (ret
< 0 || flags
& ~TCP_FLAGS_MAX_MASK
)
502 flags
= TCP_FLAGS_MAX_MASK
;
504 addattr16(n
, MAX_MSG
, mask_type
, htons(flags
));
513 static int flower_parse_key_id(const char *str
, int type
, struct nlmsghdr
*n
)
518 ret
= get_be32(&key_id
, str
, 10);
520 addattr32(n
, MAX_MSG
, type
, key_id
);
525 static int flower_parse_enc_port(char *str
, int type
, struct nlmsghdr
*n
)
530 ret
= get_be16(&port
, str
, 10);
534 addattr16(n
, MAX_MSG
, type
, port
);
539 static int flower_parse_opt(struct filter_util
*qu
, char *handle
,
540 int argc
, char **argv
, struct nlmsghdr
*n
)
543 struct tcmsg
*t
= NLMSG_DATA(n
);
545 __be16 eth_type
= TC_H_MIN(t
->tcm_info
);
546 __be16 vlan_ethtype
= 0;
547 __u8 ip_proto
= 0xff;
553 ret
= get_u32(&t
->tcm_handle
, handle
, 0);
555 fprintf(stderr
, "Illegal \"handle\"\n");
560 tail
= (struct rtattr
*) (((void *) n
) + NLMSG_ALIGN(n
->nlmsg_len
));
561 addattr_l(n
, MAX_MSG
, TCA_OPTIONS
, NULL
, 0);
564 /*at minimal we will match all ethertype packets */
569 if (matches(*argv
, "classid") == 0 ||
570 matches(*argv
, "flowid") == 0) {
574 ret
= get_tc_classid(&handle
, *argv
);
576 fprintf(stderr
, "Illegal \"classid\"\n");
579 addattr_l(n
, MAX_MSG
, TCA_FLOWER_CLASSID
, &handle
, 4);
580 } else if (matches(*argv
, "ip_flags") == 0) {
582 ret
= flower_parse_matching_flags(*argv
,
587 fprintf(stderr
, "Illegal \"ip_flags\"\n");
590 } else if (matches(*argv
, "skip_hw") == 0) {
591 flags
|= TCA_CLS_FLAGS_SKIP_HW
;
592 } else if (matches(*argv
, "skip_sw") == 0) {
593 flags
|= TCA_CLS_FLAGS_SKIP_SW
;
594 } else if (matches(*argv
, "indev") == 0) {
595 char ifname
[IFNAMSIZ
] = {};
598 strncpy(ifname
, *argv
, sizeof(ifname
) - 1);
599 addattrstrz(n
, MAX_MSG
, TCA_FLOWER_INDEV
, ifname
);
600 } else if (matches(*argv
, "vlan_id") == 0) {
604 if (eth_type
!= htons(ETH_P_8021Q
)) {
606 "Can't set \"vlan_id\" if ethertype isn't 802.1Q\n");
609 ret
= get_u16(&vid
, *argv
, 10);
610 if (ret
< 0 || vid
& ~0xfff) {
611 fprintf(stderr
, "Illegal \"vlan_id\"\n");
614 addattr16(n
, MAX_MSG
, TCA_FLOWER_KEY_VLAN_ID
, vid
);
615 } else if (matches(*argv
, "vlan_prio") == 0) {
619 if (eth_type
!= htons(ETH_P_8021Q
)) {
621 "Can't set \"vlan_prio\" if ethertype isn't 802.1Q\n");
624 ret
= get_u8(&vlan_prio
, *argv
, 10);
625 if (ret
< 0 || vlan_prio
& ~0x7) {
626 fprintf(stderr
, "Illegal \"vlan_prio\"\n");
630 TCA_FLOWER_KEY_VLAN_PRIO
, vlan_prio
);
631 } else if (matches(*argv
, "vlan_ethtype") == 0) {
633 ret
= flower_parse_vlan_eth_type(*argv
, eth_type
,
634 TCA_FLOWER_KEY_VLAN_ETH_TYPE
,
638 } else if (matches(*argv
, "dst_mac") == 0) {
640 ret
= flower_parse_eth_addr(*argv
,
641 TCA_FLOWER_KEY_ETH_DST
,
642 TCA_FLOWER_KEY_ETH_DST_MASK
,
645 fprintf(stderr
, "Illegal \"dst_mac\"\n");
648 } else if (matches(*argv
, "src_mac") == 0) {
650 ret
= flower_parse_eth_addr(*argv
,
651 TCA_FLOWER_KEY_ETH_SRC
,
652 TCA_FLOWER_KEY_ETH_SRC_MASK
,
655 fprintf(stderr
, "Illegal \"src_mac\"\n");
658 } else if (matches(*argv
, "ip_proto") == 0) {
660 ret
= flower_parse_ip_proto(*argv
, vlan_ethtype
?
661 vlan_ethtype
: eth_type
,
662 TCA_FLOWER_KEY_IP_PROTO
,
665 fprintf(stderr
, "Illegal \"ip_proto\"\n");
668 } else if (matches(*argv
, "dst_ip") == 0) {
670 ret
= flower_parse_ip_addr(*argv
, vlan_ethtype
?
671 vlan_ethtype
: eth_type
,
672 TCA_FLOWER_KEY_IPV4_DST
,
673 TCA_FLOWER_KEY_IPV4_DST_MASK
,
674 TCA_FLOWER_KEY_IPV6_DST
,
675 TCA_FLOWER_KEY_IPV6_DST_MASK
,
678 fprintf(stderr
, "Illegal \"dst_ip\"\n");
681 } else if (matches(*argv
, "src_ip") == 0) {
683 ret
= flower_parse_ip_addr(*argv
, vlan_ethtype
?
684 vlan_ethtype
: eth_type
,
685 TCA_FLOWER_KEY_IPV4_SRC
,
686 TCA_FLOWER_KEY_IPV4_SRC_MASK
,
687 TCA_FLOWER_KEY_IPV6_SRC
,
688 TCA_FLOWER_KEY_IPV6_SRC_MASK
,
691 fprintf(stderr
, "Illegal \"src_ip\"\n");
694 } else if (matches(*argv
, "dst_port") == 0) {
696 ret
= flower_parse_port(*argv
, ip_proto
,
697 FLOWER_ENDPOINT_DST
, n
);
699 fprintf(stderr
, "Illegal \"dst_port\"\n");
702 } else if (matches(*argv
, "src_port") == 0) {
704 ret
= flower_parse_port(*argv
, ip_proto
,
705 FLOWER_ENDPOINT_SRC
, n
);
707 fprintf(stderr
, "Illegal \"src_port\"\n");
710 } else if (matches(*argv
, "tcp_flags") == 0) {
712 ret
= flower_parse_tcp_flags(*argv
,
713 TCA_FLOWER_KEY_TCP_FLAGS
,
714 TCA_FLOWER_KEY_TCP_FLAGS_MASK
,
717 fprintf(stderr
, "Illegal \"tcp_flags\"\n");
720 } else if (matches(*argv
, "type") == 0) {
722 ret
= flower_parse_icmp(*argv
, eth_type
, ip_proto
,
723 FLOWER_ICMP_FIELD_TYPE
, n
);
725 fprintf(stderr
, "Illegal \"icmp type\"\n");
728 } else if (matches(*argv
, "code") == 0) {
730 ret
= flower_parse_icmp(*argv
, eth_type
, ip_proto
,
731 FLOWER_ICMP_FIELD_CODE
, n
);
733 fprintf(stderr
, "Illegal \"icmp code\"\n");
736 } else if (matches(*argv
, "arp_tip") == 0) {
738 ret
= flower_parse_arp_ip_addr(*argv
, vlan_ethtype
?
739 vlan_ethtype
: eth_type
,
740 TCA_FLOWER_KEY_ARP_TIP
,
741 TCA_FLOWER_KEY_ARP_TIP_MASK
,
744 fprintf(stderr
, "Illegal \"arp_tip\"\n");
747 } else if (matches(*argv
, "arp_sip") == 0) {
749 ret
= flower_parse_arp_ip_addr(*argv
, vlan_ethtype
?
750 vlan_ethtype
: eth_type
,
751 TCA_FLOWER_KEY_ARP_SIP
,
752 TCA_FLOWER_KEY_ARP_SIP_MASK
,
755 fprintf(stderr
, "Illegal \"arp_sip\"\n");
758 } else if (matches(*argv
, "arp_op") == 0) {
760 ret
= flower_parse_arp_op(*argv
, vlan_ethtype
?
761 vlan_ethtype
: eth_type
,
762 TCA_FLOWER_KEY_ARP_OP
,
763 TCA_FLOWER_KEY_ARP_OP_MASK
,
766 fprintf(stderr
, "Illegal \"arp_op\"\n");
769 } else if (matches(*argv
, "arp_tha") == 0) {
771 ret
= flower_parse_eth_addr(*argv
,
772 TCA_FLOWER_KEY_ARP_THA
,
773 TCA_FLOWER_KEY_ARP_THA_MASK
,
776 fprintf(stderr
, "Illegal \"arp_tha\"\n");
779 } else if (matches(*argv
, "arp_sha") == 0) {
781 ret
= flower_parse_eth_addr(*argv
,
782 TCA_FLOWER_KEY_ARP_SHA
,
783 TCA_FLOWER_KEY_ARP_SHA_MASK
,
786 fprintf(stderr
, "Illegal \"arp_sha\"\n");
789 } else if (matches(*argv
, "enc_dst_ip") == 0) {
791 ret
= flower_parse_ip_addr(*argv
, 0,
792 TCA_FLOWER_KEY_ENC_IPV4_DST
,
793 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
,
794 TCA_FLOWER_KEY_ENC_IPV6_DST
,
795 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK
,
798 fprintf(stderr
, "Illegal \"enc_dst_ip\"\n");
801 } else if (matches(*argv
, "enc_src_ip") == 0) {
803 ret
= flower_parse_ip_addr(*argv
, 0,
804 TCA_FLOWER_KEY_ENC_IPV4_SRC
,
805 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
,
806 TCA_FLOWER_KEY_ENC_IPV6_SRC
,
807 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK
,
810 fprintf(stderr
, "Illegal \"enc_src_ip\"\n");
813 } else if (matches(*argv
, "enc_key_id") == 0) {
815 ret
= flower_parse_key_id(*argv
,
816 TCA_FLOWER_KEY_ENC_KEY_ID
, n
);
818 fprintf(stderr
, "Illegal \"enc_key_id\"\n");
821 } else if (matches(*argv
, "enc_dst_port") == 0) {
823 ret
= flower_parse_enc_port(*argv
,
824 TCA_FLOWER_KEY_ENC_UDP_DST_PORT
, n
);
826 fprintf(stderr
, "Illegal \"enc_dst_port\"\n");
829 } else if (matches(*argv
, "action") == 0) {
831 ret
= parse_action(&argc
, &argv
, TCA_FLOWER_ACT
, n
);
833 fprintf(stderr
, "Illegal \"action\"\n");
837 } else if (strcmp(*argv
, "help") == 0) {
841 fprintf(stderr
, "What is \"%s\"?\n", *argv
);
849 ret
= addattr32(n
, MAX_MSG
, TCA_FLOWER_FLAGS
, flags
);
854 ret
= addattr32(n
, MAX_MSG
, TCA_FLOWER_KEY_FLAGS
, htonl(mtf
));
858 ret
= addattr32(n
, MAX_MSG
, TCA_FLOWER_KEY_FLAGS_MASK
, htonl(mtf_mask
));
863 if (eth_type
!= htons(ETH_P_ALL
)) {
864 ret
= addattr16(n
, MAX_MSG
, TCA_FLOWER_KEY_ETH_TYPE
, eth_type
);
869 tail
->rta_len
= (((void *)n
)+n
->nlmsg_len
) - (void *)tail
;
874 static int __mask_bits(char *addr
, size_t len
)
881 for (i
= 0; i
< len
; i
++, addr
++) {
882 for (j
= 7; j
>= 0; j
--) {
883 if (((*addr
) >> j
) & 0x1) {
897 static void flower_print_eth_addr(FILE *f
, char *name
,
898 struct rtattr
*addr_attr
,
899 struct rtattr
*mask_attr
)
904 if (!addr_attr
|| RTA_PAYLOAD(addr_attr
) != ETH_ALEN
)
906 fprintf(f
, "\n %s %s", name
, ll_addr_n2a(RTA_DATA(addr_attr
), ETH_ALEN
,
908 if (!mask_attr
|| RTA_PAYLOAD(mask_attr
) != ETH_ALEN
)
910 bits
= __mask_bits(RTA_DATA(mask_attr
), ETH_ALEN
);
912 fprintf(f
, "/%s", ll_addr_n2a(RTA_DATA(mask_attr
), ETH_ALEN
,
914 else if (bits
< ETH_ALEN
* 8)
915 fprintf(f
, "/%d", bits
);
918 static void flower_print_eth_type(FILE *f
, __be16
*p_eth_type
,
919 struct rtattr
*eth_type_attr
)
926 eth_type
= rta_getattr_u16(eth_type_attr
);
927 fprintf(f
, "\n eth_type ");
928 if (eth_type
== htons(ETH_P_IP
))
930 else if (eth_type
== htons(ETH_P_IPV6
))
932 else if (eth_type
== htons(ETH_P_ARP
))
934 else if (eth_type
== htons(ETH_P_RARP
))
937 fprintf(f
, "%04x", ntohs(eth_type
));
938 *p_eth_type
= eth_type
;
941 static void flower_print_ip_proto(FILE *f
, __u8
*p_ip_proto
,
942 struct rtattr
*ip_proto_attr
)
949 ip_proto
= rta_getattr_u8(ip_proto_attr
);
950 fprintf(f
, "\n ip_proto ");
951 if (ip_proto
== IPPROTO_TCP
)
953 else if (ip_proto
== IPPROTO_UDP
)
955 else if (ip_proto
== IPPROTO_SCTP
)
957 else if (ip_proto
== IPPROTO_ICMP
)
959 else if (ip_proto
== IPPROTO_ICMPV6
)
960 fprintf(f
, "icmpv6");
962 fprintf(f
, "%02x", ip_proto
);
963 *p_ip_proto
= ip_proto
;
966 static void flower_print_matching_flags(FILE *f
, char *name
,
967 enum flower_matching_flags type
,
969 struct rtattr
*mask_attr
)
976 if (!mask_attr
|| RTA_PAYLOAD(mask_attr
) != 4)
979 mtf
= ntohl(rta_getattr_u32(attr
));
980 mtf_mask
= ntohl(rta_getattr_u32(mask_attr
));
982 for (i
= 0; i
< ARRAY_SIZE(flags_str
); i
++) {
983 if (type
!= flags_str
[i
].type
)
985 if (mtf_mask
& flags_str
[i
].flag
) {
987 fprintf(f
, "\n %s ", name
);
991 if (mtf
& flags_str
[i
].flag
)
992 fprintf(f
, "%s", flags_str
[i
].string
);
994 fprintf(f
, "no%s", flags_str
[i
].string
);
999 static void flower_print_ip_addr(FILE *f
, char *name
, __be16 eth_type
,
1000 struct rtattr
*addr4_attr
,
1001 struct rtattr
*mask4_attr
,
1002 struct rtattr
*addr6_attr
,
1003 struct rtattr
*mask6_attr
)
1005 struct rtattr
*addr_attr
;
1006 struct rtattr
*mask_attr
;
1011 if (eth_type
== htons(ETH_P_IP
)) {
1013 addr_attr
= addr4_attr
;
1014 mask_attr
= mask4_attr
;
1016 } else if (eth_type
== htons(ETH_P_IPV6
)) {
1018 addr_attr
= addr6_attr
;
1019 mask_attr
= mask6_attr
;
1024 if (!addr_attr
|| RTA_PAYLOAD(addr_attr
) != len
)
1026 fprintf(f
, "\n %s %s", name
, rt_addr_n2a_rta(family
, addr_attr
));
1027 if (!mask_attr
|| RTA_PAYLOAD(mask_attr
) != len
)
1029 bits
= __mask_bits(RTA_DATA(mask_attr
), len
);
1031 fprintf(f
, "/%s", rt_addr_n2a_rta(family
, mask_attr
));
1032 else if (bits
< len
* 8)
1033 fprintf(f
, "/%d", bits
);
1035 static void flower_print_ip4_addr(FILE *f
, char *name
,
1036 struct rtattr
*addr_attr
,
1037 struct rtattr
*mask_attr
)
1039 return flower_print_ip_addr(f
, name
, htons(ETH_P_IP
),
1040 addr_attr
, mask_attr
, 0, 0);
1043 static void flower_print_port(FILE *f
, char *name
, struct rtattr
*attr
)
1046 fprintf(f
, "\n %s %d", name
, rta_getattr_be16(attr
));
1049 static void flower_print_tcp_flags(FILE *f
, char *name
,
1050 struct rtattr
*flags_attr
,
1051 struct rtattr
*mask_attr
)
1055 fprintf(f
, "\n %s %x", name
, rta_getattr_be16(flags_attr
));
1058 fprintf(f
, "/%x", rta_getattr_be16(mask_attr
));
1062 static void flower_print_key_id(FILE *f
, const char *name
,
1063 struct rtattr
*attr
)
1066 fprintf(f
, "\n %s %d", name
, rta_getattr_be32(attr
));
1069 static void flower_print_masked_u8(FILE *f
, const char *name
,
1070 struct rtattr
*attr
,
1071 struct rtattr
*mask_attr
,
1072 const char *(*value_to_str
)(__u8 value
))
1074 const char *value_str
= NULL
;
1080 value
= rta_getattr_u8(attr
);
1081 mask
= mask_attr
? rta_getattr_u8(mask_attr
) : UINT8_MAX
;
1082 if (mask
== UINT8_MAX
&& value_to_str
)
1083 value_str
= value_to_str(value
);
1085 fprintf(f
, "\n %s ", name
);
1088 fputs(value_str
, f
);
1090 fprintf(f
, "%d", value
);
1092 if (mask
!= UINT8_MAX
)
1093 fprintf(f
, "/%d", mask
);
1096 static void flower_print_arp_op(FILE *f
, const char *name
,
1097 struct rtattr
*op_attr
,
1098 struct rtattr
*mask_attr
)
1100 flower_print_masked_u8(f
, name
, op_attr
, mask_attr
,
1101 flower_print_arp_op_to_name
);
1104 static int flower_print_opt(struct filter_util
*qu
, FILE *f
,
1105 struct rtattr
*opt
, __u32 handle
)
1107 struct rtattr
*tb
[TCA_FLOWER_MAX
+ 1];
1108 int nl_type
, nl_mask_type
;
1109 __be16 eth_type
= 0;
1110 __u8 ip_proto
= 0xff;
1115 parse_rtattr_nested(tb
, TCA_FLOWER_MAX
, opt
);
1118 fprintf(f
, "handle 0x%x ", handle
);
1120 if (tb
[TCA_FLOWER_CLASSID
]) {
1122 fprintf(f
, "classid %s ",
1123 sprint_tc_classid(rta_getattr_u32(tb
[TCA_FLOWER_CLASSID
]),
1127 if (tb
[TCA_FLOWER_INDEV
]) {
1128 struct rtattr
*attr
= tb
[TCA_FLOWER_INDEV
];
1130 fprintf(f
, "\n indev %s", rta_getattr_str(attr
));
1133 if (tb
[TCA_FLOWER_KEY_VLAN_ID
]) {
1134 struct rtattr
*attr
= tb
[TCA_FLOWER_KEY_VLAN_ID
];
1136 fprintf(f
, "\n vlan_id %d", rta_getattr_u16(attr
));
1139 if (tb
[TCA_FLOWER_KEY_VLAN_PRIO
]) {
1140 struct rtattr
*attr
= tb
[TCA_FLOWER_KEY_VLAN_PRIO
];
1142 fprintf(f
, "\n vlan_prio %d", rta_getattr_u8(attr
));
1145 flower_print_eth_addr(f
, "dst_mac", tb
[TCA_FLOWER_KEY_ETH_DST
],
1146 tb
[TCA_FLOWER_KEY_ETH_DST_MASK
]);
1147 flower_print_eth_addr(f
, "src_mac", tb
[TCA_FLOWER_KEY_ETH_SRC
],
1148 tb
[TCA_FLOWER_KEY_ETH_SRC_MASK
]);
1150 flower_print_eth_type(f
, ð_type
, tb
[TCA_FLOWER_KEY_ETH_TYPE
]);
1151 flower_print_ip_proto(f
, &ip_proto
, tb
[TCA_FLOWER_KEY_IP_PROTO
]);
1153 flower_print_ip_addr(f
, "dst_ip", eth_type
,
1154 tb
[TCA_FLOWER_KEY_IPV4_DST
],
1155 tb
[TCA_FLOWER_KEY_IPV4_DST_MASK
],
1156 tb
[TCA_FLOWER_KEY_IPV6_DST
],
1157 tb
[TCA_FLOWER_KEY_IPV6_DST_MASK
]);
1159 flower_print_ip_addr(f
, "src_ip", eth_type
,
1160 tb
[TCA_FLOWER_KEY_IPV4_SRC
],
1161 tb
[TCA_FLOWER_KEY_IPV4_SRC_MASK
],
1162 tb
[TCA_FLOWER_KEY_IPV6_SRC
],
1163 tb
[TCA_FLOWER_KEY_IPV6_SRC_MASK
]);
1165 nl_type
= flower_port_attr_type(ip_proto
, FLOWER_ENDPOINT_DST
);
1167 flower_print_port(f
, "dst_port", tb
[nl_type
]);
1168 nl_type
= flower_port_attr_type(ip_proto
, FLOWER_ENDPOINT_SRC
);
1170 flower_print_port(f
, "src_port", tb
[nl_type
]);
1172 flower_print_tcp_flags(f
, "tcp_flags", tb
[TCA_FLOWER_KEY_TCP_FLAGS
],
1173 tb
[TCA_FLOWER_KEY_TCP_FLAGS_MASK
]);
1175 nl_type
= flower_icmp_attr_type(eth_type
, ip_proto
,
1176 FLOWER_ICMP_FIELD_TYPE
);
1177 nl_mask_type
= flower_icmp_attr_mask_type(eth_type
, ip_proto
,
1178 FLOWER_ICMP_FIELD_TYPE
);
1179 if (nl_type
>= 0 && nl_mask_type
>= 0)
1180 flower_print_masked_u8(f
, "icmp_type", tb
[nl_type
],
1181 tb
[nl_mask_type
], NULL
);
1183 nl_type
= flower_icmp_attr_type(eth_type
, ip_proto
,
1184 FLOWER_ICMP_FIELD_CODE
);
1185 nl_mask_type
= flower_icmp_attr_mask_type(eth_type
, ip_proto
,
1186 FLOWER_ICMP_FIELD_CODE
);
1187 if (nl_type
>= 0 && nl_mask_type
>= 0)
1188 flower_print_masked_u8(f
, "icmp_code", tb
[nl_type
],
1189 tb
[nl_mask_type
], NULL
);
1191 flower_print_ip4_addr(f
, "arp_sip", tb
[TCA_FLOWER_KEY_ARP_SIP
],
1192 tb
[TCA_FLOWER_KEY_ARP_SIP_MASK
]);
1193 flower_print_ip4_addr(f
, "arp_tip", tb
[TCA_FLOWER_KEY_ARP_TIP
],
1194 tb
[TCA_FLOWER_KEY_ARP_TIP_MASK
]);
1195 flower_print_arp_op(f
, "arp_op", tb
[TCA_FLOWER_KEY_ARP_OP
],
1196 tb
[TCA_FLOWER_KEY_ARP_OP_MASK
]);
1197 flower_print_eth_addr(f
, "arp_sha", tb
[TCA_FLOWER_KEY_ARP_SHA
],
1198 tb
[TCA_FLOWER_KEY_ARP_SHA_MASK
]);
1199 flower_print_eth_addr(f
, "arp_tha", tb
[TCA_FLOWER_KEY_ARP_THA
],
1200 tb
[TCA_FLOWER_KEY_ARP_THA_MASK
]);
1202 flower_print_ip_addr(f
, "enc_dst_ip",
1203 tb
[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
] ?
1204 htons(ETH_P_IP
) : htons(ETH_P_IPV6
),
1205 tb
[TCA_FLOWER_KEY_ENC_IPV4_DST
],
1206 tb
[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
],
1207 tb
[TCA_FLOWER_KEY_ENC_IPV6_DST
],
1208 tb
[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK
]);
1210 flower_print_ip_addr(f
, "enc_src_ip",
1211 tb
[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
] ?
1212 htons(ETH_P_IP
) : htons(ETH_P_IPV6
),
1213 tb
[TCA_FLOWER_KEY_ENC_IPV4_SRC
],
1214 tb
[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
],
1215 tb
[TCA_FLOWER_KEY_ENC_IPV6_SRC
],
1216 tb
[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK
]);
1218 flower_print_key_id(f
, "enc_key_id",
1219 tb
[TCA_FLOWER_KEY_ENC_KEY_ID
]);
1221 flower_print_port(f
, "enc_dst_port",
1222 tb
[TCA_FLOWER_KEY_ENC_UDP_DST_PORT
]);
1224 flower_print_matching_flags(f
, "ip_flags",
1226 tb
[TCA_FLOWER_KEY_FLAGS
],
1227 tb
[TCA_FLOWER_KEY_FLAGS_MASK
]);
1229 if (tb
[TCA_FLOWER_FLAGS
]) {
1230 __u32 flags
= rta_getattr_u32(tb
[TCA_FLOWER_FLAGS
]);
1232 if (flags
& TCA_CLS_FLAGS_SKIP_HW
)
1233 fprintf(f
, "\n skip_hw");
1234 if (flags
& TCA_CLS_FLAGS_SKIP_SW
)
1235 fprintf(f
, "\n skip_sw");
1237 if (flags
& TCA_CLS_FLAGS_IN_HW
)
1238 fprintf(f
, "\n in_hw");
1239 else if (flags
& TCA_CLS_FLAGS_NOT_IN_HW
)
1240 fprintf(f
, "\n not_in_hw");
1243 if (tb
[TCA_FLOWER_ACT
])
1244 tc_print_action(f
, tb
[TCA_FLOWER_ACT
]);
1249 struct filter_util flower_filter_util
= {
1251 .parse_fopt
= flower_parse_opt
,
1252 .print_fopt
= flower_print_opt
,