]> git.proxmox.com Git - mirror_iproute2.git/blob - tc/f_flower.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' into net-next
[mirror_iproute2.git] / tc / f_flower.c
1 /*
2 * f_flower.c Flower Classifier
3 *
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Jiri Pirko <jiri@resnulli.us>
10 */
11
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15 #include <syslog.h>
16 #include <string.h>
17 #include <net/if.h>
18 #include <linux/if_arp.h>
19 #include <linux/if_ether.h>
20 #include <linux/ip.h>
21 #include <linux/tc_act/tc_vlan.h>
22
23 #include "utils.h"
24 #include "tc_util.h"
25 #include "rt_names.h"
26
27 enum flower_matching_flags {
28 FLOWER_IP_FLAGS,
29 };
30
31 enum flower_endpoint {
32 FLOWER_ENDPOINT_SRC,
33 FLOWER_ENDPOINT_DST
34 };
35
36 enum flower_icmp_field {
37 FLOWER_ICMP_FIELD_TYPE,
38 FLOWER_ICMP_FIELD_CODE
39 };
40
41 static void explain(void)
42 {
43 fprintf(stderr,
44 "Usage: ... flower [ MATCH-LIST ]\n"
45 " [ skip_sw | skip_hw ]\n"
46 " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
47 "\n"
48 "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
49 " MATCH := { indev DEV-NAME |\n"
50 " vlan_id VID |\n"
51 " vlan_prio PRIORITY |\n"
52 " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
53 " dst_mac MASKED-LLADDR |\n"
54 " src_mac MASKED-LLADDR |\n"
55 " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
56 " dst_ip PREFIX |\n"
57 " src_ip PREFIX |\n"
58 " dst_port PORT-NUMBER |\n"
59 " src_port PORT-NUMBER |\n"
60 " tcp_flags MASKED-TCP_FLAGS |\n"
61 " type MASKED-ICMP-TYPE |\n"
62 " code MASKED-ICMP-CODE |\n"
63 " arp_tip IPV4-PREFIX |\n"
64 " arp_sip IPV4-PREFIX |\n"
65 " arp_op [ request | reply | OP ] |\n"
66 " arp_tha MASKED-LLADDR |\n"
67 " arp_sha MASKED-LLADDR |\n"
68 " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
69 " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
70 " enc_key_id [ KEY-ID ] |\n"
71 " ip_flags IP-FLAGS | \n"
72 " enc_dst_port [ port_number ] }\n"
73 " FILTERID := X:Y:Z\n"
74 " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
75 " ACTION-SPEC := ... look at individual actions\n"
76 "\n"
77 "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
78 "NOTE: There can be only used one mask per one prio. If user needs\n"
79 " to specify different mask, he has to use different prio.\n");
80 }
81
82 static int flower_parse_eth_addr(char *str, int addr_type, int mask_type,
83 struct nlmsghdr *n)
84 {
85 int ret, err = -1;
86 char addr[ETH_ALEN], *slash;
87
88 slash = strchr(str, '/');
89 if (slash)
90 *slash = '\0';
91
92 ret = ll_addr_a2n(addr, sizeof(addr), str);
93 if (ret < 0)
94 goto err;
95 addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr));
96
97 if (slash) {
98 unsigned bits;
99
100 if (!get_unsigned(&bits, slash + 1, 10)) {
101 uint64_t mask;
102
103 /* Extra 16 bit shift to push mac address into
104 * high bits of uint64_t
105 */
106 mask = htonll(0xffffffffffffULL << (16 + 48 - bits));
107 memcpy(addr, &mask, ETH_ALEN);
108 } else {
109 ret = ll_addr_a2n(addr, sizeof(addr), slash + 1);
110 if (ret < 0)
111 goto err;
112 }
113 } else {
114 memset(addr, 0xff, ETH_ALEN);
115 }
116 addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr));
117
118 err = 0;
119 err:
120 if (slash)
121 *slash = '/';
122 return err;
123 }
124
125 static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type,
126 __be16 *p_vlan_eth_type,
127 struct nlmsghdr *n)
128 {
129 __be16 vlan_eth_type;
130
131 if (eth_type != htons(ETH_P_8021Q)) {
132 fprintf(stderr,
133 "Can't set \"vlan_ethtype\" if ethertype isn't 802.1Q\n");
134 return -1;
135 }
136
137 if (ll_proto_a2n(&vlan_eth_type, str))
138 invarg("invalid vlan_ethtype", str);
139 addattr16(n, MAX_MSG, type, vlan_eth_type);
140 *p_vlan_eth_type = vlan_eth_type;
141 return 0;
142 }
143
144 struct flag_to_string {
145 int flag;
146 enum flower_matching_flags type;
147 char *string;
148 };
149
150 static struct flag_to_string flags_str[] = {
151 { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
152 };
153
154 static int flower_parse_matching_flags(char *str,
155 enum flower_matching_flags type,
156 __u32 *mtf, __u32 *mtf_mask)
157 {
158 char *token;
159 bool no;
160 bool found;
161 int i;
162
163 token = strtok(str, "/");
164
165 while (token) {
166 if (!strncmp(token, "no", 2)) {
167 no = true;
168 token += 2;
169 } else
170 no = false;
171
172 found = false;
173 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
174 if (type != flags_str[i].type)
175 continue;
176
177 if (!strcmp(token, flags_str[i].string)) {
178 if (no)
179 *mtf &= ~flags_str[i].flag;
180 else
181 *mtf |= flags_str[i].flag;
182
183 *mtf_mask |= flags_str[i].flag;
184 found = true;
185 break;
186 }
187 }
188 if (!found)
189 return -1;
190
191 token = strtok(NULL, "/");
192 }
193
194 return 0;
195 }
196
197 static int flower_parse_ip_proto(char *str, __be16 eth_type, int type,
198 __u8 *p_ip_proto, struct nlmsghdr *n)
199 {
200 int ret;
201 __u8 ip_proto;
202
203 if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6))
204 goto err;
205
206 if (matches(str, "tcp") == 0) {
207 ip_proto = IPPROTO_TCP;
208 } else if (matches(str, "udp") == 0) {
209 ip_proto = IPPROTO_UDP;
210 } else if (matches(str, "sctp") == 0) {
211 ip_proto = IPPROTO_SCTP;
212 } else if (matches(str, "icmp") == 0) {
213 if (eth_type != htons(ETH_P_IP))
214 goto err;
215 ip_proto = IPPROTO_ICMP;
216 } else if (matches(str, "icmpv6") == 0) {
217 if (eth_type != htons(ETH_P_IPV6))
218 goto err;
219 ip_proto = IPPROTO_ICMPV6;
220 } else {
221 ret = get_u8(&ip_proto, str, 16);
222 if (ret)
223 return -1;
224 }
225 addattr8(n, MAX_MSG, type, ip_proto);
226 *p_ip_proto = ip_proto;
227 return 0;
228
229 err:
230 fprintf(stderr, "Illegal \"eth_type\" for ip proto\n");
231 return -1;
232 }
233
234 static int __flower_parse_ip_addr(char *str, int family,
235 int addr4_type, int mask4_type,
236 int addr6_type, int mask6_type,
237 struct nlmsghdr *n)
238 {
239 int ret;
240 inet_prefix addr;
241 int bits;
242 int i;
243
244 ret = get_prefix(&addr, str, family);
245 if (ret)
246 return -1;
247
248 if (family && (addr.family != family)) {
249 fprintf(stderr, "Illegal \"eth_type\" for ip address\n");
250 return -1;
251 }
252
253 addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type,
254 addr.data, addr.bytelen);
255
256 memset(addr.data, 0xff, addr.bytelen);
257 bits = addr.bitlen;
258 for (i = 0; i < addr.bytelen / 4; i++) {
259 if (!bits) {
260 addr.data[i] = 0;
261 } else if (bits / 32 >= 1) {
262 bits -= 32;
263 } else {
264 addr.data[i] <<= 32 - bits;
265 addr.data[i] = htonl(addr.data[i]);
266 bits = 0;
267 }
268 }
269
270 addattr_l(n, MAX_MSG, addr.family == AF_INET ? mask4_type : mask6_type,
271 addr.data, addr.bytelen);
272
273 return 0;
274 }
275
276 static int flower_parse_ip_addr(char *str, __be16 eth_type,
277 int addr4_type, int mask4_type,
278 int addr6_type, int mask6_type,
279 struct nlmsghdr *n)
280 {
281 int family;
282
283 if (eth_type == htons(ETH_P_IP)) {
284 family = AF_INET;
285 } else if (eth_type == htons(ETH_P_IPV6)) {
286 family = AF_INET6;
287 } else if (!eth_type) {
288 family = AF_UNSPEC;
289 } else {
290 return -1;
291 }
292
293 return __flower_parse_ip_addr(str, family, addr4_type, mask4_type,
294 addr6_type, mask6_type, n);
295 }
296
297 static bool flower_eth_type_arp(__be16 eth_type)
298 {
299 return eth_type == htons(ETH_P_ARP) || eth_type == htons(ETH_P_RARP);
300 }
301
302 static int flower_parse_arp_ip_addr(char *str, __be16 eth_type,
303 int addr_type, int mask_type,
304 struct nlmsghdr *n)
305 {
306 if (!flower_eth_type_arp(eth_type))
307 return -1;
308
309 return __flower_parse_ip_addr(str, AF_INET, addr_type, mask_type,
310 TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n);
311 }
312
313 static int flower_parse_u8(char *str, int value_type, int mask_type,
314 int (*value_from_name)(const char *str,
315 __u8 *value),
316 bool (*value_validate)(__u8 value),
317 struct nlmsghdr *n)
318 {
319 char *slash;
320 int ret, err = -1;
321 __u8 value, mask;
322
323 slash = strchr(str, '/');
324 if (slash)
325 *slash = '\0';
326
327 ret = value_from_name ? value_from_name(str, &value) : -1;
328 if (ret < 0) {
329 ret = get_u8(&value, str, 10);
330 if (ret)
331 goto err;
332 }
333
334 if (value_validate && !value_validate(value))
335 goto err;
336
337 if (slash) {
338 ret = get_u8(&mask, slash + 1, 10);
339 if (ret)
340 goto err;
341 }
342 else {
343 mask = UINT8_MAX;
344 }
345
346 addattr8(n, MAX_MSG, value_type, value);
347 addattr8(n, MAX_MSG, mask_type, mask);
348
349 err = 0;
350 err:
351 if (slash)
352 *slash = '/';
353 return err;
354 }
355
356 static const char *flower_print_arp_op_to_name(__u8 op)
357 {
358 switch (op) {
359 case ARPOP_REQUEST:
360 return "request";
361 case ARPOP_REPLY:
362 return "reply";
363 default:
364 return NULL;
365 }
366 }
367
368 static int flower_arp_op_from_name(const char *name, __u8 *op)
369 {
370 if (!strcmp(name, "request"))
371 *op = ARPOP_REQUEST;
372 else if (!strcmp(name, "reply"))
373 *op = ARPOP_REPLY;
374 else
375 return -1;
376
377 return 0;
378 }
379
380 static bool flow_arp_op_validate(__u8 op)
381 {
382 return !op || op == ARPOP_REQUEST || op == ARPOP_REPLY;
383 }
384
385 static int flower_parse_arp_op(char *str, __be16 eth_type,
386 int op_type, int mask_type,
387 struct nlmsghdr *n)
388 {
389 if (!flower_eth_type_arp(eth_type))
390 return -1;
391
392 return flower_parse_u8(str, op_type, mask_type, flower_arp_op_from_name,
393 flow_arp_op_validate, n);
394 }
395
396 static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto,
397 enum flower_icmp_field field)
398 {
399 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
400 return field == FLOWER_ICMP_FIELD_CODE ?
401 TCA_FLOWER_KEY_ICMPV4_CODE :
402 TCA_FLOWER_KEY_ICMPV4_TYPE;
403 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
404 return field == FLOWER_ICMP_FIELD_CODE ?
405 TCA_FLOWER_KEY_ICMPV6_CODE :
406 TCA_FLOWER_KEY_ICMPV6_TYPE;
407
408 return -1;
409 }
410
411 static int flower_icmp_attr_mask_type(__be16 eth_type, __u8 ip_proto,
412 enum flower_icmp_field field)
413 {
414 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
415 return field == FLOWER_ICMP_FIELD_CODE ?
416 TCA_FLOWER_KEY_ICMPV4_CODE_MASK :
417 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK;
418 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
419 return field == FLOWER_ICMP_FIELD_CODE ?
420 TCA_FLOWER_KEY_ICMPV6_CODE_MASK :
421 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK;
422
423 return -1;
424 }
425
426 static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto,
427 enum flower_icmp_field field, struct nlmsghdr *n)
428 {
429 int value_type, mask_type;
430
431 value_type = flower_icmp_attr_type(eth_type, ip_proto, field);
432 mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, field);
433 if (value_type < 0 || mask_type < 0)
434 return -1;
435
436 return flower_parse_u8(str, value_type, mask_type, NULL, NULL, n);
437 }
438
439 static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint)
440 {
441 if (ip_proto == IPPROTO_TCP)
442 return endpoint == FLOWER_ENDPOINT_SRC ?
443 TCA_FLOWER_KEY_TCP_SRC :
444 TCA_FLOWER_KEY_TCP_DST;
445 else if (ip_proto == IPPROTO_UDP)
446 return endpoint == FLOWER_ENDPOINT_SRC ?
447 TCA_FLOWER_KEY_UDP_SRC :
448 TCA_FLOWER_KEY_UDP_DST;
449 else if (ip_proto == IPPROTO_SCTP)
450 return endpoint == FLOWER_ENDPOINT_SRC ?
451 TCA_FLOWER_KEY_SCTP_SRC :
452 TCA_FLOWER_KEY_SCTP_DST;
453 else
454 return -1;
455 }
456
457 static int flower_parse_port(char *str, __u8 ip_proto,
458 enum flower_endpoint endpoint,
459 struct nlmsghdr *n)
460 {
461 int ret;
462 int type;
463 __be16 port;
464
465 type = flower_port_attr_type(ip_proto, endpoint);
466 if (type < 0)
467 return -1;
468
469 ret = get_be16(&port, str, 10);
470 if (ret)
471 return -1;
472
473 addattr16(n, MAX_MSG, type, port);
474
475 return 0;
476 }
477
478 #define TCP_FLAGS_MAX_MASK 0xfff
479
480 static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
481 struct nlmsghdr *n)
482 {
483 char *slash;
484 int ret, err = -1;
485 __u16 flags;
486
487 slash = strchr(str, '/');
488 if (slash)
489 *slash = '\0';
490
491 ret = get_u16(&flags, str, 16);
492 if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
493 goto err;
494
495 addattr16(n, MAX_MSG, flags_type, htons(flags));
496
497 if (slash) {
498 ret = get_u16(&flags, slash + 1, 16);
499 if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
500 goto err;
501 } else {
502 flags = TCP_FLAGS_MAX_MASK;
503 }
504 addattr16(n, MAX_MSG, mask_type, htons(flags));
505
506 err = 0;
507 err:
508 if (slash)
509 *slash = '/';
510 return err;
511 }
512
513 static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
514 {
515 int ret;
516 __be32 key_id;
517
518 ret = get_be32(&key_id, str, 10);
519 if (!ret)
520 addattr32(n, MAX_MSG, type, key_id);
521
522 return ret;
523 }
524
525 static int flower_parse_enc_port(char *str, int type, struct nlmsghdr *n)
526 {
527 int ret;
528 __be16 port;
529
530 ret = get_be16(&port, str, 10);
531 if (ret)
532 return -1;
533
534 addattr16(n, MAX_MSG, type, port);
535
536 return 0;
537 }
538
539 static int flower_parse_opt(struct filter_util *qu, char *handle,
540 int argc, char **argv, struct nlmsghdr *n)
541 {
542 int ret;
543 struct tcmsg *t = NLMSG_DATA(n);
544 struct rtattr *tail;
545 __be16 eth_type = TC_H_MIN(t->tcm_info);
546 __be16 vlan_ethtype = 0;
547 __u8 ip_proto = 0xff;
548 __u32 flags = 0;
549 __u32 mtf = 0;
550 __u32 mtf_mask = 0;
551
552 if (handle) {
553 ret = get_u32(&t->tcm_handle, handle, 0);
554 if (ret) {
555 fprintf(stderr, "Illegal \"handle\"\n");
556 return -1;
557 }
558 }
559
560 tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len));
561 addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
562
563 if (argc == 0) {
564 /*at minimal we will match all ethertype packets */
565 goto parse_done;
566 }
567
568 while (argc > 0) {
569 if (matches(*argv, "classid") == 0 ||
570 matches(*argv, "flowid") == 0) {
571 unsigned int handle;
572
573 NEXT_ARG();
574 ret = get_tc_classid(&handle, *argv);
575 if (ret) {
576 fprintf(stderr, "Illegal \"classid\"\n");
577 return -1;
578 }
579 addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4);
580 } else if (matches(*argv, "ip_flags") == 0) {
581 NEXT_ARG();
582 ret = flower_parse_matching_flags(*argv,
583 FLOWER_IP_FLAGS,
584 &mtf,
585 &mtf_mask);
586 if (ret < 0) {
587 fprintf(stderr, "Illegal \"ip_flags\"\n");
588 return -1;
589 }
590 } else if (matches(*argv, "skip_hw") == 0) {
591 flags |= TCA_CLS_FLAGS_SKIP_HW;
592 } else if (matches(*argv, "skip_sw") == 0) {
593 flags |= TCA_CLS_FLAGS_SKIP_SW;
594 } else if (matches(*argv, "indev") == 0) {
595 char ifname[IFNAMSIZ] = {};
596
597 NEXT_ARG();
598 strncpy(ifname, *argv, sizeof(ifname) - 1);
599 addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, ifname);
600 } else if (matches(*argv, "vlan_id") == 0) {
601 __u16 vid;
602
603 NEXT_ARG();
604 if (eth_type != htons(ETH_P_8021Q)) {
605 fprintf(stderr,
606 "Can't set \"vlan_id\" if ethertype isn't 802.1Q\n");
607 return -1;
608 }
609 ret = get_u16(&vid, *argv, 10);
610 if (ret < 0 || vid & ~0xfff) {
611 fprintf(stderr, "Illegal \"vlan_id\"\n");
612 return -1;
613 }
614 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_ID, vid);
615 } else if (matches(*argv, "vlan_prio") == 0) {
616 __u8 vlan_prio;
617
618 NEXT_ARG();
619 if (eth_type != htons(ETH_P_8021Q)) {
620 fprintf(stderr,
621 "Can't set \"vlan_prio\" if ethertype isn't 802.1Q\n");
622 return -1;
623 }
624 ret = get_u8(&vlan_prio, *argv, 10);
625 if (ret < 0 || vlan_prio & ~0x7) {
626 fprintf(stderr, "Illegal \"vlan_prio\"\n");
627 return -1;
628 }
629 addattr8(n, MAX_MSG,
630 TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio);
631 } else if (matches(*argv, "vlan_ethtype") == 0) {
632 NEXT_ARG();
633 ret = flower_parse_vlan_eth_type(*argv, eth_type,
634 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
635 &vlan_ethtype, n);
636 if (ret < 0)
637 return -1;
638 } else if (matches(*argv, "dst_mac") == 0) {
639 NEXT_ARG();
640 ret = flower_parse_eth_addr(*argv,
641 TCA_FLOWER_KEY_ETH_DST,
642 TCA_FLOWER_KEY_ETH_DST_MASK,
643 n);
644 if (ret < 0) {
645 fprintf(stderr, "Illegal \"dst_mac\"\n");
646 return -1;
647 }
648 } else if (matches(*argv, "src_mac") == 0) {
649 NEXT_ARG();
650 ret = flower_parse_eth_addr(*argv,
651 TCA_FLOWER_KEY_ETH_SRC,
652 TCA_FLOWER_KEY_ETH_SRC_MASK,
653 n);
654 if (ret < 0) {
655 fprintf(stderr, "Illegal \"src_mac\"\n");
656 return -1;
657 }
658 } else if (matches(*argv, "ip_proto") == 0) {
659 NEXT_ARG();
660 ret = flower_parse_ip_proto(*argv, vlan_ethtype ?
661 vlan_ethtype : eth_type,
662 TCA_FLOWER_KEY_IP_PROTO,
663 &ip_proto, n);
664 if (ret < 0) {
665 fprintf(stderr, "Illegal \"ip_proto\"\n");
666 return -1;
667 }
668 } else if (matches(*argv, "dst_ip") == 0) {
669 NEXT_ARG();
670 ret = flower_parse_ip_addr(*argv, vlan_ethtype ?
671 vlan_ethtype : eth_type,
672 TCA_FLOWER_KEY_IPV4_DST,
673 TCA_FLOWER_KEY_IPV4_DST_MASK,
674 TCA_FLOWER_KEY_IPV6_DST,
675 TCA_FLOWER_KEY_IPV6_DST_MASK,
676 n);
677 if (ret < 0) {
678 fprintf(stderr, "Illegal \"dst_ip\"\n");
679 return -1;
680 }
681 } else if (matches(*argv, "src_ip") == 0) {
682 NEXT_ARG();
683 ret = flower_parse_ip_addr(*argv, vlan_ethtype ?
684 vlan_ethtype : eth_type,
685 TCA_FLOWER_KEY_IPV4_SRC,
686 TCA_FLOWER_KEY_IPV4_SRC_MASK,
687 TCA_FLOWER_KEY_IPV6_SRC,
688 TCA_FLOWER_KEY_IPV6_SRC_MASK,
689 n);
690 if (ret < 0) {
691 fprintf(stderr, "Illegal \"src_ip\"\n");
692 return -1;
693 }
694 } else if (matches(*argv, "dst_port") == 0) {
695 NEXT_ARG();
696 ret = flower_parse_port(*argv, ip_proto,
697 FLOWER_ENDPOINT_DST, n);
698 if (ret < 0) {
699 fprintf(stderr, "Illegal \"dst_port\"\n");
700 return -1;
701 }
702 } else if (matches(*argv, "src_port") == 0) {
703 NEXT_ARG();
704 ret = flower_parse_port(*argv, ip_proto,
705 FLOWER_ENDPOINT_SRC, n);
706 if (ret < 0) {
707 fprintf(stderr, "Illegal \"src_port\"\n");
708 return -1;
709 }
710 } else if (matches(*argv, "tcp_flags") == 0) {
711 NEXT_ARG();
712 ret = flower_parse_tcp_flags(*argv,
713 TCA_FLOWER_KEY_TCP_FLAGS,
714 TCA_FLOWER_KEY_TCP_FLAGS_MASK,
715 n);
716 if (ret < 0) {
717 fprintf(stderr, "Illegal \"tcp_flags\"\n");
718 return -1;
719 }
720 } else if (matches(*argv, "type") == 0) {
721 NEXT_ARG();
722 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
723 FLOWER_ICMP_FIELD_TYPE, n);
724 if (ret < 0) {
725 fprintf(stderr, "Illegal \"icmp type\"\n");
726 return -1;
727 }
728 } else if (matches(*argv, "code") == 0) {
729 NEXT_ARG();
730 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
731 FLOWER_ICMP_FIELD_CODE, n);
732 if (ret < 0) {
733 fprintf(stderr, "Illegal \"icmp code\"\n");
734 return -1;
735 }
736 } else if (matches(*argv, "arp_tip") == 0) {
737 NEXT_ARG();
738 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
739 vlan_ethtype : eth_type,
740 TCA_FLOWER_KEY_ARP_TIP,
741 TCA_FLOWER_KEY_ARP_TIP_MASK,
742 n);
743 if (ret < 0) {
744 fprintf(stderr, "Illegal \"arp_tip\"\n");
745 return -1;
746 }
747 } else if (matches(*argv, "arp_sip") == 0) {
748 NEXT_ARG();
749 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
750 vlan_ethtype : eth_type,
751 TCA_FLOWER_KEY_ARP_SIP,
752 TCA_FLOWER_KEY_ARP_SIP_MASK,
753 n);
754 if (ret < 0) {
755 fprintf(stderr, "Illegal \"arp_sip\"\n");
756 return -1;
757 }
758 } else if (matches(*argv, "arp_op") == 0) {
759 NEXT_ARG();
760 ret = flower_parse_arp_op(*argv, vlan_ethtype ?
761 vlan_ethtype : eth_type,
762 TCA_FLOWER_KEY_ARP_OP,
763 TCA_FLOWER_KEY_ARP_OP_MASK,
764 n);
765 if (ret < 0) {
766 fprintf(stderr, "Illegal \"arp_op\"\n");
767 return -1;
768 }
769 } else if (matches(*argv, "arp_tha") == 0) {
770 NEXT_ARG();
771 ret = flower_parse_eth_addr(*argv,
772 TCA_FLOWER_KEY_ARP_THA,
773 TCA_FLOWER_KEY_ARP_THA_MASK,
774 n);
775 if (ret < 0) {
776 fprintf(stderr, "Illegal \"arp_tha\"\n");
777 return -1;
778 }
779 } else if (matches(*argv, "arp_sha") == 0) {
780 NEXT_ARG();
781 ret = flower_parse_eth_addr(*argv,
782 TCA_FLOWER_KEY_ARP_SHA,
783 TCA_FLOWER_KEY_ARP_SHA_MASK,
784 n);
785 if (ret < 0) {
786 fprintf(stderr, "Illegal \"arp_sha\"\n");
787 return -1;
788 }
789 } else if (matches(*argv, "enc_dst_ip") == 0) {
790 NEXT_ARG();
791 ret = flower_parse_ip_addr(*argv, 0,
792 TCA_FLOWER_KEY_ENC_IPV4_DST,
793 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
794 TCA_FLOWER_KEY_ENC_IPV6_DST,
795 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
796 n);
797 if (ret < 0) {
798 fprintf(stderr, "Illegal \"enc_dst_ip\"\n");
799 return -1;
800 }
801 } else if (matches(*argv, "enc_src_ip") == 0) {
802 NEXT_ARG();
803 ret = flower_parse_ip_addr(*argv, 0,
804 TCA_FLOWER_KEY_ENC_IPV4_SRC,
805 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
806 TCA_FLOWER_KEY_ENC_IPV6_SRC,
807 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
808 n);
809 if (ret < 0) {
810 fprintf(stderr, "Illegal \"enc_src_ip\"\n");
811 return -1;
812 }
813 } else if (matches(*argv, "enc_key_id") == 0) {
814 NEXT_ARG();
815 ret = flower_parse_key_id(*argv,
816 TCA_FLOWER_KEY_ENC_KEY_ID, n);
817 if (ret < 0) {
818 fprintf(stderr, "Illegal \"enc_key_id\"\n");
819 return -1;
820 }
821 } else if (matches(*argv, "enc_dst_port") == 0) {
822 NEXT_ARG();
823 ret = flower_parse_enc_port(*argv,
824 TCA_FLOWER_KEY_ENC_UDP_DST_PORT, n);
825 if (ret < 0) {
826 fprintf(stderr, "Illegal \"enc_dst_port\"\n");
827 return -1;
828 }
829 } else if (matches(*argv, "action") == 0) {
830 NEXT_ARG();
831 ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
832 if (ret) {
833 fprintf(stderr, "Illegal \"action\"\n");
834 return -1;
835 }
836 continue;
837 } else if (strcmp(*argv, "help") == 0) {
838 explain();
839 return -1;
840 } else {
841 fprintf(stderr, "What is \"%s\"?\n", *argv);
842 explain();
843 return -1;
844 }
845 argc--; argv++;
846 }
847
848 parse_done:
849 ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags);
850 if (ret)
851 return ret;
852
853 if (mtf_mask) {
854 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS, htonl(mtf));
855 if (ret)
856 return ret;
857
858 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS_MASK, htonl(mtf_mask));
859 if (ret)
860 return ret;
861 }
862
863 if (eth_type != htons(ETH_P_ALL)) {
864 ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type);
865 if (ret)
866 return ret;
867 }
868
869 tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
870
871 return 0;
872 }
873
874 static int __mask_bits(char *addr, size_t len)
875 {
876 int bits = 0;
877 bool hole = false;
878 int i;
879 int j;
880
881 for (i = 0; i < len; i++, addr++) {
882 for (j = 7; j >= 0; j--) {
883 if (((*addr) >> j) & 0x1) {
884 if (hole)
885 return -1;
886 bits++;
887 } else if (bits) {
888 hole = true;
889 } else{
890 return -1;
891 }
892 }
893 }
894 return bits;
895 }
896
897 static void flower_print_eth_addr(FILE *f, char *name,
898 struct rtattr *addr_attr,
899 struct rtattr *mask_attr)
900 {
901 SPRINT_BUF(b1);
902 int bits;
903
904 if (!addr_attr || RTA_PAYLOAD(addr_attr) != ETH_ALEN)
905 return;
906 fprintf(f, "\n %s %s", name, ll_addr_n2a(RTA_DATA(addr_attr), ETH_ALEN,
907 0, b1, sizeof(b1)));
908 if (!mask_attr || RTA_PAYLOAD(mask_attr) != ETH_ALEN)
909 return;
910 bits = __mask_bits(RTA_DATA(mask_attr), ETH_ALEN);
911 if (bits < 0)
912 fprintf(f, "/%s", ll_addr_n2a(RTA_DATA(mask_attr), ETH_ALEN,
913 0, b1, sizeof(b1)));
914 else if (bits < ETH_ALEN * 8)
915 fprintf(f, "/%d", bits);
916 }
917
918 static void flower_print_eth_type(FILE *f, __be16 *p_eth_type,
919 struct rtattr *eth_type_attr)
920 {
921 __be16 eth_type;
922
923 if (!eth_type_attr)
924 return;
925
926 eth_type = rta_getattr_u16(eth_type_attr);
927 fprintf(f, "\n eth_type ");
928 if (eth_type == htons(ETH_P_IP))
929 fprintf(f, "ipv4");
930 else if (eth_type == htons(ETH_P_IPV6))
931 fprintf(f, "ipv6");
932 else if (eth_type == htons(ETH_P_ARP))
933 fprintf(f, "arp");
934 else if (eth_type == htons(ETH_P_RARP))
935 fprintf(f, "rarp");
936 else
937 fprintf(f, "%04x", ntohs(eth_type));
938 *p_eth_type = eth_type;
939 }
940
941 static void flower_print_ip_proto(FILE *f, __u8 *p_ip_proto,
942 struct rtattr *ip_proto_attr)
943 {
944 __u8 ip_proto;
945
946 if (!ip_proto_attr)
947 return;
948
949 ip_proto = rta_getattr_u8(ip_proto_attr);
950 fprintf(f, "\n ip_proto ");
951 if (ip_proto == IPPROTO_TCP)
952 fprintf(f, "tcp");
953 else if (ip_proto == IPPROTO_UDP)
954 fprintf(f, "udp");
955 else if (ip_proto == IPPROTO_SCTP)
956 fprintf(f, "sctp");
957 else if (ip_proto == IPPROTO_ICMP)
958 fprintf(f, "icmp");
959 else if (ip_proto == IPPROTO_ICMPV6)
960 fprintf(f, "icmpv6");
961 else
962 fprintf(f, "%02x", ip_proto);
963 *p_ip_proto = ip_proto;
964 }
965
966 static void flower_print_matching_flags(FILE *f, char *name,
967 enum flower_matching_flags type,
968 struct rtattr *attr,
969 struct rtattr *mask_attr)
970 {
971 int i;
972 int count = 0;
973 __u32 mtf;
974 __u32 mtf_mask;
975
976 if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4)
977 return;
978
979 mtf = ntohl(rta_getattr_u32(attr));
980 mtf_mask = ntohl(rta_getattr_u32(mask_attr));
981
982 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
983 if (type != flags_str[i].type)
984 continue;
985 if (mtf_mask & flags_str[i].flag) {
986 if (++count == 1)
987 fprintf(f, "\n %s ", name);
988 else
989 fprintf(f, "/");
990
991 if (mtf & flags_str[i].flag)
992 fprintf(f, "%s", flags_str[i].string);
993 else
994 fprintf(f, "no%s", flags_str[i].string);
995 }
996 }
997 }
998
999 static void flower_print_ip_addr(FILE *f, char *name, __be16 eth_type,
1000 struct rtattr *addr4_attr,
1001 struct rtattr *mask4_attr,
1002 struct rtattr *addr6_attr,
1003 struct rtattr *mask6_attr)
1004 {
1005 struct rtattr *addr_attr;
1006 struct rtattr *mask_attr;
1007 int family;
1008 size_t len;
1009 int bits;
1010
1011 if (eth_type == htons(ETH_P_IP)) {
1012 family = AF_INET;
1013 addr_attr = addr4_attr;
1014 mask_attr = mask4_attr;
1015 len = 4;
1016 } else if (eth_type == htons(ETH_P_IPV6)) {
1017 family = AF_INET6;
1018 addr_attr = addr6_attr;
1019 mask_attr = mask6_attr;
1020 len = 16;
1021 } else {
1022 return;
1023 }
1024 if (!addr_attr || RTA_PAYLOAD(addr_attr) != len)
1025 return;
1026 fprintf(f, "\n %s %s", name, rt_addr_n2a_rta(family, addr_attr));
1027 if (!mask_attr || RTA_PAYLOAD(mask_attr) != len)
1028 return;
1029 bits = __mask_bits(RTA_DATA(mask_attr), len);
1030 if (bits < 0)
1031 fprintf(f, "/%s", rt_addr_n2a_rta(family, mask_attr));
1032 else if (bits < len * 8)
1033 fprintf(f, "/%d", bits);
1034 }
1035 static void flower_print_ip4_addr(FILE *f, char *name,
1036 struct rtattr *addr_attr,
1037 struct rtattr *mask_attr)
1038 {
1039 return flower_print_ip_addr(f, name, htons(ETH_P_IP),
1040 addr_attr, mask_attr, 0, 0);
1041 }
1042
1043 static void flower_print_port(FILE *f, char *name, struct rtattr *attr)
1044 {
1045 if (attr)
1046 fprintf(f, "\n %s %d", name, rta_getattr_be16(attr));
1047 }
1048
1049 static void flower_print_tcp_flags(FILE *f, char *name,
1050 struct rtattr *flags_attr,
1051 struct rtattr *mask_attr)
1052 {
1053 if (!flags_attr)
1054 return;
1055 fprintf(f, "\n %s %x", name, rta_getattr_be16(flags_attr));
1056 if (!mask_attr)
1057 return;
1058 fprintf(f, "/%x", rta_getattr_be16(mask_attr));
1059 }
1060
1061
1062 static void flower_print_key_id(FILE *f, const char *name,
1063 struct rtattr *attr)
1064 {
1065 if (attr)
1066 fprintf(f, "\n %s %d", name, rta_getattr_be32(attr));
1067 }
1068
1069 static void flower_print_masked_u8(FILE *f, const char *name,
1070 struct rtattr *attr,
1071 struct rtattr *mask_attr,
1072 const char *(*value_to_str)(__u8 value))
1073 {
1074 const char *value_str = NULL;
1075 __u8 value, mask;
1076
1077 if (!attr)
1078 return;
1079
1080 value = rta_getattr_u8(attr);
1081 mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX;
1082 if (mask == UINT8_MAX && value_to_str)
1083 value_str = value_to_str(value);
1084
1085 fprintf(f, "\n %s ", name);
1086
1087 if (value_str)
1088 fputs(value_str, f);
1089 else
1090 fprintf(f, "%d", value);
1091
1092 if (mask != UINT8_MAX)
1093 fprintf(f, "/%d", mask);
1094 }
1095
1096 static void flower_print_arp_op(FILE *f, const char *name,
1097 struct rtattr *op_attr,
1098 struct rtattr *mask_attr)
1099 {
1100 flower_print_masked_u8(f, name, op_attr, mask_attr,
1101 flower_print_arp_op_to_name);
1102 }
1103
1104 static int flower_print_opt(struct filter_util *qu, FILE *f,
1105 struct rtattr *opt, __u32 handle)
1106 {
1107 struct rtattr *tb[TCA_FLOWER_MAX + 1];
1108 int nl_type, nl_mask_type;
1109 __be16 eth_type = 0;
1110 __u8 ip_proto = 0xff;
1111
1112 if (!opt)
1113 return 0;
1114
1115 parse_rtattr_nested(tb, TCA_FLOWER_MAX, opt);
1116
1117 if (handle)
1118 fprintf(f, "handle 0x%x ", handle);
1119
1120 if (tb[TCA_FLOWER_CLASSID]) {
1121 SPRINT_BUF(b1);
1122 fprintf(f, "classid %s ",
1123 sprint_tc_classid(rta_getattr_u32(tb[TCA_FLOWER_CLASSID]),
1124 b1));
1125 }
1126
1127 if (tb[TCA_FLOWER_INDEV]) {
1128 struct rtattr *attr = tb[TCA_FLOWER_INDEV];
1129
1130 fprintf(f, "\n indev %s", rta_getattr_str(attr));
1131 }
1132
1133 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
1134 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ID];
1135
1136 fprintf(f, "\n vlan_id %d", rta_getattr_u16(attr));
1137 }
1138
1139 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
1140 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_PRIO];
1141
1142 fprintf(f, "\n vlan_prio %d", rta_getattr_u8(attr));
1143 }
1144
1145 flower_print_eth_addr(f, "dst_mac", tb[TCA_FLOWER_KEY_ETH_DST],
1146 tb[TCA_FLOWER_KEY_ETH_DST_MASK]);
1147 flower_print_eth_addr(f, "src_mac", tb[TCA_FLOWER_KEY_ETH_SRC],
1148 tb[TCA_FLOWER_KEY_ETH_SRC_MASK]);
1149
1150 flower_print_eth_type(f, &eth_type, tb[TCA_FLOWER_KEY_ETH_TYPE]);
1151 flower_print_ip_proto(f, &ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]);
1152
1153 flower_print_ip_addr(f, "dst_ip", eth_type,
1154 tb[TCA_FLOWER_KEY_IPV4_DST],
1155 tb[TCA_FLOWER_KEY_IPV4_DST_MASK],
1156 tb[TCA_FLOWER_KEY_IPV6_DST],
1157 tb[TCA_FLOWER_KEY_IPV6_DST_MASK]);
1158
1159 flower_print_ip_addr(f, "src_ip", eth_type,
1160 tb[TCA_FLOWER_KEY_IPV4_SRC],
1161 tb[TCA_FLOWER_KEY_IPV4_SRC_MASK],
1162 tb[TCA_FLOWER_KEY_IPV6_SRC],
1163 tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]);
1164
1165 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST);
1166 if (nl_type >= 0)
1167 flower_print_port(f, "dst_port", tb[nl_type]);
1168 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC);
1169 if (nl_type >= 0)
1170 flower_print_port(f, "src_port", tb[nl_type]);
1171
1172 flower_print_tcp_flags(f, "tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
1173 tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
1174
1175 nl_type = flower_icmp_attr_type(eth_type, ip_proto,
1176 FLOWER_ICMP_FIELD_TYPE);
1177 nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
1178 FLOWER_ICMP_FIELD_TYPE);
1179 if (nl_type >= 0 && nl_mask_type >= 0)
1180 flower_print_masked_u8(f, "icmp_type", tb[nl_type],
1181 tb[nl_mask_type], NULL);
1182
1183 nl_type = flower_icmp_attr_type(eth_type, ip_proto,
1184 FLOWER_ICMP_FIELD_CODE);
1185 nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
1186 FLOWER_ICMP_FIELD_CODE);
1187 if (nl_type >= 0 && nl_mask_type >= 0)
1188 flower_print_masked_u8(f, "icmp_code", tb[nl_type],
1189 tb[nl_mask_type], NULL);
1190
1191 flower_print_ip4_addr(f, "arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP],
1192 tb[TCA_FLOWER_KEY_ARP_SIP_MASK]);
1193 flower_print_ip4_addr(f, "arp_tip", tb[TCA_FLOWER_KEY_ARP_TIP],
1194 tb[TCA_FLOWER_KEY_ARP_TIP_MASK]);
1195 flower_print_arp_op(f, "arp_op", tb[TCA_FLOWER_KEY_ARP_OP],
1196 tb[TCA_FLOWER_KEY_ARP_OP_MASK]);
1197 flower_print_eth_addr(f, "arp_sha", tb[TCA_FLOWER_KEY_ARP_SHA],
1198 tb[TCA_FLOWER_KEY_ARP_SHA_MASK]);
1199 flower_print_eth_addr(f, "arp_tha", tb[TCA_FLOWER_KEY_ARP_THA],
1200 tb[TCA_FLOWER_KEY_ARP_THA_MASK]);
1201
1202 flower_print_ip_addr(f, "enc_dst_ip",
1203 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ?
1204 htons(ETH_P_IP) : htons(ETH_P_IPV6),
1205 tb[TCA_FLOWER_KEY_ENC_IPV4_DST],
1206 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK],
1207 tb[TCA_FLOWER_KEY_ENC_IPV6_DST],
1208 tb[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]);
1209
1210 flower_print_ip_addr(f, "enc_src_ip",
1211 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] ?
1212 htons(ETH_P_IP) : htons(ETH_P_IPV6),
1213 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC],
1214 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK],
1215 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC],
1216 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]);
1217
1218 flower_print_key_id(f, "enc_key_id",
1219 tb[TCA_FLOWER_KEY_ENC_KEY_ID]);
1220
1221 flower_print_port(f, "enc_dst_port",
1222 tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
1223
1224 flower_print_matching_flags(f, "ip_flags",
1225 FLOWER_IP_FLAGS,
1226 tb[TCA_FLOWER_KEY_FLAGS],
1227 tb[TCA_FLOWER_KEY_FLAGS_MASK]);
1228
1229 if (tb[TCA_FLOWER_FLAGS]) {
1230 __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]);
1231
1232 if (flags & TCA_CLS_FLAGS_SKIP_HW)
1233 fprintf(f, "\n skip_hw");
1234 if (flags & TCA_CLS_FLAGS_SKIP_SW)
1235 fprintf(f, "\n skip_sw");
1236
1237 if (flags & TCA_CLS_FLAGS_IN_HW)
1238 fprintf(f, "\n in_hw");
1239 else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
1240 fprintf(f, "\n not_in_hw");
1241 }
1242
1243 if (tb[TCA_FLOWER_ACT])
1244 tc_print_action(f, tb[TCA_FLOWER_ACT]);
1245
1246 return 0;
1247 }
1248
1249 struct filter_util flower_filter_util = {
1250 .id = "flower",
1251 .parse_fopt = flower_parse_opt,
1252 .print_fopt = flower_print_opt,
1253 };
Upstream mirror of iproute2