2 * f_flower.c Flower Classifier
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Jiri Pirko <jiri@resnulli.us>
18 #include <linux/if_arp.h>
19 #include <linux/if_ether.h>
21 #include <linux/tc_act/tc_vlan.h>
27 enum flower_matching_flags
{
31 enum flower_endpoint
{
36 enum flower_icmp_field
{
37 FLOWER_ICMP_FIELD_TYPE
,
38 FLOWER_ICMP_FIELD_CODE
41 static void explain(void)
44 "Usage: ... flower [ MATCH-LIST ]\n"
45 " [ skip_sw | skip_hw ]\n"
46 " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
48 "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
49 " MATCH := { indev DEV-NAME |\n"
51 " vlan_prio PRIORITY |\n"
52 " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
53 " dst_mac MASKED-LLADDR |\n"
54 " src_mac MASKED-LLADDR |\n"
55 " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
56 " ip_tos MASKED-IP_TOS |\n"
57 " ip_ttl MASKED-IP_TTL |\n"
60 " dst_port PORT-NUMBER |\n"
61 " src_port PORT-NUMBER |\n"
62 " tcp_flags MASKED-TCP_FLAGS |\n"
63 " type MASKED-ICMP-TYPE |\n"
64 " code MASKED-ICMP-CODE |\n"
65 " arp_tip IPV4-PREFIX |\n"
66 " arp_sip IPV4-PREFIX |\n"
67 " arp_op [ request | reply | OP ] |\n"
68 " arp_tha MASKED-LLADDR |\n"
69 " arp_sha MASKED-LLADDR |\n"
70 " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
71 " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
72 " enc_key_id [ KEY-ID ] |\n"
73 " ip_flags IP-FLAGS | \n"
74 " enc_dst_port [ port_number ] }\n"
75 " FILTERID := X:Y:Z\n"
76 " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
77 " ACTION-SPEC := ... look at individual actions\n"
79 "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
80 "NOTE: There can be only used one mask per one prio. If user needs\n"
81 " to specify different mask, he has to use different prio.\n");
84 static int flower_parse_eth_addr(char *str
, int addr_type
, int mask_type
,
88 char addr
[ETH_ALEN
], *slash
;
90 slash
= strchr(str
, '/');
94 ret
= ll_addr_a2n(addr
, sizeof(addr
), str
);
97 addattr_l(n
, MAX_MSG
, addr_type
, addr
, sizeof(addr
));
102 if (!get_unsigned(&bits
, slash
+ 1, 10)) {
105 /* Extra 16 bit shift to push mac address into
106 * high bits of uint64_t
108 mask
= htonll(0xffffffffffffULL
<< (16 + 48 - bits
));
109 memcpy(addr
, &mask
, ETH_ALEN
);
111 ret
= ll_addr_a2n(addr
, sizeof(addr
), slash
+ 1);
116 memset(addr
, 0xff, ETH_ALEN
);
118 addattr_l(n
, MAX_MSG
, mask_type
, addr
, sizeof(addr
));
127 static int flower_parse_vlan_eth_type(char *str
, __be16 eth_type
, int type
,
128 __be16
*p_vlan_eth_type
,
131 __be16 vlan_eth_type
;
133 if (eth_type
!= htons(ETH_P_8021Q
)) {
135 "Can't set \"vlan_ethtype\" if ethertype isn't 802.1Q\n");
139 if (ll_proto_a2n(&vlan_eth_type
, str
))
140 invarg("invalid vlan_ethtype", str
);
141 addattr16(n
, MAX_MSG
, type
, vlan_eth_type
);
142 *p_vlan_eth_type
= vlan_eth_type
;
146 struct flag_to_string
{
148 enum flower_matching_flags type
;
152 static struct flag_to_string flags_str
[] = {
153 { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT
, FLOWER_IP_FLAGS
, "frag" },
156 static int flower_parse_matching_flags(char *str
,
157 enum flower_matching_flags type
,
158 __u32
*mtf
, __u32
*mtf_mask
)
165 token
= strtok(str
, "/");
168 if (!strncmp(token
, "no", 2)) {
175 for (i
= 0; i
< ARRAY_SIZE(flags_str
); i
++) {
176 if (type
!= flags_str
[i
].type
)
179 if (!strcmp(token
, flags_str
[i
].string
)) {
181 *mtf
&= ~flags_str
[i
].flag
;
183 *mtf
|= flags_str
[i
].flag
;
185 *mtf_mask
|= flags_str
[i
].flag
;
193 token
= strtok(NULL
, "/");
199 static int flower_parse_ip_proto(char *str
, __be16 eth_type
, int type
,
200 __u8
*p_ip_proto
, struct nlmsghdr
*n
)
205 if (eth_type
!= htons(ETH_P_IP
) && eth_type
!= htons(ETH_P_IPV6
))
208 if (matches(str
, "tcp") == 0) {
209 ip_proto
= IPPROTO_TCP
;
210 } else if (matches(str
, "udp") == 0) {
211 ip_proto
= IPPROTO_UDP
;
212 } else if (matches(str
, "sctp") == 0) {
213 ip_proto
= IPPROTO_SCTP
;
214 } else if (matches(str
, "icmp") == 0) {
215 if (eth_type
!= htons(ETH_P_IP
))
217 ip_proto
= IPPROTO_ICMP
;
218 } else if (matches(str
, "icmpv6") == 0) {
219 if (eth_type
!= htons(ETH_P_IPV6
))
221 ip_proto
= IPPROTO_ICMPV6
;
223 ret
= get_u8(&ip_proto
, str
, 16);
227 addattr8(n
, MAX_MSG
, type
, ip_proto
);
228 *p_ip_proto
= ip_proto
;
232 fprintf(stderr
, "Illegal \"eth_type\" for ip proto\n");
236 static int __flower_parse_ip_addr(char *str
, int family
,
237 int addr4_type
, int mask4_type
,
238 int addr6_type
, int mask6_type
,
246 ret
= get_prefix(&addr
, str
, family
);
250 if (family
&& (addr
.family
!= family
)) {
251 fprintf(stderr
, "Illegal \"eth_type\" for ip address\n");
255 addattr_l(n
, MAX_MSG
, addr
.family
== AF_INET
? addr4_type
: addr6_type
,
256 addr
.data
, addr
.bytelen
);
258 memset(addr
.data
, 0xff, addr
.bytelen
);
260 for (i
= 0; i
< addr
.bytelen
/ 4; i
++) {
263 } else if (bits
/ 32 >= 1) {
266 addr
.data
[i
] <<= 32 - bits
;
267 addr
.data
[i
] = htonl(addr
.data
[i
]);
272 addattr_l(n
, MAX_MSG
, addr
.family
== AF_INET
? mask4_type
: mask6_type
,
273 addr
.data
, addr
.bytelen
);
278 static int flower_parse_ip_addr(char *str
, __be16 eth_type
,
279 int addr4_type
, int mask4_type
,
280 int addr6_type
, int mask6_type
,
285 if (eth_type
== htons(ETH_P_IP
)) {
287 } else if (eth_type
== htons(ETH_P_IPV6
)) {
289 } else if (!eth_type
) {
295 return __flower_parse_ip_addr(str
, family
, addr4_type
, mask4_type
,
296 addr6_type
, mask6_type
, n
);
299 static bool flower_eth_type_arp(__be16 eth_type
)
301 return eth_type
== htons(ETH_P_ARP
) || eth_type
== htons(ETH_P_RARP
);
304 static int flower_parse_arp_ip_addr(char *str
, __be16 eth_type
,
305 int addr_type
, int mask_type
,
308 if (!flower_eth_type_arp(eth_type
))
311 return __flower_parse_ip_addr(str
, AF_INET
, addr_type
, mask_type
,
312 TCA_FLOWER_UNSPEC
, TCA_FLOWER_UNSPEC
, n
);
315 static int flower_parse_u8(char *str
, int value_type
, int mask_type
,
316 int (*value_from_name
)(const char *str
,
318 bool (*value_validate
)(__u8 value
),
325 slash
= strchr(str
, '/');
329 ret
= value_from_name
? value_from_name(str
, &value
) : -1;
331 ret
= get_u8(&value
, str
, 10);
336 if (value_validate
&& !value_validate(value
))
340 ret
= get_u8(&mask
, slash
+ 1, 10);
348 addattr8(n
, MAX_MSG
, value_type
, value
);
349 addattr8(n
, MAX_MSG
, mask_type
, mask
);
358 static const char *flower_print_arp_op_to_name(__u8 op
)
370 static int flower_arp_op_from_name(const char *name
, __u8
*op
)
372 if (!strcmp(name
, "request"))
374 else if (!strcmp(name
, "reply"))
382 static bool flow_arp_op_validate(__u8 op
)
384 return !op
|| op
== ARPOP_REQUEST
|| op
== ARPOP_REPLY
;
387 static int flower_parse_arp_op(char *str
, __be16 eth_type
,
388 int op_type
, int mask_type
,
391 if (!flower_eth_type_arp(eth_type
))
394 return flower_parse_u8(str
, op_type
, mask_type
, flower_arp_op_from_name
,
395 flow_arp_op_validate
, n
);
398 static int flower_icmp_attr_type(__be16 eth_type
, __u8 ip_proto
,
399 enum flower_icmp_field field
)
401 if (eth_type
== htons(ETH_P_IP
) && ip_proto
== IPPROTO_ICMP
)
402 return field
== FLOWER_ICMP_FIELD_CODE
?
403 TCA_FLOWER_KEY_ICMPV4_CODE
:
404 TCA_FLOWER_KEY_ICMPV4_TYPE
;
405 else if (eth_type
== htons(ETH_P_IPV6
) && ip_proto
== IPPROTO_ICMPV6
)
406 return field
== FLOWER_ICMP_FIELD_CODE
?
407 TCA_FLOWER_KEY_ICMPV6_CODE
:
408 TCA_FLOWER_KEY_ICMPV6_TYPE
;
413 static int flower_icmp_attr_mask_type(__be16 eth_type
, __u8 ip_proto
,
414 enum flower_icmp_field field
)
416 if (eth_type
== htons(ETH_P_IP
) && ip_proto
== IPPROTO_ICMP
)
417 return field
== FLOWER_ICMP_FIELD_CODE
?
418 TCA_FLOWER_KEY_ICMPV4_CODE_MASK
:
419 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK
;
420 else if (eth_type
== htons(ETH_P_IPV6
) && ip_proto
== IPPROTO_ICMPV6
)
421 return field
== FLOWER_ICMP_FIELD_CODE
?
422 TCA_FLOWER_KEY_ICMPV6_CODE_MASK
:
423 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK
;
428 static int flower_parse_icmp(char *str
, __u16 eth_type
, __u8 ip_proto
,
429 enum flower_icmp_field field
, struct nlmsghdr
*n
)
431 int value_type
, mask_type
;
433 value_type
= flower_icmp_attr_type(eth_type
, ip_proto
, field
);
434 mask_type
= flower_icmp_attr_mask_type(eth_type
, ip_proto
, field
);
435 if (value_type
< 0 || mask_type
< 0)
438 return flower_parse_u8(str
, value_type
, mask_type
, NULL
, NULL
, n
);
441 static int flower_port_attr_type(__u8 ip_proto
, enum flower_endpoint endpoint
)
443 if (ip_proto
== IPPROTO_TCP
)
444 return endpoint
== FLOWER_ENDPOINT_SRC
?
445 TCA_FLOWER_KEY_TCP_SRC
:
446 TCA_FLOWER_KEY_TCP_DST
;
447 else if (ip_proto
== IPPROTO_UDP
)
448 return endpoint
== FLOWER_ENDPOINT_SRC
?
449 TCA_FLOWER_KEY_UDP_SRC
:
450 TCA_FLOWER_KEY_UDP_DST
;
451 else if (ip_proto
== IPPROTO_SCTP
)
452 return endpoint
== FLOWER_ENDPOINT_SRC
?
453 TCA_FLOWER_KEY_SCTP_SRC
:
454 TCA_FLOWER_KEY_SCTP_DST
;
459 static int flower_parse_port(char *str
, __u8 ip_proto
,
460 enum flower_endpoint endpoint
,
467 type
= flower_port_attr_type(ip_proto
, endpoint
);
471 ret
= get_be16(&port
, str
, 10);
475 addattr16(n
, MAX_MSG
, type
, port
);
480 #define TCP_FLAGS_MAX_MASK 0xfff
482 static int flower_parse_tcp_flags(char *str
, int flags_type
, int mask_type
,
489 slash
= strchr(str
, '/');
493 ret
= get_u16(&flags
, str
, 16);
494 if (ret
< 0 || flags
& ~TCP_FLAGS_MAX_MASK
)
497 addattr16(n
, MAX_MSG
, flags_type
, htons(flags
));
500 ret
= get_u16(&flags
, slash
+ 1, 16);
501 if (ret
< 0 || flags
& ~TCP_FLAGS_MAX_MASK
)
504 flags
= TCP_FLAGS_MAX_MASK
;
506 addattr16(n
, MAX_MSG
, mask_type
, htons(flags
));
515 static int flower_parse_ip_tos_ttl(char *str
, int key_type
, int mask_type
,
522 slash
= strchr(str
, '/');
526 ret
= get_u8(&tos_ttl
, str
, 10);
528 ret
= get_u8(&tos_ttl
, str
, 16);
532 addattr8(n
, MAX_MSG
, key_type
, tos_ttl
);
535 ret
= get_u8(&tos_ttl
, slash
+ 1, 16);
541 addattr8(n
, MAX_MSG
, mask_type
, tos_ttl
);
550 static int flower_parse_key_id(const char *str
, int type
, struct nlmsghdr
*n
)
555 ret
= get_be32(&key_id
, str
, 10);
557 addattr32(n
, MAX_MSG
, type
, key_id
);
562 static int flower_parse_enc_port(char *str
, int type
, struct nlmsghdr
*n
)
567 ret
= get_be16(&port
, str
, 10);
571 addattr16(n
, MAX_MSG
, type
, port
);
576 static int flower_parse_opt(struct filter_util
*qu
, char *handle
,
577 int argc
, char **argv
, struct nlmsghdr
*n
)
580 struct tcmsg
*t
= NLMSG_DATA(n
);
582 __be16 eth_type
= TC_H_MIN(t
->tcm_info
);
583 __be16 vlan_ethtype
= 0;
584 __u8 ip_proto
= 0xff;
590 ret
= get_u32(&t
->tcm_handle
, handle
, 0);
592 fprintf(stderr
, "Illegal \"handle\"\n");
597 tail
= (struct rtattr
*) (((void *) n
) + NLMSG_ALIGN(n
->nlmsg_len
));
598 addattr_l(n
, MAX_MSG
, TCA_OPTIONS
, NULL
, 0);
601 /*at minimal we will match all ethertype packets */
606 if (matches(*argv
, "classid") == 0 ||
607 matches(*argv
, "flowid") == 0) {
611 ret
= get_tc_classid(&handle
, *argv
);
613 fprintf(stderr
, "Illegal \"classid\"\n");
616 addattr_l(n
, MAX_MSG
, TCA_FLOWER_CLASSID
, &handle
, 4);
617 } else if (matches(*argv
, "ip_flags") == 0) {
619 ret
= flower_parse_matching_flags(*argv
,
624 fprintf(stderr
, "Illegal \"ip_flags\"\n");
627 } else if (matches(*argv
, "skip_hw") == 0) {
628 flags
|= TCA_CLS_FLAGS_SKIP_HW
;
629 } else if (matches(*argv
, "skip_sw") == 0) {
630 flags
|= TCA_CLS_FLAGS_SKIP_SW
;
631 } else if (matches(*argv
, "indev") == 0) {
633 addattrstrz(n
, MAX_MSG
, TCA_FLOWER_INDEV
, *argv
);
634 } else if (matches(*argv
, "vlan_id") == 0) {
638 if (eth_type
!= htons(ETH_P_8021Q
)) {
640 "Can't set \"vlan_id\" if ethertype isn't 802.1Q\n");
643 ret
= get_u16(&vid
, *argv
, 10);
644 if (ret
< 0 || vid
& ~0xfff) {
645 fprintf(stderr
, "Illegal \"vlan_id\"\n");
648 addattr16(n
, MAX_MSG
, TCA_FLOWER_KEY_VLAN_ID
, vid
);
649 } else if (matches(*argv
, "vlan_prio") == 0) {
653 if (eth_type
!= htons(ETH_P_8021Q
)) {
655 "Can't set \"vlan_prio\" if ethertype isn't 802.1Q\n");
658 ret
= get_u8(&vlan_prio
, *argv
, 10);
659 if (ret
< 0 || vlan_prio
& ~0x7) {
660 fprintf(stderr
, "Illegal \"vlan_prio\"\n");
664 TCA_FLOWER_KEY_VLAN_PRIO
, vlan_prio
);
665 } else if (matches(*argv
, "vlan_ethtype") == 0) {
667 ret
= flower_parse_vlan_eth_type(*argv
, eth_type
,
668 TCA_FLOWER_KEY_VLAN_ETH_TYPE
,
672 } else if (matches(*argv
, "dst_mac") == 0) {
674 ret
= flower_parse_eth_addr(*argv
,
675 TCA_FLOWER_KEY_ETH_DST
,
676 TCA_FLOWER_KEY_ETH_DST_MASK
,
679 fprintf(stderr
, "Illegal \"dst_mac\"\n");
682 } else if (matches(*argv
, "src_mac") == 0) {
684 ret
= flower_parse_eth_addr(*argv
,
685 TCA_FLOWER_KEY_ETH_SRC
,
686 TCA_FLOWER_KEY_ETH_SRC_MASK
,
689 fprintf(stderr
, "Illegal \"src_mac\"\n");
692 } else if (matches(*argv
, "ip_proto") == 0) {
694 ret
= flower_parse_ip_proto(*argv
, vlan_ethtype
?
695 vlan_ethtype
: eth_type
,
696 TCA_FLOWER_KEY_IP_PROTO
,
699 fprintf(stderr
, "Illegal \"ip_proto\"\n");
702 } else if (matches(*argv
, "ip_tos") == 0) {
704 ret
= flower_parse_ip_tos_ttl(*argv
,
705 TCA_FLOWER_KEY_IP_TOS
,
706 TCA_FLOWER_KEY_IP_TOS_MASK
,
709 fprintf(stderr
, "Illegal \"ip_tos\"\n");
712 } else if (matches(*argv
, "ip_ttl") == 0) {
714 ret
= flower_parse_ip_tos_ttl(*argv
,
715 TCA_FLOWER_KEY_IP_TTL
,
716 TCA_FLOWER_KEY_IP_TTL_MASK
,
719 fprintf(stderr
, "Illegal \"ip_ttl\"\n");
722 } else if (matches(*argv
, "dst_ip") == 0) {
724 ret
= flower_parse_ip_addr(*argv
, vlan_ethtype
?
725 vlan_ethtype
: eth_type
,
726 TCA_FLOWER_KEY_IPV4_DST
,
727 TCA_FLOWER_KEY_IPV4_DST_MASK
,
728 TCA_FLOWER_KEY_IPV6_DST
,
729 TCA_FLOWER_KEY_IPV6_DST_MASK
,
732 fprintf(stderr
, "Illegal \"dst_ip\"\n");
735 } else if (matches(*argv
, "src_ip") == 0) {
737 ret
= flower_parse_ip_addr(*argv
, vlan_ethtype
?
738 vlan_ethtype
: eth_type
,
739 TCA_FLOWER_KEY_IPV4_SRC
,
740 TCA_FLOWER_KEY_IPV4_SRC_MASK
,
741 TCA_FLOWER_KEY_IPV6_SRC
,
742 TCA_FLOWER_KEY_IPV6_SRC_MASK
,
745 fprintf(stderr
, "Illegal \"src_ip\"\n");
748 } else if (matches(*argv
, "dst_port") == 0) {
750 ret
= flower_parse_port(*argv
, ip_proto
,
751 FLOWER_ENDPOINT_DST
, n
);
753 fprintf(stderr
, "Illegal \"dst_port\"\n");
756 } else if (matches(*argv
, "src_port") == 0) {
758 ret
= flower_parse_port(*argv
, ip_proto
,
759 FLOWER_ENDPOINT_SRC
, n
);
761 fprintf(stderr
, "Illegal \"src_port\"\n");
764 } else if (matches(*argv
, "tcp_flags") == 0) {
766 ret
= flower_parse_tcp_flags(*argv
,
767 TCA_FLOWER_KEY_TCP_FLAGS
,
768 TCA_FLOWER_KEY_TCP_FLAGS_MASK
,
771 fprintf(stderr
, "Illegal \"tcp_flags\"\n");
774 } else if (matches(*argv
, "type") == 0) {
776 ret
= flower_parse_icmp(*argv
, eth_type
, ip_proto
,
777 FLOWER_ICMP_FIELD_TYPE
, n
);
779 fprintf(stderr
, "Illegal \"icmp type\"\n");
782 } else if (matches(*argv
, "code") == 0) {
784 ret
= flower_parse_icmp(*argv
, eth_type
, ip_proto
,
785 FLOWER_ICMP_FIELD_CODE
, n
);
787 fprintf(stderr
, "Illegal \"icmp code\"\n");
790 } else if (matches(*argv
, "arp_tip") == 0) {
792 ret
= flower_parse_arp_ip_addr(*argv
, vlan_ethtype
?
793 vlan_ethtype
: eth_type
,
794 TCA_FLOWER_KEY_ARP_TIP
,
795 TCA_FLOWER_KEY_ARP_TIP_MASK
,
798 fprintf(stderr
, "Illegal \"arp_tip\"\n");
801 } else if (matches(*argv
, "arp_sip") == 0) {
803 ret
= flower_parse_arp_ip_addr(*argv
, vlan_ethtype
?
804 vlan_ethtype
: eth_type
,
805 TCA_FLOWER_KEY_ARP_SIP
,
806 TCA_FLOWER_KEY_ARP_SIP_MASK
,
809 fprintf(stderr
, "Illegal \"arp_sip\"\n");
812 } else if (matches(*argv
, "arp_op") == 0) {
814 ret
= flower_parse_arp_op(*argv
, vlan_ethtype
?
815 vlan_ethtype
: eth_type
,
816 TCA_FLOWER_KEY_ARP_OP
,
817 TCA_FLOWER_KEY_ARP_OP_MASK
,
820 fprintf(stderr
, "Illegal \"arp_op\"\n");
823 } else if (matches(*argv
, "arp_tha") == 0) {
825 ret
= flower_parse_eth_addr(*argv
,
826 TCA_FLOWER_KEY_ARP_THA
,
827 TCA_FLOWER_KEY_ARP_THA_MASK
,
830 fprintf(stderr
, "Illegal \"arp_tha\"\n");
833 } else if (matches(*argv
, "arp_sha") == 0) {
835 ret
= flower_parse_eth_addr(*argv
,
836 TCA_FLOWER_KEY_ARP_SHA
,
837 TCA_FLOWER_KEY_ARP_SHA_MASK
,
840 fprintf(stderr
, "Illegal \"arp_sha\"\n");
843 } else if (matches(*argv
, "enc_dst_ip") == 0) {
845 ret
= flower_parse_ip_addr(*argv
, 0,
846 TCA_FLOWER_KEY_ENC_IPV4_DST
,
847 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
,
848 TCA_FLOWER_KEY_ENC_IPV6_DST
,
849 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK
,
852 fprintf(stderr
, "Illegal \"enc_dst_ip\"\n");
855 } else if (matches(*argv
, "enc_src_ip") == 0) {
857 ret
= flower_parse_ip_addr(*argv
, 0,
858 TCA_FLOWER_KEY_ENC_IPV4_SRC
,
859 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
,
860 TCA_FLOWER_KEY_ENC_IPV6_SRC
,
861 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK
,
864 fprintf(stderr
, "Illegal \"enc_src_ip\"\n");
867 } else if (matches(*argv
, "enc_key_id") == 0) {
869 ret
= flower_parse_key_id(*argv
,
870 TCA_FLOWER_KEY_ENC_KEY_ID
, n
);
872 fprintf(stderr
, "Illegal \"enc_key_id\"\n");
875 } else if (matches(*argv
, "enc_dst_port") == 0) {
877 ret
= flower_parse_enc_port(*argv
,
878 TCA_FLOWER_KEY_ENC_UDP_DST_PORT
, n
);
880 fprintf(stderr
, "Illegal \"enc_dst_port\"\n");
883 } else if (matches(*argv
, "action") == 0) {
885 ret
= parse_action(&argc
, &argv
, TCA_FLOWER_ACT
, n
);
887 fprintf(stderr
, "Illegal \"action\"\n");
891 } else if (strcmp(*argv
, "help") == 0) {
895 fprintf(stderr
, "What is \"%s\"?\n", *argv
);
903 ret
= addattr32(n
, MAX_MSG
, TCA_FLOWER_FLAGS
, flags
);
908 ret
= addattr32(n
, MAX_MSG
, TCA_FLOWER_KEY_FLAGS
, htonl(mtf
));
912 ret
= addattr32(n
, MAX_MSG
, TCA_FLOWER_KEY_FLAGS_MASK
, htonl(mtf_mask
));
917 if (eth_type
!= htons(ETH_P_ALL
)) {
918 ret
= addattr16(n
, MAX_MSG
, TCA_FLOWER_KEY_ETH_TYPE
, eth_type
);
923 tail
->rta_len
= (((void *)n
)+n
->nlmsg_len
) - (void *)tail
;
928 static int __mask_bits(char *addr
, size_t len
)
935 for (i
= 0; i
< len
; i
++, addr
++) {
936 for (j
= 7; j
>= 0; j
--) {
937 if (((*addr
) >> j
) & 0x1) {
951 static void flower_print_eth_addr(FILE *f
, char *name
,
952 struct rtattr
*addr_attr
,
953 struct rtattr
*mask_attr
)
958 if (!addr_attr
|| RTA_PAYLOAD(addr_attr
) != ETH_ALEN
)
960 fprintf(f
, "\n %s %s", name
, ll_addr_n2a(RTA_DATA(addr_attr
), ETH_ALEN
,
962 if (!mask_attr
|| RTA_PAYLOAD(mask_attr
) != ETH_ALEN
)
964 bits
= __mask_bits(RTA_DATA(mask_attr
), ETH_ALEN
);
966 fprintf(f
, "/%s", ll_addr_n2a(RTA_DATA(mask_attr
), ETH_ALEN
,
968 else if (bits
< ETH_ALEN
* 8)
969 fprintf(f
, "/%d", bits
);
972 static void flower_print_eth_type(FILE *f
, __be16
*p_eth_type
,
973 struct rtattr
*eth_type_attr
)
980 eth_type
= rta_getattr_u16(eth_type_attr
);
981 fprintf(f
, "\n eth_type ");
982 if (eth_type
== htons(ETH_P_IP
))
984 else if (eth_type
== htons(ETH_P_IPV6
))
986 else if (eth_type
== htons(ETH_P_ARP
))
988 else if (eth_type
== htons(ETH_P_RARP
))
991 fprintf(f
, "%04x", ntohs(eth_type
));
992 *p_eth_type
= eth_type
;
995 static void flower_print_ip_proto(FILE *f
, __u8
*p_ip_proto
,
996 struct rtattr
*ip_proto_attr
)
1003 ip_proto
= rta_getattr_u8(ip_proto_attr
);
1004 fprintf(f
, "\n ip_proto ");
1005 if (ip_proto
== IPPROTO_TCP
)
1007 else if (ip_proto
== IPPROTO_UDP
)
1009 else if (ip_proto
== IPPROTO_SCTP
)
1011 else if (ip_proto
== IPPROTO_ICMP
)
1013 else if (ip_proto
== IPPROTO_ICMPV6
)
1014 fprintf(f
, "icmpv6");
1016 fprintf(f
, "%02x", ip_proto
);
1017 *p_ip_proto
= ip_proto
;
1020 static void flower_print_ip_attr(FILE *f
, char *name
,
1021 struct rtattr
*key_attr
,
1022 struct rtattr
*mask_attr
)
1027 fprintf(f
, "\n %s %x", name
, rta_getattr_u8(key_attr
));
1030 fprintf(f
, "/%x", rta_getattr_u8(mask_attr
));
1033 static void flower_print_matching_flags(FILE *f
, char *name
,
1034 enum flower_matching_flags type
,
1035 struct rtattr
*attr
,
1036 struct rtattr
*mask_attr
)
1043 if (!mask_attr
|| RTA_PAYLOAD(mask_attr
) != 4)
1046 mtf
= ntohl(rta_getattr_u32(attr
));
1047 mtf_mask
= ntohl(rta_getattr_u32(mask_attr
));
1049 for (i
= 0; i
< ARRAY_SIZE(flags_str
); i
++) {
1050 if (type
!= flags_str
[i
].type
)
1052 if (mtf_mask
& flags_str
[i
].flag
) {
1054 fprintf(f
, "\n %s ", name
);
1058 if (mtf
& flags_str
[i
].flag
)
1059 fprintf(f
, "%s", flags_str
[i
].string
);
1061 fprintf(f
, "no%s", flags_str
[i
].string
);
1066 static void flower_print_ip_addr(FILE *f
, char *name
, __be16 eth_type
,
1067 struct rtattr
*addr4_attr
,
1068 struct rtattr
*mask4_attr
,
1069 struct rtattr
*addr6_attr
,
1070 struct rtattr
*mask6_attr
)
1072 struct rtattr
*addr_attr
;
1073 struct rtattr
*mask_attr
;
1078 if (eth_type
== htons(ETH_P_IP
)) {
1080 addr_attr
= addr4_attr
;
1081 mask_attr
= mask4_attr
;
1083 } else if (eth_type
== htons(ETH_P_IPV6
)) {
1085 addr_attr
= addr6_attr
;
1086 mask_attr
= mask6_attr
;
1091 if (!addr_attr
|| RTA_PAYLOAD(addr_attr
) != len
)
1093 fprintf(f
, "\n %s %s", name
, rt_addr_n2a_rta(family
, addr_attr
));
1094 if (!mask_attr
|| RTA_PAYLOAD(mask_attr
) != len
)
1096 bits
= __mask_bits(RTA_DATA(mask_attr
), len
);
1098 fprintf(f
, "/%s", rt_addr_n2a_rta(family
, mask_attr
));
1099 else if (bits
< len
* 8)
1100 fprintf(f
, "/%d", bits
);
1102 static void flower_print_ip4_addr(FILE *f
, char *name
,
1103 struct rtattr
*addr_attr
,
1104 struct rtattr
*mask_attr
)
1106 return flower_print_ip_addr(f
, name
, htons(ETH_P_IP
),
1107 addr_attr
, mask_attr
, 0, 0);
1110 static void flower_print_port(FILE *f
, char *name
, struct rtattr
*attr
)
1113 fprintf(f
, "\n %s %d", name
, rta_getattr_be16(attr
));
1116 static void flower_print_tcp_flags(FILE *f
, char *name
,
1117 struct rtattr
*flags_attr
,
1118 struct rtattr
*mask_attr
)
1122 fprintf(f
, "\n %s %x", name
, rta_getattr_be16(flags_attr
));
1125 fprintf(f
, "/%x", rta_getattr_be16(mask_attr
));
1129 static void flower_print_key_id(FILE *f
, const char *name
,
1130 struct rtattr
*attr
)
1133 fprintf(f
, "\n %s %d", name
, rta_getattr_be32(attr
));
1136 static void flower_print_masked_u8(FILE *f
, const char *name
,
1137 struct rtattr
*attr
,
1138 struct rtattr
*mask_attr
,
1139 const char *(*value_to_str
)(__u8 value
))
1141 const char *value_str
= NULL
;
1147 value
= rta_getattr_u8(attr
);
1148 mask
= mask_attr
? rta_getattr_u8(mask_attr
) : UINT8_MAX
;
1149 if (mask
== UINT8_MAX
&& value_to_str
)
1150 value_str
= value_to_str(value
);
1152 fprintf(f
, "\n %s ", name
);
1155 fputs(value_str
, f
);
1157 fprintf(f
, "%d", value
);
1159 if (mask
!= UINT8_MAX
)
1160 fprintf(f
, "/%d", mask
);
1163 static void flower_print_arp_op(FILE *f
, const char *name
,
1164 struct rtattr
*op_attr
,
1165 struct rtattr
*mask_attr
)
1167 flower_print_masked_u8(f
, name
, op_attr
, mask_attr
,
1168 flower_print_arp_op_to_name
);
1171 static int flower_print_opt(struct filter_util
*qu
, FILE *f
,
1172 struct rtattr
*opt
, __u32 handle
)
1174 struct rtattr
*tb
[TCA_FLOWER_MAX
+ 1];
1175 int nl_type
, nl_mask_type
;
1176 __be16 eth_type
= 0;
1177 __u8 ip_proto
= 0xff;
1182 parse_rtattr_nested(tb
, TCA_FLOWER_MAX
, opt
);
1185 fprintf(f
, "handle 0x%x ", handle
);
1187 if (tb
[TCA_FLOWER_CLASSID
]) {
1189 fprintf(f
, "classid %s ",
1190 sprint_tc_classid(rta_getattr_u32(tb
[TCA_FLOWER_CLASSID
]),
1194 if (tb
[TCA_FLOWER_INDEV
]) {
1195 struct rtattr
*attr
= tb
[TCA_FLOWER_INDEV
];
1197 fprintf(f
, "\n indev %s", rta_getattr_str(attr
));
1200 if (tb
[TCA_FLOWER_KEY_VLAN_ID
]) {
1201 struct rtattr
*attr
= tb
[TCA_FLOWER_KEY_VLAN_ID
];
1203 fprintf(f
, "\n vlan_id %d", rta_getattr_u16(attr
));
1206 if (tb
[TCA_FLOWER_KEY_VLAN_PRIO
]) {
1207 struct rtattr
*attr
= tb
[TCA_FLOWER_KEY_VLAN_PRIO
];
1209 fprintf(f
, "\n vlan_prio %d", rta_getattr_u8(attr
));
1212 flower_print_eth_addr(f
, "dst_mac", tb
[TCA_FLOWER_KEY_ETH_DST
],
1213 tb
[TCA_FLOWER_KEY_ETH_DST_MASK
]);
1214 flower_print_eth_addr(f
, "src_mac", tb
[TCA_FLOWER_KEY_ETH_SRC
],
1215 tb
[TCA_FLOWER_KEY_ETH_SRC_MASK
]);
1217 flower_print_eth_type(f
, ð_type
, tb
[TCA_FLOWER_KEY_ETH_TYPE
]);
1218 flower_print_ip_proto(f
, &ip_proto
, tb
[TCA_FLOWER_KEY_IP_PROTO
]);
1220 flower_print_ip_attr(f
, "ip_tos", tb
[TCA_FLOWER_KEY_IP_TOS
],
1221 tb
[TCA_FLOWER_KEY_IP_TOS_MASK
]);
1222 flower_print_ip_attr(f
, "ip_ttl", tb
[TCA_FLOWER_KEY_IP_TTL
],
1223 tb
[TCA_FLOWER_KEY_IP_TTL_MASK
]);
1225 flower_print_ip_addr(f
, "dst_ip", eth_type
,
1226 tb
[TCA_FLOWER_KEY_IPV4_DST
],
1227 tb
[TCA_FLOWER_KEY_IPV4_DST_MASK
],
1228 tb
[TCA_FLOWER_KEY_IPV6_DST
],
1229 tb
[TCA_FLOWER_KEY_IPV6_DST_MASK
]);
1231 flower_print_ip_addr(f
, "src_ip", eth_type
,
1232 tb
[TCA_FLOWER_KEY_IPV4_SRC
],
1233 tb
[TCA_FLOWER_KEY_IPV4_SRC_MASK
],
1234 tb
[TCA_FLOWER_KEY_IPV6_SRC
],
1235 tb
[TCA_FLOWER_KEY_IPV6_SRC_MASK
]);
1237 nl_type
= flower_port_attr_type(ip_proto
, FLOWER_ENDPOINT_DST
);
1239 flower_print_port(f
, "dst_port", tb
[nl_type
]);
1240 nl_type
= flower_port_attr_type(ip_proto
, FLOWER_ENDPOINT_SRC
);
1242 flower_print_port(f
, "src_port", tb
[nl_type
]);
1244 flower_print_tcp_flags(f
, "tcp_flags", tb
[TCA_FLOWER_KEY_TCP_FLAGS
],
1245 tb
[TCA_FLOWER_KEY_TCP_FLAGS_MASK
]);
1247 nl_type
= flower_icmp_attr_type(eth_type
, ip_proto
,
1248 FLOWER_ICMP_FIELD_TYPE
);
1249 nl_mask_type
= flower_icmp_attr_mask_type(eth_type
, ip_proto
,
1250 FLOWER_ICMP_FIELD_TYPE
);
1251 if (nl_type
>= 0 && nl_mask_type
>= 0)
1252 flower_print_masked_u8(f
, "icmp_type", tb
[nl_type
],
1253 tb
[nl_mask_type
], NULL
);
1255 nl_type
= flower_icmp_attr_type(eth_type
, ip_proto
,
1256 FLOWER_ICMP_FIELD_CODE
);
1257 nl_mask_type
= flower_icmp_attr_mask_type(eth_type
, ip_proto
,
1258 FLOWER_ICMP_FIELD_CODE
);
1259 if (nl_type
>= 0 && nl_mask_type
>= 0)
1260 flower_print_masked_u8(f
, "icmp_code", tb
[nl_type
],
1261 tb
[nl_mask_type
], NULL
);
1263 flower_print_ip4_addr(f
, "arp_sip", tb
[TCA_FLOWER_KEY_ARP_SIP
],
1264 tb
[TCA_FLOWER_KEY_ARP_SIP_MASK
]);
1265 flower_print_ip4_addr(f
, "arp_tip", tb
[TCA_FLOWER_KEY_ARP_TIP
],
1266 tb
[TCA_FLOWER_KEY_ARP_TIP_MASK
]);
1267 flower_print_arp_op(f
, "arp_op", tb
[TCA_FLOWER_KEY_ARP_OP
],
1268 tb
[TCA_FLOWER_KEY_ARP_OP_MASK
]);
1269 flower_print_eth_addr(f
, "arp_sha", tb
[TCA_FLOWER_KEY_ARP_SHA
],
1270 tb
[TCA_FLOWER_KEY_ARP_SHA_MASK
]);
1271 flower_print_eth_addr(f
, "arp_tha", tb
[TCA_FLOWER_KEY_ARP_THA
],
1272 tb
[TCA_FLOWER_KEY_ARP_THA_MASK
]);
1274 flower_print_ip_addr(f
, "enc_dst_ip",
1275 tb
[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
] ?
1276 htons(ETH_P_IP
) : htons(ETH_P_IPV6
),
1277 tb
[TCA_FLOWER_KEY_ENC_IPV4_DST
],
1278 tb
[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
],
1279 tb
[TCA_FLOWER_KEY_ENC_IPV6_DST
],
1280 tb
[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK
]);
1282 flower_print_ip_addr(f
, "enc_src_ip",
1283 tb
[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
] ?
1284 htons(ETH_P_IP
) : htons(ETH_P_IPV6
),
1285 tb
[TCA_FLOWER_KEY_ENC_IPV4_SRC
],
1286 tb
[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
],
1287 tb
[TCA_FLOWER_KEY_ENC_IPV6_SRC
],
1288 tb
[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK
]);
1290 flower_print_key_id(f
, "enc_key_id",
1291 tb
[TCA_FLOWER_KEY_ENC_KEY_ID
]);
1293 flower_print_port(f
, "enc_dst_port",
1294 tb
[TCA_FLOWER_KEY_ENC_UDP_DST_PORT
]);
1296 flower_print_matching_flags(f
, "ip_flags",
1298 tb
[TCA_FLOWER_KEY_FLAGS
],
1299 tb
[TCA_FLOWER_KEY_FLAGS_MASK
]);
1301 if (tb
[TCA_FLOWER_FLAGS
]) {
1302 __u32 flags
= rta_getattr_u32(tb
[TCA_FLOWER_FLAGS
]);
1304 if (flags
& TCA_CLS_FLAGS_SKIP_HW
)
1305 fprintf(f
, "\n skip_hw");
1306 if (flags
& TCA_CLS_FLAGS_SKIP_SW
)
1307 fprintf(f
, "\n skip_sw");
1309 if (flags
& TCA_CLS_FLAGS_IN_HW
)
1310 fprintf(f
, "\n in_hw");
1311 else if (flags
& TCA_CLS_FLAGS_NOT_IN_HW
)
1312 fprintf(f
, "\n not_in_hw");
1315 if (tb
[TCA_FLOWER_ACT
])
1316 tc_print_action(f
, tb
[TCA_FLOWER_ACT
], 0);
1321 struct filter_util flower_filter_util
= {
1323 .parse_fopt
= flower_parse_opt
,
1324 .print_fopt
= flower_print_opt
,