]> git.proxmox.com Git - mirror_iproute2.git/blob - tc/f_flower.c
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'iproute2-master' into iproute2-next
[mirror_iproute2.git] / tc / f_flower.c
1 /*
2 * f_flower.c Flower Classifier
3 *
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: Jiri Pirko <jiri@resnulli.us>
10 */
11
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <unistd.h>
15 #include <string.h>
16 #include <net/if.h>
17 #include <linux/if_arp.h>
18 #include <linux/if_ether.h>
19 #include <linux/ip.h>
20 #include <linux/tc_act/tc_vlan.h>
21 #include <linux/mpls.h>
22
23 #include "utils.h"
24 #include "tc_util.h"
25 #include "rt_names.h"
26
27 enum flower_matching_flags {
28 FLOWER_IP_FLAGS,
29 };
30
31 enum flower_endpoint {
32 FLOWER_ENDPOINT_SRC,
33 FLOWER_ENDPOINT_DST
34 };
35
36 enum flower_icmp_field {
37 FLOWER_ICMP_FIELD_TYPE,
38 FLOWER_ICMP_FIELD_CODE
39 };
40
41 static void explain(void)
42 {
43 fprintf(stderr,
44 "Usage: ... flower [ MATCH-LIST ] [ verbose ]\n"
45 " [ skip_sw | skip_hw ]\n"
46 " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
47 "\n"
48 "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
49 " MATCH := { indev DEV-NAME |\n"
50 " vlan_id VID |\n"
51 " vlan_prio PRIORITY |\n"
52 " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
53 " cvlan_id VID |\n"
54 " cvlan_prio PRIORITY |\n"
55 " cvlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
56 " dst_mac MASKED-LLADDR |\n"
57 " src_mac MASKED-LLADDR |\n"
58 " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
59 " ip_tos MASKED-IP_TOS |\n"
60 " ip_ttl MASKED-IP_TTL |\n"
61 " mpls_label LABEL |\n"
62 " mpls_tc TC |\n"
63 " mpls_bos BOS |\n"
64 " mpls_ttl TTL |\n"
65 " dst_ip PREFIX |\n"
66 " src_ip PREFIX |\n"
67 " dst_port PORT-NUMBER |\n"
68 " src_port PORT-NUMBER |\n"
69 " tcp_flags MASKED-TCP_FLAGS |\n"
70 " type MASKED-ICMP-TYPE |\n"
71 " code MASKED-ICMP-CODE |\n"
72 " arp_tip IPV4-PREFIX |\n"
73 " arp_sip IPV4-PREFIX |\n"
74 " arp_op [ request | reply | OP ] |\n"
75 " arp_tha MASKED-LLADDR |\n"
76 " arp_sha MASKED-LLADDR |\n"
77 " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
78 " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
79 " enc_key_id [ KEY-ID ] |\n"
80 " enc_tos MASKED-IP_TOS |\n"
81 " enc_ttl MASKED-IP_TTL |\n"
82 " geneve_opts MASKED-OPTIONS |\n"
83 " ip_flags IP-FLAGS | \n"
84 " enc_dst_port [ port_number ] }\n"
85 " FILTERID := X:Y:Z\n"
86 " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
87 " ACTION-SPEC := ... look at individual actions\n"
88 "\n"
89 "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
90 "NOTE: There can be only used one mask per one prio. If user needs\n"
91 " to specify different mask, he has to use different prio.\n");
92 }
93
94 static int flower_parse_eth_addr(char *str, int addr_type, int mask_type,
95 struct nlmsghdr *n)
96 {
97 int ret, err = -1;
98 char addr[ETH_ALEN], *slash;
99
100 slash = strchr(str, '/');
101 if (slash)
102 *slash = '\0';
103
104 ret = ll_addr_a2n(addr, sizeof(addr), str);
105 if (ret < 0)
106 goto err;
107 addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr));
108
109 if (slash) {
110 unsigned bits;
111
112 if (!get_unsigned(&bits, slash + 1, 10)) {
113 uint64_t mask;
114
115 /* Extra 16 bit shift to push mac address into
116 * high bits of uint64_t
117 */
118 mask = htonll(0xffffffffffffULL << (16 + 48 - bits));
119 memcpy(addr, &mask, ETH_ALEN);
120 } else {
121 ret = ll_addr_a2n(addr, sizeof(addr), slash + 1);
122 if (ret < 0)
123 goto err;
124 }
125 } else {
126 memset(addr, 0xff, ETH_ALEN);
127 }
128 addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr));
129
130 err = 0;
131 err:
132 if (slash)
133 *slash = '/';
134 return err;
135 }
136
137 static bool eth_type_vlan(__be16 ethertype)
138 {
139 return ethertype == htons(ETH_P_8021Q) ||
140 ethertype == htons(ETH_P_8021AD);
141 }
142
143 static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type,
144 __be16 *p_vlan_eth_type,
145 struct nlmsghdr *n)
146 {
147 __be16 vlan_eth_type;
148
149 if (!eth_type_vlan(eth_type)) {
150 fprintf(stderr, "Can't set \"%s\" if ethertype isn't 802.1Q or 802.1AD\n",
151 type == TCA_FLOWER_KEY_VLAN_ETH_TYPE ? "vlan_ethtype" : "cvlan_ethtype");
152 return -1;
153 }
154
155 if (ll_proto_a2n(&vlan_eth_type, str))
156 invarg("invalid vlan_ethtype", str);
157 addattr16(n, MAX_MSG, type, vlan_eth_type);
158 *p_vlan_eth_type = vlan_eth_type;
159 return 0;
160 }
161
162 struct flag_to_string {
163 int flag;
164 enum flower_matching_flags type;
165 char *string;
166 };
167
168 static struct flag_to_string flags_str[] = {
169 { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
170 { TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, FLOWER_IP_FLAGS, "firstfrag" },
171 };
172
173 static int flower_parse_matching_flags(char *str,
174 enum flower_matching_flags type,
175 __u32 *mtf, __u32 *mtf_mask)
176 {
177 char *token;
178 bool no;
179 bool found;
180 int i;
181
182 token = strtok(str, "/");
183
184 while (token) {
185 if (!strncmp(token, "no", 2)) {
186 no = true;
187 token += 2;
188 } else
189 no = false;
190
191 found = false;
192 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
193 if (type != flags_str[i].type)
194 continue;
195
196 if (!strcmp(token, flags_str[i].string)) {
197 if (no)
198 *mtf &= ~flags_str[i].flag;
199 else
200 *mtf |= flags_str[i].flag;
201
202 *mtf_mask |= flags_str[i].flag;
203 found = true;
204 break;
205 }
206 }
207 if (!found)
208 return -1;
209
210 token = strtok(NULL, "/");
211 }
212
213 return 0;
214 }
215
216 static int flower_parse_ip_proto(char *str, __be16 eth_type, int type,
217 __u8 *p_ip_proto, struct nlmsghdr *n)
218 {
219 int ret;
220 __u8 ip_proto;
221
222 if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6))
223 goto err;
224
225 if (matches(str, "tcp") == 0) {
226 ip_proto = IPPROTO_TCP;
227 } else if (matches(str, "udp") == 0) {
228 ip_proto = IPPROTO_UDP;
229 } else if (matches(str, "sctp") == 0) {
230 ip_proto = IPPROTO_SCTP;
231 } else if (matches(str, "icmp") == 0) {
232 if (eth_type != htons(ETH_P_IP))
233 goto err;
234 ip_proto = IPPROTO_ICMP;
235 } else if (matches(str, "icmpv6") == 0) {
236 if (eth_type != htons(ETH_P_IPV6))
237 goto err;
238 ip_proto = IPPROTO_ICMPV6;
239 } else {
240 ret = get_u8(&ip_proto, str, 16);
241 if (ret)
242 return -1;
243 }
244 addattr8(n, MAX_MSG, type, ip_proto);
245 *p_ip_proto = ip_proto;
246 return 0;
247
248 err:
249 fprintf(stderr, "Illegal \"eth_type\" for ip proto\n");
250 return -1;
251 }
252
253 static int __flower_parse_ip_addr(char *str, int family,
254 int addr4_type, int mask4_type,
255 int addr6_type, int mask6_type,
256 struct nlmsghdr *n)
257 {
258 int ret;
259 inet_prefix addr;
260 int bits;
261 int i;
262
263 ret = get_prefix(&addr, str, family);
264 if (ret)
265 return -1;
266
267 if (family && (addr.family != family)) {
268 fprintf(stderr, "Illegal \"eth_type\" for ip address\n");
269 return -1;
270 }
271
272 addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type,
273 addr.data, addr.bytelen);
274
275 memset(addr.data, 0xff, addr.bytelen);
276 bits = addr.bitlen;
277 for (i = 0; i < addr.bytelen / 4; i++) {
278 if (!bits) {
279 addr.data[i] = 0;
280 } else if (bits / 32 >= 1) {
281 bits -= 32;
282 } else {
283 addr.data[i] <<= 32 - bits;
284 addr.data[i] = htonl(addr.data[i]);
285 bits = 0;
286 }
287 }
288
289 addattr_l(n, MAX_MSG, addr.family == AF_INET ? mask4_type : mask6_type,
290 addr.data, addr.bytelen);
291
292 return 0;
293 }
294
295 static int flower_parse_ip_addr(char *str, __be16 eth_type,
296 int addr4_type, int mask4_type,
297 int addr6_type, int mask6_type,
298 struct nlmsghdr *n)
299 {
300 int family;
301
302 if (eth_type == htons(ETH_P_IP)) {
303 family = AF_INET;
304 } else if (eth_type == htons(ETH_P_IPV6)) {
305 family = AF_INET6;
306 } else if (!eth_type) {
307 family = AF_UNSPEC;
308 } else {
309 return -1;
310 }
311
312 return __flower_parse_ip_addr(str, family, addr4_type, mask4_type,
313 addr6_type, mask6_type, n);
314 }
315
316 static bool flower_eth_type_arp(__be16 eth_type)
317 {
318 return eth_type == htons(ETH_P_ARP) || eth_type == htons(ETH_P_RARP);
319 }
320
321 static int flower_parse_arp_ip_addr(char *str, __be16 eth_type,
322 int addr_type, int mask_type,
323 struct nlmsghdr *n)
324 {
325 if (!flower_eth_type_arp(eth_type))
326 return -1;
327
328 return __flower_parse_ip_addr(str, AF_INET, addr_type, mask_type,
329 TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n);
330 }
331
332 static int flower_parse_u8(char *str, int value_type, int mask_type,
333 int (*value_from_name)(const char *str,
334 __u8 *value),
335 bool (*value_validate)(__u8 value),
336 struct nlmsghdr *n)
337 {
338 char *slash;
339 int ret, err = -1;
340 __u8 value, mask;
341
342 slash = strchr(str, '/');
343 if (slash)
344 *slash = '\0';
345
346 ret = value_from_name ? value_from_name(str, &value) : -1;
347 if (ret < 0) {
348 ret = get_u8(&value, str, 10);
349 if (ret)
350 goto err;
351 }
352
353 if (value_validate && !value_validate(value))
354 goto err;
355
356 if (slash) {
357 ret = get_u8(&mask, slash + 1, 10);
358 if (ret)
359 goto err;
360 }
361 else {
362 mask = UINT8_MAX;
363 }
364
365 addattr8(n, MAX_MSG, value_type, value);
366 addattr8(n, MAX_MSG, mask_type, mask);
367
368 err = 0;
369 err:
370 if (slash)
371 *slash = '/';
372 return err;
373 }
374
375 static const char *flower_print_arp_op_to_name(__u8 op)
376 {
377 switch (op) {
378 case ARPOP_REQUEST:
379 return "request";
380 case ARPOP_REPLY:
381 return "reply";
382 default:
383 return NULL;
384 }
385 }
386
387 static int flower_arp_op_from_name(const char *name, __u8 *op)
388 {
389 if (!strcmp(name, "request"))
390 *op = ARPOP_REQUEST;
391 else if (!strcmp(name, "reply"))
392 *op = ARPOP_REPLY;
393 else
394 return -1;
395
396 return 0;
397 }
398
399 static bool flow_arp_op_validate(__u8 op)
400 {
401 return !op || op == ARPOP_REQUEST || op == ARPOP_REPLY;
402 }
403
404 static int flower_parse_arp_op(char *str, __be16 eth_type,
405 int op_type, int mask_type,
406 struct nlmsghdr *n)
407 {
408 if (!flower_eth_type_arp(eth_type))
409 return -1;
410
411 return flower_parse_u8(str, op_type, mask_type, flower_arp_op_from_name,
412 flow_arp_op_validate, n);
413 }
414
415 static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto,
416 enum flower_icmp_field field)
417 {
418 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
419 return field == FLOWER_ICMP_FIELD_CODE ?
420 TCA_FLOWER_KEY_ICMPV4_CODE :
421 TCA_FLOWER_KEY_ICMPV4_TYPE;
422 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
423 return field == FLOWER_ICMP_FIELD_CODE ?
424 TCA_FLOWER_KEY_ICMPV6_CODE :
425 TCA_FLOWER_KEY_ICMPV6_TYPE;
426
427 return -1;
428 }
429
430 static int flower_icmp_attr_mask_type(__be16 eth_type, __u8 ip_proto,
431 enum flower_icmp_field field)
432 {
433 if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
434 return field == FLOWER_ICMP_FIELD_CODE ?
435 TCA_FLOWER_KEY_ICMPV4_CODE_MASK :
436 TCA_FLOWER_KEY_ICMPV4_TYPE_MASK;
437 else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
438 return field == FLOWER_ICMP_FIELD_CODE ?
439 TCA_FLOWER_KEY_ICMPV6_CODE_MASK :
440 TCA_FLOWER_KEY_ICMPV6_TYPE_MASK;
441
442 return -1;
443 }
444
445 static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto,
446 enum flower_icmp_field field, struct nlmsghdr *n)
447 {
448 int value_type, mask_type;
449
450 value_type = flower_icmp_attr_type(eth_type, ip_proto, field);
451 mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, field);
452 if (value_type < 0 || mask_type < 0)
453 return -1;
454
455 return flower_parse_u8(str, value_type, mask_type, NULL, NULL, n);
456 }
457
458 static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint)
459 {
460 if (ip_proto == IPPROTO_TCP)
461 return endpoint == FLOWER_ENDPOINT_SRC ?
462 TCA_FLOWER_KEY_TCP_SRC :
463 TCA_FLOWER_KEY_TCP_DST;
464 else if (ip_proto == IPPROTO_UDP)
465 return endpoint == FLOWER_ENDPOINT_SRC ?
466 TCA_FLOWER_KEY_UDP_SRC :
467 TCA_FLOWER_KEY_UDP_DST;
468 else if (ip_proto == IPPROTO_SCTP)
469 return endpoint == FLOWER_ENDPOINT_SRC ?
470 TCA_FLOWER_KEY_SCTP_SRC :
471 TCA_FLOWER_KEY_SCTP_DST;
472 else
473 return -1;
474 }
475
476 static int flower_parse_port(char *str, __u8 ip_proto,
477 enum flower_endpoint endpoint,
478 struct nlmsghdr *n)
479 {
480 int ret;
481 int type;
482 __be16 port;
483
484 type = flower_port_attr_type(ip_proto, endpoint);
485 if (type < 0)
486 return -1;
487
488 ret = get_be16(&port, str, 10);
489 if (ret)
490 return -1;
491
492 addattr16(n, MAX_MSG, type, port);
493
494 return 0;
495 }
496
497 static int flower_port_range_attr_type(__u8 ip_proto, enum flower_endpoint type,
498 __be16 *min_port_type,
499 __be16 *max_port_type)
500 {
501 if (ip_proto == IPPROTO_TCP || ip_proto == IPPROTO_UDP ||
502 ip_proto == IPPROTO_SCTP) {
503 if (type == FLOWER_ENDPOINT_SRC) {
504 *min_port_type = TCA_FLOWER_KEY_PORT_SRC_MIN;
505 *max_port_type = TCA_FLOWER_KEY_PORT_SRC_MAX;
506 } else {
507 *min_port_type = TCA_FLOWER_KEY_PORT_DST_MIN;
508 *max_port_type = TCA_FLOWER_KEY_PORT_DST_MAX;
509 }
510 } else {
511 return -1;
512 }
513
514 return 0;
515 }
516
517 static int flower_parse_port_range(__be16 *min, __be16 *max, __u8 ip_proto,
518 enum flower_endpoint endpoint,
519 struct nlmsghdr *n)
520 {
521 __be16 min_port_type, max_port_type;
522
523 if (flower_port_range_attr_type(ip_proto, endpoint, &min_port_type,
524 &max_port_type))
525 return -1;
526
527 addattr16(n, MAX_MSG, min_port_type, *min);
528 addattr16(n, MAX_MSG, max_port_type, *max);
529
530 return 0;
531 }
532
533 static int get_range(__be16 *min, __be16 *max, char *argv)
534 {
535 char *r;
536
537 r = strchr(argv, '-');
538 if (r) {
539 *r = '\0';
540 if (get_be16(min, argv, 10)) {
541 fprintf(stderr, "invalid min range\n");
542 return -1;
543 }
544 if (get_be16(max, r + 1, 10)) {
545 fprintf(stderr, "invalid max range\n");
546 return -1;
547 }
548 if (htons(*max) <= htons(*min)) {
549 fprintf(stderr, "max value should be greater than min value\n");
550 return -1;
551 }
552 } else {
553 fprintf(stderr, "Illegal range format\n");
554 return -1;
555 }
556 return 0;
557 }
558
559 #define TCP_FLAGS_MAX_MASK 0xfff
560
561 static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
562 struct nlmsghdr *n)
563 {
564 char *slash;
565 int ret, err = -1;
566 __u16 flags;
567
568 slash = strchr(str, '/');
569 if (slash)
570 *slash = '\0';
571
572 ret = get_u16(&flags, str, 16);
573 if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
574 goto err;
575
576 addattr16(n, MAX_MSG, flags_type, htons(flags));
577
578 if (slash) {
579 ret = get_u16(&flags, slash + 1, 16);
580 if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
581 goto err;
582 } else {
583 flags = TCP_FLAGS_MAX_MASK;
584 }
585 addattr16(n, MAX_MSG, mask_type, htons(flags));
586
587 err = 0;
588 err:
589 if (slash)
590 *slash = '/';
591 return err;
592 }
593
594 static int flower_parse_ip_tos_ttl(char *str, int key_type, int mask_type,
595 struct nlmsghdr *n)
596 {
597 char *slash;
598 int ret, err = -1;
599 __u8 tos_ttl;
600
601 slash = strchr(str, '/');
602 if (slash)
603 *slash = '\0';
604
605 ret = get_u8(&tos_ttl, str, 10);
606 if (ret < 0)
607 ret = get_u8(&tos_ttl, str, 16);
608 if (ret < 0)
609 goto err;
610
611 addattr8(n, MAX_MSG, key_type, tos_ttl);
612
613 if (slash) {
614 ret = get_u8(&tos_ttl, slash + 1, 16);
615 if (ret < 0)
616 goto err;
617 } else {
618 tos_ttl = 0xff;
619 }
620 addattr8(n, MAX_MSG, mask_type, tos_ttl);
621
622 err = 0;
623 err:
624 if (slash)
625 *slash = '/';
626 return err;
627 }
628
629 static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
630 {
631 int ret;
632 __be32 key_id;
633
634 ret = get_be32(&key_id, str, 10);
635 if (!ret)
636 addattr32(n, MAX_MSG, type, key_id);
637
638 return ret;
639 }
640
641 static int flower_parse_enc_port(char *str, int type, struct nlmsghdr *n)
642 {
643 int ret;
644 __be16 port;
645
646 ret = get_be16(&port, str, 10);
647 if (ret)
648 return -1;
649
650 addattr16(n, MAX_MSG, type, port);
651
652 return 0;
653 }
654
655 static int flower_parse_geneve_opts(char *str, struct nlmsghdr *n)
656 {
657 struct rtattr *nest;
658 char *token;
659 int i, err;
660
661 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
662
663 i = 1;
664 token = strsep(&str, ":");
665 while (token) {
666 switch (i) {
667 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS:
668 {
669 __be16 opt_class;
670
671 if (!strlen(token))
672 break;
673 err = get_be16(&opt_class, token, 16);
674 if (err)
675 return err;
676
677 addattr16(n, MAX_MSG, i, opt_class);
678 break;
679 }
680 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE:
681 {
682 __u8 opt_type;
683
684 if (!strlen(token))
685 break;
686 err = get_u8(&opt_type, token, 16);
687 if (err)
688 return err;
689
690 addattr8(n, MAX_MSG, i, opt_type);
691 break;
692 }
693 case TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA:
694 {
695 size_t token_len = strlen(token);
696 __u8 *opts;
697
698 if (!token_len)
699 break;
700 opts = malloc(token_len / 2);
701 if (!opts)
702 return -1;
703 if (hex2mem(token, opts, token_len / 2) < 0) {
704 free(opts);
705 return -1;
706 }
707 addattr_l(n, MAX_MSG, i, opts, token_len / 2);
708 free(opts);
709
710 break;
711 }
712 default:
713 fprintf(stderr, "Unknown \"geneve_opts\" type\n");
714 return -1;
715 }
716
717 token = strsep(&str, ":");
718 i++;
719 }
720 addattr_nest_end(n, nest);
721
722 return 0;
723 }
724
725 static int flower_parse_enc_opt_part(char *str, struct nlmsghdr *n)
726 {
727 char *token;
728 int err;
729
730 token = strsep(&str, ",");
731 while (token) {
732 err = flower_parse_geneve_opts(token, n);
733 if (err)
734 return err;
735
736 token = strsep(&str, ",");
737 }
738
739 return 0;
740 }
741
742 static int flower_check_enc_opt_key(char *key)
743 {
744 int key_len, col_cnt = 0;
745
746 key_len = strlen(key);
747 while ((key = strchr(key, ':'))) {
748 if (strlen(key) == key_len)
749 return -1;
750
751 key_len = strlen(key) - 1;
752 col_cnt++;
753 key++;
754 }
755
756 if (col_cnt != 2 || !key_len)
757 return -1;
758
759 return 0;
760 }
761
762 static int flower_parse_enc_opts(char *str, struct nlmsghdr *n)
763 {
764 char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];
765 int data_len, key_len, mask_len, err;
766 char *token, *slash;
767 struct rtattr *nest;
768
769 key_len = 0;
770 mask_len = 0;
771 token = strsep(&str, ",");
772 while (token) {
773 slash = strchr(token, '/');
774 if (slash)
775 *slash = '\0';
776
777 if ((key_len + strlen(token) > XATTR_SIZE_MAX) ||
778 flower_check_enc_opt_key(token))
779 return -1;
780
781 strcpy(&key[key_len], token);
782 key_len += strlen(token) + 1;
783 key[key_len - 1] = ',';
784
785 if (!slash) {
786 /* Pad out mask when not provided */
787 if (mask_len + strlen(token) > XATTR_SIZE_MAX)
788 return -1;
789
790 data_len = strlen(rindex(token, ':'));
791 sprintf(&mask[mask_len], "ffff:ff:");
792 mask_len += 8;
793 memset(&mask[mask_len], 'f', data_len - 1);
794 mask_len += data_len;
795 mask[mask_len - 1] = ',';
796 token = strsep(&str, ",");
797 continue;
798 }
799
800 if (mask_len + strlen(slash + 1) > XATTR_SIZE_MAX)
801 return -1;
802
803 strcpy(&mask[mask_len], slash + 1);
804 mask_len += strlen(slash + 1) + 1;
805 mask[mask_len - 1] = ',';
806
807 *slash = '/';
808 token = strsep(&str, ",");
809 }
810 key[key_len - 1] = '\0';
811 mask[mask_len - 1] = '\0';
812
813 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS);
814 err = flower_parse_enc_opt_part(key, n);
815 if (err)
816 return err;
817 addattr_nest_end(n, nest);
818
819 nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_MASK);
820 err = flower_parse_enc_opt_part(mask, n);
821 if (err)
822 return err;
823 addattr_nest_end(n, nest);
824
825 return 0;
826 }
827
828 static int flower_parse_opt(struct filter_util *qu, char *handle,
829 int argc, char **argv, struct nlmsghdr *n)
830 {
831 int ret;
832 struct tcmsg *t = NLMSG_DATA(n);
833 struct rtattr *tail;
834 __be16 eth_type = TC_H_MIN(t->tcm_info);
835 __be16 vlan_ethtype = 0;
836 __be16 cvlan_ethtype = 0;
837 __u8 ip_proto = 0xff;
838 __u32 flags = 0;
839 __u32 mtf = 0;
840 __u32 mtf_mask = 0;
841
842 if (handle) {
843 ret = get_u32(&t->tcm_handle, handle, 0);
844 if (ret) {
845 fprintf(stderr, "Illegal \"handle\"\n");
846 return -1;
847 }
848 }
849
850 tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len));
851 addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
852
853 if (argc == 0) {
854 /*at minimal we will match all ethertype packets */
855 goto parse_done;
856 }
857
858 while (argc > 0) {
859 if (matches(*argv, "classid") == 0 ||
860 matches(*argv, "flowid") == 0) {
861 unsigned int handle;
862
863 NEXT_ARG();
864 ret = get_tc_classid(&handle, *argv);
865 if (ret) {
866 fprintf(stderr, "Illegal \"classid\"\n");
867 return -1;
868 }
869 addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle, 4);
870 } else if (matches(*argv, "hw_tc") == 0) {
871 unsigned int handle;
872 __u32 tc;
873 char *end;
874
875 NEXT_ARG();
876 tc = strtoul(*argv, &end, 0);
877 if (*end) {
878 fprintf(stderr, "Illegal TC index\n");
879 return -1;
880 }
881 if (tc >= TC_QOPT_MAX_QUEUE) {
882 fprintf(stderr, "TC index exceeds max range\n");
883 return -1;
884 }
885 handle = TC_H_MAKE(TC_H_MAJ(t->tcm_parent),
886 TC_H_MIN(tc + TC_H_MIN_PRIORITY));
887 addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &handle,
888 sizeof(handle));
889 } else if (matches(*argv, "ip_flags") == 0) {
890 NEXT_ARG();
891 ret = flower_parse_matching_flags(*argv,
892 FLOWER_IP_FLAGS,
893 &mtf,
894 &mtf_mask);
895 if (ret < 0) {
896 fprintf(stderr, "Illegal \"ip_flags\"\n");
897 return -1;
898 }
899 } else if (matches(*argv, "verbose") == 0) {
900 flags |= TCA_CLS_FLAGS_VERBOSE;
901 } else if (matches(*argv, "skip_hw") == 0) {
902 flags |= TCA_CLS_FLAGS_SKIP_HW;
903 } else if (matches(*argv, "skip_sw") == 0) {
904 flags |= TCA_CLS_FLAGS_SKIP_SW;
905 } else if (matches(*argv, "indev") == 0) {
906 NEXT_ARG();
907 if (check_ifname(*argv))
908 invarg("\"indev\" not a valid ifname", *argv);
909 addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, *argv);
910 } else if (matches(*argv, "vlan_id") == 0) {
911 __u16 vid;
912
913 NEXT_ARG();
914 if (!eth_type_vlan(eth_type)) {
915 fprintf(stderr, "Can't set \"vlan_id\" if ethertype isn't 802.1Q or 802.1AD\n");
916 return -1;
917 }
918 ret = get_u16(&vid, *argv, 10);
919 if (ret < 0 || vid & ~0xfff) {
920 fprintf(stderr, "Illegal \"vlan_id\"\n");
921 return -1;
922 }
923 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_ID, vid);
924 } else if (matches(*argv, "vlan_prio") == 0) {
925 __u8 vlan_prio;
926
927 NEXT_ARG();
928 if (!eth_type_vlan(eth_type)) {
929 fprintf(stderr, "Can't set \"vlan_prio\" if ethertype isn't 802.1Q or 802.1AD\n");
930 return -1;
931 }
932 ret = get_u8(&vlan_prio, *argv, 10);
933 if (ret < 0 || vlan_prio & ~0x7) {
934 fprintf(stderr, "Illegal \"vlan_prio\"\n");
935 return -1;
936 }
937 addattr8(n, MAX_MSG,
938 TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio);
939 } else if (matches(*argv, "vlan_ethtype") == 0) {
940 NEXT_ARG();
941 ret = flower_parse_vlan_eth_type(*argv, eth_type,
942 TCA_FLOWER_KEY_VLAN_ETH_TYPE,
943 &vlan_ethtype, n);
944 if (ret < 0)
945 return -1;
946 } else if (matches(*argv, "cvlan_id") == 0) {
947 __u16 vid;
948
949 NEXT_ARG();
950 if (!eth_type_vlan(vlan_ethtype)) {
951 fprintf(stderr, "Can't set \"cvlan_id\" if inner vlan ethertype isn't 802.1Q or 802.1AD\n");
952 return -1;
953 }
954 ret = get_u16(&vid, *argv, 10);
955 if (ret < 0 || vid & ~0xfff) {
956 fprintf(stderr, "Illegal \"cvlan_id\"\n");
957 return -1;
958 }
959 addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CVLAN_ID, vid);
960 } else if (matches(*argv, "cvlan_prio") == 0) {
961 __u8 cvlan_prio;
962
963 NEXT_ARG();
964 if (!eth_type_vlan(vlan_ethtype)) {
965 fprintf(stderr, "Can't set \"cvlan_prio\" if inner vlan ethertype isn't 802.1Q or 802.1AD\n");
966 return -1;
967 }
968 ret = get_u8(&cvlan_prio, *argv, 10);
969 if (ret < 0 || cvlan_prio & ~0x7) {
970 fprintf(stderr, "Illegal \"cvlan_prio\"\n");
971 return -1;
972 }
973 addattr8(n, MAX_MSG,
974 TCA_FLOWER_KEY_CVLAN_PRIO, cvlan_prio);
975 } else if (matches(*argv, "cvlan_ethtype") == 0) {
976 NEXT_ARG();
977 ret = flower_parse_vlan_eth_type(*argv, vlan_ethtype,
978 TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
979 &cvlan_ethtype, n);
980 if (ret < 0)
981 return -1;
982 } else if (matches(*argv, "mpls_label") == 0) {
983 __u32 label;
984
985 NEXT_ARG();
986 if (eth_type != htons(ETH_P_MPLS_UC) &&
987 eth_type != htons(ETH_P_MPLS_MC)) {
988 fprintf(stderr,
989 "Can't set \"mpls_label\" if ethertype isn't MPLS\n");
990 return -1;
991 }
992 ret = get_u32(&label, *argv, 10);
993 if (ret < 0 || label & ~(MPLS_LS_LABEL_MASK >> MPLS_LS_LABEL_SHIFT)) {
994 fprintf(stderr, "Illegal \"mpls_label\"\n");
995 return -1;
996 }
997 addattr32(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_LABEL, label);
998 } else if (matches(*argv, "mpls_tc") == 0) {
999 __u8 tc;
1000
1001 NEXT_ARG();
1002 if (eth_type != htons(ETH_P_MPLS_UC) &&
1003 eth_type != htons(ETH_P_MPLS_MC)) {
1004 fprintf(stderr,
1005 "Can't set \"mpls_tc\" if ethertype isn't MPLS\n");
1006 return -1;
1007 }
1008 ret = get_u8(&tc, *argv, 10);
1009 if (ret < 0 || tc & ~(MPLS_LS_TC_MASK >> MPLS_LS_TC_SHIFT)) {
1010 fprintf(stderr, "Illegal \"mpls_tc\"\n");
1011 return -1;
1012 }
1013 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_TC, tc);
1014 } else if (matches(*argv, "mpls_bos") == 0) {
1015 __u8 bos;
1016
1017 NEXT_ARG();
1018 if (eth_type != htons(ETH_P_MPLS_UC) &&
1019 eth_type != htons(ETH_P_MPLS_MC)) {
1020 fprintf(stderr,
1021 "Can't set \"mpls_bos\" if ethertype isn't MPLS\n");
1022 return -1;
1023 }
1024 ret = get_u8(&bos, *argv, 10);
1025 if (ret < 0 || bos & ~(MPLS_LS_S_MASK >> MPLS_LS_S_SHIFT)) {
1026 fprintf(stderr, "Illegal \"mpls_bos\"\n");
1027 return -1;
1028 }
1029 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_BOS, bos);
1030 } else if (matches(*argv, "mpls_ttl") == 0) {
1031 __u8 ttl;
1032
1033 NEXT_ARG();
1034 if (eth_type != htons(ETH_P_MPLS_UC) &&
1035 eth_type != htons(ETH_P_MPLS_MC)) {
1036 fprintf(stderr,
1037 "Can't set \"mpls_ttl\" if ethertype isn't MPLS\n");
1038 return -1;
1039 }
1040 ret = get_u8(&ttl, *argv, 10);
1041 if (ret < 0 || ttl & ~(MPLS_LS_TTL_MASK >> MPLS_LS_TTL_SHIFT)) {
1042 fprintf(stderr, "Illegal \"mpls_ttl\"\n");
1043 return -1;
1044 }
1045 addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_TTL, ttl);
1046 } else if (matches(*argv, "dst_mac") == 0) {
1047 NEXT_ARG();
1048 ret = flower_parse_eth_addr(*argv,
1049 TCA_FLOWER_KEY_ETH_DST,
1050 TCA_FLOWER_KEY_ETH_DST_MASK,
1051 n);
1052 if (ret < 0) {
1053 fprintf(stderr, "Illegal \"dst_mac\"\n");
1054 return -1;
1055 }
1056 } else if (matches(*argv, "src_mac") == 0) {
1057 NEXT_ARG();
1058 ret = flower_parse_eth_addr(*argv,
1059 TCA_FLOWER_KEY_ETH_SRC,
1060 TCA_FLOWER_KEY_ETH_SRC_MASK,
1061 n);
1062 if (ret < 0) {
1063 fprintf(stderr, "Illegal \"src_mac\"\n");
1064 return -1;
1065 }
1066 } else if (matches(*argv, "ip_proto") == 0) {
1067 NEXT_ARG();
1068 ret = flower_parse_ip_proto(*argv, cvlan_ethtype ?
1069 cvlan_ethtype : vlan_ethtype ?
1070 vlan_ethtype : eth_type,
1071 TCA_FLOWER_KEY_IP_PROTO,
1072 &ip_proto, n);
1073 if (ret < 0) {
1074 fprintf(stderr, "Illegal \"ip_proto\"\n");
1075 return -1;
1076 }
1077 } else if (matches(*argv, "ip_tos") == 0) {
1078 NEXT_ARG();
1079 ret = flower_parse_ip_tos_ttl(*argv,
1080 TCA_FLOWER_KEY_IP_TOS,
1081 TCA_FLOWER_KEY_IP_TOS_MASK,
1082 n);
1083 if (ret < 0) {
1084 fprintf(stderr, "Illegal \"ip_tos\"\n");
1085 return -1;
1086 }
1087 } else if (matches(*argv, "ip_ttl") == 0) {
1088 NEXT_ARG();
1089 ret = flower_parse_ip_tos_ttl(*argv,
1090 TCA_FLOWER_KEY_IP_TTL,
1091 TCA_FLOWER_KEY_IP_TTL_MASK,
1092 n);
1093 if (ret < 0) {
1094 fprintf(stderr, "Illegal \"ip_ttl\"\n");
1095 return -1;
1096 }
1097 } else if (matches(*argv, "dst_ip") == 0) {
1098 NEXT_ARG();
1099 ret = flower_parse_ip_addr(*argv, cvlan_ethtype ?
1100 cvlan_ethtype : vlan_ethtype ?
1101 vlan_ethtype : eth_type,
1102 TCA_FLOWER_KEY_IPV4_DST,
1103 TCA_FLOWER_KEY_IPV4_DST_MASK,
1104 TCA_FLOWER_KEY_IPV6_DST,
1105 TCA_FLOWER_KEY_IPV6_DST_MASK,
1106 n);
1107 if (ret < 0) {
1108 fprintf(stderr, "Illegal \"dst_ip\"\n");
1109 return -1;
1110 }
1111 } else if (matches(*argv, "src_ip") == 0) {
1112 NEXT_ARG();
1113 ret = flower_parse_ip_addr(*argv, cvlan_ethtype ?
1114 cvlan_ethtype : vlan_ethtype ?
1115 vlan_ethtype : eth_type,
1116 TCA_FLOWER_KEY_IPV4_SRC,
1117 TCA_FLOWER_KEY_IPV4_SRC_MASK,
1118 TCA_FLOWER_KEY_IPV6_SRC,
1119 TCA_FLOWER_KEY_IPV6_SRC_MASK,
1120 n);
1121 if (ret < 0) {
1122 fprintf(stderr, "Illegal \"src_ip\"\n");
1123 return -1;
1124 }
1125 } else if (matches(*argv, "dst_port") == 0) {
1126 __be16 min, max;
1127
1128 NEXT_ARG();
1129 if (matches(*argv, "range") == 0) {
1130 NEXT_ARG();
1131 ret = get_range(&min, &max, *argv);
1132 if (ret < 0)
1133 return -1;
1134 ret = flower_parse_port_range(&min, &max,
1135 ip_proto,
1136 FLOWER_ENDPOINT_DST,
1137 n);
1138 if (ret < 0) {
1139 fprintf(stderr, "Illegal \"dst_port range\"\n");
1140 return -1;
1141 }
1142 } else {
1143 ret = flower_parse_port(*argv, ip_proto,
1144 FLOWER_ENDPOINT_DST, n);
1145 if (ret < 0) {
1146 fprintf(stderr, "Illegal \"dst_port\"\n");
1147 return -1;
1148 }
1149 }
1150 } else if (matches(*argv, "src_port") == 0) {
1151 __be16 min, max;
1152
1153 NEXT_ARG();
1154 if (matches(*argv, "range") == 0) {
1155 NEXT_ARG();
1156 ret = get_range(&min, &max, *argv);
1157 if (ret < 0)
1158 return -1;
1159 ret = flower_parse_port_range(&min, &max,
1160 ip_proto,
1161 FLOWER_ENDPOINT_SRC,
1162 n);
1163 if (ret < 0) {
1164 fprintf(stderr, "Illegal \"src_port range\"\n");
1165 return -1;
1166 }
1167 } else {
1168 ret = flower_parse_port(*argv, ip_proto,
1169 FLOWER_ENDPOINT_SRC, n);
1170 if (ret < 0) {
1171 fprintf(stderr, "Illegal \"src_port\"\n");
1172 return -1;
1173 }
1174 }
1175 } else if (matches(*argv, "tcp_flags") == 0) {
1176 NEXT_ARG();
1177 ret = flower_parse_tcp_flags(*argv,
1178 TCA_FLOWER_KEY_TCP_FLAGS,
1179 TCA_FLOWER_KEY_TCP_FLAGS_MASK,
1180 n);
1181 if (ret < 0) {
1182 fprintf(stderr, "Illegal \"tcp_flags\"\n");
1183 return -1;
1184 }
1185 } else if (matches(*argv, "type") == 0) {
1186 NEXT_ARG();
1187 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
1188 FLOWER_ICMP_FIELD_TYPE, n);
1189 if (ret < 0) {
1190 fprintf(stderr, "Illegal \"icmp type\"\n");
1191 return -1;
1192 }
1193 } else if (matches(*argv, "code") == 0) {
1194 NEXT_ARG();
1195 ret = flower_parse_icmp(*argv, eth_type, ip_proto,
1196 FLOWER_ICMP_FIELD_CODE, n);
1197 if (ret < 0) {
1198 fprintf(stderr, "Illegal \"icmp code\"\n");
1199 return -1;
1200 }
1201 } else if (matches(*argv, "arp_tip") == 0) {
1202 NEXT_ARG();
1203 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
1204 vlan_ethtype : eth_type,
1205 TCA_FLOWER_KEY_ARP_TIP,
1206 TCA_FLOWER_KEY_ARP_TIP_MASK,
1207 n);
1208 if (ret < 0) {
1209 fprintf(stderr, "Illegal \"arp_tip\"\n");
1210 return -1;
1211 }
1212 } else if (matches(*argv, "arp_sip") == 0) {
1213 NEXT_ARG();
1214 ret = flower_parse_arp_ip_addr(*argv, vlan_ethtype ?
1215 vlan_ethtype : eth_type,
1216 TCA_FLOWER_KEY_ARP_SIP,
1217 TCA_FLOWER_KEY_ARP_SIP_MASK,
1218 n);
1219 if (ret < 0) {
1220 fprintf(stderr, "Illegal \"arp_sip\"\n");
1221 return -1;
1222 }
1223 } else if (matches(*argv, "arp_op") == 0) {
1224 NEXT_ARG();
1225 ret = flower_parse_arp_op(*argv, vlan_ethtype ?
1226 vlan_ethtype : eth_type,
1227 TCA_FLOWER_KEY_ARP_OP,
1228 TCA_FLOWER_KEY_ARP_OP_MASK,
1229 n);
1230 if (ret < 0) {
1231 fprintf(stderr, "Illegal \"arp_op\"\n");
1232 return -1;
1233 }
1234 } else if (matches(*argv, "arp_tha") == 0) {
1235 NEXT_ARG();
1236 ret = flower_parse_eth_addr(*argv,
1237 TCA_FLOWER_KEY_ARP_THA,
1238 TCA_FLOWER_KEY_ARP_THA_MASK,
1239 n);
1240 if (ret < 0) {
1241 fprintf(stderr, "Illegal \"arp_tha\"\n");
1242 return -1;
1243 }
1244 } else if (matches(*argv, "arp_sha") == 0) {
1245 NEXT_ARG();
1246 ret = flower_parse_eth_addr(*argv,
1247 TCA_FLOWER_KEY_ARP_SHA,
1248 TCA_FLOWER_KEY_ARP_SHA_MASK,
1249 n);
1250 if (ret < 0) {
1251 fprintf(stderr, "Illegal \"arp_sha\"\n");
1252 return -1;
1253 }
1254 } else if (matches(*argv, "enc_dst_ip") == 0) {
1255 NEXT_ARG();
1256 ret = flower_parse_ip_addr(*argv, 0,
1257 TCA_FLOWER_KEY_ENC_IPV4_DST,
1258 TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
1259 TCA_FLOWER_KEY_ENC_IPV6_DST,
1260 TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
1261 n);
1262 if (ret < 0) {
1263 fprintf(stderr, "Illegal \"enc_dst_ip\"\n");
1264 return -1;
1265 }
1266 } else if (matches(*argv, "enc_src_ip") == 0) {
1267 NEXT_ARG();
1268 ret = flower_parse_ip_addr(*argv, 0,
1269 TCA_FLOWER_KEY_ENC_IPV4_SRC,
1270 TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
1271 TCA_FLOWER_KEY_ENC_IPV6_SRC,
1272 TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
1273 n);
1274 if (ret < 0) {
1275 fprintf(stderr, "Illegal \"enc_src_ip\"\n");
1276 return -1;
1277 }
1278 } else if (matches(*argv, "enc_key_id") == 0) {
1279 NEXT_ARG();
1280 ret = flower_parse_key_id(*argv,
1281 TCA_FLOWER_KEY_ENC_KEY_ID, n);
1282 if (ret < 0) {
1283 fprintf(stderr, "Illegal \"enc_key_id\"\n");
1284 return -1;
1285 }
1286 } else if (matches(*argv, "enc_dst_port") == 0) {
1287 NEXT_ARG();
1288 ret = flower_parse_enc_port(*argv,
1289 TCA_FLOWER_KEY_ENC_UDP_DST_PORT, n);
1290 if (ret < 0) {
1291 fprintf(stderr, "Illegal \"enc_dst_port\"\n");
1292 return -1;
1293 }
1294 } else if (matches(*argv, "enc_tos") == 0) {
1295 NEXT_ARG();
1296 ret = flower_parse_ip_tos_ttl(*argv,
1297 TCA_FLOWER_KEY_ENC_IP_TOS,
1298 TCA_FLOWER_KEY_ENC_IP_TOS_MASK,
1299 n);
1300 if (ret < 0) {
1301 fprintf(stderr, "Illegal \"enc_tos\"\n");
1302 return -1;
1303 }
1304 } else if (matches(*argv, "enc_ttl") == 0) {
1305 NEXT_ARG();
1306 ret = flower_parse_ip_tos_ttl(*argv,
1307 TCA_FLOWER_KEY_ENC_IP_TTL,
1308 TCA_FLOWER_KEY_ENC_IP_TTL_MASK,
1309 n);
1310 if (ret < 0) {
1311 fprintf(stderr, "Illegal \"enc_ttl\"\n");
1312 return -1;
1313 }
1314 } else if (matches(*argv, "geneve_opts") == 0) {
1315 NEXT_ARG();
1316 ret = flower_parse_enc_opts(*argv, n);
1317 if (ret < 0) {
1318 fprintf(stderr, "Illegal \"geneve_opts\"\n");
1319 return -1;
1320 }
1321 } else if (matches(*argv, "action") == 0) {
1322 NEXT_ARG();
1323 ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
1324 if (ret) {
1325 fprintf(stderr, "Illegal \"action\"\n");
1326 return -1;
1327 }
1328 continue;
1329 } else if (strcmp(*argv, "help") == 0) {
1330 explain();
1331 return -1;
1332 } else {
1333 fprintf(stderr, "What is \"%s\"?\n", *argv);
1334 explain();
1335 return -1;
1336 }
1337 argc--; argv++;
1338 }
1339
1340 parse_done:
1341 ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags);
1342 if (ret)
1343 return ret;
1344
1345 if (mtf_mask) {
1346 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS, htonl(mtf));
1347 if (ret)
1348 return ret;
1349
1350 ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS_MASK, htonl(mtf_mask));
1351 if (ret)
1352 return ret;
1353 }
1354
1355 if (eth_type != htons(ETH_P_ALL)) {
1356 ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, eth_type);
1357 if (ret)
1358 return ret;
1359 }
1360
1361 tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
1362
1363 return 0;
1364 }
1365
1366 static int __mask_bits(char *addr, size_t len)
1367 {
1368 int bits = 0;
1369 bool hole = false;
1370 int i;
1371 int j;
1372
1373 for (i = 0; i < len; i++, addr++) {
1374 for (j = 7; j >= 0; j--) {
1375 if (((*addr) >> j) & 0x1) {
1376 if (hole)
1377 return -1;
1378 bits++;
1379 } else if (bits) {
1380 hole = true;
1381 } else{
1382 return -1;
1383 }
1384 }
1385 }
1386 return bits;
1387 }
1388
1389 static void flower_print_eth_addr(char *name, struct rtattr *addr_attr,
1390 struct rtattr *mask_attr)
1391 {
1392 SPRINT_BUF(namefrm);
1393 SPRINT_BUF(out);
1394 SPRINT_BUF(b1);
1395 size_t done;
1396 int bits;
1397
1398 if (!addr_attr || RTA_PAYLOAD(addr_attr) != ETH_ALEN)
1399 return;
1400 done = sprintf(out, "%s",
1401 ll_addr_n2a(RTA_DATA(addr_attr), ETH_ALEN,
1402 0, b1, sizeof(b1)));
1403 if (mask_attr && RTA_PAYLOAD(mask_attr) == ETH_ALEN) {
1404 bits = __mask_bits(RTA_DATA(mask_attr), ETH_ALEN);
1405 if (bits < 0)
1406 sprintf(out + done, "/%s",
1407 ll_addr_n2a(RTA_DATA(mask_attr), ETH_ALEN,
1408 0, b1, sizeof(b1)));
1409 else if (bits < ETH_ALEN * 8)
1410 sprintf(out + done, "/%d", bits);
1411 }
1412
1413 sprintf(namefrm, "\n %s %%s", name);
1414 print_string(PRINT_ANY, name, namefrm, out);
1415 }
1416
1417 static void flower_print_eth_type(__be16 *p_eth_type,
1418 struct rtattr *eth_type_attr)
1419 {
1420 SPRINT_BUF(out);
1421 __be16 eth_type;
1422
1423 if (!eth_type_attr)
1424 return;
1425
1426 eth_type = rta_getattr_u16(eth_type_attr);
1427 if (eth_type == htons(ETH_P_IP))
1428 sprintf(out, "ipv4");
1429 else if (eth_type == htons(ETH_P_IPV6))
1430 sprintf(out, "ipv6");
1431 else if (eth_type == htons(ETH_P_ARP))
1432 sprintf(out, "arp");
1433 else if (eth_type == htons(ETH_P_RARP))
1434 sprintf(out, "rarp");
1435 else
1436 sprintf(out, "%04x", ntohs(eth_type));
1437
1438 print_string(PRINT_ANY, "eth_type", "\n eth_type %s", out);
1439 *p_eth_type = eth_type;
1440 }
1441
1442 static void flower_print_ip_proto(__u8 *p_ip_proto,
1443 struct rtattr *ip_proto_attr)
1444 {
1445 SPRINT_BUF(out);
1446 __u8 ip_proto;
1447
1448 if (!ip_proto_attr)
1449 return;
1450
1451 ip_proto = rta_getattr_u8(ip_proto_attr);
1452 if (ip_proto == IPPROTO_TCP)
1453 sprintf(out, "tcp");
1454 else if (ip_proto == IPPROTO_UDP)
1455 sprintf(out, "udp");
1456 else if (ip_proto == IPPROTO_SCTP)
1457 sprintf(out, "sctp");
1458 else if (ip_proto == IPPROTO_ICMP)
1459 sprintf(out, "icmp");
1460 else if (ip_proto == IPPROTO_ICMPV6)
1461 sprintf(out, "icmpv6");
1462 else
1463 sprintf(out, "%02x", ip_proto);
1464
1465 print_string(PRINT_ANY, "ip_proto", "\n ip_proto %s", out);
1466 *p_ip_proto = ip_proto;
1467 }
1468
1469 static void flower_print_ip_attr(const char *name, struct rtattr *key_attr,
1470 struct rtattr *mask_attr)
1471 {
1472 SPRINT_BUF(namefrm);
1473 SPRINT_BUF(out);
1474 size_t done;
1475
1476 if (!key_attr)
1477 return;
1478
1479 done = sprintf(out, "0x%x", rta_getattr_u8(key_attr));
1480 if (mask_attr)
1481 sprintf(out + done, "/%x", rta_getattr_u8(mask_attr));
1482
1483 print_string(PRINT_FP, NULL, "%s ", _SL_);
1484 sprintf(namefrm, "%s %%s", name);
1485 print_string(PRINT_ANY, name, namefrm, out);
1486 }
1487
1488 static void flower_print_matching_flags(char *name,
1489 enum flower_matching_flags type,
1490 struct rtattr *attr,
1491 struct rtattr *mask_attr)
1492 {
1493 int i;
1494 int count = 0;
1495 __u32 mtf;
1496 __u32 mtf_mask;
1497
1498 if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4)
1499 return;
1500
1501 mtf = ntohl(rta_getattr_u32(attr));
1502 mtf_mask = ntohl(rta_getattr_u32(mask_attr));
1503
1504 for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
1505 if (type != flags_str[i].type)
1506 continue;
1507 if (mtf_mask & flags_str[i].flag) {
1508 if (++count == 1) {
1509 print_string(PRINT_FP, NULL, "\n %s ", name);
1510 open_json_object(name);
1511 } else {
1512 print_string(PRINT_FP, NULL, "/", NULL);
1513 }
1514
1515 print_bool(PRINT_JSON, flags_str[i].string, NULL,
1516 mtf & flags_str[i].flag);
1517 if (mtf & flags_str[i].flag)
1518 print_string(PRINT_FP, NULL, "%s",
1519 flags_str[i].string);
1520 else
1521 print_string(PRINT_FP, NULL, "no%s",
1522 flags_str[i].string);
1523 }
1524 }
1525 if (count)
1526 close_json_object();
1527 }
1528
1529 static void flower_print_ip_addr(char *name, __be16 eth_type,
1530 struct rtattr *addr4_attr,
1531 struct rtattr *mask4_attr,
1532 struct rtattr *addr6_attr,
1533 struct rtattr *mask6_attr)
1534 {
1535 struct rtattr *addr_attr;
1536 struct rtattr *mask_attr;
1537 SPRINT_BUF(namefrm);
1538 SPRINT_BUF(out);
1539 size_t done;
1540 int family;
1541 size_t len;
1542 int bits;
1543
1544 if (eth_type == htons(ETH_P_IP)) {
1545 family = AF_INET;
1546 addr_attr = addr4_attr;
1547 mask_attr = mask4_attr;
1548 len = 4;
1549 } else if (eth_type == htons(ETH_P_IPV6)) {
1550 family = AF_INET6;
1551 addr_attr = addr6_attr;
1552 mask_attr = mask6_attr;
1553 len = 16;
1554 } else {
1555 return;
1556 }
1557 if (!addr_attr || RTA_PAYLOAD(addr_attr) != len)
1558 return;
1559 if (!mask_attr || RTA_PAYLOAD(mask_attr) != len)
1560 return;
1561 done = sprintf(out, "%s", rt_addr_n2a_rta(family, addr_attr));
1562 bits = __mask_bits(RTA_DATA(mask_attr), len);
1563 if (bits < 0)
1564 sprintf(out + done, "/%s", rt_addr_n2a_rta(family, mask_attr));
1565 else if (bits < len * 8)
1566 sprintf(out + done, "/%d", bits);
1567
1568 sprintf(namefrm, "\n %s %%s", name);
1569 print_string(PRINT_ANY, name, namefrm, out);
1570 }
1571 static void flower_print_ip4_addr(char *name, struct rtattr *addr_attr,
1572 struct rtattr *mask_attr)
1573 {
1574 return flower_print_ip_addr(name, htons(ETH_P_IP),
1575 addr_attr, mask_attr, 0, 0);
1576 }
1577
1578 static void flower_print_port(char *name, struct rtattr *attr)
1579 {
1580 SPRINT_BUF(namefrm);
1581
1582 if (!attr)
1583 return;
1584
1585 sprintf(namefrm,"\n %s %%u", name);
1586 print_hu(PRINT_ANY, name, namefrm, rta_getattr_be16(attr));
1587 }
1588
1589 static void flower_print_port_range(char *name, struct rtattr *min_attr,
1590 struct rtattr *max_attr)
1591 {
1592 SPRINT_BUF(namefrm);
1593 SPRINT_BUF(out);
1594 size_t done;
1595
1596 if (!min_attr || !max_attr)
1597 return;
1598
1599 done = sprintf(out, "%u", rta_getattr_be16(min_attr));
1600 sprintf(out + done, "-%u", rta_getattr_be16(max_attr));
1601 sprintf(namefrm, "\n %s %%s", name);
1602 print_string(PRINT_ANY, name, namefrm, out);
1603 }
1604
1605 static void flower_print_tcp_flags(const char *name, struct rtattr *flags_attr,
1606 struct rtattr *mask_attr)
1607 {
1608 SPRINT_BUF(namefrm);
1609 SPRINT_BUF(out);
1610 size_t done;
1611
1612 if (!flags_attr)
1613 return;
1614
1615 done = sprintf(out, "0x%x", rta_getattr_be16(flags_attr));
1616 if (mask_attr)
1617 sprintf(out + done, "/%x", rta_getattr_be16(mask_attr));
1618
1619 print_string(PRINT_FP, NULL, "%s ", _SL_);
1620 sprintf(namefrm, "%s %%s", name);
1621 print_string(PRINT_ANY, name, namefrm, out);
1622 }
1623
1624
1625 static void flower_print_key_id(const char *name, struct rtattr *attr)
1626 {
1627 SPRINT_BUF(namefrm);
1628
1629 if (!attr)
1630 return;
1631
1632 sprintf(namefrm,"\n %s %%u", name);
1633 print_uint(PRINT_ANY, name, namefrm, rta_getattr_be32(attr));
1634 }
1635
1636 static void flower_print_geneve_opts(const char *name, struct rtattr *attr,
1637 char *strbuf)
1638 {
1639 struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
1640 int ii, data_len, offset = 0, slen = 0;
1641 struct rtattr *i = RTA_DATA(attr);
1642 int rem = RTA_PAYLOAD(attr);
1643 __u8 type, data_r[rem];
1644 char data[rem * 2 + 1];
1645 __u16 class;
1646
1647 open_json_array(PRINT_JSON, name);
1648 while (rem) {
1649 parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX, i, rem);
1650 class = rta_getattr_be16(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]);
1651 type = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]);
1652 data_len = RTA_PAYLOAD(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]);
1653 hexstring_n2a(RTA_DATA(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]),
1654 data_len, data, sizeof(data));
1655 hex2mem(data, data_r, data_len);
1656 offset += data_len + 20;
1657 rem -= data_len + 20;
1658 i = RTA_DATA(attr) + offset;
1659
1660 open_json_object(NULL);
1661 print_uint(PRINT_JSON, "class", NULL, class);
1662 print_uint(PRINT_JSON, "type", NULL, type);
1663 open_json_array(PRINT_JSON, "data");
1664 for (ii = 0; ii < data_len; ii++)
1665 print_uint(PRINT_JSON, NULL, NULL, data_r[ii]);
1666 close_json_array(PRINT_JSON, "data");
1667 close_json_object();
1668
1669 slen += sprintf(strbuf + slen, "%04x:%02x:%s",
1670 class, type, data);
1671 if (rem)
1672 slen += sprintf(strbuf + slen, ",");
1673 }
1674 close_json_array(PRINT_JSON, name);
1675 }
1676
1677 static void flower_print_geneve_parts(const char *name, struct rtattr *attr,
1678 char *key, char *mask)
1679 {
1680 char *namefrm = "\n geneve_opt %s";
1681 char *key_token, *mask_token, *out;
1682 int len;
1683
1684 out = malloc(RTA_PAYLOAD(attr) * 4 + 3);
1685 if (!out)
1686 return;
1687
1688 len = 0;
1689 key_token = strsep(&key, ",");
1690 mask_token = strsep(&mask, ",");
1691 while (key_token) {
1692 len += sprintf(&out[len], "%s/%s,", key_token, mask_token);
1693 mask_token = strsep(&mask, ",");
1694 key_token = strsep(&key, ",");
1695 }
1696
1697 out[len - 1] = '\0';
1698 print_string(PRINT_FP, name, namefrm, out);
1699 free(out);
1700 }
1701
1702 static void flower_print_enc_opts(const char *name, struct rtattr *attr,
1703 struct rtattr *mask_attr)
1704 {
1705 struct rtattr *key_tb[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1];
1706 struct rtattr *msk_tb[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1];
1707 char *key, *msk;
1708
1709 if (!attr)
1710 return;
1711
1712 key = malloc(RTA_PAYLOAD(attr) * 2 + 1);
1713 if (!key)
1714 return;
1715
1716 msk = malloc(RTA_PAYLOAD(attr) * 2 + 1);
1717 if (!msk)
1718 goto err_key_free;
1719
1720 parse_rtattr_nested(key_tb, TCA_FLOWER_KEY_ENC_OPTS_MAX, attr);
1721 flower_print_geneve_opts("geneve_opt_key",
1722 key_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE], key);
1723
1724 parse_rtattr_nested(msk_tb, TCA_FLOWER_KEY_ENC_OPTS_MAX, mask_attr);
1725 flower_print_geneve_opts("geneve_opt_mask",
1726 msk_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE], msk);
1727
1728 flower_print_geneve_parts(name, attr, key, msk);
1729
1730 free(msk);
1731 err_key_free:
1732 free(key);
1733 }
1734
1735 static void flower_print_masked_u8(const char *name, struct rtattr *attr,
1736 struct rtattr *mask_attr,
1737 const char *(*value_to_str)(__u8 value))
1738 {
1739 const char *value_str = NULL;
1740 __u8 value, mask;
1741 SPRINT_BUF(namefrm);
1742 SPRINT_BUF(out);
1743 size_t done;
1744
1745 if (!attr)
1746 return;
1747
1748 value = rta_getattr_u8(attr);
1749 mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX;
1750 if (mask == UINT8_MAX && value_to_str)
1751 value_str = value_to_str(value);
1752
1753 if (value_str)
1754 done = sprintf(out, "%s", value_str);
1755 else
1756 done = sprintf(out, "%d", value);
1757
1758 if (mask != UINT8_MAX)
1759 sprintf(out + done, "/%d", mask);
1760
1761 sprintf(namefrm,"\n %s %%s", name);
1762 print_string(PRINT_ANY, name, namefrm, out);
1763 }
1764
1765 static void flower_print_u8(const char *name, struct rtattr *attr)
1766 {
1767 flower_print_masked_u8(name, attr, NULL, NULL);
1768 }
1769
1770 static void flower_print_u32(const char *name, struct rtattr *attr)
1771 {
1772 SPRINT_BUF(namefrm);
1773
1774 if (!attr)
1775 return;
1776
1777 sprintf(namefrm,"\n %s %%u", name);
1778 print_uint(PRINT_ANY, name, namefrm, rta_getattr_u32(attr));
1779 }
1780
1781 static void flower_print_arp_op(const char *name,
1782 struct rtattr *op_attr,
1783 struct rtattr *mask_attr)
1784 {
1785 flower_print_masked_u8(name, op_attr, mask_attr,
1786 flower_print_arp_op_to_name);
1787 }
1788
1789 static int flower_print_opt(struct filter_util *qu, FILE *f,
1790 struct rtattr *opt, __u32 handle)
1791 {
1792 struct rtattr *tb[TCA_FLOWER_MAX + 1];
1793 __be16 min_port_type, max_port_type;
1794 int nl_type, nl_mask_type;
1795 __be16 eth_type = 0;
1796 __u8 ip_proto = 0xff;
1797
1798 if (!opt)
1799 return 0;
1800
1801 parse_rtattr_nested(tb, TCA_FLOWER_MAX, opt);
1802
1803 if (handle)
1804 print_uint(PRINT_ANY, "handle", "handle 0x%x ", handle);
1805
1806 if (tb[TCA_FLOWER_CLASSID]) {
1807 __u32 h = rta_getattr_u32(tb[TCA_FLOWER_CLASSID]);
1808
1809 if (TC_H_MIN(h) < TC_H_MIN_PRIORITY ||
1810 TC_H_MIN(h) > (TC_H_MIN_PRIORITY + TC_QOPT_MAX_QUEUE - 1)) {
1811 SPRINT_BUF(b1);
1812 print_string(PRINT_ANY, "classid", "classid %s ",
1813 sprint_tc_classid(h, b1));
1814 } else {
1815 print_uint(PRINT_ANY, "hw_tc", "hw_tc %u ",
1816 TC_H_MIN(h) - TC_H_MIN_PRIORITY);
1817 }
1818 }
1819
1820 if (tb[TCA_FLOWER_INDEV]) {
1821 struct rtattr *attr = tb[TCA_FLOWER_INDEV];
1822
1823 print_string(PRINT_ANY, "indev", "\n indev %s",
1824 rta_getattr_str(attr));
1825 }
1826
1827 open_json_object("keys");
1828
1829 if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
1830 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ID];
1831
1832 print_uint(PRINT_ANY, "vlan_id", "\n vlan_id %u",
1833 rta_getattr_u16(attr));
1834 }
1835
1836 if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
1837 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_PRIO];
1838
1839 print_uint(PRINT_ANY, "vlan_prio", "\n vlan_prio %d",
1840 rta_getattr_u8(attr));
1841 }
1842
1843 if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
1844 SPRINT_BUF(buf);
1845 struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE];
1846
1847 print_string(PRINT_ANY, "vlan_ethtype", "\n vlan_ethtype %s",
1848 ll_proto_n2a(rta_getattr_u16(attr),
1849 buf, sizeof(buf)));
1850 }
1851
1852 if (tb[TCA_FLOWER_KEY_CVLAN_ID]) {
1853 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_ID];
1854
1855 print_uint(PRINT_ANY, "cvlan_id", "\n cvlan_id %u",
1856 rta_getattr_u16(attr));
1857 }
1858
1859 if (tb[TCA_FLOWER_KEY_CVLAN_PRIO]) {
1860 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_PRIO];
1861
1862 print_uint(PRINT_ANY, "cvlan_prio", "\n cvlan_prio %d",
1863 rta_getattr_u8(attr));
1864 }
1865
1866 if (tb[TCA_FLOWER_KEY_CVLAN_ETH_TYPE]) {
1867 SPRINT_BUF(buf);
1868 struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_ETH_TYPE];
1869
1870 print_string(PRINT_ANY, "cvlan_ethtype", "\n cvlan_ethtype %s",
1871 ll_proto_n2a(rta_getattr_u16(attr),
1872 buf, sizeof(buf)));
1873 }
1874
1875 flower_print_eth_addr("dst_mac", tb[TCA_FLOWER_KEY_ETH_DST],
1876 tb[TCA_FLOWER_KEY_ETH_DST_MASK]);
1877 flower_print_eth_addr("src_mac", tb[TCA_FLOWER_KEY_ETH_SRC],
1878 tb[TCA_FLOWER_KEY_ETH_SRC_MASK]);
1879
1880 flower_print_eth_type(&eth_type, tb[TCA_FLOWER_KEY_ETH_TYPE]);
1881 flower_print_ip_proto(&ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]);
1882
1883 flower_print_ip_attr("ip_tos", tb[TCA_FLOWER_KEY_IP_TOS],
1884 tb[TCA_FLOWER_KEY_IP_TOS_MASK]);
1885 flower_print_ip_attr("ip_ttl", tb[TCA_FLOWER_KEY_IP_TTL],
1886 tb[TCA_FLOWER_KEY_IP_TTL_MASK]);
1887
1888 flower_print_u32("mpls_label", tb[TCA_FLOWER_KEY_MPLS_LABEL]);
1889 flower_print_u8("mpls_tc", tb[TCA_FLOWER_KEY_MPLS_TC]);
1890 flower_print_u8("mpls_bos", tb[TCA_FLOWER_KEY_MPLS_BOS]);
1891 flower_print_u8("mpls_ttl", tb[TCA_FLOWER_KEY_MPLS_TTL]);
1892
1893 flower_print_ip_addr("dst_ip", eth_type,
1894 tb[TCA_FLOWER_KEY_IPV4_DST],
1895 tb[TCA_FLOWER_KEY_IPV4_DST_MASK],
1896 tb[TCA_FLOWER_KEY_IPV6_DST],
1897 tb[TCA_FLOWER_KEY_IPV6_DST_MASK]);
1898
1899 flower_print_ip_addr("src_ip", eth_type,
1900 tb[TCA_FLOWER_KEY_IPV4_SRC],
1901 tb[TCA_FLOWER_KEY_IPV4_SRC_MASK],
1902 tb[TCA_FLOWER_KEY_IPV6_SRC],
1903 tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]);
1904
1905 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST);
1906 if (nl_type >= 0)
1907 flower_print_port("dst_port", tb[nl_type]);
1908 nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC);
1909 if (nl_type >= 0)
1910 flower_print_port("src_port", tb[nl_type]);
1911
1912 if (!flower_port_range_attr_type(ip_proto, FLOWER_ENDPOINT_DST,
1913 &min_port_type, &max_port_type))
1914 flower_print_port_range("dst_port range",
1915 tb[min_port_type], tb[max_port_type]);
1916
1917 if (!flower_port_range_attr_type(ip_proto, FLOWER_ENDPOINT_SRC,
1918 &min_port_type, &max_port_type))
1919 flower_print_port_range("src_port range",
1920 tb[min_port_type], tb[max_port_type]);
1921
1922 flower_print_tcp_flags("tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
1923 tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
1924
1925 nl_type = flower_icmp_attr_type(eth_type, ip_proto,
1926 FLOWER_ICMP_FIELD_TYPE);
1927 nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
1928 FLOWER_ICMP_FIELD_TYPE);
1929 if (nl_type >= 0 && nl_mask_type >= 0)
1930 flower_print_masked_u8("icmp_type", tb[nl_type],
1931 tb[nl_mask_type], NULL);
1932
1933 nl_type = flower_icmp_attr_type(eth_type, ip_proto,
1934 FLOWER_ICMP_FIELD_CODE);
1935 nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
1936 FLOWER_ICMP_FIELD_CODE);
1937 if (nl_type >= 0 && nl_mask_type >= 0)
1938 flower_print_masked_u8("icmp_code", tb[nl_type],
1939 tb[nl_mask_type], NULL);
1940
1941 flower_print_ip4_addr("arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP],
1942 tb[TCA_FLOWER_KEY_ARP_SIP_MASK]);
1943 flower_print_ip4_addr("arp_tip", tb[TCA_FLOWER_KEY_ARP_TIP],
1944 tb[TCA_FLOWER_KEY_ARP_TIP_MASK]);
1945 flower_print_arp_op("arp_op", tb[TCA_FLOWER_KEY_ARP_OP],
1946 tb[TCA_FLOWER_KEY_ARP_OP_MASK]);
1947 flower_print_eth_addr("arp_sha", tb[TCA_FLOWER_KEY_ARP_SHA],
1948 tb[TCA_FLOWER_KEY_ARP_SHA_MASK]);
1949 flower_print_eth_addr("arp_tha", tb[TCA_FLOWER_KEY_ARP_THA],
1950 tb[TCA_FLOWER_KEY_ARP_THA_MASK]);
1951
1952 flower_print_ip_addr("enc_dst_ip",
1953 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ?
1954 htons(ETH_P_IP) : htons(ETH_P_IPV6),
1955 tb[TCA_FLOWER_KEY_ENC_IPV4_DST],
1956 tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK],
1957 tb[TCA_FLOWER_KEY_ENC_IPV6_DST],
1958 tb[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]);
1959
1960 flower_print_ip_addr("enc_src_ip",
1961 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] ?
1962 htons(ETH_P_IP) : htons(ETH_P_IPV6),
1963 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC],
1964 tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK],
1965 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC],
1966 tb[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]);
1967
1968 flower_print_key_id("enc_key_id", tb[TCA_FLOWER_KEY_ENC_KEY_ID]);
1969
1970 flower_print_port("enc_dst_port", tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT]);
1971
1972 flower_print_ip_attr("enc_tos", tb[TCA_FLOWER_KEY_ENC_IP_TOS],
1973 tb[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
1974 flower_print_ip_attr("enc_ttl", tb[TCA_FLOWER_KEY_ENC_IP_TTL],
1975 tb[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
1976 flower_print_enc_opts("enc_opt", tb[TCA_FLOWER_KEY_ENC_OPTS],
1977 tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
1978
1979 flower_print_matching_flags("ip_flags", FLOWER_IP_FLAGS,
1980 tb[TCA_FLOWER_KEY_FLAGS],
1981 tb[TCA_FLOWER_KEY_FLAGS_MASK]);
1982
1983 close_json_object();
1984
1985 if (tb[TCA_FLOWER_FLAGS]) {
1986 __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]);
1987
1988 if (flags & TCA_CLS_FLAGS_SKIP_HW)
1989 print_bool(PRINT_ANY, "skip_hw", "\n skip_hw", true);
1990 if (flags & TCA_CLS_FLAGS_SKIP_SW)
1991 print_bool(PRINT_ANY, "skip_sw", "\n skip_sw", true);
1992
1993 if (flags & TCA_CLS_FLAGS_IN_HW) {
1994 print_bool(PRINT_ANY, "in_hw", "\n in_hw", true);
1995
1996 if (tb[TCA_FLOWER_IN_HW_COUNT]) {
1997 __u32 count = rta_getattr_u32(tb[TCA_FLOWER_IN_HW_COUNT]);
1998
1999 print_uint(PRINT_ANY, "in_hw_count",
2000 " in_hw_count %u", count);
2001 }
2002 }
2003 else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
2004 print_bool(PRINT_ANY, "not_in_hw", "\n not_in_hw", true);
2005 }
2006
2007 if (tb[TCA_FLOWER_ACT])
2008 tc_print_action(f, tb[TCA_FLOWER_ACT], 0);
2009
2010 return 0;
2011 }
2012
2013 struct filter_util flower_filter_util = {
2014 .id = "flower",
2015 .parse_fopt = flower_parse_opt,
2016 .print_fopt = flower_print_opt,
2017 };
Upstream mirror of iproute2