2 * m_pedit.c generic packet editor actions module
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: J Hadi Salim (hadi@cyberus.ca)
12 * 1) Big endian broken in some spots
13 * 2) A lot of this stuff was added on the fly; get a big double-double
14 * and clean it up at some point.
22 #include <sys/socket.h>
23 #include <netinet/in.h>
24 #include <arpa/inet.h>
27 #include <bsd/string.h>
35 static struct m_pedit_util
*pedit_list
;
36 static int pedit_debug
;
38 static void explain(void)
40 fprintf(stderr
, "Usage: ... pedit munge [ex] <MUNGE> [CONTROL]\n");
42 "Where: MUNGE := <RAW>|<LAYERED>\n"
43 "\t<RAW>:= <OFFSETC>[ATC]<CMD>\n \t\tOFFSETC:= offset <offval> <u8|u16|u32>\n"
44 "\t\tATC:= at <atval> offmask <maskval> shift <shiftval>\n"
45 "\t\tNOTE: offval is byte offset, must be multiple of 4\n"
46 "\t\tNOTE: maskval is a 32 bit hex number\n \t\tNOTE: shiftval is a shift value\n"
47 "\t\tCMD:= clear | invert | set <setval>| add <addval> | retain\n"
48 "\t<LAYERED>:= ip <ipdata> | ip6 <ip6data>\n"
49 " \t\t| udp <udpdata> | tcp <tcpdata> | icmp <icmpdata>\n"
50 "\tCONTROL:= reclassify | pipe | drop | continue | pass |\n"
51 "\t goto chain <CHAIN_INDEX>\n"
52 "\tNOTE: if 'ex' is set, extended functionality will be supported (kernel >= 4.11)\n"
53 "For Example usage look at the examples directory\n");
57 static void usage(void)
63 static int pedit_parse_nopopt(int *argc_p
, char ***argv_p
,
64 struct m_pedit_sel
*sel
,
65 struct m_pedit_key
*tkey
)
68 char **argv
= *argv_p
;
72 "Unknown action hence option \"%s\" is unparsable\n",
81 static struct m_pedit_util
*get_pedit_kind(const char *str
)
86 struct m_pedit_util
*p
;
88 for (p
= pedit_list
; p
; p
= p
->next
) {
89 if (strcmp(p
->id
, str
) == 0)
93 snprintf(buf
, sizeof(buf
), "p_%s.so", str
);
94 dlh
= dlopen(buf
, RTLD_LAZY
);
98 dlh
= pBODY
= dlopen(NULL
, RTLD_LAZY
);
104 snprintf(buf
, sizeof(buf
), "p_pedit_%s", str
);
110 p
->next
= pedit_list
;
115 p
= calloc(1, sizeof(*p
));
117 strlcpy(p
->id
, str
, sizeof(p
->id
));
118 p
->parse_peopt
= pedit_parse_nopopt
;
124 int pack_key(struct m_pedit_sel
*_sel
, struct m_pedit_key
*tkey
)
126 struct tc_pedit_sel
*sel
= &_sel
->sel
;
127 struct m_pedit_key_ex
*keys_ex
= _sel
->keys_ex
;
128 int hwm
= sel
->nkeys
;
134 fprintf(stderr
, "offsets MUST be in 32 bit boundaries\n");
138 sel
->keys
[hwm
].val
= tkey
->val
;
139 sel
->keys
[hwm
].mask
= tkey
->mask
;
140 sel
->keys
[hwm
].off
= tkey
->off
;
141 sel
->keys
[hwm
].at
= tkey
->at
;
142 sel
->keys
[hwm
].offmask
= tkey
->offmask
;
143 sel
->keys
[hwm
].shift
= tkey
->shift
;
145 if (_sel
->extended
) {
146 keys_ex
[hwm
].htype
= tkey
->htype
;
147 keys_ex
[hwm
].cmd
= tkey
->cmd
;
149 if (tkey
->htype
!= TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
||
150 tkey
->cmd
!= TCA_PEDIT_KEY_EX_CMD_SET
) {
152 "Munge parameters not supported. Use 'pedit ex munge ...'.\n");
161 int pack_key32(__u32 retain
, struct m_pedit_sel
*sel
,
162 struct m_pedit_key
*tkey
)
164 if (tkey
->off
> (tkey
->off
& ~3)) {
166 "pack_key32: 32 bit offsets must begin in 32bit boundaries\n");
170 tkey
->val
= htonl(tkey
->val
& retain
);
171 tkey
->mask
= htonl(tkey
->mask
| ~retain
);
172 return pack_key(sel
, tkey
);
175 int pack_key16(__u32 retain
, struct m_pedit_sel
*sel
,
176 struct m_pedit_key
*tkey
)
179 __u32 m
[4] = { 0x0000FFFF, 0xFF0000FF, 0xFFFF0000 };
181 if (tkey
->val
> 0xFFFF || tkey
->mask
> 0xFFFF) {
182 fprintf(stderr
, "pack_key16 bad value\n");
189 fprintf(stderr
, "pack_key16 bad index value %d\n", ind
);
193 stride
= 8 * (2 - ind
);
194 tkey
->val
= htonl((tkey
->val
& retain
) << stride
);
195 tkey
->mask
= htonl(((tkey
->mask
| ~retain
) << stride
) | m
[ind
]);
200 printf("pack_key16: Final val %08x mask %08x\n",
201 tkey
->val
, tkey
->mask
);
202 return pack_key(sel
, tkey
);
206 int pack_key8(__u32 retain
, struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
)
209 __u32 m
[4] = { 0x00FFFFFF, 0xFF00FFFF, 0xFFFF00FF, 0xFFFFFF00 };
211 if (tkey
->val
> 0xFF || tkey
->mask
> 0xFF) {
212 fprintf(stderr
, "pack_key8 bad value (val %x mask %x\n",
213 tkey
->val
, tkey
->mask
);
219 stride
= 8 * (3 - ind
);
220 tkey
->val
= htonl((tkey
->val
& retain
) << stride
);
221 tkey
->mask
= htonl(((tkey
->mask
| ~retain
) << stride
) | m
[ind
]);
226 printf("pack_key8: Final word off %d val %08x mask %08x\n",
227 tkey
->off
, tkey
->val
, tkey
->mask
);
228 return pack_key(sel
, tkey
);
231 static int pack_mac(struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
,
236 if (!(tkey
->off
& 0x3)) {
238 tkey
->val
= ntohl(*((__u32
*)mac
));
239 ret
|= pack_key32(~0, sel
, tkey
);
243 tkey
->val
= ntohs(*((__u16
*)&mac
[4]));
244 ret
|= pack_key16(~0, sel
, tkey
);
245 } else if (!(tkey
->off
& 0x1)) {
247 tkey
->val
= ntohs(*((__u16
*)mac
));
248 ret
|= pack_key16(~0, sel
, tkey
);
252 tkey
->val
= ntohl(*((__u32
*)(mac
+ 2)));
253 ret
|= pack_key32(~0, sel
, tkey
);
256 "pack_mac: mac offsets must begin in 32bit or 16bit boundaries\n");
263 static int pack_ipv6(struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
,
269 if (tkey
->off
& 0x3) {
271 "pack_ipv6: IPv6 offsets must begin in 32bit boundaries\n");
275 for (i
= 0; i
< 4; i
++) {
277 tkey
->val
= ntohl(ipv6
[i
]);
279 ret
= pack_key32(~0, sel
, tkey
);
289 int parse_val(int *argc_p
, char ***argv_p
, __u32
*val
, int type
)
292 char **argv
= *argv_p
;
298 return get_integer((int *)val
, *argv
, 0);
301 return get_u32(val
, *argv
, 0);
306 if (get_prefix_1(&addr
, *argv
, AF_INET
))
316 if (get_prefix_1(&addr
, *argv
, AF_INET6
))
319 memcpy(val
, addr
.data
, addr
.bytelen
);
326 int ret
= ll_addr_a2n((char *)val
, MAC_ALEN
, *argv
);
335 int parse_cmd(int *argc_p
, char ***argv_p
, __u32 len
, int type
, __u32 retain
,
336 struct m_pedit_sel
*sel
, struct m_pedit_key
*tkey
)
338 __u32 mask
[4] = { 0 };
339 __u32 val
[4] = { 0 };
345 char **argv
= *argv_p
;
351 printf("parse_cmd argc %d %s offset %d length %d\n",
352 argc
, *argv
, tkey
->off
, len
);
359 if (matches(*argv
, "invert") == 0) {
361 } else if (matches(*argv
, "set") == 0 ||
362 matches(*argv
, "add") == 0) {
363 if (matches(*argv
, "add") == 0)
364 tkey
->cmd
= TCA_PEDIT_KEY_EX_CMD_ADD
;
366 if (!sel
->extended
&& tkey
->cmd
) {
368 "Non extended mode. only 'set' command is supported\n");
373 if (parse_val(&argc
, &argv
, val
, type
))
375 } else if (matches(*argv
, "preserve") == 0) {
378 if (matches(*argv
, "clear") != 0)
385 if (argc
&& matches(*argv
, "retain") == 0) {
387 if (parse_val(&argc
, &argv
, &retain
, TU32
))
393 if (len
> 4 && retain
!= ~0) {
395 "retain is not supported for fields longer the 32 bits\n");
400 res
= pack_mac(sel
, tkey
, (__u8
*)val
);
405 res
= pack_ipv6(sel
, tkey
, val
);
413 tkey
->val
= ntohl(tkey
->val
);
416 res
= pack_key8(retain
, sel
, tkey
);
420 res
= pack_key16(retain
, sel
, tkey
);
424 res
= pack_key32(retain
, sel
, tkey
);
431 printf("parse_cmd done argc %d %s offset %d length %d\n",
432 argc
, *argv
, tkey
->off
, len
);
439 int parse_offset(int *argc_p
, char ***argv_p
, struct m_pedit_sel
*sel
,
440 struct m_pedit_key
*tkey
)
445 char **argv
= *argv_p
;
451 if (get_integer(&off
, *argv
, 0))
461 if (matches(*argv
, "u32") == 0) {
466 if (matches(*argv
, "u16") == 0) {
471 if (matches(*argv
, "u8") == 0) {
483 /* [at <someval> offmask <maskval> shift <shiftval>] */
484 if (matches(*argv
, "at") == 0) {
486 __u32 atv
= 0, offmask
= 0x0, shift
= 0;
489 if (get_u32(&atv
, *argv
, 0))
495 if (get_u32(&offmask
, *argv
, 16))
497 tkey
->offmask
= offmask
;
501 if (get_u32(&shift
, *argv
, 0))
508 res
= parse_cmd(&argc
, &argv
, len
, TU32
, retain
, sel
, tkey
);
515 static int parse_munge(int *argc_p
, char ***argv_p
, struct m_pedit_sel
*sel
)
517 struct m_pedit_key tkey
= {};
519 char **argv
= *argv_p
;
525 if (matches(*argv
, "offset") == 0) {
527 res
= parse_offset(&argc
, &argv
, sel
, &tkey
);
530 char k
[FILTER_NAMESZ
];
531 struct m_pedit_util
*p
= NULL
;
533 strncpy(k
, *argv
, sizeof(k
) - 1);
536 p
= get_pedit_kind(k
);
540 res
= p
->parse_peopt(&argc
, &argv
, sel
, &tkey
);
542 fprintf(stderr
, "bad pedit parsing\n");
559 static int pedit_keys_ex_getattr(struct rtattr
*attr
,
560 struct m_pedit_key_ex
*keys_ex
, int n
)
563 int rem
= RTA_PAYLOAD(attr
);
564 struct rtattr
*tb
[TCA_PEDIT_KEY_EX_MAX
+ 1];
565 struct m_pedit_key_ex
*k
= keys_ex
;
567 for (i
= RTA_DATA(attr
); RTA_OK(i
, rem
); i
= RTA_NEXT(i
, rem
)) {
571 if (i
->rta_type
!= TCA_PEDIT_KEY_EX
)
574 parse_rtattr_nested(tb
, TCA_PEDIT_KEY_EX_MAX
, i
);
576 k
->htype
= rta_getattr_u16(tb
[TCA_PEDIT_KEY_EX_HTYPE
]);
577 k
->cmd
= rta_getattr_u16(tb
[TCA_PEDIT_KEY_EX_CMD
]);
586 static int pedit_keys_ex_addattr(struct m_pedit_sel
*sel
, struct nlmsghdr
*n
)
588 struct m_pedit_key_ex
*k
= sel
->keys_ex
;
589 struct rtattr
*keys_start
;
595 keys_start
= addattr_nest(n
, MAX_MSG
, TCA_PEDIT_KEYS_EX
| NLA_F_NESTED
);
597 for (i
= 0; i
< sel
->sel
.nkeys
; i
++) {
598 struct rtattr
*key_start
;
600 key_start
= addattr_nest(n
, MAX_MSG
,
601 TCA_PEDIT_KEY_EX
| NLA_F_NESTED
);
603 if (addattr16(n
, MAX_MSG
, TCA_PEDIT_KEY_EX_HTYPE
, k
->htype
) ||
604 addattr16(n
, MAX_MSG
, TCA_PEDIT_KEY_EX_CMD
, k
->cmd
)) {
608 addattr_nest_end(n
, key_start
);
613 addattr_nest_end(n
, keys_start
);
618 int parse_pedit(struct action_util
*a
, int *argc_p
, char ***argv_p
, int tca_id
,
621 struct m_pedit_sel sel
= {};
624 char **argv
= *argv_p
;
630 fprintf(stderr
, "while pedit (%d:%s)\n", argc
, *argv
);
631 if (matches(*argv
, "pedit") == 0) {
635 if (matches(*argv
, "ex") == 0) {
638 "'ex' must be before first 'munge'\n");
647 } else if (matches(*argv
, "help") == 0) {
649 } else if (matches(*argv
, "munge") == 0) {
651 fprintf(stderr
, "Bad pedit construct (%s)\n",
658 if (parse_munge(&argc
, &argv
, &sel
)) {
659 fprintf(stderr
, "Bad pedit construct (%s)\n",
676 parse_action_control_dflt(&argc
, &argv
, &sel
.sel
.action
, false, TC_ACT_OK
);
679 if (matches(*argv
, "index") == 0) {
681 if (get_u32(&sel
.sel
.index
, *argv
, 10)) {
682 fprintf(stderr
, "Pedit: Illegal \"index\"\n");
691 tail
= addattr_nest(n
, MAX_MSG
, tca_id
);
693 addattr_l(n
, MAX_MSG
, TCA_PEDIT_PARMS
, &sel
,
695 sel
.sel
.nkeys
* sizeof(struct tc_pedit_key
));
697 addattr_l(n
, MAX_MSG
, TCA_PEDIT_PARMS_EX
, &sel
,
699 sel
.sel
.nkeys
* sizeof(struct tc_pedit_key
));
701 pedit_keys_ex_addattr(&sel
, n
);
704 addattr_nest_end(n
, tail
);
711 const char *pedit_htype_str
[] = {
712 [TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
] = "",
713 [TCA_PEDIT_KEY_EX_HDR_TYPE_ETH
] = "eth",
714 [TCA_PEDIT_KEY_EX_HDR_TYPE_IP4
] = "ipv4",
715 [TCA_PEDIT_KEY_EX_HDR_TYPE_IP6
] = "ipv6",
716 [TCA_PEDIT_KEY_EX_HDR_TYPE_TCP
] = "tcp",
717 [TCA_PEDIT_KEY_EX_HDR_TYPE_UDP
] = "udp",
720 static void print_pedit_location(FILE *f
,
721 enum pedit_header_type htype
, __u32 off
)
723 if (htype
== TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
) {
724 fprintf(f
, "%d", (unsigned int)off
);
728 if (htype
< ARRAY_SIZE(pedit_htype_str
))
729 fprintf(f
, "%s", pedit_htype_str
[htype
]);
731 fprintf(f
, "unknown(%d)", htype
);
733 fprintf(f
, "%c%d", (int)off
>= 0 ? '+' : '-', abs((int)off
));
736 int print_pedit(struct action_util
*au
, FILE *f
, struct rtattr
*arg
)
738 struct tc_pedit_sel
*sel
;
739 struct rtattr
*tb
[TCA_PEDIT_MAX
+ 1];
740 struct m_pedit_key_ex
*keys_ex
= NULL
;
745 parse_rtattr_nested(tb
, TCA_PEDIT_MAX
, arg
);
747 if (!tb
[TCA_PEDIT_PARMS
] && !tb
[TCA_PEDIT_PARMS_EX
]) {
748 fprintf(f
, "[NULL pedit parameters]");
752 if (tb
[TCA_PEDIT_PARMS
]) {
753 sel
= RTA_DATA(tb
[TCA_PEDIT_PARMS
]);
757 sel
= RTA_DATA(tb
[TCA_PEDIT_PARMS_EX
]);
759 if (!tb
[TCA_PEDIT_KEYS_EX
]) {
760 fprintf(f
, "Netlink error\n");
764 keys_ex
= calloc(sel
->nkeys
, sizeof(*keys_ex
));
766 fprintf(f
, "Out of memory\n");
770 err
= pedit_keys_ex_getattr(tb
[TCA_PEDIT_KEYS_EX
], keys_ex
,
773 fprintf(f
, "Netlink error\n");
780 fprintf(f
, " pedit ");
781 print_action_control(f
, "action ", sel
->action
, " ");
782 fprintf(f
,"keys %d\n ", sel
->nkeys
);
783 fprintf(f
, "\t index %u ref %d bind %d", sel
->index
, sel
->refcnt
,
787 if (tb
[TCA_PEDIT_TM
]) {
788 struct tcf_t
*tm
= RTA_DATA(tb
[TCA_PEDIT_TM
]);
795 struct tc_pedit_key
*key
= sel
->keys
;
796 struct m_pedit_key_ex
*key_ex
= keys_ex
;
798 for (i
= 0; i
< sel
->nkeys
; i
++, key
++) {
799 enum pedit_header_type htype
=
800 TCA_PEDIT_KEY_EX_HDR_TYPE_NETWORK
;
801 enum pedit_cmd cmd
= TCA_PEDIT_KEY_EX_CMD_SET
;
804 htype
= key_ex
->htype
;
810 fprintf(f
, "\n\t key #%d", i
);
814 print_pedit_location(f
, htype
, key
->off
);
816 fprintf(f
, ": %s %08x mask %08x",
818 (unsigned int)ntohl(key
->val
),
819 (unsigned int)ntohl(key
->mask
));
822 fprintf(f
, "\npedit %x keys %d is not LEGIT", sel
->index
,
832 int pedit_print_xstats(struct action_util
*au
, FILE *f
, struct rtattr
*xstats
)
837 struct action_util pedit_action_util
= {
839 .parse_aopt
= parse_pedit
,
840 .print_aopt
= print_pedit
,