iproute2/tc/f_u32.c
<<
>>
Prefs
   1/*
   2 * q_u32.c              U32 filter.
   3 *
   4 *              This program is free software; you can u32istribute it and/or
   5 *              modify it under the terms of the GNU General Public License
   6 *              as published by the Free Software Foundation; either version
   7 *              2 of the License, or (at your option) any later version.
   8 *
   9 * Authors:     Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
  10 *              Match mark added by Catalin(ux aka Dino) BOIE <catab at umbrella.ro> [5 nov 2004]
  11 *
  12 */
  13
  14#include <stdio.h>
  15#include <stdlib.h>
  16#include <unistd.h>
  17#include <fcntl.h>
  18#include <sys/socket.h>
  19#include <netinet/in.h>
  20#include <arpa/inet.h>
  21#include <string.h>
  22#include <linux/if.h>
  23#include <linux/if_ether.h>
  24
  25#include "utils.h"
  26#include "tc_util.h"
  27
  28static void explain(void)
  29{
  30        fprintf(stderr,
  31                "Usage: ... u32 [ match SELECTOR ... ] [ link HTID ] [ classid CLASSID ]\n"
  32                "               [ action ACTION_SPEC ] [ offset OFFSET_SPEC ]\n"
  33                "               [ ht HTID ] [ hashkey HASHKEY_SPEC ]\n"
  34                "               [ sample SAMPLE ] [skip_hw | skip_sw]\n"
  35                "or         u32 divisor DIVISOR\n"
  36                "\n"
  37                "Where: SELECTOR := SAMPLE SAMPLE ...\n"
  38                "       SAMPLE := { ip | ip6 | udp | tcp | icmp | u{32|16|8} | mark }\n"
  39                "                 SAMPLE_ARGS [ divisor DIVISOR ]\n"
  40                "       FILTERID := X:Y:Z\n"
  41                "\nNOTE: CLASSID is parsed at hexadecimal input.\n");
  42}
  43
  44static int get_u32_handle(__u32 *handle, const char *str)
  45{
  46        __u32 htid = 0, hash = 0, nodeid = 0;
  47        char *tmp = strchr(str, ':');
  48
  49        if (tmp == NULL) {
  50                if (memcmp("0x", str, 2) == 0)
  51                        return get_u32(handle, str, 16);
  52                return -1;
  53        }
  54        htid = strtoul(str, &tmp, 16);
  55        if (tmp == str && *str != ':' && *str != 0)
  56                return -1;
  57        if (htid >= 0x1000)
  58                return -1;
  59        if (*tmp) {
  60                str = tmp + 1;
  61                hash = strtoul(str, &tmp, 16);
  62                if (tmp == str && *str != ':' && *str != 0)
  63                        return -1;
  64                if (hash >= 0x100)
  65                        return -1;
  66                if (*tmp) {
  67                        str = tmp + 1;
  68                        nodeid = strtoul(str, &tmp, 16);
  69                        if (tmp == str && *str != 0)
  70                                return -1;
  71                        if (nodeid >= 0x1000)
  72                                return -1;
  73                }
  74        }
  75        *handle = (htid<<20)|(hash<<12)|nodeid;
  76        return 0;
  77}
  78
  79static char *sprint_u32_handle(__u32 handle, char *buf)
  80{
  81        int bsize = SPRINT_BSIZE-1;
  82        __u32 htid = TC_U32_HTID(handle);
  83        __u32 hash = TC_U32_HASH(handle);
  84        __u32 nodeid = TC_U32_NODE(handle);
  85        char *b = buf;
  86
  87        if (handle == 0) {
  88                snprintf(b, bsize, "none");
  89                return b;
  90        }
  91        if (htid) {
  92                int l = snprintf(b, bsize, "%x:", htid>>20);
  93
  94                bsize -= l;
  95                b += l;
  96        }
  97        if (nodeid|hash) {
  98                if (hash) {
  99                        int l = snprintf(b, bsize, "%x", hash);
 100
 101                        bsize -= l;
 102                        b += l;
 103                }
 104                if (nodeid) {
 105                        int l = snprintf(b, bsize, ":%x", nodeid);
 106
 107                        bsize -= l;
 108                        b += l;
 109                }
 110        }
 111        if (show_raw)
 112                snprintf(b, bsize, "[%08x] ", handle);
 113        return buf;
 114}
 115
 116static int pack_key(struct tc_u32_sel *sel, __u32 key, __u32 mask,
 117                    int off, int offmask)
 118{
 119        int i;
 120        int hwm = sel->nkeys;
 121
 122        key &= mask;
 123
 124        for (i = 0; i < hwm; i++) {
 125                if (sel->keys[i].off == off && sel->keys[i].offmask == offmask) {
 126                        __u32 intersect = mask & sel->keys[i].mask;
 127
 128                        if ((key ^ sel->keys[i].val) & intersect)
 129                                return -1;
 130                        sel->keys[i].val |= key;
 131                        sel->keys[i].mask |= mask;
 132                        return 0;
 133                }
 134        }
 135
 136        if (hwm >= 128)
 137                return -1;
 138        if (off % 4)
 139                return -1;
 140        sel->keys[hwm].val = key;
 141        sel->keys[hwm].mask = mask;
 142        sel->keys[hwm].off = off;
 143        sel->keys[hwm].offmask = offmask;
 144        sel->nkeys++;
 145        return 0;
 146}
 147
 148static int pack_key32(struct tc_u32_sel *sel, __u32 key, __u32 mask,
 149                      int off, int offmask)
 150{
 151        key = htonl(key);
 152        mask = htonl(mask);
 153        return pack_key(sel, key, mask, off, offmask);
 154}
 155
 156static int pack_key16(struct tc_u32_sel *sel, __u32 key, __u32 mask,
 157                      int off, int offmask)
 158{
 159        if (key > 0xFFFF || mask > 0xFFFF)
 160                return -1;
 161
 162        if ((off & 3) == 0) {
 163                key <<= 16;
 164                mask <<= 16;
 165        }
 166        off &= ~3;
 167        key = htonl(key);
 168        mask = htonl(mask);
 169
 170        return pack_key(sel, key, mask, off, offmask);
 171}
 172
 173static int pack_key8(struct tc_u32_sel *sel, __u32 key, __u32 mask, int off,
 174                     int offmask)
 175{
 176        if (key > 0xFF || mask > 0xFF)
 177                return -1;
 178
 179        if ((off & 3) == 0) {
 180                key <<= 24;
 181                mask <<= 24;
 182        } else if ((off & 3) == 1) {
 183                key <<= 16;
 184                mask <<= 16;
 185        } else if ((off & 3) == 2) {
 186                key <<= 8;
 187                mask <<= 8;
 188        }
 189        off &= ~3;
 190        key = htonl(key);
 191        mask = htonl(mask);
 192
 193        return pack_key(sel, key, mask, off, offmask);
 194}
 195
 196
 197static int parse_at(int *argc_p, char ***argv_p, int *off, int *offmask)
 198{
 199        int argc = *argc_p;
 200        char **argv = *argv_p;
 201        char *p = *argv;
 202
 203        if (argc <= 0)
 204                return -1;
 205
 206        if (strlen(p) > strlen("nexthdr+") &&
 207            memcmp(p, "nexthdr+", strlen("nexthdr+")) == 0) {
 208                *offmask = -1;
 209                p += strlen("nexthdr+");
 210        } else if (matches(*argv, "nexthdr+") == 0) {
 211                NEXT_ARG();
 212                *offmask = -1;
 213                p = *argv;
 214        }
 215
 216        if (get_integer(off, p, 0))
 217                return -1;
 218        argc--; argv++;
 219
 220        *argc_p = argc;
 221        *argv_p = argv;
 222        return 0;
 223}
 224
 225
 226static int parse_u32(int *argc_p, char ***argv_p, struct tc_u32_sel *sel,
 227                     int off, int offmask)
 228{
 229        int res = -1;
 230        int argc = *argc_p;
 231        char **argv = *argv_p;
 232        __u32 key;
 233        __u32 mask;
 234
 235        if (argc < 2)
 236                return -1;
 237
 238        if (get_u32(&key, *argv, 0))
 239                return -1;
 240        argc--; argv++;
 241
 242        if (get_u32(&mask, *argv, 16))
 243                return -1;
 244        argc--; argv++;
 245
 246        if (argc > 0 && strcmp(argv[0], "at") == 0) {
 247                NEXT_ARG();
 248                if (parse_at(&argc, &argv, &off, &offmask))
 249                        return -1;
 250        }
 251
 252        res = pack_key32(sel, key, mask, off, offmask);
 253        *argc_p = argc;
 254        *argv_p = argv;
 255        return res;
 256}
 257
 258static int parse_u16(int *argc_p, char ***argv_p, struct tc_u32_sel *sel,
 259                     int off, int offmask)
 260{
 261        int res = -1;
 262        int argc = *argc_p;
 263        char **argv = *argv_p;
 264        __u32 key;
 265        __u32 mask;
 266
 267        if (argc < 2)
 268                return -1;
 269
 270        if (get_u32(&key, *argv, 0))
 271                return -1;
 272        argc--; argv++;
 273
 274        if (get_u32(&mask, *argv, 16))
 275                return -1;
 276        argc--; argv++;
 277
 278        if (argc > 0 && strcmp(argv[0], "at") == 0) {
 279                NEXT_ARG();
 280                if (parse_at(&argc, &argv, &off, &offmask))
 281                        return -1;
 282        }
 283        res = pack_key16(sel, key, mask, off, offmask);
 284        *argc_p = argc;
 285        *argv_p = argv;
 286        return res;
 287}
 288
 289static int parse_u8(int *argc_p, char ***argv_p, struct tc_u32_sel *sel,
 290                    int off, int offmask)
 291{
 292        int res = -1;
 293        int argc = *argc_p;
 294        char **argv = *argv_p;
 295        __u32 key;
 296        __u32 mask;
 297
 298        if (argc < 2)
 299                return -1;
 300
 301        if (get_u32(&key, *argv, 0))
 302                return -1;
 303        argc--; argv++;
 304
 305        if (get_u32(&mask, *argv, 16))
 306                return -1;
 307        argc--; argv++;
 308
 309        if (key > 0xFF || mask > 0xFF)
 310                return -1;
 311
 312        if (argc > 0 && strcmp(argv[0], "at") == 0) {
 313                NEXT_ARG();
 314                if (parse_at(&argc, &argv, &off, &offmask))
 315                        return -1;
 316        }
 317
 318        res = pack_key8(sel, key, mask, off, offmask);
 319        *argc_p = argc;
 320        *argv_p = argv;
 321        return res;
 322}
 323
 324static int parse_ip_addr(int *argc_p, char ***argv_p, struct tc_u32_sel *sel,
 325                         int off)
 326{
 327        int res = -1;
 328        int argc = *argc_p;
 329        char **argv = *argv_p;
 330        inet_prefix addr;
 331        __u32 mask;
 332        int offmask = 0;
 333
 334        if (argc < 1)
 335                return -1;
 336
 337        if (get_prefix_1(&addr, *argv, AF_INET))
 338                return -1;
 339        argc--; argv++;
 340
 341        if (argc > 0 && strcmp(argv[0], "at") == 0) {
 342                NEXT_ARG();
 343                if (parse_at(&argc, &argv, &off, &offmask))
 344                        return -1;
 345        }
 346
 347        mask = 0;
 348        if (addr.bitlen)
 349                mask = htonl(0xFFFFFFFF << (32 - addr.bitlen));
 350        if (pack_key(sel, addr.data[0], mask, off, offmask) < 0)
 351                return -1;
 352        res = 0;
 353
 354        *argc_p = argc;
 355        *argv_p = argv;
 356        return res;
 357}
 358
 359static int parse_ip6_addr(int *argc_p, char ***argv_p,
 360                          struct tc_u32_sel *sel, int off)
 361{
 362        int res = -1;
 363        int argc = *argc_p;
 364        char **argv = *argv_p;
 365        int plen = 128;
 366        int i;
 367        inet_prefix addr;
 368        int offmask = 0;
 369
 370        if (argc < 1)
 371                return -1;
 372
 373        if (get_prefix_1(&addr, *argv, AF_INET6))
 374                return -1;
 375        argc--; argv++;
 376
 377        if (argc > 0 && strcmp(argv[0], "at") == 0) {
 378                NEXT_ARG();
 379                if (parse_at(&argc, &argv, &off, &offmask))
 380                        return -1;
 381        }
 382
 383        plen = addr.bitlen;
 384        for (i = 0; i < plen; i += 32) {
 385                if (i + 31 < plen) {
 386                        res = pack_key(sel, addr.data[i / 32],
 387                                       0xFFFFFFFF, off + 4 * (i / 32), offmask);
 388                        if (res < 0)
 389                                return -1;
 390                } else if (i < plen) {
 391                        __u32 mask = htonl(0xFFFFFFFF << (32 - (plen - i)));
 392
 393                        res = pack_key(sel, addr.data[i / 32],
 394                                       mask, off + 4 * (i / 32), offmask);
 395                        if (res < 0)
 396                                return -1;
 397                }
 398        }
 399        res = 0;
 400
 401        *argc_p = argc;
 402        *argv_p = argv;
 403        return res;
 404}
 405
 406static int parse_ip6_class(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
 407{
 408        int res = -1;
 409        int argc = *argc_p;
 410        char **argv = *argv_p;
 411        __u32 key;
 412        __u32 mask;
 413        int off = 0;
 414        int offmask = 0;
 415
 416        if (argc < 2)
 417                return -1;
 418
 419        if (get_u32(&key, *argv, 0))
 420                return -1;
 421        argc--; argv++;
 422
 423        if (get_u32(&mask, *argv, 16))
 424                return -1;
 425        argc--; argv++;
 426
 427        if (key > 0xFF || mask > 0xFF)
 428                return -1;
 429
 430        key <<= 20;
 431        mask <<= 20;
 432        key = htonl(key);
 433        mask = htonl(mask);
 434
 435        res = pack_key(sel, key, mask, off, offmask);
 436        if (res < 0)
 437                return -1;
 438
 439        *argc_p = argc;
 440        *argv_p = argv;
 441        return 0;
 442}
 443
 444static int parse_ether_addr(int *argc_p, char ***argv_p,
 445                            struct tc_u32_sel *sel, int off)
 446{
 447        int res = -1;
 448        int argc = *argc_p;
 449        char **argv = *argv_p;
 450        __u8 addr[6];
 451        int offmask = 0;
 452        int i;
 453
 454        if (argc < 1)
 455                return -1;
 456
 457        if (sscanf(*argv, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
 458                   addr + 0, addr + 1, addr + 2,
 459                   addr + 3, addr + 4, addr + 5) != 6) {
 460                fprintf(stderr, "parse_ether_addr: improperly formed address '%s'\n",
 461                        *argv);
 462                return -1;
 463        }
 464
 465        argc--; argv++;
 466        if (argc > 0 && strcmp(argv[0], "at") == 0) {
 467                NEXT_ARG();
 468                if (parse_at(&argc, &argv, &off, &offmask))
 469                        return -1;
 470        }
 471
 472        for (i = 0; i < 6; i++) {
 473                res = pack_key8(sel, addr[i], 0xFF, off + i, offmask);
 474                if (res < 0)
 475                        return -1;
 476        }
 477
 478        *argc_p = argc;
 479        *argv_p = argv;
 480        return res;
 481}
 482
 483static int parse_ip(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
 484{
 485        int res = -1;
 486        int argc = *argc_p;
 487        char **argv = *argv_p;
 488
 489        if (argc < 2)
 490                return -1;
 491
 492        if (strcmp(*argv, "src") == 0) {
 493                NEXT_ARG();
 494                res = parse_ip_addr(&argc, &argv, sel, 12);
 495        } else if (strcmp(*argv, "dst") == 0) {
 496                NEXT_ARG();
 497                res = parse_ip_addr(&argc, &argv, sel, 16);
 498        } else if (strcmp(*argv, "tos") == 0 ||
 499            matches(*argv, "dsfield") == 0 ||
 500            matches(*argv, "precedence") == 0) {
 501                NEXT_ARG();
 502                res = parse_u8(&argc, &argv, sel, 1, 0);
 503        } else if (strcmp(*argv, "ihl") == 0) {
 504                NEXT_ARG();
 505                res = parse_u8(&argc, &argv, sel, 0, 0);
 506        } else if (strcmp(*argv, "protocol") == 0) {
 507                NEXT_ARG();
 508                res = parse_u8(&argc, &argv, sel, 9, 0);
 509        } else if (strcmp(*argv, "nofrag") == 0) {
 510                argc--; argv++;
 511                res = pack_key16(sel, 0, 0x3FFF, 6, 0);
 512        } else if (strcmp(*argv, "firstfrag") == 0) {
 513                argc--; argv++;
 514                res = pack_key16(sel, 0x2000, 0x3FFF, 6, 0);
 515        } else if (strcmp(*argv, "df") == 0) {
 516                argc--; argv++;
 517                res = pack_key16(sel, 0x4000, 0x4000, 6, 0);
 518        } else if (strcmp(*argv, "mf") == 0) {
 519                argc--; argv++;
 520                res = pack_key16(sel, 0x2000, 0x2000, 6, 0);
 521        } else if (strcmp(*argv, "dport") == 0) {
 522                NEXT_ARG();
 523                res = parse_u16(&argc, &argv, sel, 22, 0);
 524        } else if (strcmp(*argv, "sport") == 0) {
 525                NEXT_ARG();
 526                res = parse_u16(&argc, &argv, sel, 20, 0);
 527        } else if (strcmp(*argv, "icmp_type") == 0) {
 528                NEXT_ARG();
 529                res = parse_u8(&argc, &argv, sel, 20, 0);
 530        } else if (strcmp(*argv, "icmp_code") == 0) {
 531                NEXT_ARG();
 532                res = parse_u8(&argc, &argv, sel, 21, 0);
 533        } else
 534                return -1;
 535
 536        *argc_p = argc;
 537        *argv_p = argv;
 538        return res;
 539}
 540
 541static int parse_ip6(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
 542{
 543        int res = -1;
 544        int argc = *argc_p;
 545        char **argv = *argv_p;
 546
 547        if (argc < 2)
 548                return -1;
 549
 550        if (strcmp(*argv, "src") == 0) {
 551                NEXT_ARG();
 552                res = parse_ip6_addr(&argc, &argv, sel, 8);
 553        } else if (strcmp(*argv, "dst") == 0) {
 554                NEXT_ARG();
 555                res = parse_ip6_addr(&argc, &argv, sel, 24);
 556        } else if (strcmp(*argv, "priority") == 0) {
 557                NEXT_ARG();
 558                res = parse_ip6_class(&argc, &argv, sel);
 559        } else if (strcmp(*argv, "protocol") == 0) {
 560                NEXT_ARG();
 561                res = parse_u8(&argc, &argv, sel, 6, 0);
 562        } else if (strcmp(*argv, "flowlabel") == 0) {
 563                NEXT_ARG();
 564                res = parse_u32(&argc, &argv, sel, 0, 0);
 565        } else if (strcmp(*argv, "dport") == 0) {
 566                NEXT_ARG();
 567                res = parse_u16(&argc, &argv, sel, 42, 0);
 568        } else if (strcmp(*argv, "sport") == 0) {
 569                NEXT_ARG();
 570                res = parse_u16(&argc, &argv, sel, 40, 0);
 571        } else if (strcmp(*argv, "icmp_type") == 0) {
 572                NEXT_ARG();
 573                res = parse_u8(&argc, &argv, sel, 40, 0);
 574        } else if (strcmp(*argv, "icmp_code") == 0) {
 575                NEXT_ARG();
 576                res = parse_u8(&argc, &argv, sel, 41, 1);
 577        } else
 578                return -1;
 579
 580        *argc_p = argc;
 581        *argv_p = argv;
 582        return res;
 583}
 584
 585static int parse_ether(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
 586{
 587        int res = -1;
 588        int argc = *argc_p;
 589        char **argv = *argv_p;
 590
 591        if (argc < 2)
 592                return -1;
 593
 594        if (strcmp(*argv, "src") == 0) {
 595                NEXT_ARG();
 596                res = parse_ether_addr(&argc, &argv, sel, -8);
 597        } else if (strcmp(*argv, "dst") == 0) {
 598                NEXT_ARG();
 599                res = parse_ether_addr(&argc, &argv, sel, -14);
 600        } else {
 601                fprintf(stderr, "Unknown match: ether %s\n", *argv);
 602                return -1;
 603        }
 604
 605        *argc_p = argc;
 606        *argv_p = argv;
 607        return res;
 608}
 609
 610#define parse_tcp parse_udp
 611static int parse_udp(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
 612{
 613        int res = -1;
 614        int argc = *argc_p;
 615        char **argv = *argv_p;
 616
 617        if (argc < 2)
 618                return -1;
 619
 620        if (strcmp(*argv, "src") == 0) {
 621                NEXT_ARG();
 622                res = parse_u16(&argc, &argv, sel, 0, -1);
 623        } else if (strcmp(*argv, "dst") == 0) {
 624                NEXT_ARG();
 625                res = parse_u16(&argc, &argv, sel, 2, -1);
 626        } else
 627                return -1;
 628
 629        *argc_p = argc;
 630        *argv_p = argv;
 631        return res;
 632}
 633
 634
 635static int parse_icmp(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
 636{
 637        int res = -1;
 638        int argc = *argc_p;
 639        char **argv = *argv_p;
 640
 641        if (argc < 2)
 642                return -1;
 643
 644        if (strcmp(*argv, "type") == 0) {
 645                NEXT_ARG();
 646                res = parse_u8(&argc, &argv, sel, 0, -1);
 647        } else if (strcmp(*argv, "code") == 0) {
 648                NEXT_ARG();
 649                res = parse_u8(&argc, &argv, sel, 1, -1);
 650        } else
 651                return -1;
 652
 653        *argc_p = argc;
 654        *argv_p = argv;
 655        return res;
 656}
 657
 658static int parse_mark(int *argc_p, char ***argv_p, struct nlmsghdr *n)
 659{
 660        int res = -1;
 661        int argc = *argc_p;
 662        char **argv = *argv_p;
 663        struct tc_u32_mark mark;
 664
 665        if (argc <= 1)
 666                return -1;
 667
 668        if (get_u32(&mark.val, *argv, 0)) {
 669                fprintf(stderr, "Illegal \"mark\" value\n");
 670                return -1;
 671        }
 672        NEXT_ARG();
 673
 674        if (get_u32(&mark.mask, *argv, 0)) {
 675                fprintf(stderr, "Illegal \"mark\" mask\n");
 676                return -1;
 677        }
 678        NEXT_ARG();
 679
 680        if ((mark.val & mark.mask) != mark.val) {
 681                fprintf(stderr, "Illegal \"mark\" (impossible combination)\n");
 682                return -1;
 683        }
 684
 685        addattr_l(n, MAX_MSG, TCA_U32_MARK, &mark, sizeof(mark));
 686        res = 0;
 687
 688        *argc_p = argc;
 689        *argv_p = argv;
 690        return res;
 691}
 692
 693static int parse_selector(int *argc_p, char ***argv_p,
 694                          struct tc_u32_sel *sel, struct nlmsghdr *n)
 695{
 696        int argc = *argc_p;
 697        char **argv = *argv_p;
 698        int res = -1;
 699
 700        if (argc <= 0)
 701                return -1;
 702
 703        if (matches(*argv, "u32") == 0) {
 704                NEXT_ARG();
 705                res = parse_u32(&argc, &argv, sel, 0, 0);
 706        } else if (matches(*argv, "u16") == 0) {
 707                NEXT_ARG();
 708                res = parse_u16(&argc, &argv, sel, 0, 0);
 709        } else if (matches(*argv, "u8") == 0) {
 710                NEXT_ARG();
 711                res = parse_u8(&argc, &argv, sel, 0, 0);
 712        } else if (matches(*argv, "ip") == 0) {
 713                NEXT_ARG();
 714                res = parse_ip(&argc, &argv, sel);
 715        } else  if (matches(*argv, "ip6") == 0) {
 716                NEXT_ARG();
 717                res = parse_ip6(&argc, &argv, sel);
 718        } else if (matches(*argv, "udp") == 0) {
 719                NEXT_ARG();
 720                res = parse_udp(&argc, &argv, sel);
 721        } else if (matches(*argv, "tcp") == 0) {
 722                NEXT_ARG();
 723                res = parse_tcp(&argc, &argv, sel);
 724        } else if (matches(*argv, "icmp") == 0) {
 725                NEXT_ARG();
 726                res = parse_icmp(&argc, &argv, sel);
 727        } else if (matches(*argv, "mark") == 0) {
 728                NEXT_ARG();
 729                res = parse_mark(&argc, &argv, n);
 730        } else if (matches(*argv, "ether") == 0) {
 731                NEXT_ARG();
 732                res = parse_ether(&argc, &argv, sel);
 733        } else
 734                return -1;
 735
 736        *argc_p = argc;
 737        *argv_p = argv;
 738        return res;
 739}
 740
 741static int parse_offset(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
 742{
 743        int argc = *argc_p;
 744        char **argv = *argv_p;
 745
 746        while (argc > 0) {
 747                if (matches(*argv, "plus") == 0) {
 748                        int off;
 749
 750                        NEXT_ARG();
 751                        if (get_integer(&off, *argv, 0))
 752                                return -1;
 753                        sel->off = off;
 754                        sel->flags |= TC_U32_OFFSET;
 755                } else if (matches(*argv, "at") == 0) {
 756                        int off;
 757
 758                        NEXT_ARG();
 759                        if (get_integer(&off, *argv, 0))
 760                                return -1;
 761                        sel->offoff = off;
 762                        if (off%2) {
 763                                fprintf(stderr, "offset \"at\" must be even\n");
 764                                return -1;
 765                        }
 766                        sel->flags |= TC_U32_VAROFFSET;
 767                } else if (matches(*argv, "mask") == 0) {
 768                        NEXT_ARG();
 769                        if (get_be16(&sel->offmask, *argv, 16))
 770                                return -1;
 771                        sel->flags |= TC_U32_VAROFFSET;
 772                } else if (matches(*argv, "shift") == 0) {
 773                        int shift;
 774
 775                        NEXT_ARG();
 776                        if (get_integer(&shift, *argv, 0))
 777                                return -1;
 778                        sel->offshift = shift;
 779                        sel->flags |= TC_U32_VAROFFSET;
 780                } else if (matches(*argv, "eat") == 0) {
 781                        sel->flags |= TC_U32_EAT;
 782                } else {
 783                        break;
 784                }
 785                argc--; argv++;
 786        }
 787
 788        *argc_p = argc;
 789        *argv_p = argv;
 790        return 0;
 791}
 792
 793static int parse_hashkey(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
 794{
 795        int argc = *argc_p;
 796        char **argv = *argv_p;
 797
 798        while (argc > 0) {
 799                if (matches(*argv, "mask") == 0) {
 800                        NEXT_ARG();
 801                        if (get_be32(&sel->hmask, *argv, 16))
 802                                return -1;
 803                } else if (matches(*argv, "at") == 0) {
 804                        int num;
 805
 806                        NEXT_ARG();
 807                        if (get_integer(&num, *argv, 0))
 808                                return -1;
 809                        if (num%4)
 810                                return -1;
 811                        sel->hoff = num;
 812                } else {
 813                        break;
 814                }
 815                argc--; argv++;
 816        }
 817
 818        *argc_p = argc;
 819        *argv_p = argv;
 820        return 0;
 821}
 822
 823static void print_ipv4(FILE *f, const struct tc_u32_key *key)
 824{
 825        char abuf[256];
 826
 827        switch (key->off) {
 828        case 0:
 829                switch (ntohl(key->mask)) {
 830                case 0x0f000000:
 831                        fprintf(f, "\n  match IP ihl %u",
 832                                ntohl(key->val) >> 24);
 833                        return;
 834                case 0x00ff0000:
 835                        fprintf(f, "\n  match IP dsfield %#x",
 836                                ntohl(key->val) >> 16);
 837                        return;
 838                }
 839                break;
 840        case 8:
 841                if (ntohl(key->mask) == 0x00ff0000) {
 842                        fprintf(f, "\n  match IP protocol %d",
 843                                ntohl(key->val) >> 16);
 844                        return;
 845                }
 846                break;
 847        case 12:
 848        case 16: {
 849                        int bits = mask2bits(key->mask);
 850
 851                        if (bits >= 0) {
 852                                fprintf(f, "\n  %s %s/%d",
 853                                        key->off == 12 ? "match IP src" : "match IP dst",
 854                                        inet_ntop(AF_INET, &key->val,
 855                                                  abuf, sizeof(abuf)),
 856                                        bits);
 857                                return;
 858                        }
 859                }
 860                break;
 861
 862        case 20:
 863                switch (ntohl(key->mask)) {
 864                case 0x0000ffff:
 865                        fprintf(f, "\n  match dport %u",
 866                                ntohl(key->val) & 0xffff);
 867                        return;
 868                case 0xffff0000:
 869                        fprintf(f, "\n  match sport %u",
 870                                ntohl(key->val) >> 16);
 871                        return;
 872                case 0xffffffff:
 873                        fprintf(f, "\n  match dport %u, match sport %u",
 874                                ntohl(key->val) & 0xffff,
 875                                ntohl(key->val) >> 16);
 876
 877                        return;
 878                }
 879                /* XXX: Default print_raw */
 880        }
 881}
 882
 883static void print_ipv6(FILE *f, const struct tc_u32_key *key)
 884{
 885        char abuf[256];
 886
 887        switch (key->off) {
 888        case 0:
 889                switch (ntohl(key->mask)) {
 890                case 0x0f000000:
 891                        fprintf(f, "\n  match IP ihl %u",
 892                                ntohl(key->val) >> 24);
 893                        return;
 894                case 0x00ff0000:
 895                        fprintf(f, "\n  match IP dsfield %#x",
 896                                ntohl(key->val) >> 16);
 897                        return;
 898                }
 899                break;
 900        case 8:
 901                if (ntohl(key->mask) == 0x00ff0000) {
 902                        fprintf(f, "\n  match IP protocol %d",
 903                                ntohl(key->val) >> 16);
 904                        return;
 905                }
 906                break;
 907        case 12:
 908        case 16: {
 909                        int bits = mask2bits(key->mask);
 910
 911                        if (bits >= 0) {
 912                                fprintf(f, "\n  %s %s/%d",
 913                                        key->off == 12 ? "match IP src" : "match IP dst",
 914                                        inet_ntop(AF_INET, &key->val,
 915                                                  abuf, sizeof(abuf)),
 916                                        bits);
 917                                return;
 918                        }
 919                }
 920                break;
 921
 922        case 20:
 923                switch (ntohl(key->mask)) {
 924                case 0x0000ffff:
 925                        fprintf(f, "\n  match sport %u",
 926                                ntohl(key->val) & 0xffff);
 927                        return;
 928                case 0xffff0000:
 929                        fprintf(f, "\n  match dport %u",
 930                                ntohl(key->val) >> 16);
 931                        return;
 932                case 0xffffffff:
 933                        fprintf(f, "\n  match sport %u, match dport %u",
 934                                ntohl(key->val) & 0xffff,
 935                                ntohl(key->val) >> 16);
 936
 937                        return;
 938                }
 939                /* XXX: Default print_raw */
 940        }
 941}
 942
 943static void print_raw(FILE *f, const struct tc_u32_key *key)
 944{
 945        fprintf(f, "\n  match %08x/%08x at %s%d",
 946                (unsigned int)ntohl(key->val),
 947                (unsigned int)ntohl(key->mask),
 948                key->offmask ? "nexthdr+" : "",
 949                key->off);
 950}
 951
 952static const struct {
 953        __u16 proto;
 954        __u16 pad;
 955        void (*pprinter)(FILE *f, const struct tc_u32_key *key);
 956} u32_pprinters[] = {
 957        {0,        0, print_raw},
 958        {ETH_P_IP, 0, print_ipv4},
 959        {ETH_P_IPV6, 0, print_ipv6},
 960};
 961
 962static void show_keys(FILE *f, const struct tc_u32_key *key)
 963{
 964        int i = 0;
 965
 966        if (!pretty)
 967                goto show_k;
 968
 969        for (i = 0; i < ARRAY_SIZE(u32_pprinters); i++) {
 970                if (u32_pprinters[i].proto == ntohs(f_proto)) {
 971show_k:
 972                        u32_pprinters[i].pprinter(f, key);
 973                        return;
 974                }
 975        }
 976
 977        i = 0;
 978        goto show_k;
 979}
 980
 981static __u32 u32_hash_fold(struct tc_u32_key *key)
 982{
 983        __u8 fshift = key->mask ? ffs(ntohl(key->mask)) - 1 : 0;
 984
 985        return ntohl(key->val & key->mask) >> fshift;
 986}
 987
 988static int u32_parse_opt(struct filter_util *qu, char *handle,
 989                         int argc, char **argv, struct nlmsghdr *n)
 990{
 991        struct {
 992                struct tc_u32_sel sel;
 993                struct tc_u32_key keys[128];
 994        } sel = {};
 995        struct tcmsg *t = NLMSG_DATA(n);
 996        struct rtattr *tail;
 997        int sel_ok = 0, terminal_ok = 0;
 998        int sample_ok = 0;
 999        __u32 htid = 0;
1000        __u32 order = 0;
1001        __u32 flags = 0;
1002
1003        if (handle && get_u32_handle(&t->tcm_handle, handle)) {
1004                fprintf(stderr, "Illegal filter ID\n");
1005                return -1;
1006        }
1007
1008        if (argc == 0)
1009                return 0;
1010
1011        tail = addattr_nest(n, MAX_MSG, TCA_OPTIONS);
1012
1013        while (argc > 0) {
1014                if (matches(*argv, "match") == 0) {
1015                        NEXT_ARG();
1016                        if (parse_selector(&argc, &argv, &sel.sel, n)) {
1017                                fprintf(stderr, "Illegal \"match\"\n");
1018                                return -1;
1019                        }
1020                        sel_ok++;
1021                        continue;
1022                } else if (matches(*argv, "offset") == 0) {
1023                        NEXT_ARG();
1024                        if (parse_offset(&argc, &argv, &sel.sel)) {
1025                                fprintf(stderr, "Illegal \"offset\"\n");
1026                                return -1;
1027                        }
1028                        continue;
1029                } else if (matches(*argv, "hashkey") == 0) {
1030                        NEXT_ARG();
1031                        if (parse_hashkey(&argc, &argv, &sel.sel)) {
1032                                fprintf(stderr, "Illegal \"hashkey\"\n");
1033                                return -1;
1034                        }
1035                        continue;
1036                } else if (matches(*argv, "classid") == 0 ||
1037                           strcmp(*argv, "flowid") == 0) {
1038                        unsigned int flowid;
1039
1040                        NEXT_ARG();
1041                        if (get_tc_classid(&flowid, *argv)) {
1042                                fprintf(stderr, "Illegal \"classid\"\n");
1043                                return -1;
1044                        }
1045                        addattr_l(n, MAX_MSG, TCA_U32_CLASSID, &flowid, 4);
1046                        sel.sel.flags |= TC_U32_TERMINAL;
1047                } else if (matches(*argv, "divisor") == 0) {
1048                        unsigned int divisor;
1049
1050                        NEXT_ARG();
1051                        if (get_unsigned(&divisor, *argv, 0) ||
1052                            divisor == 0 ||
1053                            divisor > 0x100 || ((divisor - 1) & divisor)) {
1054                                fprintf(stderr, "Illegal \"divisor\"\n");
1055                                return -1;
1056                        }
1057                        addattr_l(n, MAX_MSG, TCA_U32_DIVISOR, &divisor, 4);
1058                } else if (matches(*argv, "order") == 0) {
1059                        NEXT_ARG();
1060                        if (get_u32(&order, *argv, 0)) {
1061                                fprintf(stderr, "Illegal \"order\"\n");
1062                                return -1;
1063                        }
1064                } else if (strcmp(*argv, "link") == 0) {
1065                        unsigned int linkid;
1066
1067                        NEXT_ARG();
1068                        if (get_u32_handle(&linkid, *argv)) {
1069                                fprintf(stderr, "Illegal \"link\"\n");
1070                                return -1;
1071                        }
1072                        if (linkid && TC_U32_NODE(linkid)) {
1073                                fprintf(stderr, "\"link\" must be a hash table.\n");
1074                                return -1;
1075                        }
1076                        addattr_l(n, MAX_MSG, TCA_U32_LINK, &linkid, 4);
1077                } else if (strcmp(*argv, "ht") == 0) {
1078                        unsigned int ht;
1079
1080                        NEXT_ARG();
1081                        if (get_u32_handle(&ht, *argv)) {
1082                                fprintf(stderr, "Illegal \"ht\"\n");
1083                                return -1;
1084                        }
1085                        if (handle && TC_U32_NODE(ht)) {
1086                                fprintf(stderr, "\"ht\" must be a hash table.\n");
1087                                return -1;
1088                        }
1089                        if (sample_ok)
1090                                htid = (htid & 0xFF000) | (ht & 0xFFF00000);
1091                        else
1092                                htid = (ht & 0xFFFFF000);
1093                } else if (strcmp(*argv, "sample") == 0) {
1094                        __u32 hash;
1095                        unsigned int divisor = 0x100;
1096                        struct {
1097                                struct tc_u32_sel sel;
1098                                struct tc_u32_key keys[4];
1099                        } sel2 = {};
1100
1101                        NEXT_ARG();
1102                        if (parse_selector(&argc, &argv, &sel2.sel, n)) {
1103                                fprintf(stderr, "Illegal \"sample\"\n");
1104                                return -1;
1105                        }
1106                        if (sel2.sel.nkeys != 1) {
1107                                fprintf(stderr, "\"sample\" must contain exactly ONE key.\n");
1108                                return -1;
1109                        }
1110                        if (*argv != 0 && strcmp(*argv, "divisor") == 0) {
1111                                NEXT_ARG();
1112                                if (get_unsigned(&divisor, *argv, 0) ||
1113                                    divisor == 0 || divisor > 0x100 ||
1114                                    ((divisor - 1) & divisor)) {
1115                                        fprintf(stderr, "Illegal sample \"divisor\"\n");
1116                                        return -1;
1117                                }
1118                                NEXT_ARG();
1119                        }
1120                        hash = u32_hash_fold(&sel2.keys[0]);
1121                        htid = ((hash % divisor) << 12) | (htid & 0xFFF00000);
1122                        sample_ok = 1;
1123                        continue;
1124                } else if (strcmp(*argv, "indev") == 0) {
1125                        char ind[IFNAMSIZ + 1] = {};
1126
1127                        argc--;
1128                        argv++;
1129                        if (argc < 1) {
1130                                fprintf(stderr, "Illegal indev\n");
1131                                return -1;
1132                        }
1133                        strncpy(ind, *argv, sizeof(ind) - 1);
1134                        addattr_l(n, MAX_MSG, TCA_U32_INDEV, ind,
1135                                  strlen(ind) + 1);
1136
1137                } else if (matches(*argv, "action") == 0) {
1138                        NEXT_ARG();
1139                        if (parse_action(&argc, &argv, TCA_U32_ACT, n)) {
1140                                fprintf(stderr, "Illegal \"action\"\n");
1141                                return -1;
1142                        }
1143                        terminal_ok++;
1144                        continue;
1145
1146                } else if (matches(*argv, "police") == 0) {
1147                        NEXT_ARG();
1148                        if (parse_police(&argc, &argv, TCA_U32_POLICE, n)) {
1149                                fprintf(stderr, "Illegal \"police\"\n");
1150                                return -1;
1151                        }
1152                        terminal_ok++;
1153                        continue;
1154                } else if (strcmp(*argv, "skip_hw") == 0) {
1155                        flags |= TCA_CLS_FLAGS_SKIP_HW;
1156                } else if (strcmp(*argv, "skip_sw") == 0) {
1157                        flags |= TCA_CLS_FLAGS_SKIP_SW;
1158                } else if (strcmp(*argv, "help") == 0) {
1159                        explain();
1160                        return -1;
1161                } else {
1162                        fprintf(stderr, "What is \"%s\"?\n", *argv);
1163                        explain();
1164                        return -1;
1165                }
1166                argc--; argv++;
1167        }
1168
1169        /* We don't necessarily need class/flowids */
1170        if (terminal_ok)
1171                sel.sel.flags |= TC_U32_TERMINAL;
1172
1173        if (order) {
1174                if (TC_U32_NODE(t->tcm_handle) &&
1175                    order != TC_U32_NODE(t->tcm_handle)) {
1176                        fprintf(stderr, "\"order\" contradicts \"handle\"\n");
1177                        return -1;
1178                }
1179                t->tcm_handle |= order;
1180        }
1181
1182        if (htid)
1183                addattr_l(n, MAX_MSG, TCA_U32_HASH, &htid, 4);
1184        if (sel_ok)
1185                addattr_l(n, MAX_MSG, TCA_U32_SEL, &sel,
1186                          sizeof(sel.sel) +
1187                          sel.sel.nkeys * sizeof(struct tc_u32_key));
1188        if (flags) {
1189                if (!(flags ^ (TCA_CLS_FLAGS_SKIP_HW |
1190                               TCA_CLS_FLAGS_SKIP_SW))) {
1191                        fprintf(stderr,
1192                                "skip_hw and skip_sw are mutually exclusive\n");
1193                        return -1;
1194                }
1195                addattr_l(n, MAX_MSG, TCA_U32_FLAGS, &flags, 4);
1196        }
1197
1198        addattr_nest_end(n, tail);
1199        return 0;
1200}
1201
1202static int u32_print_opt(struct filter_util *qu, FILE *f, struct rtattr *opt,
1203                         __u32 handle)
1204{
1205        struct rtattr *tb[TCA_U32_MAX + 1];
1206        struct tc_u32_sel *sel = NULL;
1207        struct tc_u32_pcnt *pf = NULL;
1208
1209        if (opt == NULL)
1210                return 0;
1211
1212        parse_rtattr_nested(tb, TCA_U32_MAX, opt);
1213
1214        if (handle) {
1215                SPRINT_BUF(b1);
1216                fprintf(f, "fh %s ", sprint_u32_handle(handle, b1));
1217        }
1218
1219        if (TC_U32_NODE(handle))
1220                fprintf(f, "order %d ", TC_U32_NODE(handle));
1221
1222        if (tb[TCA_U32_SEL]) {
1223                if (RTA_PAYLOAD(tb[TCA_U32_SEL])  < sizeof(*sel))
1224                        return -1;
1225
1226                sel = RTA_DATA(tb[TCA_U32_SEL]);
1227        }
1228
1229        if (tb[TCA_U32_DIVISOR]) {
1230                fprintf(f, "ht divisor %d ",
1231                        rta_getattr_u32(tb[TCA_U32_DIVISOR]));
1232        } else if (tb[TCA_U32_HASH]) {
1233                __u32 htid = rta_getattr_u32(tb[TCA_U32_HASH]);
1234
1235                fprintf(f, "key ht %x bkt %x ", TC_U32_USERHTID(htid),
1236                        TC_U32_HASH(htid));
1237        } else {
1238                fprintf(f, "??? ");
1239        }
1240        if (tb[TCA_U32_CLASSID]) {
1241                SPRINT_BUF(b1);
1242                fprintf(f, "%sflowid %s ",
1243                        !sel || !(sel->flags & TC_U32_TERMINAL) ? "*" : "",
1244                        sprint_tc_classid(rta_getattr_u32(tb[TCA_U32_CLASSID]),
1245                                          b1));
1246        } else if (sel && sel->flags & TC_U32_TERMINAL) {
1247                fprintf(f, "terminal flowid ??? ");
1248        }
1249        if (tb[TCA_U32_LINK]) {
1250                SPRINT_BUF(b1);
1251                fprintf(f, "link %s ",
1252                        sprint_u32_handle(rta_getattr_u32(tb[TCA_U32_LINK]),
1253                                          b1));
1254        }
1255
1256        if (tb[TCA_U32_FLAGS]) {
1257                __u32 flags = rta_getattr_u32(tb[TCA_U32_FLAGS]);
1258
1259                if (flags & TCA_CLS_FLAGS_SKIP_HW)
1260                        fprintf(f, "skip_hw ");
1261                if (flags & TCA_CLS_FLAGS_SKIP_SW)
1262                        fprintf(f, "skip_sw ");
1263
1264                if (flags & TCA_CLS_FLAGS_IN_HW)
1265                        fprintf(f, "in_hw ");
1266                else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
1267                        fprintf(f, "not_in_hw ");
1268        }
1269
1270        if (tb[TCA_U32_PCNT]) {
1271                if (RTA_PAYLOAD(tb[TCA_U32_PCNT])  < sizeof(*pf)) {
1272                        fprintf(f, "Broken perf counters\n");
1273                        return -1;
1274                }
1275                pf = RTA_DATA(tb[TCA_U32_PCNT]);
1276        }
1277
1278        if (sel && show_stats && NULL != pf)
1279                fprintf(f, " (rule hit %llu success %llu)",
1280                        (unsigned long long) pf->rcnt,
1281                        (unsigned long long) pf->rhit);
1282
1283        if (tb[TCA_U32_MARK]) {
1284                struct tc_u32_mark *mark = RTA_DATA(tb[TCA_U32_MARK]);
1285
1286                if (RTA_PAYLOAD(tb[TCA_U32_MARK]) < sizeof(*mark)) {
1287                        fprintf(f, "\n  Invalid mark (kernel&iproute2 mismatch)\n");
1288                } else {
1289                        fprintf(f, "\n  mark 0x%04x 0x%04x (success %d)",
1290                                mark->val, mark->mask, mark->success);
1291                }
1292        }
1293
1294        if (sel) {
1295                if (sel->nkeys) {
1296                        int i;
1297
1298                        for (i = 0; i < sel->nkeys; i++) {
1299                                show_keys(f, sel->keys + i);
1300                                if (show_stats && NULL != pf)
1301                                        fprintf(f, " (success %llu ) ",
1302                                                (unsigned long long) pf->kcnts[i]);
1303                        }
1304                }
1305
1306                if (sel->flags & (TC_U32_VAROFFSET | TC_U32_OFFSET)) {
1307                        fprintf(f, "\n    offset ");
1308                        if (sel->flags & TC_U32_VAROFFSET)
1309                                fprintf(f, "%04x>>%d at %d ",
1310                                        ntohs(sel->offmask),
1311                                        sel->offshift,  sel->offoff);
1312                        if (sel->off)
1313                                fprintf(f, "plus %d ", sel->off);
1314                }
1315                if (sel->flags & TC_U32_EAT)
1316                        fprintf(f, " eat ");
1317
1318                if (sel->hmask) {
1319                        fprintf(f, "\n    hash mask %08x at %d ",
1320                                (unsigned int)htonl(sel->hmask), sel->hoff);
1321                }
1322        }
1323
1324        if (tb[TCA_U32_POLICE]) {
1325                fprintf(f, "\n");
1326                tc_print_police(f, tb[TCA_U32_POLICE]);
1327        }
1328
1329        if (tb[TCA_U32_INDEV]) {
1330                struct rtattr *idev = tb[TCA_U32_INDEV];
1331
1332                fprintf(f, "\n  input dev %s\n", rta_getattr_str(idev));
1333        }
1334
1335        if (tb[TCA_U32_ACT])
1336                tc_print_action(f, tb[TCA_U32_ACT], 0);
1337
1338        return 0;
1339}
1340
1341struct filter_util u32_filter_util = {
1342        .id = "u32",
1343        .parse_fopt = u32_parse_opt,
1344        .print_fopt = u32_print_opt,
1345};
1346