1
2
3
4
5
6
7
8
9
10
11
12
13
14#include <stdio.h>
15#include <stdlib.h>
16#include <unistd.h>
17#include <fcntl.h>
18#include <sys/socket.h>
19#include <netinet/in.h>
20#include <arpa/inet.h>
21#include <string.h>
22#include <linux/if.h>
23#include <linux/if_ether.h>
24
25#include "utils.h"
26#include "tc_util.h"
27
28static void explain(void)
29{
30 fprintf(stderr,
31 "Usage: ... u32 [ match SELECTOR ... ] [ link HTID ] [ classid CLASSID ]\n"
32 " [ action ACTION_SPEC ] [ offset OFFSET_SPEC ]\n"
33 " [ ht HTID ] [ hashkey HASHKEY_SPEC ]\n"
34 " [ sample SAMPLE ] [skip_hw | skip_sw]\n"
35 "or u32 divisor DIVISOR\n"
36 "\n"
37 "Where: SELECTOR := SAMPLE SAMPLE ...\n"
38 " SAMPLE := { ip | ip6 | udp | tcp | icmp | u{32|16|8} | mark }\n"
39 " SAMPLE_ARGS [ divisor DIVISOR ]\n"
40 " FILTERID := X:Y:Z\n"
41 "\nNOTE: CLASSID is parsed at hexadecimal input.\n");
42}
43
44static int get_u32_handle(__u32 *handle, const char *str)
45{
46 __u32 htid = 0, hash = 0, nodeid = 0;
47 char *tmp = strchr(str, ':');
48
49 if (tmp == NULL) {
50 if (memcmp("0x", str, 2) == 0)
51 return get_u32(handle, str, 16);
52 return -1;
53 }
54 htid = strtoul(str, &tmp, 16);
55 if (tmp == str && *str != ':' && *str != 0)
56 return -1;
57 if (htid >= 0x1000)
58 return -1;
59 if (*tmp) {
60 str = tmp + 1;
61 hash = strtoul(str, &tmp, 16);
62 if (tmp == str && *str != ':' && *str != 0)
63 return -1;
64 if (hash >= 0x100)
65 return -1;
66 if (*tmp) {
67 str = tmp + 1;
68 nodeid = strtoul(str, &tmp, 16);
69 if (tmp == str && *str != 0)
70 return -1;
71 if (nodeid >= 0x1000)
72 return -1;
73 }
74 }
75 *handle = (htid<<20)|(hash<<12)|nodeid;
76 return 0;
77}
78
79static char *sprint_u32_handle(__u32 handle, char *buf)
80{
81 int bsize = SPRINT_BSIZE-1;
82 __u32 htid = TC_U32_HTID(handle);
83 __u32 hash = TC_U32_HASH(handle);
84 __u32 nodeid = TC_U32_NODE(handle);
85 char *b = buf;
86
87 if (handle == 0) {
88 snprintf(b, bsize, "none");
89 return b;
90 }
91 if (htid) {
92 int l = snprintf(b, bsize, "%x:", htid>>20);
93
94 bsize -= l;
95 b += l;
96 }
97 if (nodeid|hash) {
98 if (hash) {
99 int l = snprintf(b, bsize, "%x", hash);
100
101 bsize -= l;
102 b += l;
103 }
104 if (nodeid) {
105 int l = snprintf(b, bsize, ":%x", nodeid);
106
107 bsize -= l;
108 b += l;
109 }
110 }
111 if (show_raw)
112 snprintf(b, bsize, "[%08x] ", handle);
113 return buf;
114}
115
116static int pack_key(struct tc_u32_sel *sel, __u32 key, __u32 mask,
117 int off, int offmask)
118{
119 int i;
120 int hwm = sel->nkeys;
121
122 key &= mask;
123
124 for (i = 0; i < hwm; i++) {
125 if (sel->keys[i].off == off && sel->keys[i].offmask == offmask) {
126 __u32 intersect = mask & sel->keys[i].mask;
127
128 if ((key ^ sel->keys[i].val) & intersect)
129 return -1;
130 sel->keys[i].val |= key;
131 sel->keys[i].mask |= mask;
132 return 0;
133 }
134 }
135
136 if (hwm >= 128)
137 return -1;
138 if (off % 4)
139 return -1;
140 sel->keys[hwm].val = key;
141 sel->keys[hwm].mask = mask;
142 sel->keys[hwm].off = off;
143 sel->keys[hwm].offmask = offmask;
144 sel->nkeys++;
145 return 0;
146}
147
148static int pack_key32(struct tc_u32_sel *sel, __u32 key, __u32 mask,
149 int off, int offmask)
150{
151 key = htonl(key);
152 mask = htonl(mask);
153 return pack_key(sel, key, mask, off, offmask);
154}
155
156static int pack_key16(struct tc_u32_sel *sel, __u32 key, __u32 mask,
157 int off, int offmask)
158{
159 if (key > 0xFFFF || mask > 0xFFFF)
160 return -1;
161
162 if ((off & 3) == 0) {
163 key <<= 16;
164 mask <<= 16;
165 }
166 off &= ~3;
167 key = htonl(key);
168 mask = htonl(mask);
169
170 return pack_key(sel, key, mask, off, offmask);
171}
172
173static int pack_key8(struct tc_u32_sel *sel, __u32 key, __u32 mask, int off,
174 int offmask)
175{
176 if (key > 0xFF || mask > 0xFF)
177 return -1;
178
179 if ((off & 3) == 0) {
180 key <<= 24;
181 mask <<= 24;
182 } else if ((off & 3) == 1) {
183 key <<= 16;
184 mask <<= 16;
185 } else if ((off & 3) == 2) {
186 key <<= 8;
187 mask <<= 8;
188 }
189 off &= ~3;
190 key = htonl(key);
191 mask = htonl(mask);
192
193 return pack_key(sel, key, mask, off, offmask);
194}
195
196
197static int parse_at(int *argc_p, char ***argv_p, int *off, int *offmask)
198{
199 int argc = *argc_p;
200 char **argv = *argv_p;
201 char *p = *argv;
202
203 if (argc <= 0)
204 return -1;
205
206 if (strlen(p) > strlen("nexthdr+") &&
207 memcmp(p, "nexthdr+", strlen("nexthdr+")) == 0) {
208 *offmask = -1;
209 p += strlen("nexthdr+");
210 } else if (matches(*argv, "nexthdr+") == 0) {
211 NEXT_ARG();
212 *offmask = -1;
213 p = *argv;
214 }
215
216 if (get_integer(off, p, 0))
217 return -1;
218 argc--; argv++;
219
220 *argc_p = argc;
221 *argv_p = argv;
222 return 0;
223}
224
225
226static int parse_u32(int *argc_p, char ***argv_p, struct tc_u32_sel *sel,
227 int off, int offmask)
228{
229 int res = -1;
230 int argc = *argc_p;
231 char **argv = *argv_p;
232 __u32 key;
233 __u32 mask;
234
235 if (argc < 2)
236 return -1;
237
238 if (get_u32(&key, *argv, 0))
239 return -1;
240 argc--; argv++;
241
242 if (get_u32(&mask, *argv, 16))
243 return -1;
244 argc--; argv++;
245
246 if (argc > 0 && strcmp(argv[0], "at") == 0) {
247 NEXT_ARG();
248 if (parse_at(&argc, &argv, &off, &offmask))
249 return -1;
250 }
251
252 res = pack_key32(sel, key, mask, off, offmask);
253 *argc_p = argc;
254 *argv_p = argv;
255 return res;
256}
257
258static int parse_u16(int *argc_p, char ***argv_p, struct tc_u32_sel *sel,
259 int off, int offmask)
260{
261 int res = -1;
262 int argc = *argc_p;
263 char **argv = *argv_p;
264 __u32 key;
265 __u32 mask;
266
267 if (argc < 2)
268 return -1;
269
270 if (get_u32(&key, *argv, 0))
271 return -1;
272 argc--; argv++;
273
274 if (get_u32(&mask, *argv, 16))
275 return -1;
276 argc--; argv++;
277
278 if (argc > 0 && strcmp(argv[0], "at") == 0) {
279 NEXT_ARG();
280 if (parse_at(&argc, &argv, &off, &offmask))
281 return -1;
282 }
283 res = pack_key16(sel, key, mask, off, offmask);
284 *argc_p = argc;
285 *argv_p = argv;
286 return res;
287}
288
289static int parse_u8(int *argc_p, char ***argv_p, struct tc_u32_sel *sel,
290 int off, int offmask)
291{
292 int res = -1;
293 int argc = *argc_p;
294 char **argv = *argv_p;
295 __u32 key;
296 __u32 mask;
297
298 if (argc < 2)
299 return -1;
300
301 if (get_u32(&key, *argv, 0))
302 return -1;
303 argc--; argv++;
304
305 if (get_u32(&mask, *argv, 16))
306 return -1;
307 argc--; argv++;
308
309 if (key > 0xFF || mask > 0xFF)
310 return -1;
311
312 if (argc > 0 && strcmp(argv[0], "at") == 0) {
313 NEXT_ARG();
314 if (parse_at(&argc, &argv, &off, &offmask))
315 return -1;
316 }
317
318 res = pack_key8(sel, key, mask, off, offmask);
319 *argc_p = argc;
320 *argv_p = argv;
321 return res;
322}
323
324static int parse_ip_addr(int *argc_p, char ***argv_p, struct tc_u32_sel *sel,
325 int off)
326{
327 int res = -1;
328 int argc = *argc_p;
329 char **argv = *argv_p;
330 inet_prefix addr;
331 __u32 mask;
332 int offmask = 0;
333
334 if (argc < 1)
335 return -1;
336
337 if (get_prefix_1(&addr, *argv, AF_INET))
338 return -1;
339 argc--; argv++;
340
341 if (argc > 0 && strcmp(argv[0], "at") == 0) {
342 NEXT_ARG();
343 if (parse_at(&argc, &argv, &off, &offmask))
344 return -1;
345 }
346
347 mask = 0;
348 if (addr.bitlen)
349 mask = htonl(0xFFFFFFFF << (32 - addr.bitlen));
350 if (pack_key(sel, addr.data[0], mask, off, offmask) < 0)
351 return -1;
352 res = 0;
353
354 *argc_p = argc;
355 *argv_p = argv;
356 return res;
357}
358
359static int parse_ip6_addr(int *argc_p, char ***argv_p,
360 struct tc_u32_sel *sel, int off)
361{
362 int res = -1;
363 int argc = *argc_p;
364 char **argv = *argv_p;
365 int plen = 128;
366 int i;
367 inet_prefix addr;
368 int offmask = 0;
369
370 if (argc < 1)
371 return -1;
372
373 if (get_prefix_1(&addr, *argv, AF_INET6))
374 return -1;
375 argc--; argv++;
376
377 if (argc > 0 && strcmp(argv[0], "at") == 0) {
378 NEXT_ARG();
379 if (parse_at(&argc, &argv, &off, &offmask))
380 return -1;
381 }
382
383 plen = addr.bitlen;
384 for (i = 0; i < plen; i += 32) {
385 if (i + 31 < plen) {
386 res = pack_key(sel, addr.data[i / 32],
387 0xFFFFFFFF, off + 4 * (i / 32), offmask);
388 if (res < 0)
389 return -1;
390 } else if (i < plen) {
391 __u32 mask = htonl(0xFFFFFFFF << (32 - (plen - i)));
392
393 res = pack_key(sel, addr.data[i / 32],
394 mask, off + 4 * (i / 32), offmask);
395 if (res < 0)
396 return -1;
397 }
398 }
399 res = 0;
400
401 *argc_p = argc;
402 *argv_p = argv;
403 return res;
404}
405
406static int parse_ip6_class(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
407{
408 int res = -1;
409 int argc = *argc_p;
410 char **argv = *argv_p;
411 __u32 key;
412 __u32 mask;
413 int off = 0;
414 int offmask = 0;
415
416 if (argc < 2)
417 return -1;
418
419 if (get_u32(&key, *argv, 0))
420 return -1;
421 argc--; argv++;
422
423 if (get_u32(&mask, *argv, 16))
424 return -1;
425 argc--; argv++;
426
427 if (key > 0xFF || mask > 0xFF)
428 return -1;
429
430 key <<= 20;
431 mask <<= 20;
432 key = htonl(key);
433 mask = htonl(mask);
434
435 res = pack_key(sel, key, mask, off, offmask);
436 if (res < 0)
437 return -1;
438
439 *argc_p = argc;
440 *argv_p = argv;
441 return 0;
442}
443
444static int parse_ether_addr(int *argc_p, char ***argv_p,
445 struct tc_u32_sel *sel, int off)
446{
447 int res = -1;
448 int argc = *argc_p;
449 char **argv = *argv_p;
450 __u8 addr[6];
451 int offmask = 0;
452 int i;
453
454 if (argc < 1)
455 return -1;
456
457 if (sscanf(*argv, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
458 addr + 0, addr + 1, addr + 2,
459 addr + 3, addr + 4, addr + 5) != 6) {
460 fprintf(stderr, "parse_ether_addr: improperly formed address '%s'\n",
461 *argv);
462 return -1;
463 }
464
465 argc--; argv++;
466 if (argc > 0 && strcmp(argv[0], "at") == 0) {
467 NEXT_ARG();
468 if (parse_at(&argc, &argv, &off, &offmask))
469 return -1;
470 }
471
472 for (i = 0; i < 6; i++) {
473 res = pack_key8(sel, addr[i], 0xFF, off + i, offmask);
474 if (res < 0)
475 return -1;
476 }
477
478 *argc_p = argc;
479 *argv_p = argv;
480 return res;
481}
482
483static int parse_ip(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
484{
485 int res = -1;
486 int argc = *argc_p;
487 char **argv = *argv_p;
488
489 if (argc < 2)
490 return -1;
491
492 if (strcmp(*argv, "src") == 0) {
493 NEXT_ARG();
494 res = parse_ip_addr(&argc, &argv, sel, 12);
495 } else if (strcmp(*argv, "dst") == 0) {
496 NEXT_ARG();
497 res = parse_ip_addr(&argc, &argv, sel, 16);
498 } else if (strcmp(*argv, "tos") == 0 ||
499 matches(*argv, "dsfield") == 0 ||
500 matches(*argv, "precedence") == 0) {
501 NEXT_ARG();
502 res = parse_u8(&argc, &argv, sel, 1, 0);
503 } else if (strcmp(*argv, "ihl") == 0) {
504 NEXT_ARG();
505 res = parse_u8(&argc, &argv, sel, 0, 0);
506 } else if (strcmp(*argv, "protocol") == 0) {
507 NEXT_ARG();
508 res = parse_u8(&argc, &argv, sel, 9, 0);
509 } else if (strcmp(*argv, "nofrag") == 0) {
510 argc--; argv++;
511 res = pack_key16(sel, 0, 0x3FFF, 6, 0);
512 } else if (strcmp(*argv, "firstfrag") == 0) {
513 argc--; argv++;
514 res = pack_key16(sel, 0x2000, 0x3FFF, 6, 0);
515 } else if (strcmp(*argv, "df") == 0) {
516 argc--; argv++;
517 res = pack_key16(sel, 0x4000, 0x4000, 6, 0);
518 } else if (strcmp(*argv, "mf") == 0) {
519 argc--; argv++;
520 res = pack_key16(sel, 0x2000, 0x2000, 6, 0);
521 } else if (strcmp(*argv, "dport") == 0) {
522 NEXT_ARG();
523 res = parse_u16(&argc, &argv, sel, 22, 0);
524 } else if (strcmp(*argv, "sport") == 0) {
525 NEXT_ARG();
526 res = parse_u16(&argc, &argv, sel, 20, 0);
527 } else if (strcmp(*argv, "icmp_type") == 0) {
528 NEXT_ARG();
529 res = parse_u8(&argc, &argv, sel, 20, 0);
530 } else if (strcmp(*argv, "icmp_code") == 0) {
531 NEXT_ARG();
532 res = parse_u8(&argc, &argv, sel, 21, 0);
533 } else
534 return -1;
535
536 *argc_p = argc;
537 *argv_p = argv;
538 return res;
539}
540
541static int parse_ip6(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
542{
543 int res = -1;
544 int argc = *argc_p;
545 char **argv = *argv_p;
546
547 if (argc < 2)
548 return -1;
549
550 if (strcmp(*argv, "src") == 0) {
551 NEXT_ARG();
552 res = parse_ip6_addr(&argc, &argv, sel, 8);
553 } else if (strcmp(*argv, "dst") == 0) {
554 NEXT_ARG();
555 res = parse_ip6_addr(&argc, &argv, sel, 24);
556 } else if (strcmp(*argv, "priority") == 0) {
557 NEXT_ARG();
558 res = parse_ip6_class(&argc, &argv, sel);
559 } else if (strcmp(*argv, "protocol") == 0) {
560 NEXT_ARG();
561 res = parse_u8(&argc, &argv, sel, 6, 0);
562 } else if (strcmp(*argv, "flowlabel") == 0) {
563 NEXT_ARG();
564 res = parse_u32(&argc, &argv, sel, 0, 0);
565 } else if (strcmp(*argv, "dport") == 0) {
566 NEXT_ARG();
567 res = parse_u16(&argc, &argv, sel, 42, 0);
568 } else if (strcmp(*argv, "sport") == 0) {
569 NEXT_ARG();
570 res = parse_u16(&argc, &argv, sel, 40, 0);
571 } else if (strcmp(*argv, "icmp_type") == 0) {
572 NEXT_ARG();
573 res = parse_u8(&argc, &argv, sel, 40, 0);
574 } else if (strcmp(*argv, "icmp_code") == 0) {
575 NEXT_ARG();
576 res = parse_u8(&argc, &argv, sel, 41, 1);
577 } else
578 return -1;
579
580 *argc_p = argc;
581 *argv_p = argv;
582 return res;
583}
584
585static int parse_ether(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
586{
587 int res = -1;
588 int argc = *argc_p;
589 char **argv = *argv_p;
590
591 if (argc < 2)
592 return -1;
593
594 if (strcmp(*argv, "src") == 0) {
595 NEXT_ARG();
596 res = parse_ether_addr(&argc, &argv, sel, -8);
597 } else if (strcmp(*argv, "dst") == 0) {
598 NEXT_ARG();
599 res = parse_ether_addr(&argc, &argv, sel, -14);
600 } else {
601 fprintf(stderr, "Unknown match: ether %s\n", *argv);
602 return -1;
603 }
604
605 *argc_p = argc;
606 *argv_p = argv;
607 return res;
608}
609
610#define parse_tcp parse_udp
611static int parse_udp(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
612{
613 int res = -1;
614 int argc = *argc_p;
615 char **argv = *argv_p;
616
617 if (argc < 2)
618 return -1;
619
620 if (strcmp(*argv, "src") == 0) {
621 NEXT_ARG();
622 res = parse_u16(&argc, &argv, sel, 0, -1);
623 } else if (strcmp(*argv, "dst") == 0) {
624 NEXT_ARG();
625 res = parse_u16(&argc, &argv, sel, 2, -1);
626 } else
627 return -1;
628
629 *argc_p = argc;
630 *argv_p = argv;
631 return res;
632}
633
634
635static int parse_icmp(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
636{
637 int res = -1;
638 int argc = *argc_p;
639 char **argv = *argv_p;
640
641 if (argc < 2)
642 return -1;
643
644 if (strcmp(*argv, "type") == 0) {
645 NEXT_ARG();
646 res = parse_u8(&argc, &argv, sel, 0, -1);
647 } else if (strcmp(*argv, "code") == 0) {
648 NEXT_ARG();
649 res = parse_u8(&argc, &argv, sel, 1, -1);
650 } else
651 return -1;
652
653 *argc_p = argc;
654 *argv_p = argv;
655 return res;
656}
657
658static int parse_mark(int *argc_p, char ***argv_p, struct nlmsghdr *n)
659{
660 int res = -1;
661 int argc = *argc_p;
662 char **argv = *argv_p;
663 struct tc_u32_mark mark;
664
665 if (argc <= 1)
666 return -1;
667
668 if (get_u32(&mark.val, *argv, 0)) {
669 fprintf(stderr, "Illegal \"mark\" value\n");
670 return -1;
671 }
672 NEXT_ARG();
673
674 if (get_u32(&mark.mask, *argv, 0)) {
675 fprintf(stderr, "Illegal \"mark\" mask\n");
676 return -1;
677 }
678 NEXT_ARG();
679
680 if ((mark.val & mark.mask) != mark.val) {
681 fprintf(stderr, "Illegal \"mark\" (impossible combination)\n");
682 return -1;
683 }
684
685 addattr_l(n, MAX_MSG, TCA_U32_MARK, &mark, sizeof(mark));
686 res = 0;
687
688 *argc_p = argc;
689 *argv_p = argv;
690 return res;
691}
692
693static int parse_selector(int *argc_p, char ***argv_p,
694 struct tc_u32_sel *sel, struct nlmsghdr *n)
695{
696 int argc = *argc_p;
697 char **argv = *argv_p;
698 int res = -1;
699
700 if (argc <= 0)
701 return -1;
702
703 if (matches(*argv, "u32") == 0) {
704 NEXT_ARG();
705 res = parse_u32(&argc, &argv, sel, 0, 0);
706 } else if (matches(*argv, "u16") == 0) {
707 NEXT_ARG();
708 res = parse_u16(&argc, &argv, sel, 0, 0);
709 } else if (matches(*argv, "u8") == 0) {
710 NEXT_ARG();
711 res = parse_u8(&argc, &argv, sel, 0, 0);
712 } else if (matches(*argv, "ip") == 0) {
713 NEXT_ARG();
714 res = parse_ip(&argc, &argv, sel);
715 } else if (matches(*argv, "ip6") == 0) {
716 NEXT_ARG();
717 res = parse_ip6(&argc, &argv, sel);
718 } else if (matches(*argv, "udp") == 0) {
719 NEXT_ARG();
720 res = parse_udp(&argc, &argv, sel);
721 } else if (matches(*argv, "tcp") == 0) {
722 NEXT_ARG();
723 res = parse_tcp(&argc, &argv, sel);
724 } else if (matches(*argv, "icmp") == 0) {
725 NEXT_ARG();
726 res = parse_icmp(&argc, &argv, sel);
727 } else if (matches(*argv, "mark") == 0) {
728 NEXT_ARG();
729 res = parse_mark(&argc, &argv, n);
730 } else if (matches(*argv, "ether") == 0) {
731 NEXT_ARG();
732 res = parse_ether(&argc, &argv, sel);
733 } else
734 return -1;
735
736 *argc_p = argc;
737 *argv_p = argv;
738 return res;
739}
740
741static int parse_offset(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
742{
743 int argc = *argc_p;
744 char **argv = *argv_p;
745
746 while (argc > 0) {
747 if (matches(*argv, "plus") == 0) {
748 int off;
749
750 NEXT_ARG();
751 if (get_integer(&off, *argv, 0))
752 return -1;
753 sel->off = off;
754 sel->flags |= TC_U32_OFFSET;
755 } else if (matches(*argv, "at") == 0) {
756 int off;
757
758 NEXT_ARG();
759 if (get_integer(&off, *argv, 0))
760 return -1;
761 sel->offoff = off;
762 if (off%2) {
763 fprintf(stderr, "offset \"at\" must be even\n");
764 return -1;
765 }
766 sel->flags |= TC_U32_VAROFFSET;
767 } else if (matches(*argv, "mask") == 0) {
768 NEXT_ARG();
769 if (get_be16(&sel->offmask, *argv, 16))
770 return -1;
771 sel->flags |= TC_U32_VAROFFSET;
772 } else if (matches(*argv, "shift") == 0) {
773 int shift;
774
775 NEXT_ARG();
776 if (get_integer(&shift, *argv, 0))
777 return -1;
778 sel->offshift = shift;
779 sel->flags |= TC_U32_VAROFFSET;
780 } else if (matches(*argv, "eat") == 0) {
781 sel->flags |= TC_U32_EAT;
782 } else {
783 break;
784 }
785 argc--; argv++;
786 }
787
788 *argc_p = argc;
789 *argv_p = argv;
790 return 0;
791}
792
793static int parse_hashkey(int *argc_p, char ***argv_p, struct tc_u32_sel *sel)
794{
795 int argc = *argc_p;
796 char **argv = *argv_p;
797
798 while (argc > 0) {
799 if (matches(*argv, "mask") == 0) {
800 NEXT_ARG();
801 if (get_be32(&sel->hmask, *argv, 16))
802 return -1;
803 } else if (matches(*argv, "at") == 0) {
804 int num;
805
806 NEXT_ARG();
807 if (get_integer(&num, *argv, 0))
808 return -1;
809 if (num%4)
810 return -1;
811 sel->hoff = num;
812 } else {
813 break;
814 }
815 argc--; argv++;
816 }
817
818 *argc_p = argc;
819 *argv_p = argv;
820 return 0;
821}
822
823static void print_ipv4(FILE *f, const struct tc_u32_key *key)
824{
825 char abuf[256];
826
827 switch (key->off) {
828 case 0:
829 switch (ntohl(key->mask)) {
830 case 0x0f000000:
831 fprintf(f, "\n match IP ihl %u",
832 ntohl(key->val) >> 24);
833 return;
834 case 0x00ff0000:
835 fprintf(f, "\n match IP dsfield %#x",
836 ntohl(key->val) >> 16);
837 return;
838 }
839 break;
840 case 8:
841 if (ntohl(key->mask) == 0x00ff0000) {
842 fprintf(f, "\n match IP protocol %d",
843 ntohl(key->val) >> 16);
844 return;
845 }
846 break;
847 case 12:
848 case 16: {
849 int bits = mask2bits(key->mask);
850
851 if (bits >= 0) {
852 fprintf(f, "\n %s %s/%d",
853 key->off == 12 ? "match IP src" : "match IP dst",
854 inet_ntop(AF_INET, &key->val,
855 abuf, sizeof(abuf)),
856 bits);
857 return;
858 }
859 }
860 break;
861
862 case 20:
863 switch (ntohl(key->mask)) {
864 case 0x0000ffff:
865 fprintf(f, "\n match dport %u",
866 ntohl(key->val) & 0xffff);
867 return;
868 case 0xffff0000:
869 fprintf(f, "\n match sport %u",
870 ntohl(key->val) >> 16);
871 return;
872 case 0xffffffff:
873 fprintf(f, "\n match dport %u, match sport %u",
874 ntohl(key->val) & 0xffff,
875 ntohl(key->val) >> 16);
876
877 return;
878 }
879
880 }
881}
882
883static void print_ipv6(FILE *f, const struct tc_u32_key *key)
884{
885 char abuf[256];
886
887 switch (key->off) {
888 case 0:
889 switch (ntohl(key->mask)) {
890 case 0x0f000000:
891 fprintf(f, "\n match IP ihl %u",
892 ntohl(key->val) >> 24);
893 return;
894 case 0x00ff0000:
895 fprintf(f, "\n match IP dsfield %#x",
896 ntohl(key->val) >> 16);
897 return;
898 }
899 break;
900 case 8:
901 if (ntohl(key->mask) == 0x00ff0000) {
902 fprintf(f, "\n match IP protocol %d",
903 ntohl(key->val) >> 16);
904 return;
905 }
906 break;
907 case 12:
908 case 16: {
909 int bits = mask2bits(key->mask);
910
911 if (bits >= 0) {
912 fprintf(f, "\n %s %s/%d",
913 key->off == 12 ? "match IP src" : "match IP dst",
914 inet_ntop(AF_INET, &key->val,
915 abuf, sizeof(abuf)),
916 bits);
917 return;
918 }
919 }
920 break;
921
922 case 20:
923 switch (ntohl(key->mask)) {
924 case 0x0000ffff:
925 fprintf(f, "\n match sport %u",
926 ntohl(key->val) & 0xffff);
927 return;
928 case 0xffff0000:
929 fprintf(f, "\n match dport %u",
930 ntohl(key->val) >> 16);
931 return;
932 case 0xffffffff:
933 fprintf(f, "\n match sport %u, match dport %u",
934 ntohl(key->val) & 0xffff,
935 ntohl(key->val) >> 16);
936
937 return;
938 }
939
940 }
941}
942
943static void print_raw(FILE *f, const struct tc_u32_key *key)
944{
945 fprintf(f, "\n match %08x/%08x at %s%d",
946 (unsigned int)ntohl(key->val),
947 (unsigned int)ntohl(key->mask),
948 key->offmask ? "nexthdr+" : "",
949 key->off);
950}
951
952static const struct {
953 __u16 proto;
954 __u16 pad;
955 void (*pprinter)(FILE *f, const struct tc_u32_key *key);
956} u32_pprinters[] = {
957 {0, 0, print_raw},
958 {ETH_P_IP, 0, print_ipv4},
959 {ETH_P_IPV6, 0, print_ipv6},
960};
961
962static void show_keys(FILE *f, const struct tc_u32_key *key)
963{
964 int i = 0;
965
966 if (!pretty)
967 goto show_k;
968
969 for (i = 0; i < ARRAY_SIZE(u32_pprinters); i++) {
970 if (u32_pprinters[i].proto == ntohs(f_proto)) {
971show_k:
972 u32_pprinters[i].pprinter(f, key);
973 return;
974 }
975 }
976
977 i = 0;
978 goto show_k;
979}
980
981static __u32 u32_hash_fold(struct tc_u32_key *key)
982{
983 __u8 fshift = key->mask ? ffs(ntohl(key->mask)) - 1 : 0;
984
985 return ntohl(key->val & key->mask) >> fshift;
986}
987
988static int u32_parse_opt(struct filter_util *qu, char *handle,
989 int argc, char **argv, struct nlmsghdr *n)
990{
991 struct {
992 struct tc_u32_sel sel;
993 struct tc_u32_key keys[128];
994 } sel = {};
995 struct tcmsg *t = NLMSG_DATA(n);
996 struct rtattr *tail;
997 int sel_ok = 0, terminal_ok = 0;
998 int sample_ok = 0;
999 __u32 htid = 0;
1000 __u32 order = 0;
1001 __u32 flags = 0;
1002
1003 if (handle && get_u32_handle(&t->tcm_handle, handle)) {
1004 fprintf(stderr, "Illegal filter ID\n");
1005 return -1;
1006 }
1007
1008 if (argc == 0)
1009 return 0;
1010
1011 tail = addattr_nest(n, MAX_MSG, TCA_OPTIONS);
1012
1013 while (argc > 0) {
1014 if (matches(*argv, "match") == 0) {
1015 NEXT_ARG();
1016 if (parse_selector(&argc, &argv, &sel.sel, n)) {
1017 fprintf(stderr, "Illegal \"match\"\n");
1018 return -1;
1019 }
1020 sel_ok++;
1021 continue;
1022 } else if (matches(*argv, "offset") == 0) {
1023 NEXT_ARG();
1024 if (parse_offset(&argc, &argv, &sel.sel)) {
1025 fprintf(stderr, "Illegal \"offset\"\n");
1026 return -1;
1027 }
1028 continue;
1029 } else if (matches(*argv, "hashkey") == 0) {
1030 NEXT_ARG();
1031 if (parse_hashkey(&argc, &argv, &sel.sel)) {
1032 fprintf(stderr, "Illegal \"hashkey\"\n");
1033 return -1;
1034 }
1035 continue;
1036 } else if (matches(*argv, "classid") == 0 ||
1037 strcmp(*argv, "flowid") == 0) {
1038 unsigned int flowid;
1039
1040 NEXT_ARG();
1041 if (get_tc_classid(&flowid, *argv)) {
1042 fprintf(stderr, "Illegal \"classid\"\n");
1043 return -1;
1044 }
1045 addattr_l(n, MAX_MSG, TCA_U32_CLASSID, &flowid, 4);
1046 sel.sel.flags |= TC_U32_TERMINAL;
1047 } else if (matches(*argv, "divisor") == 0) {
1048 unsigned int divisor;
1049
1050 NEXT_ARG();
1051 if (get_unsigned(&divisor, *argv, 0) ||
1052 divisor == 0 ||
1053 divisor > 0x100 || ((divisor - 1) & divisor)) {
1054 fprintf(stderr, "Illegal \"divisor\"\n");
1055 return -1;
1056 }
1057 addattr_l(n, MAX_MSG, TCA_U32_DIVISOR, &divisor, 4);
1058 } else if (matches(*argv, "order") == 0) {
1059 NEXT_ARG();
1060 if (get_u32(&order, *argv, 0)) {
1061 fprintf(stderr, "Illegal \"order\"\n");
1062 return -1;
1063 }
1064 } else if (strcmp(*argv, "link") == 0) {
1065 unsigned int linkid;
1066
1067 NEXT_ARG();
1068 if (get_u32_handle(&linkid, *argv)) {
1069 fprintf(stderr, "Illegal \"link\"\n");
1070 return -1;
1071 }
1072 if (linkid && TC_U32_NODE(linkid)) {
1073 fprintf(stderr, "\"link\" must be a hash table.\n");
1074 return -1;
1075 }
1076 addattr_l(n, MAX_MSG, TCA_U32_LINK, &linkid, 4);
1077 } else if (strcmp(*argv, "ht") == 0) {
1078 unsigned int ht;
1079
1080 NEXT_ARG();
1081 if (get_u32_handle(&ht, *argv)) {
1082 fprintf(stderr, "Illegal \"ht\"\n");
1083 return -1;
1084 }
1085 if (handle && TC_U32_NODE(ht)) {
1086 fprintf(stderr, "\"ht\" must be a hash table.\n");
1087 return -1;
1088 }
1089 if (sample_ok)
1090 htid = (htid & 0xFF000) | (ht & 0xFFF00000);
1091 else
1092 htid = (ht & 0xFFFFF000);
1093 } else if (strcmp(*argv, "sample") == 0) {
1094 __u32 hash;
1095 unsigned int divisor = 0x100;
1096 struct {
1097 struct tc_u32_sel sel;
1098 struct tc_u32_key keys[4];
1099 } sel2 = {};
1100
1101 NEXT_ARG();
1102 if (parse_selector(&argc, &argv, &sel2.sel, n)) {
1103 fprintf(stderr, "Illegal \"sample\"\n");
1104 return -1;
1105 }
1106 if (sel2.sel.nkeys != 1) {
1107 fprintf(stderr, "\"sample\" must contain exactly ONE key.\n");
1108 return -1;
1109 }
1110 if (*argv != 0 && strcmp(*argv, "divisor") == 0) {
1111 NEXT_ARG();
1112 if (get_unsigned(&divisor, *argv, 0) ||
1113 divisor == 0 || divisor > 0x100 ||
1114 ((divisor - 1) & divisor)) {
1115 fprintf(stderr, "Illegal sample \"divisor\"\n");
1116 return -1;
1117 }
1118 NEXT_ARG();
1119 }
1120 hash = u32_hash_fold(&sel2.keys[0]);
1121 htid = ((hash % divisor) << 12) | (htid & 0xFFF00000);
1122 sample_ok = 1;
1123 continue;
1124 } else if (strcmp(*argv, "indev") == 0) {
1125 char ind[IFNAMSIZ + 1] = {};
1126
1127 argc--;
1128 argv++;
1129 if (argc < 1) {
1130 fprintf(stderr, "Illegal indev\n");
1131 return -1;
1132 }
1133 strncpy(ind, *argv, sizeof(ind) - 1);
1134 addattr_l(n, MAX_MSG, TCA_U32_INDEV, ind,
1135 strlen(ind) + 1);
1136
1137 } else if (matches(*argv, "action") == 0) {
1138 NEXT_ARG();
1139 if (parse_action(&argc, &argv, TCA_U32_ACT, n)) {
1140 fprintf(stderr, "Illegal \"action\"\n");
1141 return -1;
1142 }
1143 terminal_ok++;
1144 continue;
1145
1146 } else if (matches(*argv, "police") == 0) {
1147 NEXT_ARG();
1148 if (parse_police(&argc, &argv, TCA_U32_POLICE, n)) {
1149 fprintf(stderr, "Illegal \"police\"\n");
1150 return -1;
1151 }
1152 terminal_ok++;
1153 continue;
1154 } else if (strcmp(*argv, "skip_hw") == 0) {
1155 flags |= TCA_CLS_FLAGS_SKIP_HW;
1156 } else if (strcmp(*argv, "skip_sw") == 0) {
1157 flags |= TCA_CLS_FLAGS_SKIP_SW;
1158 } else if (strcmp(*argv, "help") == 0) {
1159 explain();
1160 return -1;
1161 } else {
1162 fprintf(stderr, "What is \"%s\"?\n", *argv);
1163 explain();
1164 return -1;
1165 }
1166 argc--; argv++;
1167 }
1168
1169
1170 if (terminal_ok)
1171 sel.sel.flags |= TC_U32_TERMINAL;
1172
1173 if (order) {
1174 if (TC_U32_NODE(t->tcm_handle) &&
1175 order != TC_U32_NODE(t->tcm_handle)) {
1176 fprintf(stderr, "\"order\" contradicts \"handle\"\n");
1177 return -1;
1178 }
1179 t->tcm_handle |= order;
1180 }
1181
1182 if (htid)
1183 addattr_l(n, MAX_MSG, TCA_U32_HASH, &htid, 4);
1184 if (sel_ok)
1185 addattr_l(n, MAX_MSG, TCA_U32_SEL, &sel,
1186 sizeof(sel.sel) +
1187 sel.sel.nkeys * sizeof(struct tc_u32_key));
1188 if (flags) {
1189 if (!(flags ^ (TCA_CLS_FLAGS_SKIP_HW |
1190 TCA_CLS_FLAGS_SKIP_SW))) {
1191 fprintf(stderr,
1192 "skip_hw and skip_sw are mutually exclusive\n");
1193 return -1;
1194 }
1195 addattr_l(n, MAX_MSG, TCA_U32_FLAGS, &flags, 4);
1196 }
1197
1198 addattr_nest_end(n, tail);
1199 return 0;
1200}
1201
1202static int u32_print_opt(struct filter_util *qu, FILE *f, struct rtattr *opt,
1203 __u32 handle)
1204{
1205 struct rtattr *tb[TCA_U32_MAX + 1];
1206 struct tc_u32_sel *sel = NULL;
1207 struct tc_u32_pcnt *pf = NULL;
1208
1209 if (opt == NULL)
1210 return 0;
1211
1212 parse_rtattr_nested(tb, TCA_U32_MAX, opt);
1213
1214 if (handle) {
1215 SPRINT_BUF(b1);
1216 fprintf(f, "fh %s ", sprint_u32_handle(handle, b1));
1217 }
1218
1219 if (TC_U32_NODE(handle))
1220 fprintf(f, "order %d ", TC_U32_NODE(handle));
1221
1222 if (tb[TCA_U32_SEL]) {
1223 if (RTA_PAYLOAD(tb[TCA_U32_SEL]) < sizeof(*sel))
1224 return -1;
1225
1226 sel = RTA_DATA(tb[TCA_U32_SEL]);
1227 }
1228
1229 if (tb[TCA_U32_DIVISOR]) {
1230 fprintf(f, "ht divisor %d ",
1231 rta_getattr_u32(tb[TCA_U32_DIVISOR]));
1232 } else if (tb[TCA_U32_HASH]) {
1233 __u32 htid = rta_getattr_u32(tb[TCA_U32_HASH]);
1234
1235 fprintf(f, "key ht %x bkt %x ", TC_U32_USERHTID(htid),
1236 TC_U32_HASH(htid));
1237 } else {
1238 fprintf(f, "??? ");
1239 }
1240 if (tb[TCA_U32_CLASSID]) {
1241 SPRINT_BUF(b1);
1242 fprintf(f, "%sflowid %s ",
1243 !sel || !(sel->flags & TC_U32_TERMINAL) ? "*" : "",
1244 sprint_tc_classid(rta_getattr_u32(tb[TCA_U32_CLASSID]),
1245 b1));
1246 } else if (sel && sel->flags & TC_U32_TERMINAL) {
1247 fprintf(f, "terminal flowid ??? ");
1248 }
1249 if (tb[TCA_U32_LINK]) {
1250 SPRINT_BUF(b1);
1251 fprintf(f, "link %s ",
1252 sprint_u32_handle(rta_getattr_u32(tb[TCA_U32_LINK]),
1253 b1));
1254 }
1255
1256 if (tb[TCA_U32_FLAGS]) {
1257 __u32 flags = rta_getattr_u32(tb[TCA_U32_FLAGS]);
1258
1259 if (flags & TCA_CLS_FLAGS_SKIP_HW)
1260 fprintf(f, "skip_hw ");
1261 if (flags & TCA_CLS_FLAGS_SKIP_SW)
1262 fprintf(f, "skip_sw ");
1263
1264 if (flags & TCA_CLS_FLAGS_IN_HW)
1265 fprintf(f, "in_hw ");
1266 else if (flags & TCA_CLS_FLAGS_NOT_IN_HW)
1267 fprintf(f, "not_in_hw ");
1268 }
1269
1270 if (tb[TCA_U32_PCNT]) {
1271 if (RTA_PAYLOAD(tb[TCA_U32_PCNT]) < sizeof(*pf)) {
1272 fprintf(f, "Broken perf counters\n");
1273 return -1;
1274 }
1275 pf = RTA_DATA(tb[TCA_U32_PCNT]);
1276 }
1277
1278 if (sel && show_stats && NULL != pf)
1279 fprintf(f, " (rule hit %llu success %llu)",
1280 (unsigned long long) pf->rcnt,
1281 (unsigned long long) pf->rhit);
1282
1283 if (tb[TCA_U32_MARK]) {
1284 struct tc_u32_mark *mark = RTA_DATA(tb[TCA_U32_MARK]);
1285
1286 if (RTA_PAYLOAD(tb[TCA_U32_MARK]) < sizeof(*mark)) {
1287 fprintf(f, "\n Invalid mark (kernel&iproute2 mismatch)\n");
1288 } else {
1289 fprintf(f, "\n mark 0x%04x 0x%04x (success %d)",
1290 mark->val, mark->mask, mark->success);
1291 }
1292 }
1293
1294 if (sel) {
1295 if (sel->nkeys) {
1296 int i;
1297
1298 for (i = 0; i < sel->nkeys; i++) {
1299 show_keys(f, sel->keys + i);
1300 if (show_stats && NULL != pf)
1301 fprintf(f, " (success %llu ) ",
1302 (unsigned long long) pf->kcnts[i]);
1303 }
1304 }
1305
1306 if (sel->flags & (TC_U32_VAROFFSET | TC_U32_OFFSET)) {
1307 fprintf(f, "\n offset ");
1308 if (sel->flags & TC_U32_VAROFFSET)
1309 fprintf(f, "%04x>>%d at %d ",
1310 ntohs(sel->offmask),
1311 sel->offshift, sel->offoff);
1312 if (sel->off)
1313 fprintf(f, "plus %d ", sel->off);
1314 }
1315 if (sel->flags & TC_U32_EAT)
1316 fprintf(f, " eat ");
1317
1318 if (sel->hmask) {
1319 fprintf(f, "\n hash mask %08x at %d ",
1320 (unsigned int)htonl(sel->hmask), sel->hoff);
1321 }
1322 }
1323
1324 if (tb[TCA_U32_POLICE]) {
1325 fprintf(f, "\n");
1326 tc_print_police(f, tb[TCA_U32_POLICE]);
1327 }
1328
1329 if (tb[TCA_U32_INDEV]) {
1330 struct rtattr *idev = tb[TCA_U32_INDEV];
1331
1332 fprintf(f, "\n input dev %s\n", rta_getattr_str(idev));
1333 }
1334
1335 if (tb[TCA_U32_ACT])
1336 tc_print_action(f, tb[TCA_U32_ACT], 0);
1337
1338 return 0;
1339}
1340
1341struct filter_util u32_filter_util = {
1342 .id = "u32",
1343 .parse_fopt = u32_parse_opt,
1344 .print_fopt = u32_print_opt,
1345};
1346