1
2
3
4
5
6
7
8
9
10
11#include <stdio.h>
12#include <stdlib.h>
13#include <unistd.h>
14#include <string.h>
15#include <errno.h>
16
17#include "utils.h"
18#include "tc_util.h"
19#include "m_ematch.h"
20
21static void explain(void)
22{
23 fprintf(stderr,
24 "Usage: ... flow ...\n"
25 "\n"
26 " [mapping mode]: map key KEY [ OPS ] ...\n"
27 " [hashing mode]: hash keys KEY-LIST ... [ perturb SECS ]\n"
28 "\n"
29 " [ divisor NUM ] [ baseclass ID ] [ match EMATCH_TREE ]\n"
30 " [ action ACTION_SPEC ]\n"
31 "\n"
32 "KEY-LIST := [ KEY-LIST , ] KEY\n"
33 "KEY := [ src | dst | proto | proto-src | proto-dst | iif | priority |\n"
34 " mark | nfct | nfct-src | nfct-dst | nfct-proto-src |\n"
35 " nfct-proto-dst | rt-classid | sk-uid | sk-gid |\n"
36 " vlan-tag | rxhash ]\n"
37 "OPS := [ or NUM | and NUM | xor NUM | rshift NUM | addend NUM ]\n"
38 "ID := X:Y\n"
39 );
40}
41
42static const char *flow_keys[FLOW_KEY_MAX+1] = {
43 [FLOW_KEY_SRC] = "src",
44 [FLOW_KEY_DST] = "dst",
45 [FLOW_KEY_PROTO] = "proto",
46 [FLOW_KEY_PROTO_SRC] = "proto-src",
47 [FLOW_KEY_PROTO_DST] = "proto-dst",
48 [FLOW_KEY_IIF] = "iif",
49 [FLOW_KEY_PRIORITY] = "priority",
50 [FLOW_KEY_MARK] = "mark",
51 [FLOW_KEY_NFCT] = "nfct",
52 [FLOW_KEY_NFCT_SRC] = "nfct-src",
53 [FLOW_KEY_NFCT_DST] = "nfct-dst",
54 [FLOW_KEY_NFCT_PROTO_SRC] = "nfct-proto-src",
55 [FLOW_KEY_NFCT_PROTO_DST] = "nfct-proto-dst",
56 [FLOW_KEY_RTCLASSID] = "rt-classid",
57 [FLOW_KEY_SKUID] = "sk-uid",
58 [FLOW_KEY_SKGID] = "sk-gid",
59 [FLOW_KEY_VLAN_TAG] = "vlan-tag",
60 [FLOW_KEY_RXHASH] = "rxhash",
61};
62
63static int flow_parse_keys(__u32 *keys, __u32 *nkeys, char *argv)
64{
65 char *s, *sep;
66 unsigned int i;
67
68 *keys = 0;
69 *nkeys = 0;
70 s = argv;
71 while (s != NULL) {
72 sep = strchr(s, ',');
73 if (sep)
74 *sep = '\0';
75
76 for (i = 0; i <= FLOW_KEY_MAX; i++) {
77 if (matches(s, flow_keys[i]) == 0) {
78 *keys |= 1 << i;
79 (*nkeys)++;
80 break;
81 }
82 }
83 if (i > FLOW_KEY_MAX) {
84 fprintf(stderr, "Unknown flow key \"%s\"\n", s);
85 return -1;
86 }
87 s = sep ? sep + 1 : NULL;
88 }
89 return 0;
90}
91
92static void transfer_bitop(__u32 *mask, __u32 *xor, __u32 m, __u32 x)
93{
94 *xor = x ^ (*xor & m);
95 *mask &= m;
96}
97
98static int get_addend(__u32 *addend, char *argv, __u32 keys)
99{
100 inet_prefix addr;
101 int sign = 0;
102 __u32 tmp;
103
104 if (*argv == '-') {
105 sign = 1;
106 argv++;
107 }
108
109 if (get_u32(&tmp, argv, 0) == 0)
110 goto out;
111
112 if (keys & (FLOW_KEY_SRC | FLOW_KEY_DST |
113 FLOW_KEY_NFCT_SRC | FLOW_KEY_NFCT_DST) &&
114 get_addr(&addr, argv, AF_UNSPEC) == 0) {
115 switch (addr.family) {
116 case AF_INET:
117 tmp = ntohl(addr.data[0]);
118 goto out;
119 case AF_INET6:
120 tmp = ntohl(addr.data[3]);
121 goto out;
122 }
123 }
124
125 return -1;
126out:
127 if (sign)
128 tmp = -tmp;
129 *addend = tmp;
130 return 0;
131}
132
133static int flow_parse_opt(struct filter_util *fu, char *handle,
134 int argc, char **argv, struct nlmsghdr *n)
135{
136 struct tcmsg *t = NLMSG_DATA(n);
137 struct rtattr *tail;
138 __u32 mask = ~0U, xor = 0;
139 __u32 keys = 0, nkeys = 0;
140 __u32 mode = FLOW_MODE_MAP;
141 __u32 tmp;
142
143 if (handle) {
144 if (get_u32(&t->tcm_handle, handle, 0)) {
145 fprintf(stderr, "Illegal \"handle\"\n");
146 return -1;
147 }
148 }
149
150 tail = addattr_nest(n, 4096, TCA_OPTIONS);
151
152 while (argc > 0) {
153 if (matches(*argv, "map") == 0) {
154 mode = FLOW_MODE_MAP;
155 } else if (matches(*argv, "hash") == 0) {
156 mode = FLOW_MODE_HASH;
157 } else if (matches(*argv, "keys") == 0) {
158 NEXT_ARG();
159 if (flow_parse_keys(&keys, &nkeys, *argv))
160 return -1;
161 addattr32(n, 4096, TCA_FLOW_KEYS, keys);
162 } else if (matches(*argv, "and") == 0) {
163 NEXT_ARG();
164 if (get_u32(&tmp, *argv, 0)) {
165 fprintf(stderr, "Illegal \"mask\"\n");
166 return -1;
167 }
168 transfer_bitop(&mask, &xor, tmp, 0);
169 } else if (matches(*argv, "or") == 0) {
170 NEXT_ARG();
171 if (get_u32(&tmp, *argv, 0)) {
172 fprintf(stderr, "Illegal \"or\"\n");
173 return -1;
174 }
175 transfer_bitop(&mask, &xor, ~tmp, tmp);
176 } else if (matches(*argv, "xor") == 0) {
177 NEXT_ARG();
178 if (get_u32(&tmp, *argv, 0)) {
179 fprintf(stderr, "Illegal \"xor\"\n");
180 return -1;
181 }
182 transfer_bitop(&mask, &xor, ~0, tmp);
183 } else if (matches(*argv, "rshift") == 0) {
184 NEXT_ARG();
185 if (get_u32(&tmp, *argv, 0)) {
186 fprintf(stderr, "Illegal \"rshift\"\n");
187 return -1;
188 }
189 addattr32(n, 4096, TCA_FLOW_RSHIFT, tmp);
190 } else if (matches(*argv, "addend") == 0) {
191 NEXT_ARG();
192 if (get_addend(&tmp, *argv, keys)) {
193 fprintf(stderr, "Illegal \"addend\"\n");
194 return -1;
195 }
196 addattr32(n, 4096, TCA_FLOW_ADDEND, tmp);
197 } else if (matches(*argv, "divisor") == 0) {
198 NEXT_ARG();
199 if (get_u32(&tmp, *argv, 0)) {
200 fprintf(stderr, "Illegal \"divisor\"\n");
201 return -1;
202 }
203 addattr32(n, 4096, TCA_FLOW_DIVISOR, tmp);
204 } else if (matches(*argv, "baseclass") == 0) {
205 NEXT_ARG();
206 if (get_tc_classid(&tmp, *argv) || TC_H_MIN(tmp) == 0) {
207 fprintf(stderr, "Illegal \"baseclass\"\n");
208 return -1;
209 }
210 addattr32(n, 4096, TCA_FLOW_BASECLASS, tmp);
211 } else if (matches(*argv, "perturb") == 0) {
212 NEXT_ARG();
213 if (get_u32(&tmp, *argv, 0)) {
214 fprintf(stderr, "Illegal \"perturb\"\n");
215 return -1;
216 }
217 addattr32(n, 4096, TCA_FLOW_PERTURB, tmp);
218 } else if (matches(*argv, "police") == 0) {
219 NEXT_ARG();
220 if (parse_police(&argc, &argv, TCA_FLOW_POLICE, n)) {
221 fprintf(stderr, "Illegal \"police\"\n");
222 return -1;
223 }
224 continue;
225 } else if (matches(*argv, "action") == 0) {
226 NEXT_ARG();
227 if (parse_action(&argc, &argv, TCA_FLOW_ACT, n)) {
228 fprintf(stderr, "Illegal \"action\"\n");
229 return -1;
230 }
231 continue;
232 } else if (matches(*argv, "match") == 0) {
233 NEXT_ARG();
234 if (parse_ematch(&argc, &argv, TCA_FLOW_EMATCHES, n)) {
235 fprintf(stderr, "Illegal \"ematch\"\n");
236 return -1;
237 }
238 continue;
239 } else if (matches(*argv, "help") == 0) {
240 explain();
241 return -1;
242 } else {
243 fprintf(stderr, "What is \"%s\"?\n", *argv);
244 explain();
245 return -1;
246 }
247 argv++, argc--;
248 }
249
250 if (nkeys > 1 && mode != FLOW_MODE_HASH) {
251 fprintf(stderr, "Invalid mode \"map\" for multiple keys\n");
252 return -1;
253 }
254 addattr32(n, 4096, TCA_FLOW_MODE, mode);
255
256 if (mask != ~0 || xor != 0) {
257 addattr32(n, 4096, TCA_FLOW_MASK, mask);
258 addattr32(n, 4096, TCA_FLOW_XOR, xor);
259 }
260
261 addattr_nest_end(n, tail);
262 return 0;
263}
264
265static int flow_print_opt(struct filter_util *fu, FILE *f, struct rtattr *opt,
266 __u32 handle)
267{
268 struct rtattr *tb[TCA_FLOW_MAX+1];
269
270 SPRINT_BUF(b1);
271 unsigned int i;
272 __u32 mask = ~0, val = 0;
273
274 if (opt == NULL)
275 return -EINVAL;
276
277 parse_rtattr_nested(tb, TCA_FLOW_MAX, opt);
278
279 fprintf(f, "handle 0x%x ", handle);
280
281 if (tb[TCA_FLOW_MODE]) {
282 __u32 mode = rta_getattr_u32(tb[TCA_FLOW_MODE]);
283
284 switch (mode) {
285 case FLOW_MODE_MAP:
286 fprintf(f, "map ");
287 break;
288 case FLOW_MODE_HASH:
289 fprintf(f, "hash ");
290 break;
291 }
292 }
293
294 if (tb[TCA_FLOW_KEYS]) {
295 __u32 keymask = rta_getattr_u32(tb[TCA_FLOW_KEYS]);
296 char *sep = "";
297
298 fprintf(f, "keys ");
299 for (i = 0; i <= FLOW_KEY_MAX; i++) {
300 if (keymask & (1 << i)) {
301 fprintf(f, "%s%s", sep, flow_keys[i]);
302 sep = ",";
303 }
304 }
305 fprintf(f, " ");
306 }
307
308 if (tb[TCA_FLOW_MASK])
309 mask = rta_getattr_u32(tb[TCA_FLOW_MASK]);
310 if (tb[TCA_FLOW_XOR])
311 val = rta_getattr_u32(tb[TCA_FLOW_XOR]);
312
313 if (mask != ~0 || val != 0) {
314 __u32 or = (mask & val) ^ val;
315 __u32 xor = mask & val;
316
317 if (mask != ~0)
318 fprintf(f, "and 0x%.8x ", mask);
319 if (xor != 0)
320 fprintf(f, "xor 0x%.8x ", xor);
321 if (or != 0)
322 fprintf(f, "or 0x%.8x ", or);
323 }
324
325 if (tb[TCA_FLOW_RSHIFT])
326 fprintf(f, "rshift %u ",
327 rta_getattr_u32(tb[TCA_FLOW_RSHIFT]));
328 if (tb[TCA_FLOW_ADDEND])
329 fprintf(f, "addend 0x%x ",
330 rta_getattr_u32(tb[TCA_FLOW_ADDEND]));
331
332 if (tb[TCA_FLOW_DIVISOR])
333 fprintf(f, "divisor %u ",
334 rta_getattr_u32(tb[TCA_FLOW_DIVISOR]));
335 if (tb[TCA_FLOW_BASECLASS])
336 fprintf(f, "baseclass %s ",
337 sprint_tc_classid(rta_getattr_u32(tb[TCA_FLOW_BASECLASS]), b1));
338
339 if (tb[TCA_FLOW_PERTURB])
340 fprintf(f, "perturb %usec ",
341 rta_getattr_u32(tb[TCA_FLOW_PERTURB]));
342
343 if (tb[TCA_FLOW_EMATCHES])
344 print_ematch(f, tb[TCA_FLOW_EMATCHES]);
345 if (tb[TCA_FLOW_POLICE])
346 tc_print_police(f, tb[TCA_FLOW_POLICE]);
347 if (tb[TCA_FLOW_ACT]) {
348 fprintf(f, "\n");
349 tc_print_action(f, tb[TCA_FLOW_ACT], 0);
350 }
351 return 0;
352}
353
354struct filter_util flow_filter_util = {
355 .id = "flow",
356 .parse_fopt = flow_parse_opt,
357 .print_fopt = flow_print_opt,
358};
359