Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 1 | /* |
| 2 | * f_flow.c Flow filter |
| 3 | * |
Stephen Hemminger | 3d0b743 | 2014-12-20 15:47:17 -0800 | [diff] [blame] | 4 | * This program is free software; you can redistribute it and/or |
| 5 | * modify it under the terms of the GNU General Public License |
| 6 | * as published by the Free Software Foundation; either version |
| 7 | * 2 of the License, or (at your option) any later version. |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 8 | * |
| 9 | * Authors: Patrick McHardy <kaber@trash.net> |
| 10 | */ |
| 11 | #include <stdio.h> |
| 12 | #include <stdlib.h> |
| 13 | #include <unistd.h> |
| 14 | #include <string.h> |
| 15 | #include <errno.h> |
| 16 | |
| 17 | #include "utils.h" |
| 18 | #include "tc_util.h" |
| 19 | #include "m_ematch.h" |
| 20 | |
| 21 | static void explain(void) |
| 22 | { |
| 23 | fprintf(stderr, |
| 24 | "Usage: ... flow ...\n" |
| 25 | "\n" |
| 26 | " [mapping mode]: map key KEY [ OPS ] ...\n" |
Patrick McHardy | 8795394 | 2008-07-14 14:42:48 +0200 | [diff] [blame] | 27 | " [hashing mode]: hash keys KEY-LIST ... [ perturb SECS ]\n" |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 28 | "\n" |
| 29 | " [ divisor NUM ] [ baseclass ID ] [ match EMATCH_TREE ]\n" |
Jamal Hadi Salim | 863ecb0 | 2014-10-06 07:41:21 -0400 | [diff] [blame] | 30 | " [ action ACTION_SPEC ]\n" |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 31 | "\n" |
| 32 | "KEY-LIST := [ KEY-LIST , ] KEY\n" |
Stephen Hemminger | 32a121c | 2016-03-21 11:48:36 -0700 | [diff] [blame] | 33 | "KEY := [ src | dst | proto | proto-src | proto-dst | iif | priority |\n" |
| 34 | " mark | nfct | nfct-src | nfct-dst | nfct-proto-src |\n" |
Patrick McHardy | 66862d3 | 2008-02-05 15:31:53 +0100 | [diff] [blame] | 35 | " nfct-proto-dst | rt-classid | sk-uid | sk-gid |\n" |
Changli Gao | 7162c92 | 2010-08-21 06:30:01 +0000 | [diff] [blame] | 36 | " vlan-tag | rxhash ]\n" |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 37 | "OPS := [ or NUM | and NUM | xor NUM | rshift NUM | addend NUM ]\n" |
| 38 | "ID := X:Y\n" |
| 39 | ); |
| 40 | } |
| 41 | |
| 42 | static const char *flow_keys[FLOW_KEY_MAX+1] = { |
| 43 | [FLOW_KEY_SRC] = "src", |
| 44 | [FLOW_KEY_DST] = "dst", |
| 45 | [FLOW_KEY_PROTO] = "proto", |
| 46 | [FLOW_KEY_PROTO_SRC] = "proto-src", |
| 47 | [FLOW_KEY_PROTO_DST] = "proto-dst", |
| 48 | [FLOW_KEY_IIF] = "iif", |
| 49 | [FLOW_KEY_PRIORITY] = "priority", |
| 50 | [FLOW_KEY_MARK] = "mark", |
| 51 | [FLOW_KEY_NFCT] = "nfct", |
| 52 | [FLOW_KEY_NFCT_SRC] = "nfct-src", |
| 53 | [FLOW_KEY_NFCT_DST] = "nfct-dst", |
| 54 | [FLOW_KEY_NFCT_PROTO_SRC] = "nfct-proto-src", |
| 55 | [FLOW_KEY_NFCT_PROTO_DST] = "nfct-proto-dst", |
| 56 | [FLOW_KEY_RTCLASSID] = "rt-classid", |
| 57 | [FLOW_KEY_SKUID] = "sk-uid", |
| 58 | [FLOW_KEY_SKGID] = "sk-gid", |
Patrick McHardy | 66862d3 | 2008-02-05 15:31:53 +0100 | [diff] [blame] | 59 | [FLOW_KEY_VLAN_TAG] = "vlan-tag", |
Changli Gao | 7162c92 | 2010-08-21 06:30:01 +0000 | [diff] [blame] | 60 | [FLOW_KEY_RXHASH] = "rxhash", |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 61 | }; |
| 62 | |
| 63 | static int flow_parse_keys(__u32 *keys, __u32 *nkeys, char *argv) |
| 64 | { |
| 65 | char *s, *sep; |
| 66 | unsigned int i; |
| 67 | |
| 68 | *keys = 0; |
| 69 | *nkeys = 0; |
| 70 | s = argv; |
| 71 | while (s != NULL) { |
| 72 | sep = strchr(s, ','); |
| 73 | if (sep) |
| 74 | *sep = '\0'; |
| 75 | |
| 76 | for (i = 0; i <= FLOW_KEY_MAX; i++) { |
| 77 | if (matches(s, flow_keys[i]) == 0) { |
| 78 | *keys |= 1 << i; |
| 79 | (*nkeys)++; |
| 80 | break; |
| 81 | } |
| 82 | } |
| 83 | if (i > FLOW_KEY_MAX) { |
| 84 | fprintf(stderr, "Unknown flow key \"%s\"\n", s); |
| 85 | return -1; |
| 86 | } |
| 87 | s = sep ? sep + 1 : NULL; |
| 88 | } |
| 89 | return 0; |
| 90 | } |
| 91 | |
| 92 | static void transfer_bitop(__u32 *mask, __u32 *xor, __u32 m, __u32 x) |
| 93 | { |
| 94 | *xor = x ^ (*xor & m); |
| 95 | *mask &= m; |
| 96 | } |
| 97 | |
| 98 | static int get_addend(__u32 *addend, char *argv, __u32 keys) |
| 99 | { |
| 100 | inet_prefix addr; |
| 101 | int sign = 0; |
| 102 | __u32 tmp; |
| 103 | |
| 104 | if (*argv == '-') { |
| 105 | sign = 1; |
| 106 | argv++; |
| 107 | } |
| 108 | |
| 109 | if (get_u32(&tmp, argv, 0) == 0) |
| 110 | goto out; |
| 111 | |
| 112 | if (keys & (FLOW_KEY_SRC | FLOW_KEY_DST | |
| 113 | FLOW_KEY_NFCT_SRC | FLOW_KEY_NFCT_DST) && |
| 114 | get_addr(&addr, argv, AF_UNSPEC) == 0) { |
| 115 | switch (addr.family) { |
| 116 | case AF_INET: |
| 117 | tmp = ntohl(addr.data[0]); |
| 118 | goto out; |
| 119 | case AF_INET6: |
| 120 | tmp = ntohl(addr.data[3]); |
| 121 | goto out; |
| 122 | } |
| 123 | } |
| 124 | |
| 125 | return -1; |
| 126 | out: |
| 127 | if (sign) |
| 128 | tmp = -tmp; |
| 129 | *addend = tmp; |
| 130 | return 0; |
| 131 | } |
| 132 | |
| 133 | static int flow_parse_opt(struct filter_util *fu, char *handle, |
| 134 | int argc, char **argv, struct nlmsghdr *n) |
| 135 | { |
| 136 | struct tc_police tp; |
| 137 | struct tcmsg *t = NLMSG_DATA(n); |
| 138 | struct rtattr *tail; |
| 139 | __u32 mask = ~0U, xor = 0; |
| 140 | __u32 keys = 0, nkeys = 0; |
| 141 | __u32 mode = FLOW_MODE_MAP; |
| 142 | __u32 tmp; |
| 143 | |
| 144 | memset(&tp, 0, sizeof(tp)); |
| 145 | |
| 146 | if (handle) { |
| 147 | if (get_u32(&t->tcm_handle, handle, 0)) { |
| 148 | fprintf(stderr, "Illegal \"handle\"\n"); |
| 149 | return -1; |
| 150 | } |
| 151 | } |
| 152 | |
| 153 | tail = NLMSG_TAIL(n); |
| 154 | addattr_l(n, 4096, TCA_OPTIONS, NULL, 0); |
| 155 | |
| 156 | while (argc > 0) { |
| 157 | if (matches(*argv, "map") == 0) { |
| 158 | mode = FLOW_MODE_MAP; |
| 159 | } else if (matches(*argv, "hash") == 0) { |
| 160 | mode = FLOW_MODE_HASH; |
| 161 | } else if (matches(*argv, "keys") == 0) { |
| 162 | NEXT_ARG(); |
| 163 | if (flow_parse_keys(&keys, &nkeys, *argv)) |
| 164 | return -1; |
| 165 | addattr32(n, 4096, TCA_FLOW_KEYS, keys); |
| 166 | } else if (matches(*argv, "and") == 0) { |
| 167 | NEXT_ARG(); |
| 168 | if (get_u32(&tmp, *argv, 0)) { |
| 169 | fprintf(stderr, "Illegal \"mask\"\n"); |
| 170 | return -1; |
| 171 | } |
| 172 | transfer_bitop(&mask, &xor, tmp, 0); |
| 173 | } else if (matches(*argv, "or") == 0) { |
| 174 | NEXT_ARG(); |
| 175 | if (get_u32(&tmp, *argv, 0)) { |
| 176 | fprintf(stderr, "Illegal \"or\"\n"); |
| 177 | return -1; |
| 178 | } |
| 179 | transfer_bitop(&mask, &xor, ~tmp, tmp); |
| 180 | } else if (matches(*argv, "xor") == 0) { |
| 181 | NEXT_ARG(); |
| 182 | if (get_u32(&tmp, *argv, 0)) { |
| 183 | fprintf(stderr, "Illegal \"xor\"\n"); |
| 184 | return -1; |
| 185 | } |
| 186 | transfer_bitop(&mask, &xor, ~0, tmp); |
| 187 | } else if (matches(*argv, "rshift") == 0) { |
| 188 | NEXT_ARG(); |
| 189 | if (get_u32(&tmp, *argv, 0)) { |
| 190 | fprintf(stderr, "Illegal \"rshift\"\n"); |
| 191 | return -1; |
| 192 | } |
| 193 | addattr32(n, 4096, TCA_FLOW_RSHIFT, tmp); |
| 194 | } else if (matches(*argv, "addend") == 0) { |
| 195 | NEXT_ARG(); |
| 196 | if (get_addend(&tmp, *argv, keys)) { |
| 197 | fprintf(stderr, "Illegal \"addend\"\n"); |
| 198 | return -1; |
| 199 | } |
| 200 | addattr32(n, 4096, TCA_FLOW_ADDEND, tmp); |
| 201 | } else if (matches(*argv, "divisor") == 0) { |
| 202 | NEXT_ARG(); |
| 203 | if (get_u32(&tmp, *argv, 0)) { |
| 204 | fprintf(stderr, "Illegal \"divisor\"\n"); |
| 205 | return -1; |
| 206 | } |
| 207 | addattr32(n, 4096, TCA_FLOW_DIVISOR, tmp); |
| 208 | } else if (matches(*argv, "baseclass") == 0) { |
| 209 | NEXT_ARG(); |
| 210 | if (get_tc_classid(&tmp, *argv) || TC_H_MIN(tmp) == 0) { |
| 211 | fprintf(stderr, "Illegal \"baseclass\"\n"); |
| 212 | return -1; |
| 213 | } |
| 214 | addattr32(n, 4096, TCA_FLOW_BASECLASS, tmp); |
Patrick McHardy | 8795394 | 2008-07-14 14:42:48 +0200 | [diff] [blame] | 215 | } else if (matches(*argv, "perturb") == 0) { |
| 216 | NEXT_ARG(); |
| 217 | if (get_u32(&tmp, *argv, 0)) { |
| 218 | fprintf(stderr, "Illegal \"perturb\"\n"); |
| 219 | return -1; |
| 220 | } |
| 221 | addattr32(n, 4096, TCA_FLOW_PERTURB, tmp); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 222 | } else if (matches(*argv, "police") == 0) { |
| 223 | NEXT_ARG(); |
| 224 | if (parse_police(&argc, &argv, TCA_FLOW_POLICE, n)) { |
| 225 | fprintf(stderr, "Illegal \"police\"\n"); |
| 226 | return -1; |
| 227 | } |
| 228 | continue; |
| 229 | } else if (matches(*argv, "action") == 0) { |
| 230 | NEXT_ARG(); |
| 231 | if (parse_action(&argc, &argv, TCA_FLOW_ACT, n)) { |
| 232 | fprintf(stderr, "Illegal \"action\"\n"); |
| 233 | return -1; |
| 234 | } |
| 235 | continue; |
| 236 | } else if (matches(*argv, "match") == 0) { |
| 237 | NEXT_ARG(); |
| 238 | if (parse_ematch(&argc, &argv, TCA_FLOW_EMATCHES, n)) { |
| 239 | fprintf(stderr, "Illegal \"ematch\"\n"); |
| 240 | return -1; |
| 241 | } |
| 242 | continue; |
| 243 | } else if (matches(*argv, "help") == 0) { |
| 244 | explain(); |
| 245 | return -1; |
| 246 | } else { |
| 247 | fprintf(stderr, "What is \"%s\"?\n", *argv); |
| 248 | explain(); |
| 249 | return -1; |
| 250 | } |
| 251 | argv++, argc--; |
| 252 | } |
| 253 | |
| 254 | if (nkeys > 1 && mode != FLOW_MODE_HASH) { |
| 255 | fprintf(stderr, "Invalid mode \"map\" for multiple keys\n"); |
| 256 | return -1; |
| 257 | } |
| 258 | addattr32(n, 4096, TCA_FLOW_MODE, mode); |
| 259 | |
| 260 | if (mask != ~0 || xor != 0) { |
| 261 | addattr32(n, 4096, TCA_FLOW_MASK, mask); |
| 262 | addattr32(n, 4096, TCA_FLOW_XOR, xor); |
| 263 | } |
| 264 | |
| 265 | tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail; |
| 266 | return 0; |
| 267 | } |
| 268 | |
| 269 | static int flow_print_opt(struct filter_util *fu, FILE *f, struct rtattr *opt, |
| 270 | __u32 handle) |
| 271 | { |
| 272 | struct rtattr *tb[TCA_FLOW_MAX+1]; |
Stephen Hemminger | 32a121c | 2016-03-21 11:48:36 -0700 | [diff] [blame] | 273 | |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 274 | SPRINT_BUF(b1); |
| 275 | unsigned int i; |
| 276 | __u32 mask = ~0, val = 0; |
| 277 | |
| 278 | if (opt == NULL) |
| 279 | return -EINVAL; |
| 280 | |
| 281 | parse_rtattr_nested(tb, TCA_FLOW_MAX, opt); |
| 282 | |
| 283 | fprintf(f, "handle 0x%x ", handle); |
| 284 | |
| 285 | if (tb[TCA_FLOW_MODE]) { |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 286 | __u32 mode = rta_getattr_u32(tb[TCA_FLOW_MODE]); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 287 | |
| 288 | switch (mode) { |
| 289 | case FLOW_MODE_MAP: |
| 290 | fprintf(f, "map "); |
| 291 | break; |
| 292 | case FLOW_MODE_HASH: |
| 293 | fprintf(f, "hash "); |
| 294 | break; |
| 295 | } |
| 296 | } |
| 297 | |
| 298 | if (tb[TCA_FLOW_KEYS]) { |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 299 | __u32 keymask = rta_getattr_u32(tb[TCA_FLOW_KEYS]); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 300 | char *sep = ""; |
| 301 | |
| 302 | fprintf(f, "keys "); |
| 303 | for (i = 0; i <= FLOW_KEY_MAX; i++) { |
| 304 | if (keymask & (1 << i)) { |
| 305 | fprintf(f, "%s%s", sep, flow_keys[i]); |
| 306 | sep = ","; |
| 307 | } |
| 308 | } |
| 309 | fprintf(f, " "); |
| 310 | } |
| 311 | |
| 312 | if (tb[TCA_FLOW_MASK]) |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 313 | mask = rta_getattr_u32(tb[TCA_FLOW_MASK]); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 314 | if (tb[TCA_FLOW_XOR]) |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 315 | val = rta_getattr_u32(tb[TCA_FLOW_XOR]); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 316 | |
| 317 | if (mask != ~0 || val != 0) { |
| 318 | __u32 or = (mask & val) ^ val; |
| 319 | __u32 xor = mask & val; |
| 320 | |
| 321 | if (mask != ~0) |
| 322 | fprintf(f, "and 0x%.8x ", mask); |
| 323 | if (xor != 0) |
| 324 | fprintf(f, "xor 0x%.8x ", xor); |
| 325 | if (or != 0) |
| 326 | fprintf(f, "or 0x%.8x ", or); |
| 327 | } |
| 328 | |
| 329 | if (tb[TCA_FLOW_RSHIFT]) |
| 330 | fprintf(f, "rshift %u ", |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 331 | rta_getattr_u32(tb[TCA_FLOW_RSHIFT])); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 332 | if (tb[TCA_FLOW_ADDEND]) |
| 333 | fprintf(f, "addend 0x%x ", |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 334 | rta_getattr_u32(tb[TCA_FLOW_ADDEND])); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 335 | |
| 336 | if (tb[TCA_FLOW_DIVISOR]) |
| 337 | fprintf(f, "divisor %u ", |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 338 | rta_getattr_u32(tb[TCA_FLOW_DIVISOR])); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 339 | if (tb[TCA_FLOW_BASECLASS]) |
| 340 | fprintf(f, "baseclass %s ", |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 341 | sprint_tc_classid(rta_getattr_u32(tb[TCA_FLOW_BASECLASS]), b1)); |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 342 | |
Patrick McHardy | 8795394 | 2008-07-14 14:42:48 +0200 | [diff] [blame] | 343 | if (tb[TCA_FLOW_PERTURB]) |
| 344 | fprintf(f, "perturb %usec ", |
Stephen Hemminger | ff24746 | 2012-04-10 08:47:55 -0700 | [diff] [blame] | 345 | rta_getattr_u32(tb[TCA_FLOW_PERTURB])); |
Patrick McHardy | 8795394 | 2008-07-14 14:42:48 +0200 | [diff] [blame] | 346 | |
Patrick McHardy | 9932abb | 2008-01-31 18:58:59 +0100 | [diff] [blame] | 347 | if (tb[TCA_FLOW_EMATCHES]) |
| 348 | print_ematch(f, tb[TCA_FLOW_EMATCHES]); |
| 349 | if (tb[TCA_FLOW_POLICE]) |
| 350 | tc_print_police(f, tb[TCA_FLOW_POLICE]); |
| 351 | if (tb[TCA_FLOW_ACT]) { |
| 352 | fprintf(f, "\n"); |
| 353 | tc_print_action(f, tb[TCA_FLOW_ACT]); |
| 354 | } |
| 355 | return 0; |
| 356 | } |
| 357 | |
| 358 | struct filter_util flow_filter_util = { |
| 359 | .id = "flow", |
| 360 | .parse_fopt = flow_parse_opt, |
| 361 | .print_fopt = flow_print_opt, |
| 362 | }; |