Home | History | Annotate | Download | only in tc 
      1 /*
      2  * f_flow.c		Flow filter
      3  *
      4  * 		This program is free software; you can redistribute it and/or
      5  * 		modify it under the terms of the GNU General Public License
      6  * 		as published by the Free Software Foundation; either version
      7  * 		2 of the License, or (at your option) any later version.
      8  *
      9  * Authors:	Patrick McHardy <kaber (at) trash.net>
     10  */
     11 #include <stdio.h>
     12 #include <stdlib.h>
     13 #include <unistd.h>
     14 #include <string.h>
     15 #include <errno.h>
     16 
     17 #include "utils.h"
     18 #include "tc_util.h"
     19 #include "m_ematch.h"
     20 
     21 static void explain(void)
     22 {
     23 	fprintf(stderr,
     24 "Usage: ... flow ...\n"
     25 "\n"
     26 " [mapping mode]: map key KEY [ OPS ] ...\n"
     27 " [hashing mode]: hash keys KEY-LIST ... [ perturb SECS ]\n"
     28 "\n"
     29 "                 [ divisor NUM ] [ baseclass ID ] [ match EMATCH_TREE ]\n"
     30 "                 [ police POLICE_SPEC ] [ action ACTION_SPEC ]\n"
     31 "\n"
     32 "KEY-LIST := [ KEY-LIST , ] KEY\n"
     33 "KEY      := [ src | dst | proto | proto-src | proto-dst | iif | priority | \n"
     34 "              mark | nfct | nfct-src | nfct-dst | nfct-proto-src | \n"
     35 "              nfct-proto-dst | rt-classid | sk-uid | sk-gid |\n"
     36 "              vlan-tag | rxhash ]\n"
     37 "OPS      := [ or NUM | and NUM | xor NUM | rshift NUM | addend NUM ]\n"
     38 "ID       := X:Y\n"
     39 	);
     40 }
     41 
     42 static const char *flow_keys[FLOW_KEY_MAX+1] = {
     43 	[FLOW_KEY_SRC]			= "src",
     44 	[FLOW_KEY_DST]			= "dst",
     45 	[FLOW_KEY_PROTO]		= "proto",
     46 	[FLOW_KEY_PROTO_SRC]		= "proto-src",
     47 	[FLOW_KEY_PROTO_DST]		= "proto-dst",
     48 	[FLOW_KEY_IIF]			= "iif",
     49 	[FLOW_KEY_PRIORITY]		= "priority",
     50 	[FLOW_KEY_MARK]			= "mark",
     51 	[FLOW_KEY_NFCT]			= "nfct",
     52 	[FLOW_KEY_NFCT_SRC]		= "nfct-src",
     53 	[FLOW_KEY_NFCT_DST]		= "nfct-dst",
     54 	[FLOW_KEY_NFCT_PROTO_SRC]	= "nfct-proto-src",
     55 	[FLOW_KEY_NFCT_PROTO_DST]	= "nfct-proto-dst",
     56 	[FLOW_KEY_RTCLASSID]		= "rt-classid",
     57 	[FLOW_KEY_SKUID]		= "sk-uid",
     58 	[FLOW_KEY_SKGID]		= "sk-gid",
     59 	[FLOW_KEY_VLAN_TAG]		= "vlan-tag",
     60 	[FLOW_KEY_RXHASH]		= "rxhash",
     61 };
     62 
     63 static int flow_parse_keys(__u32 *keys, __u32 *nkeys, char *argv)
     64 {
     65 	char *s, *sep;
     66 	unsigned int i;
     67 
     68 	*keys = 0;
     69 	*nkeys = 0;
     70 	s = argv;
     71 	while (s != NULL) {
     72 		sep = strchr(s, ',');
     73 		if (sep)
     74 			*sep = '\0';
     75 
     76 		for (i = 0; i <= FLOW_KEY_MAX; i++) {
     77 			if (matches(s, flow_keys[i]) == 0) {
     78 				*keys |= 1 << i;
     79 				(*nkeys)++;
     80 				break;
     81 			}
     82 		}
     83 		if (i > FLOW_KEY_MAX) {
     84 			fprintf(stderr, "Unknown flow key \"%s\"\n", s);
     85 			return -1;
     86 		}
     87 		s = sep ? sep + 1 : NULL;
     88 	}
     89 	return 0;
     90 }
     91 
     92 static void transfer_bitop(__u32 *mask, __u32 *xor, __u32 m, __u32 x)
     93 {
     94 	*xor = x ^ (*xor & m);
     95 	*mask &= m;
     96 }
     97 
     98 static int get_addend(__u32 *addend, char *argv, __u32 keys)
     99 {
    100 	inet_prefix addr;
    101 	int sign = 0;
    102 	__u32 tmp;
    103 
    104 	if (*argv == '-') {
    105 		sign = 1;
    106 		argv++;
    107 	}
    108 
    109 	if (get_u32(&tmp, argv, 0) == 0)
    110 		goto out;
    111 
    112 	if (keys & (FLOW_KEY_SRC | FLOW_KEY_DST |
    113 		    FLOW_KEY_NFCT_SRC | FLOW_KEY_NFCT_DST) &&
    114 	    get_addr(&addr, argv, AF_UNSPEC) == 0) {
    115 		switch (addr.family) {
    116 		case AF_INET:
    117 			tmp = ntohl(addr.data[0]);
    118 			goto out;
    119 		case AF_INET6:
    120 			tmp = ntohl(addr.data[3]);
    121 			goto out;
    122 		}
    123 	}
    124 
    125 	return -1;
    126 out:
    127 	if (sign)
    128 		tmp = -tmp;
    129 	*addend = tmp;
    130 	return 0;
    131 }
    132 
    133 static int flow_parse_opt(struct filter_util *fu, char *handle,
    134 			  int argc, char **argv, struct nlmsghdr *n)
    135 {
    136 	struct tc_police tp;
    137 	struct tcmsg *t = NLMSG_DATA(n);
    138 	struct rtattr *tail;
    139 	__u32 mask = ~0U, xor = 0;
    140 	__u32 keys = 0, nkeys = 0;
    141 	__u32 mode = FLOW_MODE_MAP;
    142 	__u32 tmp;
    143 
    144 	memset(&tp, 0, sizeof(tp));
    145 
    146 	if (handle) {
    147 		if (get_u32(&t->tcm_handle, handle, 0)) {
    148 			fprintf(stderr, "Illegal \"handle\"\n");
    149 			return -1;
    150 		}
    151 	}
    152 
    153 	tail = NLMSG_TAIL(n);
    154 	addattr_l(n, 4096, TCA_OPTIONS, NULL, 0);
    155 
    156 	while (argc > 0) {
    157 		if (matches(*argv, "map") == 0) {
    158 			mode = FLOW_MODE_MAP;
    159 		} else if (matches(*argv, "hash") == 0) {
    160 			mode = FLOW_MODE_HASH;
    161 		} else if (matches(*argv, "keys") == 0) {
    162 			NEXT_ARG();
    163 			if (flow_parse_keys(&keys, &nkeys, *argv))
    164 				return -1;
    165 			addattr32(n, 4096, TCA_FLOW_KEYS, keys);
    166 		} else if (matches(*argv, "and") == 0) {
    167 			NEXT_ARG();
    168 			if (get_u32(&tmp, *argv, 0)) {
    169 				fprintf(stderr, "Illegal \"mask\"\n");
    170 				return -1;
    171 			}
    172 			transfer_bitop(&mask, &xor, tmp, 0);
    173 		} else if (matches(*argv, "or") == 0) {
    174 			NEXT_ARG();
    175 			if (get_u32(&tmp, *argv, 0)) {
    176 				fprintf(stderr, "Illegal \"or\"\n");
    177 				return -1;
    178 			}
    179 			transfer_bitop(&mask, &xor, ~tmp, tmp);
    180 		} else if (matches(*argv, "xor") == 0) {
    181 			NEXT_ARG();
    182 			if (get_u32(&tmp, *argv, 0)) {
    183 				fprintf(stderr, "Illegal \"xor\"\n");
    184 				return -1;
    185 			}
    186 			transfer_bitop(&mask, &xor, ~0, tmp);
    187 		} else if (matches(*argv, "rshift") == 0) {
    188 			NEXT_ARG();
    189 			if (get_u32(&tmp, *argv, 0)) {
    190 				fprintf(stderr, "Illegal \"rshift\"\n");
    191 				return -1;
    192 			}
    193 			addattr32(n, 4096, TCA_FLOW_RSHIFT, tmp);
    194 		} else if (matches(*argv, "addend") == 0) {
    195 			NEXT_ARG();
    196 			if (get_addend(&tmp, *argv, keys)) {
    197 				fprintf(stderr, "Illegal \"addend\"\n");
    198 				return -1;
    199 			}
    200 			addattr32(n, 4096, TCA_FLOW_ADDEND, tmp);
    201 		} else if (matches(*argv, "divisor") == 0) {
    202 			NEXT_ARG();
    203 			if (get_u32(&tmp, *argv, 0)) {
    204 				fprintf(stderr, "Illegal \"divisor\"\n");
    205 				return -1;
    206 			}
    207 			addattr32(n, 4096, TCA_FLOW_DIVISOR, tmp);
    208 		} else if (matches(*argv, "baseclass") == 0) {
    209 			NEXT_ARG();
    210 			if (get_tc_classid(&tmp, *argv) || TC_H_MIN(tmp) == 0) {
    211 				fprintf(stderr, "Illegal \"baseclass\"\n");
    212 				return -1;
    213 			}
    214 			addattr32(n, 4096, TCA_FLOW_BASECLASS, tmp);
    215 		} else if (matches(*argv, "perturb") == 0) {
    216 			NEXT_ARG();
    217 			if (get_u32(&tmp, *argv, 0)) {
    218 				fprintf(stderr, "Illegal \"perturb\"\n");
    219 				return -1;
    220 			}
    221 			addattr32(n, 4096, TCA_FLOW_PERTURB, tmp);
    222 		} else if (matches(*argv, "police") == 0) {
    223 			NEXT_ARG();
    224 			if (parse_police(&argc, &argv, TCA_FLOW_POLICE, n)) {
    225 				fprintf(stderr, "Illegal \"police\"\n");
    226 				return -1;
    227 			}
    228 			continue;
    229 		} else if (matches(*argv, "action") == 0) {
    230 			NEXT_ARG();
    231 			if (parse_action(&argc, &argv, TCA_FLOW_ACT, n)) {
    232 				fprintf(stderr, "Illegal \"action\"\n");
    233 				return -1;
    234 			}
    235 			continue;
    236 		} else if (matches(*argv, "match") == 0) {
    237 			NEXT_ARG();
    238 			if (parse_ematch(&argc, &argv, TCA_FLOW_EMATCHES, n)) {
    239 				fprintf(stderr, "Illegal \"ematch\"\n");
    240 				return -1;
    241 			}
    242 			continue;
    243 		} else if (matches(*argv, "help") == 0) {
    244 			explain();
    245 			return -1;
    246 		} else {
    247 			fprintf(stderr, "What is \"%s\"?\n", *argv);
    248 			explain();
    249 			return -1;
    250 		}
    251 		argv++, argc--;
    252 	}
    253 
    254 	if (nkeys > 1 && mode != FLOW_MODE_HASH) {
    255 		fprintf(stderr, "Invalid mode \"map\" for multiple keys\n");
    256 		return -1;
    257 	}
    258 	addattr32(n, 4096, TCA_FLOW_MODE, mode);
    259 
    260 	if (mask != ~0 || xor != 0) {
    261 		addattr32(n, 4096, TCA_FLOW_MASK, mask);
    262 		addattr32(n, 4096, TCA_FLOW_XOR, xor);
    263 	}
    264 
    265 	tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail;
    266 	return 0;
    267 }
    268 
    269 static int flow_print_opt(struct filter_util *fu, FILE *f, struct rtattr *opt,
    270 			  __u32 handle)
    271 {
    272 	struct rtattr *tb[TCA_FLOW_MAX+1];
    273 	SPRINT_BUF(b1);
    274 	unsigned int i;
    275 	__u32 mask = ~0, val = 0;
    276 
    277 	if (opt == NULL)
    278 		return -EINVAL;
    279 
    280 	parse_rtattr_nested(tb, TCA_FLOW_MAX, opt);
    281 
    282 	fprintf(f, "handle 0x%x ", handle);
    283 
    284 	if (tb[TCA_FLOW_MODE]) {
    285 		__u32 mode = rta_getattr_u32(tb[TCA_FLOW_MODE]);
    286 
    287 		switch (mode) {
    288 		case FLOW_MODE_MAP:
    289 			fprintf(f, "map ");
    290 			break;
    291 		case FLOW_MODE_HASH:
    292 			fprintf(f, "hash ");
    293 			break;
    294 		}
    295 	}
    296 
    297 	if (tb[TCA_FLOW_KEYS]) {
    298 		__u32 keymask = rta_getattr_u32(tb[TCA_FLOW_KEYS]);
    299 		char *sep = "";
    300 
    301 		fprintf(f, "keys ");
    302 		for (i = 0; i <= FLOW_KEY_MAX; i++) {
    303 			if (keymask & (1 << i)) {
    304 				fprintf(f, "%s%s", sep, flow_keys[i]);
    305 				sep = ",";
    306 			}
    307 		}
    308 		fprintf(f, " ");
    309 	}
    310 
    311 	if (tb[TCA_FLOW_MASK])
    312 		mask = rta_getattr_u32(tb[TCA_FLOW_MASK]);
    313 	if (tb[TCA_FLOW_XOR])
    314 		val = rta_getattr_u32(tb[TCA_FLOW_XOR]);
    315 
    316 	if (mask != ~0 || val != 0) {
    317 		__u32 or = (mask & val) ^ val;
    318 		__u32 xor = mask & val;
    319 
    320 		if (mask != ~0)
    321 			fprintf(f, "and 0x%.8x ", mask);
    322 		if (xor != 0)
    323 			fprintf(f, "xor 0x%.8x ", xor);
    324 		if (or != 0)
    325 			fprintf(f, "or 0x%.8x ", or);
    326 	}
    327 
    328 	if (tb[TCA_FLOW_RSHIFT])
    329 		fprintf(f, "rshift %u ",
    330 			rta_getattr_u32(tb[TCA_FLOW_RSHIFT]));
    331 	if (tb[TCA_FLOW_ADDEND])
    332 		fprintf(f, "addend 0x%x ",
    333 			rta_getattr_u32(tb[TCA_FLOW_ADDEND]));
    334 
    335 	if (tb[TCA_FLOW_DIVISOR])
    336 		fprintf(f, "divisor %u ",
    337 			rta_getattr_u32(tb[TCA_FLOW_DIVISOR]));
    338 	if (tb[TCA_FLOW_BASECLASS])
    339 		fprintf(f, "baseclass %s ",
    340 			sprint_tc_classid(rta_getattr_u32(tb[TCA_FLOW_BASECLASS]), b1));
    341 
    342 	if (tb[TCA_FLOW_PERTURB])
    343 		fprintf(f, "perturb %usec ",
    344 			rta_getattr_u32(tb[TCA_FLOW_PERTURB]));
    345 
    346 	if (tb[TCA_FLOW_EMATCHES])
    347 		print_ematch(f, tb[TCA_FLOW_EMATCHES]);
    348 	if (tb[TCA_FLOW_POLICE])
    349 		tc_print_police(f, tb[TCA_FLOW_POLICE]);
    350 	if (tb[TCA_FLOW_ACT]) {
    351 		fprintf(f, "\n");
    352 		tc_print_action(f, tb[TCA_FLOW_ACT]);
    353 	}
    354 	return 0;
    355 }
    356 
    357 struct filter_util flow_filter_util = {
    358 	.id		= "flow",
    359 	.parse_fopt	= flow_parse_opt,
    360 	.print_fopt	= flow_print_opt,
    361 };
    362