4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
9 * Authors: Patrick McHardy <kaber@trash.net>
21 static void explain(void)
24 "Usage: ... flow ...\n"
26 " [mapping mode]: map key KEY [ OPS ] ...\n"
27 " [hashing mode]: hash keys KEY-LIST ... [ perturb SECS ]\n"
29 " [ divisor NUM ] [ baseclass ID ] [ match EMATCH_TREE ]\n"
30 " [ police POLICE_SPEC ] [ action ACTION_SPEC ]\n"
32 "KEY-LIST := [ KEY-LIST , ] KEY\n"
33 "KEY := [ src | dst | proto | proto-src | proto-dst | iif | priority | \n"
34 " mark | nfct | nfct-src | nfct-dst | nfct-proto-src | \n"
35 " nfct-proto-dst | rt-classid | sk-uid | sk-gid |\n"
36 " vlan-tag | rxhash ]\n"
37 "OPS := [ or NUM | and NUM | xor NUM | rshift NUM | addend NUM ]\n"
42 static const char *flow_keys[FLOW_KEY_MAX+1] = {
43 [FLOW_KEY_SRC] = "src",
44 [FLOW_KEY_DST] = "dst",
45 [FLOW_KEY_PROTO] = "proto",
46 [FLOW_KEY_PROTO_SRC] = "proto-src",
47 [FLOW_KEY_PROTO_DST] = "proto-dst",
48 [FLOW_KEY_IIF] = "iif",
49 [FLOW_KEY_PRIORITY] = "priority",
50 [FLOW_KEY_MARK] = "mark",
51 [FLOW_KEY_NFCT] = "nfct",
52 [FLOW_KEY_NFCT_SRC] = "nfct-src",
53 [FLOW_KEY_NFCT_DST] = "nfct-dst",
54 [FLOW_KEY_NFCT_PROTO_SRC] = "nfct-proto-src",
55 [FLOW_KEY_NFCT_PROTO_DST] = "nfct-proto-dst",
56 [FLOW_KEY_RTCLASSID] = "rt-classid",
57 [FLOW_KEY_SKUID] = "sk-uid",
58 [FLOW_KEY_SKGID] = "sk-gid",
59 [FLOW_KEY_VLAN_TAG] = "vlan-tag",
60 [FLOW_KEY_RXHASH] = "rxhash",
63 static int flow_parse_keys(__u32 *keys, __u32 *nkeys, char *argv)
76 for (i = 0; i <= FLOW_KEY_MAX; i++) {
77 if (matches(s, flow_keys[i]) == 0) {
83 if (i > FLOW_KEY_MAX) {
84 fprintf(stderr, "Unknown flow key \"%s\"\n", s);
87 s = sep ? sep + 1 : NULL;
92 static void transfer_bitop(__u32 *mask, __u32 *xor, __u32 m, __u32 x)
94 *xor = x ^ (*xor & m);
98 static int get_addend(__u32 *addend, char *argv, __u32 keys)
109 if (get_u32(&tmp, argv, 0) == 0)
112 if (keys & (FLOW_KEY_SRC | FLOW_KEY_DST |
113 FLOW_KEY_NFCT_SRC | FLOW_KEY_NFCT_DST) &&
114 get_addr(&addr, argv, AF_UNSPEC) == 0) {
115 switch (addr.family) {
117 tmp = ntohl(addr.data[0]);
120 tmp = ntohl(addr.data[3]);
133 static int flow_parse_opt(struct filter_util *fu, char *handle,
134 int argc, char **argv, struct nlmsghdr *n)
137 struct tcmsg *t = NLMSG_DATA(n);
139 __u32 mask = ~0U, xor = 0;
140 __u32 keys = 0, nkeys = 0;
141 __u32 mode = FLOW_MODE_MAP;
144 memset(&tp, 0, sizeof(tp));
147 if (get_u32(&t->tcm_handle, handle, 0)) {
148 fprintf(stderr, "Illegal \"handle\"\n");
153 tail = NLMSG_TAIL(n);
154 addattr_l(n, 4096, TCA_OPTIONS, NULL, 0);
157 if (matches(*argv, "map") == 0) {
158 mode = FLOW_MODE_MAP;
159 } else if (matches(*argv, "hash") == 0) {
160 mode = FLOW_MODE_HASH;
161 } else if (matches(*argv, "keys") == 0) {
163 if (flow_parse_keys(&keys, &nkeys, *argv))
165 addattr32(n, 4096, TCA_FLOW_KEYS, keys);
166 } else if (matches(*argv, "and") == 0) {
168 if (get_u32(&tmp, *argv, 0)) {
169 fprintf(stderr, "Illegal \"mask\"\n");
172 transfer_bitop(&mask, &xor, tmp, 0);
173 } else if (matches(*argv, "or") == 0) {
175 if (get_u32(&tmp, *argv, 0)) {
176 fprintf(stderr, "Illegal \"or\"\n");
179 transfer_bitop(&mask, &xor, ~tmp, tmp);
180 } else if (matches(*argv, "xor") == 0) {
182 if (get_u32(&tmp, *argv, 0)) {
183 fprintf(stderr, "Illegal \"xor\"\n");
186 transfer_bitop(&mask, &xor, ~0, tmp);
187 } else if (matches(*argv, "rshift") == 0) {
189 if (get_u32(&tmp, *argv, 0)) {
190 fprintf(stderr, "Illegal \"rshift\"\n");
193 addattr32(n, 4096, TCA_FLOW_RSHIFT, tmp);
194 } else if (matches(*argv, "addend") == 0) {
196 if (get_addend(&tmp, *argv, keys)) {
197 fprintf(stderr, "Illegal \"addend\"\n");
200 addattr32(n, 4096, TCA_FLOW_ADDEND, tmp);
201 } else if (matches(*argv, "divisor") == 0) {
203 if (get_u32(&tmp, *argv, 0)) {
204 fprintf(stderr, "Illegal \"divisor\"\n");
207 addattr32(n, 4096, TCA_FLOW_DIVISOR, tmp);
208 } else if (matches(*argv, "baseclass") == 0) {
210 if (get_tc_classid(&tmp, *argv) || TC_H_MIN(tmp) == 0) {
211 fprintf(stderr, "Illegal \"baseclass\"\n");
214 addattr32(n, 4096, TCA_FLOW_BASECLASS, tmp);
215 } else if (matches(*argv, "perturb") == 0) {
217 if (get_u32(&tmp, *argv, 0)) {
218 fprintf(stderr, "Illegal \"perturb\"\n");
221 addattr32(n, 4096, TCA_FLOW_PERTURB, tmp);
222 } else if (matches(*argv, "police") == 0) {
224 if (parse_police(&argc, &argv, TCA_FLOW_POLICE, n)) {
225 fprintf(stderr, "Illegal \"police\"\n");
229 } else if (matches(*argv, "action") == 0) {
231 if (parse_action(&argc, &argv, TCA_FLOW_ACT, n)) {
232 fprintf(stderr, "Illegal \"action\"\n");
236 } else if (matches(*argv, "match") == 0) {
238 if (parse_ematch(&argc, &argv, TCA_FLOW_EMATCHES, n)) {
239 fprintf(stderr, "Illegal \"ematch\"\n");
243 } else if (matches(*argv, "help") == 0) {
247 fprintf(stderr, "What is \"%s\"?\n", *argv);
254 if (nkeys > 1 && mode != FLOW_MODE_HASH) {
255 fprintf(stderr, "Invalid mode \"map\" for multiple keys\n");
258 addattr32(n, 4096, TCA_FLOW_MODE, mode);
260 if (mask != ~0 || xor != 0) {
261 addattr32(n, 4096, TCA_FLOW_MASK, mask);
262 addattr32(n, 4096, TCA_FLOW_XOR, xor);
265 tail->rta_len = (void *)NLMSG_TAIL(n) - (void *)tail;
269 static int flow_print_opt(struct filter_util *fu, FILE *f, struct rtattr *opt,
272 struct rtattr *tb[TCA_FLOW_MAX+1];
275 __u32 mask = ~0, val = 0;
280 parse_rtattr_nested(tb, TCA_FLOW_MAX, opt);
282 fprintf(f, "handle 0x%x ", handle);
284 if (tb[TCA_FLOW_MODE]) {
285 __u32 mode = *(__u32 *)RTA_DATA(tb[TCA_FLOW_MODE]);
297 if (tb[TCA_FLOW_KEYS]) {
298 __u32 keymask = *(__u32 *)RTA_DATA(tb[TCA_FLOW_KEYS]);
302 for (i = 0; i <= FLOW_KEY_MAX; i++) {
303 if (keymask & (1 << i)) {
304 fprintf(f, "%s%s", sep, flow_keys[i]);
311 if (tb[TCA_FLOW_MASK])
312 mask = *(__u32 *)RTA_DATA(tb[TCA_FLOW_MASK]);
313 if (tb[TCA_FLOW_XOR])
314 val = *(__u32 *)RTA_DATA(tb[TCA_FLOW_XOR]);
316 if (mask != ~0 || val != 0) {
317 __u32 or = (mask & val) ^ val;
318 __u32 xor = mask & val;
321 fprintf(f, "and 0x%.8x ", mask);
323 fprintf(f, "xor 0x%.8x ", xor);
325 fprintf(f, "or 0x%.8x ", or);
328 if (tb[TCA_FLOW_RSHIFT])
329 fprintf(f, "rshift %u ",
330 *(__u32 *)RTA_DATA(tb[TCA_FLOW_RSHIFT]));
331 if (tb[TCA_FLOW_ADDEND])
332 fprintf(f, "addend 0x%x ",
333 *(__u32 *)RTA_DATA(tb[TCA_FLOW_ADDEND]));
335 if (tb[TCA_FLOW_DIVISOR])
336 fprintf(f, "divisor %u ",
337 *(__u32 *)RTA_DATA(tb[TCA_FLOW_DIVISOR]));
338 if (tb[TCA_FLOW_BASECLASS])
339 fprintf(f, "baseclass %s ",
340 sprint_tc_classid(*(__u32 *)RTA_DATA(tb[TCA_FLOW_BASECLASS]), b1));
342 if (tb[TCA_FLOW_PERTURB])
343 fprintf(f, "perturb %usec ",
344 *(__u32 *)RTA_DATA(tb[TCA_FLOW_PERTURB]));
346 if (tb[TCA_FLOW_EMATCHES])
347 print_ematch(f, tb[TCA_FLOW_EMATCHES]);
348 if (tb[TCA_FLOW_POLICE])
349 tc_print_police(f, tb[TCA_FLOW_POLICE]);
350 if (tb[TCA_FLOW_ACT]) {
352 tc_print_action(f, tb[TCA_FLOW_ACT]);
357 struct filter_util flow_filter_util = {
359 .parse_fopt = flow_parse_opt,
360 .print_fopt = flow_print_opt,