diff options
Diffstat (limited to 'tc/tc_filter.c')
-rw-r--r-- | tc/tc_filter.c | 394 |
1 files changed, 320 insertions, 74 deletions
diff --git a/tc/tc_filter.c b/tc/tc_filter.c index 1a1082b4..cf290ae8 100644 --- a/tc/tc_filter.c +++ b/tc/tc_filter.c @@ -28,45 +28,43 @@ static void usage(void) { - fprintf(stderr, "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n"); - fprintf(stderr, " [ pref PRIO ] protocol PROTO\n"); - fprintf(stderr, " [ estimator INTERVAL TIME_CONSTANT ]\n"); - fprintf(stderr, " [ root | ingress | egress | parent CLASSID ]\n"); - fprintf(stderr, " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n"); - fprintf(stderr, "\n"); - fprintf(stderr, " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n"); - fprintf(stderr, "Where:\n"); - fprintf(stderr, "FILTER_TYPE := { rsvp | u32 | bpf | fw | route | etc. }\n"); - fprintf(stderr, "FILTERID := ... format depends on classifier, see there\n"); - fprintf(stderr, "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n"); + fprintf(stderr, + "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n" + "Usage: tc filter get dev STRING parent CLASSID protocol PROTO handle FILTERID pref PRIO FILTER_TYPE\n" + " [ pref PRIO ] protocol PROTO [ chain CHAIN_INDEX ]\n" + " [ estimator INTERVAL TIME_CONSTANT ]\n" + " [ root | ingress | egress | parent CLASSID ]\n" + " [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n" + "\n" + " tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n" + "Where:\n" + "FILTER_TYPE := { rsvp | u32 | bpf | fw | route | etc. }\n" + "FILTERID := ... format depends on classifier, see there\n" + "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n"); } -static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) +static int tc_filter_modify(int cmd, unsigned int flags, int argc, char **argv) { struct { - struct nlmsghdr n; - struct tcmsg t; - char buf[MAX_MSG]; - } req; + struct nlmsghdr n; + struct tcmsg t; + char buf[MAX_MSG]; + } req = { + .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)), + .n.nlmsg_flags = NLM_F_REQUEST | flags, + .n.nlmsg_type = cmd, + .t.tcm_family = AF_UNSPEC, + }; struct filter_util *q = NULL; __u32 prio = 0; __u32 protocol = 0; int protocol_set = 0; + __u32 chain_index; + int chain_index_set = 0; char *fhandle = NULL; - char d[16]; - char k[16]; - struct tc_estimator est; - - memset(&req, 0, sizeof(req)); - memset(&est, 0, sizeof(est)); - memset(d, 0, sizeof(d)); - memset(k, 0, sizeof(k)); - memset(&req, 0, sizeof(req)); - - req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)); - req.n.nlmsg_flags = NLM_F_REQUEST|flags; - req.n.nlmsg_type = cmd; - req.t.tcm_family = AF_UNSPEC; + char d[16] = {}; + char k[16] = {}; + struct tc_estimator est = {}; if (cmd == RTM_NEWTFILTER && flags & NLM_F_CREATE) protocol = htons(ETH_P_ALL); @@ -79,26 +77,30 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) strncpy(d, *argv, sizeof(d)-1); } else if (strcmp(*argv, "root") == 0) { if (req.t.tcm_parent) { - fprintf(stderr, "Error: \"root\" is duplicate parent ID\n"); + fprintf(stderr, + "Error: \"root\" is duplicate parent ID\n"); return -1; } req.t.tcm_parent = TC_H_ROOT; } else if (strcmp(*argv, "ingress") == 0) { if (req.t.tcm_parent) { - fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n"); + fprintf(stderr, + "Error: \"ingress\" is duplicate parent ID\n"); return -1; } req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS); } else if (strcmp(*argv, "egress") == 0) { if (req.t.tcm_parent) { - fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n"); + fprintf(stderr, + "Error: \"egress\" is duplicate parent ID\n"); return -1; } req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_EGRESS); } else if (strcmp(*argv, "parent") == 0) { __u32 handle; + NEXT_ARG(); if (req.t.tcm_parent) duparg("parent", *argv); @@ -119,6 +121,7 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) invarg("invalid priority value", *argv); } else if (matches(*argv, "protocol") == 0) { __u16 id; + NEXT_ARG(); if (protocol_set) duparg("protocol", *argv); @@ -126,6 +129,13 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) invarg("invalid protocol", *argv); protocol = id; protocol_set = 1; + } else if (matches(*argv, "chain") == 0) { + NEXT_ARG(); + if (chain_index_set) + duparg("chain", *argv); + if (get_u32(&chain_index, *argv, 0)) + invarg("invalid chain index value", *argv); + chain_index_set = 1; } else if (matches(*argv, "estimator") == 0) { if (parse_estimator(&argc, &argv, &est) < 0) return -1; @@ -145,6 +155,9 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) req.t.tcm_info = TC_H_MAKE(prio<<16, protocol); + if (chain_index_set) + addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index); + if (k[0]) addattr_l(&req.n, sizeof(req), TCA_KIND, k, strlen(k)+1); @@ -153,17 +166,20 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) return 1; } else { if (fhandle) { - fprintf(stderr, "Must specify filter type when using " - "\"handle\"\n"); + fprintf(stderr, + "Must specify filter type when using \"handle\"\n"); return -1; } if (argc) { if (matches(*argv, "help") == 0) usage(); - fprintf(stderr, "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n", *argv); + fprintf(stderr, + "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n", + *argv); return -1; } } + if (est.ewma_log) addattr_l(&req.n, sizeof(req), TCA_RATE, &est, sizeof(est)); @@ -171,7 +187,8 @@ static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv) if (d[0]) { ll_init_map(&rth); - if ((req.t.tcm_ifindex = ll_name_to_index(d)) == 0) { + req.t.tcm_ifindex = ll_name_to_index(d); + if (req.t.tcm_ifindex == 0) { fprintf(stderr, "Cannot find device \"%s\"\n", d); return 1; } @@ -189,21 +206,23 @@ static __u32 filter_parent; static int filter_ifindex; static __u32 filter_prio; static __u32 filter_protocol; -__u16 f_proto = 0; +static __u32 filter_chain_index; +static int filter_chain_index_set; +__u16 f_proto; -int print_filter(const struct sockaddr_nl *who, - struct nlmsghdr *n, - void *arg) +int print_filter(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg) { - FILE *fp = (FILE*)arg; + FILE *fp = (FILE *)arg; struct tcmsg *t = NLMSG_DATA(n); int len = n->nlmsg_len; - struct rtattr * tb[TCA_MAX+1]; + struct rtattr *tb[TCA_MAX+1]; struct filter_util *q; char abuf[256]; - if (n->nlmsg_type != RTM_NEWTFILTER && n->nlmsg_type != RTM_DELTFILTER) { - fprintf(stderr, "Not a filter\n"); + if (n->nlmsg_type != RTM_NEWTFILTER && + n->nlmsg_type != RTM_GETTFILTER && + n->nlmsg_type != RTM_DELTFILTER) { + fprintf(stderr, "Not a filter(cmd %d)\n", n->nlmsg_type); return 0; } len -= NLMSG_LENGTH(sizeof(*t)); @@ -212,7 +231,6 @@ int print_filter(const struct sockaddr_nl *who, return -1; } - memset(tb, 0, sizeof(tb)); parse_rtattr(tb, TCA_MAX, TCA_RTA(t), len); if (tb[TCA_KIND] == NULL) { @@ -223,6 +241,16 @@ int print_filter(const struct sockaddr_nl *who, if (n->nlmsg_type == RTM_DELTFILTER) fprintf(fp, "deleted "); + if (n->nlmsg_type == RTM_NEWTFILTER && + (n->nlmsg_flags & NLM_F_CREATE) && + !(n->nlmsg_flags & NLM_F_EXCL)) + fprintf(fp, "replaced "); + + if (n->nlmsg_type == RTM_NEWTFILTER && + (n->nlmsg_flags & NLM_F_CREATE) && + (n->nlmsg_flags & NLM_F_EXCL)) + fprintf(fp, "added "); + fprintf(fp, "filter "); if (!filter_ifindex || filter_ifindex != t->tcm_ifindex) fprintf(fp, "dev %s ", ll_index_to_name(t->tcm_ifindex)); @@ -243,6 +271,7 @@ int print_filter(const struct sockaddr_nl *who, if (t->tcm_info) { f_proto = TC_H_MIN(t->tcm_info); __u32 prio = TC_H_MAJ(t->tcm_info)>>16; + if (!filter_protocol || filter_protocol != f_proto) { if (f_proto) { SPRINT_BUF(b1); @@ -256,6 +285,15 @@ int print_filter(const struct sockaddr_nl *who, } } fprintf(fp, "%s ", rta_getattr_str(tb[TCA_KIND])); + + if (tb[TCA_CHAIN]) { + __u32 chain_index = rta_getattr_u32(tb[TCA_CHAIN]); + + if (!filter_chain_index_set || + filter_chain_index != chain_index) + fprintf(fp, "chain %u ", chain_index); + } + q = get_filter_kind(RTA_DATA(tb[TCA_KIND])); if (tb[TCA_OPTIONS]) { if (q) @@ -274,17 +312,205 @@ int print_filter(const struct sockaddr_nl *who, return 0; } -static int tc_filter_list(int argc, char **argv) +static int tc_filter_get(int cmd, unsigned int flags, int argc, char **argv) { - struct tcmsg t; - char d[16]; + struct { + struct nlmsghdr n; + struct tcmsg t; + char buf[MAX_MSG]; + } req = { + .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)), + /* NLM_F_ECHO is for backward compatibility. old kernels never + * respond without it and newer kernels will ignore it. + * In old kernels there is a side effect: + * In addition to a response to the GET you will receive an + * event (if you do tc mon). + */ + .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ECHO | flags, + .n.nlmsg_type = cmd, + .t.tcm_parent = TC_H_UNSPEC, + .t.tcm_family = AF_UNSPEC, + }; + struct filter_util *q = NULL; __u32 prio = 0; __u32 protocol = 0; + int protocol_set = 0; + __u32 chain_index; + int chain_index_set = 0; + __u32 parent_handle = 0; char *fhandle = NULL; + char d[16] = {}; + char k[16] = {}; + + while (argc > 0) { + if (strcmp(*argv, "dev") == 0) { + NEXT_ARG(); + if (d[0]) + duparg("dev", *argv); + strncpy(d, *argv, sizeof(d)-1); + } else if (strcmp(*argv, "root") == 0) { + if (req.t.tcm_parent) { + fprintf(stderr, + "Error: \"root\" is duplicate parent ID\n"); + return -1; + } + req.t.tcm_parent = TC_H_ROOT; + } else if (strcmp(*argv, "ingress") == 0) { + if (req.t.tcm_parent) { + fprintf(stderr, + "Error: \"ingress\" is duplicate parent ID\n"); + return -1; + } + req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT, + TC_H_MIN_INGRESS); + } else if (strcmp(*argv, "egress") == 0) { + if (req.t.tcm_parent) { + fprintf(stderr, + "Error: \"egress\" is duplicate parent ID\n"); + return -1; + } + req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT, + TC_H_MIN_EGRESS); + } else if (strcmp(*argv, "parent") == 0) { + + NEXT_ARG(); + if (req.t.tcm_parent) + duparg("parent", *argv); + if (get_tc_classid(&parent_handle, *argv)) + invarg("Invalid parent ID", *argv); + req.t.tcm_parent = parent_handle; + } else if (strcmp(*argv, "handle") == 0) { + NEXT_ARG(); + if (fhandle) + duparg("handle", *argv); + fhandle = *argv; + } else if (matches(*argv, "preference") == 0 || + matches(*argv, "priority") == 0) { + NEXT_ARG(); + if (prio) + duparg("priority", *argv); + if (get_u32(&prio, *argv, 0) || prio > 0xFFFF) + invarg("invalid priority value", *argv); + } else if (matches(*argv, "protocol") == 0) { + __u16 id; + + NEXT_ARG(); + if (protocol_set) + duparg("protocol", *argv); + if (ll_proto_a2n(&id, *argv)) + invarg("invalid protocol", *argv); + protocol = id; + protocol_set = 1; + } else if (matches(*argv, "chain") == 0) { + NEXT_ARG(); + if (chain_index_set) + duparg("chain", *argv); + if (get_u32(&chain_index, *argv, 0)) + invarg("invalid chain index value", *argv); + chain_index_set = 1; + } else if (matches(*argv, "help") == 0) { + usage(); + return 0; + } else { + if (!**argv) + invarg("invalid filter name", *argv); + + strncpy(k, *argv, sizeof(k)-1); + + q = get_filter_kind(k); + argc--; argv++; + break; + } - memset(&t, 0, sizeof(t)); - t.tcm_family = AF_UNSPEC; - memset(d, 0, sizeof(d)); + argc--; argv++; + } + + if (!protocol_set) { + fprintf(stderr, "Must specify filter protocol\n"); + return -1; + } + + if (!prio) { + fprintf(stderr, "Must specify filter priority\n"); + return -1; + } + + req.t.tcm_info = TC_H_MAKE(prio<<16, protocol); + + if (chain_index_set) + addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index); + + if (req.t.tcm_parent == TC_H_UNSPEC) { + fprintf(stderr, "Must specify filter parent\n"); + return -1; + } + + if (k[0]) + addattr_l(&req.n, sizeof(req), TCA_KIND, k, strlen(k)+1); + else { + fprintf(stderr, "Must specify filter type\n"); + return -1; + } + + if (q->parse_fopt(q, fhandle, argc, argv, &req.n)) + return 1; + + + if (!fhandle) { + fprintf(stderr, "Must specify filter \"handle\"\n"); + return -1; + } + + if (argc) { + if (matches(*argv, "help") == 0) + usage(); + fprintf(stderr, + "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n", + *argv); + return -1; + } + + if (d[0]) { + ll_init_map(&rth); + + req.t.tcm_ifindex = ll_name_to_index(d); + if (req.t.tcm_ifindex == 0) { + fprintf(stderr, "Cannot find device \"%s\"\n", d); + return 1; + } + filter_ifindex = req.t.tcm_ifindex; + } else { + fprintf(stderr, "Must specify netdevice \"dev\"\n"); + return -1; + } + + if (rtnl_talk(&rth, &req.n, &req.n, MAX_MSG) < 0) { + fprintf(stderr, "We have an error talking to the kernel\n"); + return 2; + } + + print_filter(NULL, &req.n, (void *)stdout); + + return 0; +} + +static int tc_filter_list(int argc, char **argv) +{ + struct { + struct nlmsghdr n; + struct tcmsg t; + char buf[MAX_MSG]; + } req = { + .n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg)), + .n.nlmsg_type = RTM_GETTFILTER, + .t.tcm_parent = TC_H_UNSPEC, + .t.tcm_family = AF_UNSPEC, + }; + char d[16] = {}; + __u32 prio = 0; + __u32 protocol = 0; + __u32 chain_index; + char *fhandle = NULL; while (argc > 0) { if (strcmp(*argv, "dev") == 0) { @@ -293,35 +519,39 @@ static int tc_filter_list(int argc, char **argv) duparg("dev", *argv); strncpy(d, *argv, sizeof(d)-1); } else if (strcmp(*argv, "root") == 0) { - if (t.tcm_parent) { - fprintf(stderr, "Error: \"root\" is duplicate parent ID\n"); + if (req.t.tcm_parent) { + fprintf(stderr, + "Error: \"root\" is duplicate parent ID\n"); return -1; } - filter_parent = t.tcm_parent = TC_H_ROOT; + filter_parent = req.t.tcm_parent = TC_H_ROOT; } else if (strcmp(*argv, "ingress") == 0) { - if (t.tcm_parent) { - fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n"); + if (req.t.tcm_parent) { + fprintf(stderr, + "Error: \"ingress\" is duplicate parent ID\n"); return -1; } filter_parent = TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS); - t.tcm_parent = filter_parent; + req.t.tcm_parent = filter_parent; } else if (strcmp(*argv, "egress") == 0) { - if (t.tcm_parent) { - fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n"); + if (req.t.tcm_parent) { + fprintf(stderr, + "Error: \"egress\" is duplicate parent ID\n"); return -1; } filter_parent = TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_EGRESS); - t.tcm_parent = filter_parent; + req.t.tcm_parent = filter_parent; } else if (strcmp(*argv, "parent") == 0) { __u32 handle; + NEXT_ARG(); - if (t.tcm_parent) + if (req.t.tcm_parent) duparg("parent", *argv); if (get_tc_classid(&handle, *argv)) invarg("invalid parent ID", *argv); - filter_parent = t.tcm_parent = handle; + filter_parent = req.t.tcm_parent = handle; } else if (strcmp(*argv, "handle") == 0) { NEXT_ARG(); if (fhandle) @@ -337,6 +567,7 @@ static int tc_filter_list(int argc, char **argv) filter_prio = prio; } else if (matches(*argv, "protocol") == 0) { __u16 res; + NEXT_ARG(); if (protocol) duparg("protocol", *argv); @@ -344,29 +575,43 @@ static int tc_filter_list(int argc, char **argv) invarg("invalid protocol", *argv); protocol = res; filter_protocol = protocol; + } else if (matches(*argv, "chain") == 0) { + NEXT_ARG(); + if (filter_chain_index_set) + duparg("chain", *argv); + if (get_u32(&chain_index, *argv, 0)) + invarg("invalid chain index value", *argv); + filter_chain_index_set = 1; + filter_chain_index = chain_index; } else if (matches(*argv, "help") == 0) { usage(); } else { - fprintf(stderr, " What is \"%s\"? Try \"tc filter help\"\n", *argv); + fprintf(stderr, + " What is \"%s\"? Try \"tc filter help\"\n", + *argv); return -1; } argc--; argv++; } - t.tcm_info = TC_H_MAKE(prio<<16, protocol); + req.t.tcm_info = TC_H_MAKE(prio<<16, protocol); ll_init_map(&rth); if (d[0]) { - if ((t.tcm_ifindex = ll_name_to_index(d)) == 0) { + req.t.tcm_ifindex = ll_name_to_index(d); + if (req.t.tcm_ifindex == 0) { fprintf(stderr, "Cannot find device \"%s\"\n", d); return 1; } - filter_ifindex = t.tcm_ifindex; + filter_ifindex = req.t.tcm_ifindex; } - if (rtnl_dump_request(&rth, RTM_GETTFILTER, &t, sizeof(t)) < 0) { + if (filter_chain_index_set) + addattr32(&req.n, sizeof(req), TCA_CHAIN, chain_index); + + if (rtnl_dump_request_n(&rth, &req.n) < 0) { perror("Cannot send dump request"); return 1; } @@ -384,24 +629,25 @@ int do_filter(int argc, char **argv) if (argc < 1) return tc_filter_list(0, NULL); if (matches(*argv, "add") == 0) - return tc_filter_modify(RTM_NEWTFILTER, NLM_F_EXCL|NLM_F_CREATE, argc-1, argv+1); + return tc_filter_modify(RTM_NEWTFILTER, NLM_F_EXCL|NLM_F_CREATE, + argc-1, argv+1); if (matches(*argv, "change") == 0) return tc_filter_modify(RTM_NEWTFILTER, 0, argc-1, argv+1); if (matches(*argv, "replace") == 0) - return tc_filter_modify(RTM_NEWTFILTER, NLM_F_CREATE, argc-1, argv+1); + return tc_filter_modify(RTM_NEWTFILTER, NLM_F_CREATE, argc-1, + argv+1); if (matches(*argv, "delete") == 0) return tc_filter_modify(RTM_DELTFILTER, 0, argc-1, argv+1); -#if 0 if (matches(*argv, "get") == 0) return tc_filter_get(RTM_GETTFILTER, 0, argc-1, argv+1); -#endif if (matches(*argv, "list") == 0 || matches(*argv, "show") == 0 || matches(*argv, "lst") == 0) return tc_filter_list(argc-1, argv+1); if (matches(*argv, "help") == 0) { usage(); return 0; - } - fprintf(stderr, "Command \"%s\" is unknown, try \"tc filter help\".\n", *argv); + } + fprintf(stderr, "Command \"%s\" is unknown, try \"tc filter help\".\n", + *argv); return -1; } |