1 /*
2  * m_egress.c		ingress/egress packet mirror/redir actions module
3  *
4  *		This program is free software; you can distribute it and/or
5  *		modify it under the terms of the GNU General Public License
6  *		as published by the Free Software Foundation; either version
7  *		2 of the License, or (at your option) any later version.
8  *
9  * Authors:  J Hadi Salim (hadi@cyberus.ca)
10  *
11  * TODO: Add Ingress support
12  *
13  */
14 
15 #include <stdio.h>
16 #include <stdlib.h>
17 #include <unistd.h>
18 #include <syslog.h>
19 #include <fcntl.h>
20 #include <sys/socket.h>
21 #include <netinet/in.h>
22 #include <arpa/inet.h>
23 #include <string.h>
24 #include "utils.h"
25 #include "tc_util.h"
26 #include "tc_common.h"
27 #include <linux/tc_act/tc_mirred.h>
28 
29 static void
explain(void)30 explain(void)
31 {
32 	fprintf(stderr, "Usage: mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME>\n");
33 	fprintf(stderr, "where:\n");
34 	fprintf(stderr, "\tDIRECTION := <ingress | egress>\n");
35 	fprintf(stderr, "\tACTION := <mirror | redirect>\n");
36 	fprintf(stderr, "\tINDEX  is the specific policy instance id\n");
37 	fprintf(stderr, "\tDEVICENAME is the devicename\n");
38 
39 }
40 
41 static void
usage(void)42 usage(void)
43 {
44 	explain();
45 	exit(-1);
46 }
47 
mirred_n2a(int action)48 static const char *mirred_n2a(int action)
49 {
50 	switch (action) {
51 	case TCA_EGRESS_REDIR:
52 		return "Egress Redirect";
53 	case TCA_INGRESS_REDIR:
54 		return "Ingress Redirect";
55 	case TCA_EGRESS_MIRROR:
56 		return "Egress Mirror";
57 	case TCA_INGRESS_MIRROR:
58 		return "Ingress Mirror";
59 	default:
60 		return "unknown";
61 	}
62 }
63 
64 static int
parse_direction(struct action_util * a,int * argc_p,char *** argv_p,int tca_id,struct nlmsghdr * n)65 parse_direction(struct action_util *a, int *argc_p, char ***argv_p,
66 		int tca_id, struct nlmsghdr *n)
67 {
68 
69 	int argc = *argc_p;
70 	char **argv = *argv_p;
71 	int ok = 0, iok = 0, mirror = 0, redir = 0, ingress = 0, egress = 0;
72 	struct tc_mirred p = {};
73 	struct rtattr *tail;
74 	char d[16] = {};
75 
76 	while (argc > 0) {
77 
78 		if (matches(*argv, "action") == 0) {
79 			break;
80 		} else if (!egress && matches(*argv, "egress") == 0) {
81 			egress = 1;
82 			if (ingress) {
83 				fprintf(stderr, "Can't have both egress and ingress\n");
84 				return -1;
85 			}
86 			NEXT_ARG();
87 			ok++;
88 			continue;
89 		} else if (!ingress && matches(*argv, "ingress") == 0) {
90 			ingress = 1;
91 			if (egress) {
92 				fprintf(stderr, "Can't have both ingress and egress\n");
93 				return -1;
94 			}
95 			NEXT_ARG();
96 			ok++;
97 			continue;
98 		} else {
99 
100 			if (matches(*argv, "index") == 0) {
101 				NEXT_ARG();
102 				if (get_u32(&p.index, *argv, 10)) {
103 					fprintf(stderr, "Illegal \"index\"\n");
104 					return -1;
105 				}
106 				iok++;
107 				if (!ok) {
108 					argc--;
109 					argv++;
110 					break;
111 				}
112 			} else if (!ok) {
113 				fprintf(stderr, "was expecting egress or ingress (%s)\n", *argv);
114 				break;
115 
116 			} else if (!mirror && matches(*argv, "mirror") == 0) {
117 				mirror = 1;
118 				if (redir) {
119 					fprintf(stderr, "Can't have both mirror and redir\n");
120 					return -1;
121 				}
122 				p.eaction = egress ? TCA_EGRESS_MIRROR :
123 					    TCA_INGRESS_MIRROR;
124 				p.action = TC_ACT_PIPE;
125 				ok++;
126 			} else if (!redir && matches(*argv, "redirect") == 0) {
127 				redir = 1;
128 				if (mirror) {
129 					fprintf(stderr, "Can't have both mirror and redir\n");
130 					return -1;
131 				}
132 				p.eaction = egress ? TCA_EGRESS_REDIR :
133 					    TCA_INGRESS_REDIR;
134 				p.action = TC_ACT_STOLEN;
135 				ok++;
136 			} else if ((redir || mirror) && matches(*argv, "dev") == 0) {
137 				NEXT_ARG();
138 				if (strlen(d))
139 					duparg("dev", *argv);
140 
141 				strncpy(d, *argv, sizeof(d)-1);
142 				argc--;
143 				argv++;
144 
145 				break;
146 
147 			}
148 		}
149 
150 		NEXT_ARG();
151 	}
152 
153 	if (!ok && !iok) {
154 		return -1;
155 	}
156 
157 
158 
159 	if (d[0])  {
160 		int idx;
161 
162 		ll_init_map(&rth);
163 
164 		if ((idx = ll_name_to_index(d)) == 0) {
165 			fprintf(stderr, "Cannot find device \"%s\"\n", d);
166 			return -1;
167 		}
168 
169 		p.ifindex = idx;
170 	}
171 
172 
173 	if (p.eaction == TCA_EGRESS_MIRROR || p.eaction == TCA_INGRESS_MIRROR)
174 		parse_action_control(&argc, &argv, &p.action, false);
175 
176 	if (argc) {
177 		if (iok && matches(*argv, "index") == 0) {
178 			fprintf(stderr, "mirred: Illegal double index\n");
179 			return -1;
180 		} else {
181 			if (matches(*argv, "index") == 0) {
182 				NEXT_ARG();
183 				if (get_u32(&p.index, *argv, 10)) {
184 					fprintf(stderr, "mirred: Illegal \"index\"\n");
185 					return -1;
186 				}
187 				argc--;
188 				argv++;
189 			}
190 		}
191 	}
192 
193 	tail = NLMSG_TAIL(n);
194 	addattr_l(n, MAX_MSG, tca_id, NULL, 0);
195 	addattr_l(n, MAX_MSG, TCA_MIRRED_PARMS, &p, sizeof(p));
196 	tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
197 
198 	*argc_p = argc;
199 	*argv_p = argv;
200 	return 0;
201 }
202 
203 
204 static int
parse_mirred(struct action_util * a,int * argc_p,char *** argv_p,int tca_id,struct nlmsghdr * n)205 parse_mirred(struct action_util *a, int *argc_p, char ***argv_p,
206 	     int tca_id, struct nlmsghdr *n)
207 {
208 
209 	int argc = *argc_p;
210 	char **argv = *argv_p;
211 
212 	if (argc < 0) {
213 		fprintf(stderr, "mirred bad argument count %d\n", argc);
214 		return -1;
215 	}
216 
217 	if (matches(*argv, "mirred") == 0) {
218 		NEXT_ARG();
219 	} else {
220 		fprintf(stderr, "mirred bad argument %s\n", *argv);
221 		return -1;
222 	}
223 
224 
225 	if (matches(*argv, "egress") == 0 || matches(*argv, "ingress") == 0 ||
226 	    matches(*argv, "index") == 0) {
227 		int ret = parse_direction(a, &argc, &argv, tca_id, n);
228 
229 		if (ret == 0) {
230 			*argc_p = argc;
231 			*argv_p = argv;
232 			return 0;
233 		}
234 
235 	} else if (matches(*argv, "help") == 0) {
236 		usage();
237 	} else {
238 		fprintf(stderr, "mirred option not supported %s\n", *argv);
239 	}
240 
241 	return -1;
242 
243 }
244 
245 static int
print_mirred(struct action_util * au,FILE * f,struct rtattr * arg)246 print_mirred(struct action_util *au, FILE * f, struct rtattr *arg)
247 {
248 	struct tc_mirred *p;
249 	struct rtattr *tb[TCA_MIRRED_MAX + 1];
250 	const char *dev;
251 
252 	if (arg == NULL)
253 		return -1;
254 
255 	parse_rtattr_nested(tb, TCA_MIRRED_MAX, arg);
256 
257 	if (tb[TCA_MIRRED_PARMS] == NULL) {
258 		fprintf(f, "[NULL mirred parameters]");
259 		return -1;
260 	}
261 	p = RTA_DATA(tb[TCA_MIRRED_PARMS]);
262 
263 	/*
264 	ll_init_map(&rth);
265 	*/
266 
267 
268 	if ((dev = ll_index_to_name(p->ifindex)) == 0) {
269 		fprintf(stderr, "Cannot find device %d\n", p->ifindex);
270 		return -1;
271 	}
272 
273 	fprintf(f, "mirred (%s to device %s)", mirred_n2a(p->eaction), dev);
274 	print_action_control(f, " ", p->action, "");
275 
276 	fprintf(f, "\n ");
277 	fprintf(f, "\tindex %u ref %d bind %d", p->index, p->refcnt,
278 		p->bindcnt);
279 
280 	if (show_stats) {
281 		if (tb[TCA_MIRRED_TM]) {
282 			struct tcf_t *tm = RTA_DATA(tb[TCA_MIRRED_TM]);
283 
284 			print_tm(f, tm);
285 		}
286 	}
287 	fprintf(f, "\n ");
288 	return 0;
289 }
290 
291 struct action_util mirred_action_util = {
292 	.id = "mirred",
293 	.parse_aopt = parse_mirred,
294 	.print_aopt = print_mirred,
295 };
296