1 /*
2  * tc_filter.c		"tc filter".
3  *
4  *		This program is free software; you can redistribute it and/or
5  *		modify it under the terms of the GNU General Public License
6  *		as published by the Free Software Foundation; either version
7  *		2 of the License, or (at your option) any later version.
8  *
9  * Authors:	Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
10  *
11  */
12 
13 #include <stdio.h>
14 #include <stdlib.h>
15 #include <unistd.h>
16 #include <syslog.h>
17 #include <fcntl.h>
18 #include <sys/socket.h>
19 #include <netinet/in.h>
20 #include <arpa/inet.h>
21 #include <string.h>
22 #include <linux/if_ether.h>
23 
24 #include "rt_names.h"
25 #include "utils.h"
26 #include "tc_util.h"
27 #include "tc_common.h"
28 
usage(void)29 static void usage(void)
30 {
31 	fprintf(stderr, "Usage: tc filter [ add | del | change | replace | show ] dev STRING\n");
32 	fprintf(stderr, "       [ pref PRIO ] protocol PROTO\n");
33 	fprintf(stderr, "       [ estimator INTERVAL TIME_CONSTANT ]\n");
34 	fprintf(stderr, "       [ root | ingress | egress | parent CLASSID ]\n");
35 	fprintf(stderr, "       [ handle FILTERID ] [ [ FILTER_TYPE ] [ help | OPTIONS ] ]\n");
36 	fprintf(stderr, "\n");
37 	fprintf(stderr, "       tc filter show [ dev STRING ] [ root | ingress | egress | parent CLASSID ]\n");
38 	fprintf(stderr, "Where:\n");
39 	fprintf(stderr, "FILTER_TYPE := { rsvp | u32 | bpf | fw | route | etc. }\n");
40 	fprintf(stderr, "FILTERID := ... format depends on classifier, see there\n");
41 	fprintf(stderr, "OPTIONS := ... try tc filter add <desired FILTER_KIND> help\n");
42 }
43 
tc_filter_modify(int cmd,unsigned flags,int argc,char ** argv)44 static int tc_filter_modify(int cmd, unsigned flags, int argc, char **argv)
45 {
46 	struct {
47 		struct nlmsghdr 	n;
48 		struct tcmsg 		t;
49 		char   			buf[MAX_MSG];
50 	} req;
51 	struct filter_util *q = NULL;
52 	__u32 prio = 0;
53 	__u32 protocol = 0;
54 	int protocol_set = 0;
55 	char *fhandle = NULL;
56 	char  d[16];
57 	char  k[16];
58 	struct tc_estimator est;
59 
60 	memset(&req, 0, sizeof(req));
61 	memset(&est, 0, sizeof(est));
62 	memset(d, 0, sizeof(d));
63 	memset(k, 0, sizeof(k));
64 	memset(&req, 0, sizeof(req));
65 
66 	req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct tcmsg));
67 	req.n.nlmsg_flags = NLM_F_REQUEST|flags;
68 	req.n.nlmsg_type = cmd;
69 	req.t.tcm_family = AF_UNSPEC;
70 
71 	if (cmd == RTM_NEWTFILTER && flags & NLM_F_CREATE)
72 		protocol = htons(ETH_P_ALL);
73 
74 	while (argc > 0) {
75 		if (strcmp(*argv, "dev") == 0) {
76 			NEXT_ARG();
77 			if (d[0])
78 				duparg("dev", *argv);
79 			strncpy(d, *argv, sizeof(d)-1);
80 		} else if (strcmp(*argv, "root") == 0) {
81 			if (req.t.tcm_parent) {
82 				fprintf(stderr, "Error: \"root\" is duplicate parent ID\n");
83 				return -1;
84 			}
85 			req.t.tcm_parent = TC_H_ROOT;
86 		} else if (strcmp(*argv, "ingress") == 0) {
87 			if (req.t.tcm_parent) {
88 				fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n");
89 				return -1;
90 			}
91 			req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
92 						     TC_H_MIN_INGRESS);
93 		} else if (strcmp(*argv, "egress") == 0) {
94 			if (req.t.tcm_parent) {
95 				fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n");
96 				return -1;
97 			}
98 			req.t.tcm_parent = TC_H_MAKE(TC_H_CLSACT,
99 						     TC_H_MIN_EGRESS);
100 		} else if (strcmp(*argv, "parent") == 0) {
101 			__u32 handle;
102 			NEXT_ARG();
103 			if (req.t.tcm_parent)
104 				duparg("parent", *argv);
105 			if (get_tc_classid(&handle, *argv))
106 				invarg("Invalid parent ID", *argv);
107 			req.t.tcm_parent = handle;
108 		} else if (strcmp(*argv, "handle") == 0) {
109 			NEXT_ARG();
110 			if (fhandle)
111 				duparg("handle", *argv);
112 			fhandle = *argv;
113 		} else if (matches(*argv, "preference") == 0 ||
114 			   matches(*argv, "priority") == 0) {
115 			NEXT_ARG();
116 			if (prio)
117 				duparg("priority", *argv);
118 			if (get_u32(&prio, *argv, 0) || prio > 0xFFFF)
119 				invarg("invalid priority value", *argv);
120 		} else if (matches(*argv, "protocol") == 0) {
121 			__u16 id;
122 			NEXT_ARG();
123 			if (protocol_set)
124 				duparg("protocol", *argv);
125 			if (ll_proto_a2n(&id, *argv))
126 				invarg("invalid protocol", *argv);
127 			protocol = id;
128 			protocol_set = 1;
129 		} else if (matches(*argv, "estimator") == 0) {
130 			if (parse_estimator(&argc, &argv, &est) < 0)
131 				return -1;
132 		} else if (matches(*argv, "help") == 0) {
133 			usage();
134 			return 0;
135 		} else {
136 			strncpy(k, *argv, sizeof(k)-1);
137 
138 			q = get_filter_kind(k);
139 			argc--; argv++;
140 			break;
141 		}
142 
143 		argc--; argv++;
144 	}
145 
146 	req.t.tcm_info = TC_H_MAKE(prio<<16, protocol);
147 
148 	if (k[0])
149 		addattr_l(&req.n, sizeof(req), TCA_KIND, k, strlen(k)+1);
150 
151 	if (q) {
152 		if (q->parse_fopt(q, fhandle, argc, argv, &req.n))
153 			return 1;
154 	} else {
155 		if (fhandle) {
156 			fprintf(stderr, "Must specify filter type when using "
157 				"\"handle\"\n");
158 			return -1;
159 		}
160 		if (argc) {
161 			if (matches(*argv, "help") == 0)
162 				usage();
163 			fprintf(stderr, "Garbage instead of arguments \"%s ...\". Try \"tc filter help\".\n", *argv);
164 			return -1;
165 		}
166 	}
167 	if (est.ewma_log)
168 		addattr_l(&req.n, sizeof(req), TCA_RATE, &est, sizeof(est));
169 
170 
171 	if (d[0])  {
172 		ll_init_map(&rth);
173 
174 		if ((req.t.tcm_ifindex = ll_name_to_index(d)) == 0) {
175 			fprintf(stderr, "Cannot find device \"%s\"\n", d);
176 			return 1;
177 		}
178 	}
179 
180 	if (rtnl_talk(&rth, &req.n, NULL, 0) < 0) {
181 		fprintf(stderr, "We have an error talking to the kernel\n");
182 		return 2;
183 	}
184 
185 	return 0;
186 }
187 
188 static __u32 filter_parent;
189 static int filter_ifindex;
190 static __u32 filter_prio;
191 static __u32 filter_protocol;
192 __u16 f_proto = 0;
193 
print_filter(const struct sockaddr_nl * who,struct nlmsghdr * n,void * arg)194 int print_filter(const struct sockaddr_nl *who,
195 			struct nlmsghdr *n,
196 			void *arg)
197 {
198 	FILE *fp = (FILE*)arg;
199 	struct tcmsg *t = NLMSG_DATA(n);
200 	int len = n->nlmsg_len;
201 	struct rtattr * tb[TCA_MAX+1];
202 	struct filter_util *q;
203 	char abuf[256];
204 
205 	if (n->nlmsg_type != RTM_NEWTFILTER && n->nlmsg_type != RTM_DELTFILTER) {
206 		fprintf(stderr, "Not a filter\n");
207 		return 0;
208 	}
209 	len -= NLMSG_LENGTH(sizeof(*t));
210 	if (len < 0) {
211 		fprintf(stderr, "Wrong len %d\n", len);
212 		return -1;
213 	}
214 
215 	memset(tb, 0, sizeof(tb));
216 	parse_rtattr(tb, TCA_MAX, TCA_RTA(t), len);
217 
218 	if (tb[TCA_KIND] == NULL) {
219 		fprintf(stderr, "print_filter: NULL kind\n");
220 		return -1;
221 	}
222 
223 	if (n->nlmsg_type == RTM_DELTFILTER)
224 		fprintf(fp, "deleted ");
225 
226 	fprintf(fp, "filter ");
227 	if (!filter_ifindex || filter_ifindex != t->tcm_ifindex)
228 		fprintf(fp, "dev %s ", ll_index_to_name(t->tcm_ifindex));
229 
230 	if (!filter_parent || filter_parent != t->tcm_parent) {
231 		if (t->tcm_parent == TC_H_ROOT)
232 			fprintf(fp, "root ");
233 		else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_INGRESS))
234 			fprintf(fp, "ingress ");
235 		else if (t->tcm_parent == TC_H_MAKE(TC_H_CLSACT, TC_H_MIN_EGRESS))
236 			fprintf(fp, "egress ");
237 		else {
238 			print_tc_classid(abuf, sizeof(abuf), t->tcm_parent);
239 			fprintf(fp, "parent %s ", abuf);
240 		}
241 	}
242 
243 	if (t->tcm_info) {
244 		f_proto = TC_H_MIN(t->tcm_info);
245 		__u32 prio = TC_H_MAJ(t->tcm_info)>>16;
246 		if (!filter_protocol || filter_protocol != f_proto) {
247 			if (f_proto) {
248 				SPRINT_BUF(b1);
249 				fprintf(fp, "protocol %s ",
250 					ll_proto_n2a(f_proto, b1, sizeof(b1)));
251 			}
252 		}
253 		if (!filter_prio || filter_prio != prio) {
254 			if (prio)
255 				fprintf(fp, "pref %u ", prio);
256 		}
257 	}
258 	fprintf(fp, "%s ", rta_getattr_str(tb[TCA_KIND]));
259 	q = get_filter_kind(RTA_DATA(tb[TCA_KIND]));
260 	if (tb[TCA_OPTIONS]) {
261 		if (q)
262 			q->print_fopt(q, fp, tb[TCA_OPTIONS], t->tcm_handle);
263 		else
264 			fprintf(fp, "[cannot parse parameters]");
265 	}
266 	fprintf(fp, "\n");
267 
268 	if (show_stats && (tb[TCA_STATS] || tb[TCA_STATS2])) {
269 		print_tcstats_attr(fp, tb, " ", NULL);
270 		fprintf(fp, "\n");
271 	}
272 
273 	fflush(fp);
274 	return 0;
275 }
276 
tc_filter_list(int argc,char ** argv)277 static int tc_filter_list(int argc, char **argv)
278 {
279 	struct tcmsg t;
280 	char d[16];
281 	__u32 prio = 0;
282 	__u32 protocol = 0;
283 	char *fhandle = NULL;
284 
285 	memset(&t, 0, sizeof(t));
286 	t.tcm_family = AF_UNSPEC;
287 	memset(d, 0, sizeof(d));
288 
289 	while (argc > 0) {
290 		if (strcmp(*argv, "dev") == 0) {
291 			NEXT_ARG();
292 			if (d[0])
293 				duparg("dev", *argv);
294 			strncpy(d, *argv, sizeof(d)-1);
295 		} else if (strcmp(*argv, "root") == 0) {
296 			if (t.tcm_parent) {
297 				fprintf(stderr, "Error: \"root\" is duplicate parent ID\n");
298 				return -1;
299 			}
300 			filter_parent = t.tcm_parent = TC_H_ROOT;
301 		} else if (strcmp(*argv, "ingress") == 0) {
302 			if (t.tcm_parent) {
303 				fprintf(stderr, "Error: \"ingress\" is duplicate parent ID\n");
304 				return -1;
305 			}
306 			filter_parent = TC_H_MAKE(TC_H_CLSACT,
307 						  TC_H_MIN_INGRESS);
308 			t.tcm_parent = filter_parent;
309 		} else if (strcmp(*argv, "egress") == 0) {
310 			if (t.tcm_parent) {
311 				fprintf(stderr, "Error: \"egress\" is duplicate parent ID\n");
312 				return -1;
313 			}
314 			filter_parent = TC_H_MAKE(TC_H_CLSACT,
315 						  TC_H_MIN_EGRESS);
316 			t.tcm_parent = filter_parent;
317 		} else if (strcmp(*argv, "parent") == 0) {
318 			__u32 handle;
319 			NEXT_ARG();
320 			if (t.tcm_parent)
321 				duparg("parent", *argv);
322 			if (get_tc_classid(&handle, *argv))
323 				invarg("invalid parent ID", *argv);
324 			filter_parent = t.tcm_parent = handle;
325 		} else if (strcmp(*argv, "handle") == 0) {
326 			NEXT_ARG();
327 			if (fhandle)
328 				duparg("handle", *argv);
329 			fhandle = *argv;
330 		} else if (matches(*argv, "preference") == 0 ||
331 			   matches(*argv, "priority") == 0) {
332 			NEXT_ARG();
333 			if (prio)
334 				duparg("priority", *argv);
335 			if (get_u32(&prio, *argv, 0))
336 				invarg("invalid preference", *argv);
337 			filter_prio = prio;
338 		} else if (matches(*argv, "protocol") == 0) {
339 			__u16 res;
340 			NEXT_ARG();
341 			if (protocol)
342 				duparg("protocol", *argv);
343 			if (ll_proto_a2n(&res, *argv))
344 				invarg("invalid protocol", *argv);
345 			protocol = res;
346 			filter_protocol = protocol;
347 		} else if (matches(*argv, "help") == 0) {
348 			usage();
349 		} else {
350 			fprintf(stderr, " What is \"%s\"? Try \"tc filter help\"\n", *argv);
351 			return -1;
352 		}
353 
354 		argc--; argv++;
355 	}
356 
357 	t.tcm_info = TC_H_MAKE(prio<<16, protocol);
358 
359 	ll_init_map(&rth);
360 
361 	if (d[0]) {
362 		if ((t.tcm_ifindex = ll_name_to_index(d)) == 0) {
363 			fprintf(stderr, "Cannot find device \"%s\"\n", d);
364 			return 1;
365 		}
366 		filter_ifindex = t.tcm_ifindex;
367 	}
368 
369 	if (rtnl_dump_request(&rth, RTM_GETTFILTER, &t, sizeof(t)) < 0) {
370 		perror("Cannot send dump request");
371 		return 1;
372 	}
373 
374 	if (rtnl_dump_filter(&rth, print_filter, stdout) < 0) {
375 		fprintf(stderr, "Dump terminated\n");
376 		return 1;
377 	}
378 
379 	return 0;
380 }
381 
do_filter(int argc,char ** argv)382 int do_filter(int argc, char **argv)
383 {
384 	if (argc < 1)
385 		return tc_filter_list(0, NULL);
386 	if (matches(*argv, "add") == 0)
387 		return tc_filter_modify(RTM_NEWTFILTER, NLM_F_EXCL|NLM_F_CREATE, argc-1, argv+1);
388 	if (matches(*argv, "change") == 0)
389 		return tc_filter_modify(RTM_NEWTFILTER, 0, argc-1, argv+1);
390 	if (matches(*argv, "replace") == 0)
391 		return tc_filter_modify(RTM_NEWTFILTER, NLM_F_CREATE, argc-1, argv+1);
392 	if (matches(*argv, "delete") == 0)
393 		return tc_filter_modify(RTM_DELTFILTER, 0,  argc-1, argv+1);
394 #if 0
395 	if (matches(*argv, "get") == 0)
396 		return tc_filter_get(RTM_GETTFILTER, 0,  argc-1, argv+1);
397 #endif
398 	if (matches(*argv, "list") == 0 || matches(*argv, "show") == 0
399 	    || matches(*argv, "lst") == 0)
400 		return tc_filter_list(argc-1, argv+1);
401 	if (matches(*argv, "help") == 0) {
402 		usage();
403 		return 0;
404         }
405 	fprintf(stderr, "Command \"%s\" is unknown, try \"tc filter help\".\n", *argv);
406 	return -1;
407 }
408