1 /*
2 * m_egress.c ingress/egress packet mirror/redir actions module
3 *
4 * This program is free software; you can distribute it and/or
5 * modify it under the terms of the GNU General Public License
6 * as published by the Free Software Foundation; either version
7 * 2 of the License, or (at your option) any later version.
8 *
9 * Authors: J Hadi Salim (hadi@cyberus.ca)
10 *
11 * TODO: Add Ingress support
12 *
13 */
14
15 #include <stdio.h>
16 #include <stdlib.h>
17 #include <unistd.h>
18 #include <syslog.h>
19 #include <fcntl.h>
20 #include <sys/socket.h>
21 #include <netinet/in.h>
22 #include <arpa/inet.h>
23 #include <string.h>
24 #include "utils.h"
25 #include "tc_util.h"
26 #include "tc_common.h"
27 #include <linux/tc_act/tc_mirred.h>
28
29 int mirred_d = 1;
30
31 static void
explain(void)32 explain(void)
33 {
34 fprintf(stderr, "Usage: mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME> \n");
35 fprintf(stderr, "where: \n");
36 fprintf(stderr, "\tDIRECTION := <ingress | egress>\n");
37 fprintf(stderr, "\tACTION := <mirror | redirect>\n");
38 fprintf(stderr, "\tINDEX is the specific policy instance id\n");
39 fprintf(stderr, "\tDEVICENAME is the devicename \n");
40
41 }
42
43 static void
usage(void)44 usage(void)
45 {
46 explain();
47 exit(-1);
48 }
49
mirred_n2a(int action)50 char *mirred_n2a(int action)
51 {
52 switch (action) {
53 case TCA_EGRESS_REDIR:
54 return "Egress Redirect";
55 case TCA_INGRESS_REDIR:
56 return "Ingress Redirect";
57 case TCA_EGRESS_MIRROR:
58 return "Egress Mirror";
59 case TCA_INGRESS_MIRROR:
60 return "Ingress Mirror";
61 default:
62 return "unknown";
63 }
64 }
65
66 int
parse_egress(struct action_util * a,int * argc_p,char *** argv_p,int tca_id,struct nlmsghdr * n)67 parse_egress(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
68 {
69
70 int argc = *argc_p;
71 char **argv = *argv_p;
72 int ok = 0, iok = 0, mirror=0,redir=0;
73 struct tc_mirred p;
74 struct rtattr *tail;
75 char d[16];
76
77 memset(d,0,sizeof(d)-1);
78 memset(&p,0,sizeof(struct tc_mirred));
79
80 while (argc > 0) {
81
82 if (matches(*argv, "action") == 0) {
83 break;
84 } else if (matches(*argv, "egress") == 0) {
85 NEXT_ARG();
86 ok++;
87 continue;
88 } else {
89
90 if (matches(*argv, "index") == 0) {
91 NEXT_ARG();
92 if (get_u32(&p.index, *argv, 10)) {
93 fprintf(stderr, "Illegal \"index\"\n");
94 return -1;
95 }
96 iok++;
97 if (!ok) {
98 argc--;
99 argv++;
100 break;
101 }
102 } else if(!ok) {
103 fprintf(stderr, "was expecting egress (%s)\n", *argv);
104 break;
105
106 } else if (!mirror && matches(*argv, "mirror") == 0) {
107 mirror=1;
108 if (redir) {
109 fprintf(stderr, "Cant have both mirror and redir\n");
110 return -1;
111 }
112 p.eaction = TCA_EGRESS_MIRROR;
113 p.action = TC_ACT_PIPE;
114 ok++;
115 } else if (!redir && matches(*argv, "redirect") == 0) {
116 redir=1;
117 if (mirror) {
118 fprintf(stderr, "Cant have both mirror and redir\n");
119 return -1;
120 }
121 p.eaction = TCA_EGRESS_REDIR;
122 p.action = TC_ACT_STOLEN;
123 ok++;
124 } else if ((redir || mirror) && matches(*argv, "dev") == 0) {
125 NEXT_ARG();
126 if (strlen(d))
127 duparg("dev", *argv);
128
129 strncpy(d, *argv, sizeof(d)-1);
130 argc--;
131 argv++;
132
133 break;
134
135 }
136 }
137
138 NEXT_ARG();
139 }
140
141 if (!ok && !iok) {
142 return -1;
143 }
144
145
146
147 if (d[0]) {
148 int idx;
149 ll_init_map(&rth);
150
151 if ((idx = ll_name_to_index(d)) == 0) {
152 fprintf(stderr, "Cannot find device \"%s\"\n", d);
153 return -1;
154 }
155
156 p.ifindex = idx;
157 }
158
159
160 if (argc && p.eaction == TCA_EGRESS_MIRROR) {
161
162 if (matches(*argv, "reclassify") == 0) {
163 p.action = TC_POLICE_RECLASSIFY;
164 NEXT_ARG();
165 } else if (matches(*argv, "pipe") == 0) {
166 p.action = TC_POLICE_PIPE;
167 NEXT_ARG();
168 } else if (matches(*argv, "drop") == 0 ||
169 matches(*argv, "shot") == 0) {
170 p.action = TC_POLICE_SHOT;
171 NEXT_ARG();
172 } else if (matches(*argv, "continue") == 0) {
173 p.action = TC_POLICE_UNSPEC;
174 NEXT_ARG();
175 } else if (matches(*argv, "pass") == 0) {
176 p.action = TC_POLICE_OK;
177 NEXT_ARG();
178 }
179
180 }
181
182 if (argc) {
183 if (iok && matches(*argv, "index") == 0) {
184 fprintf(stderr, "mirred: Illegal double index\n");
185 return -1;
186 } else {
187 if (matches(*argv, "index") == 0) {
188 NEXT_ARG();
189 if (get_u32(&p.index, *argv, 10)) {
190 fprintf(stderr, "mirred: Illegal \"index\"\n");
191 return -1;
192 }
193 argc--;
194 argv++;
195 }
196 }
197 }
198
199 if (mirred_d)
200 fprintf(stdout, "Action %d device %s ifindex %d\n",p.action, d,p.ifindex);
201
202 tail = NLMSG_TAIL(n);
203 addattr_l(n, MAX_MSG, tca_id, NULL, 0);
204 addattr_l(n, MAX_MSG, TCA_MIRRED_PARMS, &p, sizeof (p));
205 tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
206
207 *argc_p = argc;
208 *argv_p = argv;
209 return 0;
210 }
211
212
213 int
parse_mirred(struct action_util * a,int * argc_p,char *** argv_p,int tca_id,struct nlmsghdr * n)214 parse_mirred(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
215 {
216
217 int argc = *argc_p;
218 char **argv = *argv_p;
219
220 if (argc < 0) {
221 fprintf(stderr,"mirred bad arguement count %d\n", argc);
222 return -1;
223 }
224
225 if (matches(*argv, "mirred") == 0) {
226 NEXT_ARG();
227 } else {
228 fprintf(stderr,"mirred bad arguement %s\n", *argv);
229 return -1;
230 }
231
232
233 if (matches(*argv, "egress") == 0 || matches(*argv, "index") == 0) {
234 int ret = parse_egress(a, &argc, &argv, tca_id, n);
235 if (ret == 0) {
236 *argc_p = argc;
237 *argv_p = argv;
238 return 0;
239 }
240
241 } else if (matches(*argv, "ingress") == 0) {
242 fprintf(stderr,"mirred ingress not supported at the moment\n");
243 } else if (matches(*argv, "help") == 0) {
244 usage();
245 } else {
246 fprintf(stderr,"mirred option not supported %s\n", *argv);
247 }
248
249 return -1;
250
251 }
252
253 int
print_mirred(struct action_util * au,FILE * f,struct rtattr * arg)254 print_mirred(struct action_util *au,FILE * f, struct rtattr *arg)
255 {
256 struct tc_mirred *p;
257 struct rtattr *tb[TCA_MIRRED_MAX + 1];
258 const char *dev;
259 SPRINT_BUF(b1);
260
261 if (arg == NULL)
262 return -1;
263
264 parse_rtattr_nested(tb, TCA_MIRRED_MAX, arg);
265
266 if (tb[TCA_MIRRED_PARMS] == NULL) {
267 fprintf(f, "[NULL mirred parameters]");
268 return -1;
269 }
270 p = RTA_DATA(tb[TCA_MIRRED_PARMS]);
271
272 /*
273 ll_init_map(&rth);
274 */
275
276
277 if ((dev = ll_index_to_name(p->ifindex)) == 0) {
278 fprintf(stderr, "Cannot find device %d\n", p->ifindex);
279 return -1;
280 }
281
282 fprintf(f, "mirred (%s to device %s) %s", mirred_n2a(p->eaction), dev,action_n2a(p->action, b1, sizeof (b1)));
283
284 fprintf(f, "\n ");
285 fprintf(f, "\tindex %d ref %d bind %d",p->index,p->refcnt,p->bindcnt);
286
287 if (show_stats) {
288 if (tb[TCA_MIRRED_TM]) {
289 struct tcf_t *tm = RTA_DATA(tb[TCA_MIRRED_TM]);
290 print_tm(f,tm);
291 }
292 }
293 fprintf(f, "\n ");
294 return 0;
295 }
296
297 struct action_util mirred_action_util = {
298 .id = "mirred",
299 .parse_aopt = parse_mirred,
300 .print_aopt = print_mirred,
301 };
302