• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * m_egress.c		ingress/egress packet mirror/redir actions module
3  *
4  *		This program is free software; you can distribute it and/or
5  *		modify it under the terms of the GNU General Public License
6  *		as published by the Free Software Foundation; either version
7  *		2 of the License, or (at your option) any later version.
8  *
9  * Authors:  J Hadi Salim (hadi@cyberus.ca)
10  *
11  * TODO: Add Ingress support
12  *
13  */
14 
15 #include <stdio.h>
16 #include <stdlib.h>
17 #include <unistd.h>
18 #include <syslog.h>
19 #include <fcntl.h>
20 #include <sys/socket.h>
21 #include <netinet/in.h>
22 #include <arpa/inet.h>
23 #include <string.h>
24 #include "utils.h"
25 #include "tc_util.h"
26 #include "tc_common.h"
27 #include <linux/tc_act/tc_mirred.h>
28 
29 static void
explain(void)30 explain(void)
31 {
32 	fprintf(stderr, "Usage: mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME> \n");
33 	fprintf(stderr, "where: \n");
34 	fprintf(stderr, "\tDIRECTION := <ingress | egress>\n");
35 	fprintf(stderr, "\tACTION := <mirror | redirect>\n");
36 	fprintf(stderr, "\tINDEX  is the specific policy instance id\n");
37 	fprintf(stderr, "\tDEVICENAME is the devicename \n");
38 
39 }
40 
41 static void
usage(void)42 usage(void)
43 {
44 	explain();
45 	exit(-1);
46 }
47 
mirred_n2a(int action)48 char *mirred_n2a(int action)
49 {
50 	switch (action) {
51 	case TCA_EGRESS_REDIR:
52 		return "Egress Redirect";
53 	case TCA_INGRESS_REDIR:
54 		return "Ingress Redirect";
55 	case TCA_EGRESS_MIRROR:
56 		return "Egress Mirror";
57 	case TCA_INGRESS_MIRROR:
58 		return "Ingress Mirror";
59 	default:
60 		return "unknown";
61 	}
62 }
63 
64 int
parse_egress(struct action_util * a,int * argc_p,char *** argv_p,int tca_id,struct nlmsghdr * n)65 parse_egress(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
66 {
67 
68 	int argc = *argc_p;
69 	char **argv = *argv_p;
70 	int ok = 0, iok = 0, mirror=0,redir=0;
71 	struct tc_mirred p;
72 	struct rtattr *tail;
73 	char d[16];
74 
75 	memset(d,0,sizeof(d)-1);
76 	memset(&p,0,sizeof(struct tc_mirred));
77 
78 	while (argc > 0) {
79 
80 		if (matches(*argv, "action") == 0) {
81 			break;
82 		} else if (matches(*argv, "egress") == 0) {
83 			NEXT_ARG();
84 			ok++;
85 			continue;
86 		} else {
87 
88 			if (matches(*argv, "index") == 0) {
89 				NEXT_ARG();
90 				if (get_u32(&p.index, *argv, 10)) {
91 					fprintf(stderr, "Illegal \"index\"\n");
92 					return -1;
93 				}
94 				iok++;
95 				if (!ok) {
96 					argc--;
97 					argv++;
98 					break;
99 				}
100 			} else if(!ok) {
101 				fprintf(stderr, "was expecting egress (%s)\n", *argv);
102 				break;
103 
104 			} else if (!mirror && matches(*argv, "mirror") == 0) {
105 				mirror=1;
106 				if (redir) {
107 					fprintf(stderr, "Cant have both mirror and redir\n");
108 					return -1;
109 				}
110 				p.eaction = TCA_EGRESS_MIRROR;
111 				p.action = TC_ACT_PIPE;
112 				ok++;
113 			} else if (!redir && matches(*argv, "redirect") == 0) {
114 				redir=1;
115 				if (mirror) {
116 					fprintf(stderr, "Cant have both mirror and redir\n");
117 					return -1;
118 				}
119 				p.eaction = TCA_EGRESS_REDIR;
120 				p.action = TC_ACT_STOLEN;
121 				ok++;
122 			} else if ((redir || mirror) && matches(*argv, "dev") == 0) {
123 				NEXT_ARG();
124 				if (strlen(d))
125 					duparg("dev", *argv);
126 
127 				strncpy(d, *argv, sizeof(d)-1);
128 				argc--;
129 				argv++;
130 
131 				break;
132 
133 			}
134 		}
135 
136 		NEXT_ARG();
137 	}
138 
139 	if (!ok && !iok) {
140 		return -1;
141 	}
142 
143 
144 
145 	if (d[0])  {
146 		int idx;
147 		ll_init_map(&rth);
148 
149 		if ((idx = ll_name_to_index(d)) == 0) {
150 			fprintf(stderr, "Cannot find device \"%s\"\n", d);
151 			return -1;
152 		}
153 
154 		p.ifindex = idx;
155 	}
156 
157 
158 	if (argc && p.eaction == TCA_EGRESS_MIRROR) {
159 
160 		if (matches(*argv, "reclassify") == 0) {
161 			p.action = TC_POLICE_RECLASSIFY;
162 			NEXT_ARG();
163 		} else if (matches(*argv, "pipe") == 0) {
164 			p.action = TC_POLICE_PIPE;
165 			NEXT_ARG();
166 		} else if (matches(*argv, "drop") == 0 ||
167 			   matches(*argv, "shot") == 0) {
168 			p.action = TC_POLICE_SHOT;
169 			NEXT_ARG();
170 		} else if (matches(*argv, "continue") == 0) {
171 			p.action = TC_POLICE_UNSPEC;
172 			NEXT_ARG();
173 		} else if (matches(*argv, "pass") == 0) {
174 			p.action = TC_POLICE_OK;
175 			NEXT_ARG();
176 		}
177 
178 	}
179 
180 	if (argc) {
181 		if (iok && matches(*argv, "index") == 0) {
182 			fprintf(stderr, "mirred: Illegal double index\n");
183 			return -1;
184 		} else {
185 			if (matches(*argv, "index") == 0) {
186 				NEXT_ARG();
187 				if (get_u32(&p.index, *argv, 10)) {
188 					fprintf(stderr, "mirred: Illegal \"index\"\n");
189 					return -1;
190 				}
191 				argc--;
192 				argv++;
193 			}
194 		}
195 	}
196 
197 	tail = NLMSG_TAIL(n);
198 	addattr_l(n, MAX_MSG, tca_id, NULL, 0);
199 	addattr_l(n, MAX_MSG, TCA_MIRRED_PARMS, &p, sizeof (p));
200 	tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
201 
202 	*argc_p = argc;
203 	*argv_p = argv;
204 	return 0;
205 }
206 
207 
208 int
parse_mirred(struct action_util * a,int * argc_p,char *** argv_p,int tca_id,struct nlmsghdr * n)209 parse_mirred(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n)
210 {
211 
212 	int argc = *argc_p;
213 	char **argv = *argv_p;
214 
215 	if (argc < 0) {
216 		fprintf(stderr,"mirred bad arguement count %d\n", argc);
217 		return -1;
218 	}
219 
220 	if (matches(*argv, "mirred") == 0) {
221 		NEXT_ARG();
222 	} else {
223 		fprintf(stderr,"mirred bad arguement %s\n", *argv);
224 		return -1;
225 	}
226 
227 
228 	if (matches(*argv, "egress") == 0 || matches(*argv, "index") == 0) {
229 		int ret = parse_egress(a, &argc, &argv, tca_id, n);
230 		if (ret == 0) {
231 			*argc_p = argc;
232 			*argv_p = argv;
233 			return 0;
234 		}
235 
236 	} else if (matches(*argv, "ingress") == 0) {
237 		fprintf(stderr,"mirred ingress not supported at the moment\n");
238 	} else if (matches(*argv, "help") == 0) {
239 		usage();
240 	} else {
241 		fprintf(stderr,"mirred option not supported %s\n", *argv);
242 	}
243 
244 	return -1;
245 
246 }
247 
248 int
print_mirred(struct action_util * au,FILE * f,struct rtattr * arg)249 print_mirred(struct action_util *au,FILE * f, struct rtattr *arg)
250 {
251 	struct tc_mirred *p;
252 	struct rtattr *tb[TCA_MIRRED_MAX + 1];
253 	const char *dev;
254 	SPRINT_BUF(b1);
255 
256 	if (arg == NULL)
257 		return -1;
258 
259 	parse_rtattr_nested(tb, TCA_MIRRED_MAX, arg);
260 
261 	if (tb[TCA_MIRRED_PARMS] == NULL) {
262 		fprintf(f, "[NULL mirred parameters]");
263 		return -1;
264 	}
265 	p = RTA_DATA(tb[TCA_MIRRED_PARMS]);
266 
267 	/*
268 	ll_init_map(&rth);
269 	*/
270 
271 
272 	if ((dev = ll_index_to_name(p->ifindex)) == 0) {
273 		fprintf(stderr, "Cannot find device %d\n", p->ifindex);
274 		return -1;
275 	}
276 
277 	fprintf(f, "mirred (%s to device %s) %s", mirred_n2a(p->eaction), dev,action_n2a(p->action, b1, sizeof (b1)));
278 
279 	fprintf(f, "\n ");
280 	fprintf(f, "\tindex %d ref %d bind %d",p->index,p->refcnt,p->bindcnt);
281 
282 	if (show_stats) {
283 		if (tb[TCA_MIRRED_TM]) {
284 			struct tcf_t *tm = RTA_DATA(tb[TCA_MIRRED_TM]);
285 			print_tm(f,tm);
286 		}
287 	}
288 	fprintf(f, "\n ");
289 	return 0;
290 }
291 
292 struct action_util mirred_action_util = {
293 	.id = "mirred",
294 	.parse_aopt = parse_mirred,
295 	.print_aopt = print_mirred,
296 };
297