|
Packit Service |
3880ab |
/*
|
|
Packit Service |
3880ab |
* m_egress.c ingress/egress packet mirror/redir actions module
|
|
Packit Service |
3880ab |
*
|
|
Packit Service |
3880ab |
* This program is free software; you can distribute it and/or
|
|
Packit Service |
3880ab |
* modify it under the terms of the GNU General Public License
|
|
Packit Service |
3880ab |
* as published by the Free Software Foundation; either version
|
|
Packit Service |
3880ab |
* 2 of the License, or (at your option) any later version.
|
|
Packit Service |
3880ab |
*
|
|
Packit Service |
3880ab |
* Authors: J Hadi Salim (hadi@cyberus.ca)
|
|
Packit Service |
3880ab |
*
|
|
Packit Service |
3880ab |
* TODO: Add Ingress support
|
|
Packit Service |
3880ab |
*
|
|
Packit Service |
3880ab |
*/
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
#include <stdio.h>
|
|
Packit Service |
3880ab |
#include <stdlib.h>
|
|
Packit Service |
3880ab |
#include <unistd.h>
|
|
Packit Service |
3880ab |
#include <fcntl.h>
|
|
Packit Service |
3880ab |
#include <sys/socket.h>
|
|
Packit Service |
3880ab |
#include <netinet/in.h>
|
|
Packit Service |
3880ab |
#include <arpa/inet.h>
|
|
Packit Service |
3880ab |
#include <string.h>
|
|
Packit Service |
3880ab |
#include "utils.h"
|
|
Packit Service |
3880ab |
#include "tc_util.h"
|
|
Packit Service |
3880ab |
#include "tc_common.h"
|
|
Packit Service |
3880ab |
#include <linux/tc_act/tc_mirred.h>
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
static void
|
|
Packit Service |
3880ab |
explain(void)
|
|
Packit Service |
3880ab |
{
|
|
Packit Service |
3880ab |
fprintf(stderr,
|
|
Packit Service |
3880ab |
"Usage: mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME>\n"
|
|
Packit Service |
3880ab |
"where:\n"
|
|
Packit Service |
3880ab |
"\tDIRECTION := <ingress | egress>\n"
|
|
Packit Service |
3880ab |
"\tACTION := <mirror | redirect>\n"
|
|
Packit Service |
3880ab |
"\tINDEX is the specific policy instance id\n"
|
|
Packit Service |
3880ab |
"\tDEVICENAME is the devicename\n");
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
static void
|
|
Packit Service |
3880ab |
usage(void)
|
|
Packit Service |
3880ab |
{
|
|
Packit Service |
3880ab |
explain();
|
|
Packit Service |
3880ab |
exit(-1);
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
static const char *mirred_n2a(int action)
|
|
Packit Service |
3880ab |
{
|
|
Packit Service |
3880ab |
switch (action) {
|
|
Packit Service |
3880ab |
case TCA_EGRESS_REDIR:
|
|
Packit Service |
3880ab |
return "Egress Redirect";
|
|
Packit Service |
3880ab |
case TCA_INGRESS_REDIR:
|
|
Packit Service |
3880ab |
return "Ingress Redirect";
|
|
Packit Service |
3880ab |
case TCA_EGRESS_MIRROR:
|
|
Packit Service |
3880ab |
return "Egress Mirror";
|
|
Packit Service |
3880ab |
case TCA_INGRESS_MIRROR:
|
|
Packit Service |
3880ab |
return "Ingress Mirror";
|
|
Packit Service |
3880ab |
default:
|
|
Packit Service |
3880ab |
return "unknown";
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
static const char *mirred_direction(int action)
|
|
Packit Service |
3880ab |
{
|
|
Packit Service |
3880ab |
switch (action) {
|
|
Packit Service |
3880ab |
case TCA_EGRESS_REDIR:
|
|
Packit Service |
3880ab |
case TCA_EGRESS_MIRROR:
|
|
Packit Service |
3880ab |
return "egress";
|
|
Packit Service |
3880ab |
case TCA_INGRESS_REDIR:
|
|
Packit Service |
3880ab |
case TCA_INGRESS_MIRROR:
|
|
Packit Service |
3880ab |
return "ingress";
|
|
Packit Service |
3880ab |
default:
|
|
Packit Service |
3880ab |
return "unknown";
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
static const char *mirred_action(int action)
|
|
Packit Service |
3880ab |
{
|
|
Packit Service |
3880ab |
switch (action) {
|
|
Packit Service |
3880ab |
case TCA_EGRESS_REDIR:
|
|
Packit Service |
3880ab |
case TCA_INGRESS_REDIR:
|
|
Packit Service |
3880ab |
return "redirect";
|
|
Packit Service |
3880ab |
case TCA_EGRESS_MIRROR:
|
|
Packit Service |
3880ab |
case TCA_INGRESS_MIRROR:
|
|
Packit Service |
3880ab |
return "mirror";
|
|
Packit Service |
3880ab |
default:
|
|
Packit Service |
3880ab |
return "unknown";
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
static int
|
|
Packit Service |
3880ab |
parse_direction(struct action_util *a, int *argc_p, char ***argv_p,
|
|
Packit Service |
3880ab |
int tca_id, struct nlmsghdr *n)
|
|
Packit Service |
3880ab |
{
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
int argc = *argc_p;
|
|
Packit Service |
3880ab |
char **argv = *argv_p;
|
|
Packit Service |
3880ab |
int ok = 0, iok = 0, mirror = 0, redir = 0, ingress = 0, egress = 0;
|
|
Packit Service |
3880ab |
struct tc_mirred p = {};
|
|
Packit Service |
3880ab |
struct rtattr *tail;
|
|
Packit Service |
3880ab |
char d[IFNAMSIZ] = {};
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
while (argc > 0) {
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (matches(*argv, "action") == 0) {
|
|
Packit Service |
3880ab |
NEXT_ARG();
|
|
Packit Service |
3880ab |
break;
|
|
Packit Service |
3880ab |
} else if (!egress && matches(*argv, "egress") == 0) {
|
|
Packit Service |
3880ab |
egress = 1;
|
|
Packit Service |
3880ab |
if (ingress) {
|
|
Packit Service |
3880ab |
fprintf(stderr,
|
|
Packit Service |
3880ab |
"Can't have both egress and ingress\n");
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
NEXT_ARG();
|
|
Packit Service |
3880ab |
ok++;
|
|
Packit Service |
3880ab |
continue;
|
|
Packit Service |
3880ab |
} else if (!ingress && matches(*argv, "ingress") == 0) {
|
|
Packit Service |
3880ab |
ingress = 1;
|
|
Packit Service |
3880ab |
if (egress) {
|
|
Packit Service |
3880ab |
fprintf(stderr,
|
|
Packit Service |
3880ab |
"Can't have both ingress and egress\n");
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
NEXT_ARG();
|
|
Packit Service |
3880ab |
ok++;
|
|
Packit Service |
3880ab |
continue;
|
|
Packit Service |
3880ab |
} else {
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (matches(*argv, "index") == 0) {
|
|
Packit Service |
3880ab |
NEXT_ARG();
|
|
Packit Service |
3880ab |
if (get_u32(&p.index, *argv, 10)) {
|
|
Packit Service |
3880ab |
fprintf(stderr, "Illegal \"index\"\n");
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
iok++;
|
|
Packit Service |
3880ab |
if (!ok) {
|
|
Packit Service |
3880ab |
argc--;
|
|
Packit Service |
3880ab |
argv++;
|
|
Packit Service |
3880ab |
break;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
} else if (!ok) {
|
|
Packit Service |
3880ab |
fprintf(stderr,
|
|
Packit Service |
3880ab |
"was expecting egress or ingress (%s)\n",
|
|
Packit Service |
3880ab |
*argv);
|
|
Packit Service |
3880ab |
break;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
} else if (!mirror && matches(*argv, "mirror") == 0) {
|
|
Packit Service |
3880ab |
mirror = 1;
|
|
Packit Service |
3880ab |
if (redir) {
|
|
Packit Service |
3880ab |
fprintf(stderr,
|
|
Packit Service |
3880ab |
"Can't have both mirror and redir\n");
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
p.eaction = egress ? TCA_EGRESS_MIRROR :
|
|
Packit Service |
3880ab |
TCA_INGRESS_MIRROR;
|
|
Packit Service |
3880ab |
p.action = TC_ACT_PIPE;
|
|
Packit Service |
3880ab |
ok++;
|
|
Packit Service |
3880ab |
} else if (!redir && matches(*argv, "redirect") == 0) {
|
|
Packit Service |
3880ab |
redir = 1;
|
|
Packit Service |
3880ab |
if (mirror) {
|
|
Packit Service |
3880ab |
fprintf(stderr,
|
|
Packit Service |
3880ab |
"Can't have both mirror and redir\n");
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
p.eaction = egress ? TCA_EGRESS_REDIR :
|
|
Packit Service |
3880ab |
TCA_INGRESS_REDIR;
|
|
Packit Service |
3880ab |
p.action = TC_ACT_STOLEN;
|
|
Packit Service |
3880ab |
ok++;
|
|
Packit Service |
3880ab |
} else if ((redir || mirror) &&
|
|
Packit Service |
3880ab |
matches(*argv, "dev") == 0) {
|
|
Packit Service |
3880ab |
NEXT_ARG();
|
|
Packit Service |
3880ab |
if (strlen(d))
|
|
Packit Service |
3880ab |
duparg("dev", *argv);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
strncpy(d, *argv, sizeof(d)-1);
|
|
Packit Service |
3880ab |
argc--;
|
|
Packit Service |
3880ab |
argv++;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
break;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
NEXT_ARG();
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (!ok && !iok)
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (d[0]) {
|
|
Packit Service |
3880ab |
int idx;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
ll_init_map(&rth);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
idx = ll_name_to_index(d);
|
|
Packit Service |
3880ab |
if (!idx)
|
|
Packit Service |
3880ab |
return nodev(d);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
p.ifindex = idx;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (p.eaction == TCA_EGRESS_MIRROR || p.eaction == TCA_INGRESS_MIRROR)
|
|
Packit Service |
3880ab |
parse_action_control_dflt(&argc, &argv, &p.action, false,
|
|
Packit Service |
3880ab |
TC_ACT_PIPE);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (argc) {
|
|
Packit Service |
3880ab |
if (iok && matches(*argv, "index") == 0) {
|
|
Packit Service |
3880ab |
fprintf(stderr, "mirred: Illegal double index\n");
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (matches(*argv, "index") == 0) {
|
|
Packit Service |
3880ab |
NEXT_ARG();
|
|
Packit Service |
3880ab |
if (get_u32(&p.index, *argv, 10)) {
|
|
Packit Service |
3880ab |
fprintf(stderr,
|
|
Packit Service |
3880ab |
"mirred: Illegal \"index\"\n");
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
argc--;
|
|
Packit Service |
3880ab |
argv++;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
tail = addattr_nest(n, MAX_MSG, tca_id);
|
|
Packit Service |
3880ab |
addattr_l(n, MAX_MSG, TCA_MIRRED_PARMS, &p, sizeof(p));
|
|
Packit Service |
3880ab |
addattr_nest_end(n, tail);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
*argc_p = argc;
|
|
Packit Service |
3880ab |
*argv_p = argv;
|
|
Packit Service |
3880ab |
return 0;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
static int
|
|
Packit Service |
3880ab |
parse_mirred(struct action_util *a, int *argc_p, char ***argv_p,
|
|
Packit Service |
3880ab |
int tca_id, struct nlmsghdr *n)
|
|
Packit Service |
3880ab |
{
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
int argc = *argc_p;
|
|
Packit Service |
3880ab |
char **argv = *argv_p;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (argc < 0) {
|
|
Packit Service |
3880ab |
fprintf(stderr, "mirred bad argument count %d\n", argc);
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (matches(*argv, "mirred") == 0) {
|
|
Packit Service |
3880ab |
NEXT_ARG();
|
|
Packit Service |
3880ab |
} else {
|
|
Packit Service |
3880ab |
fprintf(stderr, "mirred bad argument %s\n", *argv);
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (matches(*argv, "egress") == 0 || matches(*argv, "ingress") == 0 ||
|
|
Packit Service |
3880ab |
matches(*argv, "index") == 0) {
|
|
Packit Service |
3880ab |
int ret = parse_direction(a, &argc, &argv, tca_id, n);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (ret == 0) {
|
|
Packit Service |
3880ab |
*argc_p = argc;
|
|
Packit Service |
3880ab |
*argv_p = argv;
|
|
Packit Service |
3880ab |
return 0;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
} else if (matches(*argv, "help") == 0) {
|
|
Packit Service |
3880ab |
usage();
|
|
Packit Service |
3880ab |
} else {
|
|
Packit Service |
3880ab |
fprintf(stderr, "mirred option not supported %s\n", *argv);
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
static int
|
|
Packit Service |
3880ab |
print_mirred(struct action_util *au, FILE *f, struct rtattr *arg)
|
|
Packit Service |
3880ab |
{
|
|
Packit Service |
3880ab |
struct tc_mirred *p;
|
|
Packit Service |
3880ab |
struct rtattr *tb[TCA_MIRRED_MAX + 1];
|
|
Packit Service |
3880ab |
const char *dev;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (arg == NULL)
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
parse_rtattr_nested(tb, TCA_MIRRED_MAX, arg);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (tb[TCA_MIRRED_PARMS] == NULL) {
|
|
Packit Service |
3880ab |
fprintf(stderr, "Missing mirred parameters\n");
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
p = RTA_DATA(tb[TCA_MIRRED_PARMS]);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
dev = ll_index_to_name(p->ifindex);
|
|
Packit Service |
3880ab |
if (dev == 0) {
|
|
Packit Service |
3880ab |
fprintf(stderr, "Cannot find device %d\n", p->ifindex);
|
|
Packit Service |
3880ab |
return -1;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
print_string(PRINT_ANY, "kind", "%s ", "mirred");
|
|
Packit Service |
3880ab |
print_string(PRINT_FP, NULL, "(%s", mirred_n2a(p->eaction));
|
|
Packit Service |
3880ab |
print_string(PRINT_JSON, "mirred_action", NULL,
|
|
Packit Service |
3880ab |
mirred_action(p->eaction));
|
|
Packit Service |
3880ab |
print_string(PRINT_JSON, "direction", NULL,
|
|
Packit Service |
3880ab |
mirred_direction(p->eaction));
|
|
Packit Service |
3880ab |
print_string(PRINT_ANY, "to_dev", " to device %s)", dev);
|
|
Packit Service |
3880ab |
print_action_control(f, " ", p->action, "");
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
print_nl();
|
|
Packit Service |
3880ab |
print_uint(PRINT_ANY, "index", "\tindex %u", p->index);
|
|
Packit Service |
3880ab |
print_int(PRINT_ANY, "ref", " ref %d", p->refcnt);
|
|
Packit Service |
3880ab |
print_int(PRINT_ANY, "bind", " bind %d", p->bindcnt);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
if (show_stats) {
|
|
Packit Service |
3880ab |
if (tb[TCA_MIRRED_TM]) {
|
|
Packit Service |
3880ab |
struct tcf_t *tm = RTA_DATA(tb[TCA_MIRRED_TM]);
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
print_tm(f, tm);
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
print_nl();
|
|
Packit Service |
3880ab |
return 0;
|
|
Packit Service |
3880ab |
}
|
|
Packit Service |
3880ab |
|
|
Packit Service |
3880ab |
struct action_util mirred_action_util = {
|
|
Packit Service |
3880ab |
.id = "mirred",
|
|
Packit Service |
3880ab |
.parse_aopt = parse_mirred,
|
|
Packit Service |
3880ab |
.print_aopt = print_mirred,
|
|
Packit Service |
3880ab |
};
|