1/* 2 * m_egress.c ingress/egress packet mirror/redir actions module 3 * 4 * This program is free software; you can distribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 7 * 2 of the License, or (at your option) any later version. 8 * 9 * Authors: J Hadi Salim (hadi@cyberus.ca) 10 * 11 * TODO: Add Ingress support 12 * 13 */ 14 15#include <stdio.h> 16#include <stdlib.h> 17#include <unistd.h> 18#include <syslog.h> 19#include <fcntl.h> 20#include <sys/socket.h> 21#include <netinet/in.h> 22#include <arpa/inet.h> 23#include <string.h> 24#include "utils.h" 25#include "tc_util.h" 26#include "tc_common.h" 27#include <linux/tc_act/tc_mirred.h> 28 29int mirred_d = 1; 30 31static void 32explain(void) 33{ 34 fprintf(stderr, "Usage: mirred <DIRECTION> <ACTION> [index INDEX] <dev DEVICENAME> \n"); 35 fprintf(stderr, "where: \n"); 36 fprintf(stderr, "\tDIRECTION := <ingress | egress>\n"); 37 fprintf(stderr, "\tACTION := <mirror | redirect>\n"); 38 fprintf(stderr, "\tINDEX is the specific policy instance id\n"); 39 fprintf(stderr, "\tDEVICENAME is the devicename \n"); 40 41} 42 43static void 44usage(void) 45{ 46 explain(); 47 exit(-1); 48} 49 50char *mirred_n2a(int action) 51{ 52 switch (action) { 53 case TCA_EGRESS_REDIR: 54 return "Egress Redirect"; 55 case TCA_INGRESS_REDIR: 56 return "Ingress Redirect"; 57 case TCA_EGRESS_MIRROR: 58 return "Egress Mirror"; 59 case TCA_INGRESS_MIRROR: 60 return "Ingress Mirror"; 61 default: 62 return "unknown"; 63 } 64} 65 66int 67parse_egress(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) 68{ 69 70 int argc = *argc_p; 71 char **argv = *argv_p; 72 int ok = 0, iok = 0, mirror=0,redir=0; 73 struct tc_mirred p; 74 struct rtattr *tail; 75 char d[16]; 76 77 memset(d,0,sizeof(d)-1); 78 memset(&p,0,sizeof(struct tc_mirred)); 79 80 while (argc > 0) { 81 82 if (matches(*argv, "action") == 0) { 83 break; 84 } else if (matches(*argv, "egress") == 0) { 85 NEXT_ARG(); 86 ok++; 87 continue; 88 } else { 89 90 if (matches(*argv, "index") == 0) { 91 NEXT_ARG(); 92 if (get_u32(&p.index, *argv, 10)) { 93 fprintf(stderr, "Illegal \"index\"\n"); 94 return -1; 95 } 96 iok++; 97 if (!ok) { 98 argc--; 99 argv++; 100 break; 101 } 102 } else if(!ok) { 103 fprintf(stderr, "was expecting egress (%s)\n", *argv); 104 break; 105 106 } else if (!mirror && matches(*argv, "mirror") == 0) { 107 mirror=1; 108 if (redir) { 109 fprintf(stderr, "Cant have both mirror and redir\n"); 110 return -1; 111 } 112 p.eaction = TCA_EGRESS_MIRROR; 113 p.action = TC_ACT_PIPE; 114 ok++; 115 } else if (!redir && matches(*argv, "redirect") == 0) { 116 redir=1; 117 if (mirror) { 118 fprintf(stderr, "Cant have both mirror and redir\n"); 119 return -1; 120 } 121 p.eaction = TCA_EGRESS_REDIR; 122 p.action = TC_ACT_STOLEN; 123 ok++; 124 } else if ((redir || mirror) && matches(*argv, "dev") == 0) { 125 NEXT_ARG(); 126 if (strlen(d)) 127 duparg("dev", *argv); 128 129 strncpy(d, *argv, sizeof(d)-1); 130 argc--; 131 argv++; 132 133 break; 134 135 } 136 } 137 138 NEXT_ARG(); 139 } 140 141 if (!ok && !iok) { 142 return -1; 143 } 144 145 146 147 if (d[0]) { 148 int idx; 149 ll_init_map(&rth); 150 151 if ((idx = ll_name_to_index(d)) == 0) { 152 fprintf(stderr, "Cannot find device \"%s\"\n", d); 153 return -1; 154 } 155 156 p.ifindex = idx; 157 } 158 159 160 if (argc && p.eaction == TCA_EGRESS_MIRROR) { 161 162 if (matches(*argv, "reclassify") == 0) { 163 p.action = TC_POLICE_RECLASSIFY; 164 NEXT_ARG(); 165 } else if (matches(*argv, "pipe") == 0) { 166 p.action = TC_POLICE_PIPE; 167 NEXT_ARG(); 168 } else if (matches(*argv, "drop") == 0 || 169 matches(*argv, "shot") == 0) { 170 p.action = TC_POLICE_SHOT; 171 NEXT_ARG(); 172 } else if (matches(*argv, "continue") == 0) { 173 p.action = TC_POLICE_UNSPEC; 174 NEXT_ARG(); 175 } else if (matches(*argv, "pass") == 0) { 176 p.action = TC_POLICE_OK; 177 NEXT_ARG(); 178 } 179 180 } 181 182 if (argc) { 183 if (iok && matches(*argv, "index") == 0) { 184 fprintf(stderr, "mirred: Illegal double index\n"); 185 return -1; 186 } else { 187 if (matches(*argv, "index") == 0) { 188 NEXT_ARG(); 189 if (get_u32(&p.index, *argv, 10)) { 190 fprintf(stderr, "mirred: Illegal \"index\"\n"); 191 return -1; 192 } 193 argc--; 194 argv++; 195 } 196 } 197 } 198 199 if (mirred_d) 200 fprintf(stdout, "Action %d device %s ifindex %d\n",p.action, d,p.ifindex); 201 202 tail = NLMSG_TAIL(n); 203 addattr_l(n, MAX_MSG, tca_id, NULL, 0); 204 addattr_l(n, MAX_MSG, TCA_MIRRED_PARMS, &p, sizeof (p)); 205 tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail; 206 207 *argc_p = argc; 208 *argv_p = argv; 209 return 0; 210} 211 212 213int 214parse_mirred(struct action_util *a, int *argc_p, char ***argv_p, int tca_id, struct nlmsghdr *n) 215{ 216 217 int argc = *argc_p; 218 char **argv = *argv_p; 219 220 if (argc < 0) { 221 fprintf(stderr,"mirred bad arguement count %d\n", argc); 222 return -1; 223 } 224 225 if (matches(*argv, "mirred") == 0) { 226 NEXT_ARG(); 227 } else { 228 fprintf(stderr,"mirred bad arguement %s\n", *argv); 229 return -1; 230 } 231 232 233 if (matches(*argv, "egress") == 0 || matches(*argv, "index") == 0) { 234 int ret = parse_egress(a, &argc, &argv, tca_id, n); 235 if (ret == 0) { 236 *argc_p = argc; 237 *argv_p = argv; 238 return 0; 239 } 240 241 } else if (matches(*argv, "ingress") == 0) { 242 fprintf(stderr,"mirred ingress not supported at the moment\n"); 243 } else if (matches(*argv, "help") == 0) { 244 usage(); 245 } else { 246 fprintf(stderr,"mirred option not supported %s\n", *argv); 247 } 248 249 return -1; 250 251} 252 253int 254print_mirred(struct action_util *au,FILE * f, struct rtattr *arg) 255{ 256 struct tc_mirred *p; 257 struct rtattr *tb[TCA_MIRRED_MAX + 1]; 258 const char *dev; 259 SPRINT_BUF(b1); 260 261 if (arg == NULL) 262 return -1; 263 264 parse_rtattr_nested(tb, TCA_MIRRED_MAX, arg); 265 266 if (tb[TCA_MIRRED_PARMS] == NULL) { 267 fprintf(f, "[NULL mirred parameters]"); 268 return -1; 269 } 270 p = RTA_DATA(tb[TCA_MIRRED_PARMS]); 271 272 /* 273 ll_init_map(&rth); 274 */ 275 276 277 if ((dev = ll_index_to_name(p->ifindex)) == 0) { 278 fprintf(stderr, "Cannot find device %d\n", p->ifindex); 279 return -1; 280 } 281 282 fprintf(f, "mirred (%s to device %s) %s", mirred_n2a(p->eaction), dev,action_n2a(p->action, b1, sizeof (b1))); 283 284 fprintf(f, "\n "); 285 fprintf(f, "\tindex %d ref %d bind %d",p->index,p->refcnt,p->bindcnt); 286 287 if (show_stats) { 288 if (tb[TCA_MIRRED_TM]) { 289 struct tcf_t *tm = RTA_DATA(tb[TCA_MIRRED_TM]); 290 print_tm(f,tm); 291 } 292 } 293 fprintf(f, "\n "); 294 return 0; 295} 296 297struct action_util mirred_action_util = { 298 .id = "mirred", 299 .parse_aopt = parse_mirred, 300 .print_aopt = print_mirred, 301}; 302