summaryrefslogtreecommitdiffstats
path: root/tc/f_flower.c
diff options
context:
space:
mode:
Diffstat (limited to 'tc/f_flower.c')
-rw-r--r--tc/f_flower.c2992
1 files changed, 2992 insertions, 0 deletions
diff --git a/tc/f_flower.c b/tc/f_flower.c
new file mode 100644
index 0000000..069896a
--- /dev/null
+++ b/tc/f_flower.c
@@ -0,0 +1,2992 @@
+/*
+ * f_flower.c Flower Classifier
+ *
+ * This program is free software; you can distribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Authors: Jiri Pirko <jiri@resnulli.us>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <net/if.h>
+#include <linux/limits.h>
+#include <linux/if_arp.h>
+#include <linux/if_ether.h>
+#include <linux/ip.h>
+#include <linux/tc_act/tc_vlan.h>
+#include <linux/mpls.h>
+#include <linux/ppp_defs.h>
+
+#include "utils.h"
+#include "tc_util.h"
+#include "rt_names.h"
+
+enum flower_matching_flags {
+ FLOWER_IP_FLAGS,
+};
+
+enum flower_endpoint {
+ FLOWER_ENDPOINT_SRC,
+ FLOWER_ENDPOINT_DST
+};
+
+enum flower_icmp_field {
+ FLOWER_ICMP_FIELD_TYPE,
+ FLOWER_ICMP_FIELD_CODE
+};
+
+static void explain(void)
+{
+ fprintf(stderr,
+ "Usage: ... flower [ MATCH-LIST ] [ verbose ]\n"
+ " [ skip_sw | skip_hw ]\n"
+ " [ action ACTION-SPEC ] [ classid CLASSID ]\n"
+ "\n"
+ "Where: MATCH-LIST := [ MATCH-LIST ] MATCH\n"
+ " MATCH := { indev DEV-NAME |\n"
+ " num_of_vlans VLANS_COUNT |\n"
+ " vlan_id VID |\n"
+ " vlan_prio PRIORITY |\n"
+ " vlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
+ " cvlan_id VID |\n"
+ " cvlan_prio PRIORITY |\n"
+ " cvlan_ethtype [ ipv4 | ipv6 | ETH-TYPE ] |\n"
+ " pppoe_sid PSID |\n"
+ " ppp_proto [ ipv4 | ipv6 | mpls_uc | mpls_mc | PPP_PROTO ]"
+ " dst_mac MASKED-LLADDR |\n"
+ " src_mac MASKED-LLADDR |\n"
+ " ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
+ " ip_tos MASKED-IP_TOS |\n"
+ " ip_ttl MASKED-IP_TTL |\n"
+ " mpls LSE-LIST |\n"
+ " mpls_label LABEL |\n"
+ " mpls_tc TC |\n"
+ " mpls_bos BOS |\n"
+ " mpls_ttl TTL |\n"
+ " dst_ip PREFIX |\n"
+ " src_ip PREFIX |\n"
+ " dst_port PORT-NUMBER |\n"
+ " src_port PORT-NUMBER |\n"
+ " tcp_flags MASKED-TCP_FLAGS |\n"
+ " type MASKED-ICMP-TYPE |\n"
+ " code MASKED-ICMP-CODE |\n"
+ " arp_tip IPV4-PREFIX |\n"
+ " arp_sip IPV4-PREFIX |\n"
+ " arp_op [ request | reply | OP ] |\n"
+ " arp_tha MASKED-LLADDR |\n"
+ " arp_sha MASKED-LLADDR |\n"
+ " enc_dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
+ " enc_src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
+ " enc_key_id [ KEY-ID ] |\n"
+ " enc_tos MASKED-IP_TOS |\n"
+ " enc_ttl MASKED-IP_TTL |\n"
+ " geneve_opts MASKED-OPTIONS |\n"
+ " vxlan_opts MASKED-OPTIONS |\n"
+ " erspan_opts MASKED-OPTIONS |\n"
+ " gtp_opts MASKED-OPTIONS |\n"
+ " ip_flags IP-FLAGS |\n"
+ " enc_dst_port [ port_number ] |\n"
+ " ct_state MASKED_CT_STATE |\n"
+ " ct_label MASKED_CT_LABEL |\n"
+ " ct_mark MASKED_CT_MARK |\n"
+ " ct_zone MASKED_CT_ZONE }\n"
+ " LSE-LIST := [ LSE-LIST ] LSE\n"
+ " LSE := lse depth DEPTH { label LABEL | tc TC | bos BOS | ttl TTL }\n"
+ " FILTERID := X:Y:Z\n"
+ " MASKED_LLADDR := { LLADDR | LLADDR/MASK | LLADDR/BITS }\n"
+ " MASKED_CT_STATE := combination of {+|-} and flags trk,est,new,rel,rpl,inv\n"
+ " ACTION-SPEC := ... look at individual actions\n"
+ "\n"
+ "NOTE: CLASSID, IP-PROTO are parsed as hexadecimal input.\n"
+ "NOTE: There can be only used one mask per one prio. If user needs\n"
+ " to specify different mask, he has to use different prio.\n");
+}
+
+/* prints newline, two spaces, name/value */
+static void print_indent_name_value(const char *name, const char *value)
+{
+ print_string(PRINT_FP, NULL, "%s ", _SL_);
+ print_string_name_value(name, value);
+}
+
+static void print_uint_indent_name_value(const char *name, unsigned int value)
+{
+ print_string(PRINT_FP, NULL, " ", NULL);
+ print_uint_name_value(name, value);
+}
+
+static int flower_parse_eth_addr(char *str, int addr_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ int ret, err = -1;
+ char addr[ETH_ALEN], *slash;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = ll_addr_a2n(addr, sizeof(addr), str);
+ if (ret < 0)
+ goto err;
+ addattr_l(n, MAX_MSG, addr_type, addr, sizeof(addr));
+
+ if (slash) {
+ unsigned int bits;
+
+ if (!get_unsigned(&bits, slash + 1, 10)) {
+ uint64_t mask;
+
+ /* Extra 16 bit shift to push mac address into
+ * high bits of uint64_t
+ */
+ mask = htonll(0xffffffffffffULL << (16 + 48 - bits));
+ memcpy(addr, &mask, ETH_ALEN);
+ } else {
+ ret = ll_addr_a2n(addr, sizeof(addr), slash + 1);
+ if (ret < 0)
+ goto err;
+ }
+ } else {
+ memset(addr, 0xff, ETH_ALEN);
+ }
+ addattr_l(n, MAX_MSG, mask_type, addr, sizeof(addr));
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
+static bool eth_type_vlan(__be16 ethertype, bool good_num_of_vlans)
+{
+ return ethertype == htons(ETH_P_8021Q) ||
+ ethertype == htons(ETH_P_8021AD) ||
+ good_num_of_vlans;
+}
+
+static int flower_parse_vlan_eth_type(char *str, __be16 eth_type, int type,
+ __be16 *p_vlan_eth_type,
+ struct nlmsghdr *n, bool good_num_of_vlans)
+{
+ __be16 vlan_eth_type;
+
+ if (!eth_type_vlan(eth_type, good_num_of_vlans)) {
+ fprintf(stderr, "Can't set \"%s\" if ethertype isn't 802.1Q or 802.1AD and num_of_vlans %s\n",
+ type == TCA_FLOWER_KEY_VLAN_ETH_TYPE ? "vlan_ethtype" : "cvlan_ethtype",
+ type == TCA_FLOWER_KEY_VLAN_ETH_TYPE ? "is 0" : "less than 2");
+ return -1;
+ }
+
+ if (ll_proto_a2n(&vlan_eth_type, str))
+ invarg("invalid vlan_ethtype", str);
+ addattr16(n, MAX_MSG, type, vlan_eth_type);
+ *p_vlan_eth_type = vlan_eth_type;
+ return 0;
+}
+
+struct flag_to_string {
+ int flag;
+ enum flower_matching_flags type;
+ char *string;
+};
+
+static struct flag_to_string flags_str[] = {
+ { TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT, FLOWER_IP_FLAGS, "frag" },
+ { TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST, FLOWER_IP_FLAGS, "firstfrag" },
+};
+
+static int flower_parse_matching_flags(char *str,
+ enum flower_matching_flags type,
+ __u32 *mtf, __u32 *mtf_mask)
+{
+ char *token;
+ bool no;
+ bool found;
+ int i;
+
+ token = strtok(str, "/");
+
+ while (token) {
+ if (!strncmp(token, "no", 2)) {
+ no = true;
+ token += 2;
+ } else
+ no = false;
+
+ found = false;
+ for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
+ if (type != flags_str[i].type)
+ continue;
+
+ if (!strcmp(token, flags_str[i].string)) {
+ if (no)
+ *mtf &= ~flags_str[i].flag;
+ else
+ *mtf |= flags_str[i].flag;
+
+ *mtf_mask |= flags_str[i].flag;
+ found = true;
+ break;
+ }
+ }
+ if (!found)
+ return -1;
+
+ token = strtok(NULL, "/");
+ }
+
+ return 0;
+}
+
+static int flower_parse_u16(char *str, int value_type, int mask_type,
+ struct nlmsghdr *n, bool be)
+{
+ __u16 value, mask;
+ char *slash;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ if (get_u16(&value, str, 0))
+ return -1;
+
+ if (slash) {
+ if (get_u16(&mask, slash + 1, 0))
+ return -1;
+ } else {
+ mask = UINT16_MAX;
+ }
+
+ if (be) {
+ value = htons(value);
+ mask = htons(mask);
+ }
+ addattr16(n, MAX_MSG, value_type, value);
+ addattr16(n, MAX_MSG, mask_type, mask);
+
+ return 0;
+}
+
+static int flower_parse_u32(char *str, int value_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ __u32 value, mask;
+ char *slash;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ if (get_u32(&value, str, 0))
+ return -1;
+
+ if (slash) {
+ if (get_u32(&mask, slash + 1, 0))
+ return -1;
+ } else {
+ mask = UINT32_MAX;
+ }
+
+ addattr32(n, MAX_MSG, value_type, value);
+ addattr32(n, MAX_MSG, mask_type, mask);
+
+ return 0;
+}
+
+static int flower_parse_ct_mark(char *str, struct nlmsghdr *n)
+{
+ return flower_parse_u32(str,
+ TCA_FLOWER_KEY_CT_MARK,
+ TCA_FLOWER_KEY_CT_MARK_MASK,
+ n);
+}
+
+static int flower_parse_ct_zone(char *str, struct nlmsghdr *n)
+{
+ return flower_parse_u16(str,
+ TCA_FLOWER_KEY_CT_ZONE,
+ TCA_FLOWER_KEY_CT_ZONE_MASK,
+ n,
+ false);
+}
+
+static int flower_parse_ct_labels(char *str, struct nlmsghdr *n)
+{
+#define LABELS_SIZE 16
+ uint8_t labels[LABELS_SIZE], lmask[LABELS_SIZE];
+ char *slash, *mask = NULL;
+ size_t slen, slen_mask = 0;
+
+ slash = index(str, '/');
+ if (slash) {
+ *slash = 0;
+ mask = slash + 1;
+ slen_mask = strlen(mask);
+ }
+
+ slen = strlen(str);
+ if (slen > LABELS_SIZE * 2 || slen_mask > LABELS_SIZE * 2) {
+ char errmsg[128];
+
+ snprintf(errmsg, sizeof(errmsg),
+ "%zd Max allowed size %d",
+ slen, LABELS_SIZE*2);
+ invarg(errmsg, str);
+ }
+
+ if (hex2mem(str, labels, slen / 2) < 0)
+ invarg("labels must be a hex string\n", str);
+ addattr_l(n, MAX_MSG, TCA_FLOWER_KEY_CT_LABELS, labels, slen / 2);
+
+ if (mask) {
+ if (hex2mem(mask, lmask, slen_mask / 2) < 0)
+ invarg("labels mask must be a hex string\n", mask);
+ } else {
+ memset(lmask, 0xff, sizeof(lmask));
+ slen_mask = sizeof(lmask) * 2;
+ }
+ addattr_l(n, MAX_MSG, TCA_FLOWER_KEY_CT_LABELS_MASK, lmask,
+ slen_mask / 2);
+
+ return 0;
+}
+
+static struct flower_ct_states {
+ char *str;
+ int flag;
+} flower_ct_states[] = {
+ { "trk", TCA_FLOWER_KEY_CT_FLAGS_TRACKED },
+ { "new", TCA_FLOWER_KEY_CT_FLAGS_NEW },
+ { "est", TCA_FLOWER_KEY_CT_FLAGS_ESTABLISHED },
+ { "rel", TCA_FLOWER_KEY_CT_FLAGS_RELATED },
+ { "inv", TCA_FLOWER_KEY_CT_FLAGS_INVALID },
+ { "rpl", TCA_FLOWER_KEY_CT_FLAGS_REPLY },
+};
+
+static int flower_parse_ct_state(char *str, struct nlmsghdr *n)
+{
+ int flags = 0, mask = 0, len, i;
+ bool p;
+
+ while (*str != '\0') {
+ if (*str == '+')
+ p = true;
+ else if (*str == '-')
+ p = false;
+ else
+ return -1;
+
+ for (i = 0; i < ARRAY_SIZE(flower_ct_states); i++) {
+ len = strlen(flower_ct_states[i].str);
+ if (strncmp(str + 1, flower_ct_states[i].str, len))
+ continue;
+
+ if (p)
+ flags |= flower_ct_states[i].flag;
+ mask |= flower_ct_states[i].flag;
+ break;
+ }
+
+ if (i == ARRAY_SIZE(flower_ct_states))
+ return -1;
+
+ str += len + 1;
+ }
+
+ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CT_STATE, flags);
+ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CT_STATE_MASK, mask);
+ return 0;
+}
+
+static int flower_parse_ip_proto(char *str, __be16 eth_type, int type,
+ __u8 *p_ip_proto, struct nlmsghdr *n)
+{
+ int ret;
+ __u8 ip_proto;
+
+ if (eth_type != htons(ETH_P_IP) && eth_type != htons(ETH_P_IPV6))
+ goto err;
+
+ if (matches(str, "tcp") == 0) {
+ ip_proto = IPPROTO_TCP;
+ } else if (matches(str, "udp") == 0) {
+ ip_proto = IPPROTO_UDP;
+ } else if (matches(str, "sctp") == 0) {
+ ip_proto = IPPROTO_SCTP;
+ } else if (matches(str, "icmp") == 0) {
+ if (eth_type != htons(ETH_P_IP))
+ goto err;
+ ip_proto = IPPROTO_ICMP;
+ } else if (matches(str, "icmpv6") == 0) {
+ if (eth_type != htons(ETH_P_IPV6))
+ goto err;
+ ip_proto = IPPROTO_ICMPV6;
+ } else {
+ ret = get_u8(&ip_proto, str, 16);
+ if (ret)
+ return -1;
+ }
+ addattr8(n, MAX_MSG, type, ip_proto);
+ *p_ip_proto = ip_proto;
+ return 0;
+
+err:
+ fprintf(stderr, "Illegal \"eth_type\" for ip proto\n");
+ return -1;
+}
+
+static int __flower_parse_ip_addr(char *str, int family,
+ int addr4_type, int mask4_type,
+ int addr6_type, int mask6_type,
+ struct nlmsghdr *n)
+{
+ int ret;
+ inet_prefix addr;
+ int bits;
+ int i;
+
+ ret = get_prefix(&addr, str, family);
+ if (ret)
+ return -1;
+
+ if (family && (addr.family != family)) {
+ fprintf(stderr, "Illegal \"eth_type\" for ip address\n");
+ return -1;
+ }
+
+ addattr_l(n, MAX_MSG, addr.family == AF_INET ? addr4_type : addr6_type,
+ addr.data, addr.bytelen);
+
+ memset(addr.data, 0xff, addr.bytelen);
+ bits = addr.bitlen;
+ for (i = 0; i < addr.bytelen / 4; i++) {
+ if (!bits) {
+ addr.data[i] = 0;
+ } else if (bits / 32 >= 1) {
+ bits -= 32;
+ } else {
+ addr.data[i] <<= 32 - bits;
+ addr.data[i] = htonl(addr.data[i]);
+ bits = 0;
+ }
+ }
+
+ addattr_l(n, MAX_MSG, addr.family == AF_INET ? mask4_type : mask6_type,
+ addr.data, addr.bytelen);
+
+ return 0;
+}
+
+static int flower_parse_ip_addr(char *str, __be16 eth_type,
+ int addr4_type, int mask4_type,
+ int addr6_type, int mask6_type,
+ struct nlmsghdr *n)
+{
+ int family;
+
+ if (eth_type == htons(ETH_P_IP)) {
+ family = AF_INET;
+ } else if (eth_type == htons(ETH_P_IPV6)) {
+ family = AF_INET6;
+ } else if (!eth_type) {
+ family = AF_UNSPEC;
+ } else {
+ return -1;
+ }
+
+ return __flower_parse_ip_addr(str, family, addr4_type, mask4_type,
+ addr6_type, mask6_type, n);
+}
+
+static bool flower_eth_type_arp(__be16 eth_type)
+{
+ return eth_type == htons(ETH_P_ARP) || eth_type == htons(ETH_P_RARP);
+}
+
+static int flower_parse_arp_ip_addr(char *str, __be16 eth_type,
+ int addr_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ if (!flower_eth_type_arp(eth_type))
+ return -1;
+
+ return __flower_parse_ip_addr(str, AF_INET, addr_type, mask_type,
+ TCA_FLOWER_UNSPEC, TCA_FLOWER_UNSPEC, n);
+}
+
+static int flower_parse_u8(char *str, int value_type, int mask_type,
+ int (*value_from_name)(const char *str,
+ __u8 *value),
+ bool (*value_validate)(__u8 value),
+ struct nlmsghdr *n)
+{
+ char *slash;
+ int ret, err = -1;
+ __u8 value, mask;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = value_from_name ? value_from_name(str, &value) : -1;
+ if (ret < 0) {
+ ret = get_u8(&value, str, 10);
+ if (ret)
+ goto err;
+ }
+
+ if (value_validate && !value_validate(value))
+ goto err;
+
+ if (slash) {
+ ret = get_u8(&mask, slash + 1, 10);
+ if (ret)
+ goto err;
+ } else {
+ mask = UINT8_MAX;
+ }
+
+ addattr8(n, MAX_MSG, value_type, value);
+ addattr8(n, MAX_MSG, mask_type, mask);
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
+static const char *flower_print_arp_op_to_name(__u8 op)
+{
+ switch (op) {
+ case ARPOP_REQUEST:
+ return "request";
+ case ARPOP_REPLY:
+ return "reply";
+ default:
+ return NULL;
+ }
+}
+
+static int flower_arp_op_from_name(const char *name, __u8 *op)
+{
+ if (!strcmp(name, "request"))
+ *op = ARPOP_REQUEST;
+ else if (!strcmp(name, "reply"))
+ *op = ARPOP_REPLY;
+ else
+ return -1;
+
+ return 0;
+}
+
+static bool flow_arp_op_validate(__u8 op)
+{
+ return !op || op == ARPOP_REQUEST || op == ARPOP_REPLY;
+}
+
+static int flower_parse_arp_op(char *str, __be16 eth_type,
+ int op_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ if (!flower_eth_type_arp(eth_type))
+ return -1;
+
+ return flower_parse_u8(str, op_type, mask_type, flower_arp_op_from_name,
+ flow_arp_op_validate, n);
+}
+
+static int flower_icmp_attr_type(__be16 eth_type, __u8 ip_proto,
+ enum flower_icmp_field field)
+{
+ if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
+ return field == FLOWER_ICMP_FIELD_CODE ?
+ TCA_FLOWER_KEY_ICMPV4_CODE :
+ TCA_FLOWER_KEY_ICMPV4_TYPE;
+ else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
+ return field == FLOWER_ICMP_FIELD_CODE ?
+ TCA_FLOWER_KEY_ICMPV6_CODE :
+ TCA_FLOWER_KEY_ICMPV6_TYPE;
+
+ return -1;
+}
+
+static int flower_icmp_attr_mask_type(__be16 eth_type, __u8 ip_proto,
+ enum flower_icmp_field field)
+{
+ if (eth_type == htons(ETH_P_IP) && ip_proto == IPPROTO_ICMP)
+ return field == FLOWER_ICMP_FIELD_CODE ?
+ TCA_FLOWER_KEY_ICMPV4_CODE_MASK :
+ TCA_FLOWER_KEY_ICMPV4_TYPE_MASK;
+ else if (eth_type == htons(ETH_P_IPV6) && ip_proto == IPPROTO_ICMPV6)
+ return field == FLOWER_ICMP_FIELD_CODE ?
+ TCA_FLOWER_KEY_ICMPV6_CODE_MASK :
+ TCA_FLOWER_KEY_ICMPV6_TYPE_MASK;
+
+ return -1;
+}
+
+static int flower_parse_icmp(char *str, __u16 eth_type, __u8 ip_proto,
+ enum flower_icmp_field field, struct nlmsghdr *n)
+{
+ int value_type, mask_type;
+
+ value_type = flower_icmp_attr_type(eth_type, ip_proto, field);
+ mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto, field);
+ if (value_type < 0 || mask_type < 0)
+ return -1;
+
+ return flower_parse_u8(str, value_type, mask_type, NULL, NULL, n);
+}
+
+static int flower_port_attr_type(__u8 ip_proto, enum flower_endpoint endpoint)
+{
+ if (ip_proto == IPPROTO_TCP)
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_TCP_SRC :
+ TCA_FLOWER_KEY_TCP_DST;
+ else if (ip_proto == IPPROTO_UDP)
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_UDP_SRC :
+ TCA_FLOWER_KEY_UDP_DST;
+ else if (ip_proto == IPPROTO_SCTP)
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_SCTP_SRC :
+ TCA_FLOWER_KEY_SCTP_DST;
+ else
+ return -1;
+}
+
+static int flower_port_attr_mask_type(__u8 ip_proto,
+ enum flower_endpoint endpoint)
+{
+ switch (ip_proto) {
+ case IPPROTO_TCP:
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_TCP_SRC_MASK :
+ TCA_FLOWER_KEY_TCP_DST_MASK;
+ case IPPROTO_UDP:
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_UDP_SRC_MASK :
+ TCA_FLOWER_KEY_UDP_DST_MASK;
+ case IPPROTO_SCTP:
+ return endpoint == FLOWER_ENDPOINT_SRC ?
+ TCA_FLOWER_KEY_SCTP_SRC_MASK :
+ TCA_FLOWER_KEY_SCTP_DST_MASK;
+ default:
+ return -1;
+ }
+}
+
+static int flower_port_range_attr_type(__u8 ip_proto, enum flower_endpoint type,
+ __be16 *min_port_type,
+ __be16 *max_port_type)
+{
+ if (ip_proto == IPPROTO_TCP || ip_proto == IPPROTO_UDP ||
+ ip_proto == IPPROTO_SCTP) {
+ if (type == FLOWER_ENDPOINT_SRC) {
+ *min_port_type = TCA_FLOWER_KEY_PORT_SRC_MIN;
+ *max_port_type = TCA_FLOWER_KEY_PORT_SRC_MAX;
+ } else {
+ *min_port_type = TCA_FLOWER_KEY_PORT_DST_MIN;
+ *max_port_type = TCA_FLOWER_KEY_PORT_DST_MAX;
+ }
+ } else {
+ return -1;
+ }
+ return 0;
+}
+
+/* parse range args in format 10-20 */
+static int parse_range(char *str, __be16 *min, __be16 *max)
+{
+ char *sep;
+
+ sep = strchr(str, '-');
+ if (sep) {
+ *sep = '\0';
+
+ if (get_be16(min, str, 10))
+ return -1;
+
+ if (get_be16(max, sep + 1, 10))
+ return -1;
+ } else {
+ if (get_be16(min, str, 10))
+ return -1;
+ }
+ return 0;
+}
+
+static int flower_parse_port(char *str, __u8 ip_proto,
+ enum flower_endpoint endpoint,
+ struct nlmsghdr *n)
+{
+ char *slash = NULL;
+ __be16 min = 0;
+ __be16 max = 0;
+ int ret;
+
+ ret = parse_range(str, &min, &max);
+ if (ret) {
+ slash = strchr(str, '/');
+ if (!slash)
+ return -1;
+ }
+
+ if (min && max) {
+ __be16 min_port_type, max_port_type;
+
+ if (ntohs(max) <= ntohs(min)) {
+ fprintf(stderr, "max value should be greater than min value\n");
+ return -1;
+ }
+ if (flower_port_range_attr_type(ip_proto, endpoint,
+ &min_port_type, &max_port_type))
+ return -1;
+
+ addattr16(n, MAX_MSG, min_port_type, min);
+ addattr16(n, MAX_MSG, max_port_type, max);
+ } else if (slash || (min && !max)) {
+ int type;
+
+ type = flower_port_attr_type(ip_proto, endpoint);
+ if (type < 0)
+ return -1;
+
+ if (!slash) {
+ addattr16(n, MAX_MSG, type, min);
+ } else {
+ int mask_type;
+
+ mask_type = flower_port_attr_mask_type(ip_proto,
+ endpoint);
+ if (mask_type < 0)
+ return -1;
+ return flower_parse_u16(str, type, mask_type, n, true);
+ }
+ } else {
+ return -1;
+ }
+ return 0;
+}
+
+#define TCP_FLAGS_MAX_MASK 0xfff
+
+static int flower_parse_tcp_flags(char *str, int flags_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ char *slash;
+ int ret, err = -1;
+ __u16 flags;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = get_u16(&flags, str, 16);
+ if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
+ goto err;
+
+ addattr16(n, MAX_MSG, flags_type, htons(flags));
+
+ if (slash) {
+ ret = get_u16(&flags, slash + 1, 16);
+ if (ret < 0 || flags & ~TCP_FLAGS_MAX_MASK)
+ goto err;
+ } else {
+ flags = TCP_FLAGS_MAX_MASK;
+ }
+ addattr16(n, MAX_MSG, mask_type, htons(flags));
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
+static int flower_parse_ip_tos_ttl(char *str, int key_type, int mask_type,
+ struct nlmsghdr *n)
+{
+ char *slash;
+ int ret, err = -1;
+ __u8 tos_ttl;
+
+ slash = strchr(str, '/');
+ if (slash)
+ *slash = '\0';
+
+ ret = get_u8(&tos_ttl, str, 10);
+ if (ret < 0)
+ ret = get_u8(&tos_ttl, str, 16);
+ if (ret < 0)
+ goto err;
+
+ addattr8(n, MAX_MSG, key_type, tos_ttl);
+
+ if (slash) {
+ ret = get_u8(&tos_ttl, slash + 1, 16);
+ if (ret < 0)
+ goto err;
+ } else {
+ tos_ttl = 0xff;
+ }
+ addattr8(n, MAX_MSG, mask_type, tos_ttl);
+
+ err = 0;
+err:
+ if (slash)
+ *slash = '/';
+ return err;
+}
+
+static int flower_parse_key_id(const char *str, int type, struct nlmsghdr *n)
+{
+ int ret;
+ __be32 key_id;
+
+ ret = get_be32(&key_id, str, 10);
+ if (!ret)
+ addattr32(n, MAX_MSG, type, key_id);
+
+ return ret;
+}
+
+static int flower_parse_enc_port(char *str, int type, struct nlmsghdr *n)
+{
+ int ret;
+ __be16 port;
+
+ ret = get_be16(&port, str, 10);
+ if (ret)
+ return -1;
+
+ addattr16(n, MAX_MSG, type, port);
+
+ return 0;
+}
+
+static int flower_parse_geneve_opt(char *str, struct nlmsghdr *n)
+{
+ struct rtattr *nest;
+ char *token;
+ int i, err;
+
+ nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_GENEVE);
+
+ i = 1;
+ token = strsep(&str, ":");
+ while (token) {
+ switch (i) {
+ case TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS:
+ {
+ __be16 opt_class;
+
+ if (!strlen(token))
+ break;
+ err = get_be16(&opt_class, token, 16);
+ if (err)
+ return err;
+
+ addattr16(n, MAX_MSG, i, opt_class);
+ break;
+ }
+ case TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE:
+ {
+ __u8 opt_type;
+
+ if (!strlen(token))
+ break;
+ err = get_u8(&opt_type, token, 16);
+ if (err)
+ return err;
+
+ addattr8(n, MAX_MSG, i, opt_type);
+ break;
+ }
+ case TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA:
+ {
+ size_t token_len = strlen(token);
+ __u8 *opts;
+
+ if (!token_len)
+ break;
+ opts = malloc(token_len / 2);
+ if (!opts)
+ return -1;
+ if (hex2mem(token, opts, token_len / 2) < 0) {
+ free(opts);
+ return -1;
+ }
+ addattr_l(n, MAX_MSG, i, opts, token_len / 2);
+ free(opts);
+
+ break;
+ }
+ default:
+ fprintf(stderr, "Unknown \"geneve_opts\" type\n");
+ return -1;
+ }
+
+ token = strsep(&str, ":");
+ i++;
+ }
+ addattr_nest_end(n, nest);
+
+ return 0;
+}
+
+static int flower_parse_vxlan_opt(char *str, struct nlmsghdr *n)
+{
+ struct rtattr *nest;
+ __u32 gbp;
+ int err;
+
+ nest = addattr_nest(n, MAX_MSG,
+ TCA_FLOWER_KEY_ENC_OPTS_VXLAN | NLA_F_NESTED);
+
+ err = get_u32(&gbp, str, 0);
+ if (err)
+ return err;
+ addattr32(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP, gbp);
+
+ addattr_nest_end(n, nest);
+
+ return 0;
+}
+
+static int flower_parse_erspan_opt(char *str, struct nlmsghdr *n)
+{
+ struct rtattr *nest;
+ char *token;
+ int i, err;
+
+ nest = addattr_nest(n, MAX_MSG,
+ TCA_FLOWER_KEY_ENC_OPTS_ERSPAN | NLA_F_NESTED);
+
+ i = 1;
+ token = strsep(&str, ":");
+ while (token) {
+ switch (i) {
+ case TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER:
+ {
+ __u8 opt_type;
+
+ if (!strlen(token))
+ break;
+ err = get_u8(&opt_type, token, 0);
+ if (err)
+ return err;
+
+ addattr8(n, MAX_MSG, i, opt_type);
+ break;
+ }
+ case TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX:
+ {
+ __be32 opt_index;
+
+ if (!strlen(token))
+ break;
+ err = get_be32(&opt_index, token, 0);
+ if (err)
+ return err;
+
+ addattr32(n, MAX_MSG, i, opt_index);
+ break;
+ }
+ case TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR:
+ {
+ __u8 opt_type;
+
+ if (!strlen(token))
+ break;
+ err = get_u8(&opt_type, token, 0);
+ if (err)
+ return err;
+
+ addattr8(n, MAX_MSG, i, opt_type);
+ break;
+ }
+ case TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID:
+ {
+ __u8 opt_type;
+
+ if (!strlen(token))
+ break;
+ err = get_u8(&opt_type, token, 0);
+ if (err)
+ return err;
+
+ addattr8(n, MAX_MSG, i, opt_type);
+ break;
+ }
+ default:
+ fprintf(stderr, "Unknown \"geneve_opts\" type\n");
+ return -1;
+ }
+
+ token = strsep(&str, ":");
+ i++;
+ }
+ addattr_nest_end(n, nest);
+
+ return 0;
+}
+
+static int flower_parse_gtp_opt(char *str, struct nlmsghdr *n)
+{
+ struct rtattr *nest;
+ char *token;
+ int arg, err;
+
+ nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_GTP | NLA_F_NESTED);
+
+ token = strsep(&str, ":");
+ for (arg = 1; arg <= TCA_FLOWER_KEY_ENC_OPT_GTP_MAX; arg++) {
+ switch (arg) {
+ case TCA_FLOWER_KEY_ENC_OPT_GTP_PDU_TYPE:
+ {
+ __u8 pdu_type;
+
+ if (!strlen(token))
+ break;
+ err = get_u8(&pdu_type, token, 16);
+ if (err)
+ return err;
+ addattr8(n, MAX_MSG, arg, pdu_type);
+ break;
+ }
+ case TCA_FLOWER_KEY_ENC_OPT_GTP_QFI:
+ {
+ __u8 qfi;
+
+ if (!strlen(token))
+ break;
+ err = get_u8(&qfi, token, 16);
+ if (err)
+ return err;
+ addattr8(n, MAX_MSG, arg, qfi);
+ break;
+ }
+ default:
+ fprintf(stderr, "Unknown \"gtp_opts\" type\n");
+ return -1;
+ }
+ token = strsep(&str, ":");
+ }
+ addattr_nest_end(n, nest);
+
+ return 0;
+}
+
+static int flower_parse_geneve_opts(char *str, struct nlmsghdr *n)
+{
+ char *token;
+ int err;
+
+ token = strsep(&str, ",");
+ while (token) {
+ err = flower_parse_geneve_opt(token, n);
+ if (err)
+ return err;
+
+ token = strsep(&str, ",");
+ }
+
+ return 0;
+}
+
+static int flower_check_enc_opt_key(char *key)
+{
+ int key_len, col_cnt = 0;
+
+ key_len = strlen(key);
+ while ((key = strchr(key, ':'))) {
+ if (strlen(key) == key_len)
+ return -1;
+
+ key_len = strlen(key) - 1;
+ col_cnt++;
+ key++;
+ }
+
+ if (col_cnt != 2 || !key_len)
+ return -1;
+
+ return 0;
+}
+
+static int flower_parse_enc_opts_geneve(char *str, struct nlmsghdr *n)
+{
+ char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];
+ int data_len, key_len, mask_len, err;
+ char *token, *slash;
+ struct rtattr *nest;
+
+ key_len = 0;
+ mask_len = 0;
+ token = strsep(&str, ",");
+ while (token) {
+ slash = strchr(token, '/');
+ if (slash)
+ *slash = '\0';
+
+ if ((key_len + strlen(token) > XATTR_SIZE_MAX) ||
+ flower_check_enc_opt_key(token))
+ return -1;
+
+ strcpy(&key[key_len], token);
+ key_len += strlen(token) + 1;
+ key[key_len - 1] = ',';
+
+ if (!slash) {
+ /* Pad out mask when not provided */
+ if (mask_len + strlen(token) > XATTR_SIZE_MAX)
+ return -1;
+
+ data_len = strlen(rindex(token, ':'));
+ sprintf(&mask[mask_len], "ffff:ff:");
+ mask_len += 8;
+ memset(&mask[mask_len], 'f', data_len - 1);
+ mask_len += data_len;
+ mask[mask_len - 1] = ',';
+ token = strsep(&str, ",");
+ continue;
+ }
+
+ if (mask_len + strlen(slash + 1) > XATTR_SIZE_MAX)
+ return -1;
+
+ strcpy(&mask[mask_len], slash + 1);
+ mask_len += strlen(slash + 1) + 1;
+ mask[mask_len - 1] = ',';
+
+ *slash = '/';
+ token = strsep(&str, ",");
+ }
+ key[key_len - 1] = '\0';
+ mask[mask_len - 1] = '\0';
+
+ nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS);
+ err = flower_parse_geneve_opts(key, n);
+ if (err)
+ return err;
+ addattr_nest_end(n, nest);
+
+ nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_MASK);
+ err = flower_parse_geneve_opts(mask, n);
+ if (err)
+ return err;
+ addattr_nest_end(n, nest);
+
+ return 0;
+}
+
+static int flower_parse_enc_opts_vxlan(char *str, struct nlmsghdr *n)
+{
+ char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];
+ struct rtattr *nest;
+ char *slash;
+ int err;
+
+ slash = strchr(str, '/');
+ if (slash) {
+ *slash++ = '\0';
+ if (strlen(slash) > XATTR_SIZE_MAX)
+ return -1;
+ strcpy(mask, slash);
+ } else {
+ strcpy(mask, "0xffffffff");
+ }
+
+ if (strlen(str) > XATTR_SIZE_MAX)
+ return -1;
+ strcpy(key, str);
+
+ nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS | NLA_F_NESTED);
+ err = flower_parse_vxlan_opt(str, n);
+ if (err)
+ return err;
+ addattr_nest_end(n, nest);
+
+ nest = addattr_nest(n, MAX_MSG,
+ TCA_FLOWER_KEY_ENC_OPTS_MASK | NLA_F_NESTED);
+ err = flower_parse_vxlan_opt(mask, n);
+ if (err)
+ return err;
+ addattr_nest_end(n, nest);
+
+ return 0;
+}
+
+static int flower_parse_enc_opts_erspan(char *str, struct nlmsghdr *n)
+{
+ char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];
+ struct rtattr *nest;
+ char *slash;
+ int err;
+
+
+ slash = strchr(str, '/');
+ if (slash) {
+ *slash++ = '\0';
+ if (strlen(slash) > XATTR_SIZE_MAX)
+ return -1;
+ strcpy(mask, slash);
+ } else {
+ int index;
+
+ slash = strchr(str, ':');
+ index = (int)(slash - str);
+ memcpy(mask, str, index);
+ strcpy(mask + index, ":0xffffffff:0xff:0xff");
+ }
+
+ if (strlen(str) > XATTR_SIZE_MAX)
+ return -1;
+ strcpy(key, str);
+
+ nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS | NLA_F_NESTED);
+ err = flower_parse_erspan_opt(key, n);
+ if (err)
+ return err;
+ addattr_nest_end(n, nest);
+
+ nest = addattr_nest(n, MAX_MSG,
+ TCA_FLOWER_KEY_ENC_OPTS_MASK | NLA_F_NESTED);
+ err = flower_parse_erspan_opt(mask, n);
+ if (err)
+ return err;
+ addattr_nest_end(n, nest);
+
+ return 0;
+}
+
+static int flower_parse_enc_opts_gtp(char *str, struct nlmsghdr *n)
+{
+ char key[XATTR_SIZE_MAX], mask[XATTR_SIZE_MAX];
+ struct rtattr *nest;
+ char *slash;
+ int err;
+
+ slash = strchr(str, '/');
+ if (slash) {
+ *slash++ = '\0';
+ if (strlen(slash) > XATTR_SIZE_MAX)
+ return -1;
+ strcpy(mask, slash);
+ } else
+ strcpy(mask, "ff:ff");
+
+ if (strlen(str) > XATTR_SIZE_MAX)
+ return -1;
+ strcpy(key, str);
+
+ nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS | NLA_F_NESTED);
+ err = flower_parse_gtp_opt(key, n);
+ if (err)
+ return err;
+ addattr_nest_end(n, nest);
+
+ nest = addattr_nest(n, MAX_MSG, TCA_FLOWER_KEY_ENC_OPTS_MASK | NLA_F_NESTED);
+ err = flower_parse_gtp_opt(mask, n);
+ if (err)
+ return err;
+ addattr_nest_end(n, nest);
+
+ return 0;
+}
+
+static int flower_parse_mpls_lse(int *argc_p, char ***argv_p,
+ struct nlmsghdr *nlh)
+{
+ struct rtattr *lse_attr;
+ char **argv = *argv_p;
+ int argc = *argc_p;
+ __u8 depth = 0;
+ int ret;
+
+ lse_attr = addattr_nest(nlh, MAX_MSG,
+ TCA_FLOWER_KEY_MPLS_OPTS_LSE | NLA_F_NESTED);
+
+ while (argc > 0) {
+ if (matches(*argv, "depth") == 0) {
+ NEXT_ARG();
+ ret = get_u8(&depth, *argv, 10);
+ if (ret < 0 || depth < 1) {
+ fprintf(stderr, "Illegal \"depth\"\n");
+ return -1;
+ }
+ addattr8(nlh, MAX_MSG,
+ TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH, depth);
+ } else if (matches(*argv, "label") == 0) {
+ __u32 label;
+
+ NEXT_ARG();
+ ret = get_u32(&label, *argv, 10);
+ if (ret < 0 ||
+ label & ~(MPLS_LS_LABEL_MASK >> MPLS_LS_LABEL_SHIFT)) {
+ fprintf(stderr, "Illegal \"label\"\n");
+ return -1;
+ }
+ addattr32(nlh, MAX_MSG,
+ TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL, label);
+ } else if (matches(*argv, "tc") == 0) {
+ __u8 tc;
+
+ NEXT_ARG();
+ ret = get_u8(&tc, *argv, 10);
+ if (ret < 0 ||
+ tc & ~(MPLS_LS_TC_MASK >> MPLS_LS_TC_SHIFT)) {
+ fprintf(stderr, "Illegal \"tc\"\n");
+ return -1;
+ }
+ addattr8(nlh, MAX_MSG, TCA_FLOWER_KEY_MPLS_OPT_LSE_TC,
+ tc);
+ } else if (matches(*argv, "bos") == 0) {
+ __u8 bos;
+
+ NEXT_ARG();
+ ret = get_u8(&bos, *argv, 10);
+ if (ret < 0 || bos & ~(MPLS_LS_S_MASK >> MPLS_LS_S_SHIFT)) {
+ fprintf(stderr, "Illegal \"bos\"\n");
+ return -1;
+ }
+ addattr8(nlh, MAX_MSG, TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS,
+ bos);
+ } else if (matches(*argv, "ttl") == 0) {
+ __u8 ttl;
+
+ NEXT_ARG();
+ ret = get_u8(&ttl, *argv, 10);
+ if (ret < 0 || ttl & ~(MPLS_LS_TTL_MASK >> MPLS_LS_TTL_SHIFT)) {
+ fprintf(stderr, "Illegal \"ttl\"\n");
+ return -1;
+ }
+ addattr8(nlh, MAX_MSG, TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL,
+ ttl);
+ } else {
+ break;
+ }
+ argc--; argv++;
+ }
+
+ if (!depth) {
+ missarg("depth");
+ return -1;
+ }
+
+ addattr_nest_end(nlh, lse_attr);
+
+ *argc_p = argc;
+ *argv_p = argv;
+
+ return 0;
+}
+
+static int flower_parse_mpls(int *argc_p, char ***argv_p, struct nlmsghdr *nlh)
+{
+ struct rtattr *mpls_attr;
+ char **argv = *argv_p;
+ int argc = *argc_p;
+
+ mpls_attr = addattr_nest(nlh, MAX_MSG,
+ TCA_FLOWER_KEY_MPLS_OPTS | NLA_F_NESTED);
+
+ while (argc > 0) {
+ if (matches(*argv, "lse") == 0) {
+ NEXT_ARG();
+ if (flower_parse_mpls_lse(&argc, &argv, nlh) < 0)
+ return -1;
+ } else {
+ break;
+ }
+ }
+
+ addattr_nest_end(nlh, mpls_attr);
+
+ *argc_p = argc;
+ *argv_p = argv;
+
+ return 0;
+}
+
+static int flower_parse_opt(struct filter_util *qu, char *handle,
+ int argc, char **argv, struct nlmsghdr *n)
+{
+ int ret;
+ struct tcmsg *t = NLMSG_DATA(n);
+ bool mpls_format_old = false;
+ bool mpls_format_new = false;
+ struct rtattr *tail;
+ __be16 tc_proto = TC_H_MIN(t->tcm_info);
+ __be16 eth_type = tc_proto;
+ __be16 vlan_ethtype = 0;
+ __u8 num_of_vlans = 0;
+ __u8 ip_proto = 0xff;
+ __u32 flags = 0;
+ __u32 mtf = 0;
+ __u32 mtf_mask = 0;
+
+ if (handle) {
+ ret = get_u32(&t->tcm_handle, handle, 0);
+ if (ret) {
+ fprintf(stderr, "Illegal \"handle\"\n");
+ return -1;
+ }
+ }
+
+ tail = (struct rtattr *) (((void *) n) + NLMSG_ALIGN(n->nlmsg_len));
+ addattr_l(n, MAX_MSG, TCA_OPTIONS, NULL, 0);
+
+ if (argc == 0) {
+ /*at minimal we will match all ethertype packets */
+ goto parse_done;
+ }
+
+ while (argc > 0) {
+ if (matches(*argv, "classid") == 0 ||
+ matches(*argv, "flowid") == 0) {
+ unsigned int classid;
+
+ NEXT_ARG();
+ ret = get_tc_classid(&classid, *argv);
+ if (ret) {
+ fprintf(stderr, "Illegal \"classid\"\n");
+ return -1;
+ }
+ addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &classid, 4);
+ } else if (matches(*argv, "hw_tc") == 0) {
+ unsigned int classid;
+ __u32 tc;
+ char *end;
+
+ NEXT_ARG();
+ tc = strtoul(*argv, &end, 0);
+ if (*end) {
+ fprintf(stderr, "Illegal TC index\n");
+ return -1;
+ }
+ if (tc >= TC_QOPT_MAX_QUEUE) {
+ fprintf(stderr, "TC index exceeds max range\n");
+ return -1;
+ }
+ classid = TC_H_MAKE(TC_H_MAJ(t->tcm_parent),
+ TC_H_MIN(tc + TC_H_MIN_PRIORITY));
+ addattr_l(n, MAX_MSG, TCA_FLOWER_CLASSID, &classid,
+ sizeof(classid));
+ } else if (matches(*argv, "ip_flags") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_matching_flags(*argv,
+ FLOWER_IP_FLAGS,
+ &mtf,
+ &mtf_mask);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ip_flags\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "verbose") == 0) {
+ flags |= TCA_CLS_FLAGS_VERBOSE;
+ } else if (matches(*argv, "skip_hw") == 0) {
+ flags |= TCA_CLS_FLAGS_SKIP_HW;
+ } else if (matches(*argv, "skip_sw") == 0) {
+ flags |= TCA_CLS_FLAGS_SKIP_SW;
+ } else if (matches(*argv, "ct_state") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ct_state(*argv, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ct_state\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "ct_zone") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ct_zone(*argv, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ct_zone\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "ct_mark") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ct_mark(*argv, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ct_mark\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "ct_label") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ct_labels(*argv, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ct_label\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "indev") == 0) {
+ NEXT_ARG();
+ if (check_ifname(*argv))
+ invarg("\"indev\" not a valid ifname", *argv);
+ addattrstrz(n, MAX_MSG, TCA_FLOWER_INDEV, *argv);
+ } else if (strcmp(*argv, "num_of_vlans") == 0) {
+ NEXT_ARG();
+ ret = get_u8(&num_of_vlans, *argv, 10);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"num_of_vlans\"\n");
+ return -1;
+ }
+ addattr8(n, MAX_MSG,
+ TCA_FLOWER_KEY_NUM_OF_VLANS, num_of_vlans);
+ } else if (matches(*argv, "vlan_id") == 0) {
+ __u16 vid;
+
+ NEXT_ARG();
+ if (!eth_type_vlan(tc_proto, num_of_vlans > 0)) {
+ fprintf(stderr, "Can't set \"vlan_id\" if ethertype isn't 802.1Q or 802.1AD"
+ " and num_of_vlans is 0\n");
+ return -1;
+ }
+ ret = get_u16(&vid, *argv, 10);
+ if (ret < 0 || vid & ~0xfff) {
+ fprintf(stderr, "Illegal \"vlan_id\"\n");
+ return -1;
+ }
+ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_VLAN_ID, vid);
+ } else if (matches(*argv, "vlan_prio") == 0) {
+ __u8 vlan_prio;
+
+ NEXT_ARG();
+ if (!eth_type_vlan(tc_proto, num_of_vlans > 0)) {
+ fprintf(stderr, "Can't set \"vlan_prio\" if ethertype isn't 802.1Q or 802.1AD"
+ " and num_of_vlans is 0\n");
+ return -1;
+ }
+ ret = get_u8(&vlan_prio, *argv, 10);
+ if (ret < 0 || vlan_prio & ~0x7) {
+ fprintf(stderr, "Illegal \"vlan_prio\"\n");
+ return -1;
+ }
+ addattr8(n, MAX_MSG,
+ TCA_FLOWER_KEY_VLAN_PRIO, vlan_prio);
+ } else if (matches(*argv, "vlan_ethtype") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_vlan_eth_type(*argv, eth_type,
+ TCA_FLOWER_KEY_VLAN_ETH_TYPE,
+ &vlan_ethtype, n, num_of_vlans > 0);
+ if (ret < 0)
+ return -1;
+ /* get new ethtype for later parsing */
+ eth_type = vlan_ethtype;
+ } else if (matches(*argv, "cvlan_id") == 0) {
+ __u16 vid;
+
+ NEXT_ARG();
+ if (!eth_type_vlan(vlan_ethtype, num_of_vlans > 1)) {
+ fprintf(stderr, "Can't set \"cvlan_id\" if inner vlan ethertype isn't 802.1Q or 802.1AD"
+ " and num_of_vlans is less than 2\n");
+ return -1;
+ }
+ ret = get_u16(&vid, *argv, 10);
+ if (ret < 0 || vid & ~0xfff) {
+ fprintf(stderr, "Illegal \"cvlan_id\"\n");
+ return -1;
+ }
+ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_CVLAN_ID, vid);
+ } else if (matches(*argv, "cvlan_prio") == 0) {
+ __u8 cvlan_prio;
+
+ NEXT_ARG();
+ if (!eth_type_vlan(vlan_ethtype, num_of_vlans > 1)) {
+ fprintf(stderr, "Can't set \"cvlan_prio\" if inner vlan ethertype isn't 802.1Q or 802.1AD"
+ " and num_of_vlans is less than 2\n");
+ return -1;
+ }
+ ret = get_u8(&cvlan_prio, *argv, 10);
+ if (ret < 0 || cvlan_prio & ~0x7) {
+ fprintf(stderr, "Illegal \"cvlan_prio\"\n");
+ return -1;
+ }
+ addattr8(n, MAX_MSG,
+ TCA_FLOWER_KEY_CVLAN_PRIO, cvlan_prio);
+ } else if (matches(*argv, "cvlan_ethtype") == 0) {
+ NEXT_ARG();
+ /* get new ethtype for later parsing */
+ ret = flower_parse_vlan_eth_type(*argv, vlan_ethtype,
+ TCA_FLOWER_KEY_CVLAN_ETH_TYPE,
+ &eth_type, n, num_of_vlans > 1);
+ if (ret < 0)
+ return -1;
+ } else if (matches(*argv, "mpls") == 0) {
+ NEXT_ARG();
+ if (eth_type != htons(ETH_P_MPLS_UC) &&
+ eth_type != htons(ETH_P_MPLS_MC)) {
+ fprintf(stderr,
+ "Can't set \"mpls\" if ethertype isn't MPLS\n");
+ return -1;
+ }
+ if (mpls_format_old) {
+ fprintf(stderr,
+ "Can't set \"mpls\" if \"mpls_label\", \"mpls_tc\", \"mpls_bos\" or \"mpls_ttl\" is set\n");
+ return -1;
+ }
+ mpls_format_new = true;
+ if (flower_parse_mpls(&argc, &argv, n) < 0)
+ return -1;
+ continue;
+ } else if (matches(*argv, "mpls_label") == 0) {
+ __u32 label;
+
+ NEXT_ARG();
+ if (eth_type != htons(ETH_P_MPLS_UC) &&
+ eth_type != htons(ETH_P_MPLS_MC)) {
+ fprintf(stderr,
+ "Can't set \"mpls_label\" if ethertype isn't MPLS\n");
+ return -1;
+ }
+ if (mpls_format_new) {
+ fprintf(stderr,
+ "Can't set \"mpls_label\" if \"mpls\" is set\n");
+ return -1;
+ }
+ mpls_format_old = true;
+ ret = get_u32(&label, *argv, 10);
+ if (ret < 0 || label & ~(MPLS_LS_LABEL_MASK >> MPLS_LS_LABEL_SHIFT)) {
+ fprintf(stderr, "Illegal \"mpls_label\"\n");
+ return -1;
+ }
+ addattr32(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_LABEL, label);
+ } else if (matches(*argv, "mpls_tc") == 0) {
+ __u8 tc;
+
+ NEXT_ARG();
+ if (eth_type != htons(ETH_P_MPLS_UC) &&
+ eth_type != htons(ETH_P_MPLS_MC)) {
+ fprintf(stderr,
+ "Can't set \"mpls_tc\" if ethertype isn't MPLS\n");
+ return -1;
+ }
+ if (mpls_format_new) {
+ fprintf(stderr,
+ "Can't set \"mpls_tc\" if \"mpls\" is set\n");
+ return -1;
+ }
+ mpls_format_old = true;
+ ret = get_u8(&tc, *argv, 10);
+ if (ret < 0 || tc & ~(MPLS_LS_TC_MASK >> MPLS_LS_TC_SHIFT)) {
+ fprintf(stderr, "Illegal \"mpls_tc\"\n");
+ return -1;
+ }
+ addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_TC, tc);
+ } else if (matches(*argv, "mpls_bos") == 0) {
+ __u8 bos;
+
+ NEXT_ARG();
+ if (eth_type != htons(ETH_P_MPLS_UC) &&
+ eth_type != htons(ETH_P_MPLS_MC)) {
+ fprintf(stderr,
+ "Can't set \"mpls_bos\" if ethertype isn't MPLS\n");
+ return -1;
+ }
+ if (mpls_format_new) {
+ fprintf(stderr,
+ "Can't set \"mpls_bos\" if \"mpls\" is set\n");
+ return -1;
+ }
+ mpls_format_old = true;
+ ret = get_u8(&bos, *argv, 10);
+ if (ret < 0 || bos & ~(MPLS_LS_S_MASK >> MPLS_LS_S_SHIFT)) {
+ fprintf(stderr, "Illegal \"mpls_bos\"\n");
+ return -1;
+ }
+ addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_BOS, bos);
+ } else if (matches(*argv, "mpls_ttl") == 0) {
+ __u8 ttl;
+
+ NEXT_ARG();
+ if (eth_type != htons(ETH_P_MPLS_UC) &&
+ eth_type != htons(ETH_P_MPLS_MC)) {
+ fprintf(stderr,
+ "Can't set \"mpls_ttl\" if ethertype isn't MPLS\n");
+ return -1;
+ }
+ if (mpls_format_new) {
+ fprintf(stderr,
+ "Can't set \"mpls_ttl\" if \"mpls\" is set\n");
+ return -1;
+ }
+ mpls_format_old = true;
+ ret = get_u8(&ttl, *argv, 10);
+ if (ret < 0 || ttl & ~(MPLS_LS_TTL_MASK >> MPLS_LS_TTL_SHIFT)) {
+ fprintf(stderr, "Illegal \"mpls_ttl\"\n");
+ return -1;
+ }
+ addattr8(n, MAX_MSG, TCA_FLOWER_KEY_MPLS_TTL, ttl);
+ } else if (matches(*argv, "dst_mac") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_eth_addr(*argv,
+ TCA_FLOWER_KEY_ETH_DST,
+ TCA_FLOWER_KEY_ETH_DST_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"dst_mac\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "src_mac") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_eth_addr(*argv,
+ TCA_FLOWER_KEY_ETH_SRC,
+ TCA_FLOWER_KEY_ETH_SRC_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"src_mac\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "ip_proto") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_proto(*argv, eth_type,
+ TCA_FLOWER_KEY_IP_PROTO,
+ &ip_proto, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ip_proto\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "ip_tos") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_tos_ttl(*argv,
+ TCA_FLOWER_KEY_IP_TOS,
+ TCA_FLOWER_KEY_IP_TOS_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ip_tos\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "ip_ttl") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_tos_ttl(*argv,
+ TCA_FLOWER_KEY_IP_TTL,
+ TCA_FLOWER_KEY_IP_TTL_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"ip_ttl\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "dst_ip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_addr(*argv, eth_type,
+ TCA_FLOWER_KEY_IPV4_DST,
+ TCA_FLOWER_KEY_IPV4_DST_MASK,
+ TCA_FLOWER_KEY_IPV6_DST,
+ TCA_FLOWER_KEY_IPV6_DST_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"dst_ip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "src_ip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_addr(*argv, eth_type,
+ TCA_FLOWER_KEY_IPV4_SRC,
+ TCA_FLOWER_KEY_IPV4_SRC_MASK,
+ TCA_FLOWER_KEY_IPV6_SRC,
+ TCA_FLOWER_KEY_IPV6_SRC_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"src_ip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "dst_port") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_port(*argv, ip_proto,
+ FLOWER_ENDPOINT_DST, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"dst_port\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "src_port") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_port(*argv, ip_proto,
+ FLOWER_ENDPOINT_SRC, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"src_port\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "tcp_flags") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_tcp_flags(*argv,
+ TCA_FLOWER_KEY_TCP_FLAGS,
+ TCA_FLOWER_KEY_TCP_FLAGS_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"tcp_flags\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "type") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_icmp(*argv, eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_TYPE, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"icmp type\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "code") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_icmp(*argv, eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_CODE, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"icmp code\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_tip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_arp_ip_addr(*argv, eth_type,
+ TCA_FLOWER_KEY_ARP_TIP,
+ TCA_FLOWER_KEY_ARP_TIP_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_tip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_sip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_arp_ip_addr(*argv, eth_type,
+ TCA_FLOWER_KEY_ARP_SIP,
+ TCA_FLOWER_KEY_ARP_SIP_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_sip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_op") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_arp_op(*argv, eth_type,
+ TCA_FLOWER_KEY_ARP_OP,
+ TCA_FLOWER_KEY_ARP_OP_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_op\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_tha") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_eth_addr(*argv,
+ TCA_FLOWER_KEY_ARP_THA,
+ TCA_FLOWER_KEY_ARP_THA_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_tha\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "arp_sha") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_eth_addr(*argv,
+ TCA_FLOWER_KEY_ARP_SHA,
+ TCA_FLOWER_KEY_ARP_SHA_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"arp_sha\"\n");
+ return -1;
+ }
+
+ } else if (!strcmp(*argv, "pppoe_sid")) {
+ __be16 sid;
+
+ NEXT_ARG();
+ if (eth_type != htons(ETH_P_PPP_SES)) {
+ fprintf(stderr,
+ "Can't set \"pppoe_sid\" if ethertype isn't PPPoE session\n");
+ return -1;
+ }
+ ret = get_be16(&sid, *argv, 10);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"pppoe_sid\"\n");
+ return -1;
+ }
+ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_PPPOE_SID, sid);
+ } else if (!strcmp(*argv, "ppp_proto")) {
+ __be16 proto;
+
+ NEXT_ARG();
+ if (eth_type != htons(ETH_P_PPP_SES)) {
+ fprintf(stderr,
+ "Can't set \"ppp_proto\" if ethertype isn't PPPoE session\n");
+ return -1;
+ }
+ if (ppp_proto_a2n(&proto, *argv))
+ invarg("invalid ppp_proto", *argv);
+ /* get new ethtype for later parsing */
+ if (proto == htons(PPP_IP))
+ eth_type = htons(ETH_P_IP);
+ else if (proto == htons(PPP_IPV6))
+ eth_type = htons(ETH_P_IPV6);
+ else if (proto == htons(PPP_MPLS_UC))
+ eth_type = htons(ETH_P_MPLS_UC);
+ else if (proto == htons(PPP_MPLS_MC))
+ eth_type = htons(ETH_P_MPLS_MC);
+ addattr16(n, MAX_MSG, TCA_FLOWER_KEY_PPP_PROTO, proto);
+ } else if (matches(*argv, "enc_dst_ip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_addr(*argv, 0,
+ TCA_FLOWER_KEY_ENC_IPV4_DST,
+ TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,
+ TCA_FLOWER_KEY_ENC_IPV6_DST,
+ TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_dst_ip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_src_ip") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_addr(*argv, 0,
+ TCA_FLOWER_KEY_ENC_IPV4_SRC,
+ TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,
+ TCA_FLOWER_KEY_ENC_IPV6_SRC,
+ TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_src_ip\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_key_id") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_key_id(*argv,
+ TCA_FLOWER_KEY_ENC_KEY_ID, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_key_id\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_dst_port") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_enc_port(*argv,
+ TCA_FLOWER_KEY_ENC_UDP_DST_PORT, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_dst_port\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_tos") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_tos_ttl(*argv,
+ TCA_FLOWER_KEY_ENC_IP_TOS,
+ TCA_FLOWER_KEY_ENC_IP_TOS_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_tos\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "enc_ttl") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_ip_tos_ttl(*argv,
+ TCA_FLOWER_KEY_ENC_IP_TTL,
+ TCA_FLOWER_KEY_ENC_IP_TTL_MASK,
+ n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"enc_ttl\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "geneve_opts") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_enc_opts_geneve(*argv, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"geneve_opts\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "vxlan_opts") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_enc_opts_vxlan(*argv, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"vxlan_opts\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "erspan_opts") == 0) {
+ NEXT_ARG();
+ ret = flower_parse_enc_opts_erspan(*argv, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"erspan_opts\"\n");
+ return -1;
+ }
+ } else if (!strcmp(*argv, "gtp_opts")) {
+ NEXT_ARG();
+ ret = flower_parse_enc_opts_gtp(*argv, n);
+ if (ret < 0) {
+ fprintf(stderr, "Illegal \"gtp_opts\"\n");
+ return -1;
+ }
+ } else if (matches(*argv, "action") == 0) {
+ NEXT_ARG();
+ ret = parse_action(&argc, &argv, TCA_FLOWER_ACT, n);
+ if (ret) {
+ fprintf(stderr, "Illegal \"action\"\n");
+ return -1;
+ }
+ continue;
+ } else {
+ if (strcmp(*argv, "help") != 0)
+ fprintf(stderr, "What is \"%s\"?\n", *argv);
+ explain();
+ return -1;
+ }
+ argc--; argv++;
+ }
+
+parse_done:
+ ret = addattr32(n, MAX_MSG, TCA_FLOWER_FLAGS, flags);
+ if (ret)
+ return ret;
+
+ if (mtf_mask) {
+ ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS, htonl(mtf));
+ if (ret)
+ return ret;
+
+ ret = addattr32(n, MAX_MSG, TCA_FLOWER_KEY_FLAGS_MASK, htonl(mtf_mask));
+ if (ret)
+ return ret;
+ }
+
+ if (tc_proto != htons(ETH_P_ALL)) {
+ ret = addattr16(n, MAX_MSG, TCA_FLOWER_KEY_ETH_TYPE, tc_proto);
+ if (ret)
+ return ret;
+ }
+
+ tail->rta_len = (((void *)n)+n->nlmsg_len) - (void *)tail;
+
+ return 0;
+}
+
+static int __mask_bits(char *addr, size_t len)
+{
+ int bits = 0;
+ bool hole = false;
+ int i;
+ int j;
+
+ for (i = 0; i < len; i++, addr++) {
+ for (j = 7; j >= 0; j--) {
+ if (((*addr) >> j) & 0x1) {
+ if (hole)
+ return -1;
+ bits++;
+ } else if (bits) {
+ hole = true;
+ } else {
+ return -1;
+ }
+ }
+ }
+ return bits;
+}
+
+static void flower_print_eth_addr(const char *name, struct rtattr *addr_attr,
+ struct rtattr *mask_attr)
+{
+ SPRINT_BUF(out);
+ SPRINT_BUF(b1);
+ size_t done;
+ int bits;
+
+ if (!addr_attr || RTA_PAYLOAD(addr_attr) != ETH_ALEN)
+ return;
+ done = sprintf(out, "%s",
+ ll_addr_n2a(RTA_DATA(addr_attr), ETH_ALEN,
+ 0, b1, sizeof(b1)));
+ if (mask_attr && RTA_PAYLOAD(mask_attr) == ETH_ALEN) {
+ bits = __mask_bits(RTA_DATA(mask_attr), ETH_ALEN);
+ if (bits < 0)
+ sprintf(out + done, "/%s",
+ ll_addr_n2a(RTA_DATA(mask_attr), ETH_ALEN,
+ 0, b1, sizeof(b1)));
+ else if (bits < ETH_ALEN * 8)
+ sprintf(out + done, "/%d", bits);
+ }
+
+ print_indent_name_value(name, out);
+}
+
+static void flower_print_eth_type(__be16 *p_eth_type,
+ struct rtattr *eth_type_attr)
+{
+ SPRINT_BUF(out);
+ __be16 eth_type;
+
+ if (!eth_type_attr)
+ return;
+
+ eth_type = rta_getattr_u16(eth_type_attr);
+ if (eth_type == htons(ETH_P_IP))
+ sprintf(out, "ipv4");
+ else if (eth_type == htons(ETH_P_IPV6))
+ sprintf(out, "ipv6");
+ else if (eth_type == htons(ETH_P_ARP))
+ sprintf(out, "arp");
+ else if (eth_type == htons(ETH_P_RARP))
+ sprintf(out, "rarp");
+ else
+ sprintf(out, "%04x", ntohs(eth_type));
+
+ print_nl();
+ print_string(PRINT_ANY, "eth_type", " eth_type %s", out);
+ *p_eth_type = eth_type;
+}
+
+static void flower_print_ip_proto(__u8 *p_ip_proto,
+ struct rtattr *ip_proto_attr)
+{
+ SPRINT_BUF(out);
+ __u8 ip_proto;
+
+ if (!ip_proto_attr)
+ return;
+
+ ip_proto = rta_getattr_u8(ip_proto_attr);
+ if (ip_proto == IPPROTO_TCP)
+ sprintf(out, "tcp");
+ else if (ip_proto == IPPROTO_UDP)
+ sprintf(out, "udp");
+ else if (ip_proto == IPPROTO_SCTP)
+ sprintf(out, "sctp");
+ else if (ip_proto == IPPROTO_ICMP)
+ sprintf(out, "icmp");
+ else if (ip_proto == IPPROTO_ICMPV6)
+ sprintf(out, "icmpv6");
+ else
+ sprintf(out, "%02x", ip_proto);
+
+ print_nl();
+ print_string(PRINT_ANY, "ip_proto", " ip_proto %s", out);
+ *p_ip_proto = ip_proto;
+}
+
+static void flower_print_ip_attr(const char *name, struct rtattr *key_attr,
+ struct rtattr *mask_attr)
+{
+ print_masked_u8(name, key_attr, mask_attr, true);
+}
+
+static void flower_print_matching_flags(char *name,
+ enum flower_matching_flags type,
+ struct rtattr *attr,
+ struct rtattr *mask_attr)
+{
+ int i;
+ int count = 0;
+ __u32 mtf;
+ __u32 mtf_mask;
+
+ if (!mask_attr || RTA_PAYLOAD(mask_attr) != 4)
+ return;
+
+ mtf = ntohl(rta_getattr_u32(attr));
+ mtf_mask = ntohl(rta_getattr_u32(mask_attr));
+
+ for (i = 0; i < ARRAY_SIZE(flags_str); i++) {
+ if (type != flags_str[i].type)
+ continue;
+ if (mtf_mask & flags_str[i].flag) {
+ if (++count == 1) {
+ print_nl();
+ print_string(PRINT_FP, NULL, " %s ", name);
+ open_json_object(name);
+ } else {
+ print_string(PRINT_FP, NULL, "/", NULL);
+ }
+
+ print_bool(PRINT_JSON, flags_str[i].string, NULL,
+ mtf & flags_str[i].flag);
+ if (mtf & flags_str[i].flag)
+ print_string(PRINT_FP, NULL, "%s",
+ flags_str[i].string);
+ else
+ print_string(PRINT_FP, NULL, "no%s",
+ flags_str[i].string);
+ }
+ }
+ if (count)
+ close_json_object();
+}
+
+static void flower_print_ip_addr(char *name, __be16 eth_type,
+ struct rtattr *addr4_attr,
+ struct rtattr *mask4_attr,
+ struct rtattr *addr6_attr,
+ struct rtattr *mask6_attr)
+{
+ struct rtattr *addr_attr;
+ struct rtattr *mask_attr;
+ SPRINT_BUF(out);
+ size_t done;
+ int family;
+ size_t len;
+ int bits;
+
+ if (eth_type == htons(ETH_P_IP)) {
+ family = AF_INET;
+ addr_attr = addr4_attr;
+ mask_attr = mask4_attr;
+ len = 4;
+ } else if (eth_type == htons(ETH_P_IPV6)) {
+ family = AF_INET6;
+ addr_attr = addr6_attr;
+ mask_attr = mask6_attr;
+ len = 16;
+ } else {
+ return;
+ }
+ if (!addr_attr || RTA_PAYLOAD(addr_attr) != len)
+ return;
+ if (!mask_attr || RTA_PAYLOAD(mask_attr) != len)
+ return;
+ done = sprintf(out, "%s", rt_addr_n2a_rta(family, addr_attr));
+ bits = __mask_bits(RTA_DATA(mask_attr), len);
+ if (bits < 0)
+ sprintf(out + done, "/%s", rt_addr_n2a_rta(family, mask_attr));
+ else if (bits < len * 8)
+ sprintf(out + done, "/%d", bits);
+
+ print_indent_name_value(name, out);
+}
+
+static void flower_print_ip4_addr(char *name, struct rtattr *addr_attr,
+ struct rtattr *mask_attr)
+{
+ return flower_print_ip_addr(name, htons(ETH_P_IP),
+ addr_attr, mask_attr, 0, 0);
+}
+
+static void flower_print_port(char *name, struct rtattr *attr,
+ struct rtattr *mask_attr)
+{
+ print_masked_be16(name, attr, mask_attr, true);
+}
+
+static void flower_print_port_range(char *name, struct rtattr *min_attr,
+ struct rtattr *max_attr)
+{
+ if (!min_attr || !max_attr)
+ return;
+
+ if (is_json_context()) {
+ open_json_object(name);
+ print_hu(PRINT_JSON, "start", NULL, rta_getattr_be16(min_attr));
+ print_hu(PRINT_JSON, "end", NULL, rta_getattr_be16(max_attr));
+ close_json_object();
+ } else {
+ SPRINT_BUF(out);
+ size_t done;
+
+ done = sprintf(out, "%u", rta_getattr_be16(min_attr));
+ sprintf(out + done, "-%u", rta_getattr_be16(max_attr));
+ print_indent_name_value(name, out);
+ }
+}
+
+static void flower_print_tcp_flags(const char *name, struct rtattr *flags_attr,
+ struct rtattr *mask_attr)
+{
+ SPRINT_BUF(out);
+ size_t done;
+
+ if (!flags_attr)
+ return;
+
+ done = sprintf(out, "0x%x", rta_getattr_be16(flags_attr));
+ if (mask_attr)
+ sprintf(out + done, "/%x", rta_getattr_be16(mask_attr));
+
+ print_indent_name_value(name, out);
+}
+
+static void flower_print_ct_state(struct rtattr *flags_attr,
+ struct rtattr *mask_attr)
+{
+ SPRINT_BUF(out);
+ uint16_t state;
+ uint16_t state_mask;
+ size_t done = 0;
+ int i;
+
+ if (!flags_attr)
+ return;
+
+ state = rta_getattr_u16(flags_attr);
+ if (mask_attr)
+ state_mask = rta_getattr_u16(mask_attr);
+ else
+ state_mask = UINT16_MAX;
+
+ for (i = 0; i < ARRAY_SIZE(flower_ct_states); i++) {
+ if (!(state_mask & flower_ct_states[i].flag))
+ continue;
+
+ if (state & flower_ct_states[i].flag)
+ done += sprintf(out + done, "+%s",
+ flower_ct_states[i].str);
+ else
+ done += sprintf(out + done, "-%s",
+ flower_ct_states[i].str);
+ }
+
+ print_nl();
+ print_string(PRINT_ANY, "ct_state", " ct_state %s", out);
+}
+
+static void flower_print_ct_label(struct rtattr *attr,
+ struct rtattr *mask_attr)
+{
+ const unsigned char *str;
+ bool print_mask = false;
+ int data_len, i;
+ char out[128];
+ char *p;
+
+ if (!attr)
+ return;
+
+ data_len = RTA_PAYLOAD(attr);
+ hexstring_n2a(RTA_DATA(attr), data_len, out, sizeof(out));
+ p = out + data_len*2;
+
+ data_len = RTA_PAYLOAD(attr);
+ str = RTA_DATA(mask_attr);
+ if (data_len != 16)
+ print_mask = true;
+ for (i = 0; !print_mask && i < data_len; i++) {
+ if (str[i] != 0xff)
+ print_mask = true;
+ }
+ if (print_mask) {
+ *p++ = '/';
+ hexstring_n2a(RTA_DATA(mask_attr), data_len, p,
+ sizeof(out)-(p-out));
+ p += data_len*2;
+ }
+ *p = '\0';
+
+ print_nl();
+ print_string(PRINT_ANY, "ct_label", " ct_label %s", out);
+}
+
+static void flower_print_ct_zone(struct rtattr *attr,
+ struct rtattr *mask_attr)
+{
+ print_masked_u16("ct_zone", attr, mask_attr, true);
+}
+
+static void flower_print_ct_mark(struct rtattr *attr,
+ struct rtattr *mask_attr)
+{
+ print_masked_u32("ct_mark", attr, mask_attr, true);
+}
+
+static void flower_print_key_id(const char *name, struct rtattr *attr)
+{
+ if (!attr)
+ return;
+
+ print_nl();
+ print_uint_indent_name_value(name, rta_getattr_be32(attr));
+}
+
+static void flower_print_geneve_opts(const char *name, struct rtattr *attr,
+ char *strbuf)
+{
+ struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX + 1];
+ int ii, data_len, offset = 0, slen = 0;
+ struct rtattr *i = RTA_DATA(attr);
+ int rem = RTA_PAYLOAD(attr);
+ __u8 type, data_r[rem];
+ char data[rem * 2 + 1];
+ __u16 class;
+
+ open_json_array(PRINT_JSON, name);
+ while (rem) {
+ parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX, i, rem);
+ class = rta_getattr_be16(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS]);
+ type = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE]);
+ data_len = RTA_PAYLOAD(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]);
+ hexstring_n2a(RTA_DATA(tb[TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA]),
+ data_len, data, sizeof(data));
+ hex2mem(data, data_r, data_len);
+ offset += data_len + 20;
+ rem -= data_len + 20;
+ i = RTA_DATA(attr) + offset;
+
+ open_json_object(NULL);
+ print_uint(PRINT_JSON, "class", NULL, class);
+ print_uint(PRINT_JSON, "type", NULL, type);
+ open_json_array(PRINT_JSON, "data");
+ for (ii = 0; ii < data_len; ii++)
+ print_uint(PRINT_JSON, NULL, NULL, data_r[ii]);
+ close_json_array(PRINT_JSON, "data");
+ close_json_object();
+
+ slen += sprintf(strbuf + slen, "%04x:%02x:%s",
+ class, type, data);
+ if (rem)
+ slen += sprintf(strbuf + slen, ",");
+ }
+ close_json_array(PRINT_JSON, name);
+}
+
+static void flower_print_vxlan_opts(const char *name, struct rtattr *attr,
+ char *strbuf)
+{
+ struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX + 1];
+ struct rtattr *i = RTA_DATA(attr);
+ int rem = RTA_PAYLOAD(attr);
+ __u32 gbp;
+
+ parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_VXLAN_MAX, i, rem);
+ gbp = rta_getattr_u32(tb[TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP]);
+
+ open_json_array(PRINT_JSON, name);
+ open_json_object(NULL);
+ print_uint(PRINT_JSON, "gbp", NULL, gbp);
+ close_json_object();
+ close_json_array(PRINT_JSON, name);
+
+ sprintf(strbuf, "%u", gbp);
+}
+
+static void flower_print_erspan_opts(const char *name, struct rtattr *attr,
+ char *strbuf)
+{
+ struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX + 1];
+ __u8 ver, hwid, dir;
+ __u32 idx;
+
+ parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_ERSPAN_MAX, RTA_DATA(attr),
+ RTA_PAYLOAD(attr));
+ ver = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER]);
+ if (ver == 1) {
+ idx = rta_getattr_be32(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX]);
+ hwid = 0;
+ dir = 0;
+ } else {
+ idx = 0;
+ hwid = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID]);
+ dir = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR]);
+ }
+
+ open_json_array(PRINT_JSON, name);
+ open_json_object(NULL);
+ print_uint(PRINT_JSON, "ver", NULL, ver);
+ print_uint(PRINT_JSON, "index", NULL, idx);
+ print_uint(PRINT_JSON, "dir", NULL, dir);
+ print_uint(PRINT_JSON, "hwid", NULL, hwid);
+ close_json_object();
+ close_json_array(PRINT_JSON, name);
+
+ sprintf(strbuf, "%u:%u:%u:%u", ver, idx, dir, hwid);
+}
+
+static void flower_print_gtp_opts(const char *name, struct rtattr *attr,
+ char *strbuf, int len)
+{
+ struct rtattr *tb[TCA_FLOWER_KEY_ENC_OPT_GTP_MAX + 1];
+ __u8 pdu_type, qfi;
+
+ parse_rtattr(tb, TCA_FLOWER_KEY_ENC_OPT_GTP_MAX, RTA_DATA(attr),
+ RTA_PAYLOAD(attr));
+
+ pdu_type = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_GTP_PDU_TYPE]);
+ qfi = rta_getattr_u8(tb[TCA_FLOWER_KEY_ENC_OPT_GTP_QFI]);
+
+ snprintf(strbuf, len, "%02x:%02x", pdu_type, qfi);
+}
+
+static void __attribute__((format(printf, 2, 0)))
+flower_print_enc_parts(const char *name, const char *namefrm,
+ struct rtattr *attr, char *key, char *mask)
+{
+ char *key_token, *mask_token, *out;
+ int len;
+
+ out = malloc(RTA_PAYLOAD(attr) * 4 + 3);
+ if (!out)
+ return;
+
+ len = 0;
+ key_token = strsep(&key, ",");
+ mask_token = strsep(&mask, ",");
+ while (key_token) {
+ len += sprintf(&out[len], "%s/%s,", key_token, mask_token);
+ mask_token = strsep(&mask, ",");
+ key_token = strsep(&key, ",");
+ }
+
+ out[len - 1] = '\0';
+ print_nl();
+ print_string(PRINT_FP, name, namefrm, out);
+ free(out);
+}
+
+static void flower_print_enc_opts(const char *name, struct rtattr *attr,
+ struct rtattr *mask_attr)
+{
+ struct rtattr *key_tb[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1];
+ struct rtattr *msk_tb[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1];
+ char *key, *msk;
+ int len;
+
+ if (!attr)
+ return;
+
+ len = RTA_PAYLOAD(attr) * 2 + 1;
+
+ key = malloc(len);
+ if (!key)
+ return;
+
+ msk = malloc(len);
+ if (!msk)
+ goto err_key_free;
+
+ parse_rtattr_nested(key_tb, TCA_FLOWER_KEY_ENC_OPTS_MAX, attr);
+ parse_rtattr_nested(msk_tb, TCA_FLOWER_KEY_ENC_OPTS_MAX, mask_attr);
+
+ if (key_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE]) {
+ flower_print_geneve_opts("geneve_opt_key",
+ key_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE], key);
+
+ if (msk_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE])
+ flower_print_geneve_opts("geneve_opt_mask",
+ msk_tb[TCA_FLOWER_KEY_ENC_OPTS_GENEVE], msk);
+
+ flower_print_enc_parts(name, " geneve_opts %s", attr, key,
+ msk);
+ } else if (key_tb[TCA_FLOWER_KEY_ENC_OPTS_VXLAN]) {
+ flower_print_vxlan_opts("vxlan_opt_key",
+ key_tb[TCA_FLOWER_KEY_ENC_OPTS_VXLAN], key);
+
+ if (msk_tb[TCA_FLOWER_KEY_ENC_OPTS_VXLAN])
+ flower_print_vxlan_opts("vxlan_opt_mask",
+ msk_tb[TCA_FLOWER_KEY_ENC_OPTS_VXLAN], msk);
+
+ flower_print_enc_parts(name, " vxlan_opts %s", attr, key,
+ msk);
+ } else if (key_tb[TCA_FLOWER_KEY_ENC_OPTS_ERSPAN]) {
+ flower_print_erspan_opts("erspan_opt_key",
+ key_tb[TCA_FLOWER_KEY_ENC_OPTS_ERSPAN], key);
+
+ if (msk_tb[TCA_FLOWER_KEY_ENC_OPTS_ERSPAN])
+ flower_print_erspan_opts("erspan_opt_mask",
+ msk_tb[TCA_FLOWER_KEY_ENC_OPTS_ERSPAN], msk);
+
+ flower_print_enc_parts(name, " erspan_opts %s", attr, key,
+ msk);
+ } else if (key_tb[TCA_FLOWER_KEY_ENC_OPTS_GTP]) {
+ flower_print_gtp_opts("gtp_opt_key",
+ key_tb[TCA_FLOWER_KEY_ENC_OPTS_GTP],
+ key, len);
+
+ if (msk_tb[TCA_FLOWER_KEY_ENC_OPTS_GTP])
+ flower_print_gtp_opts("gtp_opt_mask",
+ msk_tb[TCA_FLOWER_KEY_ENC_OPTS_GTP],
+ msk, len);
+
+ flower_print_enc_parts(name, " gtp_opts %s", attr, key,
+ msk);
+ }
+
+ free(msk);
+err_key_free:
+ free(key);
+}
+
+static void flower_print_masked_u8(const char *name, struct rtattr *attr,
+ struct rtattr *mask_attr,
+ const char *(*value_to_str)(__u8 value))
+{
+ const char *value_str = NULL;
+ __u8 value, mask;
+ SPRINT_BUF(out);
+ size_t done;
+
+ if (!attr)
+ return;
+
+ value = rta_getattr_u8(attr);
+ mask = mask_attr ? rta_getattr_u8(mask_attr) : UINT8_MAX;
+ if (mask == UINT8_MAX && value_to_str)
+ value_str = value_to_str(value);
+
+ if (value_str)
+ done = sprintf(out, "%s", value_str);
+ else
+ done = sprintf(out, "%d", value);
+
+ if (mask != UINT8_MAX)
+ sprintf(out + done, "/%d", mask);
+
+ print_indent_name_value(name, out);
+}
+
+static void flower_print_u8(const char *name, struct rtattr *attr)
+{
+ flower_print_masked_u8(name, attr, NULL, NULL);
+}
+
+static void flower_print_u32(const char *name, struct rtattr *attr)
+{
+ if (!attr)
+ return;
+
+ print_nl();
+ print_uint_indent_name_value(name, rta_getattr_u32(attr));
+}
+
+static void flower_print_mpls_opt_lse(struct rtattr *lse)
+{
+ struct rtattr *tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_MAX + 1];
+ struct rtattr *attr;
+
+ if (lse->rta_type != (TCA_FLOWER_KEY_MPLS_OPTS_LSE | NLA_F_NESTED)) {
+ fprintf(stderr, "rta_type 0x%x, expecting 0x%x (0x%x & 0x%x)\n",
+ lse->rta_type,
+ TCA_FLOWER_KEY_MPLS_OPTS_LSE & NLA_F_NESTED,
+ TCA_FLOWER_KEY_MPLS_OPTS_LSE, NLA_F_NESTED);
+ return;
+ }
+
+ parse_rtattr(tb, TCA_FLOWER_KEY_MPLS_OPT_LSE_MAX, RTA_DATA(lse),
+ RTA_PAYLOAD(lse));
+
+ print_nl();
+ print_string(PRINT_FP, NULL, " lse", NULL);
+ open_json_object(NULL);
+ attr = tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_DEPTH];
+ if (attr)
+ print_hhu(PRINT_ANY, "depth", " depth %u",
+ rta_getattr_u8(attr));
+ attr = tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_LABEL];
+ if (attr)
+ print_uint(PRINT_ANY, "label", " label %u",
+ rta_getattr_u32(attr));
+ attr = tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_TC];
+ if (attr)
+ print_hhu(PRINT_ANY, "tc", " tc %u", rta_getattr_u8(attr));
+ attr = tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_BOS];
+ if (attr)
+ print_hhu(PRINT_ANY, "bos", " bos %u", rta_getattr_u8(attr));
+ attr = tb[TCA_FLOWER_KEY_MPLS_OPT_LSE_TTL];
+ if (attr)
+ print_hhu(PRINT_ANY, "ttl", " ttl %u", rta_getattr_u8(attr));
+ close_json_object();
+}
+
+static void flower_print_mpls_opts(struct rtattr *attr)
+{
+ struct rtattr *lse;
+ int rem;
+
+ if (!attr || !(attr->rta_type & NLA_F_NESTED))
+ return;
+
+ print_nl();
+ print_string(PRINT_FP, NULL, " mpls", NULL);
+ open_json_array(PRINT_JSON, "mpls");
+ rem = RTA_PAYLOAD(attr);
+ lse = RTA_DATA(attr);
+ while (RTA_OK(lse, rem)) {
+ flower_print_mpls_opt_lse(lse);
+ lse = RTA_NEXT(lse, rem);
+ };
+ if (rem)
+ fprintf(stderr, "!!!Deficit %d, rta_len=%d\n",
+ rem, lse->rta_len);
+ close_json_array(PRINT_JSON, NULL);
+}
+
+static void flower_print_arp_op(const char *name,
+ struct rtattr *op_attr,
+ struct rtattr *mask_attr)
+{
+ flower_print_masked_u8(name, op_attr, mask_attr,
+ flower_print_arp_op_to_name);
+}
+
+static int flower_print_opt(struct filter_util *qu, FILE *f,
+ struct rtattr *opt, __u32 handle)
+{
+ struct rtattr *tb[TCA_FLOWER_MAX + 1];
+ __be16 min_port_type, max_port_type;
+ int nl_type, nl_mask_type;
+ __be16 eth_type = 0;
+ __u8 ip_proto = 0xff;
+
+ if (!opt)
+ return 0;
+
+ parse_rtattr_nested(tb, TCA_FLOWER_MAX, opt);
+
+ if (handle)
+ print_uint(PRINT_ANY, "handle", "handle 0x%x ", handle);
+
+ if (tb[TCA_FLOWER_CLASSID]) {
+ __u32 h = rta_getattr_u32(tb[TCA_FLOWER_CLASSID]);
+
+ if (TC_H_MIN(h) < TC_H_MIN_PRIORITY ||
+ TC_H_MIN(h) > (TC_H_MIN_PRIORITY + TC_QOPT_MAX_QUEUE - 1)) {
+ SPRINT_BUF(b1);
+ print_string(PRINT_ANY, "classid", "classid %s ",
+ sprint_tc_classid(h, b1));
+ } else {
+ print_uint(PRINT_ANY, "hw_tc", "hw_tc %u ",
+ TC_H_MIN(h) - TC_H_MIN_PRIORITY);
+ }
+ }
+
+ if (tb[TCA_FLOWER_INDEV]) {
+ struct rtattr *attr = tb[TCA_FLOWER_INDEV];
+
+ print_nl();
+ print_string(PRINT_ANY, "indev", " indev %s",
+ rta_getattr_str(attr));
+ }
+
+ open_json_object("keys");
+
+ if (tb[TCA_FLOWER_KEY_NUM_OF_VLANS]) {
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_NUM_OF_VLANS];
+
+ print_nl();
+ print_uint(PRINT_ANY, "num_of_vlans", " num_of_vlans %d",
+ rta_getattr_u8(attr));
+ }
+
+ if (tb[TCA_FLOWER_KEY_VLAN_ID]) {
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ID];
+
+ print_nl();
+ print_uint(PRINT_ANY, "vlan_id", " vlan_id %u",
+ rta_getattr_u16(attr));
+ }
+
+ if (tb[TCA_FLOWER_KEY_VLAN_PRIO]) {
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_PRIO];
+
+ print_nl();
+ print_uint(PRINT_ANY, "vlan_prio", " vlan_prio %d",
+ rta_getattr_u8(attr));
+ }
+
+ if (tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE]) {
+ SPRINT_BUF(buf);
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_VLAN_ETH_TYPE];
+
+ print_nl();
+ print_string(PRINT_ANY, "vlan_ethtype", " vlan_ethtype %s",
+ ll_proto_n2a(rta_getattr_u16(attr),
+ buf, sizeof(buf)));
+ }
+
+ if (tb[TCA_FLOWER_KEY_CVLAN_ID]) {
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_ID];
+
+ print_nl();
+ print_uint(PRINT_ANY, "cvlan_id", " cvlan_id %u",
+ rta_getattr_u16(attr));
+ }
+
+ if (tb[TCA_FLOWER_KEY_CVLAN_PRIO]) {
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_PRIO];
+
+ print_nl();
+ print_uint(PRINT_ANY, "cvlan_prio", " cvlan_prio %d",
+ rta_getattr_u8(attr));
+ }
+
+ if (tb[TCA_FLOWER_KEY_CVLAN_ETH_TYPE]) {
+ SPRINT_BUF(buf);
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_CVLAN_ETH_TYPE];
+
+ print_nl();
+ print_string(PRINT_ANY, "cvlan_ethtype", " cvlan_ethtype %s",
+ ll_proto_n2a(rta_getattr_u16(attr),
+ buf, sizeof(buf)));
+ }
+
+ flower_print_eth_addr("dst_mac", tb[TCA_FLOWER_KEY_ETH_DST],
+ tb[TCA_FLOWER_KEY_ETH_DST_MASK]);
+ flower_print_eth_addr("src_mac", tb[TCA_FLOWER_KEY_ETH_SRC],
+ tb[TCA_FLOWER_KEY_ETH_SRC_MASK]);
+
+ flower_print_eth_type(&eth_type, tb[TCA_FLOWER_KEY_ETH_TYPE]);
+ flower_print_ip_proto(&ip_proto, tb[TCA_FLOWER_KEY_IP_PROTO]);
+
+ flower_print_ip_attr("ip_tos", tb[TCA_FLOWER_KEY_IP_TOS],
+ tb[TCA_FLOWER_KEY_IP_TOS_MASK]);
+ flower_print_ip_attr("ip_ttl", tb[TCA_FLOWER_KEY_IP_TTL],
+ tb[TCA_FLOWER_KEY_IP_TTL_MASK]);
+
+ flower_print_mpls_opts(tb[TCA_FLOWER_KEY_MPLS_OPTS]);
+ flower_print_u32("mpls_label", tb[TCA_FLOWER_KEY_MPLS_LABEL]);
+ flower_print_u8("mpls_tc", tb[TCA_FLOWER_KEY_MPLS_TC]);
+ flower_print_u8("mpls_bos", tb[TCA_FLOWER_KEY_MPLS_BOS]);
+ flower_print_u8("mpls_ttl", tb[TCA_FLOWER_KEY_MPLS_TTL]);
+
+ flower_print_ip_addr("dst_ip", eth_type,
+ tb[TCA_FLOWER_KEY_IPV4_DST],
+ tb[TCA_FLOWER_KEY_IPV4_DST_MASK],
+ tb[TCA_FLOWER_KEY_IPV6_DST],
+ tb[TCA_FLOWER_KEY_IPV6_DST_MASK]);
+
+ flower_print_ip_addr("src_ip", eth_type,
+ tb[TCA_FLOWER_KEY_IPV4_SRC],
+ tb[TCA_FLOWER_KEY_IPV4_SRC_MASK],
+ tb[TCA_FLOWER_KEY_IPV6_SRC],
+ tb[TCA_FLOWER_KEY_IPV6_SRC_MASK]);
+
+ nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_DST);
+ nl_mask_type = flower_port_attr_mask_type(ip_proto, FLOWER_ENDPOINT_DST);
+ if (nl_type >= 0)
+ flower_print_port("dst_port", tb[nl_type], tb[nl_mask_type]);
+ nl_type = flower_port_attr_type(ip_proto, FLOWER_ENDPOINT_SRC);
+ nl_mask_type = flower_port_attr_mask_type(ip_proto, FLOWER_ENDPOINT_SRC);
+ if (nl_type >= 0)
+ flower_print_port("src_port", tb[nl_type], tb[nl_mask_type]);
+
+ if (!flower_port_range_attr_type(ip_proto, FLOWER_ENDPOINT_DST,
+ &min_port_type, &max_port_type))
+ flower_print_port_range("dst_port",
+ tb[min_port_type], tb[max_port_type]);
+
+ if (!flower_port_range_attr_type(ip_proto, FLOWER_ENDPOINT_SRC,
+ &min_port_type, &max_port_type))
+ flower_print_port_range("src_port",
+ tb[min_port_type], tb[max_port_type]);
+
+ flower_print_tcp_flags("tcp_flags", tb[TCA_FLOWER_KEY_TCP_FLAGS],
+ tb[TCA_FLOWER_KEY_TCP_FLAGS_MASK]);
+
+ nl_type = flower_icmp_attr_type(eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_TYPE);
+ nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_TYPE);
+ if (nl_type >= 0 && nl_mask_type >= 0)
+ flower_print_masked_u8("icmp_type", tb[nl_type],
+ tb[nl_mask_type], NULL);
+
+ nl_type = flower_icmp_attr_type(eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_CODE);
+ nl_mask_type = flower_icmp_attr_mask_type(eth_type, ip_proto,
+ FLOWER_ICMP_FIELD_CODE);
+ if (nl_type >= 0 && nl_mask_type >= 0)
+ flower_print_masked_u8("icmp_code", tb[nl_type],
+ tb[nl_mask_type], NULL);
+
+ flower_print_ip4_addr("arp_sip", tb[TCA_FLOWER_KEY_ARP_SIP],
+ tb[TCA_FLOWER_KEY_ARP_SIP_MASK]);
+ flower_print_ip4_addr("arp_tip", tb[TCA_FLOWER_KEY_ARP_TIP],
+ tb[TCA_FLOWER_KEY_ARP_TIP_MASK]);
+ flower_print_arp_op("arp_op", tb[TCA_FLOWER_KEY_ARP_OP],
+ tb[TCA_FLOWER_KEY_ARP_OP_MASK]);
+ flower_print_eth_addr("arp_sha", tb[TCA_FLOWER_KEY_ARP_SHA],
+ tb[TCA_FLOWER_KEY_ARP_SHA_MASK]);
+ flower_print_eth_addr("arp_tha", tb[TCA_FLOWER_KEY_ARP_THA],
+ tb[TCA_FLOWER_KEY_ARP_THA_MASK]);
+
+ if (tb[TCA_FLOWER_KEY_PPPOE_SID]) {
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_PPPOE_SID];
+
+ print_nl();
+ print_uint(PRINT_ANY, "pppoe_sid", " pppoe_sid %u",
+ rta_getattr_be16(attr));
+ }
+
+ if (tb[TCA_FLOWER_KEY_PPP_PROTO]) {
+ SPRINT_BUF(buf);
+ struct rtattr *attr = tb[TCA_FLOWER_KEY_PPP_PROTO];
+
+ print_nl();
+ print_string(PRINT_ANY, "ppp_proto", " ppp_proto %s",
+ ppp_proto_n2a(rta_getattr_u16(attr),
+ buf, sizeof(buf)));
+ }
+
+ flower_print_ip_addr("enc_dst_ip",
+ tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK] ?
+ htons(ETH_P_IP) : htons(ETH_P_IPV6),
+ tb[TCA_FLOWER_KEY_ENC_IPV4_DST],
+ tb[TCA_FLOWER_KEY_ENC_IPV4_DST_MASK],
+ tb[TCA_FLOWER_KEY_ENC_IPV6_DST],
+ tb[TCA_FLOWER_KEY_ENC_IPV6_DST_MASK]);
+
+ flower_print_ip_addr("enc_src_ip",
+ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK] ?
+ htons(ETH_P_IP) : htons(ETH_P_IPV6),
+ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC],
+ tb[TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK],
+ tb[TCA_FLOWER_KEY_ENC_IPV6_SRC],
+ tb[TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK]);
+
+ flower_print_key_id("enc_key_id", tb[TCA_FLOWER_KEY_ENC_KEY_ID]);
+
+ flower_print_port("enc_dst_port", tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT],
+ tb[TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK]);
+
+ flower_print_ip_attr("enc_tos", tb[TCA_FLOWER_KEY_ENC_IP_TOS],
+ tb[TCA_FLOWER_KEY_ENC_IP_TOS_MASK]);
+ flower_print_ip_attr("enc_ttl", tb[TCA_FLOWER_KEY_ENC_IP_TTL],
+ tb[TCA_FLOWER_KEY_ENC_IP_TTL_MASK]);
+ flower_print_enc_opts("enc_opt", tb[TCA_FLOWER_KEY_ENC_OPTS],
+ tb[TCA_FLOWER_KEY_ENC_OPTS_MASK]);
+
+ flower_print_matching_flags("ip_flags", FLOWER_IP_FLAGS,
+ tb[TCA_FLOWER_KEY_FLAGS],
+ tb[TCA_FLOWER_KEY_FLAGS_MASK]);
+
+ flower_print_ct_state(tb[TCA_FLOWER_KEY_CT_STATE],
+ tb[TCA_FLOWER_KEY_CT_STATE_MASK]);
+ flower_print_ct_zone(tb[TCA_FLOWER_KEY_CT_ZONE],
+ tb[TCA_FLOWER_KEY_CT_ZONE_MASK]);
+ flower_print_ct_mark(tb[TCA_FLOWER_KEY_CT_MARK],
+ tb[TCA_FLOWER_KEY_CT_MARK_MASK]);
+ flower_print_ct_label(tb[TCA_FLOWER_KEY_CT_LABELS],
+ tb[TCA_FLOWER_KEY_CT_LABELS_MASK]);
+
+ close_json_object();
+
+ if (tb[TCA_FLOWER_FLAGS]) {
+ __u32 flags = rta_getattr_u32(tb[TCA_FLOWER_FLAGS]);
+
+ if (flags & TCA_CLS_FLAGS_SKIP_HW) {
+ print_nl();
+ print_bool(PRINT_ANY, "skip_hw", " skip_hw", true);
+ }
+ if (flags & TCA_CLS_FLAGS_SKIP_SW) {
+ print_nl();
+ print_bool(PRINT_ANY, "skip_sw", " skip_sw", true);
+ }
+ if (flags & TCA_CLS_FLAGS_IN_HW) {
+ print_nl();
+ print_bool(PRINT_ANY, "in_hw", " in_hw", true);
+
+ if (tb[TCA_FLOWER_IN_HW_COUNT]) {
+ __u32 count = rta_getattr_u32(tb[TCA_FLOWER_IN_HW_COUNT]);
+
+ print_uint(PRINT_ANY, "in_hw_count",
+ " in_hw_count %u", count);
+ }
+ } else if (flags & TCA_CLS_FLAGS_NOT_IN_HW) {
+ print_nl();
+ print_bool(PRINT_ANY, "not_in_hw", " not_in_hw", true);
+ }
+ }
+
+ if (tb[TCA_FLOWER_ACT])
+ tc_print_action(f, tb[TCA_FLOWER_ACT], 0);
+
+ return 0;
+}
+
+struct filter_util flower_filter_util = {
+ .id = "flower",
+ .parse_fopt = flower_parse_opt,
+ .print_fopt = flower_print_opt,
+};