From: Hangbin Liu <liuhangbin@gmail.com>
To: netdev@vger.kernel.org
Cc: Stephen Hemminger <stephen@networkplumber.org>,
Phil Sutter <phil@nwl.cc>, Hangbin Liu <liuhangbin@gmail.com>
Subject: [PATCH iproute2 2/2] ip rule: add selector support
Date: Thu, 22 Sep 2016 14:28:49 +0800 [thread overview]
Message-ID: <1474525729-2845-3-git-send-email-liuhangbin@gmail.com> (raw)
In-Reply-To: <1474525729-2845-1-git-send-email-liuhangbin@gmail.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
---
ip/iprule.c | 180 +++++++++++++++++++++++++++++++++++++++++++++++++++--
man/man8/ip-rule.8 | 6 +-
2 files changed, 180 insertions(+), 6 deletions(-)
diff --git a/ip/iprule.c b/ip/iprule.c
index e18505f..42fb6af 100644
--- a/ip/iprule.c
+++ b/ip/iprule.c
@@ -20,6 +20,7 @@
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <string.h>
+#include <linux/if.h>
#include <linux/fib_rules.h>
#include <errno.h>
@@ -41,7 +42,7 @@ static void usage(void)
{
fprintf(stderr, "Usage: ip rule { add | del } SELECTOR ACTION\n");
fprintf(stderr, " ip rule { flush | save | restore }\n");
- fprintf(stderr, " ip rule [ list ]\n");
+ fprintf(stderr, " ip rule [ list [ SELECTOR ]]\n");
fprintf(stderr, "SELECTOR := [ not ] [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK[/MASK] ]\n");
fprintf(stderr, " [ iif STRING ] [ oif STRING ] [ pref NUMBER ] [ l3mdev ]\n");
fprintf(stderr, "ACTION := [ table TABLE_ID ]\n");
@@ -55,6 +56,105 @@ static void usage(void)
exit(-1);
}
+static struct
+{
+ int not;
+ int l3mdev;
+ int iifmask, oifmask;
+ unsigned int tb;
+ unsigned int tos, tosmask;
+ unsigned int pref, prefmask;
+ unsigned int fwmark, fwmask;
+ char iif[IFNAMSIZ];
+ char oif[IFNAMSIZ];
+ inet_prefix src;
+ inet_prefix dst;
+} filter;
+
+static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
+{
+ struct rtmsg *r = NLMSG_DATA(n);
+ inet_prefix src = { .family = r->rtm_family };
+ inet_prefix dst = { .family = r->rtm_family };
+ __u32 table;
+
+ if (preferred_family != AF_UNSPEC && r->rtm_family != preferred_family)
+ return false;
+
+ if (filter.prefmask &&
+ filter.pref ^ (tb[FRA_PRIORITY] ? rta_getattr_u32(tb[FRA_PRIORITY]) : 0))
+ return false;
+ if (filter.not && !(r->rtm_flags & FIB_RULE_INVERT))
+ return false;
+
+ if (filter.src.family) {
+ if (tb[FRA_SRC]) {
+ memcpy(&src.data, RTA_DATA(tb[FRA_SRC]),
+ (r->rtm_src_len + 7) / 8);
+ }
+ if (filter.src.family != r->rtm_family ||
+ filter.src.bitlen > r->rtm_src_len ||
+ inet_addr_match(&src, &filter.src, filter.src.bitlen))
+ return false;
+ }
+
+ if (filter.dst.family) {
+ if (tb[FRA_DST]) {
+ memcpy(&dst.data, RTA_DATA(tb[FRA_DST]),
+ (r->rtm_dst_len + 7) / 8);
+ }
+ if (filter.dst.family != r->rtm_family ||
+ filter.dst.bitlen > r->rtm_dst_len ||
+ inet_addr_match(&dst, &filter.dst, filter.dst.bitlen))
+ return false;
+ }
+
+ if (filter.tosmask && filter.tos ^ r->rtm_tos)
+ return false;
+
+ if (filter.fwmark) {
+ __u32 mark = 0;
+ if (tb[FRA_FWMARK])
+ mark = rta_getattr_u32(tb[FRA_FWMARK]);
+ if (filter.fwmark ^ mark)
+ return false;
+ }
+ if (filter.fwmask) {
+ __u32 mask = 0;
+ if (tb[FRA_FWMASK])
+ mask = rta_getattr_u32(tb[FRA_FWMASK]);
+ if (filter.fwmask ^ mask)
+ return false;
+ }
+
+ if (filter.iifmask) {
+ if (tb[FRA_IFNAME]) {
+ if (strcmp(filter.iif, rta_getattr_str(tb[FRA_IFNAME])) != 0)
+ return false;
+ } else {
+ return false;
+ }
+ }
+
+ if (filter.oifmask) {
+ if (tb[FRA_OIFNAME]) {
+ if (strcmp(filter.oif, rta_getattr_str(tb[FRA_OIFNAME])) != 0)
+ return false;
+ } else {
+ return false;
+ }
+ }
+
+ if (filter.l3mdev && !(tb[FRA_L3MDEV] && rta_getattr_u8(tb[FRA_L3MDEV])))
+ return false;
+
+ table = rtm_get_table(r, tb);
+ if (filter.tb > 0 && filter.tb ^ table)
+ return false;
+
+ return true;
+}
+
int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
{
FILE *fp = (FILE *)arg;
@@ -77,6 +177,9 @@ int print_rule(const struct sockaddr_nl *who, struct nlmsghdr *n, void *arg)
host_len = af_bit_len(r->rtm_family);
+ if(!filter_nlmsg(n, tb, host_len))
+ return 0;
+
if (n->nlmsg_type == RTM_DELRULE)
fprintf(fp, "Deleted ");
@@ -287,9 +390,9 @@ static int iprule_list_flush_or_save(int argc, char **argv, int action)
if (af == AF_UNSPEC)
af = AF_INET;
- if (argc > 0) {
- fprintf(stderr,
- "\"ip rule list/flush/save\" does not take any arguments\n");
+ if (action != IPRULE_LIST && argc > 0) {
+ fprintf(stderr, "\"ip rule %s\" does not take any arguments.\n",
+ action == IPRULE_SAVE ? "save" : "flush");
return -1;
}
@@ -306,6 +409,75 @@ static int iprule_list_flush_or_save(int argc, char **argv, int action)
filter_fn = print_rule;
}
+ memset(&filter, 0, sizeof(filter));
+
+ while (argc > 0) {
+ if (matches(*argv, "preference") == 0 ||
+ matches(*argv, "order") == 0 ||
+ matches(*argv, "priority") == 0) {
+ __u32 pref;
+ NEXT_ARG();
+ if (get_u32(&pref, *argv, 0))
+ invarg("preference value is invalid\n", *argv);
+ filter.pref = pref;
+ filter.prefmask = 1;
+ } else if (strcmp(*argv, "not") == 0) {
+ filter.not = 1;
+ } else if (strcmp(*argv, "tos") == 0) {
+ __u32 tos;
+ NEXT_ARG();
+ if (rtnl_dsfield_a2n(&tos, *argv))
+ invarg("TOS value is invalid\n", *argv);
+ filter.tos = tos;
+ filter.tosmask = 1;
+ } else if (strcmp(*argv, "fwmark") == 0) {
+ char *slash;
+ __u32 fwmark, fwmask;
+ NEXT_ARG();
+ slash = strchr(*argv, '/');
+ if (slash != NULL)
+ *slash = '\0';
+ if (get_u32(&fwmark, *argv, 0))
+ invarg("fwmark value is invalid\n", *argv);
+ filter.fwmark = fwmark;
+ if (slash) {
+ if (get_u32(&fwmask, slash+1, 0))
+ invarg("fwmask value is invalid\n",
+ slash+1);
+ filter.fwmask = fwmask;
+ }
+ } else if (strcmp(*argv, "dev") == 0 ||
+ strcmp(*argv, "iif") == 0) {
+ NEXT_ARG();
+ strncpy(filter.iif, *argv, IFNAMSIZ);
+ filter.iifmask = 1;
+ } else if (strcmp(*argv, "oif") == 0) {
+ NEXT_ARG();
+ strncpy(filter.oif, *argv, IFNAMSIZ);
+ filter.oifmask = 1;
+ } else if (strcmp(*argv, "l3mdev") == 0) {
+ filter.l3mdev = 1;
+ } else if (matches(*argv, "lookup") == 0 ||
+ matches(*argv, "table") == 0 ) {
+ __u32 tid;
+ NEXT_ARG();
+ if (rtnl_rttable_a2n(&tid, *argv))
+ invarg("table id value is invalid\n", *argv);
+ filter.tb = tid;
+ } else if (matches(*argv, "from") == 0 ||
+ matches(*argv, "src") == 0) {
+ NEXT_ARG();
+ get_prefix(&filter.src, *argv, af);
+ } else {
+ if (matches(*argv, "dst") == 0 ||
+ matches(*argv, "to") == 0) {
+ NEXT_ARG();
+ }
+ get_prefix(&filter.dst, *argv, af);
+ }
+ argc--; argv++;
+ }
+
if (rtnl_wilddump_request(&rth, af, RTM_GETRULE) < 0) {
perror("Cannot send dump request");
return 1;
diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8
index 3508d80..ec0e31d 100644
--- a/man/man8/ip-rule.8
+++ b/man/man8/ip-rule.8
@@ -15,7 +15,8 @@ ip-rule \- routing policy database management
.ti -8
.B ip rule
-.RB "[ " list " ]"
+.RB "[ " list
+.I "[ " SELECTOR " ]]"
.ti -8
.B ip rule
@@ -42,7 +43,8 @@ ip-rule \- routing policy database management
.B oif
.IR STRING " ] [ "
.B pref
-.IR NUMBER " ]"
+.IR NUMBER " ] [ "
+.BR l3mdev " ]"
.ti -8
.IR ACTION " := [ "
--
2.5.5
next prev parent reply other threads:[~2016-09-22 6:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-22 6:28 [PATCH iproute2 0/2] ip rule: merger iprule_flush and add selector support Hangbin Liu
2016-09-22 6:28 ` [PATCH iproute2 1/2] ip rule: merge ip rule flush and list, save together Hangbin Liu
2016-09-22 6:28 ` Hangbin Liu [this message]
2016-09-22 8:45 ` [PATCH iproute2 2/2] ip rule: add selector support Phil Sutter
2016-09-23 3:06 ` Hangbin Liu
2016-09-22 23:43 ` [PATCH iproute2 0/2] ip rule: merger iprule_flush and " Stephen Hemminger
2016-10-10 2:30 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1474525729-2845-3-git-send-email-liuhangbin@gmail.com \
--to=liuhangbin@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=phil@nwl.cc \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.