libnl 3.7.0
rule.c
1/* SPDX-License-Identifier: LGPL-2.1-only */
2/*
3 * Copyright (c) 2003-2010 Thomas Graf <tgraf@suug.ch>
4 */
5
6/**
7 * @ingroup rtnl
8 * @defgroup rule Routing Rules
9 * @brief
10 * @{
11 */
12
13#include <netlink-private/netlink.h>
14#include <netlink/netlink.h>
15#include <netlink/utils.h>
16#include <netlink/route/rtnl.h>
17#include <netlink/route/rule.h>
18#include <inttypes.h>
19#include <linux/fib_rules.h>
20
21/** @cond SKIP */
22#define RULE_ATTR_FAMILY 0x000001
23#define RULE_ATTR_TABLE 0x000002
24#define RULE_ATTR_ACTION 0x000004
25#define RULE_ATTR_FLAGS 0x000008
26#define RULE_ATTR_IIFNAME 0x000010
27#define RULE_ATTR_OIFNAME 0x000020
28#define RULE_ATTR_PRIO 0x000040
29#define RULE_ATTR_MARK 0x000080
30#define RULE_ATTR_MASK 0x000100
31#define RULE_ATTR_GOTO 0x000200
32#define RULE_ATTR_SRC 0x000400
33#define RULE_ATTR_DST 0x000800
34#define RULE_ATTR_DSFIELD 0x001000
35#define RULE_ATTR_FLOW 0x002000
36#define RULE_ATTR_L3MDEV 0x004000
37#define RULE_ATTR_PROTOCOL 0x008000
38#define RULE_ATTR_IP_PROTO 0x010000
39#define RULE_ATTR_SPORT 0x020000
40#define RULE_ATTR_DPORT 0x040000
41
42static struct nl_cache_ops rtnl_rule_ops;
43static struct nl_object_ops rule_obj_ops;
44/** @endcond */
45
46static void rule_free_data(struct nl_object *c)
47{
48 struct rtnl_rule *rule = nl_object_priv(c);
49
50 if (!rule)
51 return;
52
53 nl_addr_put(rule->r_src);
54 nl_addr_put(rule->r_dst);
55}
56
57static int rule_clone(struct nl_object *_dst, struct nl_object *_src)
58{
59 struct rtnl_rule *dst = nl_object_priv(_dst);
60 struct rtnl_rule *src = nl_object_priv(_src);
61
62 dst->r_src = NULL;
63 dst->r_dst = NULL;
64
65 if (src->r_src)
66 if (!(dst->r_src = nl_addr_clone(src->r_src)))
67 return -NLE_NOMEM;
68
69 if (src->r_dst)
70 if (!(dst->r_dst = nl_addr_clone(src->r_dst)))
71 return -NLE_NOMEM;
72
73 return 0;
74}
75
76static struct nla_policy rule_policy[FRA_MAX+1] = {
77 [FRA_TABLE] = { .type = NLA_U32 },
78 [FRA_IIFNAME] = { .type = NLA_STRING, .maxlen = IFNAMSIZ },
79 [FRA_OIFNAME] = { .type = NLA_STRING, .maxlen = IFNAMSIZ },
80 [FRA_PRIORITY] = { .type = NLA_U32 },
81 [FRA_FWMARK] = { .type = NLA_U32 },
82 [FRA_FWMASK] = { .type = NLA_U32 },
83 [FRA_GOTO] = { .type = NLA_U32 },
84 [FRA_FLOW] = { .type = NLA_U32 },
85 [FRA_L3MDEV] = { .type = NLA_U8 },
86 [FRA_PROTOCOL] = { .type = NLA_U8 },
87 [FRA_IP_PROTO] = { .type = NLA_U8 },
88 [FRA_SPORT_RANGE] = { .minlen = sizeof(struct fib_rule_port_range),
89 .maxlen = sizeof(struct fib_rule_port_range) },
90 [FRA_DPORT_RANGE] = { .minlen = sizeof(struct fib_rule_port_range),
91 .maxlen = sizeof(struct fib_rule_port_range) },
92};
93
94static int rule_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
95 struct nlmsghdr *n, struct nl_parser_param *pp)
96{
97 struct rtnl_rule *rule;
98 struct fib_rule_hdr *frh;
99 struct nlattr *tb[FRA_MAX+1];
100 int err = 1, family;
101
102 rule = rtnl_rule_alloc();
103 if (!rule) {
104 err = -NLE_NOMEM;
105 goto errout;
106 }
107
108 rule->ce_msgtype = n->nlmsg_type;
109 frh = nlmsg_data(n);
110
111 err = nlmsg_parse(n, sizeof(*frh), tb, FRA_MAX, rule_policy);
112 if (err < 0)
113 goto errout;
114
115 rule->r_family = family = frh->family;
116 rule->r_table = frh->table;
117 rule->r_action = frh->action;
118 rule->r_flags = frh->flags;
119
120 rule->ce_mask = (RULE_ATTR_FAMILY | RULE_ATTR_ACTION | RULE_ATTR_FLAGS);
121 if (rule->r_table)
122 rule->ce_mask |= RULE_ATTR_TABLE;
123
124 /* ipv4 only */
125 if (frh->tos) {
126 rule->r_dsfield = frh->tos;
127 rule->ce_mask |= RULE_ATTR_DSFIELD;
128 }
129
130 if (tb[FRA_TABLE]) {
131 rule->r_table = nla_get_u32(tb[FRA_TABLE]);
132 if (rule->r_table)
133 rule->ce_mask |= RULE_ATTR_TABLE;
134 }
135
136 if (tb[FRA_IIFNAME]) {
137 nla_strlcpy(rule->r_iifname, tb[FRA_IIFNAME], IFNAMSIZ);
138 rule->ce_mask |= RULE_ATTR_IIFNAME;
139 }
140
141 if (tb[FRA_OIFNAME]) {
142 nla_strlcpy(rule->r_oifname, tb[FRA_OIFNAME], IFNAMSIZ);
143 rule->ce_mask |= RULE_ATTR_OIFNAME;
144 }
145
146 if (tb[FRA_PRIORITY]) {
147 rule->r_prio = nla_get_u32(tb[FRA_PRIORITY]);
148 rule->ce_mask |= RULE_ATTR_PRIO;
149 }
150
151 if (tb[FRA_FWMARK]) {
152 rule->r_mark = nla_get_u32(tb[FRA_FWMARK]);
153 rule->ce_mask |= RULE_ATTR_MARK;
154 }
155
156 if (tb[FRA_FWMASK]) {
157 rule->r_mask = nla_get_u32(tb[FRA_FWMASK]);
158 rule->ce_mask |= RULE_ATTR_MASK;
159 }
160
161 if (tb[FRA_GOTO]) {
162 rule->r_goto = nla_get_u32(tb[FRA_GOTO]);
163 rule->ce_mask |= RULE_ATTR_GOTO;
164 }
165
166 if (tb[FRA_SRC]) {
167 if (!(rule->r_src = nl_addr_alloc_attr(tb[FRA_SRC], family)))
168 goto errout_enomem;
169
170 nl_addr_set_prefixlen(rule->r_src, frh->src_len);
171 rule->ce_mask |= RULE_ATTR_SRC;
172 }
173
174 if (tb[FRA_DST]) {
175 if (!(rule->r_dst = nl_addr_alloc_attr(tb[FRA_DST], family)))
176 goto errout_enomem;
177 nl_addr_set_prefixlen(rule->r_dst, frh->dst_len);
178 rule->ce_mask |= RULE_ATTR_DST;
179 }
180
181 /* ipv4 only */
182 if (tb[FRA_FLOW]) {
183 rule->r_flow = nla_get_u32(tb[FRA_FLOW]);
184 rule->ce_mask |= RULE_ATTR_FLOW;
185 }
186
187 if (tb[FRA_L3MDEV]) {
188 rule->r_l3mdev = nla_get_u8(tb[FRA_L3MDEV]);
189 rule->ce_mask |= RULE_ATTR_L3MDEV;
190 }
191
192 if (tb[FRA_PROTOCOL]) {
193 rule->r_protocol = nla_get_u8(tb[FRA_PROTOCOL]);
194 rule->ce_mask |= RULE_ATTR_PROTOCOL;
195 }
196
197 if (tb[FRA_IP_PROTO]) {
198 rule->r_ip_proto = nla_get_u8(tb[FRA_IP_PROTO]);
199 rule->ce_mask |= RULE_ATTR_IP_PROTO;
200 }
201
202 if (tb[FRA_SPORT_RANGE]) {
203 struct fib_rule_port_range *pr;
204
205 pr = nla_data(tb[FRA_SPORT_RANGE]);
206 rule->r_sport = *pr;
207 rule->ce_mask |= RULE_ATTR_SPORT;
208 }
209
210 if (tb[FRA_DPORT_RANGE]) {
211 struct fib_rule_port_range *pr;
212
213 pr = nla_data(tb[FRA_DPORT_RANGE]);
214 rule->r_dport = *pr;
215 rule->ce_mask |= RULE_ATTR_DPORT;
216 }
217
218 err = pp->pp_cb((struct nl_object *) rule, pp);
219errout:
220 rtnl_rule_put(rule);
221 return err;
222
223errout_enomem:
224 err = -NLE_NOMEM;
225 goto errout;
226}
227
228static int rule_request_update(struct nl_cache *c, struct nl_sock *h)
229{
230 return nl_rtgen_request(h, RTM_GETRULE, AF_UNSPEC, NLM_F_DUMP);
231}
232
233static void rule_dump_line(struct nl_object *o, struct nl_dump_params *p)
234{
235 struct rtnl_rule *r = (struct rtnl_rule *) o;
236 char buf[128];
237
238 nl_dump_line(p, "%8d ", (r->ce_mask & RULE_ATTR_PRIO) ? r->r_prio : 0);
239 nl_dump(p, "%s ", nl_af2str(r->r_family, buf, sizeof(buf)));
240
241 if (r->ce_mask & RULE_ATTR_SRC)
242 nl_dump(p, "from %s ",
243 nl_addr2str(r->r_src, buf, sizeof(buf)));
244
245 if (r->ce_mask & RULE_ATTR_DST)
246 nl_dump(p, "to %s ",
247 nl_addr2str(r->r_dst, buf, sizeof(buf)));
248
249 if (r->ce_mask & RULE_ATTR_DSFIELD)
250 nl_dump(p, "tos %u ", r->r_dsfield);
251
252 if (r->ce_mask & (RULE_ATTR_MARK | RULE_ATTR_MASK))
253 nl_dump(p, "mark %#x/%#x", r->r_mark, r->r_mask);
254
255 if (r->ce_mask & RULE_ATTR_IIFNAME)
256 nl_dump(p, "iif %s ", r->r_iifname);
257
258 if (r->ce_mask & RULE_ATTR_OIFNAME)
259 nl_dump(p, "oif %s ", r->r_oifname);
260
261 if (r->ce_mask & RULE_ATTR_TABLE)
262 nl_dump(p, "lookup %s ",
263 rtnl_route_table2str(r->r_table, buf, sizeof(buf)));
264
265 if (r->ce_mask & RULE_ATTR_L3MDEV)
266 nl_dump(p, "lookup [l3mdev-table] ");
267
268 if (r->ce_mask & RULE_ATTR_IP_PROTO)
269 nl_dump(p, "ipproto %s ",
270 nl_ip_proto2str(r->r_ip_proto, buf, sizeof(buf)));
271
272 if (r->ce_mask & RULE_ATTR_SPORT) {
273 if (r->r_sport.start == r->r_sport.end)
274 nl_dump(p, "sport %u ", r->r_sport.start);
275 else
276 nl_dump(p, "sport %u-%u ",
277 r->r_sport.start, r->r_sport.end);
278 }
279
280 if (r->ce_mask & RULE_ATTR_DPORT) {
281 if (r->r_dport.start == r->r_dport.end)
282 nl_dump(p, "dport %u ", r->r_dport.start);
283 else
284 nl_dump(p, "dport %u-%u ",
285 r->r_dport.start, r->r_dport.end);
286 }
287
288 if (r->ce_mask & RULE_ATTR_PROTOCOL)
289 nl_dump(p, "protocol %s ",
290 rtnl_route_proto2str(r->r_protocol, buf, sizeof(buf)));
291
292 if (r->ce_mask & RULE_ATTR_FLOW)
293 nl_dump(p, "flow %s ",
294 rtnl_realms2str(r->r_flow, buf, sizeof(buf)));
295
296 if (r->ce_mask & RULE_ATTR_GOTO)
297 nl_dump(p, "goto %u ", r->r_goto);
298
299 if (r->ce_mask & RULE_ATTR_ACTION)
300 nl_dump(p, "action %s",
301 nl_rtntype2str(r->r_action, buf, sizeof(buf)));
302
303 nl_dump(p, "\n");
304}
305
306static void rule_dump_details(struct nl_object *obj, struct nl_dump_params *p)
307{
308 rule_dump_line(obj, p);
309}
310
311static void rule_dump_stats(struct nl_object *obj, struct nl_dump_params *p)
312{
313 rule_dump_details(obj, p);
314}
315
316static uint64_t rule_compare(struct nl_object *_a, struct nl_object *_b,
317 uint64_t attrs, int flags)
318{
319 struct rtnl_rule *a = (struct rtnl_rule *) _a;
320 struct rtnl_rule *b = (struct rtnl_rule *) _b;
321 uint64_t diff = 0;
322
323#define RULE_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, RULE_ATTR_##ATTR, a, b, EXPR)
324
325 diff |= RULE_DIFF(FAMILY, a->r_family != b->r_family);
326 diff |= RULE_DIFF(TABLE, a->r_table != b->r_table);
327 diff |= RULE_DIFF(ACTION, a->r_action != b->r_action);
328 diff |= RULE_DIFF(IIFNAME, strcmp(a->r_iifname, b->r_iifname));
329 diff |= RULE_DIFF(OIFNAME, strcmp(a->r_oifname, b->r_oifname));
330 diff |= RULE_DIFF(PRIO, a->r_prio != b->r_prio);
331 diff |= RULE_DIFF(MARK, a->r_mark != b->r_mark);
332 diff |= RULE_DIFF(MASK, a->r_mask != b->r_mask);
333 diff |= RULE_DIFF(GOTO, a->r_goto != b->r_goto);
334 diff |= RULE_DIFF(SRC, nl_addr_cmp(a->r_src, b->r_src));
335 diff |= RULE_DIFF(DST, nl_addr_cmp(a->r_dst, b->r_dst));
336 diff |= RULE_DIFF(DSFIELD, a->r_dsfield != b->r_dsfield);
337 diff |= RULE_DIFF(FLOW, a->r_flow != b->r_flow);
338
339#undef RULE_DIFF
340
341 return diff;
342}
343
344static const struct trans_tbl rule_attrs[] = {
345 __ADD(RULE_ATTR_FAMILY, family),
346 __ADD(RULE_ATTR_TABLE, table),
347 __ADD(RULE_ATTR_ACTION, action),
348 __ADD(RULE_ATTR_IIFNAME, iifname),
349 __ADD(RULE_ATTR_OIFNAME, oifname),
350 __ADD(RULE_ATTR_PRIO, prio),
351 __ADD(RULE_ATTR_MARK, mark),
352 __ADD(RULE_ATTR_MASK, mask),
353 __ADD(RULE_ATTR_GOTO, goto),
354 __ADD(RULE_ATTR_SRC, src),
355 __ADD(RULE_ATTR_DST, dst),
356 __ADD(RULE_ATTR_DSFIELD, dsfield),
357 __ADD(RULE_ATTR_FLOW, flow),
358};
359
360static char *rule_attrs2str(int attrs, char *buf, size_t len)
361{
362 return __flags2str(attrs, buf, len, rule_attrs,
363 ARRAY_SIZE(rule_attrs));
364}
365
366/**
367 * @name Allocation/Freeing
368 * @{
369 */
370
371struct rtnl_rule *rtnl_rule_alloc(void)
372{
373 return (struct rtnl_rule *) nl_object_alloc(&rule_obj_ops);
374}
375
376void rtnl_rule_put(struct rtnl_rule *rule)
377{
378 nl_object_put((struct nl_object *) rule);
379}
380
381/** @} */
382
383/**
384 * @name Cache Management
385 * @{
386 */
387
388/**
389 * Build a rule cache including all rules currently configured in the kernel.
390 * @arg sock Netlink socket.
391 * @arg family Address family or AF_UNSPEC.
392 * @arg result Pointer to store resulting cache.
393 *
394 * Allocates a new rule cache, initializes it properly and updates it
395 * to include all rules currently configured in the kernel.
396 *
397 * @return 0 on success or a negative error code.
398 */
399int rtnl_rule_alloc_cache(struct nl_sock *sock, int family,
400 struct nl_cache **result)
401{
402 struct nl_cache * cache;
403 int err;
404
405 if (!(cache = nl_cache_alloc(&rtnl_rule_ops)))
406 return -NLE_NOMEM;
407
408 cache->c_iarg1 = family;
409
410 if (sock && (err = nl_cache_refill(sock, cache)) < 0) {
411 free(cache);
412 return err;
413 }
414
415 *result = cache;
416 return 0;
417}
418
419/** @} */
420
421/**
422 * @name Rule Addition
423 * @{
424 */
425
426static int build_rule_msg(struct rtnl_rule *tmpl, int cmd, int flags,
427 struct nl_msg **result)
428{
429 struct nl_msg *msg;
430 struct fib_rule_hdr frh = {
431 .family = tmpl->r_family,
432 .table = tmpl->r_table,
433 .action = tmpl->r_action,
434 .flags = tmpl->r_flags,
435 .tos = tmpl->r_dsfield,
436 };
437
438 if (!(tmpl->ce_mask & RULE_ATTR_FAMILY))
439 return -NLE_MISSING_ATTR;
440
441 msg = nlmsg_alloc_simple(cmd, flags);
442 if (!msg)
443 return -NLE_NOMEM;
444
445 if (tmpl->ce_mask & RULE_ATTR_SRC)
446 frh.src_len = nl_addr_get_prefixlen(tmpl->r_src);
447
448 if (tmpl->ce_mask & RULE_ATTR_DST)
449 frh.dst_len = nl_addr_get_prefixlen(tmpl->r_dst);
450
451 if (nlmsg_append(msg, &frh, sizeof(frh), NLMSG_ALIGNTO) < 0)
452 goto nla_put_failure;
453
454 /* Additional table attribute replacing the 8bit in the header, was
455 * required to allow more than 256 tables. */
456 NLA_PUT_U32(msg, FRA_TABLE, tmpl->r_table);
457
458 if (tmpl->ce_mask & RULE_ATTR_SRC)
459 NLA_PUT_ADDR(msg, FRA_SRC, tmpl->r_src);
460
461 if (tmpl->ce_mask & RULE_ATTR_DST)
462 NLA_PUT_ADDR(msg, FRA_DST, tmpl->r_dst);
463
464 if (tmpl->ce_mask & RULE_ATTR_IIFNAME)
465 NLA_PUT_STRING(msg, FRA_IIFNAME, tmpl->r_iifname);
466
467 if (tmpl->ce_mask & RULE_ATTR_OIFNAME)
468 NLA_PUT_STRING(msg, FRA_OIFNAME, tmpl->r_oifname);
469
470 if (tmpl->ce_mask & RULE_ATTR_PRIO)
471 NLA_PUT_U32(msg, FRA_PRIORITY, tmpl->r_prio);
472
473 if (tmpl->ce_mask & RULE_ATTR_MARK)
474 NLA_PUT_U32(msg, FRA_FWMARK, tmpl->r_mark);
475
476 if (tmpl->ce_mask & RULE_ATTR_MASK)
477 NLA_PUT_U32(msg, FRA_FWMASK, tmpl->r_mask);
478
479 if (tmpl->ce_mask & RULE_ATTR_GOTO)
480 NLA_PUT_U32(msg, FRA_GOTO, tmpl->r_goto);
481
482 if (tmpl->ce_mask & RULE_ATTR_FLOW)
483 NLA_PUT_U32(msg, FRA_FLOW, tmpl->r_flow);
484
485 if (tmpl->ce_mask & RULE_ATTR_L3MDEV)
486 NLA_PUT_U8(msg, FRA_L3MDEV, tmpl->r_l3mdev);
487
488 if (tmpl->ce_mask & RULE_ATTR_IP_PROTO)
489 NLA_PUT_U8(msg, FRA_IP_PROTO, tmpl->r_ip_proto);
490
491 if (tmpl->ce_mask & RULE_ATTR_SPORT)
492 NLA_PUT(msg, FRA_SPORT_RANGE, sizeof(tmpl->r_sport),
493 &tmpl->r_sport);
494
495 if (tmpl->ce_mask & RULE_ATTR_DPORT)
496 NLA_PUT(msg, FRA_DPORT_RANGE, sizeof(tmpl->r_dport),
497 &tmpl->r_dport);
498
499 if (tmpl->ce_mask & RULE_ATTR_PROTOCOL)
500 NLA_PUT_U8(msg, FRA_PROTOCOL, tmpl->r_protocol);
501
502 *result = msg;
503 return 0;
504
505nla_put_failure:
506 nlmsg_free(msg);
507 return -NLE_MSGSIZE;
508}
509
510/**
511 * Build netlink request message to add a new rule
512 * @arg tmpl template with data of new rule
513 * @arg flags additional netlink message flags
514 * @arg result Result pointer
515 *
516 * Builds a new netlink message requesting a addition of a new
517 * rule. The netlink message header isn't fully equipped with
518 * all relevant fields and must thus be sent out via nl_send_auto_complete()
519 * or supplemented as needed. \a tmpl must contain the attributes of the new
520 * address set via \c rtnl_rule_set_* functions.
521 *
522 * @return 0 on success or a negative error code.
523 */
524int rtnl_rule_build_add_request(struct rtnl_rule *tmpl, int flags,
525 struct nl_msg **result)
526{
527 return build_rule_msg(tmpl, RTM_NEWRULE, NLM_F_CREATE | flags,
528 result);
529}
530
531/**
532 * Add a new rule
533 * @arg sk Netlink socket.
534 * @arg tmpl template with requested changes
535 * @arg flags additional netlink message flags
536 *
537 * Builds a netlink message by calling rtnl_rule_build_add_request(),
538 * sends the request to the kernel and waits for the next ACK to be
539 * received and thus blocks until the request has been fullfilled.
540 *
541 * @return 0 on success or a negative error if an error occured.
542 */
543int rtnl_rule_add(struct nl_sock *sk, struct rtnl_rule *tmpl, int flags)
544{
545 struct nl_msg *msg;
546 int err;
547
548 if ((err = rtnl_rule_build_add_request(tmpl, flags, &msg)) < 0)
549 return err;
550
551 err = nl_send_auto_complete(sk, msg);
552 nlmsg_free(msg);
553 if (err < 0)
554 return err;
555
556 return wait_for_ack(sk);
557}
558
559/** @} */
560
561/**
562 * @name Rule Deletion
563 * @{
564 */
565
566/**
567 * Build a netlink request message to delete a rule
568 * @arg rule rule to delete
569 * @arg flags additional netlink message flags
570 * @arg result Result pointer
571 *
572 * Builds a new netlink message requesting a deletion of a rule.
573 * The netlink message header isn't fully equipped with all relevant
574 * fields and must thus be sent out via nl_send_auto_complete()
575 * or supplemented as needed. \a rule must point to an existing
576 * address.
577 *
578 * @return 0 on success or a negative error code.
579 */
580int rtnl_rule_build_delete_request(struct rtnl_rule *rule, int flags,
581 struct nl_msg **result)
582{
583 return build_rule_msg(rule, RTM_DELRULE, flags, result);
584}
585
586/**
587 * Delete a rule
588 * @arg sk Netlink socket.
589 * @arg rule rule to delete
590 * @arg flags additional netlink message flags
591 *
592 * Builds a netlink message by calling rtnl_rule_build_delete_request(),
593 * sends the request to the kernel and waits for the next ACK to be
594 * received and thus blocks until the request has been fullfilled.
595 *
596 * @return 0 on success or a negative error if an error occured.
597 */
598int rtnl_rule_delete(struct nl_sock *sk, struct rtnl_rule *rule, int flags)
599{
600 struct nl_msg *msg;
601 int err;
602
603 if ((err = rtnl_rule_build_delete_request(rule, flags, &msg)) < 0)
604 return err;
605
606 err = nl_send_auto_complete(sk, msg);
607 nlmsg_free(msg);
608 if (err < 0)
609 return err;
610
611 return wait_for_ack(sk);
612}
613
614/** @} */
615
616/**
617 * @name Attribute Modification
618 * @{
619 */
620
621void rtnl_rule_set_family(struct rtnl_rule *rule, int family)
622{
623 rule->r_family = family;
624 rule->ce_mask |= RULE_ATTR_FAMILY;
625}
626
627int rtnl_rule_get_family(struct rtnl_rule *rule)
628{
629 if (rule->ce_mask & RULE_ATTR_FAMILY)
630 return rule->r_family;
631 else
632 return AF_UNSPEC;
633}
634
635void rtnl_rule_set_prio(struct rtnl_rule *rule, uint32_t prio)
636{
637 rule->r_prio = prio;
638 rule->ce_mask |= RULE_ATTR_PRIO;
639}
640
641uint32_t rtnl_rule_get_prio(struct rtnl_rule *rule)
642{
643 return rule->r_prio;
644}
645
646void rtnl_rule_set_mark(struct rtnl_rule *rule, uint32_t mark)
647{
648 rule->r_mark = mark;
649 rule->ce_mask |= RULE_ATTR_MARK;
650}
651
652uint32_t rtnl_rule_get_mark(struct rtnl_rule *rule)
653{
654 return rule->r_mark;
655}
656
657void rtnl_rule_set_mask(struct rtnl_rule *rule, uint32_t mask)
658{
659 rule->r_mask = mask;
660 rule->ce_mask |= RULE_ATTR_MASK;
661}
662
663uint32_t rtnl_rule_get_mask(struct rtnl_rule *rule)
664{
665 return rule->r_mask;
666}
667
668void rtnl_rule_set_table(struct rtnl_rule *rule, uint32_t table)
669{
670 rule->r_table = table;
671 rule->ce_mask |= RULE_ATTR_TABLE;
672}
673
674uint32_t rtnl_rule_get_table(struct rtnl_rule *rule)
675{
676 return rule->r_table;
677}
678
679void rtnl_rule_set_dsfield(struct rtnl_rule *rule, uint8_t dsfield)
680{
681 rule->r_dsfield = dsfield;
682 rule->ce_mask |= RULE_ATTR_DSFIELD;
683}
684
685uint8_t rtnl_rule_get_dsfield(struct rtnl_rule *rule)
686{
687 return rule->r_dsfield;
688}
689
690static inline int __assign_addr(struct rtnl_rule *rule, struct nl_addr **pos,
691 struct nl_addr *new, int flag)
692{
693 if (rule->ce_mask & RULE_ATTR_FAMILY) {
694 if (new->a_family != rule->r_family)
695 return -NLE_AF_MISMATCH;
696 } else
697 rule->r_family = new->a_family;
698
699 if (*pos)
700 nl_addr_put(*pos);
701
702 nl_addr_get(new);
703 *pos = new;
704
705 rule->ce_mask |= (flag | RULE_ATTR_FAMILY);
706
707 return 0;
708}
709
710int rtnl_rule_set_src(struct rtnl_rule *rule, struct nl_addr *src)
711{
712 return __assign_addr(rule, &rule->r_src, src, RULE_ATTR_SRC);
713}
714
715struct nl_addr *rtnl_rule_get_src(struct rtnl_rule *rule)
716{
717 return rule->r_src;
718}
719
720int rtnl_rule_set_dst(struct rtnl_rule *rule, struct nl_addr *dst)
721{
722 return __assign_addr(rule, &rule->r_dst, dst, RULE_ATTR_DST);
723}
724
725struct nl_addr *rtnl_rule_get_dst(struct rtnl_rule *rule)
726{
727 return rule->r_dst;
728}
729
730int rtnl_rule_set_iif(struct rtnl_rule *rule, const char *dev)
731{
732 if (strlen(dev) > IFNAMSIZ-1)
733 return -NLE_RANGE;
734
735 strcpy(rule->r_iifname, dev);
736 rule->ce_mask |= RULE_ATTR_IIFNAME;
737 return 0;
738}
739
740char *rtnl_rule_get_iif(struct rtnl_rule *rule)
741{
742 if (rule->ce_mask & RULE_ATTR_IIFNAME)
743 return rule->r_iifname;
744 else
745 return NULL;
746}
747
748int rtnl_rule_set_oif(struct rtnl_rule *rule, const char *dev)
749{
750 if (strlen(dev) > IFNAMSIZ-1)
751 return -NLE_RANGE;
752
753 strcpy(rule->r_oifname, dev);
754 rule->ce_mask |= RULE_ATTR_OIFNAME;
755 return 0;
756}
757
758char *rtnl_rule_get_oif(struct rtnl_rule *rule)
759{
760 if (rule->ce_mask & RULE_ATTR_OIFNAME)
761 return rule->r_oifname;
762 else
763 return NULL;
764}
765
766void rtnl_rule_set_action(struct rtnl_rule *rule, uint8_t action)
767{
768 rule->r_action = action;
769 rule->ce_mask |= RULE_ATTR_ACTION;
770}
771
772uint8_t rtnl_rule_get_action(struct rtnl_rule *rule)
773{
774 return rule->r_action;
775}
776
777/**
778 * Set l3mdev value of the rule (FRA_L3MDEV)
779 * @arg rule rule
780 * @arg value value to set
781 *
782 * Set the l3mdev value to value. Currently supported values
783 * are only 1 (set it) and -1 (unset it). All other values
784 * are reserved.
785 */
786void rtnl_rule_set_l3mdev(struct rtnl_rule *rule, int value)
787{
788 if (value >= 0) {
789 rule->r_l3mdev = (uint8_t) value;
790 rule->ce_mask |= RULE_ATTR_L3MDEV;
791 } else {
792 rule->r_l3mdev = 0;
793 rule->ce_mask &= ~((uint32_t) RULE_ATTR_L3MDEV);
794 }
795}
796
797/**
798 * Get l3mdev value of the rule (FRA_L3MDEV)
799 * @arg rule rule
800 *
801 * @return a negative error code, including -NLE_MISSING_ATTR
802 * if the property is unset. Otherwise returns a non-negative
803 * value. As FRA_L3MDEV is a boolean, the only expected
804 * value at the moment is 1.
805 */
806int rtnl_rule_get_l3mdev(struct rtnl_rule *rule)
807{
808 if (!rule)
809 return -NLE_INVAL;
810 if (!(rule->ce_mask & RULE_ATTR_L3MDEV))
811 return -NLE_MISSING_ATTR;
812 return rule->r_l3mdev;
813}
814
815int rtnl_rule_set_protocol(struct rtnl_rule *rule, uint8_t protocol)
816{
817 if (protocol) {
818 rule->r_protocol = protocol;
819 rule->ce_mask |= RULE_ATTR_PROTOCOL;
820 } else {
821 rule->r_protocol = 0;
822 rule->ce_mask &= ~((uint32_t) RULE_ATTR_PROTOCOL);
823 }
824 return 0;
825}
826
827int rtnl_rule_get_protocol(struct rtnl_rule *rule, uint8_t *protocol)
828{
829 if (!(rule->ce_mask & RULE_ATTR_PROTOCOL))
830 return -NLE_INVAL;
831
832 *protocol = rule->r_protocol;
833 return 0;
834}
835
836int rtnl_rule_set_ipproto(struct rtnl_rule *rule, uint8_t ip_proto)
837{
838 if (ip_proto) {
839 rule->r_ip_proto = ip_proto;
840 rule->ce_mask |= RULE_ATTR_IP_PROTO;
841 } else {
842 rule->r_ip_proto = 0;
843 rule->ce_mask &= ~((uint32_t) RULE_ATTR_IP_PROTO);
844 }
845 return 0;
846}
847
848int rtnl_rule_get_ipproto(struct rtnl_rule *rule, uint8_t *ip_proto)
849{
850 if (!(rule->ce_mask & RULE_ATTR_IP_PROTO))
851 return -NLE_INVAL;
852
853 *ip_proto = rule->r_ip_proto;
854 return 0;
855}
856
857static int __rtnl_rule_set_port(struct fib_rule_port_range *prange,
858 uint16_t start, uint16_t end,
859 uint64_t attr, uint64_t *mask)
860{
861 if ((start && end < start) || (end && !start))
862 return -NLE_INVAL;
863
864 if (start) {
865 prange->start = start;
866 prange->end = end;
867 *mask |= attr;
868 } else {
869 prange->start = 0;
870 prange->end = 0;
871 *mask &= ~attr;
872
873 }
874 return 0;
875}
876
877int rtnl_rule_set_sport(struct rtnl_rule *rule, uint16_t sport)
878{
879 return __rtnl_rule_set_port(&rule->r_sport, sport, sport,
880 RULE_ATTR_SPORT, &rule->ce_mask);
881}
882
883int rtnl_rule_set_sport_range(struct rtnl_rule *rule, uint16_t start,
884 uint16_t end)
885{
886 return __rtnl_rule_set_port(&rule->r_sport, start, end,
887 RULE_ATTR_SPORT, &rule->ce_mask);
888}
889
890int rtnl_rule_get_sport(struct rtnl_rule *rule, uint16_t *start, uint16_t *end)
891{
892 if (!(rule->ce_mask & RULE_ATTR_SPORT))
893 return -NLE_INVAL;
894
895 *start = rule->r_sport.start;
896 *end = rule->r_sport.end;
897 return 0;
898}
899
900int rtnl_rule_set_dport(struct rtnl_rule *rule, uint16_t dport)
901{
902 return __rtnl_rule_set_port(&rule->r_dport, dport, dport,
903 RULE_ATTR_DPORT, &rule->ce_mask);
904}
905
906int rtnl_rule_set_dport_range(struct rtnl_rule *rule, uint16_t start,
907 uint16_t end)
908{
909 return __rtnl_rule_set_port(&rule->r_dport, start, end,
910 RULE_ATTR_DPORT, &rule->ce_mask);
911}
912
913int rtnl_rule_get_dport(struct rtnl_rule *rule, uint16_t *start, uint16_t *end)
914{
915 if (!(rule->ce_mask & RULE_ATTR_DPORT))
916 return -NLE_INVAL;
917
918 *start = rule->r_dport.start;
919 *end = rule->r_dport.end;
920 return 0;
921}
922
923void rtnl_rule_set_realms(struct rtnl_rule *rule, uint32_t realms)
924{
925 rule->r_flow = realms;
926 rule->ce_mask |= RULE_ATTR_FLOW;
927}
928
929uint32_t rtnl_rule_get_realms(struct rtnl_rule *rule)
930{
931 return rule->r_flow;
932}
933
934void rtnl_rule_set_goto(struct rtnl_rule *rule, uint32_t ref)
935{
936 rule->r_goto = ref;
937 rule->ce_mask |= RULE_ATTR_GOTO;
938}
939
940uint32_t rtnl_rule_get_goto(struct rtnl_rule *rule)
941{
942 return rule->r_goto;
943}
944
945/** @} */
946
947static struct nl_object_ops rule_obj_ops = {
948 .oo_name = "route/rule",
949 .oo_size = sizeof(struct rtnl_rule),
950 .oo_free_data = rule_free_data,
951 .oo_clone = rule_clone,
952 .oo_dump = {
953 [NL_DUMP_LINE] = rule_dump_line,
954 [NL_DUMP_DETAILS] = rule_dump_details,
955 [NL_DUMP_STATS] = rule_dump_stats,
956 },
957 .oo_compare = rule_compare,
958 .oo_attrs2str = rule_attrs2str,
959 .oo_id_attrs = ~0,
960};
961
962static struct nl_af_group rule_groups[] = {
963 { AF_INET, RTNLGRP_IPV4_RULE },
964 { AF_INET6, RTNLGRP_IPV6_RULE },
965 { END_OF_GROUP_LIST },
966};
967
968static struct nl_cache_ops rtnl_rule_ops = {
969 .co_name = "route/rule",
970 .co_hdrsize = sizeof(struct fib_rule_hdr),
971 .co_msgtypes = {
972 { RTM_NEWRULE, NL_ACT_NEW, "new" },
973 { RTM_DELRULE, NL_ACT_DEL, "del" },
974 { RTM_GETRULE, NL_ACT_GET, "get" },
975 END_OF_MSGTYPES_LIST,
976 },
977 .co_protocol = NETLINK_ROUTE,
978 .co_request_update = rule_request_update,
979 .co_msg_parser = rule_msg_parser,
980 .co_obj_ops = &rule_obj_ops,
981 .co_groups = rule_groups,
982};
983
984static void __init rule_init(void)
985{
986 nl_cache_mngt_register(&rtnl_rule_ops);
987}
988
989static void __exit rule_exit(void)
990{
991 nl_cache_mngt_unregister(&rtnl_rule_ops);
992}
993
994/** @} */
nl_addr_set_prefixlen
void nl_addr_set_prefixlen(struct nl_addr *addr, int prefixlen)
Set the prefix length of an abstract address.
Definition: addr.c:964
nl_addr_get
struct nl_addr * nl_addr_get(struct nl_addr *addr)
Increase the reference counter of an abstract address.
Definition: addr.c:522
nl_addr_alloc_attr
struct nl_addr * nl_addr_alloc_attr(const struct nlattr *nla, int family)
Allocate abstract address based on Netlink attribute.
Definition: addr.c:256
nl_addr_cmp
int nl_addr_cmp(const struct nl_addr *a, const struct nl_addr *b)
Compare abstract addresses.
Definition: addr.c:584
nl_addr_clone
struct nl_addr * nl_addr_clone(const struct nl_addr *addr)
Clone existing abstract address object.
Definition: addr.c:492
nl_addr2str
char * nl_addr2str(const struct nl_addr *addr, char *buf, size_t size)
Convert abstract address object to character string.
Definition: addr.c:998
nl_addr_get_prefixlen
unsigned int nl_addr_get_prefixlen(const struct nl_addr *addr)
Return prefix length of abstract address object.
Definition: addr.c:975
nl_addr_put
void nl_addr_put(struct nl_addr *addr)
Decrease the reference counter of an abstract address.
Definition: addr.c:538
nla_get_u32
uint32_t nla_get_u32(const struct nlattr *nla)
Return payload of 32 bit integer attribute.
Definition: attr.c:702
NLA_PUT_U8
#define NLA_PUT_U8(msg, attrtype, value)
Add 8 bit integer attribute to netlink message.
Definition: attr.h:194
NLA_PUT_ADDR
#define NLA_PUT_ADDR(msg, attrtype, addr)
Add address attribute to netlink message.
Definition: attr.h:283
nla_data
void * nla_data(const struct nlattr *nla)
Return pointer to the payload section.
Definition: attr.c:114
NLA_PUT
#define NLA_PUT(msg, attrtype, attrlen, data)
Add unspecific attribute to netlink message.
Definition: attr.h:159
NLA_PUT_U32
#define NLA_PUT_U32(msg, attrtype, value)
Add 32 bit integer attribute to netlink message.
Definition: attr.h:230
nla_get_u8
uint8_t nla_get_u8(const struct nlattr *nla)
Return value of 8 bit integer attribute.
Definition: attr.c:602
nla_strlcpy
size_t nla_strlcpy(char *dst, const struct nlattr *nla, size_t dstsize)
Copy string attribute payload to a buffer.
Definition: attr.c:371
NLA_PUT_STRING
#define NLA_PUT_STRING(msg, attrtype, value)
Add string attribute to netlink message.
Definition: attr.h:257
NLA_STRING
@ NLA_STRING
NUL terminated character string.
Definition: attr.h:39
NLA_U8
@ NLA_U8
8 bit integer
Definition: attr.h:35
NLA_U32
@ NLA_U32
32 bit integer
Definition: attr.h:37
nl_cache_mngt_unregister
int nl_cache_mngt_unregister(struct nl_cache_ops *ops)
Unregister a set of cache operations.
Definition: cache_mngt.c:281
nl_cache_mngt_register
int nl_cache_mngt_register(struct nl_cache_ops *ops)
Register a set of cache operations.
Definition: cache_mngt.c:246
nl_cache_refill
int nl_cache_refill(struct nl_sock *sk, struct nl_cache *cache)
(Re)fill a cache with the contents in the kernel.
Definition: cache.c:1035
nl_cache_alloc
struct nl_cache * nl_cache_alloc(struct nl_cache_ops *ops)
Allocate new cache.
Definition: cache.c:178
nlmsg_alloc_simple
struct nl_msg * nlmsg_alloc_simple(int nlmsgtype, int flags)
Allocate a new netlink message.
Definition: msg.c:341
nlmsg_data
void * nlmsg_data(const struct nlmsghdr *nlh)
Return pointer to message payload.
Definition: msg.c:100
nlmsg_free
void nlmsg_free(struct nl_msg *msg)
Release a reference from an netlink message.
Definition: msg.c:558
nlmsg_parse
int nlmsg_parse(struct nlmsghdr *nlh, int hdrlen, struct nlattr *tb[], int maxtype, const struct nla_policy *policy)
parse attributes of a netlink message
Definition: msg.c:208
nlmsg_append
int nlmsg_append(struct nl_msg *n, void *data, size_t len, int pad)
Append data to tail of a netlink message.
Definition: msg.c:442
nl_object_put
void nl_object_put(struct nl_object *obj)
Release a reference from an object.
Definition: object.c:214
nl_object_alloc
struct nl_object * nl_object_alloc(struct nl_object_ops *ops)
Allocate a new object of kind specified by the operations handle.
Definition: object.c:48
nl_rtgen_request
int nl_rtgen_request(struct nl_sock *sk, int type, int family, int flags)
Send routing netlink request message.
Definition: rtnl.c:35
rtnl_rule_delete
int rtnl_rule_delete(struct nl_sock *sk, struct rtnl_rule *rule, int flags)
Delete a rule.
Definition: rule.c:598
rtnl_rule_build_delete_request
int rtnl_rule_build_delete_request(struct rtnl_rule *rule, int flags, struct nl_msg **result)
Build a netlink request message to delete a rule.
Definition: rule.c:580
rtnl_rule_alloc_cache
int rtnl_rule_alloc_cache(struct nl_sock *sock, int family, struct nl_cache **result)
Build a rule cache including all rules currently configured in the kernel.
Definition: rule.c:399
rtnl_rule_get_l3mdev
int rtnl_rule_get_l3mdev(struct rtnl_rule *rule)
Get l3mdev value of the rule (FRA_L3MDEV)
Definition: rule.c:806
rtnl_rule_set_l3mdev
void rtnl_rule_set_l3mdev(struct rtnl_rule *rule, int value)
Set l3mdev value of the rule (FRA_L3MDEV)
Definition: rule.c:786
rtnl_rule_build_add_request
int rtnl_rule_build_add_request(struct rtnl_rule *tmpl, int flags, struct nl_msg **result)
Build netlink request message to add a new rule.
Definition: rule.c:524
rtnl_rule_add
int rtnl_rule_add(struct nl_sock *sk, struct rtnl_rule *tmpl, int flags)
Add a new rule.
Definition: rule.c:543
nl_send_auto_complete
int nl_send_auto_complete(struct nl_sock *sk, struct nl_msg *msg)
Definition: nl.c:1241
nl_dump
void nl_dump(struct nl_dump_params *params, const char *fmt,...)
Dump a formatted character string.
Definition: utils.c:955
NL_DUMP_STATS
@ NL_DUMP_STATS
Dump all attributes including statistics.
Definition: types.h:18
NL_DUMP_LINE
@ NL_DUMP_LINE
Dump object briefly on one line.
Definition: types.h:16
NL_DUMP_DETAILS
@ NL_DUMP_DETAILS
Dump all attributes but no statistics.
Definition: types.h:17
nl_dump_params
Dumping parameters.
Definition: types.h:28
nla_policy
Attribute validation policy.
Definition: attr.h:63
nla_policy::type
uint16_t type
Type of attribute or NLA_UNSPEC.
Definition: attr.h:65