/* $NetBSD: qop.c,v 1.13 2024/12/24 08:35:28 ozaki-r Exp $ */
/* $KAME: qop.c,v 1.11 2001/10/26 04:57:59 kjc Exp $ */
/*
* Copyright (C) 1999-2000
* Sony Computer Science Laboratories, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY SONY CSL AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL SONY CSL OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/sockio.h>
#include <sys/ioctl.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#if defined(__FreeBSD__) && (__FreeBSD_version > 300000)
#include <sys/linker.h>
#endif
#include <net/if.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <stddef.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
#include <err.h>
#include <syslog.h>
#include <altq/altq.h>
#include <altq/altq_red.h>
#include <altq/altq_rio.h>
#include <altq/altq_cdnr.h>
#include "altq_qop.h"
#include "qop_cdnr.h"
#define ALTQ_DEVICE "/dev/altq/altq"
#define RED_DEVICE "/dev/altq/red"
#define RIO_DEVICE "/dev/altq/rio"
#define CDNR_DEVICE "/dev/altq/cdnr"
#ifndef LIST_HEAD_INITIALIZER
#define LIST_HEAD_INITIALIZER(head) { NULL }
#endif
/*
* token bucket regulator information
*/
struct tbrinfo {
LIST_ENTRY(tbrinfo) link;
char ifname[IFNAMSIZ]; /* if name, e.g. "en0" */
struct tb_profile tb_prof, otb_prof;
int installed;
};
/*
* Static globals
*/
/* a list of configured interfaces */
LIST_HEAD(qop_iflist, ifinfo) qop_iflist = LIST_HEAD_INITIALIZER(&iflist);
/* a list of configured token bucket regulators */
LIST_HEAD(tbr_list, tbrinfo) tbr_list = LIST_HEAD_INITIALIZER(&tbr_list);
/*
* internal functions
*/
static int get_ifmtu(const char *);
static void tbr_install(const char *);
static void tbr_deinstall(const char *);
static int add_filter_rule(struct ifinfo *, struct fltrinfo *,
struct fltrinfo **);
static int remove_filter_rule(struct ifinfo *,
struct fltrinfo *);
static int filt_check_relation(struct flow_filter *, struct flow_filter *);
static int filt_disjoint(struct flow_filter *, struct flow_filter *);
static int filt_subset(struct flow_filter *, struct flow_filter *);
/*
* QCMD (Queue Command) API
*/
int
qcmd_init(void)
{
int error;
/* read config file and execute commands */
error = qcmd_config();
if (error != 0)
return (error);
error = qcmd_enableall();
if (error != 0)
LOG(LOG_ERR, errno, "%s: qcmd_init failed", qoperror(error));
return (error);
}
int
qcmd_enable(const char *ifname)
{
struct ifinfo *ifinfo;
int error = 0;
if ((ifinfo = ifname2ifinfo(ifname)) == NULL)
error = QOPERR_BADIF;
if (error == 0)
error = qop_enable(ifinfo);
if (error == 0) {
LOG(LOG_INFO, 0, "%s enabled on interface %s (mtu:%d)",
ifinfo->qdisc->qname, ifname, ifinfo->ifmtu);
} else
LOG(LOG_ERR, errno, "%s: enable failed!", qoperror(error));
return (error);
}
int
qcmd_disable(const char *ifname)
{
struct ifinfo *ifinfo;
int error = 0;
if ((ifinfo = ifname2ifinfo(ifname)) == NULL)
error = QOPERR_BADIF;
if (error == 0)
error = qop_disable(ifinfo);
if (error != 0)
LOG(LOG_ERR, errno, "%s: disable failed!", qoperror(error));
return (error);
}
int
qcmd_enableall()
{
struct ifinfo *ifinfo;
int error;
LIST_FOREACH(ifinfo, &qop_iflist, next) {
if ((error = qop_enable(ifinfo)) != 0)
return (error);
LOG(LOG_INFO, 0, "%s enabled on interface %s (mtu:%d)",
ifinfo->qdisc->qname, ifinfo->ifname, ifinfo->ifmtu);
}
return (0);
}
int
qcmd_disableall()
{
struct ifinfo *ifinfo;
int lerr, error = 0;
LIST_FOREACH(ifinfo, &qop_iflist, next)
if ((lerr = qop_disable(ifinfo)) != 0)
if (error == 0)
error = lerr;
return (error);
}
int
qcmd_clear(const char *ifname)
{
struct ifinfo *ifinfo;
int error = 0;
if ((ifinfo = ifname2ifinfo(ifname)) == NULL)
error = QOPERR_BADIF;
if (error == 0)
error = qop_clear(ifinfo);
if (error != 0)
LOG(LOG_ERR, errno, "%s: clear failed!", qoperror(error));
return (error);
}
int
qcmd_destroyall(void)
{
while (!LIST_EMPTY(&qop_iflist))
(void)qop_delete_if(LIST_FIRST(&qop_iflist));
return (0);
}
int
qcmd_restart(void)
{
qcmd_destroyall();
return qcmd_init();
}
int
qcmd_delete_class(const char *ifname, const char *clname)
{
struct ifinfo *ifinfo;
struct classinfo *clinfo = NULL;
int error = 0;
if ((ifinfo = ifname2ifinfo(ifname)) == NULL)
error = QOPERR_BADIF;
if (error == 0 &&
(clinfo = clname2clinfo(ifinfo, clname)) == NULL)
error = QOPERR_BADCLASS;
if (error == 0)
error = qop_delete_class(clinfo);
if (error != 0)
LOG(LOG_ERR, errno, "%s: delete_class failed",
qoperror(error));
return (error);
}
int
qcmd_add_filter(const char *ifname, const char *clname, const char *flname,
const struct flow_filter *fltr)
{
struct ifinfo *ifinfo;
struct classinfo *clinfo = NULL;
int error = 0;
if ((ifinfo = ifname2ifinfo(ifname)) == NULL)
error = QOPERR_BADIF;
if (error == 0 &&
(clinfo = clname2clinfo(ifinfo, clname)) == NULL) {
/*
* there is no matching class.
* check if it is for a traffic conditioner
*/
if ((ifinfo = input_ifname2ifinfo(ifname)) == NULL ||
(clinfo = clname2clinfo(ifinfo, clname)) == NULL)
error = QOPERR_BADCLASS;
}
if (error == 0)
error = qop_add_filter(NULL, clinfo, flname, fltr, NULL);
if (error != 0)
LOG(LOG_ERR, errno, "%s: add filter failed!",
qoperror(error));
else if (IsDebug(DEBUG_ALTQ)) {
LOG(LOG_DEBUG, 0, "%s: add a filter %s to class %s",
ifname, flname ? flname : "(null)",
clname ? clname : "(null)");
print_filter(fltr);
}
return (error);
}
int
qcmd_delete_filter(const char *ifname, const char *clname, const char *flname)
{
struct ifinfo *ifinfo;
struct classinfo *clinfo = NULL;
struct fltrinfo *fltrinfo = NULL;
int error = 0;
if ((ifinfo = ifname2ifinfo(ifname)) == NULL)
error = QOPERR_BADIF;
if (error == 0 &&
(clinfo = clname2clinfo(ifinfo, clname)) == NULL) {
/*
* there is no matching class.
* check if it is for a traffic conditioner
*/
if ((ifinfo = input_ifname2ifinfo(ifname)) == NULL ||
(clinfo = clname2clinfo(ifinfo, clname)) == NULL)
error = QOPERR_BADCLASS;
}
if (error == 0 &&
(fltrinfo = flname2flinfo(clinfo, flname)) == NULL)
error = QOPERR_BADFILTER;
if (error == 0)
error = qop_delete_filter(fltrinfo);
if (error != 0)
LOG(LOG_ERR, errno, "%s: delete filter failed!",
qoperror(error));
return (error);
}
int
qcmd_tbr_register(const char *ifname, uint64_t rate, u_int size)
{
struct tbrinfo *info;
if ((info = calloc(1, sizeof(struct tbrinfo))) == NULL)
return (QOPERR_NOMEM);
strlcpy(info->ifname, ifname, sizeof(info->ifname));
info->tb_prof.rate = rate;
info->tb_prof.depth = size;
info->installed = 0;
LIST_INSERT_HEAD(&tbr_list, info, link);
return (0);
}
/*
* QOP (Queue Operation) API
*/
int
qop_add_if(struct ifinfo **rp, const char *ifname, uint64_t bandwidth,
struct qdisc_ops *qdisc_ops, void *if_private)
{
struct ifinfo *ifinfo;
int error;
if (ifname2ifinfo(ifname) != NULL) {
LOG(LOG_ERR, 0, "qop_add_if: %s already exists!", ifname);
return (QOPERR_BADIF);
}
if ((ifinfo = calloc(1, sizeof(struct ifinfo))) == NULL)
return (QOPERR_NOMEM);
ifinfo->ifname = strdup(ifname);
ifinfo->bandwidth = bandwidth;
ifinfo->enabled = 0;
if (ifname[0] == '_')
/* input interface */
ifname += 1;
ifinfo->ifindex = get_ifindex(ifname);
ifinfo->ifmtu = get_ifmtu(ifname);
if (qdisc_ops == NULL)
ifinfo->qdisc = &nop_qdisc; /* replace syscalls by nops */
else
ifinfo->qdisc = qdisc_ops;
ifinfo->private = if_private;
LIST_INIT(&ifinfo->cllist);
LIST_INIT(&ifinfo->fltr_rules);
/* Link the interface info structure */
LIST_INSERT_HEAD(&qop_iflist, ifinfo, next);
/* install token bucket regulator, if necessary */
tbr_install(ifname);
/* attach the discipline to the interface */
if ((error = (*ifinfo->qdisc->attach)(ifinfo)) != 0)
goto err_ret;
/* disable and clear the interface */
if (ifinfo->qdisc->disable != NULL)
if ((error = (*ifinfo->qdisc->disable)(ifinfo)) != 0)
goto err_ret;
if (ifinfo->qdisc->clear != NULL)
if ((error = (*ifinfo->qdisc->clear)(ifinfo)) != 0)
goto err_ret;
if (rp != NULL)
*rp = ifinfo;
return (0);
err_ret:
if (ifinfo != NULL) {
LIST_REMOVE(ifinfo, next);
if (ifinfo->ifname != NULL)
free(ifinfo->ifname);
free(ifinfo);
}
return (error);
}
int
qop_delete_if(struct ifinfo *ifinfo)
{
(void)qop_disable(ifinfo);
(void)qop_clear(ifinfo);
if (ifinfo->delete_hook != NULL)
(*ifinfo->delete_hook)(ifinfo);
/* remove this entry from qop_iflist */
LIST_REMOVE(ifinfo, next);
(void)(*ifinfo->qdisc->detach)(ifinfo);
/* deinstall token bucket regulator, if necessary */
tbr_deinstall(ifinfo->ifname);
if (ifinfo->private != NULL)
free(ifinfo->private);
if (ifinfo->ifname != NULL)
free(ifinfo->ifname);
free(ifinfo);
return (0);
}
int
qop_enable(struct ifinfo *ifinfo)
{
int error;
if (ifinfo->enable_hook != NULL)
if ((error = (*ifinfo->enable_hook)(ifinfo)) != 0)
return (error);
if (ifinfo->qdisc->enable != NULL)
if ((error = (*ifinfo->qdisc->enable)(ifinfo)) != 0)
return (error);
ifinfo->enabled = 1;
return (0);
}
int
qop_disable(struct ifinfo *ifinfo)
{
int error;
if (ifinfo->qdisc->disable != NULL)
if ((error = (*ifinfo->qdisc->disable)(ifinfo)) != 0)
return (error);
ifinfo->enabled = 0;
return (0);
}
int
qop_clear(struct ifinfo *ifinfo)
{
struct classinfo *clinfo;
/* free all classes and filters */
if (ifinfo->ifname[0] != '_') {
/* output interface. delete from leaf classes */
while (!LIST_EMPTY(&ifinfo->cllist)) {
LIST_FOREACH(clinfo, &ifinfo->cllist, next) {
if (clinfo->child != NULL)
continue;
qop_delete_class(clinfo);
/*
* the list has been changed,
* restart from the head
*/
break;
}
}
} else {
/* input interface. delete from parents */
struct classinfo *root = get_rootclass(ifinfo);
while (!LIST_EMPTY(&ifinfo->cllist)) {
LIST_FOREACH(clinfo, &ifinfo->cllist, next)
if (clinfo->parent == root) {
qop_delete_cdnr(clinfo);
break;
}
if (root->child != NULL)
qop_delete_class(root);
}
}
/* clear the interface */
if (ifinfo->qdisc->clear != NULL)
return (*ifinfo->qdisc->clear)(ifinfo);
return (0);
}
int
qop_add_class(struct classinfo **rp, const char *clname,
struct ifinfo *ifinfo, struct classinfo *parent,
void *class_private)
{
struct classinfo *clinfo;
int error;
if ((clinfo = calloc(1, sizeof(*clinfo))) == NULL)
return (QOPERR_NOMEM);
if (clname != NULL)
clinfo->clname = strdup(clname);
else
clinfo->clname = strdup("(null)"); /* dummy name */
clinfo->ifinfo = ifinfo;
clinfo->private = class_private;
clinfo->parent = parent;
clinfo->child = NULL;
LIST_INIT(&clinfo->fltrlist);
if ((error = (*ifinfo->qdisc->add_class)(clinfo)) != 0)
goto err_ret;
/* link classinfo in lists */
LIST_INSERT_HEAD(&ifinfo->cllist, clinfo, next);
if (parent != NULL) {
clinfo->sibling = parent->child;
clinfo->parent->child = clinfo;
}
if (rp != NULL)
*rp = clinfo;
return (0);
err_ret:
if (clinfo != NULL) {
if (clinfo->clname != NULL)
free(clinfo->clname);
free(clinfo);
}
return (error);
}
int
qop_modify_class(struct classinfo *clinfo, void *arg)
{
return (*clinfo->ifinfo->qdisc->modify_class)(clinfo, arg);
}
int
qop_delete_class(struct classinfo *clinfo)
{
struct ifinfo *ifinfo = clinfo->ifinfo;
struct classinfo *prev;
int error;
/* a class to be removed should not have a child */
if (clinfo->child != NULL)
return (QOPERR_CLASS_PERM);
/* remove filters associated to this class */
while (!LIST_EMPTY(&clinfo->fltrlist))
(void)qop_delete_filter(LIST_FIRST(&clinfo->fltrlist));
if (clinfo->delete_hook != NULL)
(*clinfo->delete_hook)(clinfo);
/* remove class info from the interface */
LIST_REMOVE(clinfo, next);
/* remove this class from the child list */
if (clinfo->parent != NULL) {
if (clinfo->parent->child == clinfo)
clinfo->parent->child = clinfo->sibling;
else for (prev = clinfo->parent->child; prev->sibling != NULL;
prev = prev->sibling)
if (prev->sibling == clinfo) {
prev->sibling = clinfo->sibling;
break;
}
}
/* delete class from kernel */
if ((error = (*ifinfo->qdisc->delete_class)(clinfo)) != 0)
return (error);
if (clinfo->private != NULL)
free(clinfo->private);
if (clinfo->clname != NULL)
free(clinfo->clname);
free(clinfo);
return (0);
}
int
qop_add_filter(struct fltrinfo **rp, struct classinfo *clinfo,
const char *flname, const struct flow_filter *fltr,
struct fltrinfo **conflict)
{
struct ifinfo *ifinfo;
struct fltrinfo *fltrinfo;
int error;
if ((fltrinfo = calloc(1, sizeof(*fltrinfo))) == NULL)
return (QOPERR_NOMEM);
fltrinfo->clinfo = clinfo;
fltrinfo->fltr = *fltr;
#if 1
/* fix this */
fltrinfo->line_no = line_no; /* XXX */
fltrinfo->dontwarn = filter_dontwarn; /* XXX */
#endif
if (flname != NULL)
fltrinfo->flname = strdup(flname);
else
fltrinfo->flname = strdup("(null)"); /* dummy name */
/* check and save the filter */
ifinfo = clinfo->ifinfo;
if ((error = add_filter_rule(ifinfo, fltrinfo, conflict)) != 0)
goto err_ret;
/* install the filter to the kernel */
if ((error = (*ifinfo->qdisc->add_filter)(fltrinfo)) != 0) {
remove_filter_rule(ifinfo, fltrinfo);
goto err_ret;
}
/* link fltrinfo onto fltrlist of the class */
LIST_INSERT_HEAD(&clinfo->fltrlist, fltrinfo, next);
if (rp != NULL)
*rp = fltrinfo;
return (0);
err_ret:
if (fltrinfo != NULL) {
if (fltrinfo->flname != NULL)
free(fltrinfo->flname);
free(fltrinfo);
}
return (error);
}
int
qop_delete_filter(struct fltrinfo *fltrinfo)
{
struct ifinfo *ifinfo;
struct classinfo *clinfo;
int error;
/* remove filter info from the class */
clinfo = fltrinfo->clinfo;
ifinfo = clinfo->ifinfo;
/* remove the entry from fltrlist of the class */
LIST_REMOVE(fltrinfo, next);
remove_filter_rule(ifinfo, fltrinfo);
/* delete filter from kernel */
if ((error = (*ifinfo->qdisc->delete_filter)(fltrinfo)) != 0)
return (error);
if (fltrinfo->flname)
free(fltrinfo->flname);
free(fltrinfo);
return (0);
}
const char *
qoperror(int qoperrno)
{
static char buf[64];
if (qoperrno <= QOPERR_MAX)
return (qop_errlist[qoperrno]);
snprintf(buf, sizeof(buf), "unknown error %d", qoperrno);
return (buf);
}
/*
* misc functions
*/
struct ifinfo *
ifname2ifinfo(const char *ifname)
{
struct ifinfo *ifinfo;
LIST_FOREACH(ifinfo, &qop_iflist, next)
if (ifinfo->ifname != NULL &&
strcmp(ifinfo->ifname, ifname) == 0)
return (ifinfo);
return (NULL);
}
struct ifinfo *
input_ifname2ifinfo(const char *ifname)
{
struct ifinfo *ifinfo;
LIST_FOREACH(ifinfo, &qop_iflist, next)
if (ifinfo->ifname[0] == '_' &&
strcmp(ifinfo->ifname+1, ifname) == 0)
return (ifinfo);
return (NULL);
}
struct classinfo *
clname2clinfo(const struct ifinfo *ifinfo, const char *clname)
{
struct classinfo *clinfo;
LIST_FOREACH(clinfo, &ifinfo->cllist, next)
if (clinfo->clname != NULL &&
strcmp(clinfo->clname, clname) == 0)
return (clinfo);
return (NULL);
}
struct classinfo *
clhandle2clinfo(struct ifinfo *ifinfo, u_long handle)
{
struct classinfo *clinfo;
LIST_FOREACH(clinfo, &ifinfo->cllist, next)
if (clinfo->handle == handle)
return (clinfo);
return (NULL);
}
struct fltrinfo *
flname2flinfo(const struct classinfo *clinfo, const char *flname)
{
struct fltrinfo *fltrinfo;
LIST_FOREACH(fltrinfo, &clinfo->fltrlist, next)
if (fltrinfo->flname != NULL &&
strcmp(fltrinfo->flname, flname) == 0)
return (fltrinfo);
return (NULL);
}
struct fltrinfo *
flhandle2fltrinfo(struct ifinfo *ifinfo, u_long handle)
{
struct fltrinfo *fltrinfo;
LIST_FOREACH(fltrinfo, &ifinfo->fltr_rules, nextrule)
if (fltrinfo->handle == handle)
return (fltrinfo);
return (NULL);
}
int
is_q_enabled(const char *ifname)
{
struct ifinfo *ifinfo;
if ((ifinfo = ifname2ifinfo(ifname)) == NULL)
return (0);
return (ifinfo->enabled);
}
/*
* functions to walk through a class tree:
*
* for (clinfo = get_rootclass(ifinfo);
* clinfo != NULL; clinfo = get_nextclass(clinfo)) {
* do_something;
* }
*/
struct classinfo *get_rootclass(struct ifinfo *ifinfo)
{
struct classinfo *clinfo;
/* find a class without parent */
LIST_FOREACH(clinfo, &ifinfo->cllist, next)
if (clinfo->parent == NULL)
return (clinfo);
return (NULL);
}
/* return next class in the tree */
struct classinfo *get_nextclass(struct classinfo *clinfo)
{
struct classinfo *next;
if (clinfo->child != NULL)
next = clinfo->child;
else if (clinfo->sibling != NULL)
next = clinfo->sibling;
else {
next = clinfo;
while ((next = next->parent) != NULL)
if (next->sibling) {
next = next->sibling;
break;
}
}
return (next);
}
uint64_t
atobps(const char *s)
{
double bandwidth;
char *cp;
bandwidth = strtod(s, &cp);
if (cp != NULL) {
if (*cp == 'K' || *cp == 'k')
bandwidth *= 1000;
else if (*cp == 'M' || *cp == 'm')
bandwidth *= 1000000;
else if (*cp == 'G' || *cp == 'g')
bandwidth *= 1000000000;
}
if (bandwidth < 0)
bandwidth = 0;
return ((uint64_t)bandwidth);
}
u_long
atobytes(const char *s)
{
double bytes;
char *cp;
bytes = strtod(s, &cp);
if (cp != NULL) {
if (*cp == 'K' || *cp == 'k')
bytes *= 1024;
else if (*cp == 'M' || *cp == 'm')
bytes *= 1024 * 1024;
else if (*cp == 'G' || *cp == 'g')
bytes *= 1024 * 1024 * 1024;
}
if (bytes < 0)
bytes = 0;
return ((u_long)bytes);
}
static int
get_ifmtu(const char *ifname)
{
int s, mtu;
struct ifreq ifr;
#ifdef __OpenBSD__
struct if_data ifdata;
#endif
mtu = 512; /* default MTU */
if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0)
return (mtu);
strncpy(ifr.ifr_name, ifname, sizeof ifr.ifr_name);
#ifdef __OpenBSD__
ifr.ifr_data = (caddr_t)&ifdata;
if (ioctl(s, SIOCGIFDATA, (caddr_t)&ifr) == 0)
mtu = ifdata.ifi_mtu;
#else
if (ioctl(s, SIOCGIFMTU, (caddr_t)&ifr) == 0)
mtu = ifr.ifr_mtu;
#endif
close(s);
return (mtu);
}
static void
tbr_install(const char *ifname)
{
struct tbrinfo *info;
struct tbrreq req;
int fd;
LIST_FOREACH(info, &tbr_list, link)
if (strcmp(info->ifname, ifname) == 0)
break;
if (info == NULL)
return;
if (info->tb_prof.rate == 0 || info->installed)
return;
/* get the current token bucket regulator */
if ((fd = open(ALTQ_DEVICE, O_RDWR)) < 0)
err(1, "can't open altq device");
strncpy(req.ifname, ifname, IFNAMSIZ-1);
if (ioctl(fd, ALTQTBRGET, &req) < 0)
err(1, "ALTQTBRGET for interface %s", req.ifname);
/* save the current values */
info->otb_prof.rate = req.tb_prof.rate;
info->otb_prof.depth = req.tb_prof.depth;
/*
* if tbr is not specified in the config file and tbr is already
* configured, do not change.
*/
if (req.tb_prof.rate != 0) {
LOG(LOG_INFO, 0,
"tbr is already installed on %s,\n"
" using the current setting (rate:%.2fM size:%.2fK).",
info->ifname,
(double)req.tb_prof.rate/1000000.0,
(double)req.tb_prof.depth/1024.0);
close (fd);
return;
}
/* if the new size is not specified, use heuristics */
if (info->tb_prof.depth == 0) {
u_int rate, size;
rate = info->tb_prof.rate;
if (rate <= 1*1000*1000)
size = 1;
else if (rate <= 10*1000*1000)
size = 4;
else if (rate <= 200*1000*1000)
size = 8;
else
size = 24;
size = size * 1500; /* assume the default mtu is 1500 */
info->tb_prof.depth = size;
}
/* install the new tbr */
strncpy(req.ifname, ifname, IFNAMSIZ-1);
req.tb_prof.rate = info->tb_prof.rate;
req.tb_prof.depth = info->tb_prof.depth;
if (ioctl(fd, ALTQTBRSET, &req) < 0)
err(1, "ALTQTBRSET for interface %s", req.ifname);
LOG(LOG_INFO, 0,
"tbr installed on %s (rate:%.2fM size:%.2fK)",
info->ifname,
(double)info->tb_prof.rate/1000000.0,
(double)info->tb_prof.depth/1024.0);
close(fd);
info->installed = 1;
}
static void
tbr_deinstall(const char *ifname)
{
struct tbrinfo *info;
struct tbrreq req;
int fd;
LIST_FOREACH(info, &tbr_list, link)
if (strcmp(info->ifname, ifname) == 0)
break;
if (info == NULL)
return;
/* if we installed tbr, restore the old values */
if (info->installed != 0) {
strncpy(req.ifname, ifname, IFNAMSIZ-1);
req.tb_prof.rate = info->otb_prof.rate;
req.tb_prof.depth = info->otb_prof.depth;
if ((fd = open(ALTQ_DEVICE, O_RDWR)) < 0)
err(1, "can't open altq device");
if (ioctl(fd, ALTQTBRSET, &req) < 0)
err(1, "ALTQTBRSET for interface %s", req.ifname);
close(fd);
}
LIST_REMOVE(info, link);
free(info);
}
void
print_filter(const struct flow_filter *filt)
{
if (filt->ff_flow.fi_family == AF_INET) {
struct in_addr in_addr;
in_addr.s_addr = filt->ff_flow.fi_dst.s_addr;
LOG(LOG_DEBUG, 0,
" Filter Dest Addr: %s (mask %#x) Port: %d",
inet_ntoa(in_addr), ntoh32(filt->ff_mask.mask_dst.s_addr),
ntoh16(filt->ff_flow.fi_dport));
in_addr.s_addr = filt->ff_flow.fi_src.s_addr;
LOG(LOG_DEBUG, 0,
" Src Addr: %s (mask %#x) Port: %d",
inet_ntoa(in_addr), ntoh32(filt->ff_mask.mask_src.s_addr),
ntoh16(filt->ff_flow.fi_sport));
LOG(LOG_DEBUG, 0, " Protocol: %d TOS %#x (mask %#x)",
filt->ff_flow.fi_proto, filt->ff_flow.fi_tos,
filt->ff_mask.mask_tos);
}
#ifdef INET6
else if (filt->ff_flow.fi_family == AF_INET6) {
char str1[INET6_ADDRSTRLEN], str2[INET6_ADDRSTRLEN];
const struct flow_filter6 *sfilt6;
sfilt6 = (const struct flow_filter6 *)filt;
LOG(LOG_DEBUG, 0, "Filter6 Dest Addr: %s (mask %s) Port: %d",
inet_ntop(AF_INET6, &sfilt6->ff_flow6.fi6_dst,
str1, sizeof(str1)),
inet_ntop(AF_INET6, &sfilt6->ff_mask6.mask6_dst,
str2, sizeof(str2)),
ntoh16(sfilt6->ff_flow6.fi6_dport));
LOG(LOG_DEBUG, 0, " Src Addr: %s (mask %s) Port: %d",
inet_ntop(AF_INET6, &sfilt6->ff_flow6.fi6_src,
str1, sizeof(str1)),
inet_ntop(AF_INET6, &sfilt6->ff_mask6.mask6_src,
str2, sizeof(str2)),
ntoh16(sfilt6->ff_flow6.fi6_sport));
LOG(LOG_DEBUG, 0, " Protocol: %d TCLASS %#x (mask %#x)",
sfilt6->ff_flow6.fi6_proto, sfilt6->ff_flow6.fi6_tclass,
sfilt6->ff_mask6.mask6_tclass);
}
#endif /* INET6 */
}
/*
* functions to check the filter-rules.
* when a new filter is added, we check the relation to the existing filters
* and if some inconsistency is found, produce an error or a warning message.
*
* filter matching is performed from the head of the list.
* let
* S: a set of packets that filter s matches
* T: a set of packets that filter t matches
* filter relations are:
* disjoint: S ^ T = empty
* subset: S <= T
* intersect: S ^ T = not empty
*
* a new filter is disjoint or subset of the existing filters --> ok
* a new filter is superset of an existing filter --> order problem
* a new filter intersect an existing filter --> warning
*
* port-intersect: a special case we don't make warning
* - intersection is only port numbers
* - one specifies src port and the other specifies dst port
* there must be no packet with well-known port numbers in
* both src and dst ports. so this is ok.
*/
#define FILT_DISJOINT 1
#define FILT_SUBSET 2
#define FILT_SUPERSET 3
#define FILT_INTERSECT 4
#define FILT_PORTINTERSECT 5
static int
add_filter_rule(struct ifinfo *ifinfo, struct fltrinfo *fltrinfo,
struct fltrinfo **conflict)
{
struct fltrinfo *fp, *front, *back, *prev = NULL;
int relation;
LIST_FOREACH(fp, &ifinfo->fltr_rules, nextrule) {
if (fp->fltr.ff_ruleno > fltrinfo->fltr.ff_ruleno) {
front = fp;
back = fltrinfo;
prev = fp;
} else {
front = fltrinfo;
back = fp;
}
relation = filt_check_relation(&front->fltr, &back->fltr);
switch (relation) {
case FILT_SUBSET:
case FILT_DISJOINT:
/* OK */
break;
case FILT_SUPERSET:
if (front->dontwarn == 0 && back->dontwarn == 0)
LOG(LOG_ERR, 0,
"filters for \"%s\" at line %d and for \"%s\" at line %d has an order problem!",
front->clinfo->clname, front->line_no,
back->clinfo->clname, back->line_no);
if (conflict != NULL)
*conflict = fp;
return (QOPERR_FILTER_SHADOW);
case FILT_PORTINTERSECT:
break;
case FILT_INTERSECT:
/*
* if the intersecting two filters belonging to the
* same class, it's ok.
*/
if (front->clinfo == back->clinfo)
break;
if (front->dontwarn == 0 && back->dontwarn == 0)
LOG(LOG_WARNING, 0,
"warning: filter for \"%s\" at line %d could override filter for \"%s\" at line %d",
front->clinfo->clname, front->line_no,
back->clinfo->clname, back->line_no);
break;
}
}
if (prev == NULL)
LIST_INSERT_HEAD(&ifinfo->fltr_rules, fltrinfo, nextrule);
else
LIST_INSERT_AFTER(prev, fltrinfo, nextrule);
return (0);
}
static int
remove_filter_rule(struct ifinfo *ifinfo, struct fltrinfo *fltrinfo)
{
LIST_REMOVE(fltrinfo, nextrule);
return (0);
}
static int
filt_check_relation(struct flow_filter *front, struct flow_filter *back)
{
int rval;
if (front->ff_flow.fi_family != back->ff_flow.fi_family)
return (FILT_DISJOINT);
if (filt_disjoint(front, back))
return (FILT_DISJOINT);
if ((rval = filt_subset(front, back)) == 1)
return (FILT_SUBSET);
if (filt_subset(back, front) == 1)
return (FILT_SUPERSET);
if (rval == 2)
return (FILT_PORTINTERSECT);
return (FILT_INTERSECT);
}
static int
filt_disjoint(struct flow_filter *front, struct flow_filter *back)
{
u_int32_t mask;
u_int8_t tosmask;
if (front->ff_flow.fi_family == AF_INET) {
if (front->ff_flow.fi_proto != 0 && back->ff_flow.fi_proto != 0
&& front->ff_flow.fi_proto != back->ff_flow.fi_proto)
return (1);
if (front->ff_flow.fi_sport != 0 && back->ff_flow.fi_sport != 0
&& front->ff_flow.fi_sport != back->ff_flow.fi_sport)
return (1);
if (front->ff_flow.fi_dport != 0 && back->ff_flow.fi_dport != 0
&& front->ff_flow.fi_dport != back->ff_flow.fi_dport)
return (1);
if (front->ff_flow.fi_gpi != 0 && back->ff_flow.fi_gpi != 0
&& front->ff_flow.fi_gpi != back->ff_flow.fi_gpi)
return (1);
if (front->ff_flow.fi_src.s_addr != 0 &&
back->ff_flow.fi_src.s_addr != 0) {
mask = front->ff_mask.mask_src.s_addr &
back->ff_mask.mask_src.s_addr;
if ((front->ff_flow.fi_src.s_addr & mask) !=
(back->ff_flow.fi_src.s_addr & mask))
return (1);
}
if (front->ff_flow.fi_dst.s_addr != 0 &&
back->ff_flow.fi_dst.s_addr != 0) {
mask = front->ff_mask.mask_dst.s_addr &
back->ff_mask.mask_dst.s_addr;
if ((front->ff_flow.fi_dst.s_addr & mask) !=
(back->ff_flow.fi_dst.s_addr & mask))
return (1);
}
if (front->ff_flow.fi_tos != 0 && back->ff_flow.fi_tos != 0) {
tosmask = front->ff_mask.mask_tos &
back->ff_mask.mask_tos;
if ((front->ff_flow.fi_tos & tosmask) !=
(back->ff_flow.fi_tos & tosmask))
return (1);
}
return (0);
}
#ifdef INET6
else if (front->ff_flow.fi_family == AF_INET6) {
struct flow_filter6 *front6, *back6;
int i;
front6 = (struct flow_filter6 *)front;
back6 = (struct flow_filter6 *)back;
if (front6->ff_flow6.fi6_proto != 0 &&
back6->ff_flow6.fi6_proto != 0 &&
front6->ff_flow6.fi6_proto != back6->ff_flow6.fi6_proto)
return (1);
if (front6->ff_flow6.fi6_flowlabel != 0 &&
back6->ff_flow6.fi6_flowlabel != 0 &&
front6->ff_flow6.fi6_flowlabel !=
back6->ff_flow6.fi6_flowlabel)
return (1);
if (front6->ff_flow6.fi6_sport != 0 &&
back6->ff_flow6.fi6_sport != 0 &&
front6->ff_flow6.fi6_sport != back6->ff_flow6.fi6_sport)
return (1);
if (front6->ff_flow6.fi6_dport != 0 &&
back6->ff_flow6.fi6_dport != 0 &&
front6->ff_flow6.fi6_dport != back6->ff_flow6.fi6_dport)
return (1);
if (front6->ff_flow6.fi6_gpi != 0 &&
back6->ff_flow6.fi6_gpi != 0 &&
front6->ff_flow6.fi6_gpi != back6->ff_flow6.fi6_gpi)
return (1);
if (!IN6_IS_ADDR_UNSPECIFIED(&front6->ff_flow6.fi6_src) &&
!IN6_IS_ADDR_UNSPECIFIED(&back6->ff_flow6.fi6_src)) {
for (i=0; i<4; i++) {
mask = IN6ADDR32_GET(&front6->ff_mask6.mask6_src, i)
& IN6ADDR32_GET(&back6->ff_mask6.mask6_src, i);
if ((IN6ADDR32_GET(&front6->ff_flow6.fi6_src, i) & mask) !=
(IN6ADDR32_GET(&back6->ff_flow6.fi6_src, i) & mask))
return (1);
}
}
if (!IN6_IS_ADDR_UNSPECIFIED(&front6->ff_flow6.fi6_dst) &&
!IN6_IS_ADDR_UNSPECIFIED(&back6->ff_flow6.fi6_dst)) {
for (i=0; i<4; i++) {
mask = IN6ADDR32_GET(&front6->ff_mask6.mask6_dst, i)
& IN6ADDR32_GET(&back6->ff_mask6.mask6_dst, i);
if ((IN6ADDR32_GET(&front6->ff_flow6.fi6_dst, i) & mask) !=
(IN6ADDR32_GET(&back6->ff_flow6.fi6_dst, i) & mask))
return (1);
}
}
if (front6->ff_flow6.fi6_tclass != 0 &&
back6->ff_flow6.fi6_tclass != 0) {
tosmask = front6->ff_mask6.mask6_tclass &
back6->ff_mask6.mask6_tclass;
if ((front6->ff_flow6.fi6_tclass & tosmask) !=
(back6->ff_flow6.fi6_tclass & tosmask))
return (1);
}
return (0);
}
#endif /* INET6 */
return (0);
}
/*
* check if "front" is a subset of "back". assumes they are not disjoint
* return value 0: not a subset
* 1: subset
* 2: subset except src & dst ports
* (possible port-intersect)
*/
static int
filt_subset(struct flow_filter *front, struct flow_filter *back)
{
u_int16_t srcport, dstport;
if (front->ff_flow.fi_family == AF_INET) {
if (front->ff_flow.fi_proto == 0 &&
back->ff_flow.fi_proto != 0)
return (0);
if (front->ff_flow.fi_gpi == 0 && back->ff_flow.fi_gpi != 0)
return (0);
if (front->ff_flow.fi_src.s_addr == 0) {
if (back->ff_flow.fi_src.s_addr != 0)
return (0);
} else if (back->ff_flow.fi_src.s_addr != 0 &&
(~front->ff_mask.mask_src.s_addr &
back->ff_mask.mask_src.s_addr))
return (0);
if (front->ff_flow.fi_dst.s_addr == 0) {
if (back->ff_flow.fi_dst.s_addr != 0)
return (0);
} else if (back->ff_flow.fi_dst.s_addr != 0 &&
(~front->ff_mask.mask_dst.s_addr &
back->ff_mask.mask_dst.s_addr))
return (0);
if (~front->ff_mask.mask_tos & back->ff_mask.mask_tos)
return (0);
if (front->ff_flow.fi_sport == 0 &&
back->ff_flow.fi_sport != 0) {
srcport = ntohs(back->ff_flow.fi_sport);
dstport = ntohs(front->ff_flow.fi_dport);
if (dstport > 0 /* && dstport < 1024 */ &&
srcport > 0 /* && srcport < 1024 */)
return (2);
return (0);
}
if (front->ff_flow.fi_dport == 0 &&
back->ff_flow.fi_dport != 0) {
dstport = ntohs(back->ff_flow.fi_dport);
srcport = ntohs(front->ff_flow.fi_sport);
if (srcport > 0 /* && srcport < 1024 */ &&
dstport > 0 /* && dstport < 1024 */)
return (2);
return (0);
}
return (1);
}
#ifdef INET6
else if (front->ff_flow.fi_family == AF_INET6) {
struct flow_filter6 *front6, *back6;
int i;
front6 = (struct flow_filter6 *)front;
back6 = (struct flow_filter6 *)back;
if (front6->ff_flow6.fi6_proto == 0 &&
back6->ff_flow6.fi6_proto != 0)
return (0);
if (front6->ff_flow6.fi6_flowlabel == 0 &&
back6->ff_flow6.fi6_flowlabel != 0)
return (0);
if (front6->ff_flow6.fi6_gpi == 0 &&
back6->ff_flow6.fi6_gpi != 0)
return (0);
if (IN6_IS_ADDR_UNSPECIFIED(&front6->ff_flow6.fi6_src)) {
if (!IN6_IS_ADDR_UNSPECIFIED(&back6->ff_flow6.fi6_src))
return (0);
} else if (!IN6_IS_ADDR_UNSPECIFIED(&back6->ff_flow6.fi6_src))
for (i=0; i<4; i++)
if (~IN6ADDR32_GET(&front6->ff_mask6.mask6_src, i) &
IN6ADDR32_GET(&back6->ff_mask6.mask6_src, i))
return (0);
if (IN6_IS_ADDR_UNSPECIFIED(&front6->ff_flow6.fi6_dst)) {
if (!IN6_IS_ADDR_UNSPECIFIED(&back6->ff_flow6.fi6_dst))
return (0);
} else if (!IN6_IS_ADDR_UNSPECIFIED(&back6->ff_flow6.fi6_dst))
for (i=0; i<4; i++)
if (~IN6ADDR32_GET(&front6->ff_mask6.mask6_dst, i) &
IN6ADDR32_GET(&back6->ff_mask6.mask6_dst, i))
return (0);
if (~front6->ff_mask6.mask6_tclass &
back6->ff_mask6.mask6_tclass)
return (0);
if (front6->ff_flow6.fi6_sport == 0 &&
back6->ff_flow6.fi6_sport != 0) {
srcport = ntohs(back6->ff_flow6.fi6_sport);
dstport = ntohs(front6->ff_flow6.fi6_dport);
if (dstport > 0 /* && dstport < 1024 */ &&
srcport > 0 /* && srcport < 1024 */)
return (2);
return (0);
}
if (front6->ff_flow6.fi6_dport == 0 &&
back6->ff_flow6.fi6_dport != 0) {
dstport = ntohs(back6->ff_flow6.fi6_dport);
srcport = ntohs(front6->ff_flow6.fi6_sport);
if (srcport > 0 /* && srcport < 1024 */ &&
dstport > 0 /* && dstport < 1024 */)
return (2);
return (0);
}
}
#endif /* INET6 */
return (1);
}
/*
* setting RED or RIO default parameters
*/
int
qop_red_set_defaults(int th_min, int th_max, int inv_pmax)
{
struct redparams params;
int fd;
if ((fd = open(RED_DEVICE, O_RDWR)) < 0) {
LOG(LOG_ERR, errno, "RED open");
return (QOPERR_SYSCALL);
}
params.th_min = th_min;
params.th_max = th_max;
params.inv_pmax = inv_pmax;
if (ioctl(fd, RED_SETDEFAULTS, ¶ms) < 0) {
LOG(LOG_ERR, errno, "RED_SETDEFAULTS");
(void)close(fd);
return (QOPERR_SYSCALL);
}
(void)close(fd);
return (0);
}
int
qop_rio_set_defaults(struct redparams *params)
{
int i, fd;
/* sanity check */
for (i = 1; i < RIO_NDROPPREC; i++) {
if (params[i].th_max > params[i-1].th_min)
LOG(LOG_WARNING, 0,
"warning: overlap found in RIO thresholds");
}
if ((fd = open(RIO_DEVICE, O_RDWR)) < 0) {
LOG(LOG_ERR, errno, "RIO open");
return (QOPERR_SYSCALL);
}
if (ioctl(fd, RIO_SETDEFAULTS, params) < 0) {
LOG(LOG_ERR, errno, "RIO_SETDEFAULTS");
(void)close(fd);
return (QOPERR_SYSCALL);
}
(void)close(fd);
return (0);
}
/*
* try to load and open KLD module
* (also check the altq device file)
*/
int
open_module(const char *dvname, int flags)
{
#if defined(__FreeBSD__) && (__FreeBSD_version > 300000)
char modname[64], filename[MAXPATHLEN], *cp;
int fd;
#endif
struct stat sbuf;
/* check if the altq device exists */
if (stat(dvname, &sbuf) < 0) {
LOG(LOG_ERR, errno, "can't access %s!", dvname);
return (-1);
}
#if defined(__FreeBSD__) && (__FreeBSD_version > 300000)
/* turn discipline name into module name */
strlcpy(modname, "altq_", sizeof(modname));
if ((cp = strrchr(devname, '/')) == NULL)
return (-1);
strlcat(modname, cp + 1, sizeof(modname));
/* check if the kld module exists */
snprintf(filename, sizeof(filename), "/modules/%s.ko", modname);
if (stat(filename, &sbuf) < 0) {
/* module file doesn't exist */
return (-1);
}
if (kldload(modname) < 0) {
LOG(LOG_ERR, errno, "kldload %s failed!", modname);
return (-1);
}
/* successfully loaded, open the device */
LOG(LOG_INFO, 0, "kld module %s loaded", modname);
fd = open(devname, flags);
return (fd);
#else
return (-1);
#endif
}
