[][MAC80211][hnat][Move Netfilter Netlink Ftnl package to feed]
[Description]
Refactor Netfilter Netlink Ftnl patch.
If without this patch, this package might not be applied on the RDKB.
[Release-log]
N/A
Change-Id: Iefdfdea1e4480ac5fe9195b0f8b1b52706b76b05
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/7217027
diff --git a/feed/flowtable/Makefile b/feed/flowtable/Makefile
new file mode 100644
index 0000000..150a1a3
--- /dev/null
+++ b/feed/flowtable/Makefile
@@ -0,0 +1,51 @@
+#
+# Copyright (C) 2009-2013 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=netfilter_flowtable
+PKG_VERSION:=1.0
+PKG_RELEASE:=1
+
+PKG_LICENSE:=GPL-2.0+
+#PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/netfilter-flowtable
+ SECTION:=MTK Properties
+ CATEGORY:=MTK Properties
+ DEPENDS:=+libnfnetlink +libmnl +kmod-nf-flow-netlink
+ TITLE:=API to the in-kernel flow offload table
+ SUBMENU:=Applications
+endef
+
+define Package/netfilter-flowtable/description
+ API to the in-kernel flow offload table
+endef
+
+TARGET_CFLAGS += $(FPIC)
+
+TARGET_CPPFLAGS := \
+ -D_GNU_SOURCE \
+ -I$(LINUX_DIR)/user_headers/include \
+ -I$(PKG_BUILD_DIR) \
+ $(TARGET_CPPFLAGS) \
+
+define Build/Compile
+ CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
+ $(MAKE) -C $(PKG_BUILD_DIR) \
+ $(TARGET_CONFIGURE_OPTS) \
+ LIBS="$(TARGET_LDFLAGS) -lnfnetlink -lm"
+endef
+
+define Package/netfilter-flowtable/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(CP) $(PKG_BUILD_DIR)/ftnl $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,netfilter-flowtable))
\ No newline at end of file
diff --git a/feed/flowtable/src/Makefile b/feed/flowtable/src/Makefile
new file mode 100644
index 0000000..3f450ad
--- /dev/null
+++ b/feed/flowtable/src/Makefile
@@ -0,0 +1,9 @@
+EXEC = ftnl
+SRC = api.c ftnl.c
+
+all:$(EXEC)
+$(EXEC):$(SRC)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(SRC) $(LDLIBS) $(LIBS)
+
+clean:
+ -rm -f $(EXEC) *.elf *.gdb *.o
diff --git a/feed/flowtable/src/api.c b/feed/flowtable/src/api.c
new file mode 100644
index 0000000..64bbbfe
--- /dev/null
+++ b/feed/flowtable/src/api.c
@@ -0,0 +1,112 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "netfilter_flowtable.h"
+
+static void attr_dump(struct nfattr *attr)
+{
+ char *data = nla_data(attr);
+ int i = 0;
+
+ while (i < nal_len(attr)) {
+ printf("%x ", *(data + i));
+ i++;
+ if (i % 16 == 0)
+ printf("\n");
+ }
+ printf("\n");
+}
+
+struct ftnl_handle *ftnl_open(void)
+{
+ struct ftnl_handle *h = NULL;
+
+ h = malloc(sizeof(struct ftnl_handle));
+ if (!h)
+ return NULL;
+
+ h->nfnlh = nfnl_open();
+ if (!h->nfnlh) {
+ printf("nfnl open fail\n");
+ free(h);
+ return NULL;
+ }
+
+ h->ftnlssh = nfnl_subsys_open(h->nfnlh, NFNL_SUBSYS_FLOWTABLE, 1, 0);
+ if (!h->ftnlssh) {
+ nfnl_close(h->nfnlh);
+ printf("subsys open fail\n");
+ free(h);
+ return NULL;
+ }
+
+ return h;
+}
+
+void ftnl_close(struct ftnl_handle *h)
+{
+ nfnl_subsys_close(h->ftnlssh);
+ nfnl_close(h->nfnlh);
+ free(h);
+}
+
+static void build_tuple(struct nlmsghdr *nlh, size_t size,
+ struct flow_tuple *tuple)
+{
+ struct nfattr *nest_tuple, *nest_ip, *nest_proto;
+
+ nest_tuple = nfnl_nest(nlh, size, FTA_TUPLE);
+
+ nest_ip = nfnl_nest(nlh, size, FTA_TUPLE_IP);
+ nfnl_addattr_l(nlh, size, FTA_IP_V4_SRC,
+ &tuple->sip4, sizeof(uint32_t));
+ nfnl_addattr_l(nlh, size, FTA_IP_V4_DST,
+ &tuple->dip4, sizeof(uint32_t));
+ nfnl_nest_end(nlh, nest_ip);
+
+ nest_proto = nfnl_nest(nlh, size, FTA_TUPLE_PROTO);
+ nfnl_addattr_l(nlh, size, FTA_PROTO_NUM,
+ &tuple->proto, sizeof(uint8_t));
+ nfnl_addattr_l(nlh, size, FTA_PROTO_SPORT,
+ &tuple->sport, sizeof(uint16_t));
+ nfnl_addattr_l(nlh, size, FTA_PROTO_DPORT,
+ &tuple->dport, sizeof(uint16_t));
+ nfnl_nest_end(nlh, nest_proto);
+
+ nfnl_nest_end(nlh, nest_tuple);
+// attr_dump(nest_tuple);
+}
+
+int ftnl_flush_table(struct ftnl_handle *h)
+{
+ struct nlmsghdr nlh;
+ int ret;
+
+ /* construct msg */
+ nfnl_fill_hdr(h->ftnlssh, &nlh, 0, AF_INET, 0,
+ FT_MSG_FLUSH, NLM_F_REQUEST | NLM_F_ACK);
+
+ /* send msg */
+ ret = nfnl_send(h->nfnlh, &nlh);
+ return ret;
+}
+
+int ftnl_del_flow(struct ftnl_handle *h, struct flow_tuple *tuple)
+{
+ const int size = 256;
+ union {
+ char buffer[size];
+ struct nlmsghdr nlh;
+ } u;
+ int ret;
+
+ /* construct msg */
+ nfnl_fill_hdr(h->ftnlssh, &u.nlh, 0, AF_INET, 0,
+ FT_MSG_DEL, NLM_F_REQUEST|NLM_F_ACK);
+ build_tuple(&u.nlh, size, tuple);
+
+ /* send msg */
+ ret = nfnl_send(h->nfnlh, &u.nlh);
+
+ return ret;
+}
diff --git a/feed/flowtable/src/ftnl.c b/feed/flowtable/src/ftnl.c
new file mode 100644
index 0000000..d021bb3
--- /dev/null
+++ b/feed/flowtable/src/ftnl.c
@@ -0,0 +1,92 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <unistd.h>
+#include <getopt.h>
+
+#include "netfilter_flowtable.h"
+
+void usage(void)
+{
+ printf("#########flush flow table\n");
+ printf("ftnl -F\n");
+ printf("#########del flow from offload table\n");
+ printf("ftnl -D [sip] [dip] [proto] [sport] [dport]\n");
+}
+
+int main(int argc, char *argv[])
+{
+ struct ftnl_handle *h;
+ struct flow_tuple tuple = {0};
+ int msg = -1;
+ int c;
+ int ret = -1;
+ const char *optstring = "FD";
+ struct option opts[] = {
+ {"sip", required_argument, NULL, 's'},
+ {"dip", required_argument, NULL, 'd'},
+ {"proto", required_argument, NULL, 'p'},
+ {"sport", required_argument, NULL, 'm'},
+ {"dport", required_argument, NULL, 'n'}
+ };
+
+ /* open netlink socket */
+ h = ftnl_open();
+ if (!h)
+ return ret;
+
+ /* parse arg */
+ while ((c = getopt_long(argc, argv, optstring, opts, NULL)) != -1) {
+ switch (c) {
+ case 'F':
+ msg = FT_MSG_FLUSH;
+ break;
+ case 'D':
+ msg = FT_MSG_DEL;
+ break;
+ case 's':
+ inet_aton(optarg, &tuple.sip4);
+ break;
+ case 'd':
+ inet_aton(optarg, &tuple.dip4);
+ break;
+ case 'p':
+ if (!strcmp(optarg, "tcp"))
+ tuple.proto = IPPROTO_TCP;
+ else if (!strcmp(optarg, "udp"))
+ tuple.proto = IPPROTO_UDP;
+ else {
+ printf("proto bad value...\n");
+ printf("pls set proto to udp or tcp arg : %s\n",
+ optarg);
+ goto out;
+ }
+ break;
+ case 'm':
+ tuple.sport = htons(atoi(optarg));
+ break;
+ case 'n':
+ tuple.dport = htons(atoi(optarg));
+ break;
+ default:
+ usage();
+ goto out;
+ }
+ }
+
+ switch (msg) {
+ case FT_MSG_FLUSH:
+ ftnl_flush_table(h);
+ break;
+ case FT_MSG_DEL:
+ ftnl_del_flow(h, &tuple);
+ break;
+ default:
+ break;
+ }
+
+out:
+ ftnl_close(h);
+ return ret;
+}
diff --git a/feed/flowtable/src/netfilter_flowtable.h b/feed/flowtable/src/netfilter_flowtable.h
new file mode 100644
index 0000000..6a50300
--- /dev/null
+++ b/feed/flowtable/src/netfilter_flowtable.h
@@ -0,0 +1,63 @@
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <libnfnetlink/libnfnetlink.h>
+
+struct ftnl_handle {
+ struct nfnl_handle *nfnlh;
+ struct nfnl_subsys_handle *ftnlssh;
+};
+
+struct flow_tuple {
+ struct in_addr sip4;
+ struct in_addr dip4;
+ unsigned char proto;
+ unsigned short int sport;
+ unsigned short int dport;
+};
+
+enum ft_msg_types {
+ FT_MSG_DEL,
+ FT_MSG_ADD, //not support now
+ FT_MSG_FLUSH,
+ FT_MSG_MAX
+};
+
+enum ftattr_type {
+ FTA_UNSPEC,
+ FTA_TUPLE,
+ __FTA_MAX
+};
+#define FTA_MAX (__FTA_MAX - 1)
+
+enum ftattr_tuple {
+ FTA_TUPLE_UNSPEC,
+ FTA_TUPLE_IP,
+ FTA_TUPLE_PROTO,
+ FTA_TUPLE_ZONE,
+ __FTA_TUPLE_MAX
+};
+#define FTA_TUPLE_MAX (__FTA_TUPLE_MAX - 1)
+
+enum ftattr_ip {
+ FTA_IP_UNSPEC,
+ FTA_IP_V4_SRC,
+ FTA_IP_V4_DST,
+ FTA_IP_V6_SRC,
+ FTA_IP_V6_DST,
+ __FTA_IP_MAX
+};
+#define FTA_IP_MAX (__FTA_IP_MAX - 1)
+
+enum ftattr_l4proto {
+ FTA_PROTO_UNSPEC,
+ FTA_PROTO_NUM,
+ FTA_PROTO_SPORT,
+ FTA_PROTO_DPORT,
+ __FTA_PROTO_MAX
+};
+#define FTA_PROTO_MAX (__FTA_PROTO_MAX - 1)
+
+struct ftnl_handle *ftnl_open(void);
+void ftnl_close(struct ftnl_handle *h);
+int ftnl_flush_table(struct ftnl_handle *h);
+int ftnl_del_flow(struct ftnl_handle *h, struct flow_tuple *tuple);