From: Paul Donald <newtwen+github@gmail.com>
Date: Thu, 17 Oct 2024 14:28:25 +0000 (+0200)
Subject: iprule: add ipproto property
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=d29cf707478cfc5465fc8a7b8ccfde72a739a4f6;p=project%2Fnetifd.git

iprule: add ipproto property

```
config rule
	option ...
	option ipproto '17'
```

This allows handling rules which anchor to protocol number like:

`ip ru add from all ipproto udp table udp_table prior 10`

Handle ipproto as an unsigned integer.

https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

Example:

config rule
	option in 'lan'
	option src '10.48.0.0/16'
	option out 'lan'
	option dest '192.168.1.144/32'
	option lookup 'main'
	option ipproto '17'

Results in

~# ip rule
0:	from all lookup local
1:	from 10.48.0.0/16 to 192.168.1.144 iif br-lan oif br-lan ipproto udp lookup main

Tested on 23.05.5 x86_64

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
---

diff --git a/iprule.c b/iprule.c
index e851e2d..39ce127 100644
--- a/iprule.c
+++ b/iprule.c
@@ -45,6 +45,7 @@ enum {
 	RULE_GOTO,
 	RULE_SUP_PREFIXLEN,
 	RULE_UIDRANGE,
+	RULE_IPPROTO,
 	RULE_DISABLED,
 	__RULE_MAX
 };
@@ -63,6 +64,7 @@ static const struct blobmsg_policy rule_attr[__RULE_MAX] = {
 	[RULE_UIDRANGE] = { .name = "uidrange", .type = BLOBMSG_TYPE_STRING },
 	[RULE_ACTION] = { .name = "action", .type = BLOBMSG_TYPE_STRING },
 	[RULE_GOTO]   = { .name = "goto", .type = BLOBMSG_TYPE_INT32 },
+	[RULE_IPPROTO]  = { .name = "ipproto", .type = BLOBMSG_TYPE_INT32 },
 	[RULE_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL },
 };
 
@@ -309,6 +311,14 @@ iprule_add(struct blob_attr *attr, bool v6)
 		rule->flags |= IPRULE_GOTO;
 	}
 
+	if ((cur = tb[RULE_IPPROTO]) != NULL) {
+		if ((rule->ipproto = blobmsg_get_u32(cur)) > 255) {
+			D(INTERFACE, "Invalid ipproto value: %u", blobmsg_get_u32(cur));
+			goto error;
+		}
+		rule->flags |= IPRULE_IPPROTO;
+	}
+
 	vlist_add(&iprules, &rule->node, rule);
 	return;
 
diff --git a/iprule.h b/iprule.h
index 488aafc..56b9998 100644
--- a/iprule.h
+++ b/iprule.h
@@ -66,6 +66,9 @@ enum iprule_flags {
 
 	/* rule specifies uidrange */
 	IPRULE_UIDRANGE		= (1 << 14),
+
+	/* rule specifies ipproto */
+	IPRULE_IPPROTO		= (1 << 15),
 };
 
 struct iprule {
@@ -109,6 +112,7 @@ struct iprule {
 	unsigned int uidrange_end;
 	unsigned int action;
 	unsigned int gotoid;
+	unsigned int ipproto;
 };
 
 extern struct vlist_tree iprules;
diff --git a/system-linux.c b/system-linux.c
index 5c17563..af20523 100644
--- a/system-linux.c
+++ b/system-linux.c
@@ -3586,6 +3586,9 @@ static int system_iprule(struct iprule *rule, int cmd)
 	if (rule->flags & IPRULE_GOTO)
 		nla_put_u32(msg, FRA_GOTO, rule->gotoid);
 
+	if (rule->flags & IPRULE_IPPROTO)
+		nla_put_u32(msg, FRA_IP_PROTO, rule->ipproto);
+
 	return system_rtnl_call(msg);
 }