From patchwork Thu Oct 17 15:20:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Donald X-Patchwork-Id: 1998672 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=GgZnzw+X; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=OvFhKQ6E; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=patchwork.ozlabs.org) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XTs5z65yjz1xw7 for ; Fri, 18 Oct 2024 02:22:46 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Cc:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=j6LMvts5/a8QXbg3xc45PuCCM5Zs112WV/4gNGcA2SQ=; b=GgZnzw+XHr0bOT z1EAWS+Cg8LTb7V9K5FDjKiTsJ4n5YnHicEtuy14HserdzsaafkmVlXPKw2cPhqlbrsKQ8e2CXyIb 0dSlHkJTdKFbtf2JyMzYcXVtap7zhvmjsbFLNHibc7sVQUb0A69FNl7CwLsfDDluO7+0wzwc8+phW pZPqyNwWltZRzhEoiTst1nEH9O+P0Uv2Ndjt3lKAGpjoAEifftP0wqqU0R7Wzv0P2lY7kg1FgaeI1 88Az+2Vi5L8yKtRwxE0WG9Q/JFe12CIjO4juIHvvM+CvBrKOY5+AaLF5i1pTkgtG7+CdTCQRWhF6p Mla1mH8e78oQyKmmL4Wg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.98 #2 (Red Hat Linux)) id 1t1SJQ-0000000FG5l-2w2p; Thu, 17 Oct 2024 15:21:16 +0000 Received: from mail-lf1-x12a.google.com ([2a00:1450:4864:20::12a]) by bombadil.infradead.org with esmtps (Exim 4.98 #2 (Red Hat Linux)) id 1t1SJL-0000000FG4L-29QH for openwrt-devel@lists.openwrt.org; Thu, 17 Oct 2024 15:21:15 +0000 Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-539f0802bf1so136610e87.3 for ; Thu, 17 Oct 2024 08:21:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1729178469; x=1729783269; darn=lists.openwrt.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:sender:from:to:cc:subject:date :message-id:reply-to; bh=5mPm/x3eVhuDO8JkjtluZXUHvFFgPWr0AgKiOk1hhj8=; b=OvFhKQ6EuLu28iZVW11i2uqePusJDreF7WNk9Wq3+VH5jS0RMAf/JG/2TiFnvk6jl/ Y7IO12D5ldleQtHPV2oI1A3Kha2o5aDdNdkg91ANnHwPk/tIrc/5prubnX+s8P01K1Ha HKuWy4uwsYKdgicz4F6rnWNYVQONQlns/VhwETrcnjKvVGAuZvo2gQG5g5DqHGbPLGX4 Q6Zjq1U5F24GmUVJY7iFLQdVTgDPMvWJwrJQ/sntDnr3XEwAy05OtfE9HNNJI6AyCsjL g+J8i6miazJmIl+5Ry1Uppal/8xeYCVE8X5fd+DAOdM1A2uKmh6RSQAm+gGVIKWf85Jy 7SQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1729178469; x=1729783269; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:sender:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=5mPm/x3eVhuDO8JkjtluZXUHvFFgPWr0AgKiOk1hhj8=; b=p8fQG1NaNoJd1JzGnvZkuUN2KlBru+2uIrzckfff7Be04YOIa55J3LGFAwIlHXfj0t pymH59fUlQF6ZfypY91qGoRfanpoevuaUQ6LKicOHqawFM9npZu8DBhY+lu4TgxvgSTM 3ThPfKo/bVEln0CDI9sR5e6nMdbl/aakoF7SV2adNoBWawb4EZI0ckiwBUNHXM2PFyGd 2Qu/nv1oLzB8LxHgHFVBIzASSD9GsjS8eBue0elmKYGS93RZkS4WVXsEL7lp+zMmeSp7 zaYPNKg/+nMvGUf4MMvrb5l+nAWPeBZ5deXmoistg524puLJIQr2IBHngZBdqbaz/spT Fr1w== X-Gm-Message-State: AOJu0YxPUpMc/dN+7Nl6ffx+UHr7EUySByr1Ke9oomqrwz7WLf0J9AxF wxu65TH3juMxpm4G1YkzKOxKaSqiPymTKx8U8gzT2d4ktpHl7mdiMM6jFLV5 X-Google-Smtp-Source: AGHT+IG8GB3YZXNLUp6jfUuYet0utIqVGfXlCox5NOCHHlhdt0fz0bdgi7nyMQ9hdRQSGuHzOa0aDw== X-Received: by 2002:a05:6512:683:b0:539:f67b:b859 with SMTP id 2adb3069b0e04-53a0c6e03b0mr624130e87.4.1729178468933; Thu, 17 Oct 2024 08:21:08 -0700 (PDT) Received: from blackhol3 ([2a07:5cc0:2::56]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-539fffa8870sm793025e87.2.2024.10.17.08.21.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Oct 2024 08:21:08 -0700 (PDT) From: Paul Donald To: openwrt-devel@lists.openwrt.org Subject: [RFC PATCH 1/1] iprule: add ipproto property Date: Thu, 17 Oct 2024 17:20:39 +0200 Message-ID: <20241017152107.78523-2-newtwen+github@gmail.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20241017152107.78523-1-newtwen+github@gmail.com> References: <20241017152107.78523-1-newtwen+github@gmail.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20241017_082111_576817_F421B4BE X-CRM114-Status: GOOD ( 12.99 ) X-Spam-Score: -2.1 (--) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: ``` config rule option ... option ipproto '17' ``` This allows handling rules which anchor to protocol number like: `ip ru add from all ipproto udp table udp_table prior 10` Content analysis details: (-2.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:12a listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [newtwen+github(at)gmail.com] X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org ``` config rule option ... option ipproto '17' ``` This allows handling rules which anchor to protocol number like: `ip ru add from all ipproto udp table udp_table prior 10` Handle ipproto as an unsigned integer. https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml Tested on 23.05.5 x86_64 Signed-off-by: Paul Donald --- iprule.c | 10 ++++++++++ iprule.h | 4 ++++ system-linux.c | 3 +++ 3 files changed, 17 insertions(+) diff --git a/iprule.c b/iprule.c index e851e2d..39ce127 100644 --- a/iprule.c +++ b/iprule.c @@ -45,6 +45,7 @@ enum { RULE_GOTO, RULE_SUP_PREFIXLEN, RULE_UIDRANGE, + RULE_IPPROTO, RULE_DISABLED, __RULE_MAX }; @@ -63,6 +64,7 @@ static const struct blobmsg_policy rule_attr[__RULE_MAX] = { [RULE_UIDRANGE] = { .name = "uidrange", .type = BLOBMSG_TYPE_STRING }, [RULE_ACTION] = { .name = "action", .type = BLOBMSG_TYPE_STRING }, [RULE_GOTO] = { .name = "goto", .type = BLOBMSG_TYPE_INT32 }, + [RULE_IPPROTO] = { .name = "ipproto", .type = BLOBMSG_TYPE_INT32 }, [RULE_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL }, }; @@ -309,6 +311,14 @@ iprule_add(struct blob_attr *attr, bool v6) rule->flags |= IPRULE_GOTO; } + if ((cur = tb[RULE_IPPROTO]) != NULL) { + if ((rule->ipproto = blobmsg_get_u32(cur)) > 255) { + D(INTERFACE, "Invalid ipproto value: %u", blobmsg_get_u32(cur)); + goto error; + } + rule->flags |= IPRULE_IPPROTO; + } + vlist_add(&iprules, &rule->node, rule); return; diff --git a/iprule.h b/iprule.h index 488aafc..6f5b189 100644 --- a/iprule.h +++ b/iprule.h @@ -66,6 +66,9 @@ enum iprule_flags { /* rule specifies uidrange */ IPRULE_UIDRANGE = (1 << 14), + + /* rule specifies ipproto */ + IPRULE_IPPROTO = (1 << 15), }; struct iprule { @@ -109,6 +112,7 @@ struct iprule { unsigned int uidrange_end; unsigned int action; unsigned int gotoid; + unsigned int ipproto; }; extern struct vlist_tree iprules; diff --git a/system-linux.c b/system-linux.c index 4463a2a..7282243 100644 --- a/system-linux.c +++ b/system-linux.c @@ -3571,6 +3571,9 @@ static int system_iprule(struct iprule *rule, int cmd) if (rule->flags & IPRULE_GOTO) nla_put_u32(msg, FRA_GOTO, rule->gotoid); + if (rule->flags & IPRULE_IPPROTO) + nla_put_u32(msg, FRA_IP_PROTO, rule->ipproto); + return system_rtnl_call(msg); }