iprule: add ipproto property

``` config rule option ... option ipproto '17' ``` This allows handling rules which anchor to protocol number like: `ip ru add from all ipproto udp table udp_table prior 10` Handle ipproto as an unsigned integer. https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml Example: config rule option in 'lan' option src '10.48.0.0/16' option out 'lan' option dest '192.168.1.144/32' option lookup 'main' option ipproto '17' Results in ~# ip rule 0: from all lookup local 1: from 10.48.0.0/16 to 192.168.1.144 iif br-lan oif br-lan ipproto udp lookup main Tested on 23.05.5 x86_64 Signed-off-by: Paul Donald <newtwen+github@gmail.com>
openwrt · Oct 17, 2024 · 1735ecf · 1735ecf
1 parent 3c6265f
commit 1735ecf
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/iprule.c b/iprule.c
@@ -45,6 +45,7 @@ enum {
 	RULE_GOTO,
 	RULE_SUP_PREFIXLEN,
 	RULE_UIDRANGE,
+	RULE_IPPROTO,
 	RULE_DISABLED,
 	__RULE_MAX
 };
@@ -63,6 +64,7 @@ static const struct blobmsg_policy rule_attr[__RULE_MAX] = {
 	[RULE_UIDRANGE] = { .name = "uidrange", .type = BLOBMSG_TYPE_STRING },
 	[RULE_ACTION] = { .name = "action", .type = BLOBMSG_TYPE_STRING },
 	[RULE_GOTO]   = { .name = "goto", .type = BLOBMSG_TYPE_INT32 },
+	[RULE_IPPROTO]  = { .name = "ipproto", .type = BLOBMSG_TYPE_INT32 },
 	[RULE_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL },
 };
 
@@ -309,6 +311,14 @@ iprule_add(struct blob_attr *attr, bool v6)
 		rule->flags |= IPRULE_GOTO;
 	}
 
+	if ((cur = tb[RULE_IPPROTO]) != NULL) {
+		if ((rule->ipproto = blobmsg_get_u32(cur)) > 255) {
+			D(INTERFACE, "Invalid ipproto value: %u", blobmsg_get_u32(cur));
+			goto error;
+		}
+		rule->flags |= IPRULE_IPPROTO;
+	}
+
 	vlist_add(&iprules, &rule->node, rule);
 	return;
 

diff --git a/iprule.h b/iprule.h
@@ -66,6 +66,9 @@ enum iprule_flags {
 
 	/* rule specifies uidrange */
 	IPRULE_UIDRANGE		= (1 << 14),
+
+	/* rule specifies ipproto */
+	IPRULE_IPPROTO  = (1 << 15),
 };
 
 struct iprule {
@@ -109,6 +112,7 @@ struct iprule {
 	unsigned int uidrange_end;
 	unsigned int action;
 	unsigned int gotoid;
+	unsigned int ipproto;
 };
 
 extern struct vlist_tree iprules;

diff --git a/system-linux.c b/system-linux.c
@@ -3571,6 +3571,9 @@ static int system_iprule(struct iprule *rule, int cmd)
 	if (rule->flags & IPRULE_GOTO)
 		nla_put_u32(msg, FRA_GOTO, rule->gotoid);
 
+	if (rule->flags & IPRULE_IPPROTO)
+		nla_put_u32(msg, FRA_IP_PROTO, rule->ipproto);
+
 	return system_rtnl_call(msg);
 }