lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 24 Dec 2018 16:49:44 +0800
From:   wenxu@...oud.cn
To:     stephen@...workplumber.org, netdev@...r.kernel.org
Subject: [PATCH iproute2] iprule: Add tun_id filed in the selector

From: wenxu <wenxu@...oud.cn>

ip rule add from all iif gretap tun_id 2000 lookup 200

Signed-off-by: wenxu <wenxu@...oud.cn>
---
 ip/iprule.c        | 33 +++++++++++++++++++++++++++++++++
 man/man8/ip-rule.8 |  4 +++-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/ip/iprule.c b/ip/iprule.c
index 0f8fc6d..d28f151 100644
--- a/ip/iprule.c
+++ b/ip/iprule.c
@@ -71,6 +71,7 @@ static struct
 	unsigned int tos, tosmask;
 	unsigned int pref, prefmask;
 	unsigned int fwmark, fwmask;
+	uint64_t tun_id;
 	char iif[IFNAMSIZ];
 	char oif[IFNAMSIZ];
 	struct fib_rule_uid_range range;
@@ -173,6 +174,18 @@ static bool filter_nlmsg(struct nlmsghdr *n, struct rtattr **tb, int host_len)
 		    r->end != filter.range.end)
 			return false;
 	}
+
+	if (filter.tun_id) {
+		__u64 tun_id = 0;
+
+		if (tb[FRA_TUN_ID]) {
+			tun_id = ntohll(rta_getattr_u64(tb[FRA_TUN_ID]));
+			if (filter.tun_id != tun_id)
+				return false;
+		} else {
+			return false;
+		}
+	}
 
 	table = frh_get_table(frh, tb);
 	if (filter.tb > 0 && filter.tb ^ table)
@@ -340,6 +353,12 @@ int print_rule(struct nlmsghdr *n, void *arg)
 		}
 	}
 
+	if (tb[FRA_TUN_ID]) {
+		__u64 tun_id = ntohll(rta_getattr_u64(tb[FRA_TUN_ID]));
+
+		print_u64(PRINT_ANY, "tun_id", "tun_id %llu ", tun_id);
+	}
+
 	table = frh_get_table(frh, tb);
 	if (table) {
 		print_string(PRINT_ANY, "table",
@@ -583,6 +602,13 @@ static int iprule_list_flush_or_save(int argc, char **argv, int action)
 				   &filter.range.end) != 2)
 				invarg("invalid UID range\n", *argv);
 
+		} else if (matches(*argv, "tun_id") == 0) {
+			__u64 tun_id;
+
+			NEXT_ARG();
+			if (get_u64(&tun_id, *argv, 0))
+				invarg("\"tun_id\" value is invalid\n", *argv);
+			filter.tun_id = tun_id;
 		} else if (matches(*argv, "lookup") == 0 ||
 			   matches(*argv, "table") == 0) {
 			__u32 tid;
@@ -779,6 +805,13 @@ static int iprule_modify(int cmd, int argc, char **argv)
 			if (rtnl_rtprot_a2n(&proto, *argv))
 				invarg("\"protocol\" value is invalid\n", *argv);
 			addattr8(&req.n, sizeof(req), FRA_PROTOCOL, proto);
+		} else if (matches(*argv, "tun_id") == 0) {
+			__u64 tun_id;
+
+			NEXT_ARG();
+			if (get_be64(&tun_id, *argv, 0))
+				invarg("\"tun_id\" value is invalid\n", *argv);
+			addattr64(&req.n, sizeof(req), FRA_TUN_ID, tun_id);
 		} else if (matches(*argv, "table") == 0 ||
 			   strcmp(*argv, "lookup") == 0) {
 			NEXT_ARG();
diff --git a/man/man8/ip-rule.8 b/man/man8/ip-rule.8
index 1455a49..2c12bf6 100644
--- a/man/man8/ip-rule.8
+++ b/man/man8/ip-rule.8
@@ -54,7 +54,9 @@ ip-rule \- routing policy database management
 .IR NUMBER "-" NUMBER " ] ] [ "
 .BR dport " [ "
 .IR NUMBER " | "
-.IR NUMBER "-" NUMBER " ] ]"
+.IR NUMBER "-" NUMBER " ] ] [ "
+.B  tun_id
+.IR TUN_ID " ]"
 .BR
 
 
-- 
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ