summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorStefan Tomanek <stefan.tomanek@wertarbyte.de>2017-06-07 12:47:04 +0200
committerHans Dedecker <dedeckeh@gmail.com>2017-06-11 15:07:18 +0200
commit90e2e2c404eeeb3414c794dfb45f5ee4b88cd479 (patch)
tree8d2a78ef9b3fce2f3edcf3e524ea09fdf6b026d0
parent08f1875201a60dc20c65d2af26b41af987662f10 (diff)
iprule: Add option to suppress unspecific routing lookups
After applying this patch, policy routing rules can be employed that ignore parts of a routing table. The following config snippet ignores routing lookups from the specified main routing table yielding the default route, passing the lookup process on to the next rule (that might provide a special default route for marked packets): config rule option priority 10 # check main routing table first, but ignore default route result option lookup main option suppress_prefixlength 0 config rule option priority 11 # use special routing table for marked packets # (unless already consumed by previous rule) option mark 0xFF option lookup 100 The result is a ruleset like this (only visible using the full 'ip' binary): # ip rule 0: from all lookup local 10: from all lookup main suppress_prefixlength 0 11: from all fwmark 0xff lookup 100 32766: from all lookup main 32767: from all lookup default # Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
-rw-r--r--iprule.c7
-rw-r--r--iprule.h4
-rw-r--r--system-linux.c3
3 files changed, 14 insertions, 0 deletions
diff --git a/iprule.c b/iprule.c
index 81bb77a..7cf7422 100644
--- a/iprule.c
+++ b/iprule.c
@@ -42,6 +42,7 @@ enum {
RULE_LOOKUP,
RULE_ACTION,
RULE_GOTO,
+ RULE_SUP_PREFIXLEN,
__RULE_MAX
};
@@ -55,6 +56,7 @@ static const struct blobmsg_policy rule_attr[__RULE_MAX] = {
[RULE_TOS] = { .name = "tos", .type = BLOBMSG_TYPE_INT32 },
[RULE_FWMARK] = { .name = "mark", .type = BLOBMSG_TYPE_STRING },
[RULE_LOOKUP] = { .name = "lookup", .type = BLOBMSG_TYPE_STRING },
+ [RULE_SUP_PREFIXLEN] = { .name = "suppress_prefixlength", .type = BLOBMSG_TYPE_INT32 },
[RULE_ACTION] = { .name = "action", .type = BLOBMSG_TYPE_STRING },
[RULE_GOTO] = { .name = "goto", .type = BLOBMSG_TYPE_INT32 },
};
@@ -185,6 +187,11 @@ iprule_add(struct blob_attr *attr, bool v6)
rule->flags |= IPRULE_LOOKUP;
}
+ if ((cur = tb[RULE_SUP_PREFIXLEN]) != NULL) {
+ rule->sup_prefixlen = blobmsg_get_u32(cur);
+ rule->flags |= IPRULE_SUP_PREFIXLEN;
+ }
+
if ((cur = tb[RULE_ACTION]) != NULL) {
if (!system_resolve_iprule_action(blobmsg_data(cur), &rule->action)) {
DPRINTF("Failed to parse rule action: %s\n", (char *) blobmsg_data(cur));
diff --git a/iprule.h b/iprule.h
index e8a2555..7617c76 100644
--- a/iprule.h
+++ b/iprule.h
@@ -60,6 +60,9 @@ enum iprule_flags {
/* rule is a goto */
IPRULE_GOTO = (1 << 12),
+
+ /* rule suppresses results by prefix length */
+ IPRULE_SUP_PREFIXLEN = (1 << 13),
};
struct iprule {
@@ -87,6 +90,7 @@ struct iprule {
unsigned int fwmask;
unsigned int lookup;
+ unsigned int sup_prefixlen;
unsigned int action;
unsigned int gotoid;
};
diff --git a/system-linux.c b/system-linux.c
index 3605d9b..06c6abd 100644
--- a/system-linux.c
+++ b/system-linux.c
@@ -2171,6 +2171,9 @@ static int system_iprule(struct iprule *rule, int cmd)
nla_put_u32(msg, FRA_TABLE, rule->lookup);
}
+ if (rule->flags & IPRULE_SUP_PREFIXLEN)
+ nla_put_u32(msg, FRA_SUPPRESS_PREFIXLEN, rule->sup_prefixlen);
+
if (rule->flags & IPRULE_GOTO)
nla_put_u32(msg, FRA_GOTO, rule->gotoid);