iprule: add support for uidrange

Allow for per-user routing policies via the uidrange iprule option.
Option allows for a single UID or range of UIDs.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

3 files changed, 28 insertions, 0 deletions

diff --git a/iprule.c b/iprule.c
index b9e16a5..0956073 100644
--- a/iprule.c
+++ b/iprule.c
@@ -44,6 +44,7 @@ enum {
 	RULE_ACTION,
 	RULE_GOTO,
 	RULE_SUP_PREFIXLEN,
+	RULE_UIDRANGE,
 	RULE_DISABLED,
 	__RULE_MAX
 };
@@ -59,6 +60,7 @@ static const struct blobmsg_policy rule_attr[__RULE_MAX] = {
 	[RULE_FWMARK] = { .name = "mark", .type = BLOBMSG_TYPE_STRING },
 	[RULE_LOOKUP] = { .name = "lookup", .type = BLOBMSG_TYPE_STRING },
 	[RULE_SUP_PREFIXLEN] = { .name = "suppress_prefixlength", .type = BLOBMSG_TYPE_INT32 },
+	[RULE_UIDRANGE] = { .name = "uidrange", .type = BLOBMSG_TYPE_STRING },
 	[RULE_ACTION] = { .name = "action", .type = BLOBMSG_TYPE_STRING },
 	[RULE_GOTO]   = { .name = "goto", .type = BLOBMSG_TYPE_INT32 },
 	[RULE_DISABLED] = { .name = "disabled", .type = BLOBMSG_TYPE_BOOL },
@@ -282,6 +284,18 @@ iprule_add(struct blob_attr *attr, bool v6)
 		rule->flags |= IPRULE_SUP_PREFIXLEN;
 	}
 
+	if ((cur = tb[RULE_UIDRANGE]) != NULL) {
+		int ret = sscanf(blobmsg_get_string(cur), "%u-%u", &rule->uidrange_start, &rule->uidrange_end);
+
+		if (ret == 1)
+			rule->uidrange_end = rule->uidrange_start;
+		else if (ret != 2) {
+			DPRINTF("Failed to parse UID range: %s\n", (char *) blobmsg_data(cur));
+			goto error;
+		}
+		rule->flags |= IPRULE_UIDRANGE;
+	}
+
 	if ((cur = tb[RULE_ACTION]) != NULL) {
 		if (!system_resolve_iprule_action(blobmsg_data(cur), &rule->action)) {
 			DPRINTF("Failed to parse rule action: %s\n", (char *) blobmsg_data(cur));
diff --git a/iprule.h b/iprule.h
index 89b94b4..6d91d06 100644
--- a/iprule.h
+++ b/iprule.h
@@ -63,6 +63,9 @@ enum iprule_flags {
 
 	/* rule suppresses results by prefix length */
 	IPRULE_SUP_PREFIXLEN	= (1 << 13),
+
+	/* rule specifies uidrange */
+	IPRULE_UIDRANGE		= (1 << 14),
 };
 
 struct iprule {
@@ -102,6 +105,8 @@ struct iprule {
 
 	unsigned int lookup;
 	unsigned int sup_prefixlen;
+	unsigned int uidrange_start;
+	unsigned int uidrange_end;
 	unsigned int action;
 	unsigned int gotoid;
 };
diff --git a/system-linux.c b/system-linux.c
index 654f2ac..9846e98 100644
--- a/system-linux.c
+++ b/system-linux.c
@@ -2954,6 +2954,15 @@ static int system_iprule(struct iprule *rule, int cmd)
 	if (rule->flags & IPRULE_SUP_PREFIXLEN)
 		nla_put_u32(msg, FRA_SUPPRESS_PREFIXLEN, rule->sup_prefixlen);
 
+	if (rule->flags & IPRULE_UIDRANGE) {
+		struct fib_rule_uid_range uidrange = {
+			.start = rule->uidrange_start,
+			.end = rule->uidrange_end
+		};
+
+		nla_put(msg, FRA_UID_RANGE, sizeof(uidrange), &uidrange);
+	}
+
 	if (rule->flags & IPRULE_GOTO)
 		nla_put_u32(msg, FRA_GOTO, rule->gotoid);