rule: add Rule.Type to allow adding/listing unreachable (RTN_UNREACHABLE) rules

Updates #710 Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Percy Wegmann <percy@tailscale.com>
2024-12-17 20:24:44 +00:00 · 2024-08-22 14:13:23 -05:00 · 2024-08-22 14:13:23 -05:00 · 5b0b9d8260
commit 5b0b9d8260
parent 65a253d375
4 changed files with 55 additions and 7 deletions
--- a/rule.go
+++ b/rule.go
@ -28,6 +28,7 @@ type Rule struct {
 	IPProto           int
 	UIDRange          *RuleUIDRange
 	Protocol          uint8
 	Type              uint8
 }
 func (r Rule) String() string {
@ -41,8 +42,8 @@ func (r Rule) String() string {
 		to = r.Dst.String()
 	}
-	return fmt.Sprintf("ip rule %d: from %s to %s table %d",
+	return fmt.Sprintf("ip rule %d: from %s to %s table %d %s",
-		r.Priority, from, to, r.Table)
+		r.Priority, from, to, r.Table, r.typeString())
 }
 // NewRule return empty rules.
--- a/rule_linux.go
+++ b/rule_linux.go
@ -43,8 +43,8 @@ func ruleHandle(rule *Rule, req *nl.NetlinkRequest) error {
 	msg.Protocol = unix.RTPROT_BOOT
 	msg.Scope = unix.RT_SCOPE_UNIVERSE
 	msg.Table = unix.RT_TABLE_UNSPEC
-	msg.Type = unix.RTN_UNSPEC
+	msg.Type = rule.Type // usually 0, same as unix.RTN_UNSPEC
-	if req.NlMsghdr.Flags&unix.NLM_F_CREATE > 0 {
+	if msg.Type == 0 && req.NlMsghdr.Flags&unix.NLM_F_CREATE > 0 {
 		msg.Type = unix.RTN_UNICAST
 	}
 	if rule.Invert {
@ -332,3 +332,34 @@ func ptrEqual(a, b *uint32) bool {
 	}
 	return *a == *b
 }
 func (r Rule) typeString() string {
 	switch r.Type {
 	case unix.RTN_UNSPEC: // zero
 		return ""
 	case unix.RTN_UNICAST:
 		return ""
 	case unix.RTN_LOCAL:
 		return "local"
 	case unix.RTN_BROADCAST:
 		return "broadcast"
 	case unix.RTN_ANYCAST:
 		return "anycast"
 	case unix.RTN_MULTICAST:
 		return "multicast"
 	case unix.RTN_BLACKHOLE:
 		return "blackhole"
 	case unix.RTN_UNREACHABLE:
 		return "unreachable"
 	case unix.RTN_PROHIBIT:
 		return "prohibit"
 	case unix.RTN_THROW:
 		return "throw"
 	case unix.RTN_NAT:
 		return "nat"
 	case unix.RTN_XRESOLVE:
 		return "xresolve"
 	default:
 		return fmt.Sprintf("type(0x%x)", r.Type)
 	}
 }
--- a/rule_nonlinux.go
+++ b/rule_nonlinux.go
@ -0,0 +1,8 @@
 //go:build !linux
 // +build !linux
 package netlink
 func (r Rule) typeString() string {
 	return ""
 }
--- a/rule_test.go
+++ b/rule_test.go
@ -613,7 +613,7 @@ func TestRuleString(t *testing.T) {
 		s string
 	}{
 		"empty rule": {
-			s: "ip rule 0: from all to all table 0",
+			s: "ip rule 0: from all to all table 0 ",
 		},
 		"rule with src and dst equivalent to <nil>": {
 			r: Rule{
@ -622,7 +622,7 @@ func TestRuleString(t *testing.T) {
 				Dst:      &net.IPNet{IP: net.IPv4(20, 0, 0, 0)},
 				Table:    99,
 			},
-			s: "ip rule 100: from all to all table 99",
+			s: "ip rule 100: from all to all table 99 ",
 		},
 		"rule with src and dst": {
 			r: Rule{
@ -631,7 +631,14 @@ func TestRuleString(t *testing.T) {
 				Dst:      &net.IPNet{IP: net.IPv4(20, 0, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
 				Table:    99,
 			},
-			s: "ip rule 100: from 10.0.0.0/24 to 20.0.0.0/24 table 99",
+			s: "ip rule 100: from 10.0.0.0/24 to 20.0.0.0/24 table 99 ",
 		},
 		"rule with type": {
 			r: Rule{
 				Priority: 101,
 				Type:     unix.RTN_UNREACHABLE,
 			},
 			s: "ip rule 101: from all to all table 0 unreachable",
 		},
 	}
@ -671,6 +678,7 @@ func ruleEquals(a, b Rule) bool {
 		a.IifName == b.IifName &&
 		a.Invert == b.Invert &&
 		a.Tos == b.Tos &&
 		a.Type == b.Type &&
 		a.IPProto == b.IPProto &&
 		a.Protocol == b.Protocol &&
 		a.Mark == b.Mark &&