add netlink/rule (#139)

* add netlink/rule

Signed-off-by: Florian Lehner <dev@der-flo.net>

* Add some fuzzing corpus

Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>

Co-authored-by: Jeroen Simonetti <jeroen@simonetti.nl>

conn.go

@@ -17,6 +17,7 @@ type Conn struct {
 	Address *AddressService
 	Route   *RouteService
 	Neigh   *NeighService
+	Rule    *RuleService
 }
 
 var _ conn = &netlink.Conn{}
@@ -54,6 +55,7 @@ func newConn(c conn) *Conn {
 	rtc.Address = &AddressService{c: rtc}
 	rtc.Route = &RouteService{c: rtc}
 	rtc.Neigh = &NeighService{c: rtc}
+	rtc.Rule = &RuleService{c: rtc}
 
 	return rtc
 }
@@ -179,6 +181,8 @@ func unpackMessages(msgs []netlink.Message) ([]Message, error) {
 			m = &RouteMessage{}
 		case unix.RTM_GETNEIGH, unix.RTM_NEWNEIGH, unix.RTM_DELNEIGH:
 			m = &NeighMessage{}
+		case unix.RTM_GETRULE, unix.RTM_NEWRULE, unix.RTM_DELRULE:
+			m = &RuleMessage{}
 		default:
 			continue
 		}

example_rule_list_test.go

@@ -0,0 +1,27 @@
+package rtnetlink_test
+
+import (
+	"log"
+
+	"github.com/jsimonetti/rtnetlink"
+)
+
+// List all rules
+func Example_listRule() {
+	// Dial a connection to the rtnetlink socket
+	conn, err := rtnetlink.Dial(nil)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer conn.Close()
+
+	// Request a list of rules
+	rules, err := conn.Rule.List()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	for _, rule := range rules {
+		log.Printf("%+v", rule)
+	}
+}

fuzz.go

@@ -58,3 +58,17 @@ func FuzzNeighMessage(data []byte) int {
 
 	return 1
 }
+
+// FuzzRuleMessage will fuzz a RuleMessage
+func FuzzRuleMessage(data []byte) int {
+	m := &RuleMessage{}
+	if err := (m).UnmarshalBinary(data); err != nil {
+		return 0
+	}
+
+	if _, err := m.MarshalBinary(); err != nil {
+		panic(err)
+	}
+
+	return 1
+}

go.mod

@@ -6,5 +6,5 @@ require (
 	github.com/cilium/ebpf v0.8.1
 	github.com/google/go-cmp v0.5.7
 	github.com/mdlayher/netlink v1.6.0
-	golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27
+	golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f
 )

go.sum

@@ -34,6 +34,8 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27 h1:XDXtA5hveEEV8JB2l7nhMTp3t3cHp9ZpwcdjqyEWLlo=
 golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f h1:8w7RhxzTVgUzw/AH/9mUV5q0vMgy40SQRursCcfmkCw=
+golang.org/x/sys v0.0.0-20220408201424-a24fb2fb8a0f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=

internal/unix/types_linux.go

@@ -108,4 +108,32 @@ const (
 	RT_SCOPE_UNIVERSE           = linux.RT_SCOPE_UNIVERSE
 	RT_SCOPE_HOST               = linux.RT_SCOPE_HOST
 	RT_SCOPE_LINK               = linux.RT_SCOPE_LINK
+	RTM_NEWRULE                 = linux.RTM_NEWRULE
+	RTM_GETRULE                 = linux.RTM_GETRULE
+	RTM_DELRULE                 = linux.RTM_DELRULE
+	FRA_UNSPEC                  = linux.FRA_UNSPEC
+	FRA_DST                     = linux.FRA_DST
+	FRA_SRC                     = linux.FRA_SRC
+	FRA_IIFNAME                 = linux.FRA_IIFNAME
+	FRA_GOTO                    = linux.FRA_GOTO
+	FRA_UNUSED2                 = linux.FRA_UNUSED2
+	FRA_PRIORITY                = linux.FRA_PRIORITY
+	FRA_UNUSED3                 = linux.FRA_UNUSED3
+	FRA_UNUSED4                 = linux.FRA_UNUSED4
+	FRA_UNUSED5                 = linux.FRA_UNUSED5
+	FRA_FWMARK                  = linux.FRA_FWMARK
+	FRA_FLOW                    = linux.FRA_FLOW
+	FRA_TUN_ID                  = linux.FRA_TUN_ID
+	FRA_SUPPRESS_IFGROUP        = linux.FRA_SUPPRESS_IFGROUP
+	FRA_SUPPRESS_PREFIXLEN      = linux.FRA_SUPPRESS_PREFIXLEN
+	FRA_TABLE                   = linux.FRA_TABLE
+	FRA_FWMASK                  = linux.FRA_FWMASK
+	FRA_OIFNAME                 = linux.FRA_OIFNAME
+	FRA_PAD                     = linux.FRA_PAD
+	FRA_L3MDEV                  = linux.FRA_L3MDEV
+	FRA_UID_RANGE               = linux.FRA_UID_RANGE
+	FRA_PROTOCOL                = linux.FRA_PROTOCOL
+	FRA_IP_PROTO                = linux.FRA_IP_PROTO
+	FRA_SPORT_RANGE             = linux.FRA_SPORT_RANGE
+	FRA_DPORT_RANGE             = linux.FRA_DPORT_RANGE
 )

internal/unix/types_other.go

@@ -104,4 +104,32 @@ const (
 	RT_SCOPE_UNIVERSE           = 0x0
 	RT_SCOPE_HOST               = 0xfe
 	RT_SCOPE_LINK               = 0xfd
+	RTM_NEWRULE                 = 0x20
+	RTM_GETRULE                 = 0x22
+	RTM_DELRULE                 = 0x21
+	FRA_UNSPEC                  = 0x0
+	FRA_DST                     = 0x1
+	FRA_SRC                     = 0x2
+	FRA_IIFNAME                 = 0x3
+	FRA_GOTO                    = 0x4
+	FRA_UNUSED2                 = 0x5
+	FRA_PRIORITY                = 0x6
+	FRA_UNUSED3                 = 0x7
+	FRA_UNUSED4                 = 0x8
+	FRA_UNUSED5                 = 0x9
+	FRA_FWMARK                  = 0xa
+	FRA_FLOW                    = 0xb
+	FRA_TUN_ID                  = 0xc
+	FRA_SUPPRESS_IFGROUP        = 0xd
+	FRA_SUPPRESS_PREFIXLEN      = 0xe
+	FRA_TABLE                   = 0xf
+	FRA_FWMASK                  = 0x10
+	FRA_OIFNAME                 = 0x11
+	FRA_PAD                     = 0x12
+	FRA_L3MDEV                  = 0x13
+	FRA_UID_RANGE               = 0x14
+	FRA_PROTOCOL                = 0x15
+	FRA_IP_PROTO                = 0x16
+	FRA_SPORT_RANGE             = 0x17
+	FRA_DPORT_RANGE             = 0x18
 )