# rule: fix 32-bit platforms don't support adding rules with a mark value of 0x80000000/0xF0000000 ~ 0xF0000000/0xF0000000

The maximum value for an `int` type on a 32-bit platform is 0x7FFFFFFF. Since 0xF0000000 exceeds this limit, we need to use `uint` instead of `int` to handle these values.
2025-09-27 04:05:59 +08:00 · 2024-07-29 17:12:06 +08:00
parent d13535d71e
commit 8f96fd8b2f
5 changed files with 295 additions and 33 deletions
--- a/rule_test.go
+++ b/rule_test.go
@@ -252,7 +252,7 @@ func runRuleListFiltered(t *testing.T, family int, srcNet, dstNet *net.IPNet) {
 				r.Family = family
 				r.Table = 1
 				RuleAdd(r)
-				
+
 				r.Priority = 32765 // Set priority for assertion
 				return r
 			},
@@ -325,7 +325,7 @@ func runRuleListFiltered(t *testing.T, family int, srcNet, dstNet *net.IPNet) {
 		},
 		{
 			name:       "returns rules filtered by Mask",
-			ruleFilter: &Rule{Mask: 0x5},
+			ruleFilter: &Rule{Mask: &[]uint32{0x5}[0]},
 			filterMask: RT_FILTER_MASK,
 			preRun: func() *Rule {
 				r := NewRule()
@@ -333,7 +333,7 @@ func runRuleListFiltered(t *testing.T, family int, srcNet, dstNet *net.IPNet) {
 				r.Priority = 1 // Must add priority and table otherwise it's auto-assigned
 				r.Family = family
 				r.Table = 1
-				r.Mask = 0x5
+				r.Mask = &[]uint32{0x5}[0]
 				RuleAdd(r)
 				return r
 			},
@@ -352,7 +352,7 @@ func runRuleListFiltered(t *testing.T, family int, srcNet, dstNet *net.IPNet) {
 				r.Priority = 1 // Must add priority, table, mask otherwise it's auto-assigned
 				r.Family = family
 				r.Table = 1
-				r.Mask = 0xff
+				r.Mask = &[]uint32{0xff}[0]
 				r.Mark = 0xbb
 				RuleAdd(r)
 				return r
@@ -362,6 +362,204 @@ func runRuleListFiltered(t *testing.T, family int, srcNet, dstNet *net.IPNet) {
 				return []Rule{*r}, false
 			},
 		},
+		{
+			name:       "returns rules filtered by fwmark 0",
+			ruleFilter: &Rule{Mark: 0, Mask: nil, Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0
+				r.Mask = nil
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
+		{
+			name:       "returns rules filtered by fwmark 0/0xFFFFFFFF",
+			ruleFilter: &Rule{Mark: 0, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0
+				r.Mask = &[]uint32{0xFFFFFFFF}[0]
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
+		{
+			name:       "returns rules filtered by fwmark 0x1234/0",
+			ruleFilter: &Rule{Mark: 0x1234, Mask: &[]uint32{0}[0], Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0x1234
+				r.Mask = &[]uint32{0}[0]
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
+		{
+			name:       "returns rules filtered by fwmark 0/0xFFFFFFFF",
+			ruleFilter: &Rule{Mark: 0, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0
+				r.Mask = &[]uint32{0xFFFFFFFF}[0]
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
+		{
+			name:       "returns rules filtered by fwmark 0xFFFFFFFF",
+			ruleFilter: &Rule{Mark: 0xFFFFFFFF, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0xFFFFFFFF
+				r.Mask = nil
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
+		{
+			name:       "returns rules filtered by fwmark 0x1234",
+			ruleFilter: &Rule{Mark: 0x1234, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0x1234
+				r.Mask = nil
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
+		{
+			name:       "returns rules filtered by fwmark 0x12345678",
+			ruleFilter: &Rule{Mark: 0x12345678, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0x12345678
+				r.Mask = nil
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
+		{
+			name:       "returns rules filtered by fwmark 0xFFFFFFFF/0",
+			ruleFilter: &Rule{Mark: 0xFFFFFFFF, Mask: &[]uint32{0}[0], Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0xFFFFFFFF
+				r.Mask = &[]uint32{0}[0]
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
+		{
+			name:       "returns rules filtered by fwmark 0xFFFFFFFF/0xFFFFFFFF",
+			ruleFilter: &Rule{Mark: 0xFFFFFFFF, Mask: &[]uint32{0xFFFFFFFF}[0], Table: 100},
+			filterMask: RT_FILTER_MARK | RT_FILTER_MASK | RT_FILTER_TABLE,
+			preRun: func() *Rule {
+				r := NewRule()
+				r.Src = srcNet
+				r.Priority = 1
+				r.Family = family
+				r.Table = 100
+				r.Mark = 0xFFFFFFFF
+				r.Mask = &[]uint32{0xFFFFFFFF}[0]
+				if err := RuleAdd(r); err != nil {
+					t.Fatal(err)
+				}
+				return r
+			},
+			postRun: func(r *Rule) { RuleDel(r) },
+			setupWant: func(r *Rule) ([]Rule, bool) {
+				return []Rule{*r}, false
+			},
+		},
 		{
 			name:       "returns rules filtered by Tos",
 			ruleFilter: &Rule{Tos: 12},
@@ -474,5 +672,8 @@ func ruleEquals(a, b Rule) bool {
 		a.Invert == b.Invert &&
 		a.Tos == b.Tos &&
 		a.IPProto == b.IPProto &&
-		a.Protocol == b.Protocol
+		a.Protocol == b.Protocol &&
+		a.Mark == b.Mark &&
+		(ptrEqual(a.Mask, b.Mask) || (a.Mark != 0 &&
+			(a.Mask == nil && *b.Mask == 0xFFFFFFFF || b.Mask == nil && *a.Mask == 0xFFFFFFFF)))
 }