From 6c3574d9e5a22962b1669d193879f55e1bf37dc9 Mon Sep 17 00:00:00 2001
From: hwipl <33433250+hwipl@users.noreply.github.com>
Date: Tue, 14 May 2024 18:27:00 +0200
Subject: [PATCH] Check routing table and firewall mark in Split Routing Config

Signed-off-by: hwipl <33433250+hwipl@users.noreply.github.com>
---
 internal/splitrt/config.go      | 11 +++++++++++
 internal/splitrt/config_test.go | 18 ++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/internal/splitrt/config.go b/internal/splitrt/config.go
index 20e090a..7302b2a 100644
--- a/internal/splitrt/config.go
+++ b/internal/splitrt/config.go
@@ -39,6 +39,12 @@ func (c *Config) Valid() bool {
 		return false
 	}
 
+	// check routing table value: must be > 0, < 0xFFFFFFFF
+	rtTable, err := strconv.ParseUint(c.RoutingTable, 10, 32)
+	if err != nil || rtTable == 0 || rtTable >= 0xFFFFFFFF {
+		return false
+	}
+
 	// check rule priority values: must be > 0, < 32766, prio1 < prio2
 	prio1, err := strconv.ParseUint(c.RulePriority1, 10, 16)
 	if err != nil {
@@ -55,6 +61,11 @@ func (c *Config) Valid() bool {
 		return false
 	}
 
+	// check fwmark value: must be 32 bit unsigned int
+	if _, err := strconv.ParseUint(c.FirewallMark, 10, 32); err != nil {
+		return false
+	}
+
 	return true
 }
 
diff --git a/internal/splitrt/config_test.go b/internal/splitrt/config_test.go
index bbd87c3..e82c93f 100644
--- a/internal/splitrt/config_test.go
+++ b/internal/splitrt/config_test.go
@@ -44,6 +44,24 @@ func TestConfigValid(t *testing.T) {
 			RulePriority1: "2111",
 			RulePriority2: "65537",
 		},
+		{
+			RoutingTable:  "0",
+			FirewallMark:  "42112",
+			RulePriority1: "2222",
+			RulePriority2: "2223",
+		},
+		{
+			RoutingTable:  "4294967295",
+			FirewallMark:  "42112",
+			RulePriority1: "2222",
+			RulePriority2: "2223",
+		},
+		{
+			RoutingTable:  "42112",
+			FirewallMark:  "4294967296",
+			RulePriority1: "2222",
+			RulePriority2: "2223",
+		},
 	} {
 		want := false
 		got := invalid.Valid()