vpn: add lpadmin to the list of vpn uids
This patch adds the uid name "lpadmin" to the list of user uids whose
traffic is routed through VPN connections.
localhost ~ # ip rule | grep $(id -u lpadmin)
32764: from all uidrange 269-269 lookup 1010
localhost ~ # iptables -v -t mangle -L apply_local_source_mark | grep lpadmin
0 0 MARK all -- any any anywhere anywhere owner UID match lpadmin MARK xset 0x8200/0xff00
BUG=b:176875091
TEST=Unit tests. Deployed shill and patchpanel on rammus, connected
multiple types of VPN clients, checked that the expected uid rule
appears in the routing db (shill) and checked that the traffic tagging
rule appears in iptables PREROUTING (patchpanel).
Change-Id: I4bf6e6cbec1cb4e738f43dd5c54ceeeb94cf243a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2658396
Tested-by: Hugo Benichi <hugobenichi@google.com>
Reviewed-by: Taoyu Li <taoyl@chromium.org>
Commit-Queue: Hugo Benichi <hugobenichi@google.com>
diff --git a/patchpanel/datapath_test.cc b/patchpanel/datapath_test.cc
index 3603734..2131917 100644
--- a/patchpanel/datapath_test.cc
+++ b/patchpanel/datapath_test.cc
@@ -250,6 +250,13 @@
runner,
iptables(StrEq("mangle"),
ElementsAre("-A", "apply_local_source_mark", "-m", "owner",
+ "--uid-owner", "lpadmin", "-j", "MARK", "--set-mark",
+ "0x00008200/0x0000ff00", "-w"),
+ true, nullptr));
+ EXPECT_CALL(
+ runner,
+ iptables(StrEq("mangle"),
+ ElementsAre("-A", "apply_local_source_mark", "-m", "owner",
"--uid-owner", "kerberosd", "-j", "MARK",
"--set-mark", "0x00008400/0x0000ff00", "-w"),
true, nullptr));
@@ -331,6 +338,13 @@
runner,
ip6tables(StrEq("mangle"),
ElementsAre("-A", "apply_local_source_mark", "-m", "owner",
+ "--uid-owner", "lpadmin", "-j", "MARK",
+ "--set-mark", "0x00008200/0x0000ff00", "-w"),
+ true, nullptr));
+ EXPECT_CALL(
+ runner,
+ ip6tables(StrEq("mangle"),
+ ElementsAre("-A", "apply_local_source_mark", "-m", "owner",
"--uid-owner", "kerberosd", "-j", "MARK",
"--set-mark", "0x00008400/0x0000ff00", "-w"),
true, nullptr));