Commit 2cf63003 authored by Ido Schimmel's avatar Ido Schimmel Committed by Jakub Kicinski

ipv6: fib_rules: Add DSCP selector support

Implement support for the new DSCP selector that allows IPv6 FIB rules
to match on the entire DSCP field. This is done despite the fact that
the above can be achieved using the existing TOS selector, so that user
space program will be able to work with IPv4 and IPv6 rules in the same
way.

Differentiate between both selectors by adding a new bit in the IPv6 FIB
rule structure that is only set when the 'FRA_DSCP' attribute is
specified by user space. Reject rules that use both selectors.
Signed-off-by: default avatarIdo Schimmel <idosch@nvidia.com>
Reviewed-by: default avatarGuillaume Nault <gnault@redhat.com>
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20240911093748.3662015-4-idosch@nvidia.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent b9455fef
...@@ -27,6 +27,7 @@ struct fib6_rule { ...@@ -27,6 +27,7 @@ struct fib6_rule {
struct rt6key src; struct rt6key src;
struct rt6key dst; struct rt6key dst;
dscp_t dscp; dscp_t dscp;
u8 dscp_full:1; /* DSCP or TOS selector */
}; };
static bool fib6_rule_matchall(const struct fib_rule *rule) static bool fib6_rule_matchall(const struct fib_rule *rule)
...@@ -345,6 +346,20 @@ INDIRECT_CALLABLE_SCOPE int fib6_rule_match(struct fib_rule *rule, ...@@ -345,6 +346,20 @@ INDIRECT_CALLABLE_SCOPE int fib6_rule_match(struct fib_rule *rule,
return 1; return 1;
} }
static int fib6_nl2rule_dscp(const struct nlattr *nla, struct fib6_rule *rule6,
struct netlink_ext_ack *extack)
{
if (rule6->dscp) {
NL_SET_ERR_MSG(extack, "Cannot specify both TOS and DSCP");
return -EINVAL;
}
rule6->dscp = inet_dsfield_to_dscp(nla_get_u8(nla) << 2);
rule6->dscp_full = true;
return 0;
}
static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb, static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
struct fib_rule_hdr *frh, struct fib_rule_hdr *frh,
struct nlattr **tb, struct nlattr **tb,
...@@ -361,6 +376,9 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb, ...@@ -361,6 +376,9 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
} }
rule6->dscp = inet_dsfield_to_dscp(frh->tos); rule6->dscp = inet_dsfield_to_dscp(frh->tos);
if (tb[FRA_DSCP] && fib6_nl2rule_dscp(tb[FRA_DSCP], rule6, extack) < 0)
goto errout;
if (rule->action == FR_ACT_TO_TBL && !rule->l3mdev) { if (rule->action == FR_ACT_TO_TBL && !rule->l3mdev) {
if (rule->table == RT6_TABLE_UNSPEC) { if (rule->table == RT6_TABLE_UNSPEC) {
NL_SET_ERR_MSG(extack, "Invalid table"); NL_SET_ERR_MSG(extack, "Invalid table");
...@@ -413,8 +431,18 @@ static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh, ...@@ -413,8 +431,18 @@ static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
if (frh->dst_len && (rule6->dst.plen != frh->dst_len)) if (frh->dst_len && (rule6->dst.plen != frh->dst_len))
return 0; return 0;
if (frh->tos && inet_dscp_to_dsfield(rule6->dscp) != frh->tos) if (frh->tos &&
(rule6->dscp_full ||
inet_dscp_to_dsfield(rule6->dscp) != frh->tos))
return 0;
if (tb[FRA_DSCP]) {
dscp_t dscp;
dscp = inet_dsfield_to_dscp(nla_get_u8(tb[FRA_DSCP]) << 2);
if (!rule6->dscp_full || rule6->dscp != dscp)
return 0; return 0;
}
if (frh->src_len && if (frh->src_len &&
nla_memcmp(tb[FRA_SRC], &rule6->src.addr, sizeof(struct in6_addr))) nla_memcmp(tb[FRA_SRC], &rule6->src.addr, sizeof(struct in6_addr)))
...@@ -434,7 +462,15 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb, ...@@ -434,7 +462,15 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
frh->dst_len = rule6->dst.plen; frh->dst_len = rule6->dst.plen;
frh->src_len = rule6->src.plen; frh->src_len = rule6->src.plen;
if (rule6->dscp_full) {
frh->tos = 0;
if (nla_put_u8(skb, FRA_DSCP,
inet_dscp_to_dsfield(rule6->dscp) >> 2))
goto nla_put_failure;
} else {
frh->tos = inet_dscp_to_dsfield(rule6->dscp); frh->tos = inet_dscp_to_dsfield(rule6->dscp);
}
if ((rule6->dst.plen && if ((rule6->dst.plen &&
nla_put_in6_addr(skb, FRA_DST, &rule6->dst.addr)) || nla_put_in6_addr(skb, FRA_DST, &rule6->dst.addr)) ||
...@@ -450,7 +486,8 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb, ...@@ -450,7 +486,8 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
static size_t fib6_rule_nlmsg_payload(struct fib_rule *rule) static size_t fib6_rule_nlmsg_payload(struct fib_rule *rule)
{ {
return nla_total_size(16) /* dst */ return nla_total_size(16) /* dst */
+ nla_total_size(16); /* src */ + nla_total_size(16) /* src */
+ nla_total_size(1); /* dscp */
} }
static void fib6_rule_flush_cache(struct fib_rules_ops *ops) static void fib6_rule_flush_cache(struct fib_rules_ops *ops)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment