Commit c951a29f authored Sep 11, 2024 by Ido Schimmel Committed by Jakub Kicinski Sep 13, 2024

net: fib_rules: Add DSCP selector attribute



The FIB rule TOS selector is implemented differently between IPv4 and
IPv6. In IPv4 it is used to match on the three "Type of Services" bits
specified in RFC 791, while in IPv6 is it is used to match on the six
DSCP bits specified in RFC 2474.

Add a new FIB rule attribute to allow matching on DSCP. The attribute
will be used to implement a 'dscp' selector in ip-rule with a consistent
behavior between IPv4 and IPv6.

For now, set the type of the attribute to 'NLA_REJECT' so that user
space will not be able to configure it. This restriction will be lifted
once both IPv4 and IPv6 support the new attribute.

Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20240911093748.3662015-2-idosch@nvidia.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 716425d6

include/uapi/linux/fib_rules.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -67,6 +67,7 @@ enum {
		FRA_IP_PROTO, /* ip proto */
		FRA_SPORT_RANGE, /* sport */
		FRA_DPORT_RANGE, /* dport */
		FRA_DSCP, /* dscp */
		__FRA_MAX
		};

net/core/fib_rules.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -766,7 +766,8 @@ static const struct nla_policy fib_rule_policy[FRA_MAX + 1] = {
		[FRA_PROTOCOL] = { .type = NLA_U8 },
		[FRA_IP_PROTO] = { .type = NLA_U8 },
		[FRA_SPORT_RANGE] = { .len = sizeof(struct fib_rule_port_range) },
		[FRA_DPORT_RANGE] = { .len = sizeof(struct fib_rule_port_range) }
		[FRA_DPORT_RANGE] = { .len = sizeof(struct fib_rule_port_range) },
		[FRA_DSCP] = { .type = NLA_REJECT },
		};

		int fib_nl_newrule(struct sk_buff skb, struct nlmsghdr nlh,