Commit f0c898d8 authored Dec 16, 2024 by Ido Schimmel Committed by Paolo Abeni Dec 19, 2024

ipv4: fib_rules: Reject flow label attributes



IPv4 FIB rules cannot match on flow label so reject requests that try to
add such rules. Do that in the IPv4 configure callback as the netlink
policy resides in the core and used by both IPv4 and IPv6.

Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

parent d1d761b3

net/ipv4/fib_rules.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -249,6 +249,12 @@ static int fib4_rule_configure(struct fib_rule rule, struct sk_buff skb,
		int err = -EINVAL;
		struct fib4_rule rule4 = (struct fib4_rule ) rule;

		if (tb[FRA_FLOWLABEL] \|\| tb[FRA_FLOWLABEL_MASK]) {
		NL_SET_ERR_MSG(extack,
		"Flow label cannot be specified for IPv4 FIB rules");
		goto errout;
		}

		if (!inet_validate_dscp(frh->tos)) {
		NL_SET_ERR_MSG(extack,
		"Invalid dsfield (tos): ECN bits must be 0");