Commit bfc52dee authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge branch 'unmask-upper-dscp-bits-part-1' 

Ido Schimmel says:

====================
Unmask upper DSCP bits - part 1

tl;dr - This patchset starts to unmask the upper DSCP bits in the IPv4
flow key in preparation for allowing IPv4 FIB rules to match on DSCP.
No functional changes are expected.

The TOS field in the IPv4 flow key ('flowi4_tos') is used during FIB
lookup to match against the TOS selector in FIB rules and routes.

It is currently impossible for user space to configure FIB rules that
match on the DSCP value as the upper DSCP bits are either masked in the
various call sites that initialize the IPv4 flow key or along the path
to the FIB core.

In preparation for adding a DSCP selector to IPv4 and IPv6 FIB rules, we
need to make sure the entire DSCP value is present in the IPv4 flow key.
This patchset starts to unmask the upper DSCP bits in the various places
that invoke the core FIB lookup functions directly (patches #1-#7) and
in the input route path (patches #8-#12). Future patchsets will do the
same in the output route path.

No functional changes are expected as commit 1fa3314c ("ipv4:
Centralize TOS matching") moved the masking of the upper DSCP bits to
the core where 'flowi4_tos' is matched against the TOS selector.
====================

Link: https://patch.msgid.link/20240821125251.1571445-1-idosch@nvidia.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 1cf60c61 be8b8ded

net/core/filter.c

+2 −1
Original line number Diff line number Diff line
@@ -84,6 +84,7 @@ 
#include <net/netkit.h>

#include <linux/un.h>

#include <net/xdp_sock_drv.h>

#include <net/inet_dscp.h>



#include "dev.h"
@@ -5899,7 +5900,7 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params, 
		fl4.flowi4_iif = params->ifindex;

		fl4.flowi4_oif = 0;

	}

	fl4.flowi4_tos = params->tos & IPTOS_RT_MASK;

	fl4.flowi4_tos = params->tos & INET_DSCP_MASK;

	fl4.flowi4_scope = RT_SCOPE_UNIVERSE;

	fl4.flowi4_flags = 0;

net/ipv4/fib_frontend.c

+2 −2
Original line number Diff line number Diff line
@@ -293,7 +293,7 @@ __be32 fib_compute_spec_dst(struct sk_buff *skb) 
			.flowi4_iif = LOOPBACK_IFINDEX,

			.flowi4_l3mdev = l3mdev_master_ifindex_rcu(dev),

			.daddr = ip_hdr(skb)->saddr,

			.flowi4_tos = ip_hdr(skb)->tos & IPTOS_RT_MASK,

			.flowi4_tos = ip_hdr(skb)->tos & INET_DSCP_MASK,

			.flowi4_scope = scope,

			.flowi4_mark = vmark ? skb->mark : 0,

		};
@@ -1343,7 +1343,7 @@ static void nl_fib_lookup(struct net *net, struct fib_result_nl *frn) 
	struct flowi4           fl4 = {

		.flowi4_mark = frn->fl_mark,

		.daddr = frn->fl_addr,

		.flowi4_tos = frn->fl_tos & IPTOS_RT_MASK,

		.flowi4_tos = frn->fl_tos & INET_DSCP_MASK,

		.flowi4_scope = frn->fl_scope,

	};

	struct fib_table *tb;

net/ipv4/icmp.c

+1 −1
Original line number Diff line number Diff line
@@ -545,7 +545,7 @@ static struct rtable *icmp_route_lookup(struct net *net, 
		orefdst = skb_in->_skb_refdst; /* save old refdst */

		skb_dst_set(skb_in, NULL);

		err = ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr,

				     RT_TOS(tos), rt2->dst.dev);

				     tos, rt2->dst.dev);



		dst_release(&rt2->dst);

		rt2 = skb_rtable(skb_in);

net/ipv4/ipmr.c

+2 −1
Original line number Diff line number Diff line
@@ -62,6 +62,7 @@ 
#include <net/fib_rules.h>

#include <linux/netconf.h>

#include <net/rtnh.h>

#include <net/inet_dscp.h>



#include <linux/nospec.h>
@@ -2080,7 +2081,7 @@ static struct mr_table *ipmr_rt_fib_lookup(struct net *net, struct sk_buff *skb) 
	struct flowi4 fl4 = {

		.daddr = iph->daddr,

		.saddr = iph->saddr,

		.flowi4_tos = RT_TOS(iph->tos),

		.flowi4_tos = iph->tos & INET_DSCP_MASK,

		.flowi4_oif = (rt_is_output_route(rt) ?

			       skb->dev->ifindex : 0),

		.flowi4_iif = (rt_is_output_route(rt) ?

net/ipv4/netfilter/ipt_rpfilter.c

+2 −1
Original line number Diff line number Diff line
@@ -8,6 +8,7 @@ 
#include <linux/module.h>

#include <linux/skbuff.h>

#include <linux/netdevice.h>

#include <net/inet_dscp.h>

#include <linux/ip.h>

#include <net/ip.h>

#include <net/ip_fib.h>
@@ -75,7 +76,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) 
	flow.daddr = iph->saddr;

	flow.saddr = rpfilter_get_saddr(iph->daddr);

	flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;

	flow.flowi4_tos = iph->tos & IPTOS_RT_MASK;

	flow.flowi4_tos = iph->tos & INET_DSCP_MASK;

	flow.flowi4_scope = RT_SCOPE_UNIVERSE;

	flow.flowi4_l3mdev = l3mdev_master_ifindex_rcu(xt_in(par));

	flow.flowi4_uid = sock_net_uid(xt_net(par), NULL);