From patchwork Mon Dec 6 18:22:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 12659307 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1E43C433EF for ; Mon, 6 Dec 2021 18:22:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346465AbhLFSZl (ORCPT ); Mon, 6 Dec 2021 13:25:41 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:43237 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345823AbhLFSZk (ORCPT ); Mon, 6 Dec 2021 13:25:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1638814930; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RZkFdHmlIbhrNvUnEjpWtl+zx8wCdUbbYsIx13CR0fo=; b=SYK2A0L5hdsx0Rr9beKS5MEBL8b1wirVqoknesRV/4J5F4gcE+iwT8l6cDUTMyuP1MEW4H ACxgg5RNbeutOM6Iac7ovccX8Gw5XY7cW5EIjItIJQxm8cBSzM3cLFFweAMmKwi/w/ImLo X1yxTWTb6M02cyWFOE+wqNkayD/XjXg= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-274-GxQlyT_ZOyCviCNmspsEdA-1; Mon, 06 Dec 2021 13:22:09 -0500 X-MC-Unique: GxQlyT_ZOyCviCNmspsEdA-1 Received: by mail-wm1-f69.google.com with SMTP id 138-20020a1c0090000000b00338bb803204so6485684wma.1 for ; Mon, 06 Dec 2021 10:22:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=RZkFdHmlIbhrNvUnEjpWtl+zx8wCdUbbYsIx13CR0fo=; b=jtoxPdFSbWdQPJD1S7lySK2Kc+bUsryyWt5sLvYxmsyY3zEY9FPgQIca/vLuzEgfNw cPzYeM0LAZSYSNOFp7CLVWaeiO7BjhKO1emaCgQ9LdRso2vlRe1qAuh8Cc0WmY/MgVh6 sR/LEgzgJj5Rxn79FqE0FFsKqp3PASCUrfF7LBHB9BdpbnuF3ce221VMC3135iwYglXW nMvFhE6lCHF4RZsvjEavW11RlNRCo2qjrTmg+ogQ1L5Bj1xI84JjPuti3Go6ttoqn3q3 W7tU1t8Qbidq0xFb1UmMo52hs0v8P57Vn62Y76kRCw1JJWsIXiY1E5CzFlZRM3wbXCu5 HXVg== X-Gm-Message-State: AOAM531AnynpLLUiQYeYj9VhSdCG3euZ6CBUbikA6KiQF62tAjg7Wwos DCZ0frrelxJu9s0LDfI2zOKJHa0jyMddI835LRTZlbjT9mhGKJZkUnqG5n/+KAvZz4LCkfnOAxK /Ia4lSJmFYQyCtiOS X-Received: by 2002:a5d:5445:: with SMTP id w5mr46351353wrv.163.1638814928510; Mon, 06 Dec 2021 10:22:08 -0800 (PST) X-Google-Smtp-Source: ABdhPJwTXVCZom8L/68AuKHIUjvvTz9GaoveM9Kqr23ffl9Fq8a9Iha37VDsGcNvh1ExEQ/BMsvHfQ== X-Received: by 2002:a5d:5445:: with SMTP id w5mr46351331wrv.163.1638814928334; Mon, 06 Dec 2021 10:22:08 -0800 (PST) Received: from pc-4.home (2a01cb058918ce00dd1a5a4f9908f2d5.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:dd1a:5a4f:9908:f2d5]) by smtp.gmail.com with ESMTPSA id c10sm13629701wrb.81.2021.12.06.10.22.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Dec 2021 10:22:07 -0800 (PST) Date: Mon, 6 Dec 2021 19:22:06 +0100 From: Guillaume Nault To: David Miller , Jakub Kicinski Cc: netdev@vger.kernel.org, Hideaki YOSHIFUJI , David Ahern , Toke =?iso-8859-1?q?H=F8iland-J=F8rgensen?= , Russell Strong Subject: [PATCH net-next 1/4] ipv6: Define dscp_t and stop taking ECN bits into account in ip6-rules Message-ID: <7430f57f0949081f54e633c69f2800ae577e8605.1638814614.git.gnault@redhat.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Define a dscp_t type and its appropriate helpers that ensure ECN bits are not taken into account when handling DSCP. Use this new type to replace the tclass field of fib6_rule, so that ip6-rules don't get influenced by ECN bits anymore. Before this patch, ip6-rules didn't make any distinction between the DSCP and ECN bits. Therefore, rules specifying a DSCP (tos or dsfield options in iproute2) stopped working as soon a packets had at least one of its ECN bits set (as a work around one could create four rules for each DSCP value to match, one for each possible ECN value). After this patch ip6-rules only compare the DSCP bits. ECN doesn't influence the result anymore. Also, ip6-rules now must have the ECN bits cleared or they will be rejected. Signed-off-by: Guillaume Nault --- include/net/inet_dscp.h | 54 +++++++++++++++++++++++++++++++++++++++++ include/net/ipv6.h | 6 +++++ net/ipv6/fib6_rules.c | 18 +++++++++----- 3 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 include/net/inet_dscp.h diff --git a/include/net/inet_dscp.h b/include/net/inet_dscp.h new file mode 100644 index 000000000000..e7f7e182529c --- /dev/null +++ b/include/net/inet_dscp.h @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * inet_dscp.h: helpers for handling differentiated services codepoints (DSCP) + * + * DSCP is defined in RFC 2474: + * + * 0 1 2 3 4 5 6 7 + * +---+---+---+---+---+---+---+---+ + * | DSCP | CU | + * +---+---+---+---+---+---+---+---+ + * + * DSCP: differentiated services codepoint + * CU: currently unused + * + * The whole DSCP + CU bits form the DS field. + * The DS field is also commonly called TOS or Traffic Class (for IPv6). + * + * Note: the CU bits are now used for Explicit Congestion Notification + * (RFC 3168). + */ + +#ifndef _INET_DSCP_H +#define _INET_DSCP_H + +#include + +/* Special type for storing DSCP values. + * + * A dscp_t variable stores a DSCP value, without the CU (or ECN) bits. + * Using dscp_t allows to strictly separate DSCP and ECN bits, thus avoid bugs + * where ECN bits are erroneously taken into account during FIB lookups or + * policy routing. + */ +typedef u8 __bitwise dscp_t; + +#define INET_DSCP_MASK 0xfc +#define INET_DSCP_SHIFT 2 + +static inline dscp_t inet_dsfield_to_dscp(__u8 dsfield) +{ + return (__force dscp_t)(dsfield >> INET_DSCP_SHIFT); +} + +static inline __u8 inet_dscp_to_dsfield(dscp_t dscp) +{ + return (__force __u8)dscp << INET_DSCP_SHIFT; +} + +static inline bool inet_validate_dscp(__u8 val) +{ + return !(val & ~INET_DSCP_MASK); +} + +#endif /* _INET_DSCP_H */ diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 53ac7707ca70..3a457db7a4f6 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -18,6 +18,7 @@ #include #include #include +#include #include #include @@ -965,6 +966,11 @@ static inline u8 ip6_tclass(__be32 flowinfo) return ntohl(flowinfo & IPV6_TCLASS_MASK) >> IPV6_TCLASS_SHIFT; } +static inline dscp_t ip6_dscp(__be32 flowinfo) +{ + return inet_dsfield_to_dscp(ip6_tclass(flowinfo)); +} + static inline __be32 ip6_make_flowinfo(unsigned int tclass, __be32 flowlabel) { return htonl(tclass << IPV6_TCLASS_SHIFT) | flowlabel; diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c index dcedfe29d9d9..82d95d00214c 100644 --- a/net/ipv6/fib6_rules.c +++ b/net/ipv6/fib6_rules.c @@ -16,6 +16,7 @@ #include #include +#include #include #include #include @@ -25,14 +26,14 @@ struct fib6_rule { struct fib_rule common; struct rt6key src; struct rt6key dst; - u8 tclass; + dscp_t dscp; }; static bool fib6_rule_matchall(const struct fib_rule *rule) { struct fib6_rule *r = container_of(rule, struct fib6_rule, common); - if (r->dst.plen || r->src.plen || r->tclass) + if (r->dst.plen || r->src.plen || r->dscp) return false; return fib_rule_matchall(rule); } @@ -323,7 +324,7 @@ INDIRECT_CALLABLE_SCOPE int fib6_rule_match(struct fib_rule *rule, return 0; } - if (r->tclass && r->tclass != ip6_tclass(fl6->flowlabel)) + if (r->dscp && r->dscp != ip6_dscp(fl6->flowlabel)) return 0; if (rule->ip_proto && (rule->ip_proto != fl6->flowi6_proto)) @@ -353,6 +354,12 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb, struct net *net = sock_net(skb->sk); struct fib6_rule *rule6 = (struct fib6_rule *) rule; + if (!inet_validate_dscp(frh->tos)) { + NL_SET_ERR_MSG(extack, "Invalid dsfield (tos): ECN bits must be 0"); + goto errout; + } + rule6->dscp = inet_dsfield_to_dscp(frh->tos); + if (rule->action == FR_ACT_TO_TBL && !rule->l3mdev) { if (rule->table == RT6_TABLE_UNSPEC) { NL_SET_ERR_MSG(extack, "Invalid table"); @@ -373,7 +380,6 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb, rule6->src.plen = frh->src_len; rule6->dst.plen = frh->dst_len; - rule6->tclass = frh->tos; if (fib_rule_requires_fldissect(rule)) net->ipv6.fib6_rules_require_fldissect++; @@ -406,7 +412,7 @@ static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh, if (frh->dst_len && (rule6->dst.plen != frh->dst_len)) return 0; - if (frh->tos && (rule6->tclass != frh->tos)) + if (frh->tos && inet_dscp_to_dsfield(rule6->dscp) != frh->tos) return 0; if (frh->src_len && @@ -427,7 +433,7 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb, frh->dst_len = rule6->dst.plen; frh->src_len = rule6->src.plen; - frh->tos = rule6->tclass; + frh->tos = inet_dscp_to_dsfield(rule6->dscp); if ((rule6->dst.plen && nla_put_in6_addr(skb, FRA_DST, &rule6->dst.addr)) || From patchwork Mon Dec 6 18:22:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 12659309 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4D7AC433EF for ; Mon, 6 Dec 2021 18:22:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346741AbhLFSZo (ORCPT ); Mon, 6 Dec 2021 13:25:44 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:28343 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345823AbhLFSZn (ORCPT ); Mon, 6 Dec 2021 13:25:43 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1638814933; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=oCwHpSqqEZ4Asa2uxF8dDn2YXsAfptsVL8pdsQ0kytc=; b=Douufr0sufCn1X8YJW4LqaTDm1ddQgmVqzTnZ02yddqf+wauPQNTvJbLLECC4QVWlTWD4H l6KhUMJHGaGlN9Svggf0WrHqtVBvh1H8i9IT0ympvjedzJkdw6mOSzR5zawqnpobT0HqCv l4QnU2A1lBiDhE5c0QVS95ETEVTi7gI= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-329-5_LcOsJyPx6Pz2Xz0atuMg-1; Mon, 06 Dec 2021 13:22:12 -0500 X-MC-Unique: 5_LcOsJyPx6Pz2Xz0atuMg-1 Received: by mail-wm1-f69.google.com with SMTP id y141-20020a1c7d93000000b0033c2ae3583fso6479072wmc.5 for ; Mon, 06 Dec 2021 10:22:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=oCwHpSqqEZ4Asa2uxF8dDn2YXsAfptsVL8pdsQ0kytc=; b=Tk5Q2cOFulnJCKlkZ/gSv1l4D23lHwTgDg3KfYqQn88/TnKUEr98n7VglsEEhlrIwv DzvM+aOadGECp4pv25mfPOic1UkT8er6aUQDKJphuJWcA93EuvT1sGSb3rV7xi4i1YZO z4mt6cpnzPB1g6fy9xaOnpqz5ut3EN3S/Zp6g40Rfg71Z/EltU1P0VhdjhkDR7aeOw1A 3i6POSZ5EnvsSOs2Mpjbmau7a8LSdDqYuRgGPrUzpn4t0RC/XUBysVNlK6E033f3o+sH a5mjOxXMYGYvWkUGgNwKnY1vhvr3LztgBy7LoeBCCKFSH5OQ5T8USqFKNGE26l0uJp5j pBOA== X-Gm-Message-State: AOAM532352e7CqnXfEvzT1SOGLH8qwoDIpoA0gKpRkZkMXUAf3U3KBKZ h+zprt1eqjeg4ug7+SjD8X8jsmY9f+8UFxkjq+GzdbZ3Txg89VoDzbfT92o6BKtQBZnqDIWm3Yh s4I2n9pwoNi12krqe X-Received: by 2002:adf:8293:: with SMTP id 19mr43784146wrc.167.1638814931546; Mon, 06 Dec 2021 10:22:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJyXwXqTbNY46yNKYBzOpn1WUnN4lyz3u0NvkaqEVx+JlPj1hZczjYQbLw3ubJ9K55LcOPGCyw== X-Received: by 2002:adf:8293:: with SMTP id 19mr43784134wrc.167.1638814931389; Mon, 06 Dec 2021 10:22:11 -0800 (PST) Received: from pc-4.home (2a01cb058918ce00dd1a5a4f9908f2d5.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:dd1a:5a4f:9908:f2d5]) by smtp.gmail.com with ESMTPSA id h204sm126686wmh.33.2021.12.06.10.22.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Dec 2021 10:22:11 -0800 (PST) Date: Mon, 6 Dec 2021 19:22:09 +0100 From: Guillaume Nault To: David Miller , Jakub Kicinski Cc: netdev@vger.kernel.org, Hideaki YOSHIFUJI , David Ahern , Toke =?iso-8859-1?q?H=F8iland-J=F8rgensen?= , Russell Strong Subject: [PATCH net-next 2/4] ipv4: Stop taking ECN bits into account in ip4-rules Message-ID: <8c0bfb9ad40ed3da0edf905e226f13ef4cf1adb4.1638814614.git.gnault@redhat.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Use the new dscp_t type to replace the tos field of fib4_rule, so that ip4-rules consistently ignore ECN bits. Before this patch, ip4-rules did accept rules with the high order ECN bit set (but not the low order one). Also, it relied on its callers masking the ECN bits of ->flowi4_tos to prevent those from influencing the result. This was brittle and a few call paths still do the lookup without masking the ECN bits first. After this patch ip4-rules only compare the DSCP bits. ECN can't influence the result anymore, even if the caller didn't mask these bits. Also, ip4-rules now must have both ECN bits cleared or they will be rejected. Signed-off-by: Guillaume Nault --- net/ipv4/fib_rules.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c index d279cb8ac158..d4529350a2e8 100644 --- a/net/ipv4/fib_rules.c +++ b/net/ipv4/fib_rules.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -35,7 +36,7 @@ struct fib4_rule { struct fib_rule common; u8 dst_len; u8 src_len; - u8 tos; + dscp_t dscp; __be32 src; __be32 srcmask; __be32 dst; @@ -49,7 +50,7 @@ static bool fib4_rule_matchall(const struct fib_rule *rule) { struct fib4_rule *r = container_of(rule, struct fib4_rule, common); - if (r->dst_len || r->src_len || r->tos) + if (r->dst_len || r->src_len || r->dscp) return false; return fib_rule_matchall(rule); } @@ -185,7 +186,7 @@ INDIRECT_CALLABLE_SCOPE int fib4_rule_match(struct fib_rule *rule, ((daddr ^ r->dst) & r->dstmask)) return 0; - if (r->tos && (r->tos != fl4->flowi4_tos)) + if (r->dscp && r->dscp != inet_dsfield_to_dscp(fl4->flowi4_tos)) return 0; if (rule->ip_proto && (rule->ip_proto != fl4->flowi4_proto)) @@ -230,10 +231,11 @@ static int fib4_rule_configure(struct fib_rule *rule, struct sk_buff *skb, int err = -EINVAL; struct fib4_rule *rule4 = (struct fib4_rule *) rule; - if (frh->tos & ~IPTOS_TOS_MASK) { - NL_SET_ERR_MSG(extack, "Invalid tos"); + if (!inet_validate_dscp(frh->tos)) { + NL_SET_ERR_MSG(extack, "Invalid dsfield (tos): ECN bits must be 0"); goto errout; } + rule4->dscp = inet_dsfield_to_dscp(frh->tos); /* split local/main if they are not already split */ err = fib_unmerge(net); @@ -275,7 +277,6 @@ static int fib4_rule_configure(struct fib_rule *rule, struct sk_buff *skb, rule4->srcmask = inet_make_mask(rule4->src_len); rule4->dst_len = frh->dst_len; rule4->dstmask = inet_make_mask(rule4->dst_len); - rule4->tos = frh->tos; net->ipv4.fib_has_custom_rules = true; @@ -318,7 +319,7 @@ static int fib4_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh, if (frh->dst_len && (rule4->dst_len != frh->dst_len)) return 0; - if (frh->tos && (rule4->tos != frh->tos)) + if (frh->tos && inet_dscp_to_dsfield(rule4->dscp) != frh->tos) return 0; #ifdef CONFIG_IP_ROUTE_CLASSID @@ -342,7 +343,7 @@ static int fib4_rule_fill(struct fib_rule *rule, struct sk_buff *skb, frh->dst_len = rule4->dst_len; frh->src_len = rule4->src_len; - frh->tos = rule4->tos; + frh->tos = inet_dscp_to_dsfield(rule4->dscp); if ((rule4->dst_len && nla_put_in_addr(skb, FRA_DST, rule4->dst)) || From patchwork Mon Dec 6 18:22:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 12659311 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 971E7C433EF for ; Mon, 6 Dec 2021 18:22:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346769AbhLFSZq (ORCPT ); Mon, 6 Dec 2021 13:25:46 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:21189 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346740AbhLFSZq (ORCPT ); Mon, 6 Dec 2021 13:25:46 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1638814937; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=mEG28ovqNRWUVFjUSshI4gzm6s3LaL7IRipMefu8BVI=; b=AmnK2psy0bXJdTEGudg7OA8XE07tP6nj/A2WyiQu/M+BHN2Vy+vkbIKlUw6/HYJy9onHKG 8GPsWVIKxtfG1D1xeBcm1uEVRt9HYMVwTJ1MXNSYGotednAhr3pa+f+Z3Ksr2/j8J9u82f QA+/3Ij0+3f7MtmtwWOCMhl/v1QRox0= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-516-J1AU9IGDPtyKpA3e5SYUXA-1; Mon, 06 Dec 2021 13:22:16 -0500 X-MC-Unique: J1AU9IGDPtyKpA3e5SYUXA-1 Received: by mail-wm1-f72.google.com with SMTP id j193-20020a1c23ca000000b003306ae8bfb7so6476264wmj.7 for ; Mon, 06 Dec 2021 10:22:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=mEG28ovqNRWUVFjUSshI4gzm6s3LaL7IRipMefu8BVI=; b=u/ny59CjGmvbgKnxuomYW+w+WYNGX87LNasVW8yvgVun6gwdcv4WOCh97Fu69tsWSf FWhL/eB6CPChH3Yzh1mjYQYcmrwOEo892YNVOduojhETVJwqBGLGj88piLII2aDH6sfR mLpje1a4Y2LilvZ0p1Rr/TUgDGtFY5U+vVtjt/6/uQiDXZEFzddiaOz9cMBCadrVNt6O o/p3oQEwmfrEMH2Cdpi5Rsxw1svKNNEbe2pIdM+0QDbyDI/uOnHhc0z3ONISkoiVqm2x rVwy0d4PIC6XHxTs3NeU1EdtyLUDnreMNHHO8T02FWT6zGJKCwCMq/tg5ZYj5bnh/3YF ZjTw== X-Gm-Message-State: AOAM532i0qa58CyqE39xK97t+wKTpxoh3BKs18qVhz0cpLDTramPwovJ xVhJ8FswfiYc+7ZGNd8GZcy4sFUBI9p3a9dSp6ggZh9rEFMf4DPwlistE8sGsDDsYiBNntITA/8 1F71WcSDLxWOJbZ3P X-Received: by 2002:a05:600c:1c07:: with SMTP id j7mr280875wms.12.1638814934827; Mon, 06 Dec 2021 10:22:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJxagOJVTe24auXjqT51ofmkzZ6ES/H9GNK96h5MY+fOvaoshdbm0yyEqzA+Gk6muCxRVXtR4A== X-Received: by 2002:a05:600c:1c07:: with SMTP id j7mr280857wms.12.1638814934675; Mon, 06 Dec 2021 10:22:14 -0800 (PST) Received: from pc-4.home (2a01cb058918ce00dd1a5a4f9908f2d5.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:dd1a:5a4f:9908:f2d5]) by smtp.gmail.com with ESMTPSA id j40sm135540wms.19.2021.12.06.10.22.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Dec 2021 10:22:14 -0800 (PST) Date: Mon, 6 Dec 2021 19:22:12 +0100 From: Guillaume Nault To: David Miller , Jakub Kicinski Cc: netdev@vger.kernel.org, Hideaki YOSHIFUJI , David Ahern , Toke =?iso-8859-1?q?H=F8iland-J=F8rgensen?= , Russell Strong Subject: [PATCH net-next 3/4] ipv4: Reject routes specifying ECN bits in rtm_tos Message-ID: <21597671f9f2ef5175846eb02d100527ac242373.1638814614.git.gnault@redhat.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Use the new dscp_t type to replace the fc_tos field of fib_config, to ensure IPv4 routes aren't influenced by ECN bits when configured with non-zero rtm_tos. Before this patch, IPv4 routes specifying an rtm_tos with some of the ECN bits set were accepted. However they wouldn't work (never match) as IPv4 normally clears the ECN bits with IPTOS_RT_MASK before doing a FIB lookup (although a few buggy code paths don't). After this patch, IPv4 routes specifying an rtm_tos with any ECN bit set is rejected. Note, IPv6 routes ignore rtm_tos altogether: any rtm_tos is accepted, but treated as if it were 0. Signed-off-by: Guillaume Nault --- include/net/ip_fib.h | 3 ++- net/ipv4/fib_frontend.c | 10 +++++++++- net/ipv4/fib_trie.c | 7 +++++-- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index 3417ba2d27ad..920091064731 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -24,7 +25,7 @@ struct fib_config { u8 fc_dst_len; - u8 fc_tos; + dscp_t fc_dscp; u8 fc_protocol; u8 fc_scope; u8 fc_type; diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 4d61ddd8a0ec..0cc6dacabead 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -32,6 +32,7 @@ #include #include +#include #include #include #include @@ -735,8 +736,15 @@ static int rtm_to_fib_config(struct net *net, struct sk_buff *skb, memset(cfg, 0, sizeof(*cfg)); rtm = nlmsg_data(nlh); + + if (!inet_validate_dscp(rtm->rtm_tos)) { + NL_SET_ERR_MSG(extack, "Invalid dsfield (tos): ECN bits must be 0"); + err = -EINVAL; + goto errout; + } + cfg->fc_dscp = inet_dsfield_to_dscp(rtm->rtm_tos); + cfg->fc_dst_len = rtm->rtm_dst_len; - cfg->fc_tos = rtm->rtm_tos; cfg->fc_table = rtm->rtm_table; cfg->fc_protocol = rtm->rtm_protocol; cfg->fc_scope = rtm->rtm_scope; diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index 8060524f4256..d937eeebb812 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -61,6 +61,7 @@ #include #include #include +#include #include #include #include @@ -1210,9 +1211,9 @@ int fib_table_insert(struct net *net, struct fib_table *tb, struct fib_info *fi; u8 plen = cfg->fc_dst_len; u8 slen = KEYLENGTH - plen; - u8 tos = cfg->fc_tos; u32 key; int err; + u8 tos; key = ntohl(cfg->fc_dst); @@ -1227,6 +1228,7 @@ int fib_table_insert(struct net *net, struct fib_table *tb, goto err; } + tos = inet_dscp_to_dsfield(cfg->fc_dscp); l = fib_find_node(t, &tp, key); fa = l ? fib_find_alias(&l->leaf, slen, tos, fi->fib_priority, tb->tb_id, false) : NULL; @@ -1703,8 +1705,8 @@ int fib_table_delete(struct net *net, struct fib_table *tb, struct key_vector *l, *tp; u8 plen = cfg->fc_dst_len; u8 slen = KEYLENGTH - plen; - u8 tos = cfg->fc_tos; u32 key; + u8 tos; key = ntohl(cfg->fc_dst); @@ -1715,6 +1717,7 @@ int fib_table_delete(struct net *net, struct fib_table *tb, if (!l) return -ESRCH; + tos = inet_dscp_to_dsfield(cfg->fc_dscp); fa = fib_find_alias(&l->leaf, slen, tos, 0, tb->tb_id, false); if (!fa) return -ESRCH; From patchwork Mon Dec 6 18:22:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 12659313 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 959E0C433EF for ; Mon, 6 Dec 2021 18:22:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346779AbhLFSZu (ORCPT ); Mon, 6 Dec 2021 13:25:50 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:26276 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346777AbhLFSZt (ORCPT ); Mon, 6 Dec 2021 13:25:49 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1638814940; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=26c++pLtqvXVRNhT0zVgcuBwbntt8anqzxmdqAqLJnM=; b=bwwGEeIkKfjVciv4nc9bAIv9WnbtsFcst2XRjJc8KTHOfUA4kK/+4foBcrF2azTZAZVuQk z1TCdqkczwiK6eKa6GxyVmfCmUJFDXzQvJQuKHzMAVW1eAZKLVZxgiqqIgveNQyUtnh7+9 MYX3GcaVdagRYasfDFChjzAPXn0DZRQ= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-19-VBvHqVv4PEeZAwkn4-mWPA-1; Mon, 06 Dec 2021 13:22:19 -0500 X-MC-Unique: VBvHqVv4PEeZAwkn4-mWPA-1 Received: by mail-wm1-f70.google.com with SMTP id 69-20020a1c0148000000b0033214e5b021so6486031wmb.3 for ; Mon, 06 Dec 2021 10:22:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=26c++pLtqvXVRNhT0zVgcuBwbntt8anqzxmdqAqLJnM=; b=7H9avNHC4dkoN5jxeZYVallnMAcRrUU+XRydKDBQVi/WhF2fvvomtBnIb0aZjYAnIU EncRfWBizFj777GHYn6AsOaMKmIzQmILrlSSzZv4gEcjcLsnTPmVFYUz6M7PHpOFx83V EpXp7H2F1ZFBoJmH8c8zboOicFox662L1KjqddYnwuzKsHJE89LvH9N/Tz5+bozbRAKQ KV7BV8BVGZnAPaE66PwjlRi5nIdAjO/BBzyle/94WCQDcKBU+U14VgfGq2jco59FGxyf WtZ5VkSSJAgzjrJioOrwNlLTuQEZ+n3cLNU0f9NkTvbvrew2r8G9fdGst7Knww3TpdNL yKzA== X-Gm-Message-State: AOAM533r9y1MTCWWGZKOzMnBdjS4L9VN+WsC3SMfRGuRylcJmXqMX4MY QM5OAmtX+buJMTg7LcUAyy2QUPCaaB7unI0QUsdwxghO/dWVogv1esI0AOrn1HSXoQdekvgs3Ko WZ9fkuOrAV4UiEjcL X-Received: by 2002:adf:e387:: with SMTP id e7mr43681555wrm.412.1638814937511; Mon, 06 Dec 2021 10:22:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJyZhLTOPYm0rqRbuEpFVVAEK7XAmD4GECFI95Hk+PskLQuW1ks7+2hL99YKwNgNoZOAoa2E4w== X-Received: by 2002:adf:e387:: with SMTP id e7mr43681525wrm.412.1638814937246; Mon, 06 Dec 2021 10:22:17 -0800 (PST) Received: from pc-4.home (2a01cb058918ce00dd1a5a4f9908f2d5.ipv6.abo.wanadoo.fr. [2a01:cb05:8918:ce00:dd1a:5a4f:9908:f2d5]) by smtp.gmail.com with ESMTPSA id b6sm98815wmq.45.2021.12.06.10.22.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Dec 2021 10:22:16 -0800 (PST) Date: Mon, 6 Dec 2021 19:22:14 +0100 From: Guillaume Nault To: David Miller , Jakub Kicinski Cc: netdev@vger.kernel.org, Hideaki YOSHIFUJI , David Ahern , Toke =?iso-8859-1?q?H=F8iland-J=F8rgensen?= , Russell Strong Subject: [PATCH net-next 4/4] ipv4: Use dscp_t in struct fib_alias Message-ID: <16e93e56a10ab541f5e84b954e15f9779f68ac8d.1638814614.git.gnault@redhat.com> References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Use the new dscp_t type to replace the fa_tos field of fib_alias. This ensures ECN bits are ignored and makes the field compatible with fc_dscp (struct fib_config). Converting old *tos variables and fields to dscp_t, allows sparse to flag incorrect uses of DSCP and ECN bits. Signed-off-by: Guillaume Nault --- net/ipv4/fib_lookup.h | 3 +- net/ipv4/fib_semantics.c | 14 ++++++---- net/ipv4/fib_trie.c | 59 ++++++++++++++++++++++------------------ net/ipv4/route.c | 3 +- 4 files changed, 45 insertions(+), 34 deletions(-) diff --git a/net/ipv4/fib_lookup.h b/net/ipv4/fib_lookup.h index e184bcb19943..a63014b54809 100644 --- a/net/ipv4/fib_lookup.h +++ b/net/ipv4/fib_lookup.h @@ -4,13 +4,14 @@ #include #include +#include #include #include struct fib_alias { struct hlist_node fa_list; struct fib_info *fa_info; - u8 fa_tos; + dscp_t fa_dscp; u8 fa_type; u8 fa_state; u8 fa_slen; diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index fde7797b5806..872adeee9e5b 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -31,6 +31,7 @@ #include #include +#include #include #include #include @@ -515,7 +516,7 @@ void rtmsg_fib(int event, __be32 key, struct fib_alias *fa, fri.tb_id = tb_id; fri.dst = key; fri.dst_len = dst_len; - fri.tos = fa->fa_tos; + fri.tos = inet_dscp_to_dsfield(fa->fa_dscp); fri.type = fa->fa_type; fri.offload = fa->offload; fri.trap = fa->trap; @@ -2016,7 +2017,7 @@ static void fib_select_default(const struct flowi4 *flp, struct fib_result *res) int order = -1, last_idx = -1; struct fib_alias *fa, *fa1 = NULL; u32 last_prio = res->fi->fib_priority; - u8 last_tos = 0; + dscp_t last_dscp = 0; hlist_for_each_entry_rcu(fa, fa_head, fa_list) { struct fib_info *next_fi = fa->fa_info; @@ -2024,19 +2025,20 @@ static void fib_select_default(const struct flowi4 *flp, struct fib_result *res) if (fa->fa_slen != slen) continue; - if (fa->fa_tos && fa->fa_tos != flp->flowi4_tos) + if (fa->fa_dscp && + fa->fa_dscp != inet_dsfield_to_dscp(flp->flowi4_tos)) continue; if (fa->tb_id != tb->tb_id) continue; if (next_fi->fib_priority > last_prio && - fa->fa_tos == last_tos) { - if (last_tos) + fa->fa_dscp == last_dscp) { + if (last_dscp) continue; break; } if (next_fi->fib_flags & RTNH_F_DEAD) continue; - last_tos = fa->fa_tos; + last_dscp = fa->fa_dscp; last_prio = next_fi->fib_priority; if (next_fi->fib_scope != res->scope || diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c index d937eeebb812..eb8ce2cb8aa2 100644 --- a/net/ipv4/fib_trie.c +++ b/net/ipv4/fib_trie.c @@ -82,7 +82,7 @@ static int call_fib_entry_notifier(struct notifier_block *nb, .dst = dst, .dst_len = dst_len, .fi = fa->fa_info, - .tos = fa->fa_tos, + .tos = inet_dscp_to_dsfield(fa->fa_dscp), .type = fa->fa_type, .tb_id = fa->tb_id, }; @@ -99,7 +99,7 @@ static int call_fib_entry_notifiers(struct net *net, .dst = dst, .dst_len = dst_len, .fi = fa->fa_info, - .tos = fa->fa_tos, + .tos = inet_dscp_to_dsfield(fa->fa_dscp), .type = fa->fa_type, .tb_id = fa->tb_id, }; @@ -974,13 +974,13 @@ static struct key_vector *fib_find_node(struct trie *t, return n; } -/* Return the first fib alias matching TOS with +/* Return the first fib alias matching DSCP with * priority less than or equal to PRIO. * If 'find_first' is set, return the first matching - * fib alias, regardless of TOS and priority. + * fib alias, regardless of DSCP and priority. */ static struct fib_alias *fib_find_alias(struct hlist_head *fah, u8 slen, - u8 tos, u32 prio, u32 tb_id, + dscp_t dscp, u32 prio, u32 tb_id, bool find_first) { struct fib_alias *fa; @@ -989,6 +989,10 @@ static struct fib_alias *fib_find_alias(struct hlist_head *fah, u8 slen, return NULL; hlist_for_each_entry(fa, fah, fa_list) { + /* Avoid Sparse warning when using dscp_t in inequalities */ + u8 __fa_dscp = (__force u8)fa->fa_dscp; + u8 __dscp = (__force u8)dscp; + if (fa->fa_slen < slen) continue; if (fa->fa_slen != slen) @@ -999,9 +1003,9 @@ static struct fib_alias *fib_find_alias(struct hlist_head *fah, u8 slen, break; if (find_first) return fa; - if (fa->fa_tos > tos) + if (__fa_dscp > __dscp) continue; - if (fa->fa_info->fib_priority >= prio || fa->fa_tos < tos) + if (fa->fa_info->fib_priority >= prio || __fa_dscp < __dscp) return fa; } @@ -1028,8 +1032,8 @@ fib_find_matching_alias(struct net *net, const struct fib_rt_info *fri) hlist_for_each_entry_rcu(fa, &l->leaf, fa_list) { if (fa->fa_slen == slen && fa->tb_id == fri->tb_id && - fa->fa_tos == fri->tos && fa->fa_info == fri->fi && - fa->fa_type == fri->type) + fa->fa_dscp == inet_dsfield_to_dscp(fri->tos) && + fa->fa_info == fri->fi && fa->fa_type == fri->type) return fa; } @@ -1211,9 +1215,9 @@ int fib_table_insert(struct net *net, struct fib_table *tb, struct fib_info *fi; u8 plen = cfg->fc_dst_len; u8 slen = KEYLENGTH - plen; + dscp_t dscp; u32 key; int err; - u8 tos; key = ntohl(cfg->fc_dst); @@ -1228,13 +1232,13 @@ int fib_table_insert(struct net *net, struct fib_table *tb, goto err; } - tos = inet_dscp_to_dsfield(cfg->fc_dscp); + dscp = cfg->fc_dscp; l = fib_find_node(t, &tp, key); - fa = l ? fib_find_alias(&l->leaf, slen, tos, fi->fib_priority, + fa = l ? fib_find_alias(&l->leaf, slen, dscp, fi->fib_priority, tb->tb_id, false) : NULL; /* Now fa, if non-NULL, points to the first fib alias - * with the same keys [prefix,tos,priority], if such key already + * with the same keys [prefix,dscp,priority], if such key already * exists or to the node before which we will insert new one. * * If fa is NULL, we will need to allocate a new one and @@ -1242,7 +1246,7 @@ int fib_table_insert(struct net *net, struct fib_table *tb, * of the new alias. */ - if (fa && fa->fa_tos == tos && + if (fa && fa->fa_dscp == dscp && fa->fa_info->fib_priority == fi->fib_priority) { struct fib_alias *fa_first, *fa_match; @@ -1262,7 +1266,7 @@ int fib_table_insert(struct net *net, struct fib_table *tb, hlist_for_each_entry_from(fa, fa_list) { if ((fa->fa_slen != slen) || (fa->tb_id != tb->tb_id) || - (fa->fa_tos != tos)) + (fa->fa_dscp != dscp)) break; if (fa->fa_info->fib_priority != fi->fib_priority) break; @@ -1290,7 +1294,7 @@ int fib_table_insert(struct net *net, struct fib_table *tb, goto out; fi_drop = fa->fa_info; - new_fa->fa_tos = fa->fa_tos; + new_fa->fa_dscp = fa->fa_dscp; new_fa->fa_info = fi; new_fa->fa_type = cfg->fc_type; state = fa->fa_state; @@ -1353,7 +1357,7 @@ int fib_table_insert(struct net *net, struct fib_table *tb, goto out; new_fa->fa_info = fi; - new_fa->fa_tos = tos; + new_fa->fa_dscp = dscp; new_fa->fa_type = cfg->fc_type; new_fa->fa_state = 0; new_fa->fa_slen = slen; @@ -1569,7 +1573,8 @@ int fib_table_lookup(struct fib_table *tb, const struct flowi4 *flp, if (index >= (1ul << fa->fa_slen)) continue; } - if (fa->fa_tos && fa->fa_tos != flp->flowi4_tos) + if (fa->fa_dscp && + inet_dscp_to_dsfield(fa->fa_dscp) != flp->flowi4_tos) continue; if (fi->fib_dead) continue; @@ -1705,8 +1710,8 @@ int fib_table_delete(struct net *net, struct fib_table *tb, struct key_vector *l, *tp; u8 plen = cfg->fc_dst_len; u8 slen = KEYLENGTH - plen; + dscp_t dscp; u32 key; - u8 tos; key = ntohl(cfg->fc_dst); @@ -1717,12 +1722,13 @@ int fib_table_delete(struct net *net, struct fib_table *tb, if (!l) return -ESRCH; - tos = inet_dscp_to_dsfield(cfg->fc_dscp); - fa = fib_find_alias(&l->leaf, slen, tos, 0, tb->tb_id, false); + dscp = cfg->fc_dscp; + fa = fib_find_alias(&l->leaf, slen, dscp, 0, tb->tb_id, false); if (!fa) return -ESRCH; - pr_debug("Deleting %08x/%d tos=%d t=%p\n", key, plen, tos, t); + pr_debug("Deleting %08x/%d dsfield=%u t=%p\n", key, plen, + inet_dscp_to_dsfield(dscp), t); fa_to_delete = NULL; hlist_for_each_entry_from(fa, fa_list) { @@ -1730,7 +1736,7 @@ int fib_table_delete(struct net *net, struct fib_table *tb, if ((fa->fa_slen != slen) || (fa->tb_id != tb->tb_id) || - (fa->fa_tos != tos)) + (fa->fa_dscp != dscp)) break; if ((!cfg->fc_type || fa->fa_type == cfg->fc_type) && @@ -2298,7 +2304,7 @@ static int fn_trie_dump_leaf(struct key_vector *l, struct fib_table *tb, fri.tb_id = tb->tb_id; fri.dst = xkey; fri.dst_len = KEYLENGTH - fa->fa_slen; - fri.tos = fa->fa_tos; + fri.tos = inet_dscp_to_dsfield(fa->fa_dscp); fri.type = fa->fa_type; fri.offload = fa->offload; fri.trap = fa->trap; @@ -2810,8 +2816,9 @@ static int fib_trie_seq_show(struct seq_file *seq, void *v) fa->fa_info->fib_scope), rtn_type(buf2, sizeof(buf2), fa->fa_type)); - if (fa->fa_tos) - seq_printf(seq, " tos=%d", fa->fa_tos); + if (fa->fa_dscp) + seq_printf(seq, " tos=%u", + inet_dscp_to_dsfield(fa->fa_dscp)); seq_putc(seq, '\n'); } } diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 243a0c52be42..8432bc066839 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -84,6 +84,7 @@ #include #include #include +#include #include #include #include @@ -3390,7 +3391,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, if (fa->fa_slen == slen && fa->tb_id == fri.tb_id && - fa->fa_tos == fri.tos && + fa->fa_dscp == inet_dsfield_to_dscp(fri.tos) && fa->fa_info == res.fi && fa->fa_type == fri.type) { fri.offload = fa->offload;