From patchwork Mon Oct 7 18:24:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13825105 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A55161DE2A6 for ; Mon, 7 Oct 2024 18:24:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325477; cv=none; b=iJbcHapec2WT08XvETf7NatSOm2uETHJfQAvie/VgfHI+fgKSZW47c97rDxygzBDDwfdQPuKMaqcVzjNJiV0i5VPWz8VPoX2At/8QNOCJGanfDGFG+59VJxpNot1Kuh7roVeKAGKUFmH5gajag5Be7IrIMW58YQTwsnTrG/6yTQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325477; c=relaxed/simple; bh=wZSYZHH/3LJNaxMHDb5opplY/j7IfYwiiwPsSLoLDRk=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ZRrujze0xT7nCiQ7Ms6D6nBwptiFlJ0ipQmVUfr3ek4F8CRIwfZNgMHjUnKiiQul71FcTLPJ66cXxnxlzTcPz2HB5wRHWyc8+q/7V5fGYR7+B4JipLRp9qO+S960WHC56RDdARmI/qx80dj3+d1LNnr8MsMqQhYS90fLm5B2OyI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=iwah6VK2; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="iwah6VK2" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728325474; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=uRuNcq2/0wvynhumJ90aFM1JC2lVUo5+l+Buwvehshc=; b=iwah6VK2vErVAKVe5Y7Bq4yTtX7oVcYeGshw6YkjHdf05jPgajklqk2Tkh7n/Pq2ADjFk3 HKSli0Se4dI5q8nIXrATCIzXjx8ueF9j5XwZ66UQdMaMApoOfk+k6bWZtJJykA943yORe7 dinDNGDO9zLoLM0cQh5DxIDf9Es1d8Y= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-600-tiN1cxzWMzSOwU8Zp4ctcg-1; Mon, 07 Oct 2024 14:24:33 -0400 X-MC-Unique: tiN1cxzWMzSOwU8Zp4ctcg-1 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-42cb830ea86so37145815e9.3 for ; Mon, 07 Oct 2024 11:24:33 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728325472; x=1728930272; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=uRuNcq2/0wvynhumJ90aFM1JC2lVUo5+l+Buwvehshc=; b=C7PPJDm3A93RTTY+uJ5zSaG5mxM8PH7ytYjvaZHkuPXpgaWVAR/wRRPPh+VmQFoiXh zWmyYLDrPI1Mm3MvZONuLpqzAj4QRWpBAN90HmFT5K0qZhTf/fwcEG9CEbK2/JtcvSiL baOwoBwnbTQ7pzyrmdwLMjIyn2Y8qQ+PyKSEhnmnCcwoned22oibSwSNFkw1KQ5+K0d8 SzBOsgbLmBxwa/nb3/bMsXAm9zkvSsBKU/4/VNOeJP/MkC3KTUa+cUbfG52IPhZNwlG+ kZS4KZRZXTabR7caHS6UlPQYR8qMZ7f/gExxRVd1hzLJI5jcVbz+RVKRMC/4bYJ/k+x4 c+hQ== X-Gm-Message-State: AOJu0YxBSOB1Ffd5wV33IwzBF2EscjzxQmdQ+cH5iNhZpt11vBTN/Aia uDWdxDe8r6MyHHylIJi15Wu7gwcFL+Y+o9C7GKHAECmt8dSsknNOGVyWAjooB2GvkSv7RGf4Vm4 19DiD/4fD8MSWZH94W8LDCMSrMvhWgrbT9X8TIRTDVRt55GzUG9DTqQ== X-Received: by 2002:a05:600c:1c86:b0:428:1965:450d with SMTP id 5b1f17b1804b1-42f85ac1149mr107591935e9.17.1728325472313; Mon, 07 Oct 2024 11:24:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGf3h7K4hqQfqk8MB1bYgjkH++Z2G1I81dP7XCvH+3QHw1VT+hBYsyv1xCfI5QVdgJH69F+bw== X-Received: by 2002:a05:600c:1c86:b0:428:1965:450d with SMTP id 5b1f17b1804b1-42f85ac1149mr107591775e9.17.1728325471941; Mon, 07 Oct 2024 11:24:31 -0700 (PDT) Received: from debian (2a01cb058d23d6007679fbc6b291198c.ipv6.abo.wanadoo.fr. [2a01:cb05:8d23:d600:7679:fbc6:b291:198c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42f86a0a7d7sm100022805e9.2.2024.10.07.11.24.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 11:24:31 -0700 (PDT) Date: Mon, 7 Oct 2024 20:24:29 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern , Willem de Bruijn Subject: [PATCH net-next 1/7] ipv4: Convert ip_route_use_hint() to dscp_t. Message-ID: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Patchwork-Delegate: kuba@kernel.org Pass a dscp_t variable to ip_route_use_hint(), instead of a plain u8, to prevent accidental setting of ECN bits in ->flowi4_tos. Only ip_rcv_finish_core() actually calls ip_route_use_hint(). Use the ip4h_dscp() helper to get the DSCP from the IPv4 header. While there, modify the declaration of ip_route_use_hint() in include/net/route.h so that it matches the prototype of its implementation in net/ipv4/route.c. Signed-off-by: Guillaume Nault --- include/net/route.h | 4 ++-- net/ipv4/ip_input.c | 4 ++-- net/ipv4/route.c | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index 5e4374d66927..c219c0fecdcf 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -203,8 +203,8 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev); -int ip_route_use_hint(struct sk_buff *skb, __be32 dst, __be32 src, - u8 tos, struct net_device *devin, +int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, + dscp_t dscp, struct net_device *dev, const struct sk_buff *hint); static inline int ip_route_input(struct sk_buff *skb, __be32 dst, __be32 src, diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c index c0a2490eb7c1..89bb63da6852 100644 --- a/net/ipv4/ip_input.c +++ b/net/ipv4/ip_input.c @@ -325,8 +325,8 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk, drop_reason = SKB_DROP_REASON_NOT_SPECIFIED; if (ip_can_use_hint(skb, iph, hint)) { - err = ip_route_use_hint(skb, iph->daddr, iph->saddr, iph->tos, - dev, hint); + err = ip_route_use_hint(skb, iph->daddr, iph->saddr, + ip4h_dscp(iph), dev, hint); if (unlikely(err)) goto drop_error; } diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 6e1cd0065b87..ac03916cfcde 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2136,7 +2136,7 @@ static int ip_mkroute_input(struct sk_buff *skb, * Uses the provided hint instead of performing a route lookup. */ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, + dscp_t dscp, struct net_device *dev, const struct sk_buff *hint) { struct in_device *in_dev = __in_dev_get_rcu(dev); @@ -2160,8 +2160,8 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (rt->rt_type != RTN_LOCAL) goto skip_validate_source; - tos &= INET_DSCP_MASK; - err = fib_validate_source(skb, saddr, daddr, tos, 0, dev, in_dev, &tag); + err = fib_validate_source(skb, saddr, daddr, inet_dscp_to_dsfield(dscp), + 0, dev, in_dev, &tag); if (err < 0) goto martian_source; From patchwork Mon Oct 7 18:24:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13825106 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F2441D7E52 for ; Mon, 7 Oct 2024 18:24:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325484; cv=none; b=ATzRm7jxBGx6QGBJDiMLJcPXoBWsAynYhR8lfcC/jJN9Sq9FqtEY2Fivh/opwlnZUmaab7etbrjo5uju6GEk2VjGaLIciYhjwU+SmQCm4IoBjCl09zbEuBSCO1oeUHdpApgQGNu9of8Z4UtruTma2t+taYjwJQIzFEJtaKZ1N9E= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325484; c=relaxed/simple; bh=Go6IxA9ztG9bsIlqQNMgcGvtJIwTR4FSC0rvv0Lujf0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=WZzIvo6c3Z5bQ6Q9VJSsR73Wjgslfgn7jdzIqoCFc6acSKUu+YpXinmy54B6SdZoMOfIEB1bzRZiRdSPfzy4jATivl+x1zfvcS5dAgiiWv9V8WJz0Q/ngtp0Y41OE7NIZ1IXkmEZdzKo3ITJD9IJudDB70GOLhCfVtT2XNeTBDk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=bo+M0yNq; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="bo+M0yNq" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728325481; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=tCGNwV/45QRE+MWLFZXBq2JLf0R1zmlXkrIjIPHZQRg=; b=bo+M0yNq7jTtUVlSaExq+ZskJjSKFUfJuS/HZg3d6HoCAbctuXbkpfALRZtQsb2FKi6SqP Hn2QZ1PevJzOT749zICNVI7CMog6OpLXVfpDs9Djx5zoQyaiZY2MWU1ObNGUWo+dZX+cQf MpGhocSg+IpI3H0NkQLZOiKIXFcPYE8= Received: from mail-wr1-f72.google.com (mail-wr1-f72.google.com [209.85.221.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-517-_t9cy_saNBaZdUJ57bCHWg-1; Mon, 07 Oct 2024 14:24:39 -0400 X-MC-Unique: _t9cy_saNBaZdUJ57bCHWg-1 Received: by mail-wr1-f72.google.com with SMTP id ffacd0b85a97d-37cd26ac362so1847447f8f.2 for ; Mon, 07 Oct 2024 11:24:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728325478; x=1728930278; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=tCGNwV/45QRE+MWLFZXBq2JLf0R1zmlXkrIjIPHZQRg=; b=nvzpF18NjaigS+Wzxwc2rXEQjZeATbaG9pw4r1jECLUwn6cB3C1WYdTKiFtUZ5etRu a6x9x6vcwoRG1habKyq6/Wm5+959+2+DoD/0dLjRwij8F5KUXLXx4rvzP16IEjhKDmCh M7kl+D4VbSkrcZ6d7WzX8739738829Pni8y8WBjqy+/JCS3sJcWTQJBCgaV+1nlWEdd+ aqr01BDFfasFFdN//OqRomu9vWk443RorERyiAhc+1EK6qxUj+mtJe2Ca4dtQfQS2AHa igKFIRplcJXgMS+cKFi+1Z2CvcSq388IoPZSsYfcK84OqiBan99CXeraOdSAn1UDtNyK 7IQg== X-Gm-Message-State: AOJu0YwSltHFLa9Fz08ms3OcSR21dXa2mf1ltiPNIzyOmuPnDRbqjEtA H7DvAPEMNuWwhH6foLNebGQ/TYEk2ySpNNbpv7sGWLS2o6+lwMKWJSUNdYTPSmmHD9UriIzds7T C1c1If2o1JJCznv2OJk3BjZTMcpQgnuVRaEezDgjRHAoo7dWu3iqsbrx4Zv9g/Q== X-Received: by 2002:a05:6000:c52:b0:371:9360:c4a8 with SMTP id ffacd0b85a97d-37d0e6f22fdmr6614764f8f.6.1728325478471; Mon, 07 Oct 2024 11:24:38 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEF+lVll5FyoVnJb8wOd7+6n4anfXVzyVhPcS/qA+bXtwC4eBtn5pVdk00ZNVS3pIRMLJxKLw== X-Received: by 2002:a05:6000:c52:b0:371:9360:c4a8 with SMTP id ffacd0b85a97d-37d0e6f22fdmr6614749f8f.6.1728325478003; Mon, 07 Oct 2024 11:24:38 -0700 (PDT) Received: from debian (2a01cb058d23d6007679fbc6b291198c.ipv6.abo.wanadoo.fr. [2a01:cb05:8d23:d600:7679:fbc6:b291:198c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37d1698fcacsm6215051f8f.116.2024.10.07.11.24.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 11:24:37 -0700 (PDT) Date: Mon, 7 Oct 2024 20:24:35 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern , Willem de Bruijn Subject: [PATCH net-next 2/7] ipv4: Convert ip_mkroute_input() to dscp_t. Message-ID: <6aa71e28f9ff681cbd70847080e1ab6b526f94f1.1728302212.git.gnault@redhat.com> References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Patchwork-Delegate: kuba@kernel.org Pass a dscp_t variable to ip_mkroute_input(), instead of a plain u8, to prevent accidental setting of ECN bits in ->flowi4_tos. Only ip_route_input_slow() actually calls ip_mkroute_input(). Since it already has a dscp_t variable to pass as parameter, we only need to remove the inet_dscp_to_dsfield() conversion. While there, reorganise the function parameters to fill up horizontal space. Signed-off-by: Guillaume Nault --- net/ipv4/route.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index ac03916cfcde..38bb38dbe490 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2112,11 +2112,9 @@ int fib_multipath_hash(const struct net *net, const struct flowi4 *fl4, } #endif /* CONFIG_IP_ROUTE_MULTIPATH */ -static int ip_mkroute_input(struct sk_buff *skb, - struct fib_result *res, - struct in_device *in_dev, - __be32 daddr, __be32 saddr, u32 tos, - struct flow_keys *hkeys) +static int ip_mkroute_input(struct sk_buff *skb, struct fib_result *res, + struct in_device *in_dev, __be32 daddr, + __be32 saddr, dscp_t dscp, struct flow_keys *hkeys) { #ifdef CONFIG_IP_ROUTE_MULTIPATH if (res->fi && fib_info_num_path(res->fi) > 1) { @@ -2128,7 +2126,8 @@ static int ip_mkroute_input(struct sk_buff *skb, #endif /* create a routing cache entry */ - return __mkroute_input(skb, res, in_dev, daddr, saddr, tos); + return __mkroute_input(skb, res, in_dev, daddr, saddr, + inet_dscp_to_dsfield(dscp)); } /* Implements all the saddr-related checks as ip_route_input_slow(), @@ -2315,8 +2314,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, goto martian_destination; make_route: - err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, - inet_dscp_to_dsfield(dscp), flkeys); + err = ip_mkroute_input(skb, res, in_dev, daddr, saddr, dscp, flkeys); out: return err; brd_input: From patchwork Mon Oct 7 18:24:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13825107 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F7551D7E52 for ; Mon, 7 Oct 2024 18:24:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325490; cv=none; b=lyoD5RgvStdSeJdBI56ezyzaWFWmiZEQFB4ymJGfNaEKk5X1VTKYnjC9hLKUokl9onLm8WqcrnQ/ItsIxfuhsUIUKwnMNeqXVtUm+Vkm0gHPqkEMGjQRt2S8aCdRpI56eIpWqdxuJ/Z431IXLRU1uGLnUJyrDM4bAMyNzYGrYNI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325490; c=relaxed/simple; bh=iKbT/mhLs1ED+s0yLqNpnLD7kmeVQgDboLbFUrse/e0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ZNOkgUHfrPeu1fgf0j5z4TagKBJZjycN/3Vy2q2NTx0sEc43vJs2HpGEJ9au5pPLRLGhutTh1USCsDD+OkC5C73VexCfplybrv3eSUtSIECrQGtVKqVgJlSs0l1qyxxi1q91BdnBxEDmPMB8oxkUMfJDvbcdJCPXRvS9XKXYbM4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=QJ+na2Ae; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="QJ+na2Ae" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728325487; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=WOOlqDvcrFEu4SzAzbSsIxpL9uQq38p0CIhtrHPYGvE=; b=QJ+na2AeT/cohKnF70rWKfpv7MZGa5u6zsjMq6u5ob4mN0HGjLkYiHMJtJBiroQh9cVn1g umKjL8tBtY+zW8cK99n2LFkeF5Orj6nGvh+1sRiXL1AZjfjZq0n39/0bZcg3v0xOxjCQ2R CS8VMn6j5B+ZXsIiqVdKWr3omPANTbs= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-632-ci0op7YAPMiaY-tPxuHMAw-1; Mon, 07 Oct 2024 14:24:46 -0400 X-MC-Unique: ci0op7YAPMiaY-tPxuHMAw-1 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-42cb5f6708aso30320825e9.2 for ; Mon, 07 Oct 2024 11:24:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728325485; x=1728930285; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=WOOlqDvcrFEu4SzAzbSsIxpL9uQq38p0CIhtrHPYGvE=; b=j3zTc8p4lpYvAQzPi6s0L7pPKcl0hVpwEElSQbX4dbGBzDKp9hRgx9GbF99mqe+JM9 y8dTDjhzww7NyFcktQrz0YmTOxRScL1cTEDzCYKHt0AHiIaY0z8mCtLtXYjVk7iLuvN9 dTOE2DaIdZO01miu7cD+KGLln1Zxx5sbIUwfneAQdxbSWchLUqkbZ57kvQiib0KqNtB+ 3sUzGcm59HQMUTssZbkPUcaQiuWZZVhemPierNC13264y6TFj35XSmZ09VIKIRCZ1EC2 wuDX8jEBQaM9q9xjFPO6XlwLKu1NzJPuFqFLQI9vxCILlAfS+ltkXA8V/DPzIHmg7RUW frlw== X-Gm-Message-State: AOJu0Yz3u8HOdepVyW8d0ndKftGP2x846d2v/aEKPVBmmO8wLMkIsdqR I/8U8YQgrrGrqu14GRL1yGmCjDYyHfAfe3CyaBmq8dxEXG4oYUOXMvJOW9kbJu5JTtmGtVitXcH kCGP/sGcviYJ0qMJ9JqmHLxkkI4W/MF+ZwEptpZOiJEI1SwC5orqmGw== X-Received: by 2002:a05:600c:350c:b0:42e:8d0d:bca5 with SMTP id 5b1f17b1804b1-42f85aa1a76mr83464535e9.2.1728325485063; Mon, 07 Oct 2024 11:24:45 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFBDdc27BBOiK8zjPS9HaU9fEDYTydrLH5F71UOP/CFPFT0e0EsPFdzRNii4lO0UhA2Td9vaw== X-Received: by 2002:a05:600c:350c:b0:42e:8d0d:bca5 with SMTP id 5b1f17b1804b1-42f85aa1a76mr83464355e9.2.1728325484615; Mon, 07 Oct 2024 11:24:44 -0700 (PDT) Received: from debian (2a01cb058d23d6007679fbc6b291198c.ipv6.abo.wanadoo.fr. [2a01:cb05:8d23:d600:7679:fbc6:b291:198c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42f89ea8675sm83283525e9.21.2024.10.07.11.24.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 11:24:44 -0700 (PDT) Date: Mon, 7 Oct 2024 20:24:42 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern , Willem de Bruijn Subject: [PATCH net-next 3/7] ipv4: Convert __mkroute_input() to dscp_t. Message-ID: <40853c720aee4d608e6b1b204982164c3b76697d.1728302212.git.gnault@redhat.com> References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Patchwork-Delegate: kuba@kernel.org Pass a dscp_t variable to __mkroute_input(), instead of a plain u8, to prevent accidental setting of ECN bits in ->flowi4_tos. Only ip_mkroute_input() actually calls __mkroute_input(). Since it already has a dscp_t variable to pass as parameter, we only need to remove the inet_dscp_to_dsfield() conversion. While there, reorganise the function parameters to fill up horizontal space. Signed-off-by: Guillaume Nault --- net/ipv4/route.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 38bb38dbe490..763b8bafd1bf 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1764,10 +1764,9 @@ static void ip_handle_martian_source(struct net_device *dev, } /* called in rcu_read_lock() section */ -static int __mkroute_input(struct sk_buff *skb, - const struct fib_result *res, - struct in_device *in_dev, - __be32 daddr, __be32 saddr, u32 tos) +static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, + struct in_device *in_dev, __be32 daddr, + __be32 saddr, dscp_t dscp) { struct fib_nh_common *nhc = FIB_RES_NHC(*res); struct net_device *dev = nhc->nhc_dev; @@ -1785,8 +1784,8 @@ static int __mkroute_input(struct sk_buff *skb, return -EINVAL; } - err = fib_validate_source(skb, saddr, daddr, tos, FIB_RES_OIF(*res), - in_dev->dev, in_dev, &itag); + err = fib_validate_source(skb, saddr, daddr, inet_dscp_to_dsfield(dscp), + FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); if (err < 0) { ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); @@ -2126,8 +2125,7 @@ static int ip_mkroute_input(struct sk_buff *skb, struct fib_result *res, #endif /* create a routing cache entry */ - return __mkroute_input(skb, res, in_dev, daddr, saddr, - inet_dscp_to_dsfield(dscp)); + return __mkroute_input(skb, res, in_dev, daddr, saddr, dscp); } /* Implements all the saddr-related checks as ip_route_input_slow(), From patchwork Mon Oct 7 18:24:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13825108 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBF6D1DDC1E for ; Mon, 7 Oct 2024 18:24:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325496; cv=none; b=Scw11DUcl9KOG84y4/olfI/COmU7SvEVBRurVZvgnTQ33fRt0vhKazPR0fp+iJWGE7GVBxhrYbBJYbbHVJMj1kiMTb/reULdFY9iRL1UgGtMJz7mCv6G6o3iTWC8uRhXCtAD1SprVsaewX01RUz7phep+YIMUAbBXMyyEDMUht0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325496; c=relaxed/simple; bh=kTS0zQn1xPgAQHoBCukJ7yeYlTOvUMlcR86XQTnpuNI=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=d5l/iTp3EfCHYKB2/gVmaPjdvJ1zfRJbiXX20g5DSY+6gR9irjl96SAlNrg5jUUc8Lu4dE8m/d87dzWRxLuxADp25h/we8IUw25A/urN9clB6uEqatoQlbuqWcfdHE0540eu/BktAhVlG1bHFJTSFGK+3WYu0f6C3TDL7RfI5F0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=UdR32iFd; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="UdR32iFd" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728325493; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=jA4Yj9XYC4zT18ciKfW6jQxfqHSCJKVQMRevOEKq9po=; b=UdR32iFdTGhKudyPiS3E7swlCDIgO/8M/ew/YBfhO5lT9RqcL1MbG5dcX6jy6Bdak7sGH9 Hr3g+GgvvV9kVQH2aa/N7/1fYu5xAq329TEHcOEp+xQtnmQXbu+/56bJU4weJJIWiCB0LC IUQLyTRrOz4xmErc2Sg6myHFtiUosBw= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-49-oQy9SacrNH6r5bj9YDskrA-1; Mon, 07 Oct 2024 14:24:52 -0400 X-MC-Unique: oQy9SacrNH6r5bj9YDskrA-1 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-42cae209243so30348545e9.1 for ; Mon, 07 Oct 2024 11:24:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728325491; x=1728930291; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=jA4Yj9XYC4zT18ciKfW6jQxfqHSCJKVQMRevOEKq9po=; b=REMD55ziitJF93FVntCa31AHFA6DjBIBTcAyTax2kUvEGnneOwtOZTrPha2NR1lRC2 FH9ANjk7VA9y1XfY2k3lmTOdMG2nojjHeCPET1ClrD8g761Gc2W8G+cx41N5QS5XV4tx pQkb0Nvin7q/K68qgHeUYS8zy9xDeW1dKkcBYmSjVVBvt/kAgusrWr6D7JoK2rzMnQ12 x+SR95pnA6qVqnIFFzbG1wTr53qgcbsQKLR8EF4oz9JQANPg59cu+/8O+//APbVfJiTB A1bjeCBwO5SUP3Eb93UdrsVhI+DgcxVgCG4vUiTyTBzhrGomQhvZhDPQ6KnxIMzKT6Dp eGKw== X-Gm-Message-State: AOJu0YxZvO696QRM7ctMUz2irCNy/0CjRqf1D7nTzFX2oWhiVPJhTVWN oiFy4L84UCXVzoGu7NdyrHTnvEGZaSSyT3RWDOrj8BtUh2SLi4UyXShVla8vjnQgd4J47/8c0xR 4nDqnRm6QMuUALyk1sDMC5eItw0vc5lZpWg6haNcjZqrOhXuF6Xr2mw== X-Received: by 2002:a05:600c:3c8c:b0:42d:a024:d6bb with SMTP id 5b1f17b1804b1-42f85abf4damr79181395e9.20.1728325491470; Mon, 07 Oct 2024 11:24:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH0qxZGb/L+dOGZUdVlF+VjvrPs2syi30v6OOhNK9VQPkRFE3q7Q5DKbmhgJb5BSvPHwanhbg== X-Received: by 2002:a05:600c:3c8c:b0:42d:a024:d6bb with SMTP id 5b1f17b1804b1-42f85abf4damr79181275e9.20.1728325491089; Mon, 07 Oct 2024 11:24:51 -0700 (PDT) Received: from debian (2a01cb058d23d6007679fbc6b291198c.ipv6.abo.wanadoo.fr. [2a01:cb05:8d23:d600:7679:fbc6:b291:198c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37d1690f1dasm6315549f8f.6.2024.10.07.11.24.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 11:24:50 -0700 (PDT) Date: Mon, 7 Oct 2024 20:24:48 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern , Willem de Bruijn Subject: [PATCH net-next 4/7] ipv4: Convert ip_route_input_mc() to dscp_t. Message-ID: <0cc653ef59bbc0a28881f706d34896c61eba9e01.1728302212.git.gnault@redhat.com> References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Patchwork-Delegate: kuba@kernel.org Pass a dscp_t variable to ip_route_input_mc(), instead of a plain u8, to prevent accidental setting of ECN bits in ->flowi4_tos. Only ip_route_input_rcu() actually calls ip_route_input_mc(). Since it already has a dscp_t variable to pass as parameter, we only need to remove the inet_dscp_to_dsfield() conversion. Signed-off-by: Guillaume Nault --- net/ipv4/route.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 763b8bafd1bf..527121be1ba2 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1697,7 +1697,7 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, /* called in rcu_read_lock() section */ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, int our) + dscp_t dscp, struct net_device *dev, int our) { struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; @@ -1705,7 +1705,9 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, u32 itag = 0; int err; - err = ip_mc_validate_source(skb, daddr, saddr, tos, dev, in_dev, &itag); + err = ip_mc_validate_source(skb, daddr, saddr, + inet_dscp_to_dsfield(dscp), dev, in_dev, + &itag); if (err) return err; @@ -2455,9 +2457,8 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, IN_DEV_MFORWARD(in_dev)) #endif ) { - err = ip_route_input_mc(skb, daddr, saddr, - inet_dscp_to_dsfield(dscp), - dev, our); + err = ip_route_input_mc(skb, daddr, saddr, dscp, dev, + our); } return err; } From patchwork Mon Oct 7 18:24:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13825126 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15E271D958F for ; Mon, 7 Oct 2024 18:25:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325503; cv=none; b=Yn+MThQg4+FAI8xeXkEP2oyl1irZNjBn0XYARmZlBrRvkuJTkz3GxrjdaKvrqshkC1K/sHh1Q2gdNUH7Xk13FnuqzmvKurX3HO62MIhIncDOQutzBaPtOFR4xKrE2mLHSi3h5visKGX64u/zdsEoukhjUFWmQYa6RFPdi5snQHA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325503; c=relaxed/simple; bh=+6ZVXGLHRAPlFJUw3qVLiyVt/Jj6wVHDk1q2Wq1oxuc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=j6xgdC1K4k8ZZKYwJYx1an/Md3a+abAPaqDsuCIfgba9aSPeLZxPnHgx7FmhVveMBhjdfTrDR/t1pBeDSuUwbpJCB4qLK26WR2T0Pl2YsAAm6ZggW3EH+n2p63wjp9k3d5x0QAyAhKtlQVQ82hXVu4QrRhwujBXJrs2PnTnpGu8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=bmlNReN9; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="bmlNReN9" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728325501; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=WwNPPZv+TRoSbhZM2PCad31BdfTBneWZwqr2YSkRDfg=; b=bmlNReN99KAH+8XbEoTINSlZgC4sdAR7NDDE1oILtAIDN1fcZQAPAShY7l8AEOvKADUuvN pYEDJ4GVHecj1PV5EAkw4sXRXdgyhcjc10C3tK4/g0Wi1rh8uEQtSrLAr4fZjbUGs6vj4C JlUzjVjWRjkwLsG3wiMINK8gZgvyQoQ= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-10-YRbfe3GtNaKl1LCO1sU2tQ-1; Mon, 07 Oct 2024 14:25:00 -0400 X-MC-Unique: YRbfe3GtNaKl1LCO1sU2tQ-1 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-42cb89fbb8bso30312555e9.3 for ; Mon, 07 Oct 2024 11:24:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728325498; x=1728930298; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=WwNPPZv+TRoSbhZM2PCad31BdfTBneWZwqr2YSkRDfg=; b=JorZ2zPk0219TdUIjExeMevF7WksdJi/Kxb6L2U2ifP4jR1GmeirZmVfZy2f7yelMk rhv3Ox5ghFriAWBTD1oHtzh6Y7U3NI9XnPIYJtaxb/SM2t6EiqPgbU/O1ycf00zPuxw9 VPgtLZdd94HjTaiJqIYHPNC9rm2U1NQmEuc0WiGeiOumSS/LVFsnfj+HymOwJF+QyZzf XE+Eru3dfo8kfCMxyLJu5m6hLMwwztwp5NY9WOw5w83TfVUT/tXfGCNAWnD95C8sDGM9 IBgK7m/9uC8WeQ1mXBVnkW20SxOtARdHUXVmHmaWeWOBkN8hUD6K3o9GN/+D2pg6/WdT J15g== X-Gm-Message-State: AOJu0Yxd4NmmlQjxTzIK5GrO3fSjxh+F1yiXUwQPiSMHL2O7jXsu8AVl 0TUOSArCXHjiEnQOW/g01gTVWGvWd5eL5ZbSO1ZlImont0y6xr3zEvbwhbuocPi10VxlHQ5atzD ZFQk6h3GcpxbKgByuTpG/OSr4AYC8qECx2AhYIZR4ET2UawVHlaIhBPTcUB1zoA== X-Received: by 2002:a05:600c:5493:b0:426:6308:e2f0 with SMTP id 5b1f17b1804b1-42f85aee7d9mr90711045e9.26.1728325498295; Mon, 07 Oct 2024 11:24:58 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHbdkgSeLBVnRYkZMrZYtHCUGuwu0Bpj5aHsGFhJmeFyKuJw+Y/8w9bVsxOBajILu0WvsqQww== X-Received: by 2002:a05:600c:5493:b0:426:6308:e2f0 with SMTP id 5b1f17b1804b1-42f85aee7d9mr90710795e9.26.1728325497778; Mon, 07 Oct 2024 11:24:57 -0700 (PDT) Received: from debian (2a01cb058d23d6007679fbc6b291198c.ipv6.abo.wanadoo.fr. [2a01:cb05:8d23:d600:7679:fbc6:b291:198c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37d1695e5fbsm6258874f8f.73.2024.10.07.11.24.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 11:24:57 -0700 (PDT) Date: Mon, 7 Oct 2024 20:24:54 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern , Willem de Bruijn Subject: [PATCH net-next 5/7] ipv4: Convert ip_mc_validate_source() to dscp_t. Message-ID: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Patchwork-Delegate: kuba@kernel.org Pass a dscp_t variable to ip_mc_validate_source(), instead of a plain u8, to prevent accidental setting of ECN bits in ->flowi4_tos. Callers of ip_mc_validate_source() to consider are: * ip_route_input_mc() which already has a dscp_t variable to pass as parameter. We just need to remove the inet_dscp_to_dsfield() conversion. * udp_v4_early_demux() which gets the DSCP directly from the IPv4 header and can simply use the ip4h_dscp() helper. Also, stop including net/inet_dscp.h in udp.c as we don't use any of its declarations anymore. Signed-off-by: Guillaume Nault --- include/net/route.h | 3 ++- net/ipv4/route.c | 8 ++++---- net/ipv4/udp.c | 4 ++-- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/net/route.h b/include/net/route.h index c219c0fecdcf..586e59f7ed8a 100644 --- a/include/net/route.h +++ b/include/net/route.h @@ -198,8 +198,9 @@ static inline struct rtable *ip_route_output_gre(struct net *net, struct flowi4 fl4->fl4_gre_key = gre_key; return ip_route_output_key(net, fl4); } + int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, + dscp_t dscp, struct net_device *dev, struct in_device *in_dev, u32 *itag); int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, dscp_t dscp, struct net_device *dev); diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 527121be1ba2..1efb65e647c1 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1666,7 +1666,7 @@ EXPORT_SYMBOL(rt_dst_clone); /* called in rcu_read_lock() section */ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, + dscp_t dscp, struct net_device *dev, struct in_device *in_dev, u32 *itag) { int err; @@ -1687,7 +1687,8 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, ip_hdr(skb)->protocol != IPPROTO_IGMP) return -EINVAL; } else { - err = fib_validate_source(skb, saddr, 0, tos, 0, dev, + err = fib_validate_source(skb, saddr, 0, + inet_dscp_to_dsfield(dscp), 0, dev, in_dev, itag); if (err < 0) return err; @@ -1705,8 +1706,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, u32 itag = 0; int err; - err = ip_mc_validate_source(skb, daddr, saddr, - inet_dscp_to_dsfield(dscp), dev, in_dev, + err = ip_mc_validate_source(skb, daddr, saddr, dscp, dev, in_dev, &itag); if (err) return err; diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 8accbf4cb295..4b74a25d0b6e 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -100,6 +100,7 @@ #include #include #include +#include #include #include #include @@ -115,7 +116,6 @@ #include #include #include -#include #if IS_ENABLED(CONFIG_IPV6) #include #endif @@ -2619,7 +2619,7 @@ int udp_v4_early_demux(struct sk_buff *skb) if (!inet_sk(sk)->inet_daddr && in_dev) return ip_mc_validate_source(skb, iph->daddr, iph->saddr, - iph->tos & INET_DSCP_MASK, + ip4h_dscp(iph), skb->dev, in_dev, &itag); } return 0; From patchwork Mon Oct 7 18:25:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13825127 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 60F9E1D958F for ; Mon, 7 Oct 2024 18:25:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325509; cv=none; b=uV3QuRQzQ7ZUnWx5K/jAR368s1Dhk/QyGEraNpi+in+ct7ge/AMIhAGE0ae2NeG11uqwSk9Pp0b5LHc/RT7b1k8ASc2g03tddJBJoMLlQmrYgzOePTxOXy+krctKH8yjkWbqTux09MIjlcLFjN+4YK4/TW6jEYNoObliCIFPHNk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325509; c=relaxed/simple; bh=nkw28ryJBjT3Q6g7hLW8/0M5MDj4kShuITxkPdd4XmU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=BnWrMQ+ItUcP216NTYjG6nHIy3h7T5Aer05D80zNVzpooczO5jpredojm+FsYOPi+zrewYPQiCON/jVPKXXAerVfZGTOX4WDyYNgSmUmFkFroEOgir+iRKPx0goFqt1uOO4y80oc9HtgkT7JBUdKxX7RVX5ZCUHy9qNskWuuZVg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=cKzkO32+; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="cKzkO32+" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728325507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=9zD8dQyOkqIxj/XSt2e1o0EaFzKFBGlrAOh8/UhfLAc=; b=cKzkO32+0++R58gD4MNJ731e6A49a9sxvSip4Z7BHezNlAtUvIH8JMu1F2TNRDgGunm7Nd Pb+zlWnerJzbKKPn/xU17rlIyuAFLBAg4pZHkSCTPOjeM5XSTaSdfZQ2ePE/5KK9wtafPM LUaYWGBSPqh2edPTDvqg8/gCeVqJTIs= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-20-seuihj6GOmSSlET4admDyg-1; Mon, 07 Oct 2024 14:25:06 -0400 X-MC-Unique: seuihj6GOmSSlET4admDyg-1 Received: by mail-wm1-f70.google.com with SMTP id 5b1f17b1804b1-42cb940cd67so53434125e9.0 for ; Mon, 07 Oct 2024 11:25:05 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728325504; x=1728930304; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=9zD8dQyOkqIxj/XSt2e1o0EaFzKFBGlrAOh8/UhfLAc=; b=Ycntz88h/Fhoh5ADxzPiS3oMsmBsAzOUezR0tMb8RieGfNObsBuadhQGiVqV5ReOiX RvcCHm+zcv65HJiSb18TwIKMeC/uYY7NgkYGOb4ihs+j2e1ohwaG1XDFParewrNh14Ye 2wsw0AcUvyGPsjs/7/qpdjPOZBg/LJsoFk2241ZtnmYIh/bhfpcFzx/QDeNRB7yLGiBN 69hGqUv6m4R+JNIqLigihwb/374g9dFx2zYFEcEwWvY5AvQspkndwo3BTjhgH3WMHPoS uNhnVnQOKyHl7AXhR37bQZbgdX1HVV9+Muo7PCRQStH7KiAlHgPuKVw+XkkeYq66Qs0f Bbcg== X-Gm-Message-State: AOJu0Yy31ZZYNpE/pQNewJMiIKEU4OOvVqQ4KYmnBGoLMgYELaTQpkao Kjrp/9I7jvxQF8mfnjqcUbwVPimTFA8MrzWYtQlf4uQaz9YOicuba90jKgqlhvhGUEbLiMW6/vB QvwKs2PE2cIcNuOcBsT1pvWuudfGAFcnmUGGJN6nyYhW9ob1D0Ngrkg== X-Received: by 2002:adf:ebcb:0:b0:374:c658:706e with SMTP id ffacd0b85a97d-37d0e8db679mr10216040f8f.39.1728325504567; Mon, 07 Oct 2024 11:25:04 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGmEiD+aO3nn4hp+M2brR980LWNeZhtfTNKEF9mxJkPjgBtT0mpS7sWK5Pkf+H3JlO8LmOKxQ== X-Received: by 2002:adf:ebcb:0:b0:374:c658:706e with SMTP id ffacd0b85a97d-37d0e8db679mr10216024f8f.39.1728325504075; Mon, 07 Oct 2024 11:25:04 -0700 (PDT) Received: from debian (2a01cb058d23d6007679fbc6b291198c.ipv6.abo.wanadoo.fr. [2a01:cb05:8d23:d600:7679:fbc6:b291:198c]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-37d16973c2asm6270172f8f.111.2024.10.07.11.25.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 11:25:03 -0700 (PDT) Date: Mon, 7 Oct 2024 20:25:02 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern , Willem de Bruijn Subject: [PATCH net-next 6/7] ipv4: Convert fib_validate_source() to dscp_t. Message-ID: <08612a4519bc5a3578bb493fbaad82437ebb73dc.1728302212.git.gnault@redhat.com> References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Patchwork-Delegate: kuba@kernel.org Pass a dscp_t variable to fib_validate_source(), instead of a plain u8, to prevent accidental setting of ECN bits in ->flowi4_tos. All callers of fib_validate_source() already have a dscp_t variable to pass as parameter. We just need to remove the inet_dscp_to_dsfield() conversions. Signed-off-by: Guillaume Nault --- include/net/ip_fib.h | 3 ++- net/ipv4/fib_frontend.c | 5 +++-- net/ipv4/route.c | 21 +++++++++------------ 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index 967e4dc555fa..06130933542d 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -449,8 +449,9 @@ int fib_gw_from_via(struct fib_config *cfg, struct nlattr *nla, __be32 fib_compute_spec_dst(struct sk_buff *skb); bool fib_info_nh_uses_dev(struct fib_info *fi, const struct net_device *dev); int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, - u8 tos, int oif, struct net_device *dev, + dscp_t dscp, int oif, struct net_device *dev, struct in_device *idev, u32 *itag); + #ifdef CONFIG_IP_ROUTE_CLASSID static inline int fib_num_tclassid_users(struct net *net) { diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 793e6781399a..d0fbc8c8c5e6 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -419,7 +419,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, /* Ignore rp_filter for packets protected by IPsec. */ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, - u8 tos, int oif, struct net_device *dev, + dscp_t dscp, int oif, struct net_device *dev, struct in_device *idev, u32 *itag) { int r = secpath_exists(skb) ? 0 : IN_DEV_RPFILTER(idev); @@ -448,7 +448,8 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, } full_check: - return __fib_validate_source(skb, src, dst, tos, oif, dev, r, idev, itag); + return __fib_validate_source(skb, src, dst, inet_dscp_to_dsfield(dscp), + oif, dev, r, idev, itag); } static inline __be32 sk_extract_addr(struct sockaddr *addr) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 1efb65e647c1..a0b091a7df87 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1687,9 +1687,8 @@ int ip_mc_validate_source(struct sk_buff *skb, __be32 daddr, __be32 saddr, ip_hdr(skb)->protocol != IPPROTO_IGMP) return -EINVAL; } else { - err = fib_validate_source(skb, saddr, 0, - inet_dscp_to_dsfield(dscp), 0, dev, - in_dev, itag); + err = fib_validate_source(skb, saddr, 0, dscp, 0, dev, in_dev, + itag); if (err < 0) return err; } @@ -1786,8 +1785,8 @@ static int __mkroute_input(struct sk_buff *skb, const struct fib_result *res, return -EINVAL; } - err = fib_validate_source(skb, saddr, daddr, inet_dscp_to_dsfield(dscp), - FIB_RES_OIF(*res), in_dev->dev, in_dev, &itag); + err = fib_validate_source(skb, saddr, daddr, dscp, FIB_RES_OIF(*res), + in_dev->dev, in_dev, &itag); if (err < 0) { ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, saddr); @@ -2159,8 +2158,8 @@ int ip_route_use_hint(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (rt->rt_type != RTN_LOCAL) goto skip_validate_source; - err = fib_validate_source(skb, saddr, daddr, inet_dscp_to_dsfield(dscp), - 0, dev, in_dev, &tag); + err = fib_validate_source(skb, saddr, daddr, dscp, 0, dev, in_dev, + &tag); if (err < 0) goto martian_source; @@ -2298,8 +2297,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, } if (res->type == RTN_LOCAL) { - err = fib_validate_source(skb, saddr, daddr, - inet_dscp_to_dsfield(dscp), 0, dev, + err = fib_validate_source(skb, saddr, daddr, dscp, 0, dev, in_dev, &itag); if (err < 0) goto martian_source; @@ -2322,9 +2320,8 @@ out: return err; goto e_inval; if (!ipv4_is_zeronet(saddr)) { - err = fib_validate_source(skb, saddr, 0, - inet_dscp_to_dsfield(dscp), 0, dev, - in_dev, &itag); + err = fib_validate_source(skb, saddr, 0, dscp, 0, dev, in_dev, + &itag); if (err < 0) goto martian_source; } From patchwork Mon Oct 7 18:25:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Nault X-Patchwork-Id: 13825128 X-Patchwork-Delegate: kuba@kernel.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7E18C1DDC32 for ; Mon, 7 Oct 2024 18:25:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325516; cv=none; b=O4UNhfTaP1PR2MpoS9lFiiu7R5zY6LHkXwpt1ses0z5dErN6V92Z/WlRK2oTeWZiZw1nC3bMlzYlTkfqnTnG9TM5eMzuR8SIx8PbwvzDH3qqiWwgx9jRjB9bSCqGHxkHkYverkxD5xlqNvKSCBIaI03XaVnN/SVgfeHG5RLjIHA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1728325516; c=relaxed/simple; bh=oGtEuK+ebNMAjT7/nnwBDyWAZ4aVWwWtDDHgyTwJvEc=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=U84EOiNAkdxozL8kyGvqxOFtElwrnY6fswPpZEBmWpNc+BHD6ta9uqLsQru/K6mltqjotLbdaXP46S8hjwSFEir6KSHF3xhz9bpepBi04Fh/z2f8QID0PZFHhHKVYsL0LUHg9DOK3VylCvwUIRc2gY2jDqOLYhWMGbZ2L4E57z0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=P1JILRZN; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="P1JILRZN" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1728325513; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=4g1hLpzfKGShOmDLdQ19djFGvaS09pRykFK9NEmYhQs=; b=P1JILRZNBs7qtGMDt19SX6aL/M9awP9SINp8bIOUGALMGcqMHf/kW3JkW1aNgcWhG7xXVY F6xZm8DYxwTkashbmD3mHd/+3NexKwYuustdYPLqCnhLhg+ugZPICS9GJC1lSzGAEbui5/ r+Ekh23grgP+baH3Q6MWDQCZg7tPMxY= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-489-HQJH54XEPNurRzPzJwoyPA-1; Mon, 07 Oct 2024 14:25:12 -0400 X-MC-Unique: HQJH54XEPNurRzPzJwoyPA-1 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-42cae209243so30350325e9.1 for ; Mon, 07 Oct 2024 11:25:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728325511; x=1728930311; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=4g1hLpzfKGShOmDLdQ19djFGvaS09pRykFK9NEmYhQs=; b=FNiYUdY8DzzGL13p4fqusjeEZIb20qgfFyYLkFJGQdLc5DCHdM+4phrQxY4WUP+YsB 8AxuZMLuDF/Mg5hKDNHXf2GHjbeB7WJBrnDG0BZ2lRhPUDUJL9s/J+EHOIOJrs0FOETM iHMHABAeoe6PUKcfu3c79sx6GFvnv+vbCCsb8TxWLDh4DBbMt/Ds1U4VOh5uCK8+A8i5 L4BIBG00r/gqISHZNRWYW5uuTW+8OifZlHTY9M8BpnQCC+upYkEpHF4xcDa871D0nw+C B+icDwnNydBXp4V60sfyh5+luybVaDJXwLu9nCwyEad3vPG24L9nU87PiN8pjg0QCaG/ Hn4Q== X-Gm-Message-State: AOJu0Ywsr8/IeslEMteAgeG0lsIKJ+iFQMCzwaUramGquJ9db/uTsoUk a4bSi4ELIebD+v//e6VkKQ52/5weBvohWMdFHe+OBPNd8fbCmT8W14mNdBEivbvychOvB1wSrkE DLWs2lJVhYq1LF7siu8Zr7/wTjGB57YbYKJJi/3VXx9yOKYpT+V8Q5A== X-Received: by 2002:a05:600c:1616:b0:42f:8ac8:5e5c with SMTP id 5b1f17b1804b1-42f8ac860dcmr52410855e9.12.1728325510916; Mon, 07 Oct 2024 11:25:10 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGYoYb/XOX1nLRmeDyanwiFN8LFrlgZDzgrpAPVciJy7/ntwqBwANWRLqG1w4mRopclm472pw== X-Received: by 2002:a05:600c:1616:b0:42f:8ac8:5e5c with SMTP id 5b1f17b1804b1-42f8ac860dcmr52410725e9.12.1728325510487; Mon, 07 Oct 2024 11:25:10 -0700 (PDT) Received: from debian (2a01cb058d23d6007679fbc6b291198c.ipv6.abo.wanadoo.fr. [2a01:cb05:8d23:d600:7679:fbc6:b291:198c]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-42f89e89b42sm81887965e9.13.2024.10.07.11.25.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 11:25:10 -0700 (PDT) Date: Mon, 7 Oct 2024 20:25:08 +0200 From: Guillaume Nault To: David Miller , Jakub Kicinski , Paolo Abeni , Eric Dumazet Cc: netdev@vger.kernel.org, David Ahern , Willem de Bruijn Subject: [PATCH net-next 7/7] ipv4: Convert __fib_validate_source() to dscp_t. Message-ID: <8206b0a64a21a208ed94774e261a251c8d7bc251.1728302212.git.gnault@redhat.com> References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-Patchwork-Delegate: kuba@kernel.org Pass a dscp_t variable to __fib_validate_source(), instead of a plain u8, to prevent accidental setting of ECN bits in ->flowi4_tos. Only fib_validate_source() actually calls __fib_validate_source(). Since it already has a dscp_t variable to pass as parameter, we only need to remove the inet_dscp_to_dsfield() conversion. Signed-off-by: Guillaume Nault --- net/ipv4/fib_frontend.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index d0fbc8c8c5e6..8353518b110a 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -342,7 +342,7 @@ EXPORT_SYMBOL_GPL(fib_info_nh_uses_dev); * called with rcu_read_lock() */ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, - u8 tos, int oif, struct net_device *dev, + dscp_t dscp, int oif, struct net_device *dev, int rpf, struct in_device *idev, u32 *itag) { struct net *net = dev_net(dev); @@ -357,7 +357,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, fl4.flowi4_iif = oif ? : LOOPBACK_IFINDEX; fl4.daddr = src; fl4.saddr = dst; - fl4.flowi4_tos = tos; + fl4.flowi4_tos = inet_dscp_to_dsfield(dscp); fl4.flowi4_scope = RT_SCOPE_UNIVERSE; fl4.flowi4_tun_key.tun_id = 0; fl4.flowi4_flags = 0; @@ -448,8 +448,8 @@ int fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst, } full_check: - return __fib_validate_source(skb, src, dst, inet_dscp_to_dsfield(dscp), - oif, dev, r, idev, itag); + return __fib_validate_source(skb, src, dst, dscp, oif, dev, r, idev, + itag); } static inline __be32 sk_extract_addr(struct sockaddr *addr)