From: Ido Schimmel <idosch@nvidia.com>
To: <netdev@vger.kernel.org>, <netfilter-devel@vger.kernel.org>
Cc: <davem@davemloft.net>, <kuba@kernel.org>, <pabeni@redhat.com>,
<edumazet@google.com>, <dsahern@kernel.org>, <gnault@redhat.com>,
<pablo@netfilter.org>, <kadlec@netfilter.org>, <fw@strlen.de>,
Ido Schimmel <idosch@nvidia.com>
Subject: [RFC PATCH net-next 0/3] Preparations for FIB rule DSCP selector
Date: Thu, 25 Jul 2024 16:17:26 +0300 [thread overview]
Message-ID: <20240725131729.1729103-1-idosch@nvidia.com> (raw)
This patchset moves the masking of the upper DSCP bits in 'flowi4_tos'
to the core instead of relying on callers of the FIB lookup API to do
it.
This will allow us to start changing users of the API to initialize the
'flowi4_tos' field with all six bits of the DSCP field. In turn, this
will allow us to extend FIB rules with a new DSCP selector.
By masking the upper DSCP bits in the core we are able to maintain the
behavior of the TOS selector in FIB rules and routes to only match on
the lower DSCP bits.
While working on this I found two users of the API that do not mask the
upper DSCP bits before performing the lookup. The first is an ancient
netlink family that is unlikely to be used. It is adjusted in patch #1
to mask both the upper DSCP bits and the ECN bits before calling the
API.
The second user is a nftables module that differs in this regard from
its equivalent iptables module. It is adjusted in patch #2 to invoke the
API with the upper DSCP bits masked, like all other callers. The
relevant selftest passed, but in the unlikely case that regressions are
reported because of this change, we can restore the existing behavior
using a new flow information flag as discussed here [1].
The last patch moves the masking of the upper DSCP bits to the core,
making the first two patches redundant, but I wanted to post them
separately to call attention to the behavior change for these two users
of the FIB lookup API.
[1] https://lore.kernel.org/netdev/ZpqpB8vJU%2FQ6LSqa@debian/
Ido Schimmel (3):
ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family
netfilter: nft_fib: Mask upper DSCP bits before FIB lookup
ipv4: Centralize TOS matching
include/net/ip_fib.h | 7 +++++++
net/ipv4/fib_frontend.c | 2 +-
net/ipv4/fib_rules.c | 2 +-
net/ipv4/fib_semantics.c | 3 +--
net/ipv4/fib_trie.c | 3 +--
net/ipv4/netfilter/nft_fib_ipv4.c | 4 +---
6 files changed, 12 insertions(+), 9 deletions(-)
--
2.45.1
next reply other threads:[~2024-07-25 13:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-25 13:17 Ido Schimmel [this message]
2024-07-25 13:17 ` [RFC PATCH net-next 1/3] ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family Ido Schimmel
2024-07-26 13:12 ` Guillaume Nault
2024-07-25 13:17 ` [RFC PATCH net-next 2/3] netfilter: nft_fib: Mask upper DSCP bits before FIB lookup Ido Schimmel
2024-07-26 13:15 ` Guillaume Nault
2024-07-26 13:32 ` Florian Westphal
2024-07-26 15:40 ` Guillaume Nault
2024-07-28 2:30 ` Florian Westphal
2024-07-28 10:51 ` Ido Schimmel
2024-07-25 13:17 ` [RFC PATCH net-next 3/3] ipv4: Centralize TOS matching Ido Schimmel
2024-07-26 13:17 ` Guillaume Nault
2024-07-28 11:34 ` Ido Schimmel
2024-07-29 16:05 ` Guillaume Nault
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240725131729.1729103-1-idosch@nvidia.com \
--to=idosch@nvidia.com \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=gnault@redhat.com \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).