From: Ido Schimmel <idosch@nvidia.com>
To: <netdev@vger.kernel.org>
Cc: <davem@davemloft.net>, <kuba@kernel.org>, <pabeni@redhat.com>,
<edumazet@google.com>, <dsahern@kernel.org>,
<donald.hunter@gmail.com>, <horms@kernel.org>,
<gnault@redhat.com>, <rostedt@goodmis.org>, <mhiramat@kernel.org>,
<mathieu.desnoyers@efficios.com>, <petrm@nvidia.com>,
Ido Schimmel <idosch@nvidia.com>
Subject: [PATCH net-next 2/9] ipv4: fib_rules: Reject flow label attributes
Date: Mon, 16 Dec 2024 19:11:54 +0200 [thread overview]
Message-ID: <20241216171201.274644-3-idosch@nvidia.com> (raw)
In-Reply-To: <20241216171201.274644-1-idosch@nvidia.com>
IPv4 FIB rules cannot match on flow label so reject requests that try to
add such rules. Do that in the IPv4 configure callback as the netlink
policy resides in the core and used by both IPv4 and IPv6.
Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
---
net/ipv4/fib_rules.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index 8325224ef072..9517b8667e00 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -249,6 +249,12 @@ static int fib4_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
int err = -EINVAL;
struct fib4_rule *rule4 = (struct fib4_rule *) rule;
+ if (tb[FRA_FLOWLABEL] || tb[FRA_FLOWLABEL_MASK]) {
+ NL_SET_ERR_MSG(extack,
+ "Flow label cannot be specified for IPv4 FIB rules");
+ goto errout;
+ }
+
if (!inet_validate_dscp(frh->tos)) {
NL_SET_ERR_MSG(extack,
"Invalid dsfield (tos): ECN bits must be 0");
--
2.47.1
next prev parent reply other threads:[~2024-12-16 17:13 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-16 17:11 [PATCH net-next 0/9] net: fib_rules: Add flow label selector support Ido Schimmel
2024-12-16 17:11 ` [PATCH net-next 1/9] net: fib_rules: Add flow label selector attributes Ido Schimmel
2024-12-16 17:11 ` Ido Schimmel [this message]
2024-12-16 17:11 ` [PATCH net-next 3/9] ipv6: fib_rules: Add flow label support Ido Schimmel
2024-12-17 13:59 ` Guillaume Nault
2024-12-17 15:24 ` Ido Schimmel
2024-12-17 19:10 ` Guillaume Nault
2024-12-19 3:05 ` Jakub Kicinski
2024-12-19 8:17 ` Ido Schimmel
2024-12-16 17:11 ` [PATCH net-next 4/9] net: fib_rules: Enable flow label selector usage Ido Schimmel
2024-12-16 17:11 ` [PATCH net-next 5/9] netlink: specs: Add FIB rule flow label attributes Ido Schimmel
2024-12-16 17:11 ` [PATCH net-next 6/9] ipv6: Add flow label to route get requests Ido Schimmel
2024-12-16 17:11 ` [PATCH net-next 7/9] netlink: specs: Add route flow label attribute Ido Schimmel
2024-12-16 17:12 ` [PATCH net-next 8/9] tracing: ipv6: Add flow label to fib6_table_lookup tracepoint Ido Schimmel
2024-12-16 17:12 ` [PATCH net-next 9/9] selftests: fib_rule_tests: Add flow label selector match tests Ido Schimmel
2024-12-16 17:16 ` [PATCH net-next 0/9] net: fib_rules: Add flow label selector support Ido Schimmel
2024-12-17 14:00 ` Guillaume Nault
2024-12-19 15:10 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241216171201.274644-3-idosch@nvidia.com \
--to=idosch@nvidia.com \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=gnault@redhat.com \
--cc=horms@kernel.org \
--cc=kuba@kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=mhiramat@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=petrm@nvidia.com \
--cc=rostedt@goodmis.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).