mbox series

[nf-next,0/5] netfilter: Prepare netfilter to future .flowi4_tos conversion.

Message ID cover.1731599482.git.gnault@redhat.com (mailing list archive)
Headers show
Series netfilter: Prepare netfilter to future .flowi4_tos conversion. | expand

Message

Guillaume Nault Nov. 14, 2024, 4:03 p.m. UTC
There are multiple occasions where Netfilter code needs to perform
route lookups and initialise struct flowi4. As we're in the process of
converting the .flowi4_tos field to dscp_t, we need to convert the
users so that they have a dscp_t value at hand, rather than a __u8.

All netfilter users get the DSCP (TOS) value from IPv4 packet headers.
So we just need to use the new ip4h_dscp() helper to get a dscp_t
variable.

Converting .flowi4_tos to dscp_t will allow to detect regressions where
ECN bits are mistakenly treated as DSCP when doing route lookups.

Guillaume Nault (5):
  netfilter: ipv4: Convert ip_route_me_harder() to dscp_t.
  netfilter: flow_offload: Convert nft_flow_route() to dscp_t.
  netfilter: rpfilter: Convert rpfilter_mt() to dscp_t.
  netfilter: nft_fib: Convert nft_fib4_eval() to dscp_t.
  netfilter: nf_dup4: Convert nf_dup_ipv4_route() to dscp_t.

 net/ipv4/netfilter.c              | 2 +-
 net/ipv4/netfilter/ipt_rpfilter.c | 2 +-
 net/ipv4/netfilter/nf_dup_ipv4.c  | 2 +-
 net/ipv4/netfilter/nft_fib_ipv4.c | 3 ++-
 net/netfilter/nft_flow_offload.c  | 4 ++--
 5 files changed, 7 insertions(+), 6 deletions(-)

Comments

Pablo Neira Ayuso Nov. 15, 2024, 10:50 a.m. UTC | #1
On Thu, Nov 14, 2024 at 05:03:16PM +0100, Guillaume Nault wrote:
> There are multiple occasions where Netfilter code needs to perform
> route lookups and initialise struct flowi4. As we're in the process of
> converting the .flowi4_tos field to dscp_t, we need to convert the
> users so that they have a dscp_t value at hand, rather than a __u8.
> 
> All netfilter users get the DSCP (TOS) value from IPv4 packet headers.
> So we just need to use the new ip4h_dscp() helper to get a dscp_t
> variable.
> 
> Converting .flowi4_tos to dscp_t will allow to detect regressions where
> ECN bits are mistakenly treated as DSCP when doing route lookups.

Series applied, thanks