lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Nov 2018 16:29:36 +0300
From:   Pavel Balaev <mail@...d.so>
To:     davem@...emloft.net
Cc:     netdev@...r.kernel.org
Subject: [PATCH v2] ipv4: make DSCP values works with ip rules

This patch adds ability to set DSCP values in ip rules.                                                                                          
Values presented in /etc/iproute3/rt_dsfield and now can be used in rules.

Example:
$ ip ru add from 10.88.0.2 tos AF23 lookup dscp.
Result:
---
32762:	from 10.88.0.2 tos AF43 lookup dscp
---

Patch was tested with such configuration:

+-----------+
| 10.88.0.2 | -> ping 172.16.0.1 -Q 0x58 ->
|   host0   |
+-----------+

   +-------------------------------------+
   | router with patched kernel          |
   |                                     |
-> | from 10.88.0.2 tos AF43 lookup dscp |->
   | table dscp:                         |
   |   172.16.0.0/24 via 10.200.0.2      |
   +-------------------------------------+

	 +------------------+
-> | eth0: 10.200.0.2 |
   | eth1: 172.16.0.1 |
   |      host1       |
   +------------------+

Signed-off-by: Pavel Balaev <mail@...d.so>
---
 include/net/route.h     | 2 +-
 include/uapi/linux/ip.h | 2 ++
 net/ipv4/fib_rules.c    | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/net/route.h b/include/net/route.h
index bb53cdba..b984ecff 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -239,7 +239,7 @@ static inline void ip_rt_put(struct rtable *rt)
 	dst_release(&rt->dst);
 }
 
-#define IPTOS_RT_MASK	(IPTOS_TOS_MASK & ~3)
+#define IPTOS_RT_MASK	(IPTOS_DSCP_MASK & ~3)
 
 extern const __u8 ip_tos2prio[16];
 
diff --git a/include/uapi/linux/ip.h b/include/uapi/linux/ip.h
index e42d13b5..307ce2b1 100644
--- a/include/uapi/linux/ip.h
+++ b/include/uapi/linux/ip.h
@@ -38,6 +38,8 @@
 #define IPTOS_PREC_PRIORITY             0x20
 #define IPTOS_PREC_ROUTINE              0x00
 
+#define IPTOS_DSCP_MASK		(IPTOS_TOS_MASK | IPTOS_PREC_MASK)
+#define IPTOS_DSCP(tos)		((tos)&IPTOS_DSCP_MASK)
 
 /* IP options */
 #define IPOPT_COPY		0x80
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index f8eb78d0..9ba91ef0 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -220,7 +220,7 @@ static int fib4_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
 	int err = -EINVAL;
 	struct fib4_rule *rule4 = (struct fib4_rule *) rule;
 
-	if (frh->tos & ~IPTOS_TOS_MASK) {
+	if (frh->tos & ~IPTOS_DSCP_MASK) {
 		NL_SET_ERR_MSG(extack, "Invalid tos");
 		goto errout;
 	}
-- 
2.18.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ