From patchwork Sun Feb 11 22:26:27 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Roopa Prabhu <roopa@cumulusnetworks.com>
X-Patchwork-Id: 871821
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=cumulusnetworks.com
	header.i=@cumulusnetworks.com header.b="P1inOrKo";
	dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3zfk1G1x39z9t3n
	for <patchwork-incoming@ozlabs.org>;
	Mon, 12 Feb 2018 09:26:42 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932199AbeBKW0j (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Sun, 11 Feb 2018 17:26:39 -0500
Received: from mail-pg0-f68.google.com ([74.125.83.68]:41167 "EHLO
	mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932127AbeBKW0h (ORCPT
	<rfc822;netdev@vger.kernel.org>); Sun, 11 Feb 2018 17:26:37 -0500
Received: by mail-pg0-f68.google.com with SMTP id t4so5193412pgp.8
	for <netdev@vger.kernel.org>; Sun, 11 Feb 2018 14:26:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=cumulusnetworks.com; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=ISWv6Nbcb3ESt7bdT+PYXzNzwIg0Kbyh+A8ozmw8EmQ=;
	b=P1inOrKotbUJcwJQajysJs8Rz8bkEblzNWXWkREGNeeibNDWZKkgbMO10p9FXyhda8
	nu0qr0FLJUUYopDhx3TmzKkes6XNOXC/zu7d+1wO/JY5CIBECBvB5NtPKbXpCfjRF1lA
	MtLVJmUw5kjNll12/UW/qDE1f9EhOjPU+9lZc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=ISWv6Nbcb3ESt7bdT+PYXzNzwIg0Kbyh+A8ozmw8EmQ=;
	b=QVx9arAfdgN7go0SJU0cd/nuA9YhT/10szAvVO/fhCE48XKnzhtsi9sycVsnS/sXQD
	tfmv9B0tf+zJ/h+Ats4fvnAtzhHyObFWZ5MrcTBzqTHgiFQ8kH6QvhCUUlh9UdJgbRC4
	9YRooLkrOGLB1fdQNPdHlOAWsUPE4FnFPUzzg3N7fpwYkGaTCBZPnTo2dfrhhG1+iijX
	YxNj7ob9T6Kn2xoglDZh73lypcxF9I34cYF0Klby85HH6N+mXjLJKosKCOtv7iLW2GR6
	QjCW+sIJ6wd4UEj9PhKFVJzxgeWqTuj6BRnQC0aesTa++v0+eD9D5S6lmDYFXvOtOLkl
	dGrg==
X-Gm-Message-State: APf1xPBfINA9+NT9G9EUlbpn7ouhTsBWcxCADCkKnqaaqPj049VuzzW8
	/d3ATILw0sAXkKQXSDrrvBzWl0ac
X-Google-Smtp-Source: 
 AH8x227tjT9s4lFKbYZ4vNdu3XSPmzxkRDrtesuX8CHbwJ+zFIu8m+GCWELY1fhPoEPlghlQCrO73Q==
X-Received: by 10.98.82.8 with SMTP id g8mr9791933pfb.212.1518387996714;
	Sun, 11 Feb 2018 14:26:36 -0800 (PST)
Received: from monster-08.mvlab.cumulusnetworks.com.
	(fw.cumulusnetworks.com. [216.129.126.126])
	by smtp.googlemail.com with ESMTPSA id
	f80sm24659732pff.81.2018.02.11.14.26.35
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Sun, 11 Feb 2018 14:26:36 -0800 (PST)
From: Roopa Prabhu <roopa@cumulusnetworks.com>
X-Google-Original-From: Roopa Prabhu
To: netdev@vger.kernel.org
Cc: dsa@cumulusnetworks.com, nikolay@cumulusnetworks.com
Subject: [PATCH RFC net-next 2/4] ipv6: fib6_rules: support for match on
	sport, dport and ip proto
Date: Sun, 11 Feb 2018 14:26:27 -0800
Message-Id: <1518387989-33735-3-git-send-email-roopa@cumulusnetworks.com>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1518387989-33735-1-git-send-email-roopa@cumulusnetworks.com>
References: <1518387989-33735-1-git-send-email-roopa@cumulusnetworks.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Roopa Prabhu <roopa@cumulusnetworks.com>

Add support to match on src port, dst port and ip protocol.

Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
---
 net/ipv6/fib6_rules.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 3 deletions(-)

diff --git a/net/ipv6/fib6_rules.c b/net/ipv6/fib6_rules.c
index b240f24..57c0836 100644
--- a/net/ipv6/fib6_rules.c
+++ b/net/ipv6/fib6_rules.c
@@ -28,13 +28,17 @@ struct fib6_rule {
 	struct rt6key		src;
 	struct rt6key		dst;
 	u8			tclass;
+	u8			proto;
+	__be16			sport;
+	__be16			dport;
 };
 
 static bool fib6_rule_matchall(const struct fib_rule *rule)
 {
 	struct fib6_rule *r = container_of(rule, struct fib6_rule, common);
 
-	if (r->dst.plen || r->src.plen || r->tclass)
+	if (r->dst.plen || r->src.plen || r->tclass || r->proto || r->sport ||
+	    r->dport)
 		return false;
 	return fib_rule_matchall(rule);
 }
@@ -223,6 +227,15 @@ static int fib6_rule_match(struct fib_rule *rule, struct flowi *fl, int flags)
 	if (r->tclass && r->tclass != ip6_tclass(fl6->flowlabel))
 		return 0;
 
+	if (r->proto && r->proto != fl6->flowi6_proto)
+		return 0;
+
+	if (r->sport && r->sport != fl6->fl6_sport)
+		return 0;
+
+	if (r->dport && r->dport != fl6->fl6_dport)
+		return 0;
+
 	return 1;
 }
 
@@ -258,6 +271,15 @@ static int fib6_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
 	rule6->dst.plen = frh->dst_len;
 	rule6->tclass = frh->tos;
 
+	if (tb[FRA_PROTO])
+		rule6->proto = nla_get_u8(tb[FRA_PROTO]);
+
+	if (tb[FRA_SPORT])
+		rule6->sport = nla_get_be16(tb[FRA_SPORT]);
+
+	if (tb[FRA_DPORT])
+		rule6->dport = nla_get_be16(tb[FRA_DPORT]);
+
 	net->ipv6.fib6_has_custom_rules = true;
 	err = 0;
 errout:
@@ -286,6 +308,18 @@ static int fib6_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
 	    nla_memcmp(tb[FRA_DST], &rule6->dst.addr, sizeof(struct in6_addr)))
 		return 0;
 
+	if (tb[FRA_PROTO] &&
+	    (rule6->proto != nla_get_u8(tb[FRA_PROTO])))
+		return 0;
+
+	if (tb[FRA_SPORT] &&
+	    (rule6->sport != nla_get_be32(tb[FRA_SPORT])))
+		return 0;
+
+	if (tb[FRA_DPORT] &&
+	    (rule6->dport != nla_get_be32(tb[FRA_DPORT])))
+		return 0;
+
 	return 1;
 }
 
@@ -301,7 +335,13 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
 	if ((rule6->dst.plen &&
 	     nla_put_in6_addr(skb, FRA_DST, &rule6->dst.addr)) ||
 	    (rule6->src.plen &&
-	     nla_put_in6_addr(skb, FRA_SRC, &rule6->src.addr)))
+	     nla_put_in6_addr(skb, FRA_SRC, &rule6->src.addr)) ||
+	    (rule6->proto &&
+		nla_put_u8(skb, FRA_PROTO, rule6->proto)) ||
+	    (rule6->sport &&
+		nla_put_be16(skb, FRA_SPORT, rule6->sport)) ||
+	    (rule6->dport &&
+		nla_put_be16(skb, FRA_DPORT, rule6->dport)))
 		goto nla_put_failure;
 	return 0;
 
@@ -312,7 +352,10 @@ static int fib6_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
 static size_t fib6_rule_nlmsg_payload(struct fib_rule *rule)
 {
 	return nla_total_size(16) /* dst */
-	       + nla_total_size(16); /* src */
+	       + nla_total_size(16) /* src */
+	       + nla_total_size(1) /* proto */
+	       + nla_total_size(2) /* sport */
+	       + nla_total_size(2); /* dport */
 }
 
 static const struct fib_rules_ops __net_initconst fib6_rules_ops_template = {