net: fib_rules: Add port mask attributes

Add attributes that allow matching on source and destination ports with
a mask. Matching on the source port with a mask is needed in deployments
where users encode path information into certain bits of the UDP source
port.

Temporarily set the type of the attributes to 'NLA_REJECT' while support
is being added.

Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250217134109.311176-2-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/include/uapi/linux/fib_rules.h b/include/uapi/linux/fib_rules.h
index 00e9890..95ec01b 100644 (file)
--- a/include/uapi/linux/fib_rules.h
+++ b/include/uapi/linux/fib_rules.h
@@ -70,6 +70,8 @@ enum {
        FRA_DSCP,       /* dscp */
        FRA_FLOWLABEL,  /* flowlabel */
        FRA_FLOWLABEL_MASK,     /* flowlabel mask */
+       FRA_SPORT_MASK, /* sport mask */
+       FRA_DPORT_MASK, /* dport mask */
        __FRA_MAX
 };
 

diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index 424b4cd..f5b1900 100644 (file)
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -784,6 +784,8 @@ static const struct nla_policy fib_rule_policy[FRA_MAX + 1] = {
        [FRA_DSCP]      = NLA_POLICY_MAX(NLA_U8, INET_DSCP_MASK >> 2),
        [FRA_FLOWLABEL] = { .type = NLA_BE32 },
        [FRA_FLOWLABEL_MASK] = { .type = NLA_BE32 },
+       [FRA_SPORT_MASK] = { .type = NLA_REJECT },
+       [FRA_DPORT_MASK] = { .type = NLA_REJECT },
 };
 
 int fib_newrule(struct net *net, struct sk_buff *skb, struct nlmsghdr *nlh,