On Sun, Jul 28, 2024 at 04:30:40AM +0200, Florian Westphal wrote:
> Ido Schimmel <idosch@xxxxxxxxxx> wrote:
> > void nft_fib4_eval_type(const struct nft_expr *expr, struct nft_regs *regs,
> > const struct nft_pktinfo *pkt)
> > {
> > @@ -110,7 +108,7 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,
> > if (priv->flags & NFTA_FIB_F_MARK)
> > fl4.flowi4_mark = pkt->skb->mark;
> >
> > - fl4.flowi4_tos = iph->tos & DSCP_BITS;
> > + fl4.flowi4_tos = iph->tos & IPTOS_RT_MASK;
>
> I was confused because cover letter talks about allowing both tos or dscp depending on
> new nlattr for ipv4, but then this patch makes that impossible because dscp bits get masked.
>
> patch 3 says:
> ----
> A prerequisite for allowing FIB rules to match on DSCP is to adjust all
> the call sites to initialize the high order DSCP bits and remove their
> masking along the path to the core where the field is matched on.
> ----
>
> But nft_fib_ipv4.c already does that.
>
> So I would suggest to just drop this patch and then get rid of '&
> DSCP_BITS' once everything is in place.
>
> But feel free to handle this as you prefer.
My preference is to first align all the users to mask the upper DSCP
bits (patches #1-#2), then move the masking to the core (patch #3) and
finally remove the masking from the various call sites (future
patchsets). Will make it clearer in the cover letter.
Thanks!
