UPSTREAM: xfrm: Extend the output_mark to support input direction and masking.
authorSteffen Klassert <steffen.klassert@secunet.com>
Tue, 12 Jun 2018 10:44:26 +0000 (12:44 +0200)
committerCosmin Tanislav <demonsingur@gmail.com>
Mon, 22 Apr 2024 17:24:00 +0000 (20:24 +0300)
We already support setting an output mark at the xfrm_state,
unfortunately this does not support the input direction and
masking the marks that will be applied to the skb. This change
adds support applying a masked value in both directions.

The existing XFRMA_OUTPUT_MARK number is reused for this purpose
and as it is now bi-directional, it is renamed to XFRMA_SET_MARK.

An additional XFRMA_SET_MARK_MASK attribute is added for setting the
mask. If the attribute mask not provided, it is set to 0xffffffff,
keeping the XFRMA_OUTPUT_MARK existing 'full mask' semantics.

Co-developed-by: Tobias Brunner <tobias@strongswan.org>
Co-developed-by: Eyal Birger <eyal.birger@gmail.com>
Co-developed-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Tobias Brunner <tobias@strongswan.org>
Signed-off-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
(cherry picked from commit 9b42c1f179a614e11893ae4619f0304a38f481ae)
Signed-off-by: Benedict Wong <benedictwong@google.com>
Bug: 113046120
Change-Id: I582f0b460dc58f01e0c30afb6167725aa337d054

net/xfrm/xfrm_policy.c

index 54488a9723e307992317e075b1b81dcf46e6627b..2112db61dc0d5a035986614c60bf670905c7ef52 100644 (file)
@@ -1616,10 +1616,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
                dst_copy_metrics(dst1, dst);
 
                if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
-                       __u32 mark = 0;
-
-                       if (xfrm[i]->props.smark.v || xfrm[i]->props.smark.m)
-                               mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);
+                       __u32 mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]);
 
                        family = xfrm[i]->props.family;
                        dst = xfrm_dst_lookup(xfrm[i], tos, fl->flowi_oif,