From: Ido Schimmel <idosch@nvidia.com>
Date: Thu, 5 Sep 2024 16:51:29 +0000 (+0300)
Subject: netfilter: br_netfilter: Unmask upper DSCP bits in br_nf_pre_routing_finish()
X-Git-Tag: v6.12-rc1~232^2~71^2~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1f23a1909d7f5f7c5fa6809816d61712de1a2d5b;p=thirdparty%2Fkernel%2Flinux.git

netfilter: br_netfilter: Unmask upper DSCP bits in br_nf_pre_routing_finish()

Unmask upper DSCP bits when calling ip_route_output() so that in the
future it could perform the FIB lookup according to the full DSCP value.

Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 8f9c19d992ac5..0e8bc0ea61750 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -36,6 +36,7 @@
 #include <net/route.h>
 #include <net/netfilter/br_netfilter.h>
 #include <net/netns/generic.h>
+#include <net/inet_dscp.h>
 
 #include <linux/uaccess.h>
 #include "br_private.h"
@@ -402,7 +403,7 @@ static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_
 				goto free_skb;
 
 			rt = ip_route_output(net, iph->daddr, 0,
-					     RT_TOS(iph->tos), 0,
+					     iph->tos & INET_DSCP_MASK, 0,
 					     RT_SCOPE_UNIVERSE);
 			if (!IS_ERR(rt)) {
 				/* - Bridged-and-DNAT'ed traffic doesn't