net: fib_rules: Enable port mask usage

Allow user space to configure FIB rules that match on the source and
destination ports with a mask, now that support has been added to the
FIB rule core and the IPv4 and IPv6 address families.

Reviewed-by: Petr Machata <petrm@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/20250217134109.311176-6-idosch@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
index ba6beaa63f44ec084e39169b127b28782b73e1be..5ddd34cbe7f6ddc274fd78f681d0a271fc1a0555 100644 (file)
--- a/net/core/fib_rules.c
+++ b/net/core/fib_rules.c
@@ -843,8 +843,8 @@ static const struct nla_policy fib_rule_policy[FRA_MAX + 1] = {
        [FRA_DSCP]      = NLA_POLICY_MAX(NLA_U8, INET_DSCP_MASK >> 2),
        [FRA_FLOWLABEL] = { .type = NLA_BE32 },
        [FRA_FLOWLABEL_MASK] = { .type = NLA_BE32 },
-       [FRA_SPORT_MASK] = { .type = NLA_REJECT },
-       [FRA_DPORT_MASK] = { .type = NLA_REJECT },
+       [FRA_SPORT_MASK] = { .type = NLA_U16 },
+       [FRA_DPORT_MASK] = { .type = NLA_U16 },
 };
 
 int fib_newrule(struct net *net, struct sk_buff *skb, struct nlmsghdr *nlh,