git.baikalelectronics.ru Git - kernel.git/commit

author	Taehee Yoo <ap420073@gmail.com>
	Sat, 6 Oct 2018 15:09:18 +0000 (00:09 +0900)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 11 Oct 2018 09:29:14 +0000 (11:29 +0200)
commit	25d4d3ae1f0836f8a7a926737e18dc5efd4f9ab4
tree	68d348b457149c90c47d3bf3ed93c09f5d178abc	tree \| snapshot
parent	69563eccdcfc7b4b006747e238ddae9db54d99a8	commit \| diff

netfilter: xt_TEE: fix wrong interface selection

TEE netdevice notifier handler checks only interface name. however
each netns can have same interface name. hence other netns's interface
could be selected.

test commands:
   %ip netns add vm1
   %iptables -I INPUT -p icmp -j TEE --gateway 192.168.1.1 --oif enp2s0
   %ip link set enp2s0 netns vm1

Above rule is in the root netns. but that rule could get enp2s0
ifindex of vm1 by notifier handler.

After this patch, TEE rule is added to the per-netns list.

Fixes: b78ffc00d241 ("netfilter: Rework xt_TEE netdevice notifier")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>