]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 15df07f) | patch
netfilter: nft_fib: Fix for rpath check with VRF devices
authorPhil Sutter <phil@nwl.cc>
Wed, 21 Sep 2022 11:07:31 +0000 (13:07 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 26 Oct 2022 11:22:25 +0000 (13:22 +0200)
commit273de070a9cc31a2598eb582f0f4cfb7f2d26235
tree16977c8f5f897498c1875dda1f3a0b91361cdb8dtree | snapshot
parent15df07fcc37595c96056590e2f9622316a3845b9commit | diff
netfilter: nft_fib: Fix for rpath check with VRF devices

[ Upstream commit 447714c7b36ff1079380e5f5f2f71346fb58ebb4 ]

Analogous to commit c5dfc36d390e7 ("netfilter: Fix rpfilter
dropping vrf packets by mistake") but for nftables fib expression:
Add special treatment of VRF devices so that typical reverse path
filtering via 'fib saddr . iif oif' expression works as expected.

Fixes: 5b1de3fa6d053 ("netfilter: nf_tables: add fib expression")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/ipv4/netfilter/nft_fib_ipv4.c diff | blob | history
net/ipv6/netfilter/nft_fib_ipv6.c diff | blob | history
Linux Kernel Source Tree.