]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5987753) | patch
netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 24 Mar 2021 01:30:39 +0000 (02:30 +0100)
committerDavid S. Miller <davem@davemloft.net>
Wed, 24 Mar 2021 19:48:39 +0000 (12:48 -0700)
commit7c2bc6069e61d8551ccdd7be66364f20210ebcde
treee1ee1c6235d8540217273d484c320b1940be5fb8tree | snapshot
parent59877534f2ec50039d2d00cd99bfbe7b9d94912bcommit | diff
netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device

Obtain the ingress device in the tuple from the route in the reply
direction. Use dev_fill_forward_path() instead to get the real ingress
device for this flow.

Fall back to use the ingress device that the IP forwarding route
provides if:

- dev_fill_forward_path() finds no real ingress device.
- the ingress device that is obtained is not part of the flowtable
  devices.
- this route has a xfrm policy.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/netfilter/nf_flow_table.h diff | blob | history
net/netfilter/nf_flow_table_core.c diff | blob | history
net/netfilter/nft_flow_offload.c diff | blob | history
Linux Kernel Source Tree.