]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 239ccea) | patch
netfilter: nft_fib: Fix for rpath check with VRF devices
authorPhil Sutter <phil@nwl.cc>
Wed, 21 Sep 2022 11:07:31 +0000 (13:07 +0200)
committerFlorian Westphal <fw@strlen.de>
Wed, 28 Sep 2022 11:33:26 +0000 (13:33 +0200)
commita329e2525305779136188b038b34751e08a6f387
tree8342309a2e62602b9e317ee5baebd06902cb3d9etree | snapshot
parent239ccea1948a0bb5da1d40aa4729455ac26f02fccommit | diff
netfilter: nft_fib: Fix for rpath check with VRF devices

Analogous to commit 07980f538cd5d ("netfilter: Fix rpfilter
dropping vrf packets by mistake") but for nftables fib expression:
Add special treatment of VRF devices so that typical reverse path
filtering via 'fib saddr . iif oif' expression works as expected.

Fixes: 798b8c4613cc8 ("netfilter: nf_tables: add fib expression")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
net/ipv4/netfilter/nft_fib_ipv4.c diff | blob | history
net/ipv6/netfilter/nft_fib_ipv6.c diff | blob | history
Linux Kernel Source Tree.