]> git.baikalelectronics.ru Git - kernel.git/commit
netfilter: nft_fib: Fix for rpath check with VRF devices
authorPhil Sutter <phil@nwl.cc>
Wed, 21 Sep 2022 11:07:31 +0000 (13:07 +0200)
committerFlorian Westphal <fw@strlen.de>
Wed, 28 Sep 2022 11:33:26 +0000 (13:33 +0200)
commit2a8a7c0eaa8747c16aa4a48d573aa920d5c00a5c
tree8342309a2e62602b9e317ee5baebd06902cb3d9e
parentb9a5cbf8ba24e88071a97a51a09ef5cdf0d1f6a1
netfilter: nft_fib: Fix for rpath check with VRF devices

Analogous to commit b575b24b8eee3 ("netfilter: Fix rpfilter
dropping vrf packets by mistake") but for nftables fib expression:
Add special treatment of VRF devices so that typical reverse path
filtering via 'fib saddr . iif oif' expression works as expected.

Fixes: f6d0cbcf09c50 ("netfilter: nf_tables: add fib expression")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
net/ipv4/netfilter/nft_fib_ipv4.c
net/ipv6/netfilter/nft_fib_ipv6.c