]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f789b0d) | patch
netfilter: nft_fib: Fix for rpath check with VRF devices
authorPhil Sutter <phil@nwl.cc>
Wed, 21 Sep 2022 11:07:31 +0000 (13:07 +0200)
committerFlorian Westphal <fw@strlen.de>
Wed, 28 Sep 2022 11:33:26 +0000 (13:33 +0200)
commit447714c7b36ff1079380e5f5f2f71346fb58ebb4
tree8342309a2e62602b9e317ee5baebd06902cb3d9etree | snapshot
parentf789b0d5829176d8cf397c2b77e31e1f05aa29b7commit | diff
netfilter: nft_fib: Fix for rpath check with VRF devices

Analogous to commit c5dfc36d390e7 ("netfilter: Fix rpfilter
dropping vrf packets by mistake") but for nftables fib expression:
Add special treatment of VRF devices so that typical reverse path
filtering via 'fib saddr . iif oif' expression works as expected.

Fixes: 5b1de3fa6d053 ("netfilter: nf_tables: add fib expression")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
net/ipv4/netfilter/nft_fib_ipv4.c diff | blob | history
net/ipv6/netfilter/nft_fib_ipv6.c diff | blob | history
Linux Kernel Source Tree.