]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c7367e6) | patch
netfilter: Support iif matches in POSTROUTING
authorPhil Sutter <phil@nwl.cc>
Tue, 12 Nov 2019 16:14:37 +0000 (17:14 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 15 Nov 2019 22:44:48 +0000 (23:44 +0100)
commit0a590088d50a092ebf676c1622f7e8d3e2c09f4e
tree8e5b472d45954ee16b7fb7d172bb394058b3268dtree | snapshot
parentc7367e66e8d4e91c3990b784a8f7283c7ec550dbcommit | diff
netfilter: Support iif matches in POSTROUTING

Instead of generally passing NULL to NF_HOOK_COND() for input device,
pass skb->dev which contains input device for routed skbs.

Note that iptables (both legacy and nft) reject rules with input
interface match from being added to POSTROUTING chains, but nftables
allows this.

Cc: Eric Garver <eric@garver.life>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/ip_output.c diff | blob | history
net/ipv4/xfrm4_output.c diff | blob | history
net/ipv6/ip6_output.c diff | blob | history
net/ipv6/xfrm6_output.c diff | blob | history
Linux Kernel Source Tree.