Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 9123de2c043996050bacf77031cad845f5976f5d

Authored by Patrick McHardy
Committed by David S. Miller
1 parent 57dab5d0bf

[NETFILTER]: ip6table_mangle: reroute when nfmark changes in NF_IP6_LOCAL_OUT 

Now that IPv6 supports policy routing we need to reroute in NF_IP6_LOCAL_OUT
when the mark value changes.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 3 changed files with 3 additions and 8 deletions Side-by-side Diff

include/linux/netfilter_ipv6.h
Diff comments   View file @ 9123de2
... ... @@ -73,6 +73,7 @@
73 73 };
74 74  
75 75 #ifdef CONFIG_NETFILTER
  76 +extern int ip6_route_me_harder(struct sk_buff *skb);
76 77 extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
77 78 unsigned int dataoff, u_int8_t protocol);
78 79  
include/net/ip6_route.h
Diff comments   View file @ 9123de2
... ... @@ -57,8 +57,6 @@
57 57 extern struct dst_entry * ip6_route_output(struct sock *sk,
58 58 struct flowi *fl);
59 59  
60   -extern int ip6_route_me_harder(struct sk_buff *skb);
61   -
62 60 extern void ip6_route_init(void);
63 61 extern void ip6_route_cleanup(void);
64 62  
net/ipv6/netfilter/ip6table_mangle.c
Diff comments   View file @ 9123de2
... ... @@ -180,12 +180,8 @@
180 180 && (memcmp(&(*pskb)->nh.ipv6h->saddr, &saddr, sizeof(saddr))
181 181 || memcmp(&(*pskb)->nh.ipv6h->daddr, &daddr, sizeof(daddr))
182 182 || (*pskb)->nfmark != nfmark
183   - || (*pskb)->nh.ipv6h->hop_limit != hop_limit)) {
184   -
185   - /* something which could affect routing has changed */
186   -
187   - DEBUGP("ip6table_mangle: we'd need to re-route a packet\n");
188   - }
  183 + || (*pskb)->nh.ipv6h->hop_limit != hop_limit))
  184 + return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP;
189 185  
190 186 return ret;
191 187 }