]> Git Repo - linux.git/commit
projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c27d8d) | patch
netfilter: Support iif matches in POSTROUTING
authorPhil Sutter <[email protected]>
Tue, 12 Nov 2019 16:14:37 +0000 (17:14 +0100)
committerPablo Neira Ayuso <[email protected]>
Fri, 15 Nov 2019 22:44:48 +0000 (23:44 +0100)
commit28f8bfd1ac948403ebd5c8070ae1e25421560059
tree8e5b472d45954ee16b7fb7d172bb394058b3268dtree | snapshot
parent5c27d8d76ce810c6254cf5917a6019d824f34bd2commit | diff
netfilter: Support iif matches in POSTROUTING

Instead of generally passing NULL to NF_HOOK_COND() for input device,
pass skb->dev which contains input device for routed skbs.

Note that iptables (both legacy and nft) reject rules with input
interface match from being added to POSTROUTING chains, but nftables
allows this.

Cc: Eric Garver <[email protected]>
Signed-off-by: Phil Sutter <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
net/ipv4/ip_output.c diff | blob | blame | history
net/ipv4/xfrm4_output.c diff | blob | blame | history
net/ipv6/ip6_output.c diff | blob | blame | history
net/ipv6/xfrm6_output.c diff | blob | blame | history
Empty description
This page took 0.077061 seconds and 4 git commands to generate.