[NETFILTER]: ip6table_mangle: reroute when nfmark changes in NF_IP6_LOCAL_OUT
Now that IPv6 supports policy routing we need to reroute in NF_IP6_LOCAL_OUT when the mark value changes. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
57dab5d0bf
commit
9123de2c04
|
@ -73,6 +73,7 @@ enum nf_ip6_hook_priorities {
|
|||
};
|
||||
|
||||
#ifdef CONFIG_NETFILTER
|
||||
extern int ip6_route_me_harder(struct sk_buff *skb);
|
||||
extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
|
||||
unsigned int dataoff, u_int8_t protocol);
|
||||
|
||||
|
|
|
@ -57,8 +57,6 @@ extern void ip6_route_input(struct sk_buff *skb);
|
|||
extern struct dst_entry * ip6_route_output(struct sock *sk,
|
||||
struct flowi *fl);
|
||||
|
||||
extern int ip6_route_me_harder(struct sk_buff *skb);
|
||||
|
||||
extern void ip6_route_init(void);
|
||||
extern void ip6_route_cleanup(void);
|
||||
|
||||
|
|
|
@ -180,12 +180,8 @@ ip6t_local_hook(unsigned int hook,
|
|||
&& (memcmp(&(*pskb)->nh.ipv6h->saddr, &saddr, sizeof(saddr))
|
||||
|| memcmp(&(*pskb)->nh.ipv6h->daddr, &daddr, sizeof(daddr))
|
||||
|| (*pskb)->nfmark != nfmark
|
||||
|| (*pskb)->nh.ipv6h->hop_limit != hop_limit)) {
|
||||
|
||||
/* something which could affect routing has changed */
|
||||
|
||||
DEBUGP("ip6table_mangle: we'd need to re-route a packet\n");
|
||||
}
|
||||
|| (*pskb)->nh.ipv6h->hop_limit != hop_limit))
|
||||
return ip6_route_me_harder(*pskb) == 0 ? ret : NF_DROP;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue