projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5139c0c) | patch
netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 24 Mar 2021 01:30:39 +0000 (02:30 +0100)
committerDavid S. Miller <davem@davemloft.net>
Wed, 24 Mar 2021 19:48:39 +0000 (12:48 -0700)
commitc63a7cc4d795c004b70cb935e8ba77d9e764f0ba
treee1ee1c6235d8540217273d484c320b1940be5fb8tree | snapshot
parent5139c0c007250c01c61337d584db4072c4786bf6commit | diff
netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device

Obtain the ingress device in the tuple from the route in the reply
direction. Use dev_fill_forward_path() instead to get the real ingress
device for this flow.

Fall back to use the ingress device that the IP forwarding route
provides if:

- dev_fill_forward_path() finds no real ingress device.
- the ingress device that is obtained is not part of the flowtable
  devices.
- this route has a xfrm policy.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/netfilter/nf_flow_table.h diff | blob | history
net/netfilter/nf_flow_table_core.c diff | blob | history
net/netfilter/nft_flow_offload.c diff | blob | history
Domain: System / Kernel;