diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2010-04-13 15:32:16 +0200 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-04-13 15:32:16 +0200 |
| commit | 9c6eb28aca52d562f3ffbaebaa56385df9972a43 (patch) | |
| tree | 775683fe8a8549274610872b44e4778c76195fa2 | |
| parent | 9e50849054a4824f06c66d2b449de21b98e03770 (diff) | |
| download | linux-3.10-9c6eb28aca52d562f3ffbaebaa56385df9972a43.tar.gz linux-3.10-9c6eb28aca52d562f3ffbaebaa56385df9972a43.tar.bz2 linux-3.10-9c6eb28aca52d562f3ffbaebaa56385df9972a43.zip | |
netfilter: ipv6: add IPSKB_REROUTED exclusion to NF_HOOK/POSTROUTING invocation
Similar to how IPv4's ip_output.c works, have ip6_output also check
the IPSKB_REROUTED flag. It will be set from xt_TEE for cloned packets
since Xtables can currently only deal with a single packet in flight
at a time.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Acked-by: David S. Miller <davem@davemloft.net>
[Patrick: changed to use an IP6SKB value instead of IPSKB]
Signed-off-by: Patrick McHardy <kaber@trash.net>
| -rw-r--r-- | include/linux/ipv6.h | 1 | ||||
| -rw-r--r-- | net/ipv6/ip6_output.c | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h index e0cc9a7db2b..7bdf6ffe2b4 100644 --- a/include/linux/ipv6.h +++ b/include/linux/ipv6.h @@ -250,6 +250,7 @@ struct inet6_skb_parm { #define IP6SKB_XFRM_TRANSFORMED 1 #define IP6SKB_FORWARDED 2 +#define IP6SKB_REROUTED 4 }; #define IP6CB(skb) ((struct inet6_skb_parm*)((skb)->cb)) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 236ac781374..c10a38a71a5 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -172,8 +172,9 @@ int ip6_output(struct sk_buff *skb) return 0; } - return NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev, - ip6_finish_output); + return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev, + ip6_finish_output, + !(IP6CB(skb)->flags & IP6SKB_REROUTED)); } /* |