diff options
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter.c | 5 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 17 |
2 files changed, 7 insertions, 15 deletions
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 627e21db65df..834cea69fb53 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c | |||
@@ -56,6 +56,7 @@ EXPORT_SYMBOL(ip6_route_me_harder); | |||
56 | struct ip6_rt_info { | 56 | struct ip6_rt_info { |
57 | struct in6_addr daddr; | 57 | struct in6_addr daddr; |
58 | struct in6_addr saddr; | 58 | struct in6_addr saddr; |
59 | u_int32_t mark; | ||
59 | }; | 60 | }; |
60 | 61 | ||
61 | static void nf_ip6_saveroute(const struct sk_buff *skb, | 62 | static void nf_ip6_saveroute(const struct sk_buff *skb, |
@@ -68,6 +69,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, | |||
68 | 69 | ||
69 | rt_info->daddr = iph->daddr; | 70 | rt_info->daddr = iph->daddr; |
70 | rt_info->saddr = iph->saddr; | 71 | rt_info->saddr = iph->saddr; |
72 | rt_info->mark = skb->mark; | ||
71 | } | 73 | } |
72 | } | 74 | } |
73 | 75 | ||
@@ -79,7 +81,8 @@ static int nf_ip6_reroute(struct sk_buff *skb, | |||
79 | if (entry->hook == NF_INET_LOCAL_OUT) { | 81 | if (entry->hook == NF_INET_LOCAL_OUT) { |
80 | struct ipv6hdr *iph = ipv6_hdr(skb); | 82 | struct ipv6hdr *iph = ipv6_hdr(skb); |
81 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || | 83 | if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || |
82 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) | 84 | !ipv6_addr_equal(&iph->saddr, &rt_info->saddr) || |
85 | skb->mark != rt_info->mark) | ||
83 | return ip6_route_me_harder(skb); | 86 | return ip6_route_me_harder(skb); |
84 | } | 87 | } |
85 | return 0; | 88 | return 0; |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index b110a8a85a14..40d2e36d8fac 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
@@ -61,7 +61,7 @@ static struct xt_table packet_filter = { | |||
61 | 61 | ||
62 | /* The work comes in here from netfilter.c. */ | 62 | /* The work comes in here from netfilter.c. */ |
63 | static unsigned int | 63 | static unsigned int |
64 | ip6t_local_in_hook(unsigned int hook, | 64 | ip6t_in_hook(unsigned int hook, |
65 | struct sk_buff *skb, | 65 | struct sk_buff *skb, |
66 | const struct net_device *in, | 66 | const struct net_device *in, |
67 | const struct net_device *out, | 67 | const struct net_device *out, |
@@ -72,17 +72,6 @@ ip6t_local_in_hook(unsigned int hook, | |||
72 | } | 72 | } |
73 | 73 | ||
74 | static unsigned int | 74 | static unsigned int |
75 | ip6t_forward_hook(unsigned int hook, | ||
76 | struct sk_buff *skb, | ||
77 | const struct net_device *in, | ||
78 | const struct net_device *out, | ||
79 | int (*okfn)(struct sk_buff *)) | ||
80 | { | ||
81 | return ip6t_do_table(skb, hook, in, out, | ||
82 | dev_net(in)->ipv6.ip6table_filter); | ||
83 | } | ||
84 | |||
85 | static unsigned int | ||
86 | ip6t_local_out_hook(unsigned int hook, | 75 | ip6t_local_out_hook(unsigned int hook, |
87 | struct sk_buff *skb, | 76 | struct sk_buff *skb, |
88 | const struct net_device *in, | 77 | const struct net_device *in, |
@@ -105,14 +94,14 @@ ip6t_local_out_hook(unsigned int hook, | |||
105 | 94 | ||
106 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { | 95 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { |
107 | { | 96 | { |
108 | .hook = ip6t_local_in_hook, | 97 | .hook = ip6t_in_hook, |
109 | .owner = THIS_MODULE, | 98 | .owner = THIS_MODULE, |
110 | .pf = PF_INET6, | 99 | .pf = PF_INET6, |
111 | .hooknum = NF_INET_LOCAL_IN, | 100 | .hooknum = NF_INET_LOCAL_IN, |
112 | .priority = NF_IP6_PRI_FILTER, | 101 | .priority = NF_IP6_PRI_FILTER, |
113 | }, | 102 | }, |
114 | { | 103 | { |
115 | .hook = ip6t_forward_hook, | 104 | .hook = ip6t_in_hook, |
116 | .owner = THIS_MODULE, | 105 | .owner = THIS_MODULE, |
117 | .pf = PF_INET6, | 106 | .pf = PF_INET6, |
118 | .hooknum = NF_INET_FORWARD, | 107 | .hooknum = NF_INET_FORWARD, |