aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter.c5
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c17
2 files changed, 7 insertions, 15 deletions
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 627e21db65df..834cea69fb53 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -56,6 +56,7 @@ EXPORT_SYMBOL(ip6_route_me_harder);
56struct ip6_rt_info { 56struct ip6_rt_info {
57 struct in6_addr daddr; 57 struct in6_addr daddr;
58 struct in6_addr saddr; 58 struct in6_addr saddr;
59 u_int32_t mark;
59}; 60};
60 61
61static void nf_ip6_saveroute(const struct sk_buff *skb, 62static void nf_ip6_saveroute(const struct sk_buff *skb,
@@ -68,6 +69,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb,
68 69
69 rt_info->daddr = iph->daddr; 70 rt_info->daddr = iph->daddr;
70 rt_info->saddr = iph->saddr; 71 rt_info->saddr = iph->saddr;
72 rt_info->mark = skb->mark;
71 } 73 }
72} 74}
73 75
@@ -79,7 +81,8 @@ static int nf_ip6_reroute(struct sk_buff *skb,
79 if (entry->hook == NF_INET_LOCAL_OUT) { 81 if (entry->hook == NF_INET_LOCAL_OUT) {
80 struct ipv6hdr *iph = ipv6_hdr(skb); 82 struct ipv6hdr *iph = ipv6_hdr(skb);
81 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || 83 if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) ||
82 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) 84 !ipv6_addr_equal(&iph->saddr, &rt_info->saddr) ||
85 skb->mark != rt_info->mark)
83 return ip6_route_me_harder(skb); 86 return ip6_route_me_harder(skb);
84 } 87 }
85 return 0; 88 return 0;
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index b110a8a85a14..40d2e36d8fac 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -61,7 +61,7 @@ static struct xt_table packet_filter = {
61 61
62/* The work comes in here from netfilter.c. */ 62/* The work comes in here from netfilter.c. */
63static unsigned int 63static unsigned int
64ip6t_local_in_hook(unsigned int hook, 64ip6t_in_hook(unsigned int hook,
65 struct sk_buff *skb, 65 struct sk_buff *skb,
66 const struct net_device *in, 66 const struct net_device *in,
67 const struct net_device *out, 67 const struct net_device *out,
@@ -72,17 +72,6 @@ ip6t_local_in_hook(unsigned int hook,
72} 72}
73 73
74static unsigned int 74static unsigned int
75ip6t_forward_hook(unsigned int hook,
76 struct sk_buff *skb,
77 const struct net_device *in,
78 const struct net_device *out,
79 int (*okfn)(struct sk_buff *))
80{
81 return ip6t_do_table(skb, hook, in, out,
82 dev_net(in)->ipv6.ip6table_filter);
83}
84
85static unsigned int
86ip6t_local_out_hook(unsigned int hook, 75ip6t_local_out_hook(unsigned int hook,
87 struct sk_buff *skb, 76 struct sk_buff *skb,
88 const struct net_device *in, 77 const struct net_device *in,
@@ -105,14 +94,14 @@ ip6t_local_out_hook(unsigned int hook,
105 94
106static struct nf_hook_ops ip6t_ops[] __read_mostly = { 95static struct nf_hook_ops ip6t_ops[] __read_mostly = {
107 { 96 {
108 .hook = ip6t_local_in_hook, 97 .hook = ip6t_in_hook,
109 .owner = THIS_MODULE, 98 .owner = THIS_MODULE,
110 .pf = PF_INET6, 99 .pf = PF_INET6,
111 .hooknum = NF_INET_LOCAL_IN, 100 .hooknum = NF_INET_LOCAL_IN,
112 .priority = NF_IP6_PRI_FILTER, 101 .priority = NF_IP6_PRI_FILTER,
113 }, 102 },
114 { 103 {
115 .hook = ip6t_forward_hook, 104 .hook = ip6t_in_hook,
116 .owner = THIS_MODULE, 105 .owner = THIS_MODULE,
117 .pf = PF_INET6, 106 .pf = PF_INET6,
118 .hooknum = NF_INET_FORWARD, 107 .hooknum = NF_INET_FORWARD,