Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 02d86085 authored by Taehee Yoo's avatar Taehee Yoo Committed by Greg Kroah-Hartman
Browse files

netfilter: xt_TEE: fix wrong interface selection 



[ Upstream commit f24d2d4f9586985509320f90308723d3d0c4e47f ]

TEE netdevice notifier handler checks only interface name. however
each netns can have same interface name. hence other netns's interface
could be selected.

test commands:
   %ip netns add vm1
   %iptables -I INPUT -p icmp -j TEE --gateway 192.168.1.1 --oif enp2s0
   %ip link set enp2s0 netns vm1

Above rule is in the root netns. but that rule could get enp2s0
ifindex of vm1 by notifier handler.

After this patch, TEE rule is added to the per-netns list.

Fixes: 9e2f6c5d ("netfilter: Rework xt_TEE netdevice notifier")
Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent f9a0a08d
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment