Commit 9c6eb28a authored Apr 13, 2010 by Jan Engelhardt Committed by Patrick McHardy Apr 13, 2010

netfilter: ipv6: add IPSKB_REROUTED exclusion to NF_HOOK/POSTROUTING invocation



Similar to how IPv4's ip_output.c works, have ip6_output also check
the IPSKB_REROUTED flag. It will be set from xt_TEE for cloned packets
since Xtables can currently only deal with a single packet in flight
at a time.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Acked-by: David S. Miller <davem@davemloft.net>
[Patrick: changed to use an IP6SKB value instead of IPSKB]
Signed-off-by: Patrick McHardy <kaber@trash.net>

parent 9e508490

include/linux/ipv6.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -250,6 +250,7 @@ struct inet6_skb_parm {

		#define IP6SKB_XFRM_TRANSFORMED 1
		#define IP6SKB_FORWARDED 2
		#define IP6SKB_REROUTED 4
		};

		#define IP6CB(skb) ((struct inet6_skb_parm*)((skb)->cb))

net/ipv6/ip6_output.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -172,8 +172,9 @@ int ip6_output(struct sk_buff *skb)
		return 0;
		}

		return NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
		ip6_finish_output);
		return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
		ip6_finish_output,
		!(IP6CB(skb)->flags & IP6SKB_REROUTED));
		}

		/*