diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-03-24 02:30:39 +0100 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2021-03-24 12:48:39 -0700 |
| commit | c63a7cc4d795c004b70cb935e8ba77d9e764f0ba (patch) | |
| tree | e1ee1c6235d8540217273d484c320b1940be5fb8 /include | |
| parent | 5139c0c007250c01c61337d584db4072c4786bf6 (diff) | |
| download | linux-c63a7cc4d795c004b70cb935e8ba77d9e764f0ba.tar.bz2 | |
netfilter: flowtable: use dev_fill_forward_path() to obtain ingress device
Obtain the ingress device in the tuple from the route in the reply
direction. Use dev_fill_forward_path() instead to get the real ingress
device for this flow.
Fall back to use the ingress device that the IP forwarding route
provides if:
- dev_fill_forward_path() finds no real ingress device.
- the ingress device that is obtained is not part of the flowtable
devices.
- this route has a xfrm policy.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_flow_table.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h index 828fcfbd5e6f..dca9fc66405f 100644 --- a/include/net/netfilter/nf_flow_table.h +++ b/include/net/netfilter/nf_flow_table.h @@ -165,6 +165,9 @@ static inline __s32 nf_flow_timeout_delta(unsigned int timeout) struct nf_flow_route { struct { struct dst_entry *dst; + struct { + u32 ifindex; + } in; enum flow_offload_xmit_type xmit_type; } tuple[FLOW_OFFLOAD_DIR_MAX]; }; |