diff options
author | David S. Miller <davem@davemloft.net> | 2008-11-28 02:19:15 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-28 02:19:15 -0800 |
commit | ed77a89c30fa03dcb234a84ddea710b3fb7b62da (patch) | |
tree | 69f3e2c2bbf2fdd4f742e891441f01307d1d1f49 /net/ipv6 | |
parent | 475ad8e2172d7f8b73af5532a8dad265b51339c2 (diff) | |
parent | d6e8cc6cc7ac77b0f9118f78c453a2e834e62709 (diff) | |
download | op-kernel-dev-ed77a89c30fa03dcb234a84ddea710b3fb7b62da.zip op-kernel-dev-ed77a89c30fa03dcb234a84ddea710b3fb7b62da.tar.gz |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
Conflicts:
net/netfilter/nf_conntrack_netlink.c
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter.c | 5 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 17 |
2 files changed, 7 insertions, 15 deletions
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c index 627e21d..834cea6 100644 --- a/net/ipv6/netfilter.c +++ b/net/ipv6/netfilter.c @@ -56,6 +56,7 @@ EXPORT_SYMBOL(ip6_route_me_harder); struct ip6_rt_info { struct in6_addr daddr; struct in6_addr saddr; + u_int32_t mark; }; static void nf_ip6_saveroute(const struct sk_buff *skb, @@ -68,6 +69,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, rt_info->daddr = iph->daddr; rt_info->saddr = iph->saddr; + rt_info->mark = skb->mark; } } @@ -79,7 +81,8 @@ static int nf_ip6_reroute(struct sk_buff *skb, if (entry->hook == NF_INET_LOCAL_OUT) { struct ipv6hdr *iph = ipv6_hdr(skb); if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) || - !ipv6_addr_equal(&iph->saddr, &rt_info->saddr)) + !ipv6_addr_equal(&iph->saddr, &rt_info->saddr) || + skb->mark != rt_info->mark) return ip6_route_me_harder(skb); } return 0; diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index b110a8a8..40d2e36 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c @@ -61,7 +61,7 @@ static struct xt_table packet_filter = { /* The work comes in here from netfilter.c. */ static unsigned int -ip6t_local_in_hook(unsigned int hook, +ip6t_in_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in, const struct net_device *out, @@ -72,17 +72,6 @@ ip6t_local_in_hook(unsigned int hook, } static unsigned int -ip6t_forward_hook(unsigned int hook, - struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) -{ - return ip6t_do_table(skb, hook, in, out, - dev_net(in)->ipv6.ip6table_filter); -} - -static unsigned int ip6t_local_out_hook(unsigned int hook, struct sk_buff *skb, const struct net_device *in, @@ -105,14 +94,14 @@ ip6t_local_out_hook(unsigned int hook, static struct nf_hook_ops ip6t_ops[] __read_mostly = { { - .hook = ip6t_local_in_hook, + .hook = ip6t_in_hook, .owner = THIS_MODULE, .pf = PF_INET6, .hooknum = NF_INET_LOCAL_IN, .priority = NF_IP6_PRI_FILTER, }, { - .hook = ip6t_forward_hook, + .hook = ip6t_in_hook, .owner = THIS_MODULE, .pf = PF_INET6, .hooknum = NF_INET_FORWARD, |