Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / shift / mainline / 28f8bfd1ac948403ebd5c8070ae1e25421560059
commit28f8bfd1ac948403ebd5c8070ae1e25421560059[log] [tgz]
authorPhil Sutter <phil@nwl.cc>Tue Nov 12 17:14:37 2019 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>Fri Nov 15 23:44:48 2019 +0100
tree8e5b472d45954ee16b7fb7d172bb394058b3268d
parent5c27d8d76ce810c6254cf5917a6019d824f34bd2 [diff]
netfilter: Support iif matches in POSTROUTING

Instead of generally passing NULL to NF_HOOK_COND() for input device,
pass skb->dev which contains input device for routed skbs.

Note that iptables (both legacy and nft) reject rules with input
interface match from being added to POSTROUTING chains, but nftables
allows this.

Cc: Eric Garver <eric@garver.life>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
4 files changed
tree: 8e5b472d45954ee16b7fb7d172bb394058b3268d
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README