summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-04-13 17:32:16 +0400
committerPatrick McHardy <kaber@trash.net>2010-04-13 17:32:16 +0400
commit9c6eb28aca52d562f3ffbaebaa56385df9972a43 (patch)
tree775683fe8a8549274610872b44e4778c76195fa2
parent9e50849054a4824f06c66d2b449de21b98e03770 (diff)
downloadlinux-9c6eb28aca52d562f3ffbaebaa56385df9972a43.tar.xz
netfilter: ipv6: add IPSKB_REROUTED exclusion to NF_HOOK/POSTROUTING invocation
Similar to how IPv4's ip_output.c works, have ip6_output also check the IPSKB_REROUTED flag. It will be set from xt_TEE for cloned packets since Xtables can currently only deal with a single packet in flight at a time. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Acked-by: David S. Miller <davem@davemloft.net> [Patrick: changed to use an IP6SKB value instead of IPSKB] Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r--include/linux/ipv6.h1
-rw-r--r--net/ipv6/ip6_output.c5
2 files changed, 4 insertions, 2 deletions
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index e0cc9a7db2b5..7bdf6ffe2b49 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -250,6 +250,7 @@ struct inet6_skb_parm {
#define IP6SKB_XFRM_TRANSFORMED 1
#define IP6SKB_FORWARDED 2
+#define IP6SKB_REROUTED 4
};
#define IP6CB(skb) ((struct inet6_skb_parm*)((skb)->cb))
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 236ac7813744..c10a38a71a5e 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -172,8 +172,9 @@ int ip6_output(struct sk_buff *skb)
return 0;
}
- return NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
- ip6_finish_output);
+ return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev,
+ ip6_finish_output,
+ !(IP6CB(skb)->flags & IP6SKB_REROUTED));
}
/*