summaryrefslogtreecommitdiffstats
path: root/net/netfilter/nf_tables_api.c
diff options
context:
space:
mode:
authorLiping Zhang2017-01-07 14:33:55 +0100
committerPablo Neira Ayuso2017-01-18 20:32:43 +0100
commitf169fd695b192dd7b23aff8e69d25a1bc881bbfa (patch)
tree2fb01bb5f8a59e9c45949a84ca79af221614a49e /net/netfilter/nf_tables_api.c
parentnetfilter: pkttype: unnecessary to check ipv6 multicast address (diff)
downloadkernel-qcow2-linux-f169fd695b192dd7b23aff8e69d25a1bc881bbfa.tar.gz
kernel-qcow2-linux-f169fd695b192dd7b23aff8e69d25a1bc881bbfa.tar.xz
kernel-qcow2-linux-f169fd695b192dd7b23aff8e69d25a1bc881bbfa.zip
netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family
After adding the following nft rule, then ping 224.0.0.1: # nft add rule netdev t c pkttype host counter The warning complain message will be printed out again and again: WARNING: CPU: 0 PID: 10182 at net/netfilter/nft_meta.c:163 \ nft_meta_get_eval+0x3fe/0x460 [nft_meta] [...] Call Trace: <IRQ> dump_stack+0x85/0xc2 __warn+0xcb/0xf0 warn_slowpath_null+0x1d/0x20 nft_meta_get_eval+0x3fe/0x460 [nft_meta] nft_do_chain+0xff/0x5e0 [nf_tables] So we should deal with PACKET_LOOPBACK in netdev family too. For ipv4, convert it to PACKET_BROADCAST/MULTICAST according to the destination address's type; For ipv6, convert it to PACKET_MULTICAST directly. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_tables_api.c')
0 files changed, 0 insertions, 0 deletions