netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family - openslx/kernel-qcow2-linux.git

diff options

author	Liping Zhang	2017-01-07 14:33:55 +0100
committer	Pablo Neira Ayuso	2017-01-18 20:32:43 +0100
commit	f169fd695b192dd7b23aff8e69d25a1bc881bbfa (patch)
tree	2fb01bb5f8a59e9c45949a84ca79af221614a49e /net/netfilter/nf_tables_api.c
parent	netfilter: pkttype: unnecessary to check ipv6 multicast address (diff)
download	kernel-qcow2-linux-f169fd695b192dd7b23aff8e69d25a1bc881bbfa.tar.gz kernel-qcow2-linux-f169fd695b192dd7b23aff8e69d25a1bc881bbfa.tar.xz kernel-qcow2-linux-f169fd695b192dd7b23aff8e69d25a1bc881bbfa.zip

netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family

After adding the following nft rule, then ping 224.0.0.1: # nft add rule netdev t c pkttype host counter The warning complain message will be printed out again and again: WARNING: CPU: 0 PID: 10182 at net/netfilter/nft_meta.c:163 \ nft_meta_get_eval+0x3fe/0x460 [nft_meta] [...] Call Trace: <IRQ> dump_stack+0x85/0xc2 __warn+0xcb/0xf0 warn_slowpath_null+0x1d/0x20 nft_meta_get_eval+0x3fe/0x460 [nft_meta] nft_do_chain+0xff/0x5e0 [nf_tables] So we should deal with PACKET_LOOPBACK in netdev family too. For ipv4, convert it to PACKET_BROADCAST/MULTICAST according to the destination address's type; For ipv6, convert it to PACKET_MULTICAST directly. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/netfilter/nf_tables_api.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: