iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: nft_meta: permit pkttype mangling in ip/ip6 prerouting

Browse Source 
After supporting this, we can combine it with hash expression to emulate
the 'cluster match'.

Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Liping Zhang 2016-10-19 23:31:29 +08:00 committed by Pablo Neira Ayuso
parent 0ecba4d9d1
commit 96d9f2a72c
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
net/netfilter/nft_meta.c
View File

@ -310,6 +310,11 @@ int nft_meta_set_validate(const struct nft_ctx *ctx,
case NFPROTO_NETDEV: case NFPROTO_NETDEV:
hooks = 1 << NF_NETDEV_INGRESS; hooks = 1 << NF_NETDEV_INGRESS;
break; break;
case NFPROTO_IPV4:
case NFPROTO_IPV6:
case NFPROTO_INET:
hooks = 1 << NF_INET_PRE_ROUTING;
break;
default: default:
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }