Commit 5f145e44 authored by Eric Leblond's avatar Eric Leblond Committed by Patrick McHardy

netfilter: nfmark routing in OUTPUT, mangle, NFQUEUE

This patch let nfmark to be evaluated for routing decision for OUTPUT
packet, in mangle table, when process paquet in NFQUEUE
Until now, only change (in NFQUEUE process) on fields src_addr,
dest_addr and tos could make netfilter to reevalute the routing.

From: Laurent Licour <laurent@licour.com>
Signed-off-by: default avatarEric Leblond <eric@inl.fr>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 4813eadf
...@@ -125,6 +125,7 @@ struct ip_rt_info { ...@@ -125,6 +125,7 @@ struct ip_rt_info {
__be32 daddr; __be32 daddr;
__be32 saddr; __be32 saddr;
u_int8_t tos; u_int8_t tos;
u_int32_t mark;
}; };
static void nf_ip_saveroute(const struct sk_buff *skb, static void nf_ip_saveroute(const struct sk_buff *skb,
...@@ -138,6 +139,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb, ...@@ -138,6 +139,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb,
rt_info->tos = iph->tos; rt_info->tos = iph->tos;
rt_info->daddr = iph->daddr; rt_info->daddr = iph->daddr;
rt_info->saddr = iph->saddr; rt_info->saddr = iph->saddr;
rt_info->mark = skb->mark;
} }
} }
...@@ -150,6 +152,7 @@ static int nf_ip_reroute(struct sk_buff *skb, ...@@ -150,6 +152,7 @@ static int nf_ip_reroute(struct sk_buff *skb,
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);
if (!(iph->tos == rt_info->tos if (!(iph->tos == rt_info->tos
&& skb->mark == rt_info->mark
&& iph->daddr == rt_info->daddr && iph->daddr == rt_info->daddr
&& iph->saddr == rt_info->saddr)) && iph->saddr == rt_info->saddr))
return ip_route_me_harder(skb, RTN_UNSPEC); return ip_route_me_harder(skb, RTN_UNSPEC);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment