From 86b6d14a2415d08a4e521734699868ce58042011 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 17 Apr 2013 22:45:24 +0000 Subject: [PATCH] --- yaml --- r: 362648 b: refs/heads/master c: f83a7ea2075ca896f2dbf07672bac9cf3682ff74 h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/net/ipv4/netfilter/ipt_rpfilter.c | 8 +++++++- trunk/net/ipv6/netfilter/ip6t_rpfilter.c | 8 +++++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/[refs] b/[refs] index f4d38f367cde..e13d8cd32ced 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 5add189a125e6b497e31bffdaaed8145ec6d4984 +refs/heads/master: f83a7ea2075ca896f2dbf07672bac9cf3682ff74 diff --git a/trunk/net/ipv4/netfilter/ipt_rpfilter.c b/trunk/net/ipv4/netfilter/ipt_rpfilter.c index c30130062cd6..c49dcd0284a0 100644 --- a/trunk/net/ipv4/netfilter/ipt_rpfilter.c +++ b/trunk/net/ipv4/netfilter/ipt_rpfilter.c @@ -66,6 +66,12 @@ static bool rpfilter_lookup_reverse(struct flowi4 *fl4, return dev_match; } +static bool rpfilter_is_local(const struct sk_buff *skb) +{ + const struct rtable *rt = skb_rtable(skb); + return rt && (rt->rt_flags & RTCF_LOCAL); +} + static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_rpfilter_info *info; @@ -76,7 +82,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) info = par->matchinfo; invert = info->flags & XT_RPFILTER_INVERT; - if (par->in->flags & IFF_LOOPBACK) + if (rpfilter_is_local(skb)) return true ^ invert; iph = ip_hdr(skb); diff --git a/trunk/net/ipv6/netfilter/ip6t_rpfilter.c b/trunk/net/ipv6/netfilter/ip6t_rpfilter.c index 5060d54199ab..e0983f3648a6 100644 --- a/trunk/net/ipv6/netfilter/ip6t_rpfilter.c +++ b/trunk/net/ipv6/netfilter/ip6t_rpfilter.c @@ -71,6 +71,12 @@ static bool rpfilter_lookup_reverse6(const struct sk_buff *skb, return ret; } +static bool rpfilter_is_local(const struct sk_buff *skb) +{ + const struct rt6_info *rt = (const void *) skb_dst(skb); + return rt && (rt->rt6i_flags & RTF_LOCAL); +} + static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) { const struct xt_rpfilter_info *info = par->matchinfo; @@ -78,7 +84,7 @@ static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par) struct ipv6hdr *iph; bool invert = info->flags & XT_RPFILTER_INVERT; - if (par->in->flags & IFF_LOOPBACK) + if (rpfilter_is_local(skb)) return true ^ invert; iph = ipv6_hdr(skb);