[Bug 1761] nft_fib checks only the main route table when iif is a slave of a master vrf interface
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Sun Oct 27 23:04:10 CET 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1761
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
(In reply to tsv1991 from comment #3)
> This patch works as it should, but I'm not sure it won't break anything
>
> --- /root/nft_fib_ipv4.c 2024-10-23 19:01:14.668000000 +0000
> +++ net/ipv4/netfilter/nft_fib_ipv4.c 2024-10-24 18:29:48.344000000 +0000
> @@ -64,7 +64,7 @@
> struct fib_result res;
> struct flowi4 fl4 = {
> .flowi4_scope = RT_SCOPE_UNIVERSE,
> - .flowi4_iif = LOOPBACK_IFINDEX,
> + .flowi4_iif = nft_in(pkt)->ifindex,
> .flowi4_uid = sock_net_uid(nft_net(pkt), NULL),
> };
> const struct net_device *oif;
This looks very similar to the patch that has been upstreamed:
commit 05ef7055debc804e8083737402127975e7244fc4
Author: Florian Westphal <fw at strlen.de>
Date: Wed Oct 9 09:19:02 2024 +0200
netfilter: fib: check correct rtable in vrf setups
Could you please give it a try?
Thanks.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20241027/9f6ee59c/attachment.html>
More information about the netfilter-buglog
mailing list