2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-28 07:04:00 +08:00
linux-next/net/ipv4/netfilter
Cong Wang 6a662719c9 ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif
As suggested by Julian:

	Simply, flowi4_iif must not contain 0, it does not
	look logical to ignore all ip rules with specified iif.

because in fib_rule_match() we do:

        if (rule->iifindex && (rule->iifindex != fl->flowi_iif))
                goto out;

flowi4_iif should be LOOPBACK_IFINDEX by default.

We need to move LOOPBACK_IFINDEX to include/net/flow.h:

1) It is mostly used by flowi_iif

2) Fix the following compile error if we use it in flow.h
by the patches latter:

In file included from include/linux/netfilter.h:277:0,
                 from include/net/netns/netfilter.h:5,
                 from include/net/net_namespace.h:21,
                 from include/linux/netdevice.h:43,
                 from include/linux/icmpv6.h:12,
                 from include/linux/ipv6.h:61,
                 from include/net/ipv6.h:16,
                 from include/linux/sunrpc/clnt.h:27,
                 from include/linux/nfs_fs.h:30,
                 from init/do_mounts.c:32:
include/net/flow.h: In function ‘flowi4_init_output’:
include/net/flow.h:84:32: error: ‘LOOPBACK_IFINDEX’ undeclared (first use in this function)

Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Julian Anastasov <ja@ssi.bg>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-04-16 15:05:11 -04:00
..
arp_tables.c netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
ip_tables.c netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_CLUSTERIP.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2013-11-04 19:46:58 -05:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: nf_conntrack: don't send destroy events from iterator 2013-08-09 12:03:33 +02:00
ipt_REJECT.c netfilter: REJECT: separate reusable code 2013-12-30 15:04:41 +01:00
ipt_rpfilter.c ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif 2014-04-16 15:05:11 -04:00
ipt_SYNPROXY.c netfilter: SYNPROXY target: restrict to INPUT/FORWARD 2013-12-11 11:30:25 +01:00
ipt_ULOG.c netfilter: ipt_ULOG: fix info leaks 2013-10-02 17:28:36 +02:00
iptable_filter.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_mangle.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_nat.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_raw.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
iptable_security.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
Kconfig netfilter: nft_reject: split up reject module into IPv4 and IPv6 specifc parts 2014-02-06 09:44:10 +01:00
Makefile netfilter: nft_reject: split up reject module into IPv4 and IPv6 specifc parts 2014-02-06 09:44:10 +01:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_conntrack: remove dead code 2014-01-03 23:41:37 +01:00
nf_conntrack_proto_icmp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_defrag_ipv4.c netfilter: pass hook ops to hookfn 2013-10-14 11:29:31 +02:00
nf_nat_h323.c netfilter: nf_nat_h323: fix crash in nf_ct_unlink_expect_report() 2014-02-05 17:46:05 +01:00
nf_nat_l3proto_ipv4.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_pptp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_gre.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_icmp.c netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_snmp_basic.c netfilter: nf_nat_snmp_basic: fix duplicates in if/else branches 2014-02-14 11:37:36 +01:00
nf_tables_arp.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
nf_tables_ipv4.c netfilter: nf_tables: fix error path in the init functions 2014-01-09 23:25:48 +01:00
nft_chain_nat_ipv4.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
nft_chain_route_ipv4.c netfilter: nf_tables: rename nft_do_chain_pktinfo() to nft_do_chain() 2014-01-09 20:17:16 +01:00
nft_reject_ipv4.c netfilter: nf_tables: add reject module for NFPROTO_INET 2014-02-06 09:44:18 +01:00