netfilter: nfmark routing in OUTPUT, mangle, NFQUEUE
authorEric Leblond <eric@inl.fr>
Tue, 25 Nov 2008 11:15:16 +0000 (12:15 +0100)
committerPatrick McHardy <kaber@trash.net>
Tue, 25 Nov 2008 11:15:16 +0000 (12:15 +0100)
This patch let nfmark to be evaluated for routing decision for OUTPUT
packet, in mangle table, when process paquet in NFQUEUE
Until now, only change (in NFQUEUE process) on fields src_addr,
dest_addr and tos could make netfilter to reevalute the routing.

From: Laurent Licour <laurent@licour.com>
Signed-off-by: Eric Leblond <eric@inl.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>
net/ipv4/netfilter.c

index 6efdb70b3eb2fb9106e031195f4caf56dd41d918..7c145d76384dfa28581dff50458f8ebc82137688 100644 (file)
@@ -125,6 +125,7 @@ struct ip_rt_info {
        __be32 daddr;
        __be32 saddr;
        u_int8_t tos;
+       u_int32_t mark;
 };
 
 static void nf_ip_saveroute(const struct sk_buff *skb,
@@ -138,6 +139,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb,
                rt_info->tos = iph->tos;
                rt_info->daddr = iph->daddr;
                rt_info->saddr = iph->saddr;
+               rt_info->mark = skb->mark;
        }
 }
 
@@ -150,6 +152,7 @@ static int nf_ip_reroute(struct sk_buff *skb,
                const struct iphdr *iph = ip_hdr(skb);
 
                if (!(iph->tos == rt_info->tos
+                     && skb->mark == rt_info->mark
                      && iph->daddr == rt_info->daddr
                      && iph->saddr == rt_info->saddr))
                        return ip_route_me_harder(skb, RTN_UNSPEC);