From 96d9f2a72c719d985fdbae4e3d63ddc874947a7e Mon Sep 17 00:00:00 2001 From: Liping Zhang Date: Wed, 19 Oct 2016 23:31:29 +0800 Subject: [PATCH] netfilter: nft_meta: permit pkttype mangling in ip/ip6 prerouting After supporting this, we can combine it with hash expression to emulate the 'cluster match'. Suggested-by: Pablo Neira Ayuso Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nft_meta.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 6c1e0246706e..64994023bf81 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -310,6 +310,11 @@ int nft_meta_set_validate(const struct nft_ctx *ctx, case NFPROTO_NETDEV: hooks = 1 << NF_NETDEV_INGRESS; break; + case NFPROTO_IPV4: + case NFPROTO_IPV6: + case NFPROTO_INET: + hooks = 1 << NF_INET_PRE_ROUTING; + break; default: return -EOPNOTSUPP; } -- 2.20.1