Commit b5924be6 authored by Patrick McHardy's avatar Patrick McHardy

[NETFILTER]: Don't reroute on nfmark change in mangle table when routing by nfmark is not enabled

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent 56bbcc53
...@@ -173,7 +173,9 @@ ipt_local_hook(unsigned int hook, ...@@ -173,7 +173,9 @@ ipt_local_hook(unsigned int hook,
if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE
&& ((*pskb)->nh.iph->saddr != saddr && ((*pskb)->nh.iph->saddr != saddr
|| (*pskb)->nh.iph->daddr != daddr || (*pskb)->nh.iph->daddr != daddr
#ifdef CONFIG_IP_ROUTE_FWMARK
|| (*pskb)->nfmark != nfmark || (*pskb)->nfmark != nfmark
#endif
|| (*pskb)->nh.iph->tos != tos)) || (*pskb)->nh.iph->tos != tos))
return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP; return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment