diff options
author | Liping Zhang <liping.zhang@spreadtrum.com> | 2016-10-19 23:31:29 +0800 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-10-26 16:35:16 +0200 |
commit | 96d9f2a72c719d985fdbae4e3d63ddc874947a7e (patch) | |
tree | 3c3f09bbdab459cf3c2b69aee0ded023a4ab90e8 /net/netfilter | |
parent | 0ecba4d9d1db51f670af7ba9049461116a3a2bea (diff) | |
download | linux-96d9f2a72c719d985fdbae4e3d63ddc874947a7e.tar.gz linux-96d9f2a72c719d985fdbae4e3d63ddc874947a7e.tar.bz2 linux-96d9f2a72c719d985fdbae4e3d63ddc874947a7e.zip |
netfilter: nft_meta: permit pkttype mangling in ip/ip6 prerouting
After supporting this, we can combine it with hash expression to emulate
the 'cluster match'.
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nft_meta.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 6c1e0246706e..64994023bf81 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -310,6 +310,11 @@ int nft_meta_set_validate(const struct nft_ctx *ctx, case NFPROTO_NETDEV: hooks = 1 << NF_NETDEV_INGRESS; break; + case NFPROTO_IPV4: + case NFPROTO_IPV6: + case NFPROTO_INET: + hooks = 1 << NF_INET_PRE_ROUTING; + break; default: return -EOPNOTSUPP; } |