projects / firefly-linux-kernel-4.4.55.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1681333) | patch
net: restore ip source validation
authorJamal Hadi Salim <hadi@cyberus.ca>
Sat, 26 Dec 2009 01:30:22 +0000 (17:30 -0800)
committerGreg Kroah-Hartman <gregkh@suse.de>
Tue, 9 Feb 2010 12:50:55 +0000 (04:50 -0800)
commitecb7287c5f53747767efa0f0e844da69a6ec3a51
treed56047e96f3ad07415794e6fa55e728f5eb15fb5tree | snapshot
parent16813330e739634925b347804d1e6a99b71c6399commit | diff
net: restore ip source validation

[ Upstream commit 28f6aeea3f12d37bd258b2c0d5ba891bff4ec479 ]

when using policy routing and the skb mark:
there are cases where a back path validation requires us
to use a different routing table for src ip validation than
the one used for mapping ingress dst ip.
One such a case is transparent proxying where we pretend to be
the destination system and therefore the local table
is used for incoming packets but possibly a main table would
be used on outbound.
Make the default behavior to allow the above and if users
need to turn on the symmetry via sysctl src_valid_mark

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
include/linux/inetdevice.h diff | blob | history
include/linux/sysctl.h diff | blob | history
net/ipv4/devinet.c diff | blob | history
net/ipv4/fib_frontend.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.