• Florian Westphal's avatar
    netfilter: physdev: relax br_netfilter dependency · ebd0f306
    Florian Westphal authored
    [ Upstream commit 8e2f311a ]
    
    Following command:
      iptables -D FORWARD -m physdev ...
    causes connectivity loss in some setups.
    
    Reason is that iptables userspace will probe kernel for the module revision
    of the physdev patch, and physdev has an artificial dependency on
    br_netfilter (xt_physdev use makes no sense unless a br_netfilter module
    is loaded).
    
    This causes the "phydev" module to be loaded, which in turn enables the
    "call-iptables" infrastructure.
    
    bridged packets might then get dropped by the iptables ruleset.
    
    The better fix would be to change the "call-iptables" defaults to 0 and
    enforce explicit setting to 1, but that breaks backwards compatibility.
    
    This does the next best thing: add a request_module call to checkentry.
    This was a stray '-D ... -m physdev' won't activate br_netfilter
    anymore.
    Signed-off-by: 's avatarFlorian Westphal <fw@strlen.de>
    Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
    Signed-off-by: 's avatarSasha Levin <sashal@kernel.org>
    ebd0f306
Name
Last commit
Last update
Documentation Loading commit data...
LICENSES Loading commit data...
arch Loading commit data...
block Loading commit data...
certs Loading commit data...
crypto Loading commit data...
drivers Loading commit data...
firmware Loading commit data...
fs Loading commit data...
include Loading commit data...
init Loading commit data...
ipc Loading commit data...
kernel Loading commit data...
lib Loading commit data...
mm Loading commit data...
net Loading commit data...
samples Loading commit data...
scripts Loading commit data...
security Loading commit data...
sound Loading commit data...
tools Loading commit data...
usr Loading commit data...
virt Loading commit data...
.clang-format Loading commit data...
.cocciconfig Loading commit data...
.get_maintainer.ignore Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.mailmap Loading commit data...
COPYING Loading commit data...
CREDITS Loading commit data...
Kbuild Loading commit data...
Kconfig Loading commit data...
MAINTAINERS Loading commit data...
Makefile Loading commit data...
README Loading commit data...