netfilter: ip6t_rpfilter: Fix regression with VRF interfaces (!2685) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Phil Sutter requested to merge psutter1/centos-stream-9:rhel9/bz2170363 into main Jun 15, 2023

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2170363 Upstream Status: commit efb056e5f1f00

commit efb056e5f1f0036179b2f92c1c15f5ea7a891d70 Author: Phil Sutter phil@nwl.cc Date: Thu Feb 16 17:05:36 2023 +0100

netfilter: ip6t_rpfilter: Fix regression with VRF interfaces

When calling ip6_route_lookup() for the packet arriving on the VRF
interface, the result is always the real (slave) interface. Expect this
when validating the result.

Fixes: acc641ab95b66 ("netfilter: rpfilter/fib: Populate flowic_l3mdev field")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Signed-off-by: Phil Sutter psutter@redhat.com

netfilter: ip6t_rpfilter: Fix regression with VRF interfaces

Merge request reports