Commit 6f8f132c authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: Use flowlabel flow key when re-routing mangled packets 



'ip6 dscp set $v' in an nftables outpute route chain has no effect.
While nftables does detect the dscp change and calls the reroute hook.
But ip6_route_me_harder never sets the dscp/flowlabel:
flowlabel/dsfield routing rules are ignored and no reroute takes place.

Thanks to Yi Chen for an excellent reproducer script that I used
to validate this change.

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Reported-by: default avatarYi Chen <yiche@redhat.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 4e7aaa6b

net/ipv6/netfilter.c

+1 −0
Original line number Diff line number Diff line
@@ -36,6 +36,7 @@ int ip6_route_me_harder(struct net *net, struct sock *sk_partial, struct sk_buff 
		.flowi6_uid = sock_net_uid(net, sk),

		.daddr = iph->daddr,

		.saddr = iph->saddr,

		.flowlabel = ip6_flowinfo(iph),

	};

	int err;