On Tue, Nov 30, 2021 at 10:48:44PM +0100, Pablo Neira Ayuso wrote:
> Hi Lukas,
>
> I'm sorry, I just noticed something below.
>
> On Tue, Nov 09, 2021 at 01:42:01PM +0100, Lukas Wunner wrote:
> > From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> >
> > Allow packet redirection to another interface upon egress.
> >
> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> > [lukas: set skb_iif, add commit message]
> > Signed-off-by: Lukas Wunner <lukas@xxxxxxxxx>
> > ---
> > net/netfilter/nft_fwd_netdev.c | 7 +++++--
> > 1 file changed, 5 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/netfilter/nft_fwd_netdev.c b/net/netfilter/nft_fwd_netdev.c
> > index cd59afde5b2f..fa9301ca6033 100644
> > --- a/net/netfilter/nft_fwd_netdev.c
> > +++ b/net/netfilter/nft_fwd_netdev.c
> > @@ -27,9 +27,11 @@ static void nft_fwd_netdev_eval(const struct nft_expr *expr,
> > {
> > struct nft_fwd_netdev *priv = nft_expr_priv(expr);
> > int oif = regs->data[priv->sreg_dev];
> > + struct sk_buff *skb = pkt->skb;
> >
> > /* This is used by ifb only. */
> > - skb_set_redirected(pkt->skb, true);
> > + skb->skb_iif = skb->dev->ifindex;
>
> Probably good to set skb->skb_iif only for NF_NETDEV_EGRESS?
Just quickly checked again, from ingress skb->skb_iif ==
skb->dev->ifindex.
Applied to nf-next, thanks.
