forked from Minki/linux
netfilter: nft_meta: permit pkttype mangling in ip/ip6 prerouting
After supporting this, we can combine it with hash expression to emulate the 'cluster match'. Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
0ecba4d9d1
commit
96d9f2a72c
@ -310,6 +310,11 @@ int nft_meta_set_validate(const struct nft_ctx *ctx,
|
||||
case NFPROTO_NETDEV:
|
||||
hooks = 1 << NF_NETDEV_INGRESS;
|
||||
break;
|
||||
case NFPROTO_IPV4:
|
||||
case NFPROTO_IPV6:
|
||||
case NFPROTO_INET:
|
||||
hooks = 1 << NF_INET_PRE_ROUTING;
|
||||
break;
|
||||
default:
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user