diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-06 18:35:57 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-06 19:33:12 +0100 |
| commit | b4865988eab598e56e6e628b9b32441acd142b28 (patch) | |
| tree | 2260eb10d935babc74b45e34bd3977e097676d73 /include | |
| parent | netfilter: ingress: don't use nf_hook_list_active (diff) | |
| download | linux-b4865988eab598e56e6e628b9b32441acd142b28.tar.xz linux-b4865988eab598e56e6e628b9b32441acd142b28.zip | |
netfilter: ingress: fix wrong input interface on hook
The input and output interfaces in nf_hook_state_init() are flipped.
This fixes iif matching on nftables.
Reported-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter_ingress.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/netfilter_ingress.h b/include/linux/netfilter_ingress.h index ba7ce8805fe3..5fcd375ef175 100644 --- a/include/linux/netfilter_ingress.h +++ b/include/linux/netfilter_ingress.h @@ -19,8 +19,8 @@ static inline int nf_hook_ingress(struct sk_buff *skb) struct nf_hook_state state; nf_hook_state_init(&state, &skb->dev->nf_hooks_ingress, - NF_NETDEV_INGRESS, INT_MIN, NFPROTO_NETDEV, NULL, - skb->dev, NULL, dev_net(skb->dev), NULL); + NF_NETDEV_INGRESS, INT_MIN, NFPROTO_NETDEV, + skb->dev, NULL, NULL, dev_net(skb->dev), NULL); return nf_hook_slow(skb, &state); } |