netfilter: nft_meta: permit pkttype mangling in ip/ip6 prerouting

After supporting this, we can combine it with hash expression to emulate the 'cluster match'. Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Liping Zhang <liping.zhang@spreadtrum.com> 2016-10-19 23:31:29 +0800
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-10-26 16:35:16 +0200
commit: 96d9f2a72c719d985fdbae4e3d63ddc874947a7e (patch)
tree: 3c3f09bbdab459cf3c2b69aee0ded023a4ab90e8 /net/netfilter/nft_meta.c
parent: 0ecba4d9d1db51f670af7ba9049461116a3a2bea (diff)
download: linux-96d9f2a72c719d985fdbae4e3d63ddc874947a7e.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 6c1e0246706e06..64994023bf812a 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -310,6 +310,11 @@ int nft_meta_set_validate(const struct nft_ctx *ctx,
 	case NFPROTO_NETDEV:
 		hooks = 1 << NF_NETDEV_INGRESS;
 		break;
+	case NFPROTO_IPV4:
+	case NFPROTO_IPV6:
+	case NFPROTO_INET:
+		hooks = 1 << NF_INET_PRE_ROUTING;
+		break;
 	default:
 		return -EOPNOTSUPP;
 	}
author	Liping Zhang <liping.zhang@spreadtrum.com>	2016-10-19 23:31:29 +0800
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-10-26 16:35:16 +0200
commit	96d9f2a72c719d985fdbae4e3d63ddc874947a7e (patch)
tree	3c3f09bbdab459cf3c2b69aee0ded023a4ab90e8 /net/netfilter/nft_meta.c
parent	0ecba4d9d1db51f670af7ba9049461116a3a2bea (diff)
download	linux-96d9f2a72c719d985fdbae4e3d63ddc874947a7e.tar.gz