[BRIDGE-NF]: Fix iptables redirect on bridge interface

Here's a slightly altered patch, originally from Mark Glines who diagnosed and fixed the problem. Signed-off-by: N Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: N David S. Miller <davem@davemloft.net>

[BRIDGE-NF]: Fix iptables redirect on bridge interface
Here's a slightly altered patch, originally from Mark Glines who diagnosed and fixed the problem. Signed-off-by: N Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: N David S. Miller <davem@davemloft.net>
1c011bed · Bart De Schuymer · David S. Miller · de9daad9 · 1c011bed
隐藏空白更改
内联并排

Showing with 5 addition and 3 deletion

net/bridge/br_netfilter.c net/bridge/br_netfilter.c +5 -3

未找到文件。
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -214,9 +214,11 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
 				     .tos = RT_TOS(iph->tos)} }, .proto = 0};

 			if (!ip_route_output_key(&rt, &fl)) {
-				/* Bridged-and-DNAT'ed traffic doesn't
-				 * require ip_forwarding. */
-				if (((struct dst_entry *)rt)->dev == dev) {
+				/* - Bridged-and-DNAT'ed traffic doesn't
+				 *   require ip_forwarding.
+				 * - Deal with redirected traffic. */
+				if (((struct dst_entry *)rt)->dev == dev ||
+				    rt->rt_type == RTN_LOCAL) {
 					skb->dst = (struct dst_entry *)rt;
 					goto bridged_dnat;
 				}