Message ID | 20210304090959.GA301692@r1.mshome.net |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
Series | [nft,v2] conntrack: Fix gre tunneling over ipv6 | expand |
Ludovic Senecaux <linuxludo@free.fr> wrote: > This fix permits gre connections to be tracked within ip6tables rules Acked-by: Florian Westphal <fw@strlen.de>
On Thu, Mar 04, 2021 at 04:10:50AM -0500, Ludovic Senecaux wrote:
> This fix permits gre connections to be tracked within ip6tables rules
Applied, thanks.
diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c index 5b05487a60d2..db11e403d818 100644 --- a/net/netfilter/nf_conntrack_proto_gre.c +++ b/net/netfilter/nf_conntrack_proto_gre.c @@ -218,9 +218,6 @@ int nf_conntrack_gre_packet(struct nf_conn *ct, enum ip_conntrack_info ctinfo, const struct nf_hook_state *state) { - if (state->pf != NFPROTO_IPV4) - return -NF_ACCEPT; - if (!nf_ct_is_confirmed(ct)) { unsigned int *timeouts = nf_ct_timeout_lookup(ct);
This fix permits gre connections to be tracked within ip6tables rules Signed-off-by: Ludovic Senecaux <linuxludo@free.fr> --- net/netfilter/nf_conntrack_proto_gre.c | 3 --- 1 file changed, 3 deletions(-)