From: Florian Westphal <fw@strlen.de>
Date: Wed, 17 Apr 2013 22:45:24 +0000 (+0000)
Subject: netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too
X-Git-Tag: v3.9-rc8~7^2~10^2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f83a7ea2075ca896f2dbf07672bac9cf3682ff74;p=pandora-kernel.git

netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too

Alex Efros reported rpfilter module doesn't match following packets:
IN=br.qemu SRC=192.168.2.1 DST=192.168.2.255 [ .. ]
(netfilter bugzilla #814).

Problem is that network stack arranges for the locally generated broadcasts
to appear on the interface they were sent out, so the IFF_LOOPBACK check
doesn't trigger.

As -m rpfilter is restricted to PREROUTING, we can check for existing
rtable instead, it catches locally-generated broad/multicast case, too.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed