• Jamal Hadi Salim's avatar
    net: restore ip source validation · 28f6aeea
    Jamal Hadi Salim authored
    when using policy routing and the skb mark:
    there are cases where a back path validation requires us
    to use a different routing table for src ip validation than
    the one used for mapping ingress dst ip.
    One such a case is transparent proxying where we pretend to be
    the destination system and therefore the local table
    is used for incoming packets but possibly a main table would
    be used on outbound.
    Make the default behavior to allow the above and if users
    need to turn on the symmetry via sysctl src_valid_mark
    Signed-off-by: default avatarJamal Hadi Salim <hadi@cyberus.ca>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    28f6aeea
devinet.c 38.3 KB