mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-04-20 03:47:16 +02:00
28277d5f41
Since upgrading to 1.8.11, people have experienced networking issues with docker containers due to forward rules missing. These issues have been reported and fixed upstream. Apply those patches to fix those issues. Fixes #16860
65 lines
2.3 KiB
Diff
65 lines
2.3 KiB
Diff
Url: https://git.netfilter.org/iptables/patch/?id=b3f3e256c263b9a1db49732696aba0dde084ef5e
|
|
From b3f3e256c263b9a1db49732696aba0dde084ef5e Mon Sep 17 00:00:00 2001
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
Date: Fri, 15 Nov 2024 19:55:32 +0100
|
|
Subject: nft: Drop interface mask leftovers from post_parse callbacks
|
|
|
|
Fixed commit only adjusted the IPv4-specific callback for unclear
|
|
reasons.
|
|
|
|
Fixes: fe70364b36119 ("xshared: Do not populate interface masks per default")
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
Reviewed-by: Jeremy Sowden <jeremy@azazel.net>
|
|
---
|
|
iptables/nft-arp.c | 3 ---
|
|
iptables/xshared.c | 5 -----
|
|
iptables/xshared.h | 1 -
|
|
3 files changed, 9 deletions(-)
|
|
|
|
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
|
|
index c11d64c3..fa2dd558 100644
|
|
--- a/iptables/nft-arp.c
|
|
+++ b/iptables/nft-arp.c
|
|
@@ -459,10 +459,7 @@ static void nft_arp_post_parse(int command,
|
|
cs->arp.arp.invflags = args->invflags;
|
|
|
|
memcpy(cs->arp.arp.iniface, args->iniface, IFNAMSIZ);
|
|
- memcpy(cs->arp.arp.iniface_mask, args->iniface_mask, IFNAMSIZ);
|
|
-
|
|
memcpy(cs->arp.arp.outiface, args->outiface, IFNAMSIZ);
|
|
- memcpy(cs->arp.arp.outiface_mask, args->outiface_mask, IFNAMSIZ);
|
|
|
|
cs->arp.counters.pcnt = args->pcnt_cnt;
|
|
cs->arp.counters.bcnt = args->bcnt_cnt;
|
|
diff --git a/iptables/xshared.c b/iptables/xshared.c
|
|
index 2a5eef09..2f663f97 100644
|
|
--- a/iptables/xshared.c
|
|
+++ b/iptables/xshared.c
|
|
@@ -2104,12 +2104,7 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs,
|
|
cs->fw6.ipv6.invflags = args->invflags;
|
|
|
|
memcpy(cs->fw6.ipv6.iniface, args->iniface, IFNAMSIZ);
|
|
- memcpy(cs->fw6.ipv6.iniface_mask,
|
|
- args->iniface_mask, IFNAMSIZ*sizeof(unsigned char));
|
|
-
|
|
memcpy(cs->fw6.ipv6.outiface, args->outiface, IFNAMSIZ);
|
|
- memcpy(cs->fw6.ipv6.outiface_mask,
|
|
- args->outiface_mask, IFNAMSIZ*sizeof(unsigned char));
|
|
|
|
if (args->goto_set)
|
|
cs->fw6.ipv6.flags |= IP6T_F_GOTO;
|
|
diff --git a/iptables/xshared.h b/iptables/xshared.h
|
|
index a111e797..af756738 100644
|
|
--- a/iptables/xshared.h
|
|
+++ b/iptables/xshared.h
|
|
@@ -262,7 +262,6 @@ struct xtables_args {
|
|
uint8_t flags;
|
|
uint16_t invflags;
|
|
char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
|
|
- unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
|
|
char bri_iniface[IFNAMSIZ], bri_outiface[IFNAMSIZ];
|
|
bool goto_set;
|
|
const char *shostnetworkmask, *dhostnetworkmask;
|
|
--
|
|
cgit v1.2.3
|
|
|