This adds the FIB expression to query fib for oif and route/address type. This provides functionality of the xtables 'rpfilter' and 'addrtype' matches.
The '--local' option supported by the rpfilter match is not supported anymore, but it is possible to use extra rules (either checking for explicit saddr/daddr pairs) or the 'fib type' result to make packets coming from external source but with a locally configured address bypass 'fib oif' queries. oif is supported in prerouting, type can be used in all hooks. The kernel validates that the combinations make sense (e.g., you cannot ask for iif in OUTPUT). ipv4, ipv6 and inet families are supported at the moment. Comments welcome. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
