aboutgitcodebugslistschat
path: root/contrib/selinux/passt.te
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2024-07-18 15:26:44 +1000
committerStefano Brivio <sbrivio@redhat.com>2024-07-19 18:33:33 +0200
commitc000f2aba6a4612a202ee4e8e66fec2d19deedf7 (patch)
tree20269df0fe4081bb7e9b9c40d6f6ff5effb1144a /contrib/selinux/passt.te
parent060f24e310b71f8813dbbc561a2e5a59d21feae0 (diff)
downloadpasst-c000f2aba6a4612a202ee4e8e66fec2d19deedf7.tar
passt-c000f2aba6a4612a202ee4e8e66fec2d19deedf7.tar.gz
passt-c000f2aba6a4612a202ee4e8e66fec2d19deedf7.tar.bz2
passt-c000f2aba6a4612a202ee4e8e66fec2d19deedf7.tar.lz
passt-c000f2aba6a4612a202ee4e8e66fec2d19deedf7.tar.xz
passt-c000f2aba6a4612a202ee4e8e66fec2d19deedf7.tar.zst
passt-c000f2aba6a4612a202ee4e8e66fec2d19deedf7.zip
flow, icmp: Use general flow forwarding rules for ICMP
Current ICMP hard codes its forwarding rules, and never applies any translations. Change it to use the flow_target() function, so that it's translated the same as TCP (excluding TCP specific port redirection). This means that gw mapping now applies to ICMP so "ping <gw address>" will now ping the host's loopback instead of the actual gw machine. This removes the surprising behaviour that the target you ping might not be the same as you connect to with TCP. This removes the last user of flow_target_af(), so that's removed as well. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'contrib/selinux/passt.te')
0 files changed, 0 insertions, 0 deletions