Hi Florian, At 2016-11-24 21:50:14, "Florian Westphal" <[email protected]> wrote: >Liping Zhang <[email protected]> wrote: >> In general, we haven't do routing lookup in PREROUTING hook, so it's >> very likely that fib4/6_is_local will not be met. > >loopback packets retain skb->dst (and thats what this test is about).
Yes, so I use the words "very likely" :) [...] >but in "saddr oif eq 0 drop" case they really should have no oif, the >address should not be considered routeable. Yes, I read the ipt_rpfilter.c's source codes, and I find that there's a test flag XT_RPFILTER_ACCEPT_LOCAL, so I guess your initial intention is (just my guess, maybe I'm wrong): 0 - no route 1 - local route others - routing oif > >Pablo, please don't apply this; I would like to look at this next week. > >Msybe this needs a check if we're testing daddr or saddr.
