On Tue, Jan 22, 2019 at 6:35 AM Florian Westphal <[email protected]> wrote: > > Eli Cooper <[email protected]> wrote: > > AFAICT that's not the case: REDIRECT only rewrites daddr, but oif is > > left untouched. > > Thats correct. For OUTPUT, expected behaviour is that 'route type > chain' (nftables), respectively mangle OUTPUT -- records the route keys > before consulting the ruleset and tests them for changes, then, if > any key has changed (this includes skb->mark), mangle/route chain type > call *_route_me_harder to re-lookup the route.
True, but I don't understand why the packet is dropped. Due to daddr being set to ::1, outgoing interface after ip6_route_me_harder is called will be loopback anyway, even if you don't impose it through flowi6_oif.
