Jan Engelhardt wrote: > So what about the OP's observation that nskb->nf_bridge == NULL? > Just because the incoming packet came in over a bridge does > not mean the RST is going over one too, and that being the > deciding factor for RTN_LOCAL or not, is it? Agreed that the RST may not be going out a bridge. We don't know yet whether the RST will be bridged; that's why we are calling ip_route_me_harder(). The deciding factor for RTN_LOCAL should be whether the incoming packet is purely bridged, because that means the RST will have a foreign source address. We must follow the first code path in ip_route_me_harder() or we drop it when ip forwarding is disabled, but if the RST has a foreign source address then it will normally follow the second code path, so we must force the first by specifying RTN_LOCAL. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
