2012/12/5 David Miller <davem@xxxxxxxxxxxxx>: > From: Dries De Winter <dries.dewinter@xxxxxxxxx> > Date: Wed, 5 Dec 2012 14:41:59 +0100 > >> My "noreroute" patch will not fix this. Therefore it's indeed maybe >> better to add a simple check to ip6_route_me_harder(): not a check for >> ICMPv6, but a check for (ipv6_addr_type(&iph->daddr) & >> IPV6_ADDR_LINKLOCAL) instead. What do you think? > > What if a packet is rewritten from a non-link-local destination address > into a link-local one? Or vice versa? > > Your test will fail in those cases. You are saying that the decision should be based on the original destination address rather the modified one? I would say the opposite: - If a non-link-local destination is changed into a link-local one, it should certainly not be rerouted because routing doesn't make much sense for link-local destinations. - If a link-local destination is changed into a non-link-local one, why not reroute it according to the new destination? If you do not agree, we can also put the check in ip6t_local_out_hook() where the original destination is still available. Dries. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
