Hi Florian,
At 2016-11-24 21:50:14, "Florian Westphal" <fw@xxxxxxxxx> wrote:
>Liping Zhang <zlpnobody@xxxxxxx> wrote:
>> In general, we haven't do routing lookup in PREROUTING hook, so it's
>> very likely that fib4/6_is_local will not be met.
>
>loopback packets retain skb->dst (and thats what this test is about).
Yes, so I use the words "very likely" :)
[...]
>but in "saddr oif eq 0 drop" case they really should have no oif, the
>address should not be considered routeable.
Yes, I read the ipt_rpfilter.c's source codes, and I find that there's a test flag
XT_RPFILTER_ACCEPT_LOCAL, so I guess your initial intention is (just my
guess, maybe I'm wrong):
0 - no route
1 - local route
others - routing oif
>
>Pablo, please don't apply this; I would like to look at this next week.
>
>Msybe this needs a check if we're testing daddr or saddr.
?韬{.n?壏煯壄?%娝?檩?w?{.n?壏租栕庄z_鉃豝n噐■?侂h櫒璀?{鄗夸z罐楘+€?zf"穐殘啳嗃i?飦?戧鐉_璁�鎗:+v墾?撸鴐
