At 2016-11-24 22:48:59, "Florian Westphal" <fw@xxxxxxxxx> wrote:
>Liping Zhang <zlpnobody@xxxxxxx> wrote:
[...]
>"1" should only appear if lookup-up address is configured on this machine.
>For saddr, I don't think its good idea, because it will pass
>
>oif ne 0 accept
Yes, my patch will break this.
>
>For ACCEPT_LOCAL i think its easier to combine this with the addrtype
>check of just add explicit accept rules that make it bypass nft_fib
>rule.
Yes, combine this with addrtype will be easier. My first thought was that
we can also use "fib saddr oif eq 1" to simulate the ACCECPT_LOCAL, but
I'm wrong, it will become more complicated.
>
>What do you think?
>
>I agree that for your prerouting daddr example 0 makes no sense and 1
>would indeed be a better option.
>
?韬{.n?壏煯壄?%娝?檩?w?{.n?壏租栕庄z_鉃豝n噐■?侂h櫒璀?{鄗夸z罐楘+€?zf"穐殘啳嗃i?飦?戧鐉_璁�鎗:+v墾?撸鴐
