Hi Florian,
2016-11-28 20:25 GMT+08:00 Florian Westphal <fw@xxxxxxxxx>:
[...]
>> diff --git a/net/ipv4/netfilter/nft_fib_ipv4.c b/net/ipv4/netfilter/nft_fib_ipv4.c
>> index 2581363..2107775 100644
>> --- a/net/ipv4/netfilter/nft_fib_ipv4.c
>> +++ b/net/ipv4/netfilter/nft_fib_ipv4.c
>> @@ -130,7 +130,8 @@ void nft_fib4_eval(const struct nft_expr *expr, struct nft_regs *regs,
>> switch (res.type) {
>> case RTN_UNICAST:
>> break;
>> - case RTN_LOCAL: /* should not appear here, see fib4_is_local() above */
>> + case RTN_LOCAL:
>> + nft_fib_store_result(dest, priv->result, pkt, LOOPBACK_IFINDEX);
>
> Liping, what about doing:
>
> case RTN_LOCAL:
> if (priv->flags & NFTA_FIB_F_DADDR)
> nft_fib_store_result(dest, priv->result, pkt, LOOPBACK_IFINDEX);
>
>
> AFAICS this will make above rule work while the saddr test will
> still appear to not have a route at all.
>
> What do you think?
Yes, this will work both for *rpfilter* and my user case.
It seems a little ugly but I cannot find a better solution now ...
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
