On Fri, Mar 3, 2017 at 1:12 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Fri, Mar 03, 2017 at 12:56:50PM +0100, Alin Năstac wrote: >> On Fri, Mar 3, 2017 at 12:39 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: >> > On Wed, Mar 01, 2017 at 02:47:23PM +0100, Alin Nastac wrote: >> >> Link-local and multicast packets must keep their original oif after >> >> ip6_route_me_harder is called. >> > >> > Out of curiosity, how does the setup you use look like to trigger this >> > problem? >> >> ICMPv6 RA/NS/NA are marked by a -j MARK iptables rule (the mark value >> is used to set the QoS queue). >> Because skb->mark value changed, ip6t_mangle_out will call ip6_route_me_harder. > > That sounds quite standard. Did this broke after kernel upgrade? I'm > trying to guess if the problem is somewhere else... I used kernel version 4.1 to test an adapted version of this patch. Judging after ip6_route_output_flags() definition present in kernel version 4.10, callers are expected to provide a valid value for fl6->flowi6_oif when rt6_need_strict(&fl6->daddr) is true. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
