On Sun, May 20, 2018 at 01:03:38PM +0200, Vincent Bernat wrote: > In commit 47b7e7f82802, this bit was removed at the same time the > RT6_LOOKUP_F_IFACE flag was removed. However, it is needed when > link-local addresses are used, which is a very common case: when > packets are routed, neighbor solicitations are done using link-local > addresses. For example, the following neighbor solicitation is not > matched by "-m rpfilter": > > IP6 fe80::5254:33ff:fe00:1 > ff02::1:ff00:3: ICMP6, neighbor > solicitation, who has 2001:db8::5254:33ff:fe00:3, length 32 > > Commit 47b7e7f82802 doesn't quite explain why we shouldn't use > RT6_LOOKUP_F_IFACE in the rpfilter case. I suppose the interface check > later in the function would make it redundant. However, the remaining > of the routing code is using RT6_LOOKUP_F_IFACE when there is no > source address (which matches rpfilter's case with a non-unicast > destination, like with neighbor solicitation). Applied, thanks Vincent. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
