On 2019/1/21 22:39, Alin Năstac wrote:
> On Mon, Jan 21, 2019 at 11:45 AM Eli Cooper <elicooper@xxxxxxx> wrote:
>> Commit 508b09046c0f ("netfilter: ipv6: Preserve link scope traffic
>> original oif") made ip6_route_me_harder() keep the original oif for
>> link-local and multicast packets. However, it also affected packets
>> for the loopback address because it used rt6_need_strict().
>>
>> REDIRECT rules in the OUTPUT chain rewrite the destination to loopback
>> address; thus its oif should not be preserved. This commit fixes the bug
>> that redirected local packets are being dropped.
> In your scenario iph->daddr was already set by REDIRECT to ::1,
> wouldn't oif remain set to loopback interface regardless of what
> implementation you choose for ip6_route_me_harder?
AFAICT that's not the case: REDIRECT only rewrites daddr, but oif is
left untouched. While it can also be fixed by setting oif to loopback
interface in REDIRECT, I chose to fix ip6_route_me_harder() since
that's where the regression first get introduced.
