On Mon, Feb 4, 2019 at 2:46 PM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > On Tue, Jan 22, 2019 at 08:27:22AM +0100, Alin Năstac wrote: > > On Tue, Jan 22, 2019 at 6:35 AM Florian Westphal <fw@xxxxxxxxx> wrote: > > > > > > Eli Cooper <elicooper@xxxxxxx> wrote: > > > > AFAICT that's not the case: REDIRECT only rewrites daddr, but oif is > > > > left untouched. > > > > > > Thats correct. For OUTPUT, expected behaviour is that 'route type > > > chain' (nftables), respectively mangle OUTPUT -- records the route keys > > > before consulting the ruleset and tests them for changes, then, if > > > any key has changed (this includes skb->mark), mangle/route chain type > > > call *_route_me_harder to re-lookup the route. > > > > True, but I don't understand why the packet is dropped. Due to daddr > > being set to ::1, outgoing interface after ip6_route_me_harder is > > called will be loopback anyway, even if you don't impose it through > > flowi6_oif. > > Still concerns with this, Alin? Well, I haven't received a response yet, it is unclear to me why this commit triggered a packet drop.
