On Sun, Mar 07, 2021 at 06:16:34PM -0700, Marc Aurèle La France wrote: > In the non-bridge case, the REJECT target code assumes the REJECTed > packets were originally emitted by the local host, but that's not > necessarily true when the local host is the default route of a subnet > it is on, resulting in RST packets being sent out with an incorrect > destination MAC. Address this by refactoring the handling of bridged > packets which deals with a similar issue. Modulo patch fuzz, the > following applies to v5 and later kernels. The code this patch updates is related to BRIDGE_NETFILTER. Your patch description refers to the non-bridge case. What are you trying to achieve? dev_queue_xmit() path should not be exercised from the prerouting chain, packets generated from the IP later must follow the ip_local_out() path.
