I spent some more time thinking about this and reading the code, and feel I understand what's going on a bit better. It looks like frames written to a tap device go directly to dev_queue_xmit, passing through the egress hook on the way. And for an ipvlan device in l2 mode like mine, the driver skips all the ip_* functions that would hit other hooks and just calls the parent device's xmit methods, so it makes sense that the inet hooks never see the packets on their way out. I've started a different approach using an AF_PACKET socket and am finding it much less problematic than I feared. David
