* ip6_finish_output2 change broke netfilter xt_TEE target
@ 2013-09-17 19:54 Phil Oester
0 siblings, 0 replies; only message in thread
From: Phil Oester @ 2013-09-17 19:54 UTC (permalink / raw)
To: yoshfuji; +Cc: netdev, netfilter-devel
The change made in commit 6fd6ce20 (ipv6: Do not depend on rt->n in
ip6_finish_output2) broke the xt_TEE target for IPv6 packets. Instead
of using the nexthop provided in the --gateway option, ip6_finish_output2
is now performing neighbor solicitation for the original daddr in the
copied skb.
Similar breakage occurred in IPv4, and was fixed (in 2ad5b9e4) by using
the flag FLOWI_FLAG_KNOWN_NH. I can find no easy way to make use of that
flag here. Reverting 6fd6ce20 makes TEE work again, but I am not clear
on what problem that commit was attempting to solve. Yoshifuji?
Phil
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-09-17 19:54 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-17 19:54 ip6_finish_output2 change broke netfilter xt_TEE target Phil Oester
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.