* ip6_finish_output2 change broke netfilter xt_TEE target
@ 2013-09-17 19:54 Phil Oester
0 siblings, 0 replies; only message in thread
From: Phil Oester @ 2013-09-17 19:54 UTC (permalink / raw)
To: yoshfuji; +Cc: netdev, netfilter-devel
The change made in commit 6fd6ce20 (ipv6: Do not depend on rt->n in
ip6_finish_output2) broke the xt_TEE target for IPv6 packets. Instead
of using the nexthop provided in the --gateway option, ip6_finish_output2
is now performing neighbor solicitation for the original daddr in the
copied skb.
Similar breakage occurred in IPv4, and was fixed (in 2ad5b9e4) by using
the flag FLOWI_FLAG_KNOWN_NH. I can find no easy way to make use of that
flag here. Reverting 6fd6ce20 makes TEE work again, but I am not clear
on what problem that commit was attempting to solve. Yoshifuji?
Phil
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-09-17 19:54 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-17 19:54 ip6_finish_output2 change broke netfilter xt_TEE target Phil Oester
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).