• Eli Cooper's avatar
    netfilter: ipv6: Don't preserve original oif for loopback address · 15df03c6
    Eli Cooper authored
    Commit 508b0904 ("netfilter: ipv6: Preserve link scope traffic
    original oif") made ip6_route_me_harder() keep the original oif for
    link-local and multicast packets. However, it also affected packets
    for the loopback address because it used rt6_need_strict().
    
    REDIRECT rules in the OUTPUT chain rewrite the destination to loopback
    address; thus its oif should not be preserved. This commit fixes the bug
    that redirected local packets are being dropped. Actually the packet was
    not exactly dropped; Instead it was sent out to the original oif rather
    than lo. When a packet with daddr ::1 is sent to the router, it is
    effectively dropped.
    
    Fixes: 508b0904 ("netfilter: ipv6: Preserve link scope traffic original oif")
    Signed-off-by: default avatarEli Cooper <elicooper@gmx.com>
    Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
    15df03c6
netfilter.c 3.31 KB