Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > >This seems to do the trick: > > To simplify this example below, would it be possible to extend nft_fib > to attach DST_METADATA in prerouting to modify the ip6_route_input_lookup() > behaviour? This is similar to the conntrack template, but for routing. skb_valid_dst() doesn't consider DST_METADATA as a valid dst, afaics the dst is then discarded and we end up in the same code paths. But I think we could extend nft_fib to attach a route/dst. But at this time I don't want to spend time on enabling such hacks (lo-to-remote-dst-nat) unless there is a good use case for it.
