On Tue, Aug 12, 2025 at 01:17:43PM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > >This seems to do the trick:
> >
> > To simplify this example below, would it be possible to extend nft_fib
> > to attach DST_METADATA in prerouting to modify the ip6_route_input_lookup()
> > behaviour? This is similar to the conntrack template, but for routing.
>
> skb_valid_dst() doesn't consider DST_METADATA as a valid dst, afaics the
> dst is then discarded and we end up in the same code paths.
>
> But I think we could extend nft_fib to attach a route/dst.
Then ip6_route_input_lookup() needs to be updated, and it would be
good if there is a flag somewhere to specify that the existing route
is intentional to skip this:
skb_dst_drop(skb);
skb_dst_set_noref(skb, ip6_route_input_lookup(net, skb->dev,
&fl6, skb, flags));
> But at this time I don't want to spend time on enabling such hacks
> (lo-to-remote-dst-nat) unless there is a good use case for it.
I am not familiar with this use-case.
