On Fri, Sep 5, 2008 at 3:36 AM, Simon Horman <horms@xxxxxxxxxxxx> wrote:
> @@ -1244,11 +1278,12 @@ ip_vs_in(unsigned int hooknum, struct sk
> ip_vs_fill_iphdr(af, skb_network_header(skb), &iph);
>
> /*
> - * Big tappo: only PACKET_HOST (neither loopback nor mcasts)
> - * ... don't know why 1st test DOES NOT include 2nd (?)
> + * Big tappo: only PACKET_HOST, including loopback for local client
> + * Don't handle local packets on IPv6 for now
> */
> - if (unlikely(skb->pkt_type != PACKET_HOST
> - || skb->dev->flags & IFF_LOOPBACK || skb->sk)) {
> + if (unlikely(skb->pkt_type != PACKET_HOST ||
> + (af == AF_INET6 || (skb->dev->flags & IFF_LOOPBACK ||
> + skb->sk)))) {
Hm, shouldn't this be (af == AF_INET6 && ...) instead of "||"? The
current expression just NF_ACCEPTs _any_ incoming IPv6 packets, even
non-local ones.
Julius
--
Julius Volz - Corporate Operations - SysOps
Google Switzerland GmbH - Identification No.: CH-020.4.028.116-1
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
