Hi Hans,
On Wed, Feb 19, 2014 at 05:04:17PM +0100, Hans Schillstrom wrote:
> The problem is if icmp6 is not the first header it will not work...
> i.e. it can be other headers before icmp and if you have -1 you will not
> always get the icmp header.
Ah bah, I thought they move every extra header after the payload.
> The patch that broke it was:
> commit 9195bb8e381d81d5a315f911904cdf0cfcc919b8
> Author: Ansis Atteka <aatteka@xxxxxxxxxx>
I will take a hard look into that one :-).
> --- a/net/ipv6/exthdrs_core.c 2014-02-19 16:36:22.031686037 +0100
> +++ b/net/ipv6/exthdrs_core.c 2014-02-19 16:37:28.838082168 +0100
If I patch my kernel:
ard@freeze8dev:/mnt/source/kernels/build-hp-ws/l-3.13.3$ diff -u net/netfilter/ipvs/ip_vs_core.c{.org,} ;diff -u net/ipv6/exthdrs_core.c{.org,}
--- net/netfilter/ipvs/ip_vs_core.c.org 2014-01-22 14:46:53.222738221 +0100
+++ net/netfilter/ipvs/ip_vs_core.c 2014-02-19 17:48:09.306379357 +0100
@@ -735,7 +735,10 @@
struct ipv6hdr *ciph;
unsigned short fragoffs;
- ipv6_find_hdr(skb, &icmp_offset, IPPROTO_ICMPV6, &fragoffs, NULL);
+ EnterFunction(10);
+ protocol=ipv6_find_hdr(skb, &icmp_offset, IPPROTO_ICMPV6, &fragoffs, NULL);
+ //ipv6_find_hdr(skb, &icmp_offset, -1, &fragoffs, NULL);
+ IP_VS_DBG(15,"icmp_offset=%d,protocol=%d\n",icmp_offset,protocol);
icmph = (struct icmp6hdr *)(skb_network_header(skb) + icmp_offset);
offs = icmp_offset + sizeof(struct icmp6hdr);
ciph = (struct ipv6hdr *)(skb_network_header(skb) + offs);
@@ -780,6 +783,7 @@
IP_VS_DBG_PKT(11, AF_INET6, pp, skb,
(void *)ciph - (void *)iph,
"Forwarding altered incoming ICMPv6");
+ LeaveFunction(10);
}
#endif
--- net/ipv6/exthdrs_core.c.org 2013-11-06 13:32:34.653688901 +0100
+++ net/ipv6/exthdrs_core.c 2014-02-19 17:49:38.771351902 +0100
@@ -211,6 +211,8 @@
unsigned int hdrlen;
found = (nexthdr == target);
+ if (found && (target > 0))
+ break;
if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
if (target < 0)
break;
I get this again:
Feb 19 18:02:36 c43236 kernel: [106578.432947] IPVS: Enter: ip_vs_out, net/netfilter/ipvs/ip_vs_core.c line 1120
Feb 19 18:02:36 c43236 kernel: [106578.432950] IPVS: Outgoing ICMPv6 (2,0) 2001:7b8:2ff:6f::1->2a02:310:0:1013::1005
Feb 19 18:02:36 c43236 kernel: [106578.432954] IPVS: lookup/out TCP [2001:7b8:32d:0:1864:b6ff:febf:3636]:39993->[2a02:310:0:1013::1005]:80 not hit
Feb 19 18:02:36 c43236 kernel: [106578.432956] IPVS: Incoming ICMPv6 (2,0) 2001:7b8:2ff:6f::1->2a02:310:0:1013::1005
Feb 19 18:02:36 c43236 kernel: [106578.432960] IPVS: lookup/in TCP [2001:7b8:32d:0:1864:b6ff:febf:3636]:39993->[2a02:310:0:1013::1005]:80 hit
Feb 19 18:02:36 c43236 kernel: [106578.432962] IPVS: Enter: ip_vs_icmp_xmit_v6, net/netfilter/ipvs/ip_vs_xmit.c line 1186
Feb 19 18:02:36 c43236 kernel: [106578.432964] IPVS: Enter: ip_vs_nat_icmp_v6, net/netfilter/ipvs/ip_vs_core.c line 738
Feb 19 18:02:36 c43236 kernel: [106578.432965] IPVS: icmp_offset=0,protocol=-2
Feb 19 18:02:36 c43236 kernel: [106578.432966] IPv6 header not found
Feb 19 18:02:36 c43236 kernel: [106578.432969] IPVS: Leave: ip_vs_nat_icmp_v6, net/netfilter/ipvs/ip_vs_core.c line 786
Feb 19 18:02:36 c43236 kernel: [106578.432974] IPVS: Leave: ip_vs_icmp_xmit_v6, net/netfilter/ipvs/ip_vs_xmit.c line 1263
I will take a closer look...
Regards,
Ard
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
