Hi, On Thu, Feb 20, 2014 at 02:10:44PM +0100, Art -kwaak- van Breemen wrote: > On Wed, Feb 19, 2014 at 11:08:43PM +0100, Hans Schillstrom wrote: > > > May be above check should be: > > > > > > if (target < 0 || found) > > > break; > > > > It will work for hmark and it looks like it will work for others, > > with -1 > > > > Maybe Patrick have another opinion... I ack the working of that change for my specific case: passing pmtud's correctly: Feb 20 18:58:59 c43236 kernel: [ 721.473388] IPVS: Enter: ip_vs_icmp_xmit_v6, net/netfilter/ipvs/ip_vs_xmit.c line 1186 Feb 20 18:58:59 c43236 kernel: [ 721.473389] IPVS: Enter: ip_vs_nat_icmp_v6, net/netfilter/ipvs/ip_vs_core.c line 738 Feb 20 18:58:59 c43236 kernel: [ 721.473390] IPVS: icmp_offset=40,protocol=58 Feb 20 18:58:59 c43236 kernel: [ 721.473391] IPVS: ip_vs_nat_icmp_v6() changed port 80 to 80 Feb 20 18:58:59 c43236 kernel: [ 721.473393] IPVS: Leave: ip_vs_nat_icmp_v6, net/netfilter/ipvs/ip_vs_core.c line 786 Feb 20 18:58:59 c43236 kernel: [ 721.473396] IPVS: Leave: ip_vs_icmp_xmit_v6, net/netfilter/ipvs/ip_vs_xmit.c line 1263 and: 18:58:59.067282 00:23:24:26:b4:5c > 00:23:24:26:b4:34, ethertype IPv6 (0x86dd), length 1294: 2001:7b8:2ff:6f::1 > 2a02:310:0:1013::1003: ICMP6, packet too big, mtu 1472, length 1240 So the "|| found" sounds sane. But now I'm going to be an ass by saying that maybe both patches must be applied because we only get into ip_vs_nat_icmp_v6 by ip_vs_fill_iph_skb in include/net/ip_vs.h, which determines the protocol and the start of the protocol header by using -1 as target in ipv6_find_hdr. Actually, before we reach that nat function we have traversed several constructs of: protocol,offset = ipv6_find_hdr (target = -1 ) if ( protocol != IPPROTO_ICMPV6) bail out (return NF_ACCEPT actually) . (and maybe use offset) So I think it's clearer for the total code if we follow the exact same construct: find a protocol, bail out if protocol wrong. It should never happen at that point, but there are more things that never should happen :-). Anyway: whatever you guys decide, I owe you all beer. I think we are one of the few companies that assume a working pmtud for ipv6. Most of the top companies just use an mtu of 1280 because the "hardware" loadbalancer cannot handle it (yet) or just want to prevent the hassle. Thanks! Regards, Ard van Breemen -- To unsubscribe from this list: send the line "unsubscribe lvs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
