All of lore.kernel.org
 help / color / mirror / Atom feed
* [GIT PULL nf] Second round of IPVS fixes for v3.17
@ 2014-08-28  2:04 Simon Horman
  2014-08-28  2:04 ` [PATCH nf] ipvs: fix ipv6 hook registration for local replies Simon Horman
  2014-08-30 11:08 ` [GIT PULL nf] Second round of IPVS fixes for v3.17 Pablo Neira Ayuso
  0 siblings, 2 replies; 3+ messages in thread
From: Simon Horman @ 2014-08-28  2:04 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: lvs-devel, netdev, netfilter-devel, Wensong Zhang,
	Julian Anastasov, Simon Horman

Hi Pablo,

please consider this fix IPVS fix for v3.17.

This pull request is based on the first round of fixes for IPVS for v3.17,
tagged as ipvs-fixes2-for-v3.17, which I sent yesterday.


This fix resolves a problem with conflicting hooks whereby DNAT support for
the local server would drop outgoing IPv4 packets if the kernel was
compiled CONFIG_IP_VS_IPV6=y.

This problem dates back to v3.6.37 when the feature in question was added.

I would like this fix considered for -stable.


The following changes since commit ea1d5d7755a3e556de78cc757d1895d5c7180548:

  ipvs: properly declare tunnel encapsulation (2014-08-27 14:31:56 +0900)

are available in the git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes2-for-v3.17

for you to fetch changes up to eb90b0c734ad793d5f5bf230a9e9a4dcc48df8aa:

  ipvs: fix ipv6 hook registration for local replies (2014-08-28 10:52:37 +0900)

----------------------------------------------------------------
Julian Anastasov (1):
      ipvs: fix ipv6 hook registration for local replies

 net/netfilter/ipvs/ip_vs_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [PATCH nf] ipvs: fix ipv6 hook registration for local replies
  2014-08-28  2:04 [GIT PULL nf] Second round of IPVS fixes for v3.17 Simon Horman
@ 2014-08-28  2:04 ` Simon Horman
  2014-08-30 11:08 ` [GIT PULL nf] Second round of IPVS fixes for v3.17 Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Simon Horman @ 2014-08-28  2:04 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: lvs-devel, netdev, netfilter-devel, Wensong Zhang,
	Julian Anastasov, Simon Horman

From: Julian Anastasov <ja@ssi.bg>

commit fc604767613b6d2036cdc35b660bc39451040a47
("ipvs: changes for local real server") from 2.6.37
introduced DNAT support to local real server but the
IPv6 LOCAL_OUT handler ip_vs_local_reply6() is
registered incorrectly as IPv4 hook causing any outgoing
IPv4 traffic to be dropped depending on the IP header values.

Chris tracked down the problem to CONFIG_IP_VS_IPV6=y
Bug report: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1349768

Reported-by: Chris J Arges <chris.j.arges@canonical.com>
Tested-by: Chris J Arges <chris.j.arges@canonical.com>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 net/netfilter/ipvs/ip_vs_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index e683675..5c34e8d 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1906,7 +1906,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
 	{
 		.hook		= ip_vs_local_reply6,
 		.owner		= THIS_MODULE,
-		.pf		= NFPROTO_IPV4,
+		.pf		= NFPROTO_IPV6,
 		.hooknum	= NF_INET_LOCAL_OUT,
 		.priority	= NF_IP6_PRI_NAT_DST + 1,
 	},
-- 
2.0.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [GIT PULL nf] Second round of IPVS fixes for v3.17
  2014-08-28  2:04 [GIT PULL nf] Second round of IPVS fixes for v3.17 Simon Horman
  2014-08-28  2:04 ` [PATCH nf] ipvs: fix ipv6 hook registration for local replies Simon Horman
@ 2014-08-30 11:08 ` Pablo Neira Ayuso
  1 sibling, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2014-08-30 11:08 UTC (permalink / raw)
  To: Simon Horman
  Cc: lvs-devel, netdev, netfilter-devel, Wensong Zhang, Julian Anastasov

On Thu, Aug 28, 2014 at 11:04:27AM +0900, Simon Horman wrote:
> This fix resolves a problem with conflicting hooks whereby DNAT support for
> the local server would drop outgoing IPv4 packets if the kernel was
> compiled CONFIG_IP_VS_IPV6=y.
> 
> This problem dates back to v3.6.37 when the feature in question was added.
> 
> I would like this fix considered for -stable.

Enqueue for -stable.

> The following changes since commit ea1d5d7755a3e556de78cc757d1895d5c7180548:
> 
>   ipvs: properly declare tunnel encapsulation (2014-08-27 14:31:56 +0900)
> 
> are available in the git repository at:
> 
>   https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git tags/ipvs-fixes2-for-v3.17

Pulled, thanks Simon.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-08-30 11:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-28  2:04 [GIT PULL nf] Second round of IPVS fixes for v3.17 Simon Horman
2014-08-28  2:04 ` [PATCH nf] ipvs: fix ipv6 hook registration for local replies Simon Horman
2014-08-30 11:08 ` [GIT PULL nf] Second round of IPVS fixes for v3.17 Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.