|
On Wed, Feb 19, 2014 at 10:21 AM, Art -kwaak- van Breemen
<ard@xxxxxxxxxxxxxxx> wrote:
>
> Hans,
> I want to keep the patch as is, but change the description:
>
> ====
> [PATCH] ipvs: fix wrong icmp_offset in ip_vs_nat_icmp_v6
> From: Ard van Breemen <ard@xxxxxxxxxxxxxxx>
>
>
> Fix regression introduced in 3.8 with commit 9195bb8e381d81
> ("ipv6: improve ipv6_find_hdr() to skip empty routing headers")
> which broke commit 63dca2c0b0e7a9
> ("ipvs: Fix faulty IPv6 extension header handling in IPVS").
> by a small change in ipv6_find_hdr: finding specific protocols is not
> supported anymore, use -1 instead. Solves (pmtud) problems caused by
> damaged IPv6 headers in NAT-ed ICMP packets.
>
> Signed-off-by: Ard van Breemen <ard@xxxxxxxxxxxxxxx>
> CC: Jesper Dangaard Brouer <brouer@xxxxxxxxxx>
> CC: Hans Schillstrom <hans@xxxxxxxxxxxxxxx>
>
> ---
>
> Do you and Ansis agree with me?
My changes to this function were necessary for the Open vSwitch
set_ipv6() action implementation so that checksums would be correctly
recalculated.
I introduced IP6_FH_F_SKIP_RH flag that skips all Routing Headers,
where segments_left==0. This flag allows Open vSwitch kernel module to
figure out whether it needs to recalculate checksum after changing
destination IP address in IPv6 header. In ipv6 the checkum is
calculated over final destination IP address that could also be in
Routing Header intead of ipv6 header (see rfc2460 section 8.1 for more
details).
I believe your patch would break meaning of IP6_FH_F_SKIP_RH flag,
because it would exit early when it saw Routing Header where segments
left == 0.
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
