LVS
lvs-devel
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [PATCH] ipvs: fix ipv6 icmp forwarding in natted services

from [Julian Anastasov] [Permanent Link]
To: Art -kwaak- van Breemen <ard@xxxxxxxxxxxxxxx>
Subject: Re: [PATCH] ipvs: fix ipv6 icmp forwarding in natted services
Cc: lvs-devel@xxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Tue, 18 Feb 2014 23:02:13 +0200 (EET) 
        Hello,

On Tue, 18 Feb 2014, Art -kwaak- van Breemen wrote:

> On Tue, Feb 18, 2014 at 02:37:25PM +0100, Art -kwaak- van Breemen wrote:
> > With attached patch (agains 3.13.3, but probably generic to >= 3.10) I get 
> > this:
> 
> should have been diff -up, instead of diff.
> 
> A cleanup of the icmpv6 handling for natted lvs services resulted
> in the icmp packet being corrupted.
> The ipv6_find_hdr seems to want to have -1 as a target for outer
> level headers instead of a target >=0. The result is that packet
> mangling was writing to the wrong offset, corrupting the packet,
> and so disabling path-mtu-discovery.
> - add extra debugging only output
> - change target to -1
> 
> Signed-off-by: Ard van Breemen <ard@xxxxxxxxxxxxxxx>

        Thanks for testing! This patch needs some tuning,
refer to Documentation/CodingStyle for the rules.
checkpatch.pl reports for the problems:

====
# scripts/checkpatch.pl /tmp/lvs-icmp-bug.patch 
ERROR: spaces required around that '=' (ctx:VxV)
#9: FILE: net/netfilter/ipvs/ip_vs_core.c:739:
+       protocol=ipv6_find_hdr(skb, &icmp_offset, -1, &fragoffs, NULL);
                ^

ERROR: space required after that ',' (ctx:VxV)
#10: FILE: net/netfilter/ipvs/ip_vs_core.c:740:
+       IP_VS_DBG(15,"icmp_offset=%d,protocol=%d\n",icmp_offset,protocol);
                    ^

ERROR: space required after that ',' (ctx:VxV)
#10: FILE: net/netfilter/ipvs/ip_vs_core.c:740:
+       IP_VS_DBG(15,"icmp_offset=%d,protocol=%d\n",icmp_offset,protocol);
                                                   ^

ERROR: space required after that ',' (ctx:VxV)
#10: FILE: net/netfilter/ipvs/ip_vs_core.c:740:
+       IP_VS_DBG(15,"icmp_offset=%d,protocol=%d\n",icmp_offset,protocol);
                                                               ^

ERROR: Missing Signed-off-by: line(s)

total: 5 errors, 0 warnings, 17 lines checked

/tmp/lvs-icmp-bug.patch has style problems, please review.
====

        I agree for the comment but not sure if it is
appropriate for bugfixes that go to stable kernels.
Also, the format should be icmp_offset=%u, not %d.

        Also, we should mention the problematic commit
and to CC the authors. You can tune/borrow from the
following example:

====
[PATCH] ipvs: fix wrong icmp_offset in ip_vs_nat_icmp_v6

Fix regression introduced in 3.8 with commit 63dca2c0b0e7a9
("ipvs: Fix faulty IPv6 extension header handling in IPVS").
Calling ipv6_find_hdr with protocol (IPPROTO_ICMPV6) is not
supported, use -1 instead. Solves problem of damaged IPv6
headers in NAT-ed ICMP packets.

Signed-off-by: Ard van Breemen <ard@xxxxxxxxxxxxxxx>
CC: Jesper Dangaard Brouer <brouer@xxxxxxxxxx>
CC: Hans Schillstrom <hans.schillstrom@xxxxxxxxxxxx>
====

Regards

--
Julian Anastasov <ja@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH] ipvs: fix ipv6 icmp forwarding in natted services, Art -kwaak- van Breemen
Next by Date:  Re: [PATCH] ipvs: fix ipv6 icmp forwarding in natted services, Hans Schillstrom
Previous by Thread:  Re: [PATCH] ipvs: fix ipv6 icmp forwarding in natted services, Hans Schillstrom
Next by Thread:  Re: [PATCH] ipvs: fix ipv6 icmp forwarding in natted services, Art -kwaak- van Breemen
Indexes:  [Date] [Thread] [Top] [All Lists]