|
Hello,
On Wed, 19 Feb 2014, Hans Schillstrom wrote:
> The problem is if icmp6 is not the first header it will not work...
> i.e. it can be other headers before icmp and if you have -1 you will not
> always get the icmp header.
>
>
> The patch that broke it was:
> commit 9195bb8e381d81d5a315f911904cdf0cfcc919b8
> Author: Ansis Atteka <aatteka@xxxxxxxxxx>
>
> Before there was a
> while (nexthdr != target) {
> ..
> }
>
> now it's
>
> do {
> ..
> } while (!found)
>
> which doesn't work for ipvs, when target is != -1
>
> If you specify a target and it's the first header you should break.
>
> I need to look deeper into the other users also to see that it doesn't
> break anything.
>
> Ansis, I don't think it will break your patch or ?
>
>
> --- a/net/ipv6/exthdrs_core.c 2014-02-19 16:36:22.031686037 +0100
> +++ b/net/ipv6/exthdrs_core.c 2014-02-19 16:37:28.838082168 +0100
> @@ -211,6 +211,9 @@ int ipv6_find_hdr(const struct sk_buff *
> unsigned int hdrlen;
> found = (nexthdr == target);
>
> + if (found && (target > 0))
> + break;
> +
This is against the goal of the above commit.
> if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE)
> {
> if (target < 0)
> break;
May be above check should be:
if (target < 0 || found)
break;
We have to check some callers with -1, may be some
need check for NEXTHDR_NONE, for example, tproxy_tg6_v1(),
also the second call in hmark_pkt_set_htuple_ipv6(). Not sure
about nft_set_pktinfo_ipv6 and its callers.
Regards
--
Julian Anastasov <ja@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
