Re: [PATCH] ipvs: fix ipv6 icmp forwarding in natted services

To: Hans Schillstrom <hans@xxxxxxxxxxxxxxx>
Subject: Re: [PATCH] ipvs: fix ipv6 icmp forwarding in natted services
Cc: Art -kwaak- van Breemen <ard@xxxxxxxxxxxxxxx>, Ansis Atteka <aatteka@xxxxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx, Jesper Dangaard Brouer <brouer@xxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>
From: Julian Anastasov <ja@xxxxxx>
Date: Fri, 21 Feb 2014 11:34:42 +0200 (EET)

On Fri, 21 Feb 2014, Hans Schillstrom wrote:

> We will save some cycles here, very few actually..
> I'm not sure about the mobility header if it can break this.
> Have not read the RFC :-)
> The -1 is OK for me right now

        I don't see any difference what we use here because
we used -1 in ip_vs_fill_iph_skb. If not validated once, with
-1 we can get a NEXTHDR_NONE result when ipv6_find_hdr
returns without error.

        I see that IPVS is hooked before ip6_input_finish()
where all protocol headers without INET6_PROTO_FINAL bit
are pulled from the head.

        I guess such headers are pulled one by one and
at a final step after multiple ip6_input calls IPVS can
see the protocols it supports.

        So, IPVS catches known protocols if they are
first. IMHO, we can continue to use IPPROTO_ICMPV6
because ipv6_find_hdr always stops at the first final


Julian Anastasov <ja@xxxxxx>
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

<Prev in Thread] Current Thread [Next in Thread>