git.karo-electronics.de Git - linux-beck.git/commit

author	Jesper Dangaard Brouer <brouer@redhat.com>
	Wed, 26 Sep 2012 12:06:59 +0000 (14:06 +0200)
committer	Simon Horman <horms@verge.net.au>
	Fri, 28 Sep 2012 02:34:24 +0000 (11:34 +0900)
commit	2f74713d1436b7d2d0506ba1bc5f10915a73bbec
tree	7443abafe2fed8dc8018fdb6bbd6a6619c11eb24	tree \| snapshot
parent	63dca2c0b0e7a92cb39d1b1ecefa32ffda201975	commit \| diff

ipvs: Complete IPv6 fragment handling for IPVS

IPVS now supports fragmented packets, with support from nf_conntrack_reasm.c

Based on patch from: Hans Schillstrom.

IPVS do like conntrack i.e. use the skb->nfct_reasm
(i.e. when all fragments is collected, nf_ct_frag6_output()
starts a "re-play" of all fragments into the interrupted
PREROUTING chain at prio -399 (NF_IP6_PRI_CONNTRACK_DEFRAG+1)
with nfct_reasm pointing to the assembled packet.)

Notice, module nf_defrag_ipv6 must be loaded for this to work.
Report unhandled fragments, and recommend user to load nf_defrag_ipv6.

To handle fw-mark for fragments. Add a new IPVS hook into prerouting
chain at prio -99 (NF_IP6_PRI_NAT_DST+1) to catch fragments, and copy
fw-mark info from the first packet with an upper layer header.

IPv6 fragment handling should be the last thing on the IPVS IPv6
missing support list.

Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>

include/net/ip_vs.h		diff \| blob \| history
net/netfilter/ipvs/Kconfig		diff \| blob \| history
net/netfilter/ipvs/ip_vs_conn.c		diff \| blob \| history
net/netfilter/ipvs/ip_vs_core.c		diff \| blob \| history
net/netfilter/ipvs/ip_vs_xmit.c		diff \| blob \| history