FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-17 22:41:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
714f095f74
linux/net/netfilter/ipvs
History
Hans Schillstrom 714f095f74 ipvs: IPv6 tunnel mode 
IPv6 encapsulation uses a bad source address for the tunnel.
i.e. VIP will be used as local-addr and encap. dst addr.
Decapsulation will not accept this.

Example
LVS (eth1 2003::2:0:1/96, VIP 2003::2:0:100)
   (eth0 2003::1:0:1/96)
RS  (ethX 2003::1:0:5/96)

tcpdump
2003::2:0:100 > 2003::1:0:5: IP6 (hlim 63, next-header TCP (6) payload length: 40)  2003::3:0:10.50991 > 2003::2:0:100.http: Flags [S], cksum 0x7312 (correct), seq 3006460279, win 5760, options [mss 1440,sackOK,TS val 1904932 ecr 0,nop,wscale 3], length 0

In Linux IPv6 impl. you can't have a tunnel with an any cast address
receiving packets (I have not tried to interpret RFC 2473)
To have receive capabilities the tunnel must have:
 - Local address set as multicast addr or an unicast addr
 - Remote address set as an unicast addr.
 - Loop back addres or Link local address are not allowed.

This causes us to setup a tunnel in the Real Server with the
LVS as the remote address, here you can't use the VIP address since it's
used inside the tunnel.

Solution
Use outgoing interface IPv6 address (match against the destination).
i.e. use ip6_route_output() to look up the route cache and
then use ipv6_dev_get_saddr(...) to set the source address of the
encapsulated packet.

Additionally, cache the results in new destination
fields: dst_cookie and dst_saddr and properly check the
returned dst from ip6_route_output. We now add xfrm_lookup
call only for the tunneling method where the source address
is a local one.

Signed-off-by:Hans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-10-19 10:38:48 +02:00
..
ip_vs_app.c ipvs: changes related to service usecnt 2010-09-21 18:12:30 +02:00
ip_vs_conn.c IPVS: Fallback if persistence engine fails 2010-10-04 22:45:24 +09:00
ip_vs_core.c IPVS: Fallback if persistence engine fails 2010-10-04 22:45:24 +09:00
ip_vs_ctl.c IPVS: Allow configuration of persistence engines 2010-10-04 22:45:24 +09:00
ip_vs_dh.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_vs_est.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_vs_ftp.c IPVS: Add struct ip_vs_conn_param 2010-10-04 22:45:24 +09:00
ip_vs_lblc.c fix typos concerning "initiali[zs]e" 2010-06-16 18:05:05 +02:00
ip_vs_lblcr.c fix typos concerning "initiali[zs]e" 2010-06-16 18:05:05 +02:00
ip_vs_lc.c IPVS: use pr_err and friends instead of IP_VS_ERR and friends 2009-08-02 18:29:30 -07:00
ip_vs_nfct.c IPVS: Add struct ip_vs_conn_param 2010-10-04 22:45:24 +09:00
ip_vs_nq.c IPVS: use pr_err and friends instead of IP_VS_ERR and friends 2009-08-02 18:29:30 -07:00
ip_vs_pe_sip.c IPVS: ip_vs_dbg_callid() is only needed for debugging 2010-10-13 21:22:35 +02:00
ip_vs_pe.c IPVS: management of persistence engine modules 2010-10-04 22:45:24 +09:00
ip_vs_proto_ah_esp.c IPVS: Add struct ip_vs_conn_param 2010-10-04 22:45:24 +09:00
ip_vs_proto_sctp.c ipvs: provide default ip_vs_conn_{in,out}_get_proto 2010-08-02 17:12:44 +02:00
ip_vs_proto_tcp.c ipvs: provide default ip_vs_conn_{in,out}_get_proto 2010-08-02 17:12:44 +02:00
ip_vs_proto_udp.c ipvs: provide default ip_vs_conn_{in,out}_get_proto 2010-08-02 17:12:44 +02:00
ip_vs_proto.c netfilter: xt_ipvs (netfilter matcher for IPVS) 2010-07-23 12:42:58 +02:00
ip_vs_rr.c IPVS: use pr_err and friends instead of IP_VS_ERR and friends 2009-08-02 18:29:30 -07:00
ip_vs_sched.c IPVS: ip_vs_{un,}bind_scheduler NULL arguments 2010-10-04 22:45:24 +09:00
ip_vs_sed.c IPVS: use pr_err and friends instead of IP_VS_ERR and friends 2009-08-02 18:29:30 -07:00
ip_vs_sh.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_vs_sync.c IPVS: Add struct ip_vs_pe 2010-10-04 22:45:24 +09:00
ip_vs_wlc.c IPVS: use pr_fmt 2009-07-30 14:29:44 -07:00
ip_vs_wrr.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_vs_xmit.c ipvs: IPv6 tunnel mode 2010-10-19 10:38:48 +02:00
Kconfig IPVS: sip persistence engine 2010-10-04 22:45:24 +09:00
Makefile IPVS: sip persistence engine 2010-10-04 22:45:24 +09:00