[Utopic][Trusty SRU][PATCH] ipvs: fix ipv6 hook registration for local replies

Chris J Arges chris.j.arges at canonical.com
Wed Sep 24 14:50:38 UTC 2014

From: Julian Anastasov <ja at ssi.bg>

BugLink: http://bugs.launchpad.net/bugs/1349768

commit fc604767613b6d2036cdc35b660bc39451040a47
("ipvs: changes for local real server") from 2.6.37
introduced DNAT support to local real server but the
IPv6 LOCAL_OUT handler ip_vs_local_reply6() is
registered incorrectly as IPv4 hook causing any outgoing
IPv4 traffic to be dropped depending on the IP header values.

Chris tracked down the problem to CONFIG_IP_VS_IPV6=y
Bug report: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1349768

Reported-by: Chris J Arges <chris.j.arges at canonical.com>
Tested-by: Chris J Arges <chris.j.arges at canonical.com>
Signed-off-by: Julian Anastasov <ja at ssi.bg>
Signed-off-by: Simon Horman <horms at verge.net.au>
(cherry picked from commit eb90b0c734ad793d5f5bf230a9e9a4dcc48df8aa)
Signed-off-by: Chris J Arges <chris.j.arges at canonical.com>
 net/netfilter/ipvs/ip_vs_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index e683675..5c34e8d 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1906,7 +1906,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
 		.hook		= ip_vs_local_reply6,
 		.owner		= THIS_MODULE,
-		.pf		= NFPROTO_IPV4,
+		.pf		= NFPROTO_IPV6,
 		.hooknum	= NF_INET_LOCAL_OUT,
 		.priority	= NF_IP6_PRI_NAT_DST + 1,

More information about the kernel-team mailing list