Commit 473b23d3 authored by Julius Volz's avatar Julius Volz Committed by Simon Horman
Browse files

IPVS: Activate IPv6 Netfilter hooks 



Register the previously defined or adapted netfilter hook functions for
IPv6 as PF_INET6 hooks.

Signed-off-by: default avatarJulius Volz <juliusv@google.com>
Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
parent cfc78c5a

net/ipv4/ipvs/ip_vs_core.c

+37 −0
Original line number Diff line number Diff line
@@ -1413,6 +1413,43 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = { 
		.hooknum        = NF_INET_POST_ROUTING,

		.priority       = NF_IP_PRI_NAT_SRC-1,

	},

#ifdef CONFIG_IP_VS_IPV6

	/* After packet filtering, forward packet through VS/DR, VS/TUN,

	 * or VS/NAT(change destination), so that filtering rules can be

	 * applied to IPVS. */

	{

		.hook		= ip_vs_in,

		.owner		= THIS_MODULE,

		.pf		= PF_INET6,

		.hooknum        = NF_INET_LOCAL_IN,

		.priority       = 100,

	},

	/* After packet filtering, change source only for VS/NAT */

	{

		.hook		= ip_vs_out,

		.owner		= THIS_MODULE,

		.pf		= PF_INET6,

		.hooknum        = NF_INET_FORWARD,

		.priority       = 100,

	},

	/* After packet filtering (but before ip_vs_out_icmp), catch icmp

	 * destined for 0.0.0.0/0, which is for incoming IPVS connections */

	{

		.hook		= ip_vs_forward_icmp_v6,

		.owner		= THIS_MODULE,

		.pf		= PF_INET6,

		.hooknum        = NF_INET_FORWARD,

		.priority       = 99,

	},

	/* Before the netfilter connection tracking, exit from POST_ROUTING */

	{

		.hook		= ip_vs_post_routing,

		.owner		= THIS_MODULE,

		.pf		= PF_INET6,

		.hooknum        = NF_INET_POST_ROUTING,

		.priority       = NF_IP6_PRI_NAT_SRC-1,

	},

#endif

};

CRA Git | Maintained and supported by SUSTech CRA and CCSE