1 files changed, 8 insertions, 8 deletions
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index bfa808f4da1..55af2242bcc 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1772,7 +1772,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_LOCAL_IN,
-                .priority       = 99,
+                .priority       = NF_IP_PRI_NAT_SRC - 2,
        },
        /* After packet filtering, forward packet through VS/DR, VS/TUN,
         * or VS/NAT(change destination), so that filtering rules can be
@@ -1782,7 +1782,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_LOCAL_IN,
-                .priority       = 101,
+                .priority       = NF_IP_PRI_NAT_SRC - 1,
        },
        /* Before ip_vs_in, change source only for VS/NAT */
        {
@@ -1790,7 +1790,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_LOCAL_OUT,
-                .priority       = -99,
+                .priority       = NF_IP_PRI_NAT_DST + 1,
        },
        /* After mangle, schedule and forward local requests */
        {
@@ -1798,7 +1798,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_LOCAL_OUT,
-                .priority       = -98,
+                .priority       = NF_IP_PRI_NAT_DST + 2,
        },
        /* After packet filtering (but before ip_vs_out_icmp), catch icmp
         * destined for 0.0.0.0/0, which is for incoming IPVS connections */
@@ -1824,7 +1824,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
                .hooknum        = NF_INET_LOCAL_IN,
-                .priority       = 99,
+                .priority       = NF_IP6_PRI_NAT_SRC - 2,
        },
        /* After packet filtering, forward packet through VS/DR, VS/TUN,
         * or VS/NAT(change destination), so that filtering rules can be
@@ -1834,7 +1834,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
                .hooknum        = NF_INET_LOCAL_IN,
-                .priority       = 101,
+                .priority       = NF_IP6_PRI_NAT_SRC - 1,
        },
        /* Before ip_vs_in, change source only for VS/NAT */
        {
@@ -1842,7 +1842,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_LOCAL_OUT,
-                .priority       = -99,
+                .priority       = NF_IP6_PRI_NAT_DST + 1,
        },
        /* After mangle, schedule and forward local requests */
        {
@@ -1850,7 +1850,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET6,
                .hooknum        = NF_INET_LOCAL_OUT,
-                .priority       = -98,
+                .priority       = NF_IP6_PRI_NAT_DST + 2,
        },
        /* After packet filtering (but before ip_vs_out_icmp), catch icmp
         * destined for 0.0.0.0/0, which is for incoming IPVS connections */

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index bfa808f4da1..55af2242bcc 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1772,7 +1772,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1772	.owner = THIS_MODULE,	1772	.owner = THIS_MODULE,
1773	.pf = PF_INET,	1773	.pf = PF_INET,
1774	.hooknum = NF_INET_LOCAL_IN,	1774	.hooknum = NF_INET_LOCAL_IN,
1775	.priority = 99,	1775	.priority = NF_IP_PRI_NAT_SRC - 2,
1776	},	1776	},
1777	/* After packet filtering, forward packet through VS/DR, VS/TUN,	1777	/* After packet filtering, forward packet through VS/DR, VS/TUN,
1778	* or VS/NAT(change destination), so that filtering rules can be	1778	* or VS/NAT(change destination), so that filtering rules can be
@@ -1782,7 +1782,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1782	.owner = THIS_MODULE,	1782	.owner = THIS_MODULE,
1783	.pf = PF_INET,	1783	.pf = PF_INET,
1784	.hooknum = NF_INET_LOCAL_IN,	1784	.hooknum = NF_INET_LOCAL_IN,
1785	.priority = 101,	1785	.priority = NF_IP_PRI_NAT_SRC - 1,
1786	},	1786	},
1787	/* Before ip_vs_in, change source only for VS/NAT */	1787	/* Before ip_vs_in, change source only for VS/NAT */
1788	{	1788	{
@@ -1790,7 +1790,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1790	.owner = THIS_MODULE,	1790	.owner = THIS_MODULE,
1791	.pf = PF_INET,	1791	.pf = PF_INET,
1792	.hooknum = NF_INET_LOCAL_OUT,	1792	.hooknum = NF_INET_LOCAL_OUT,
1793	.priority = -99,	1793	.priority = NF_IP_PRI_NAT_DST + 1,
1794	},	1794	},
1795	/* After mangle, schedule and forward local requests */	1795	/* After mangle, schedule and forward local requests */
1796	{	1796	{
@@ -1798,7 +1798,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1798	.owner = THIS_MODULE,	1798	.owner = THIS_MODULE,
1799	.pf = PF_INET,	1799	.pf = PF_INET,
1800	.hooknum = NF_INET_LOCAL_OUT,	1800	.hooknum = NF_INET_LOCAL_OUT,
1801	.priority = -98,	1801	.priority = NF_IP_PRI_NAT_DST + 2,
1802	},	1802	},
1803	/* After packet filtering (but before ip_vs_out_icmp), catch icmp	1803	/* After packet filtering (but before ip_vs_out_icmp), catch icmp
1804	* destined for 0.0.0.0/0, which is for incoming IPVS connections */	1804	* destined for 0.0.0.0/0, which is for incoming IPVS connections */
@@ -1824,7 +1824,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1824	.owner = THIS_MODULE,	1824	.owner = THIS_MODULE,
1825	.pf = PF_INET6,	1825	.pf = PF_INET6,
1826	.hooknum = NF_INET_LOCAL_IN,	1826	.hooknum = NF_INET_LOCAL_IN,
1827	.priority = 99,	1827	.priority = NF_IP6_PRI_NAT_SRC - 2,
1828	},	1828	},
1829	/* After packet filtering, forward packet through VS/DR, VS/TUN,	1829	/* After packet filtering, forward packet through VS/DR, VS/TUN,
1830	* or VS/NAT(change destination), so that filtering rules can be	1830	* or VS/NAT(change destination), so that filtering rules can be
@@ -1834,7 +1834,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1834	.owner = THIS_MODULE,	1834	.owner = THIS_MODULE,
1835	.pf = PF_INET6,	1835	.pf = PF_INET6,
1836	.hooknum = NF_INET_LOCAL_IN,	1836	.hooknum = NF_INET_LOCAL_IN,
1837	.priority = 101,	1837	.priority = NF_IP6_PRI_NAT_SRC - 1,
1838	},	1838	},
1839	/* Before ip_vs_in, change source only for VS/NAT */	1839	/* Before ip_vs_in, change source only for VS/NAT */
1840	{	1840	{
@@ -1842,7 +1842,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1842	.owner = THIS_MODULE,	1842	.owner = THIS_MODULE,
1843	.pf = PF_INET,	1843	.pf = PF_INET,
1844	.hooknum = NF_INET_LOCAL_OUT,	1844	.hooknum = NF_INET_LOCAL_OUT,
1845	.priority = -99,	1845	.priority = NF_IP6_PRI_NAT_DST + 1,
1846	},	1846	},
1847	/* After mangle, schedule and forward local requests */	1847	/* After mangle, schedule and forward local requests */
1848	{	1848	{
@@ -1850,7 +1850,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1850	.owner = THIS_MODULE,	1850	.owner = THIS_MODULE,
1851	.pf = PF_INET6,	1851	.pf = PF_INET6,
1852	.hooknum = NF_INET_LOCAL_OUT,	1852	.hooknum = NF_INET_LOCAL_OUT,
1853	.priority = -98,	1853	.priority = NF_IP6_PRI_NAT_DST + 2,
1854	},	1854	},
1855	/* After packet filtering (but before ip_vs_out_icmp), catch icmp	1855	/* After packet filtering (but before ip_vs_out_icmp), catch icmp
1856	* destined for 0.0.0.0/0, which is for incoming IPVS connections */	1856	* destined for 0.0.0.0/0, which is for incoming IPVS connections */