1 files changed, 37 insertions, 0 deletions
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 5a7a81778b0b..7d3de9db5ac5 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -1413,6 +1413,43 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .hooknum        = NF_INET_POST_ROUTING,
                .priority       = NF_IP_PRI_NAT_SRC-1,
        },
+#ifdef CONFIG_IP_VS_IPV6
+        /* After packet filtering, forward packet through VS/DR, VS/TUN,
+         * or VS/NAT(change destination), so that filtering rules can be
+         * applied to IPVS. */
+        {
+                .hook           = ip_vs_in,
+                .owner          = THIS_MODULE,
+                .pf             = PF_INET6,
+                .hooknum        = NF_INET_LOCAL_IN,
+                .priority       = 100,
+        },
+        /* After packet filtering, change source only for VS/NAT */
+        {
+                .hook           = ip_vs_out,
+                .owner          = THIS_MODULE,
+                .pf             = PF_INET6,
+                .hooknum        = NF_INET_FORWARD,
+                .priority       = 100,
+        },
+        /* After packet filtering (but before ip_vs_out_icmp), catch icmp
+         * destined for 0.0.0.0/0, which is for incoming IPVS connections */
+        {
+                .hook           = ip_vs_forward_icmp_v6,
+                .owner          = THIS_MODULE,
+                .pf             = PF_INET6,
+                .hooknum        = NF_INET_FORWARD,
+                .priority       = 99,
+        },
+        /* Before the netfilter connection tracking, exit from POST_ROUTING */
+        {
+                .hook           = ip_vs_post_routing,
+                .owner          = THIS_MODULE,
+                .pf             = PF_INET6,
+                .hooknum        = NF_INET_POST_ROUTING,
+                .priority       = NF_IP6_PRI_NAT_SRC-1,
+        },
+#endif
 };

diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 5a7a81778b0b..7d3de9db5ac5 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -1413,6 +1413,43 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
1413	.hooknum = NF_INET_POST_ROUTING,	1413	.hooknum = NF_INET_POST_ROUTING,
1414	.priority = NF_IP_PRI_NAT_SRC-1,	1414	.priority = NF_IP_PRI_NAT_SRC-1,
1415	},	1415	},
		1416	#ifdef CONFIG_IP_VS_IPV6
		1417	/* After packet filtering, forward packet through VS/DR, VS/TUN,
		1418	* or VS/NAT(change destination), so that filtering rules can be
		1419	* applied to IPVS. */
		1420	{
		1421	.hook = ip_vs_in,
		1422	.owner = THIS_MODULE,
		1423	.pf = PF_INET6,
		1424	.hooknum = NF_INET_LOCAL_IN,
		1425	.priority = 100,
		1426	},
		1427	/* After packet filtering, change source only for VS/NAT */
		1428	{
		1429	.hook = ip_vs_out,
		1430	.owner = THIS_MODULE,
		1431	.pf = PF_INET6,
		1432	.hooknum = NF_INET_FORWARD,
		1433	.priority = 100,
		1434	},
		1435	/* After packet filtering (but before ip_vs_out_icmp), catch icmp
		1436	* destined for 0.0.0.0/0, which is for incoming IPVS connections */
		1437	{
		1438	.hook = ip_vs_forward_icmp_v6,
		1439	.owner = THIS_MODULE,
		1440	.pf = PF_INET6,
		1441	.hooknum = NF_INET_FORWARD,
		1442	.priority = 99,
		1443	},
		1444	/* Before the netfilter connection tracking, exit from POST_ROUTING */
		1445	{
		1446	.hook = ip_vs_post_routing,
		1447	.owner = THIS_MODULE,
		1448	.pf = PF_INET6,
		1449	.hooknum = NF_INET_POST_ROUTING,
		1450	.priority = NF_IP6_PRI_NAT_SRC-1,
		1451	},
		1452	#endif
1416	};	1453	};
1417		1454
1418		1455