提交 e0aac52e 编写于 作者: S Simon Horman 提交者: Pablo Neira Ayuso

ipvs: fix matching of fwmark templates during scheduling

	Commit f11017ec (2.6.37)
moved the fwmark variable in subcontext that is invalidated before
reaching the ip_vs_ct_in_get call. As vaddr is provided as pointer
in the param structure make sure the fwmark variable is in
same context. As the fwmark templates can not be matched,
more and more template connections are created and the
controlled connections can not go to single real server.
Signed-off-by: NJulian Anastasov <ja@ssi.bg>
Cc: stable@vger.kernel.org
Signed-off-by: NSimon Horman <horms@verge.net.au>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 29830406
...@@ -232,6 +232,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, ...@@ -232,6 +232,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
__be16 dport = 0; /* destination port to forward */ __be16 dport = 0; /* destination port to forward */
unsigned int flags; unsigned int flags;
struct ip_vs_conn_param param; struct ip_vs_conn_param param;
const union nf_inet_addr fwmark = { .ip = htonl(svc->fwmark) };
union nf_inet_addr snet; /* source network of the client, union nf_inet_addr snet; /* source network of the client,
after masking */ after masking */
...@@ -267,7 +268,6 @@ ip_vs_sched_persist(struct ip_vs_service *svc, ...@@ -267,7 +268,6 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
{ {
int protocol = iph.protocol; int protocol = iph.protocol;
const union nf_inet_addr *vaddr = &iph.daddr; const union nf_inet_addr *vaddr = &iph.daddr;
const union nf_inet_addr fwmark = { .ip = htonl(svc->fwmark) };
__be16 vport = 0; __be16 vport = 0;
if (dst_port == svc->port) { if (dst_port == svc->port) {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册