Packets that have been processed by LVS are being sent out immediately
meaning that there's no chance for looping in ip_vs_out so I removed
the ipvs_property sets/checks from those paths. Packets that have been
sent out first go through POSTROUTING (again) and aren't changed in the
case of LVS-DR and LVS-TUN so I've used the flag to prevent an infinite
loop in ip_vs_in.
--
Jason Stubbs <j.stubbs@xxxxxxxxxxxxxxx>
LINKTHINK INC.
東京都渋谷区桜ヶ丘町22-14 N.E.S S棟 3F
TEL 03-5728-4772 FAX 03-5728-4773
diff -urp linux.3.routing/net/ipv4/ipvs/ip_vs_core.c linux.4.recursion/net/ipv4/ipvs/ip_vs_core.c
--- linux.3.routing/net/ipv4/ipvs/ip_vs_core.c 2008-04-15 13:06:50.942660390 +0900
+++ linux.4.recursion/net/ipv4/ipvs/ip_vs_core.c 2008-04-15 13:07:04.424842262 +0900
@@ -640,7 +640,6 @@ static int ip_vs_out_icmp(struct sk_buff
/* do the statistics and put it back */
ip_vs_out_stats(cp, skb);
- skb->ipvs_property = 1;
verdict = NF_ACCEPT;
out:
@@ -676,9 +675,6 @@ ip_vs_out(unsigned int hooknum, struct s
EnterFunction(11);
- if (skb->ipvs_property)
- return NF_ACCEPT;
-
iph = ip_hdr(skb);
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
int related, verdict = ip_vs_out_icmp(skb, &related);
@@ -754,8 +750,6 @@ ip_vs_out(unsigned int hooknum, struct s
ip_vs_set_state(cp, IP_VS_DIR_OUTPUT, skb, pp);
ip_vs_conn_put(cp);
- skb->ipvs_property = 1;
-
LeaveFunction(11);
return NF_ACCEPT;
@@ -877,6 +871,9 @@ ip_vs_in(unsigned int hooknum, struct sk
int ret, restart;
int ihl;
+ if (skb->ipvs_property)
+ return NF_ACCEPT;
+
iph = ip_hdr(skb);
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
int related, verdict = ip_vs_in_icmp(skb, &related, hooknum);
