From: Simon Horman <horms@xxxxxxxxxxxx> Date: Mon, 6 Sep 2010 13:02:29 +0900 > From: Julian Anastasov <ja@xxxxxx> > > - Do not create expectation when forwarding the PORT > command to avoid blocking the connection. The problem is that > nf_conntrack_ftp.c:help() tries to create the same expectation later in > POST_ROUTING and drops the packet with "dropping packet" message after > failure in nf_ct_expect_related. > > - Change ip_vs_update_conntrack to alter the conntrack > for related connections from real server. If we do not alter the reply in > this direction the next packet from client sent to vport 20 comes as NEW > connection. We alter it but may be some collision happens for both > conntracks and the second conntrack gets destroyed immediately. The > connection stucks too. > > Signed-off-by: Julian Anastasov <ja@xxxxxx> > Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx> Applied, thanks. > This change is also applicable to net-next, although there is some diff > noise. Do you want me to resolve that and post a net-next version > separately? (The same applies to "ipvs: avoid oops for passive FTP" which > you merged into net last week.) No need, the next time I merge net-2.6 into net-next-2.6 it will be taken care of transparently. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
