Hi Pablo,
> The bitmap assumes that the value is always > 0. If you look at:
>
> static void
> clusterip_config_init_nodelist(struct clusterip_config *c,
> const struct ipt_clusterip_tgt_info *i)
> {
> int n;
>
> for (n = 0; n < i->num_local_nodes; n++)
> set_bit(i->local_nodes[n] - 1, &c->local_nodes);
> }
>
> If we allow i->local_nodes[n] == 0, then this sets bit -1 (underflow).
You're right. However, by accident, it did what we wanted. It
basically sets the MSB of c->local_nodes, but since num_total_nodes is
limited to 16 this meant that it looks to ClusterIP like no nodes are local.
> Could you post your configuration? Hence we can have a look at what was
> working before Dmitry's fix.
We used something like this:
iptables -A INPUT -i eth0 -d 192.168.0.5 -j CLUSTERIP --new --hashmode
sourceip --clustermac 01:00:c0:a8:00:05 --total-nodes 2 --local-node 0
What we actually wanted was to configure this without --local-node at
all. The local nodes should have been assigned later. Since that's
rejected by iptables we used --local-node 0, which was accepted before
Dmitry's fix and did what we wanted.
So my patch is definitely not correct and I guess adding the possibility
to omit --local-node isn't worth the effort for a deprecated module. I
think I'll just add my patch to our HA patchset, which modifies
ipt_CLUSTERIP anyway, until we have a replacement for that.
Thanks,
Tobias
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
