On Sat, Jun 02, 2018 at 09:52:15PM +0300, Julian Anastasov wrote: > There is mistake in the rt_mode_allow_non_local assignment. > It should be used to check if sending to non-local addresses is > allowed, now it checks if local addresses are allowed. > > As local addresses are allowed for most of the cases, the only > places that are affected are for traffic to transparent cache > servers: > > - bypass connections when cache server is not available > - related ICMP in FORWARD hook when sent to cache server > > Fixes: 4a4739d56b00 ("ipvs: Pull out crosses_local_route_boundary logic") > Signed-off-by: Julian Anastasov <ja@xxxxxx> Acked-by: Simon Horman <horms@xxxxxxxxxxxx> Pablo, if its not too much trouble please take this into nf. > --- > net/netfilter/ipvs/ip_vs_xmit.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c > index 4527921..8f7fff7 100644 > --- a/net/netfilter/ipvs/ip_vs_xmit.c > +++ b/net/netfilter/ipvs/ip_vs_xmit.c > @@ -168,7 +168,7 @@ static inline bool crosses_local_route_boundary(int skb_af, struct sk_buff *skb, > bool new_rt_is_local) > { > bool rt_mode_allow_local = !!(rt_mode & IP_VS_RT_MODE_LOCAL); > - bool rt_mode_allow_non_local = !!(rt_mode & IP_VS_RT_MODE_LOCAL); > + bool rt_mode_allow_non_local = !!(rt_mode & IP_VS_RT_MODE_NON_LOCAL); > bool rt_mode_allow_redirect = !!(rt_mode & IP_VS_RT_MODE_RDR); > bool source_is_loopback; > bool old_rt_is_local; > -- > 2.9.5 > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html