Re: [PATCH net] ipvs: fix check on xmit to non-local addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jun 02, 2018 at 09:52:15PM +0300, Julian Anastasov wrote:
> There is mistake in the rt_mode_allow_non_local assignment.
> It should be used to check if sending to non-local addresses is
> allowed, now it checks if local addresses are allowed.
> 
> As local addresses are allowed for most of the cases, the only
> places that are affected are for traffic to transparent cache
> servers:
> 
> - bypass connections when cache server is not available
> - related ICMP in FORWARD hook when sent to cache server
> 
> Fixes: 4a4739d56b00 ("ipvs: Pull out crosses_local_route_boundary logic")
> Signed-off-by: Julian Anastasov <ja@xxxxxx>

Acked-by: Simon Horman <horms@xxxxxxxxxxxx>

Pablo, if its not too much trouble please take this into nf.

> ---
>  net/netfilter/ipvs/ip_vs_xmit.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
> index 4527921..8f7fff7 100644
> --- a/net/netfilter/ipvs/ip_vs_xmit.c
> +++ b/net/netfilter/ipvs/ip_vs_xmit.c
> @@ -168,7 +168,7 @@ static inline bool crosses_local_route_boundary(int skb_af, struct sk_buff *skb,
>  						bool new_rt_is_local)
>  {
>  	bool rt_mode_allow_local = !!(rt_mode & IP_VS_RT_MODE_LOCAL);
> -	bool rt_mode_allow_non_local = !!(rt_mode & IP_VS_RT_MODE_LOCAL);
> +	bool rt_mode_allow_non_local = !!(rt_mode & IP_VS_RT_MODE_NON_LOCAL);
>  	bool rt_mode_allow_redirect = !!(rt_mode & IP_VS_RT_MODE_RDR);
>  	bool source_is_loopback;
>  	bool old_rt_is_local;
> -- 
> 2.9.5
> 
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux