Pandora Sourcecodes - pandora-kernel.git/commit

author	Julian Anastasov <ja@ssi.bg>
	Sun, 17 Oct 2010 13:24:37 +0000 (16:24 +0300)
committer	Simon Horman <horms@verge.net.au>
	Thu, 21 Oct 2010 08:50:41 +0000 (10:50 +0200)
commit	190ecd27cd7294105e3b26ca71663c7d940acbbb
tree	0dfc3569862e260a7c35c7dee14332de4345eeba	tree \| snapshot
parent	cf356d69db0afef692cd640917bc70f708c27f14	commit \| diff

ipvs: do not schedule conns from real servers

This patch is needed to avoid scheduling of
packets from local real server when we add ip_vs_in
in LOCAL_OUT hook to support local client.

Currently, when ip_vs_in can not find existing
connection it tries to create new one by calling ip_vs_schedule.

The default indication from ip_vs_schedule was if
connection was scheduled to real server. If real server is
not available we try to use the bypass forwarding method
or to send ICMP error. But in some cases we do not want to use
the bypass feature. So, add flag 'ignored' to indicate if
the scheduler ignores this packet.

Make sure we do not create new connections from replies.
We can hit this problem for persistent services and local real
server when ip_vs_in is added to LOCAL_OUT hook to handle
local clients.

Also, make sure ip_vs_schedule ignores SYN packets
for Active FTP DATA from local real server. The FTP DATA
connection should be created on SYN+ACK from client to assign
correct connection daddr.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>

include/net/ip_vs.h		diff \| blob \| history
net/netfilter/ipvs/ip_vs_core.c		diff \| blob \| history
net/netfilter/ipvs/ip_vs_proto_sctp.c		diff \| blob \| history
net/netfilter/ipvs/ip_vs_proto_tcp.c		diff \| blob \| history
net/netfilter/ipvs/ip_vs_proto_udp.c		diff \| blob \| history