ipvs: fix check on xmit to non-local addresses

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

There is mistake in the rt_mode_allow_non_local assignment.
It should be used to check if sending to non-local addresses is
allowed, now it checks if local addresses are allowed.

As local addresses are allowed for most of the cases, the only
places that are affected are for traffic to transparent cache
servers:

- bypass connections when cache server is not available
- related ICMP in FORWARD hook when sent to cache server

Fixes: 4a4739d56b00 ("ipvs: Pull out crosses_local_route_boundary logic")
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Julian Anastasov and committed by

Pablo Neira Ayuso 7 years ago 6fcc02e3 0cafa392

+1 -1

1 changed file

expand all

net

netfilter

ipvs

ip_vs_xmit.c

+1 -1

net/netfilter/ipvs/ip_vs_xmit.c

··· 168 168 bool new_rt_is_local) 169 169 { 170 170 bool rt_mode_allow_local = !!(rt_mode & IP_VS_RT_MODE_LOCAL); 171 - bool rt_mode_allow_non_local = !!(rt_mode & IP_VS_RT_MODE_LOCAL); 171 + bool rt_mode_allow_non_local = !!(rt_mode & IP_VS_RT_MODE_NON_LOCAL); 172 172 bool rt_mode_allow_redirect = !!(rt_mode & IP_VS_RT_MODE_RDR); 173 173 bool source_is_loopback; 174 174 bool old_rt_is_local;