ipvs: fix matching of fwmark templates during scheduling

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Commit f11017ec2d1859c661f4e2b12c4a8d250e1f47cf (2.6.37)
moved the fwmark variable in subcontext that is invalidated before
reaching the ip_vs_ct_in_get call. As vaddr is provided as pointer
in the param structure make sure the fwmark variable is in
same context. As the fwmark templates can not be matched,
more and more template connections are created and the
controlled connections can not go to single real server.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Cc: stable@vger.kernel.org
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Simon Horman and committed by

Pablo Neira Ayuso 14 years ago e0aac52e 29830406

+1 -1

1 changed file

expand all

net

netfilter

ipvs

ip_vs_core.c

+1 -1

net/netfilter/ipvs/ip_vs_core.c

··· 232 232 __be16 dport = 0; /* destination port to forward */ 233 233 unsigned int flags; 234 234 struct ip_vs_conn_param param; 235 + const union nf_inet_addr fwmark = { .ip = htonl(svc->fwmark) }; 235 236 union nf_inet_addr snet; /* source network of the client, 236 237 after masking */ 237 238 ··· 268 267 { 269 268 int protocol = iph.protocol; 270 269 const union nf_inet_addr *vaddr = &iph.daddr; 271 - const union nf_inet_addr fwmark = { .ip = htonl(svc->fwmark) }; 272 270 __be16 vport = 0; 273 271 274 272 if (dst_port == svc->port) {