From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 03/05]: Honour source routing for LVS-NAT
Date: Mon, 2 Oct 2006 17:46:07 +0200 (MEST) [thread overview]
Message-ID: <20061002154720.13121.79607.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20061002154716.13121.53265.sendpatchset@localhost.localdomain>
[NETFILTER]: Honour source routing for LVS-NAT
For policy routing, packets originating from this machine itself may be
routed differently to packets passing through. We want this packet to be
routed as if it came from this machine itself. So re-compute the routing
information using ip_route_me_harder().
This patch is derived from work by Ken Brownfield
Cc: Ken Brownfield <krb@irridia.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 1bc8aeeaf12d73774421e408d7f6461a20cebc5e
tree 273fb8d8604554aecf263bef82a43f781a019333
parent fa2cba7f2f3ce89d34fdb903f7d80494439e6b59
author Simon Horman <horms@verge.net.au> Mon, 02 Oct 2006 17:39:45 +0200
committer Patrick McHardy <kaber@trash.net> Mon, 02 Oct 2006 17:39:45 +0200
net/ipv4/ipvs/ip_vs_core.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 6dee039..1445bb4 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -813,6 +813,16 @@ ip_vs_out(unsigned int hooknum, struct s
skb->nh.iph->saddr = cp->vaddr;
ip_send_check(skb->nh.iph);
+ /* For policy routing, packets originating from this
+ * machine itself may be routed differently to packets
+ * passing through. We want this packet to be routed as
+ * if it came from this machine itself. So re-compute
+ * the routing information.
+ */
+ if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
+ goto drop;
+ skb = *pskb;
+
IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
ip_vs_out_stats(cp, skb);
next prev parent reply other threads:[~2006-10-02 15:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-02 15:46 [NETFILTER 00/05]: Small netfilter update Patrick McHardy
2006-10-02 15:46 ` [NETFILTER 01/05]: Kconfig: fix xt_physdev dependencies Patrick McHardy
2006-10-02 15:46 ` [NETFILTER 02/05]: add type parameter to ip_route_me_harder Patrick McHardy
2006-10-02 15:46 ` Patrick McHardy [this message]
2006-10-02 15:46 ` [NETFILTER 04/05]: ipt_REJECT: remove largely duplicate route_reverse function Patrick McHardy
2006-10-02 15:46 ` [NETFILTER 05/05]: ebt_mark: add or/and/xor action support to mark target Patrick McHardy
2006-10-02 23:13 ` [NETFILTER 00/05]: Small netfilter update David Miller
2006-10-10 4:38 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061002154720.13121.79607.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.