From mboxrd@z Thu Jan 1 00:00:00 1970 From: Janusz Krzysztofik Subject: Re: [IPV4] LVS: Allow to send ICMP unreachable responses when real-servers are removed Date: Mon, 14 May 2007 17:49:02 +0200 Message-ID: <464884EE.3030606@tis.icnet.pl> References: <200704271705.l3RH5Brw026873@hera.kernel.org> <4648382E.8030009@trash.net> <20070514.033504.48528120.davem@davemloft.net> <4648714E.9050200@tis.icnet.pl> <464872E2.2030502@trash.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: David Miller , horms@verge.net.au, netdev@vger.kernel.org To: Patrick McHardy Return-path: Received: from d1.icnet.pl ([212.160.220.21]:33739 "EHLO d1.icnet.pl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752004AbXENPtK (ORCPT ); Mon, 14 May 2007 11:49:10 -0400 In-Reply-To: <464872E2.2030502@trash.net> Sender: netdev-owner@vger.kernel.org List-Id: netdev.vger.kernel.org Patrick McHardy wrote: > Janusz Krzysztofik wrote: >> ... ICMP port unreachable messages are not generated inside >> IPVS code, they are just sent, with help of the patch in question, from >> udp_input() or netfilter REJECT. > > Both use icmp_send(), which should always pick a local source, so I > don't understand why this change was needed. Could you describe > the specific case when the packet generated by icmp_send() does > not have a local source? Yes, it happens when a packet with a non-local destination IP address is routed localy in order to reach ip_vs_in(), but is not catched there because of no associated connection and no matching service, so it is passed through and ends up in udp_input(). Then, inside udp_input(), icmp_send() is invoked with original non-local destination IP as source address. Again, all this is my own method, usnig special packet marking, of notifying clients of dead real servers, that is not possible with "pure" LVS methods. More details can be found several paragraphs below http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#F5_snat header. Janusz