From: Simon Horman <horms@verge.net.au>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org,
Wensong Zhang <wensong@linux-vs.org>,
Julian Anastasov <ja@ssi.bg>,
Grzegorz Lyczba <grzegorz.lyczba@gmail.com>,
Simon Horman <horms@verge.net.au>
Subject: [PATCH 2/2] ipvs: Fix reuse connection if real server is dead
Date: Wed, 22 May 2013 14:56:49 +0900 [thread overview]
Message-ID: <1369202209-18570-3-git-send-email-horms@verge.net.au> (raw)
In-Reply-To: <1369202209-18570-1-git-send-email-horms@verge.net.au>
From: Grzegorz Lyczba <grzegorz.lyczba@gmail.com>
Expire cached connection for new TCP/SCTP connection if real server is down
Signed-off-by: Grzegorz Lyczba <grzegorz.lyczba@gmail.com>
Acked-by Hans Schillstrom <hans@schillstrom.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
net/netfilter/ipvs/ip_vs_core.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 085b588..7967d12 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1001,6 +1001,33 @@ static inline int is_tcp_reset(const struct sk_buff *skb, int nh_len)
return th->rst;
}
+static inline bool is_new_conn(const struct sk_buff *skb,
+ struct ip_vs_iphdr *iph)
+{
+ switch (iph->protocol) {
+ case IPPROTO_TCP: {
+ struct tcphdr _tcph, *th;
+
+ th = skb_header_pointer(skb, iph->len, sizeof(_tcph), &_tcph);
+ if (th == NULL)
+ return false;
+ return th->syn;
+ }
+ case IPPROTO_SCTP: {
+ sctp_chunkhdr_t *sch, schunk;
+
+ sch = skb_header_pointer(skb, iph->len + sizeof(sctp_sctphdr_t),
+ sizeof(schunk), &schunk);
+ if (sch == NULL)
+ return false;
+ return (sch->type == SCTP_CID_INIT);
+ }
+ default:
+ return false;
+ }
+}
+
+
/* Handle response packets: rewrite addresses and send away...
*/
static unsigned int
@@ -1612,6 +1639,15 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
* Check if the packet belongs to an existing connection entry
*/
cp = pp->conn_in_get(af, skb, &iph, 0);
+
+ if (unlikely(sysctl_expire_nodest_conn(ipvs)) && cp && cp->dest &&
+ unlikely(!atomic_read(&cp->dest->weight)) && !iph.fragoffs &&
+ is_new_conn(skb, &iph)) {
+ ip_vs_conn_expire_now(cp);
+ __ip_vs_conn_put(cp);
+ cp = NULL;
+ }
+
if (unlikely(!cp) && !iph.fragoffs) {
/* No (second) fragments need to enter here, as nf_defrag_ipv6
* replayed fragment zero will already have created the cp
--
1.8.2.1
next prev parent reply other threads:[~2013-05-22 5:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-22 5:56 [GIT PULL nf-next] IPVS for v3.11 Simon Horman
2013-05-22 5:56 ` [PATCH 1/2] ipvs: change type of netns_ipvs->sysctl_sync_qlen_max Simon Horman
2013-05-22 5:56 ` Simon Horman [this message]
2013-05-22 7:06 ` [PATCH 2/2] ipvs: Fix reuse connection if real server is dead Julian Anastasov
2013-05-22 18:11 ` Sergei Shtylyov
2013-05-23 11:34 ` Pablo Neira Ayuso
2013-05-24 3:01 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1369202209-18570-3-git-send-email-horms@verge.net.au \
--to=horms@verge.net.au \
--cc=grzegorz.lyczba@gmail.com \
--cc=ja@ssi.bg \
--cc=lvs-devel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).