diff options
| author | Julian Anastasov <ja@ssi.bg> | 2010-09-05 14:02:29 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-09-08 13:39:57 -0400 |
| commit | 6523ce1525e88c598c75a1a6b8c4edddfa9defe8 (patch) | |
| tree | c3439e9c509676a0c29cd81fdaa65ad2632b903c /include/net/ip_vs.h | |
| parent | 64289c8e6851bca0e589e064c9a5c9fbd6ae5dd4 (diff) | |
ipvs: fix active FTP
- Do not create expectation when forwarding the PORT
command to avoid blocking the connection. The problem is that
nf_conntrack_ftp.c:help() tries to create the same expectation later in
POST_ROUTING and drops the packet with "dropping packet" message after
failure in nf_ct_expect_related.
- Change ip_vs_update_conntrack to alter the conntrack
for related connections from real server. If we do not alter the reply in
this direction the next packet from client sent to vport 20 comes as NEW
connection. We alter it but may be some collision happens for both
conntracks and the second conntrack gets destroyed immediately. The
connection stucks too.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/ip_vs.h')
| -rw-r--r-- | include/net/ip_vs.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index a4747a0f7303..f976885f686f 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h | |||
| @@ -955,6 +955,9 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum) | |||
| 955 | return csum_partial(diff, sizeof(diff), oldsum); | 955 | return csum_partial(diff, sizeof(diff), oldsum); |
| 956 | } | 956 | } |
| 957 | 957 | ||
| 958 | extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, | ||
| 959 | int outin); | ||
| 960 | |||
| 958 | #endif /* __KERNEL__ */ | 961 | #endif /* __KERNEL__ */ |
| 959 | 962 | ||
| 960 | #endif /* _NET_IP_VS_H */ | 963 | #endif /* _NET_IP_VS_H */ |