[NETFILTER]: Honour source routing for LVS-NAT

For policy routing, packets originating from this machine itself may be
routed differently to packets passing through. We want this packet to be
routed as if it came from this machine itself. So re-compute the routing
information using ip_route_me_harder().

This patch is derived from work by Ken Brownfield

Cc: Ken Brownfield <krb@irridia.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 10 insertions, 0 deletions

diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 6dee03935f78..1445bb47fea4 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -813,6 +813,16 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
         skb->nh.iph->saddr = cp->vaddr;
         ip_send_check(skb->nh.iph);
 
+        /* For policy routing, packets originating from this
+         * machine itself may be routed differently to packets
+         * passing through.  We want this packet to be routed as
+         * if it came from this machine itself.  So re-compute
+         * the routing information.
+         */
+        if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
+                goto drop;
+        skb = *pskb;
+
         IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
 
         ip_vs_out_stats(cp, skb);