diff options
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_conn.c | 9 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_core.c | 4 |
2 files changed, 9 insertions, 4 deletions
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c index 60aba45023ff..77bfdfeb966e 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c | |||
| @@ -260,7 +260,10 @@ struct ip_vs_conn *ip_vs_ct_in_get | |||
| 260 | list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { | 260 | list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { |
| 261 | if (cp->af == af && | 261 | if (cp->af == af && |
| 262 | ip_vs_addr_equal(af, s_addr, &cp->caddr) && | 262 | ip_vs_addr_equal(af, s_addr, &cp->caddr) && |
| 263 | ip_vs_addr_equal(af, d_addr, &cp->vaddr) && | 263 | /* protocol should only be IPPROTO_IP if |
| 264 | * d_addr is a fwmark */ | ||
| 265 | ip_vs_addr_equal(protocol == IPPROTO_IP ? AF_UNSPEC : af, | ||
| 266 | d_addr, &cp->vaddr) && | ||
| 264 | s_port == cp->cport && d_port == cp->vport && | 267 | s_port == cp->cport && d_port == cp->vport && |
| 265 | cp->flags & IP_VS_CONN_F_TEMPLATE && | 268 | cp->flags & IP_VS_CONN_F_TEMPLATE && |
| 266 | protocol == cp->protocol) { | 269 | protocol == cp->protocol) { |
| @@ -698,7 +701,9 @@ ip_vs_conn_new(int af, int proto, const union nf_inet_addr *caddr, __be16 cport, | |||
| 698 | cp->cport = cport; | 701 | cp->cport = cport; |
| 699 | ip_vs_addr_copy(af, &cp->vaddr, vaddr); | 702 | ip_vs_addr_copy(af, &cp->vaddr, vaddr); |
| 700 | cp->vport = vport; | 703 | cp->vport = vport; |
| 701 | ip_vs_addr_copy(af, &cp->daddr, daddr); | 704 | /* proto should only be IPPROTO_IP if d_addr is a fwmark */ |
| 705 | ip_vs_addr_copy(proto == IPPROTO_IP ? AF_UNSPEC : af, | ||
| 706 | &cp->daddr, daddr); | ||
| 702 | cp->dport = dport; | 707 | cp->dport = dport; |
| 703 | cp->flags = flags; | 708 | cp->flags = flags; |
| 704 | spin_lock_init(&cp->lock); | 709 | spin_lock_init(&cp->lock); |
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index cb3e031335eb..8dddb17a947a 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c | |||
| @@ -278,7 +278,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, | |||
| 278 | */ | 278 | */ |
| 279 | if (svc->fwmark) { | 279 | if (svc->fwmark) { |
| 280 | union nf_inet_addr fwmark = { | 280 | union nf_inet_addr fwmark = { |
| 281 | .all = { 0, 0, 0, htonl(svc->fwmark) } | 281 | .ip = htonl(svc->fwmark) |
| 282 | }; | 282 | }; |
| 283 | 283 | ||
| 284 | ct = ip_vs_ct_in_get(svc->af, IPPROTO_IP, &snet, 0, | 284 | ct = ip_vs_ct_in_get(svc->af, IPPROTO_IP, &snet, 0, |
| @@ -306,7 +306,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, | |||
| 306 | */ | 306 | */ |
| 307 | if (svc->fwmark) { | 307 | if (svc->fwmark) { |
| 308 | union nf_inet_addr fwmark = { | 308 | union nf_inet_addr fwmark = { |
| 309 | .all = { 0, 0, 0, htonl(svc->fwmark) } | 309 | .ip = htonl(svc->fwmark) |
| 310 | }; | 310 | }; |
| 311 | 311 | ||
| 312 | ct = ip_vs_conn_new(svc->af, IPPROTO_IP, | 312 | ct = ip_vs_conn_new(svc->af, IPPROTO_IP, |