linux/net
Julian Anastasov 0c12582fbc ipvs: add backup_only flag to avoid loops
Dmitry Akindinov is reporting for a problem where SYNs are looping
between the master and backup server when the backup server is used as
real server in DR mode and has IPVS rules to function as director.

Even when the backup function is enabled we continue to forward
traffic and schedule new connections when the current master is using
the backup server as real server. While this is not a problem for NAT,
for DR and TUN method the backup server can not determine if a request
comes from client or from director.

To avoid such loops add new sysctl flag backup_only. It can be needed
for DR/TUN setups that do not need backup and director function at the
same time. When the backup function is enabled we stop any forwarding
and pass the traffic to the local stack (real server mode). The flag
disables the director function when the backup function is enabled.

For setups that enable backup function for some virtual services and
director function for other virtual services there should be another
more complex solution to support DR/TUN mode, may be to assign
per-virtual service syncid value, so that we can differentiate the
requests.

Reported-by: Dmitry Akindinov <dimak@stalker.com>
Tested-by: German Myzovsky <lawyer@sipnet.ru>
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
2013-03-19 21:21:51 +09:00
..
9p Revert parts of "hlist: drop the node parameter from iterators" 2013-03-08 15:05:34 -08:00
802
8021q net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
appletalk hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
atm hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ax25 hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
batman-adv batman-adv: verify tt len does not exceed packet len 2013-03-11 22:59:47 +01:00
bluetooth hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
bridge bridge: reserve space for IFLA_BRPORT_FAST_LEAVE 2013-03-12 05:38:29 -04:00
caif CAIF: fix sparse warning for caif_usb 2013-03-04 14:12:07 -05:00
can hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-02-28 17:43:09 -08:00
core net/core: move vlan_depth out of while loop in skb_network_protocol() 2013-03-12 11:47:40 -04:00
dcb dcbnl: fix various netlink info leaks 2013-03-10 05:19:26 -04:00
dccp Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
decnet hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
dns_resolver
dsa
ethernet
ieee802154 6lowpan: Fix endianness issue in is_addr_link_local(). 2013-03-10 16:49:35 -04:00
ipv4 tcp: fix skb_availroom() 2013-03-14 11:49:45 -04:00
ipv6 netfilter: ip6t_NPT: restrict to mangle table 2013-03-15 12:58:21 +01:00
ipx hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
irda net/irda: Raise dtr in non-blocking open 2013-03-06 02:47:05 -05:00
iucv hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
key afkey: fix a typo 2013-03-07 16:26:45 -05:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-03-05 18:42:29 -08:00
lapb
llc hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
mac80211 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-03-06 10:21:17 -05:00
mac802154 Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
netfilter ipvs: add backup_only flag to avoid loops 2013-03-19 21:21:51 +09:00
netlabel netlabel: fix build problems when CONFIG_IPV6=n 2013-03-08 11:33:51 -05:00
netlink hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
netrom hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
nfc hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
openvswitch hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
packet hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
phonet hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
rds net/rds: zero last byte for strncpy 2013-03-08 00:35:44 -05:00
rfkill
rose hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
rxrpc Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
sched pkt_sched: sch_qfq: remove a useless invocation of qfq_update_eligible 2013-03-06 02:47:05 -05:00
sctp sctp: don't break the loop while meeting the active_path so as to find the matched transport 2013-03-13 10:09:55 -04:00
sunrpc fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
tipc hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
unix hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
vmw_vsock VSOCK: Don't reject PF_VSOCK protocol 2013-02-18 15:02:51 -05:00
wimax
wireless Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-03-06 10:21:17 -05:00
x25 hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
xfrm hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
compat.c
Kconfig Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
Makefile
nonet.c
socket.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-02-26 20:16:07 -08:00
sysctl_net.c