linux/net/netfilter
Simon Horman be8be9eccb ipvs: Fix IPv4 FWMARK virtual services
This fixes the use of fwmarks to denote IPv4 virtual services
which was unfortunately broken as a result of the integration
of IPv6 support into IPVS, which was included in 2.6.28.

The problem arises because fwmarks are stored in the 4th octet
of a union nf_inet_addr .all, however in the case of IPv4 only
the first octet, corresponding to .ip, is assigned and compared.

In other words, using .all = { 0, 0, 0, htonl(svc->fwmark) always
results in a value of 0 (32bits) being stored for IPv4. This means
that one fwmark can be used, as it ends up being mapped to 0, but things
break down when multiple fwmarks are used, as they all end up being mapped
to 0.

As fwmarks are 32bits a reasonable fix seems to be to just store the fwmark
in .ip, and comparing and storing .ip when fwmarks are used.

This patch makes the assumption that in calls to ip_vs_ct_in_get()
and ip_vs_sched_persist() if the proto parameter is IPPROTO_IP then
we are dealing with an fwmark. I believe this is valid as ip_vs_in()
does fairly strict filtering on the protocol and IPPROTO_IP should
not be used in these calls unless explicitly passed when making
these calls for fwmarks in ip_vs_sched_persist().

Tested-by: Fabien Duchêne <fabien.duchene@student.uclouvain.be>
Cc: Joseph Mack NA3T <jmack@wm7d.net>
Cc: Julius Volz <julius.volz@gmail.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-05-08 14:54:47 -07:00
..
ipvs ipvs: Fix IPv4 FWMARK virtual services 2009-05-08 14:54:47 -07:00
core.c
Kconfig xt_socket: checks for the state of nf_conntrack 2009-05-01 15:23:10 -07:00
Makefile netfilter: xtables: add cluster match 2009-03-16 17:10:36 +01:00
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_core.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-03-26 22:45:23 -07:00
nf_conntrack_ecache.c
nf_conntrack_expect.c netfilter: ctnetlink: fix regression in expectation handling 2009-04-06 17:47:20 +02:00
nf_conntrack_extend.c
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: nf_conntrack: fix crash when unloading helpers 2009-04-15 12:45:08 +02:00
nf_conntrack_irc.c netfilter: fix endian bug in conntrack printks 2009-03-28 23:55:57 -07:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6 2009-05-05 12:00:53 -07:00
nf_conntrack_pptp.c Merge branch 'master' of /home/davem/src/GIT/linux-2.6/ 2009-03-26 15:23:24 -07:00
nf_conntrack_proto_dccp.c netfilter: nf_ct_dccp: add missing role attributes for DCCP 2009-04-24 16:58:41 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: nf_conntrack: calculate per-protocol nlattr size 2009-03-25 21:53:39 +01:00
nf_conntrack_proto_sctp.c netfilter: nf_conntrack: calculate per-protocol nlattr size 2009-03-25 21:53:39 +01:00
nf_conntrack_proto_tcp.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-03-26 22:45:23 -07:00
nf_conntrack_proto_udp.c netfilter: nf_conntrack: calculate per-protocol nlattr size 2009-03-25 21:53:39 +01:00
nf_conntrack_proto_udplite.c netfilter: nf_ct_dccp/udplite: fix protocol registration error 2009-04-24 15:37:44 +02:00
nf_conntrack_proto.c netfilter: ctnetlink: add callbacks to the per-proto nlattrs 2009-03-25 18:24:48 +01:00
nf_conntrack_sane.c
nf_conntrack_sip.c
nf_conntrack_standalone.c netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu() 2009-03-25 21:05:46 +01:00
nf_conntrack_tftp.c
nf_internals.h
nf_log.c netfilter: nf_log regression fix 2009-04-15 12:16:19 +02:00
nf_queue.c
nf_sockopt.c
nf_tproxy_core.c
nfnetlink_log.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-03-24 13:24:36 -07:00
nfnetlink_queue.c
nfnetlink.c netfilter: nfnetlink: return ENOMEM if we fail to create netlink socket 2009-04-17 17:48:44 +02:00
x_tables.c netfilter: revised locking for x_tables 2009-04-28 22:36:33 -07:00
xt_CLASSIFY.c
xt_cluster.c netfilter: xt_cluster: fix use of cluster match with 32 nodes 2009-05-05 17:46:07 +02:00
xt_comment.c
xt_connbytes.c
xt_connlimit.c netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu() 2009-03-25 21:05:46 +01:00
xt_connmark.c
xt_CONNMARK.c
xt_CONNSECMARK.c
xt_conntrack.c
xt_dccp.c
xt_dscp.c
xt_DSCP.c
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit fix 2009-02-24 15:30:29 +01:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_iprange.c
xt_LED.c
xt_length.c
xt_limit.c netfilter: xtables: avoid pointer to self 2009-03-16 15:35:29 +01:00
xt_mac.c
xt_mark.c
xt_MARK.c
xt_multiport.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_NOTRACK.c
xt_owner.c
xt_physdev.c netfilter: factorize ifname_compare() 2009-03-25 17:31:52 +01:00
xt_pkttype.c
xt_policy.c
xt_quota.c netfilter: xtables: avoid pointer to self 2009-03-16 15:35:29 +01:00
xt_rateest.c
xt_RATEEST.c
xt_realm.c
xt_recent.c netfilter: xt_recent: fix stack overread in compat code 2009-04-24 17:05:21 +02:00
xt_sctp.c
xt_SECMARK.c
xt_socket.c
xt_state.c
xt_statistic.c netfilter: xtables: avoid pointer to self 2009-03-16 15:35:29 +01:00
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_time.c
xt_TPROXY.c
xt_TRACE.c
xt_u32.c