IPVS: Fallback if persistence engine fails
Fall back to normal persistence handling if the persistence engine fails to recognise a packet. This way, at least the packet will go somewhere. It is envisaged that iptables could be used to block packets such if this is not desired although nf_conntrack_sip would likely need to be enhanced first. Signed-off-by: Simon Horman <horms@verge.net.au> Acked-by: Julian Anastasov <ja@ssi.bg>
This commit is contained in:
Simon Horman
Родитель
0d1e71b04a
Коммит
f71499aa11
|
|
@ -154,7 +154,7 @@ static unsigned int ip_vs_conn_hashkey_param(const struct ip_vs_conn_param *p,
|
|||
const union nf_inet_addr *addr;
|
||||
__be16 port;
|
||||
|
||||
if (p->pe && p->pe->hashkey_raw)
|
||||
if (p->pe_data && p->pe->hashkey_raw)
|
||||
return p->pe->hashkey_raw(p, ip_vs_conn_rnd, inverse) &
|
||||
ip_vs_conn_tab_mask;
|
||||
|
||||
|
|
@ -353,7 +353,7 @@ struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p)
|
|||
ct_read_lock(hash);
|
||||
|
||||
list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
|
||||
if (p->pe && p->pe->ct_match) {
|
||||
if (p->pe_data && p->pe->ct_match) {
|
||||
if (p->pe->ct_match(p, cp))
|
||||
goto out;
|
||||
continue;
|
||||
|
|
@ -956,7 +956,7 @@ static int ip_vs_conn_seq_show(struct seq_file *seq, void *v)
|
|||
char pe_data[IP_VS_PENAME_MAXLEN + IP_VS_PEDATA_MAXLEN + 3];
|
||||
size_t len = 0;
|
||||
|
||||
if (cp->dest && cp->dest->svc->pe &&
|
||||
if (cp->dest && cp->pe_data &&
|
||||
cp->dest->svc->pe->show_pe_data) {
|
||||
pe_data[0] = ' ';
|
||||
len = strlen(cp->dest->svc->pe->name);
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ ip_vs_set_state(struct ip_vs_conn *cp, int direction,
|
|||
return pp->state_transition(cp, direction, skb, pp);
|
||||
}
|
||||
|
||||
static inline int
|
||||
static inline void
|
||||
ip_vs_conn_fill_param_persist(const struct ip_vs_service *svc,
|
||||
struct sk_buff *skb, int protocol,
|
||||
const union nf_inet_addr *caddr, __be16 cport,
|
||||
|
|
@ -186,8 +186,7 @@ ip_vs_conn_fill_param_persist(const struct ip_vs_service *svc,
|
|||
ip_vs_conn_fill_param(svc->af, protocol, caddr, cport, vaddr, vport, p);
|
||||
p->pe = svc->pe;
|
||||
if (p->pe && p->pe->fill_param)
|
||||
return p->pe->fill_param(p, skb);
|
||||
return 0;
|
||||
p->pe->fill_param(p, skb);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -268,9 +267,8 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
|
|||
vaddr = &fwmark;
|
||||
}
|
||||
}
|
||||
if (ip_vs_conn_fill_param_persist(svc, skb, protocol, &snet, 0,
|
||||
vaddr, vport, ¶m))
|
||||
return NULL;
|
||||
ip_vs_conn_fill_param_persist(svc, skb, protocol, &snet, 0,
|
||||
vaddr, vport, ¶m);
|
||||
}
|
||||
|
||||
/* Check if a template already exists */
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче