Re: bug(s) in ipvs-0.2.4

To: Radu-Adrian Feurdean <raf@xxxxxxxx>
Subject: Re: bug(s) in ipvs-0.2.4
Cc: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Thu, 22 Feb 2001 14:55:35 +0200 (EET)

On Thu, 22 Feb 2001, Radu-Adrian Feurdean wrote:

> On Thu, 22 Feb 2001, Julian Anastasov wrote:
> >     Ignoring the fact your patch is broken the (1) is a _REAL_ bug.
> > We must move and insert the SA column before FW. It seems the
> That's exactly what I have changed in the transition tables: inserting sSA
> between sSR and sFW and commenting the previous occurences of sSA (last).
> But, yes, all the patch is a little broken (needs -R to apply).

        Oh, yes. But commenting sSA is not correct. It is valid state
that can be entered while the defense strategy is ON. Sometimes it
switches to OFF while the connection is still in sSA, so this is valid
state. Of course, in your case you never enter sSA :)

> >     For (2) we have to analyze where is really the problem. Personally,
> > I didn't tried the ftp module from long time ago.
> Hint: The client tries to establish the data conection, the director replies
> with RST, the client closes the connection. If we filter outgoing RST it can
> be observed that nothing happens; the packets are silently discarded because
> the director doesn't NAT that connection.

        I'll test it soon. May be the problem is that the data is not
detected in all cases, not sure. May be the problem is in the "227 ..."
text. I remember such fixes to go into netfilter. What "227 ..." string
reports your ftp server for passive mode?

> Radu-Adrian Feurdean
> mailto: raf@xxxxxxxx
> -------------------------------------------------------------------
> "If the night is silent enough you can hear a Windows NT rebooting"


Julian Anastasov <ja@xxxxxx>

<Prev in Thread] Current Thread [Next in Thread>