Hello,
On Thu, 10 Sep 2015, Alex Gartrell wrote:
> diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
> index 99be680..984cf49 100644
> --- a/net/netfilter/ipvs/ip_vs_core.c
> +++ b/net/netfilter/ipvs/ip_vs_core.c
> @@ -1760,8 +1760,16 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
> int af)
>
> /* Protocol supported? */
> pd = ip_vs_proto_data_get(net, iph.protocol);
> - if (unlikely(!pd))
> + if (unlikely(!pd)) {
> + /* The only way we'll see this packet again is if it's
> + * encapsulated, so mark it with ipvs_property=1 so we
> + * skip it if we're ignoring tunneled packets
> + */
> + if (sysctl_ignore_tunneled(net_ipvs(net)))
We can use "ipvs" here. I remember people used
matching by src MAC to solve such problem for DR. For TUN
fwmark or match by input device can work too. In all cases,
a fwmark-based service is needed...
> + skb->ipvs_property = 1;
> +
> return NF_ACCEPT;
> + }
Regards
--
Julian Anastasov <ja@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|