LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[PATCH 1/2] ipvsadm: restrict different address family

To: Jesper Dangaard Brouer <brouer@xxxxxxxxxx>
Subject: [PATCH 1/2] ipvsadm: restrict different address family
Cc: Simon Horman <horms@xxxxxxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx, lvs-users@xxxxxxxxxxxxxxxxxxxxxx, Alex Gartrell <agartrell@xxxxxx>, kernel-team@xxxxxx
From: Julian Anastasov <ja@xxxxxx>
Date: Sat, 30 Aug 2014 14:35:48 +0300
Now real server can have different address family only
for tunneling. For other modes it must match the service.

Signed-off-by: Julian Anastasov <ja@xxxxxx>
---
 ipvsadm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipvsadm.c b/ipvsadm.c
index d12070e..3000117 100644
--- a/ipvsadm.c
+++ b/ipvsadm.c
@@ -788,6 +788,12 @@ static int process_options(int argc, char **argv, int 
reading_stdin)
                    (ce.dest.conn_flags == IP_VS_CONN_F_TUNNEL
                     || ce.dest.conn_flags == IP_VS_CONN_F_DROUTE))
                        ce.dest.port = ce.svc.port;
+
+               /* Tunneling allows different address family */
+               if (ce.dest.af != ce.svc.af &&
+                   ce.dest.conn_flags != IP_VS_CONN_F_TUNNEL)
+                       fail(2, "Different address family is allowed only "
+                            "for tunneling servers");
        }
 
        switch (ce.cmd) {
-- 
1.9.0

--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread] Current Thread [Next in Thread>