Re: [bug] FWMARKs and persistence in IPVS: The Use of Unions

To: Simon Horman <horms@xxxxxxxxxxxx>
Subject: Re: [bug] FWMARKs and persistence in IPVS: The Use of Unions
Cc: netfilter-devel <netfilter-devel@xxxxxxxxxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx, Fabien Duchêne <fabien.duchene@xxxxxxxxxxxxxxxxxxxx>, Joseph Mack NA3T <jmack@xxxxxxxx>, Julius Volz <julius.volz@xxxxxxxxx>
From: Jan Engelhardt <jengelh@xxxxxxxxxx>
Date: Tue, 28 Apr 2009 14:27:34 +0200 (CEST)
On Tuesday 2009-04-28 12:59, Simon Horman wrote:
>>>union nf_inet_addr fwmark = {
>>>     .all = { 0, 0, 0, htonl(svc->fwmark) }
>[said something about cp->af...]

It does not make sense to use AF_INE with some address as unreal
as {0,0,0,fwmark}, just BTW.

>> > If you use ->all, then using NFPROTO_UNSPEC as af
>> > seems to me like a good match.
>I am guessing that AF_UNSPEC is more appropriate than NFPROTO_UNSPEC.
>Please correct me if I am wrong.

Whatever. You could even use AF_INET6 to mean "take the ipv4 part
of nf_inet_addr", and AF_INET to "take the ipv6 part". The mapping
is on you, so to speak.
Since you are dealing with an *nf*_inet_addr, using *NF*PROTO_ seemed
the closest thing.

>The following patch expresses these ideas as they crrently stand.
>Fabien, is it possible for you to test this?
>Index: net-next-2.6/net/netfilter/ipvs/ip_vs_conn.c
>--- net-next-2.6.orig/net/netfilter/ipvs/ip_vs_conn.c  2009-04-28 
>20:37:48.000000000 +1000
>+++ net-next-2.6/net/netfilter/ipvs/ip_vs_conn.c       2009-04-28 
>20:37:51.000000000 +1000
>@@ -260,7 +260,10 @@ struct ip_vs_conn *ip_vs_ct_in_get
>       list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
>               if (cp->af == af &&
>                   ip_vs_addr_equal(af, s_addr, &cp->caddr) &&
>-                  ip_vs_addr_equal(af, d_addr, &cp->vaddr) &&
>+                  /* protocol should only be IPPROTO_IP if
>+                   * d_addr is a fwmark */
>+                  ip_vs_addr_equal(protocol == IPPROTO_IP ? AF_UNSPEC : af,
>+                                   d_addr, &cp->vaddr) &&

What about IPPROTO_IPV6?
