[patch] ipvs: fwmark services don't have ports

To: lvs-devel@xxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx
Subject: [patch] ipvs: fwmark services don't have ports
Cc: Deon van der Merwe <dvdm@xxxxxxxxxxxx>, Julian Anastasov <ja@xxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Mon, 7 Dec 2009 14:55:05 +1100
Make sure that the port for fwmark services is always zero, it seems that
in some cases ipvsadm provides bogus port values for fwmark services.  As
observed by Deon van der Merwe, this manifests as a clients not being able
to connect to the virtual service if persistence is set.

Tested-by: Deon van der Merwe <dvdm@xxxxxxxxxxxx>
Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>


I believe that this fixes a bug and as such is suitable for -stable.
However, Its taken a few release for anyone to bring this to our attention,
so it doesn't seem to be causing much pain in the wild.

Discussion of this problem:

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index e01061f..9a4ccd4 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1188,8 +1188,9 @@ ip_vs_add_service(struct ip_vs_service_user_kern *u,
        svc->af = u->af;
        svc->protocol = u->protocol;
        ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
-       svc->port = u->port;
        svc->fwmark = u->fwmark;
+       if (!svc->fwmark)
+               svc->port = u->port;
        svc->flags = u->flags;
        svc->timeout = u->timeout * HZ;
        svc->netmask = u->netmask;
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

<Prev in Thread] Current Thread [Next in Thread>