|
Hello
On Tue, 2013-05-07 at 23:54 +0200, Grzegorz Lyczba wrote:
> Expire cached connection for new TCP connection if real server is down
This patch will break some "common" use cases,
on the other hand it also solves some issues...
I would prefer to have a sysctl to turn it on.
Should we have something similar for sctp?
Regards
Hans
> Signed-off-by: Grzegorz Lyczba <grzegorz.lyczba@xxxxxxxxx>
> ---
> net/netfilter/ipvs/ip_vs_core.c | 20 ++++++++++++++++++++
> 1 files changed, 20 insertions(+), 0 deletions(-)
>
> diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
> index 47edf5a..7c5f083 100644
> --- a/net/netfilter/ipvs/ip_vs_core.c
> +++ b/net/netfilter/ipvs/ip_vs_core.c
> @@ -1002,6 +1002,17 @@ static inline int is_tcp_reset(const struct sk_buff
> *skb, int nh_len)
> return th->rst;
> }
>
> +static inline int is_tcp_syn(const struct sk_buff *skb, int nh_len)
> +{
> + struct tcphdr _tcph, *th;
> +
> + th = skb_header_pointer(skb, nh_len, sizeof(_tcph), &_tcph);
> + if (th == NULL)
> + return 0;
> + return th->syn;
> +}
> +
> +
> /* Handle response packets: rewrite addresses and send away...
> */
> static unsigned int
> @@ -1627,6 +1638,15 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
> int af)
> * Check if the packet belongs to an existing connection entry
> */
> cp = pp->conn_in_get(af, skb, &iph, 0);
> +
> + if (likely(cp) && likely(cp->dest) &&
> + unlikely(!atomic_read(&cp->dest->weight)) &&
> + iph.protocol == IPPROTO_TCP && is_tcp_syn(skb, iph.len)) {
> + ip_vs_conn_expire_now(cp);
> + __ip_vs_conn_put(cp);
> + cp = NULL;
> + }
> +
> if (unlikely(!cp) && !iph.fragoffs) {
> /* No (second) fragments need to enter here, as nf_defrag_ipv6
> * replayed fragment zero will already have created the cp
smime.p7s
Description: S/MIME cryptographic signature
|
