|
On Sat, Jun 02, 2018 at 09:52:15PM +0300, Julian Anastasov wrote:
> There is mistake in the rt_mode_allow_non_local assignment.
> It should be used to check if sending to non-local addresses is
> allowed, now it checks if local addresses are allowed.
>
> As local addresses are allowed for most of the cases, the only
> places that are affected are for traffic to transparent cache
> servers:
>
> - bypass connections when cache server is not available
> - related ICMP in FORWARD hook when sent to cache server
>
> Fixes: 4a4739d56b00 ("ipvs: Pull out crosses_local_route_boundary logic")
> Signed-off-by: Julian Anastasov <ja@xxxxxx>
Acked-by: Simon Horman <horms@xxxxxxxxxxxx>
Pablo, if its not too much trouble please take this into nf.
> ---
> net/netfilter/ipvs/ip_vs_xmit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
> index 4527921..8f7fff7 100644
> --- a/net/netfilter/ipvs/ip_vs_xmit.c
> +++ b/net/netfilter/ipvs/ip_vs_xmit.c
> @@ -168,7 +168,7 @@ static inline bool crosses_local_route_boundary(int
> skb_af, struct sk_buff *skb,
> bool new_rt_is_local)
> {
> bool rt_mode_allow_local = !!(rt_mode & IP_VS_RT_MODE_LOCAL);
> - bool rt_mode_allow_non_local = !!(rt_mode & IP_VS_RT_MODE_LOCAL);
> + bool rt_mode_allow_non_local = !!(rt_mode & IP_VS_RT_MODE_NON_LOCAL);
> bool rt_mode_allow_redirect = !!(rt_mode & IP_VS_RT_MODE_RDR);
> bool source_is_loopback;
> bool old_rt_is_local;
> --
> 2.9.5
>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
|
