Re: FWmark & Masq destination port.

To:	Clint Byrum <cbyrum@xxxxxxx>
Subject:	Re: FWmark & Masq destination port.
Cc:	Lvs-Users <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
From:	Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>
Date:	Sun, 21 May 2000 07:06:52 +0300 (EEST)

        Hello,

On Sat, 20 May 2000, Clint Byrum wrote:

> I've just been messing with 0.9.12(kernel 2.2.15), and the new FWmark
> virtual service mode.
> It works great, but I'd like to know of a way to have the destination port
> remain unchanged.
> What I mean is this.
> 
> Virtualhost needs to serve several ports. The load balancer marks all
> packets to it with
> fwmark 1. There are then two real servers that do the actual serving.
> 
> 
> ipchains -A input -d virtualhost -m 1
> ipvsadm -A -f 1 -s rr
> ipvsadm -a -f 1 -r real1 -m
> ipvsadm -a -f 1 -r real2 -m
> 
> Unfortunately, this causes packets to be delievered to the real servers with
> destination
> ports of 0. It would seem more logical to leave the destination port
> unchanged, if it is
> not specified.
> 
> in ipvsadm.c I see where it says:
> 
>                         parse = parse_service(optarg,
>                                               mc.u.vs_user.protocol,
>                                               &mc.u.vs_user.daddr,
>                                               &mc.u.vs_user.dport);
>                         if (!(parse&SERVICE_ADDR))
>                                 fail(2, "illegal real server "
>                                              "address[:port] specified");
>                                 /* copy vport to dport if none specified */
>                         if (parse == 1)
>                                 mc.u.vs_user.dport = mc.u.vs_user.vport;
> 
> So we have told the kernel ip masq code that the destination port should be
> 0. With fwmark  mc.u.vs_user.vport would, of course, be 0, as we don't know

        Right.

> it until we actually receive the code. After looking through ip_masq.c, I
> think we just need to set the IP_MASQ_F_NO_DPORT flag.

        No, dport=0 is not allowed for VS/NAT. NO_DPORT marks
the client's port as unknown until the next packet. These masq flags
don't play here. We only need real dport when using VS/NAT.

> this code is in ip_masq.c, function ip_fw_demasquerade():
> 
> if ( ms->flags & IP_MASQ_F_NO_DPORT ) { /*  && ms->protocol == IPPROTO_TCP )
> { */
> 
>                  write_lock(&__ip_masq_lock);
> 
>                         ip_masq_unhash(ms);
>                         ms->flags &= ~IP_MASQ_F_NO_DPORT;
>                         ms->dport = h.portp[0];
>                         ip_masq_hash(ms);       /* hash on new dport */
> 
>                         write_unlock(&__ip_masq_lock);
> 
>                         IP_MASQ_DEBUG(1, "ip_fw_demasquerade(): filled
> dport=%d\n",
>                                ntohs(ms->dport));
>                  }
> 
> Unfortunately, I'm not familiar with the patch procedure(I'm learning..)...
> but I think this
> could be changed in ipvsadm.c

        Right. Thanks. Until then dport!=0 must be used
when defining VS/NAT destination for fwmark service.


Regards

--
Julian Anastasov <uli@xxxxxxxxxxxxxxxxxxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
FWmark & Masq destination port., Clint Byrum Re: FWmark & Masq destination port., Horms RE: FWmark & Masq destination port., Clint Byrum Re: FWmark & Masq destination port., Julian Anastasov Re: FWmark & Masq destination port., Horms Re: FWmark & Masq destination port., Julian Anastasov Node limit?, Keith Barrett Re: Node limit?, Horms Re: Node limit?, Joseph Mack Re: Node limit?, Wensong Zhang Re: FWmark & Masq destination port., Julian Anastasov <=

Previous by Date:	Re: FWmark & Masq destination port., Horms
Next by Date:	Re: FWmark & Masq destination port., Julian Anastasov
Previous by Thread:	Re: Node limit?, Wensong Zhang
Next by Thread:	how to make 32M ramdisk, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]