|
Hello,
Horms wrote:
> The route commands are needed because ipvs is called after routing takes
> place. I think that in the case of fwmarks it would be best to move the
> code to the prerouting stage to avoid the need for this. I.e. hook
> ip_vs_in into NF_IP_PRE_ROUTING instead of NF_IP_LOCAL_IN.
Yes, such move can allow IPVS not to require local
delivery. There will be some issues with properly identifying
the direction of the packets but it is possible to implement. The
problem is that we are stuck with the netfilter hooks. If we move out of
the hooks or if we add some changes to the kernel we can do
everything including proper routing for inout packets (working
with multiple ISPs), avoiding the LOCAL_IN->LOCAL_OUT problems
that start to appear with 2.6, etc. May be we will need ROUTING
hook. IIRC, fwmark is present in PRE_ROUTING but such move can
create some compatibility problems, are all we ready for this?
Regards
--
Julian Anastasov <ja@xxxxxx>
|
