On Tue, Aug 26, 2003 at 09:45:22AM -0400, Joseph Mack wrote:
> Horms wrote:
>
> > > there;'s a solutions that apparently came originally from Julian
> > >
> > > http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106020019020431&w=2
> >
> > That is pretty straight forward and basically the way fwmarks
> > work if you are using them for more than one IP address, which
> > was the reason they were origionally added to the LVS code.
> ^^^^
> "they" == fwmarks?
Yes
> > The route commands are needed because ipvs is called after routing takes
> > place. I think that in the case of fwmarks it would be best to move the
> > code to the prerouting stage to avoid the need for this. I.e. hook
> > ip_vs_in into NF_IP_PRE_ROUTING instead of NF_IP_LOCAL_IN.
>
> what will this get us? We won't need the route command?
Yes, it will remove the requirement for traffic to be local.
> Are you going to do it, or are you just thinking out loud?
I made the change - it is one line - and very briefly tested it.
It seemed to work quite well. But it is a change that will most
likely have side effects so it warrants further thought
and investigation. And besides it is up to Wensong to decide
if the change would go in the main tree or not.
> > > http://marc.theaimsgroup.com/?l=linux-virtual-server&m=106020171022117&w=2
> > > (this is the one I don't understand, why are the packets being accepted
> > > locally?)
> >
> > The packets are delivered locally because of the "local" in
> >
> > ip route add local 0/0 dev lo table 100
> >
> > Again, this isn't really the way it was supposed to work AFAIR.
>
> if/since this works, why do we need transparent proxy (if we ever did)?
Did we need it for fwmarks? If we did then the current behaviour
is the same as it has always been.
> Can I put this in the HOWTO as a generalised way of accepting packets
> on the director when using fwmark with LVS.
I was wondering that on the way home last night. I would suspect so.
It has the potential to cover a lot of issues in a manner
that is supported by stock kernels. That would be nice.
But then again those issues may disappear if LVS was moved
to prerouting.
--
Horms
|