On Tue, Aug 26, 2003 at 06:04:04PM +0300, Julian Anastasov wrote:
>
> Hello,
>
> Horms wrote:
>
> > The route commands are needed because ipvs is called after routing takes
> > place. I think that in the case of fwmarks it would be best to move the
> > code to the prerouting stage to avoid the need for this. I.e. hook
> > ip_vs_in into NF_IP_PRE_ROUTING instead of NF_IP_LOCAL_IN.
>
> Yes, such move can allow IPVS not to require local
> delivery. There will be some issues with properly identifying
> the direction of the packets but it is possible to implement. The
> problem is that we are stuck with the netfilter hooks. If we move out of
> the hooks or if we add some changes to the kernel we can do
> everything including proper routing for inout packets (working
> with multiple ISPs), avoiding the LOCAL_IN->LOCAL_OUT problems
> that start to appear with 2.6, etc. May be we will need ROUTING
> hook. IIRC, fwmark is present in PRE_ROUTING but such move can
> create some compatibility problems, are all we ready for this?
My main concern would be breaking compatibility - breaking people's
setups won't make friends with anyone.
I am interested to hear what sort of problems you think might occur?
What minor changes to the kernel would you advocate?
It might be easiest to only move handling of fwmark virtual services to
prerouting. But this has the disadvantage that it would produce
slightly different behaviour depending on which you used, and probably
involve code duplication and possible (slight) inefficiencies.
--
Horms
|