|
Hello,
On Tue, 11 May 2004, Joshua Goodall wrote:
> I hadn't read it. I read it and wasn't convinced, so I tried this patch
> (2.4.26):
Hm, then I assume you really tried it.
> diff -u -p -r1.1.1.1 ip_vs_core.c
> --- ip_vs_core.c 19 Apr 2004 04:54:41 -0000 1.1.1.1
> +++ ip_vs_core.c 11 May 2004 13:03:34 -0000
> @@ -1036,7 +1036,7 @@ static unsigned int ip_vs_in(unsigned in
> * Big tappo: only PACKET_HOST (nor loopback neither mcasts)
> * ... don't know why 1st test DOES NOT include 2nd (?)
> */
> - if (skb->pkt_type != PACKET_HOST || skb->dev == &loopback_dev) {
> + if (skb->pkt_type != PACKET_HOST) {
> IP_VS_DBG(12, "packet type=%d proto=%d daddr=%d.%d.%d.%d
> ignored\n",
> skb->pkt_type,
> iph->protocol,
So, now you can send packets in form DIP->VIP to real
servers (DR method)? I'm wondering how your patched director accepts
packets from real server in the form VIP->DIP. Linux has source
address validation and you can not disable it for packets with
saddr=local_ip
> ip rule add prio 100 fwmark 2 table 100
> ip route add local 0/0 dev lo table 100
>
> and now my fwmark-based LVS-DR director does the job for clients and for
> itself. To make LVS-NAT work, we'd also need to be able to choose the
> masqueraded source address, which would be a much longer diff. I
> didn't try LVS-Tun, but that would probably be workable like LVS-DR.
I see that you can remove the limitation when sending
packets but how do you accept the replies? May be you do not have
the VIP configured as IP address?
> Regards
> joshua.
Regards
--
Julian Anastasov <ja@xxxxxx>
|
