[PATCH] Invalidate expired persistance templates

[Horms <horms@xxxxxxxxxxxx>]

Hi,

I notices that if persistance timeout is less than 2 min 
(the FIN_WAIT timeout) then it will expire before its
controlled connections. This causes ip_vs_conn_expire to
set the template's timeout to 2min. Which caues somewhat unexpected
results if the persistance timeout, like say 10s.

The patch below is a completely untested first cut at fix,
it tries to resolve the problem by invalidating expired
templates. So while they will stick around in the table for
a bit longer, they won't take effect any more.

It does this the samw way that ip_vs_check_template() does,
and that code has been broken out for ease of reading.

The patch is against 2.4 git (2.4.32-rc2), but it looks
like the same fix will work for 2.6.

-- 
Horms


diff --git a/net/ipv4/ipvs/ip_vs_conn.c b/net/ipv4/ipvs/ip_vs_conn.c
index 015c819..9845698 100644
--- a/net/ipv4/ipvs/ip_vs_conn.c
+++ b/net/ipv4/ipvs/ip_vs_conn.c
@@ -1152,6 +1152,28 @@ static inline void ip_vs_unbind_dest(str
 }
 
 
+static inline void
+ip_vs_invalidate_template(struct ip_vs_conn *ct)
+{
+       ct->dport = 65535;
+       ct->vport = 65535;
+       ct->cport = 0;
+}
+
+
+static inline void
+ip_vs_invalidate_hashed_template(struct ip_vs_conn *ct)
+{
+       if (ct->vport == 65535)
+               return;
+
+       if (ip_vs_conn_unhash(ct)) {
+               ip_vs_invalidate_template(ct);
+               ip_vs_conn_hash(ct);
+       }
+}
+
+
 /*
  *  Checking if the destination of a connection template is available.
  *  If available, return 1, otherwise invalidate this connection
@@ -1176,17 +1198,7 @@ int ip_vs_check_template(struct ip_vs_co
                          NIPQUAD(ct->vaddr), ntohs(ct->vport),
                          NIPQUAD(ct->daddr), ntohs(ct->dport));
 
-               /*
-                * Invalidate the connection template
-                */
-               if (ct->vport != 65535) {
-                       if (ip_vs_conn_unhash(ct)) {
-                               ct->dport = 65535;
-                               ct->vport = 65535;
-                               ct->cport = 0;
-                               ip_vs_conn_hash(ct);
-                       }
-               }
+               ip_vs_invalidate_hashed_template(ct);
 
                /*
                 * Simply decrease the refcnt of the template,
@@ -1234,8 +1246,10 @@ static void ip_vs_conn_expire(unsigned l
        /*
         *      do I control anybody?
         */
-       if (atomic_read(&cp->n_control))
+       if (atomic_read(&cp->n_control)) {
+               ip_vs_invalidate_template(cp);
                goto expire_later;
+       }
 
        /*
         *      unhash it if it is hashed in the conn table