|
Hello,
On Tue, 20 Dec 2005, John Line wrote:
> My conclusion was that only one extra command was needed:
>
> $IPTABLES -A PREROUTING -j TOS -m state --state NEW,ESTABLISHED,RELATED \
> -t mangle -p tcp --dport 80 --set-tos Maximize-Throughput
>
> With the original (FW_ROUTE="no") setting and that command added, WPAD now
> worked. I tried other --set-tos values (to check if it simply needed to be
> different from the default, zero case), but only that specific value
> worked.
It works may be because it does not change the TOS field
in packet. net/ipv4/netfilter/iptable_mangle.c:ipt_local_hook() has
checks before calling ip_route_me_harder(), tos is one of them.
ip_route_output_key() needs always local source IP. There was idea
to move this check to all callers but so far nobody proceeded with
such change. For now all callers must provide local source IP and
to avoid such rerouting we should avoid changing fields for packets
to real server.
> Although WPAD is now working using the new LVS directors, I am worried
> that a future kernel upgrade or other change may break WPAD and/or the web
> cache. If anyone can explain why adding that TOS setting fixed (or worked
> around) the problem - or indeed, if the underlying problem can now be
> identified - I would be very grateful!
Regards
--
Julian Anastasov <ja@xxxxxx>
|
