|
Hello,
On Sat, 28 Nov 2009, Simon Horman wrote:
> On Fri, Nov 27, 2009 at 11:54:41PM +1100, Simon Horman wrote:
> > On Tue, Nov 17, 2009 at 08:33:52PM +0200, Deon van der Merwe wrote:
> > > Hi,
> > >
> > > Been using this setup on at least 4 different installations without this
> > > issue... we have multiple virtual services and use iptables MARK to tag
> > > the packets for each virtual service.
> > >
> > > My problem is that when I enable/configure persistence on IPVS the
> > > client gets "connection refused". The same config *without* persistence
> > > works fine.
> >
> > Hi Deon,
> >
> > that looks very odd. I've been able to reproduce the problem here
> > with 2.6.30. But its getting a bit late in the day for me to debug it.
> > I'll try and get a chance to do so shortly if no one else gets
> > there first.
Hm, your change in 2.6.30 should fix this problem:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=be8be9eccbf2d908a7e56b3f7a71105cd88da06b
looking at
kernel: IPVS: template lookup/in IP 160.124.109.65:0->0.0.0.0:0 not hit
daddr=0.0.0.0 shows that fwmark is not provided at the
right place, so the user just needs to upgrade or to apply
the patch from May, 2009:
http://marc.info/?t=124050022700001&r=1&w=2
> Hi Deon,
>
> could you try the following patch?
>
> ----------------------------------------------------------------------
>
> ipvs: fwmark services don't have ports
>
> Make sure that the port for fwmark services is always zero, it seems that
> in some cases ipvsadm provides bogus port values for fwmark services. As
> observed by Deon van der Merwe, this manifests as a clients not being able
> to connect to the virtual service if persistence is set.
>
> Cc: Deon van der Merwe <dvdm@xxxxxxxxxxxx>
> Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
>
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index e01061f..9a4ccd4 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -1188,8 +1188,9 @@ ip_vs_add_service(struct ip_vs_service_user_kern *u,
> svc->af = u->af;
> svc->protocol = u->protocol;
> ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
> - svc->port = u->port;
> svc->fwmark = u->fwmark;
> + if (!svc->fwmark)
> + svc->port = u->port;
> svc->flags = u->flags;
> svc->timeout = u->timeout * HZ;
> svc->netmask = u->netmask;
Regards
--
Julian Anastasov <ja@xxxxxx>
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users
|
