Thread (42 messages) 42 messages, 5 authors, 2013-04-02

Re: [PATCH 06/34] ipvs: no need to reroute anymore on DNAT over loopback

From: Julian Anastasov <ja@ssi.bg>
Date: 2013-03-29 21:47:01
Also in: lvs-devel, netfilter-devel 

	Hello,

On Fri, 29 Mar 2013, Sergei Shtylyov wrote:

On 29-03-2013 8:11, Simon Horman wrote:
quoted
From: Julian Anastasov <ja@ssi.bg>
quoted
After commit 70e7341673 (ipv4: Show that ip_send_reply()
is purely unicast routine.) we do not need to reroute DNAT-ed
traffic over loopback because reply uses iph daddr and not
rt_spec_dst.
quoted
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off by: Hans Schillstrom [off-list ref]
Signed-off-by: Simon Horman <horms@verge.net.au>
---
  net/netfilter/ipvs/ip_vs_xmit.c |   58
++-------------------------------------
  1 file changed, 2 insertions(+), 56 deletions(-)
quoted
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c
b/net/netfilter/ipvs/ip_vs_xmit.c
index 6448a2e..c942d36 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
[...]
quoted
@@ -635,16 +597,8 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn
*cp,
  		/* drop old route */
  		skb_dst_drop(skb);
  		skb_dst_set(skb, &rt->dst);
-	} else {
+	} else
   {} should be kept after *else*, according to Documentation/CodingStyle,
chapter 3.
	Sigh. I missed this rule from Nov 2011.
It seems checkpatch.pl can not stop such crimes to occur :)

quoted
  		ip_rt_put(rt);
-		/*
-		 * Some IPv4 replies get local address from routes,
-		 * not from iph, so while we DNAT after routing
-		 * we need this second input/output route.
-		 */
-		if (!__ip_vs_reroute_locally(skb))
-			goto tx_error;
-	}

  	IP_VS_DBG_PKT(10, AF_INET, pp, skb, 0, "After DNAT");

@@ -1269,16 +1223,8 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct
ip_vs_conn *cp,
  		/* drop the old route when skb is not shared */
  		skb_dst_drop(skb);
  		skb_dst_set(skb, &rt->dst);
-	} else {
+	} else
   Same here.

quoted
  		ip_rt_put(rt);
-		/*
-		 * Some IPv4 replies get local address from routes,
-		 * not from iph, so while we DNAT after routing
-		 * we need this second input/output route.
-		 */
-		if (!__ip_vs_reroute_locally(skb))
-			goto tx_error;
-	}

  	/* Another hack: avoid icmp_send in ip_fragment */
  	skb->local_df = 1;
Regards

--
Julian Anastasov [off-list ref]
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help