• Julian Anastasov's avatar
    ipvs: fix active FTP · 6523ce15
    Julian Anastasov authored
    - Do not create expectation when forwarding the PORT
      command to avoid blocking the connection. The problem is that
      nf_conntrack_ftp.c:help() tries to create the same expectation later in
      POST_ROUTING and drops the packet with "dropping packet" message after
      failure in nf_ct_expect_related.
    
    - Change ip_vs_update_conntrack to alter the conntrack
      for related connections from real server. If we do not alter the reply in
      this direction the next packet from client sent to vport 20 comes as NEW
      connection. We alter it but may be some collision happens for both
      conntracks and the second conntrack gets destroyed immediately. The
      connection stucks too.
    Signed-off-by: default avatarJulian Anastasov <ja@ssi.bg>
    Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    6523ce15
ip_vs.h 27.9 KB