Commit 32565644 authored by David S. Miller's avatar David S. Miller

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

The following patchset contains two Netfilter/IPVS fixes for your net
tree, they are:

1) Fix missing alignment in next offset calculation for standard
   targets, introduced in the previous merge window, patch from
   Florian Westphal.

2) Fix to correct the handling of outgoing connections which use the
   SIP-pe such that the binding of a real-server is updated when needed.
   This was an omission from changes introduced by Marco Angaroni in
   the previous merge window too, to allow handling of outgoing
   connections by the SIP-pe. Patch and report came via Simon Horman.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents ce3cf4ec 3ec10d3a
...@@ -1232,7 +1232,7 @@ void ip_vs_conn_expire_now(struct ip_vs_conn *cp); ...@@ -1232,7 +1232,7 @@ void ip_vs_conn_expire_now(struct ip_vs_conn *cp);
const char *ip_vs_state_name(__u16 proto, int state); const char *ip_vs_state_name(__u16 proto, int state);
void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp); void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp);
int ip_vs_check_template(struct ip_vs_conn *ct); int ip_vs_check_template(struct ip_vs_conn *ct, struct ip_vs_dest *cdest);
void ip_vs_random_dropentry(struct netns_ipvs *ipvs); void ip_vs_random_dropentry(struct netns_ipvs *ipvs);
int ip_vs_conn_init(void); int ip_vs_conn_init(void);
void ip_vs_conn_cleanup(void); void ip_vs_conn_cleanup(void);
......
...@@ -762,7 +762,7 @@ static int expire_quiescent_template(struct netns_ipvs *ipvs, ...@@ -762,7 +762,7 @@ static int expire_quiescent_template(struct netns_ipvs *ipvs,
* If available, return 1, otherwise invalidate this connection * If available, return 1, otherwise invalidate this connection
* template and return 0. * template and return 0.
*/ */
int ip_vs_check_template(struct ip_vs_conn *ct) int ip_vs_check_template(struct ip_vs_conn *ct, struct ip_vs_dest *cdest)
{ {
struct ip_vs_dest *dest = ct->dest; struct ip_vs_dest *dest = ct->dest;
struct netns_ipvs *ipvs = ct->ipvs; struct netns_ipvs *ipvs = ct->ipvs;
...@@ -772,7 +772,8 @@ int ip_vs_check_template(struct ip_vs_conn *ct) ...@@ -772,7 +772,8 @@ int ip_vs_check_template(struct ip_vs_conn *ct)
*/ */
if ((dest == NULL) || if ((dest == NULL) ||
!(dest->flags & IP_VS_DEST_F_AVAILABLE) || !(dest->flags & IP_VS_DEST_F_AVAILABLE) ||
expire_quiescent_template(ipvs, dest)) { expire_quiescent_template(ipvs, dest) ||
(cdest && (dest != cdest))) {
IP_VS_DBG_BUF(9, "check_template: dest not available for " IP_VS_DBG_BUF(9, "check_template: dest not available for "
"protocol %s s:%s:%d v:%s:%d " "protocol %s s:%s:%d v:%s:%d "
"-> d:%s:%d\n", "-> d:%s:%d\n",
......
...@@ -321,7 +321,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, ...@@ -321,7 +321,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
/* Check if a template already exists */ /* Check if a template already exists */
ct = ip_vs_ct_in_get(&param); ct = ip_vs_ct_in_get(&param);
if (!ct || !ip_vs_check_template(ct)) { if (!ct || !ip_vs_check_template(ct, NULL)) {
struct ip_vs_scheduler *sched; struct ip_vs_scheduler *sched;
/* /*
...@@ -1154,7 +1154,8 @@ struct ip_vs_conn *ip_vs_new_conn_out(struct ip_vs_service *svc, ...@@ -1154,7 +1154,8 @@ struct ip_vs_conn *ip_vs_new_conn_out(struct ip_vs_service *svc,
vport, &param) < 0) vport, &param) < 0)
return NULL; return NULL;
ct = ip_vs_ct_in_get(&param); ct = ip_vs_ct_in_get(&param);
if (!ct) { /* check if template exists and points to the same dest */
if (!ct || !ip_vs_check_template(ct, dest)) {
ct = ip_vs_conn_new(&param, dest->af, daddr, dport, ct = ip_vs_conn_new(&param, dest->af, daddr, dport,
IP_VS_CONN_F_TEMPLATE, dest, 0); IP_VS_CONN_F_TEMPLATE, dest, 0);
if (!ct) { if (!ct) {
......
...@@ -612,7 +612,7 @@ int xt_compat_check_entry_offsets(const void *base, const char *elems, ...@@ -612,7 +612,7 @@ int xt_compat_check_entry_offsets(const void *base, const char *elems,
return -EINVAL; return -EINVAL;
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 && if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&
target_offset + sizeof(struct compat_xt_standard_target) != next_offset) COMPAT_XT_ALIGN(target_offset + sizeof(struct compat_xt_standard_target)) != next_offset)
return -EINVAL; return -EINVAL;
/* compat_xt_entry match has less strict aligment requirements, /* compat_xt_entry match has less strict aligment requirements,
...@@ -694,7 +694,7 @@ int xt_check_entry_offsets(const void *base, ...@@ -694,7 +694,7 @@ int xt_check_entry_offsets(const void *base,
return -EINVAL; return -EINVAL;
if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 && if (strcmp(t->u.user.name, XT_STANDARD_TARGET) == 0 &&
target_offset + sizeof(struct xt_standard_target) != next_offset) XT_ALIGN(target_offset + sizeof(struct xt_standard_target)) != next_offset)
return -EINVAL; return -EINVAL;
return xt_check_entry_match(elems, base + target_offset, return xt_check_entry_match(elems, base + target_offset,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment