[PATCH] LVS: Send ICMP unreachable responses to end-users when real-servers are removed

[PATCH] LVS: Send ICMP unreachable responses to end-users when real-servers are removed

[Horms]

Hi,

this is a small patch by  Janusz Krzysztofik to ip_route_output_slow()
that allows VIP-less LVS linux director to generate packets originating
>From VIP if sysctl_ip_nonlocal_bind is set.

In a nutshell, the intention is for an LVS linux director to be able
to send ICMP unreachable responses to end-users when real-servers are
removed.

http://archive.linuxvirtualserver.org/html/lvs-users/2007-01/msg00106.html

I'm not really sure about the correctness of this approach,
so I am sending it here to netdev for review

Cc: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
Signed-off-by: Simon Horman <horms@verge.net.au>

Index: net-2.6/net/ipv4/route.c
===================================================================
--- net-2.6.orig/net/ipv4/route.c	2007-02-11 11:46:08.000000000 +0900
+++ net-2.6/net/ipv4/route.c	2007-02-11 11:46:23.000000000 +0900
@@ -2397,7 +2397,7 @@
 
 		/* It is equivalent to inet_addr_type(saddr) == RTN_LOCAL */
 		dev_out = ip_dev_find(oldflp->fl4_src);
-		if (dev_out == NULL)
+		if ((dev_out == NULL) && !(sysctl_ip_nonlocal_bind))
 			goto out;
 
 		/* I removed check for oif == dev_out->oif here.
@@ -2408,7 +2408,7 @@
 		      of another iface. --ANK
 		 */
 
-		if (oldflp->oif == 0
+		if (dev_out && oldflp->oif == 0
 		    && (MULTICAST(oldflp->fl4_dst) || oldflp->fl4_dst == htonl(0xFFFFFFFF))) {
 			/* Special hack: user can direct multicasts
 			   and limited broadcast via necessary interface

Re: [PATCH] LVS: Send ICMP unreachable responses to end-users when real-servers are removed

[David Miller]

From: Horms <horms@verge.net.au>
Date: Sun, 11 Feb 2007 12:04:43 +0900

> this is a small patch by  Janusz Krzysztofik to ip_route_output_slow()
> that allows VIP-less LVS linux director to generate packets originating
> >From VIP if sysctl_ip_nonlocal_bind is set.
> 
> In a nutshell, the intention is for an LVS linux director to be able
> to send ICMP unreachable responses to end-users when real-servers are
> removed.
> 
> http://archive.linuxvirtualserver.org/html/lvs-users/2007-01/msg00106.html
> 
> I'm not really sure about the correctness of this approach,
> so I am sending it here to netdev for review
> 
> Cc: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
> Signed-off-by: Simon Horman <horms@verge.net.au>

I'm not against this patch or the idea, I just want to
think about it some more to make sure there are not bad
unintended side effects to allowing this.

If someone else could provide some feedback or comments,
I'd very much appreciate that as well.

Re: [PATCH] LVS: Send ICMP unreachable responses to end-users when real-servers are removed

[David Miller]

From: Horms <horms@verge.net.au>
Date: Sun, 11 Feb 2007 12:04:43 +0900

> Hi,
> 
> this is a small patch by  Janusz Krzysztofik to ip_route_output_slow()
> that allows VIP-less LVS linux director to generate packets originating
> >From VIP if sysctl_ip_nonlocal_bind is set.
> 
> In a nutshell, the intention is for an LVS linux director to be able
> to send ICMP unreachable responses to end-users when real-servers are
> removed.
> 
> http://archive.linuxvirtualserver.org/html/lvs-users/2007-01/msg00106.html
> 
> I'm not really sure about the correctness of this approach,
> so I am sending it here to netdev for review
> 
> Cc: Janusz Krzysztofik <jkrzyszt@tis.icnet.pl>
> Signed-off-by: Simon Horman <horms@verge.net.au>

Applied to net-2.6.22, thanks Simon.

Re: [PATCH] LVS: Send ICMP unreachable responses to end-users when real-servers are removed

[Janusz Krzysztofik]

David Miller wrote:
>> this is a small patch by  Janusz Krzysztofik to ip_route_output_slow()
>> that allows VIP-less LVS linux director to generate packets originating
>> >From VIP if sysctl_ip_nonlocal_bind is set.
> 
> Applied to net-2.6.22, thanks Simon.

Thank you,

Janusz