]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: Honour source routing for LVS-NAT
authorSimon Horman <horms@verge.net.au>
Mon, 2 Oct 2006 23:11:51 +0000 (16:11 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Wed, 4 Oct 2006 07:30:55 +0000 (00:30 -0700)
For policy routing, packets originating from this machine itself may be
routed differently to packets passing through. We want this packet to be
routed as if it came from this machine itself. So re-compute the routing
information using ip_route_me_harder().

This patch is derived from work by Ken Brownfield

Cc: Ken Brownfield <krb@irridia.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/ipvs/ip_vs_core.c

index 6dee03935f786076448f7f1573abc2c806ff12f0..1445bb47fea4bcb6264a6b48de8cc7a4632e671b 100644 (file)
@@ -813,6 +813,16 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
        skb->nh.iph->saddr = cp->vaddr;
        ip_send_check(skb->nh.iph);
 
+       /* For policy routing, packets originating from this
+        * machine itself may be routed differently to packets
+        * passing through.  We want this packet to be routed as
+        * if it came from this machine itself.  So re-compute
+        * the routing information.
+        */
+       if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
+               goto drop;
+       skb = *pskb;
+
        IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
 
        ip_vs_out_stats(cp, skb);