git.baikalelectronics.ru Git - kernel.git/commit

author	Julian Anastasov <ja@ssi.bg>
	Sun, 5 Sep 2010 18:02:29 +0000 (18:02 +0000)
committer	David S. Miller <davem@davemloft.net>
	Wed, 8 Sep 2010 17:39:57 +0000 (10:39 -0700)
commit	62ca20eb80c07fe74a7517d39569384e9699df9a
tree	c3439e9c509676a0c29cd81fdaa65ad2632b903c	tree \| snapshot
parent	eaa63197c97e3ae9f7e5080402e88dfc8e236bb4	commit \| diff

ipvs: fix active FTP

- Do not create expectation when forwarding the PORT
  command to avoid blocking the connection. The problem is that
  nf_conntrack_ftp.c:help() tries to create the same expectation later in
  POST_ROUTING and drops the packet with "dropping packet" message after
  failure in nf_ct_expect_related.

- Change ip_vs_update_conntrack to alter the conntrack
  for related connections from real server. If we do not alter the reply in
  this direction the next packet from client sent to vport 20 comes as NEW
  connection. We alter it but may be some collision happens for both
  conntracks and the second conntrack gets destroyed immediately. The
  connection stucks too.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/net/ip_vs.h		diff \| blob \| history
net/netfilter/ipvs/ip_vs_core.c		diff \| blob \| history
net/netfilter/ipvs/ip_vs_ftp.c		diff \| blob \| history
net/netfilter/ipvs/ip_vs_xmit.c		diff \| blob \| history