authorJulian Anastasov <ja@ssi.bg>2010-09-05 18:02:29 +0000
committerDavid S. Miller <davem@davemloft.net>2010-09-08 10:39:57 -0700
commit6523ce1525e88c598c75a1a6b8c4edddfa9defe8 (patch)
treec3439e9c509676a0c29cd81fdaa65ad2632b903c /include
parent64289c8e6851bca0e589e064c9a5c9fbd6ae5dd4 (diff)
ipvs: fix active FTP
- Do not create expectation when forwarding the PORT command to avoid blocking the connection. The problem is that nf_conntrack_ftp.c:help() tries to create the same expectation later in POST_ROUTING and drops the packet with "dropping packet" message after failure in nf_ct_expect_related. - Change ip_vs_update_conntrack to alter the conntrack for related connections from real server. If we do not alter the reply in this direction the next packet from client sent to vport 20 comes as NEW connection. We alter it but may be some collision happens for both conntracks and the second conntrack gets destroyed immediately. The connection stucks too. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index a4747a0f730..f976885f686 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -955,6 +955,9 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum)
return csum_partial(diff, sizeof(diff), oldsum);
+extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
+ int outin);
#endif /* __KERNEL__ */
#endif /* _NET_IP_VS_H */