summaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorJulian Anastasov <ja@ssi.bg>2010-09-05 20:02:29 +0200
committerDavid S. Miller <davem@davemloft.net>2010-09-08 19:39:57 +0200
commit6523ce1525e88c598c75a1a6b8c4edddfa9defe8 (patch)
treec3439e9c509676a0c29cd81fdaa65ad2632b903c /include/net
parentgro: Re-fix different skb headrooms (diff)
downloadlinux-6523ce1525e88c598c75a1a6b8c4edddfa9defe8.tar.xz
linux-6523ce1525e88c598c75a1a6b8c4edddfa9defe8.zip
ipvs: fix active FTP
- Do not create expectation when forwarding the PORT command to avoid blocking the connection. The problem is that nf_conntrack_ftp.c:help() tries to create the same expectation later in POST_ROUTING and drops the packet with "dropping packet" message after failure in nf_ct_expect_related. - Change ip_vs_update_conntrack to alter the conntrack for related connections from real server. If we do not alter the reply in this direction the next packet from client sent to vport 20 comes as NEW connection. We alter it but may be some collision happens for both conntracks and the second conntrack gets destroyed immediately. The connection stucks too. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/ip_vs.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index a4747a0f7303..f976885f686f 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -955,6 +955,9 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum)
return csum_partial(diff, sizeof(diff), oldsum);
}
+extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
+ int outin);
+
#endif /* __KERNEL__ */
#endif /* _NET_IP_VS_H */