IPVS: Fallback if persistence engine fails

Fall back to normal persistence handling if the persistence
engine fails to recognise a packet.

This way, at least the packet will go somewhere.

It is envisaged that iptables could be used to block packets
such if this is not desired although nf_conntrack_sip would
likely need to be enhanced first.

Signed-off-by: Simon Horman <horms@verge.net.au>
Acked-by: Julian Anastasov <ja@ssi.bg>

diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 4adedefdf563ab8d035bc9818056d83b3e5f9bf8..1d1a529dbe24d20e2da90878c08e60c987671b2e 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -154,7 +154,7 @@ static unsigned int ip_vs_conn_hashkey_param(const struct ip_vs_conn_param *p,
        const union nf_inet_addr *addr;
        __be16 port;
 
-       if (p->pe && p->pe->hashkey_raw)
+       if (p->pe_data && p->pe->hashkey_raw)
                return p->pe->hashkey_raw(p, ip_vs_conn_rnd, inverse) &
                        ip_vs_conn_tab_mask;
 
@@ -353,7 +353,7 @@ struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p)
        ct_read_lock(hash);
 
        list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
-               if (p->pe && p->pe->ct_match) {
+               if (p->pe_data && p->pe->ct_match) {
                        if (p->pe->ct_match(p, cp))
                                goto out;
                        continue;
@@ -956,7 +956,7 @@ static int ip_vs_conn_seq_show(struct seq_file *seq, void *v)
                char pe_data[IP_VS_PENAME_MAXLEN + IP_VS_PEDATA_MAXLEN + 3];
                size_t len = 0;
 
-               if (cp->dest && cp->dest->svc->pe &&
+               if (cp->dest && cp->pe_data &&
                    cp->dest->svc->pe->show_pe_data) {
                        pe_data[0] = ' ';
                        len = strlen(cp->dest->svc->pe->name);

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index ab9889380496ef1316d2bee14d0b2a6461611806..e5fef7aef0d43fc06600f560440eb981a1fe48fa 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -176,7 +176,7 @@ ip_vs_set_state(struct ip_vs_conn *cp, int direction,
        return pp->state_transition(cp, direction, skb, pp);
 }
 
-static inline int
+static inline void
 ip_vs_conn_fill_param_persist(const struct ip_vs_service *svc,
                              struct sk_buff *skb, int protocol,
                              const union nf_inet_addr *caddr, __be16 cport,
@@ -186,8 +186,7 @@ ip_vs_conn_fill_param_persist(const struct ip_vs_service *svc,
        ip_vs_conn_fill_param(svc->af, protocol, caddr, cport, vaddr, vport, p);
        p->pe = svc->pe;
        if (p->pe && p->pe->fill_param)
-               return p->pe->fill_param(p, skb);
-       return 0;
+               p->pe->fill_param(p, skb);
 }
 
 /*
@@ -268,9 +267,8 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
                                vaddr = &fwmark;
                        }
                }
-               if (ip_vs_conn_fill_param_persist(svc, skb, protocol, &snet, 0,
-                                                 vaddr, vport, &param))
-                       return NULL;
+               ip_vs_conn_fill_param_persist(svc, skb, protocol, &snet, 0,
+                                             vaddr, vport, &param);
        }
 
        /* Check if a template already exists */