Skip to content

Commit

Permalink
[NETFILTER]: Honour source routing for LVS-NAT
Browse files Browse the repository at this point in the history 
For policy routing, packets originating from this machine itself may be
routed differently to packets passing through. We want this packet to be
routed as if it came from this machine itself. So re-compute the routing
information using ip_route_me_harder().

This patch is derived from work by Ken Brownfield

Cc: Ken Brownfield <krb@irridia.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Simon Horman authored and David S. Miller committed Oct 4, 2006
1 parent b4c4ed1 commit 901eaf6
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions net/ipv4/ipvs/ip_vs_core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -813,6 +813,16 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
skb->nh.iph->saddr = cp->vaddr;
ip_send_check(skb->nh.iph);

/* For policy routing, packets originating from this
* machine itself may be routed differently to packets
* passing through. We want this packet to be routed as
* if it came from this machine itself. So re-compute
* the routing information.
*/
if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
goto drop;
skb = *pskb;

IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");

ip_vs_out_stats(cp, skb);
Expand Down

0 comments on commit 901eaf6

Please sign in to comment.