Patrick McHardy wrote:
Janusz Krzysztofik wrote:
... ICMP port unreachable messages are not generated inside
IPVS code, they are just sent, with help of the patch in question, from
udp_input() or netfilter REJECT.
Both use icmp_send(), which should always pick a local source, so I
don't understand why this change was needed. Could you describe
the specific case when the packet generated by icmp_send() does
not have a local source?
Yes, it happens when a packet with a non-local destination IP address is
routed localy in order to reach ip_vs_in(), but is not catched there
because of no associated connection and no matching service, so it is
passed through and ends up in udp_input(). Then, inside udp_input(),
icmp_send() is invoked with original non-local destination IP as source
address.
Again, all this is my own method, usnig special packet marking, of
notifying clients of dead real servers, that is not possible with "pure"
LVS methods. More details can be found several paragraphs below
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#F5_snat
header.
Janusz
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
