Commit 183dce554ac79302fbeb86d8419440ed7021b8a0
Committed by
Pablo Neira Ayuso
Pablo Neira Ayuso
1 parent
d1deae4d3a
Exists in
smarc-l5.0.0_1.0.0-ga
and in
5 other branches
ipvs: no need to reroute anymore on DNAT over loopback
After commit 70e7341673 (ipv4: Show that ip_send_reply() is purely unicast routine.) we do not need to reroute DNAT-ed traffic over loopback because reply uses iph daddr and not rt_spec_dst. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off by: Hans Schillstrom <hans@schillstrom.com> Signed-off-by: Simon Horman <horms@verge.net.au>
Showing 1 changed file with 2 additions and 56 deletions Side-by-side Diff
net/netfilter/ipvs/ip_vs_xmit.c
| ... | ... | @@ -207,44 +207,6 @@ |
| 207 | 207 | return rt; |
| 208 | 208 | } |
| 209 | 209 | |
| 210 | -/* Reroute packet to local IPv4 stack after DNAT */ | |
| 211 | -static int | |
| 212 | -__ip_vs_reroute_locally(struct sk_buff *skb) | |
| 213 | -{ | |
| 214 | - struct rtable *rt = skb_rtable(skb); | |
| 215 | - struct net_device *dev = rt->dst.dev; | |
| 216 | - struct net *net = dev_net(dev); | |
| 217 | - struct iphdr *iph = ip_hdr(skb); | |
| 218 | - | |
| 219 | - if (rt_is_input_route(rt)) { | |
| 220 | - unsigned long orefdst = skb->_skb_refdst; | |
| 221 | - | |
| 222 | - if (ip_route_input(skb, iph->daddr, iph->saddr, | |
| 223 | - iph->tos, skb->dev)) | |
| 224 | - return 0; | |
| 225 | - refdst_drop(orefdst); | |
| 226 | - } else { | |
| 227 | - struct flowi4 fl4 = { | |
| 228 | - .daddr = iph->daddr, | |
| 229 | - .saddr = iph->saddr, | |
| 230 | - .flowi4_tos = RT_TOS(iph->tos), | |
| 231 | - .flowi4_mark = skb->mark, | |
| 232 | - }; | |
| 233 | - | |
| 234 | - rt = ip_route_output_key(net, &fl4); | |
| 235 | - if (IS_ERR(rt)) | |
| 236 | - return 0; | |
| 237 | - if (!(rt->rt_flags & RTCF_LOCAL)) { | |
| 238 | - ip_rt_put(rt); | |
| 239 | - return 0; | |
| 240 | - } | |
| 241 | - /* Drop old route. */ | |
| 242 | - skb_dst_drop(skb); | |
| 243 | - skb_dst_set(skb, &rt->dst); | |
| 244 | - } | |
| 245 | - return 1; | |
| 246 | -} | |
| 247 | - | |
| 248 | 210 | #ifdef CONFIG_IP_VS_IPV6 |
| 249 | 211 | |
| 250 | 212 | static inline int __ip_vs_is_local_route6(struct rt6_info *rt) |
| 251 | 213 | |
| ... | ... | @@ -635,16 +597,8 @@ |
| 635 | 597 | /* drop old route */ |
| 636 | 598 | skb_dst_drop(skb); |
| 637 | 599 | skb_dst_set(skb, &rt->dst); |
| 638 | - } else { | |
| 600 | + } else | |
| 639 | 601 | ip_rt_put(rt); |
| 640 | - /* | |
| 641 | - * Some IPv4 replies get local address from routes, | |
| 642 | - * not from iph, so while we DNAT after routing | |
| 643 | - * we need this second input/output route. | |
| 644 | - */ | |
| 645 | - if (!__ip_vs_reroute_locally(skb)) | |
| 646 | - goto tx_error; | |
| 647 | - } | |
| 648 | 602 | |
| 649 | 603 | IP_VS_DBG_PKT(10, AF_INET, pp, skb, 0, "After DNAT"); |
| 650 | 604 | |
| 651 | 605 | |
| ... | ... | @@ -1269,16 +1223,8 @@ |
| 1269 | 1223 | /* drop the old route when skb is not shared */ |
| 1270 | 1224 | skb_dst_drop(skb); |
| 1271 | 1225 | skb_dst_set(skb, &rt->dst); |
| 1272 | - } else { | |
| 1226 | + } else | |
| 1273 | 1227 | ip_rt_put(rt); |
| 1274 | - /* | |
| 1275 | - * Some IPv4 replies get local address from routes, | |
| 1276 | - * not from iph, so while we DNAT after routing | |
| 1277 | - * we need this second input/output route. | |
| 1278 | - */ | |
| 1279 | - if (!__ip_vs_reroute_locally(skb)) | |
| 1280 | - goto tx_error; | |
| 1281 | - } | |
| 1282 | 1228 | |
| 1283 | 1229 | /* Another hack: avoid icmp_send in ip_fragment */ |
| 1284 | 1230 | skb->local_df = 1; |