lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <464884EE.3030606@tis.icnet.pl>
Date:	Mon, 14 May 2007 17:49:02 +0200
From:	Janusz Krzysztofik <jkrzyszt@....icnet.pl>
To:	Patrick McHardy <kaber@...sh.net>
CC:	David Miller <davem@...emloft.net>, horms@...ge.net.au,
	netdev@...r.kernel.org
Subject: Re: [IPV4] LVS: Allow to send ICMP unreachable responses when real-servers
 are removed

Patrick McHardy wrote:
> Janusz Krzysztofik wrote:
>> ... ICMP port unreachable messages are not generated inside
>> IPVS code, they are just sent, with help of the patch in question, from
>> udp_input() or netfilter REJECT.
> 
> Both use icmp_send(), which should always pick a local source, so I
> don't understand why this change was needed. Could you describe
> the specific case when the packet generated by icmp_send() does
> not have a local source?

Yes, it happens when a packet with a non-local destination IP address is 
routed localy in order to reach ip_vs_in(), but is not catched there 
because of no associated connection and no matching service, so it is 
passed through and ends up in udp_input(). Then, inside udp_input(), 
icmp_send() is invoked with original non-local destination IP as source 
address.

Again, all this is my own method, usnig special packet marking, of 
notifying clients of dead real servers, that is not possible with "pure" 
LVS methods. More details can be found several paragraphs below 
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.LVS-NAT.html#F5_snat 
header.

Janusz
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ