lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Mon, 7 Dec 2009 14:55:05 +1100
From:	Simon Horman <horms@...ge.net.au>
To:	lvs-devel@...r.kernel.org, netfilter-devel@...r.kernel.org,
	netdev@...r.kernel.org
Cc:	Deon van der Merwe <dvdm@...teq.co.za>,
	Julian Anastasov <ja@....bg>, Patrick McHardy <kaber@...sh.net>
Subject: [patch] ipvs: fwmark services don't have ports

Make sure that the port for fwmark services is always zero, it seems that
in some cases ipvsadm provides bogus port values for fwmark services.  As
observed by Deon van der Merwe, this manifests as a clients not being able
to connect to the virtual service if persistence is set.

Tested-by: Deon van der Merwe <dvdm@...teq.co.za>
Signed-off-by: Simon Horman <horms@...ge.net.au>

--- 

I believe that this fixes a bug and as such is suitable for -stable.
However, Its taken a few release for anyone to bring this to our attention,
so it doesn't seem to be causing much pain in the wild.

Discussion of this problem:
http://archive.linuxvirtualserver.org/html/lvs-users/2009-11/msg00043.html

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index e01061f..9a4ccd4 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1188,8 +1188,9 @@ ip_vs_add_service(struct ip_vs_service_user_kern *u,
 	svc->af = u->af;
 	svc->protocol = u->protocol;
 	ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
-	svc->port = u->port;
 	svc->fwmark = u->fwmark;
+	if (!svc->fwmark)
+		svc->port = u->port;
 	svc->flags = u->flags;
 	svc->timeout = u->timeout * HZ;
 	svc->netmask = u->netmask;
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists