ipvs: attempt to schedule icmp packets

Invoke the try_to_schedule logic from the icmp path and update it to the appropriate ip_vs_conn_put function. The schedule functions have been updated to reject the packets immediately for now. Signed-off-by: Alex Gartrell <agartrell@fb.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au>
author: Alex Gartrell <agartrell@fb.com> 2015-08-26 09:40:37 -0700
committer: Simon Horman <horms@verge.net.au> 2015-09-01 10:33:55 +0900
commit: 6044eeffafbe35154c5d3b04b73e8938a62e5d39 (patch)
tree: f3ed8b842b49cc270e1b52c667183e27fd559403 /net/netfilter/ipvs/ip_vs_proto_tcp.c
parent: 1471f35efa86407fc180ca6d55363c684d166ef6 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/netfilter/ipvs/ip_vs_proto_tcp.c b/net/netfilter/ipvs/ip_vs_proto_tcp.c
index 8e92beb0cca9..dbc707514f29 100644
--- a/net/netfilter/ipvs/ip_vs_proto_tcp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_tcp.c
@@ -41,6 +41,12 @@ tcp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd,
 	struct tcphdr _tcph, *th;
 	struct netns_ipvs *ipvs;
 
+	if (ip_vs_iph_icmp(iph)) {
+		/* TEMPORARY - do not schedule icmp yet */
+		*verdict = NF_ACCEPT;
+		return 0;
+	}
+
 	th = skb_header_pointer(skb, iph->len, sizeof(_tcph), &_tcph);
 	if (th == NULL) {
 		*verdict = NF_DROP;
@@ -48,6 +54,7 @@ tcp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd,
 	}
 	net = skb_net(skb);
 	ipvs = net_ipvs(net);
+
 	/* No !th->ack check to allow scheduling on SYN+ACK for Active FTP */
 	rcu_read_lock();
 	if ((th->syn || sysctl_sloppy_tcp(ipvs)) && !th->rst &&
author	Alex Gartrell <agartrell@fb.com>	2015-08-26 09:40:37 -0700
committer	Simon Horman <horms@verge.net.au>	2015-09-01 10:33:55 +0900
commit	6044eeffafbe35154c5d3b04b73e8938a62e5d39 (patch)
tree	f3ed8b842b49cc270e1b52c667183e27fd559403 /net/netfilter/ipvs/ip_vs_proto_tcp.c
parent	1471f35efa86407fc180ca6d55363c684d166ef6 (diff)