diff options
| author |   Alex Gartrell <agartrell@fb.com> | 2014-09-09 16:40:23 -0700 |
|---|---|---|
| committer |   Simon Horman <horms@verge.net.au> | 2014-09-16 09:03:34 +0900 |
| commit | ba38528aae6ee2d22226c6a78727ddc13512b068 (patch) | |
| tree | 224bda662d2fc090d37276359026406663dd7dbe /net/netfilter/ipvs/ip_vs_sync.c | |
| parent | ipvs: Pass destination address family to ip_vs_trash_get_dest (diff) | |
| download | linux-dev-ba38528aae6ee2d22226c6a78727ddc13512b068.tar.xz linux-dev-ba38528aae6ee2d22226c6a78727ddc13512b068.zip | |
ipvs: Supply destination address family to ip_vs_conn_new
The assumption that dest af is equal to service af is now unreliable, so we
must specify it manually so as not to copy just the first 4 bytes of a v6
address or doing an illegal read of 16 butes on a v6 address.
We "lie" in two places: for synchronization (which we will explicitly
disallow from happening when we have heterogeneous pools) and for black
hole addresses where there's no real dest.
Signed-off-by: Alex Gartrell <agartrell@fb.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'net/netfilter/ipvs/ip_vs_sync.c')
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_sync.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c index edd266414b7d..7162c86fd50d 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -889,7 +889,8 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param, param->vaddr, param->vport, protocol, fwmark, flags); - cp = ip_vs_conn_new(param, daddr, dport, flags, dest, fwmark); + cp = ip_vs_conn_new(param, type, daddr, dport, flags, dest, + fwmark); rcu_read_unlock(); if (!cp) { kfree(param->pe_data); |