From: Jiri Pirko <jpirko@redhat.com>
Date: Mon, 25 May 2009 10:53:17 +0200
Subject: [net] netfilter: honour source routing for LVS-NAT
Message-id: 20090525085316.GB3545@psychotron.englab.brq.redhat.com
O-Subject: [RHEL5.5 patch] BZ491010 net: netfilter: Honour source routing for LVS-NAT
Bugzilla: 491010
RH-Acked-by: Thomas Graf <tgraf@redhat.com>
RH-Acked-by: Anton Arapov <aarapov@redhat.com>
RH-Acked-by: Jiri Olsa <jolsa@redhat.com>
RH-Acked-by: David Miller <davem@redhat.com>

[RHEL5.5 patch] BZ491010 net: netfilter: Honour source routing for LVS-NAT

BZ491010
https://bugzilla.redhat.com/show_bug.cgi?id=491010

Description:
For policy routing, packets originating from this machine itself may be
routed differently to packets passing through. We want this packet to be
routed as if it came from this machine itself. So re-compute the routing
information using ip_route_me_harder().

Upstream:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=901eaf6c8f997f18ebc8fcbb85411c79161ab3b2

Brew:
https://brewweb.devel.redhat.com/taskinfo?taskID=1802954

Test:
Succesfully tested by a customer.

Jirka

Signed-off-by: Jiri Pirko <jpirko@redhat.com>

diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 3f47ad8..95d1e93 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -813,6 +813,16 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
 	skb->nh.iph->saddr = cp->vaddr;
 	ip_send_check(skb->nh.iph);
 
+	/* For policy routing, packets originating from this
+	 * machine itself may be routed differently to packets
+	 * passing through.  We want this packet to be routed as
+	 * if it came from this machine itself.  So re-compute
+	 * the routing information.
+	 */
+	if (ip_route_me_harder(pskb) != 0)
+		goto drop;
+	skb = *pskb;
+
 	IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
 
 	ip_vs_out_stats(cp, skb);