Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 454891

Summary: [IPVS] fix missing refcnt put with expire_nodest_conn
Product: Red Hat Enterprise Linux 3 Reporter: Petr Savich <petr_savich>
Component: kernelAssignee: Don Howard <dhoward>
Status: CLOSED WONTFIX QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: low    
Version: 3.9CC: uwe.knop
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 16:57:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Description Flags
Julian Anastasov created a patch to fix the issue (November 2005) none

Description Petr Savich 2008-07-10 16:01:56 UTC
Description of problem:
Missed Julian Anastasov fix for net/ipv4/ipvs/ip_vs_core.c in 2.4 kernel.
IPVS code does not expire no-destination connections when told to do so.
No-destination connection is the one that is found in lookup table but has a 
dead realserver (no forwarding IPVS rules).

Version-Release number of selected component (if applicable):

How reproducible:
100% reproducable on current 2.4 RHEL/CentOS kernels
Current 2.6 RHEL kernels are not affected

Steps to Reproduce:
Easier to reproduce with UDP (e.g. DNS) than with TCP
1. Modrobe ip_vs
2. sysctl net.ipv4.vs.expire_nodest_conn = 1
3. Create some TCP/UDP service on a realserver and make it online
4. Create appropriate IPVS rules
5. Make some connections through IPVS to the realservers
6. Check the connections with ipvsadm -Lnc
6. Shut down one realserver that serves active connection
7. Continue to send the packets from the client that should be forwarded by 
IPVS to the dead realserver
Actual results:
Connection to dead realserver does not expire (ipvsadm -Lnc)
All packets are dropped by IPVS code until the timer completely expires.

Expected results:
Connection to dead realserver should expire immediately, client should be 
redirected to active realserver.

Additional info:
Very small patch that is already included in 2.6 RHEL kernels.

Comment 1 Petr Savich 2008-07-10 16:01:56 UTC
Created attachment 311491 [details]
Julian Anastasov created a patch to fix the issue (November 2005)

Comment 3 Jiri Pallich 2012-06-20 16:57:34 UTC
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.