[lvs-users] "connection refused" when persistence enabled

Simon Horman horms at verge.net.au
Sat Nov 28 00:50:08 GMT 2009

On Fri, Nov 27, 2009 at 11:54:41PM +1100, Simon Horman wrote:
> On Tue, Nov 17, 2009 at 08:33:52PM +0200, Deon van der Merwe wrote:
> > Hi,
> > 
> > Been using this setup on at least 4 different installations without this 
> > issue... we have multiple virtual services and use iptables MARK to tag 
> > the packets for each virtual service.
> > 
> > My problem is that when I enable/configure persistence on IPVS the 
> > client gets "connection refused".  The same config *without* persistence 
> > works fine.
> Hi Deon,
> that looks very odd. I've been able to reproduce the problem here
> with 2.6.30.  But its getting a bit late in the day for me to debug it.
> I'll try and get a chance to do so shortly if no one else gets
> there first.

Hi Deon,

could you try the following patch?


ipvs: fwmark services don't have ports

Make sure that the port for fwmark services is always zero, it seems that
in some cases ipvsadm provides bogus port values for fwmark services.  As
observed by Deon van der Merwe, this manifests as a clients not being able
to connect to the virtual service if persistence is set.

Cc: Deon van der Merwe <dvdm at truteq.co.za>
Signed-off-by: Simon Horman <horms at verge.net.au>

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index e01061f..9a4ccd4 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1188,8 +1188,9 @@ ip_vs_add_service(struct ip_vs_service_user_kern *u,
 	svc->af = u->af;
 	svc->protocol = u->protocol;
 	ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
-	svc->port = u->port;
 	svc->fwmark = u->fwmark;
+	if (!svc->fwmark)
+		svc->port = u->port;
 	svc->flags = u->flags;
 	svc->timeout = u->timeout * HZ;
 	svc->netmask = u->netmask;

More information about the lvs-users mailing list