ipvsadm: restrict different address family

Now real server can have different address family only for tunneling. For other modes it must match the service. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
author: Julian Anastasov <ja@ssi.bg> 2014-08-30 14:35:48 +0300
committer: Jesper Dangaard Brouer <brouer@redhat.com> 2014-09-10 08:50:38 +0200
commit: ed4a811f3329af0791ee0a88218c18b369fb1949 (patch)
tree: acd74930c27e8036c63444c944e4a9ea0e5f26e3
parent: 7c87583451e929fb5ce25e37ae1ade0b6e90e7aa (diff)
download: ipvsadm-ed4a811f3329af0791ee0a88218c18b369fb1949.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/ipvsadm.c b/ipvsadm.c
index d12070e..3000117 100644
--- a/ipvsadm.c
+++ b/ipvsadm.c
@@ -788,6 +788,12 @@ static int process_options(int argc, char **argv, int reading_stdin)
 		    (ce.dest.conn_flags == IP_VS_CONN_F_TUNNEL
 		     || ce.dest.conn_flags == IP_VS_CONN_F_DROUTE))
 			ce.dest.port = ce.svc.port;
+
+		/* Tunneling allows different address family */
+		if (ce.dest.af != ce.svc.af &&
+		    ce.dest.conn_flags != IP_VS_CONN_F_TUNNEL)
+			fail(2, "Different address family is allowed only "
+			     "for tunneling servers");
 	}
 
 	switch (ce.cmd) {
author	Julian Anastasov <ja@ssi.bg>	2014-08-30 14:35:48 +0300
committer	Jesper Dangaard Brouer <brouer@redhat.com>	2014-09-10 08:50:38 +0200
commit	ed4a811f3329af0791ee0a88218c18b369fb1949 (patch)
tree	acd74930c27e8036c63444c944e4a9ea0e5f26e3
parent	7c87583451e929fb5ce25e37ae1ade0b6e90e7aa (diff)
download	ipvsadm-ed4a811f3329af0791ee0a88218c18b369fb1949.tar.gz