[Linux-ha-dev] Food for thought: add something like cutter to
IPaddr2 (or portblock?) RA
Florian Haas
florian.haas at linbit.com
Thu Oct 16 03:11:08 MDT 2008
On 10/13/2008 05:06 PM, Lars Marowsky-Bree wrote:
> On 2008-10-13T17:02:36, Florian Haas <florian.haas at linbit.com> wrote:
>
>>> - cutter
>>>
>>> I think cutter might even work, as the replicated nodes do think that
>>> they are "forwarding" the connection. We just need to identify all
>>> connections which passed through the failed node.
>> Cutter in its current incarnation does not work, because of an overly
>> paranoid (?) sanity check. Extract cutter.c from
>> http://www.lowth.com/cutter/software/cutter-1.03.tgz and take a look at
>> lines 521 through 546. :-)
>
> I meant in principle. That there are going to be bugs which need fixing
> is obvious ;-)
I tried contacting the original author of cutter as to the rationale
behind this sanity check a few days ago, but to no avail. Does someone
more knowledgeable in TCP connection tracking than myself want to take a
look into this and see if it can be safely bypassed? Having something
like "cutter --allow-local <ipaddress>" would be really helpful. Thoughts?
Cheers,
Florian
More information about the Linux-HA-Dev
mailing list