SOURCES (LINUX_2_6): kernel-ipvs-nfct.patch - http://www.ssi.bg/~ja/nfct/ip...
zbyniu
zbyniu at pld-linux.org
Mon Nov 3 19:19:23 CET 2008
Author: zbyniu Date: Mon Nov 3 18:19:23 2008 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- http://www.ssi.bg/~ja/nfct/ipvs-nfct-2.6.27-1.diff
---- Files affected:
SOURCES:
kernel-ipvs-nfct.patch (1.1.4.4 -> 1.1.4.5)
---- Diffs:
================================================================
Index: SOURCES/kernel-ipvs-nfct.patch
diff -u SOURCES/kernel-ipvs-nfct.patch:1.1.4.4 SOURCES/kernel-ipvs-nfct.patch:1.1.4.5
--- SOURCES/kernel-ipvs-nfct.patch:1.1.4.4 Mon Nov 3 18:52:32 2008
+++ SOURCES/kernel-ipvs-nfct.patch Mon Nov 3 19:19:17 2008
@@ -1,11 +1,10 @@
-diff -urNp v2.6.25/linux/include/net/ip_vs.h linux/include/net/ip_vs.h
---- v2.6.25/linux/include/net/ip_vs.h 2008-04-17 09:58:08.000000000 +0300
-+++ linux/include/net/ip_vs.h 2008-04-19 19:59:24.000000000 +0300
-@@ -22,6 +22,16 @@
+diff -urNp v2.6.27/linux/include/net/ip_vs.h linux/include/net/ip_vs.h
+--- v2.6.27/linux/include/net/ip_vs.h 2008-10-11 12:46:15.000000000 +0300
++++ linux/include/net/ip_vs.h 2008-10-11 14:24:47.000000000 +0300
+@@ -21,6 +21,13 @@
+ #include <linux/timer.h>
#include <net/checksum.h>
-
-+#ifdef __KERNEL__
+#include <linux/skbuff.h>
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+#include <net/netfilter/nf_conntrack.h>
@@ -13,12 +12,10 @@
+#include <net/netfilter/nf_conntrack_expect.h>
+#include <net/netfilter/nf_conntrack_helper.h>
+#endif
-+#endif
-+
+
#ifdef CONFIG_IP_VS_DEBUG
#include <linux/net.h>
-
-@@ -686,6 +696,16 @@ extern void ip_vs_init_hash_table(struct
+@@ -474,6 +481,16 @@ extern void ip_vs_init_hash_table(struct
*/
/*
@@ -35,7 +32,7 @@
* IPVS connection entry hash table
*/
#ifndef CONFIG_IP_VS_TAB_BITS
-@@ -653,9 +663,42 @@
+@@ -643,9 +660,42 @@ extern int sysctl_ip_vs_expire_nodest_co
extern int sysctl_ip_vs_expire_quiescent_template;
extern int sysctl_ip_vs_sync_threshold[2];
extern int sysctl_ip_vs_nat_icmp_send;
@@ -49,28 +46,28 @@
+
+static inline int ip_vs_use_conntrack(struct sk_buff *skb)
+{
-+ return sysctl_ip_vs_conntrack && skb->nfct;
++ return sysctl_ip_vs_conntrack && skb->nfct;
+}
+
+/* Returns boolean and skb is freed on failure */
+static inline int ip_vs_confirm_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, unsigned int hooknum)
+{
-+ if (!ip_vs_use_conntrack(skb))
-+ return 1;
-+ return nf_ct_is_confirmed((struct nf_conn *) skb->nfct) ||
-+ ip_vs_nfct_confirm(skb, cp, hooknum);
++ if (!ip_vs_use_conntrack(skb))
++ return 1;
++ return nf_ct_is_confirmed((struct nf_conn *) skb->nfct) ||
++ ip_vs_nfct_confirm(skb, cp, hooknum);
+}
+
+#else
+
+static inline int ip_vs_use_conntrack(struct sk_buff *skb)
+{
-+ return 0;
++ return 0;
+}
+
+static inline int ip_vs_confirm_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, unsigned int hooknum)
+{
-+ return 1;
++ return 1;
+}
+
+#endif
@@ -78,9 +75,9 @@
extern struct ip_vs_service *
ip_vs_service_get(__u32 fwmark, __u16 protocol, __be32 vaddr, __be16 vport);
-diff -urNp v2.6.25/linux/net/ipv4/ipvs/Kconfig linux/net/ipv4/ipvs/Kconfig
---- v2.6.25/linux/net/ipv4/ipvs/Kconfig 2007-07-10 09:18:43.000000000 +0300
-+++ linux/net/ipv4/ipvs/Kconfig 2008-04-19 19:55:40.000000000 +0300
+diff -urNp v2.6.27/linux/net/ipv4/ipvs/Kconfig linux/net/ipv4/ipvs/Kconfig
+--- v2.6.27/linux/net/ipv4/ipvs/Kconfig 2007-07-10 09:18:43.000000000 +0300
++++ linux/net/ipv4/ipvs/Kconfig 2008-10-11 14:19:27.000000000 +0300
@@ -221,4 +221,12 @@ config IP_VS_FTP
If you want to compile it in kernel, say Y. To compile it as a
module, choose M here. If unsure, say N.
@@ -94,9 +91,9 @@
+ for filtering purposes.
+
endif # IP_VS
-diff -urNp v2.6.25/linux/net/ipv4/ipvs/Makefile linux/net/ipv4/ipvs/Makefile
---- v2.6.25/linux/net/ipv4/ipvs/Makefile 2005-06-18 08:50:52.000000000 +0300
-+++ linux/net/ipv4/ipvs/Makefile 2008-04-19 19:55:40.000000000 +0300
+diff -urNp v2.6.27/linux/net/ipv4/ipvs/Makefile linux/net/ipv4/ipvs/Makefile
+--- v2.6.27/linux/net/ipv4/ipvs/Makefile 2005-06-18 08:50:52.000000000 +0300
++++ linux/net/ipv4/ipvs/Makefile 2008-10-11 14:19:27.000000000 +0300
@@ -9,10 +9,13 @@ ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_UD
ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_ESP) += ip_vs_proto_esp.o
ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_AH) += ip_vs_proto_ah.o
@@ -112,10 +109,10 @@
# IPVS core
-diff -urNp v2.6.25/linux/net/ipv4/ipvs/ip_vs_conn.c linux/net/ipv4/ipvs/ip_vs_conn.c
---- v2.6.25/linux/net/ipv4/ipvs/ip_vs_conn.c 2008-04-17 09:58:09.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_conn.c 2008-04-19 19:55:40.000000000 +0300
-@@ -593,6 +593,11 @@ static void ip_vs_conn_expire(unsigned l
+diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_conn.c linux/net/ipv4/ipvs/ip_vs_conn.c
+--- v2.6.27/linux/net/ipv4/ipvs/ip_vs_conn.c 2008-10-11 12:46:16.000000000 +0300
++++ linux/net/ipv4/ipvs/ip_vs_conn.c 2008-10-11 14:19:27.000000000 +0300
+@@ -591,6 +591,11 @@ static void ip_vs_conn_expire(unsigned l
if (cp->control)
ip_vs_control_del(cp);
@@ -127,10 +124,10 @@
if (unlikely(cp->app != NULL))
ip_vs_unbind_app(cp);
ip_vs_unbind_dest(cp);
-diff -urNp v2.6.25/linux/net/ipv4/ipvs/ip_vs_core.c linux/net/ipv4/ipvs/ip_vs_core.c
---- v2.6.25/linux/net/ipv4/ipvs/ip_vs_core.c 2008-04-17 09:58:09.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_core.c 2008-04-19 19:55:40.000000000 +0300
-@@ -661,6 +661,8 @@ static int ip_vs_out_icmp(struct sk_buff
+diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_core.c linux/net/ipv4/ipvs/ip_vs_core.c
+--- v2.6.27/linux/net/ipv4/ipvs/ip_vs_core.c 2008-10-11 12:46:16.000000000 +0300
++++ linux/net/ipv4/ipvs/ip_vs_core.c 2008-10-11 14:19:27.000000000 +0300
+@@ -659,6 +659,8 @@ static int ip_vs_out_icmp(struct sk_buff
skb->ipvs_property = 1;
verdict = NF_ACCEPT;
@@ -139,7 +136,7 @@
out:
__ip_vs_conn_put(cp);
-@@ -761,19 +763,31 @@ ip_vs_out(unsigned int hooknum, struct s
+@@ -759,19 +761,31 @@ ip_vs_out(unsigned int hooknum, struct s
if (!skb_make_writable(skb, ihl))
goto drop;
@@ -172,7 +169,7 @@
goto drop;
IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
-@@ -788,8 +802,11 @@ ip_vs_out(unsigned int hooknum, struct s
+@@ -786,8 +800,11 @@ ip_vs_out(unsigned int hooknum, struct s
return NF_ACCEPT;
drop:
@@ -185,10 +182,10 @@
return NF_STOLEN;
}
-diff -urNp v2.6.25/linux/net/ipv4/ipvs/ip_vs_ctl.c linux/net/ipv4/ipvs/ip_vs_ctl.c
---- v2.6.25/linux/net/ipv4/ipvs/ip_vs_ctl.c 2008-04-17 09:58:09.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_ctl.c 2008-04-19 19:55:40.000000000 +0300
-@@ -81,6 +81,10 @@ int sysctl_ip_vs_expire_nodest_conn = 0;
+diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_ctl.c linux/net/ipv4/ipvs/ip_vs_ctl.c
+--- v2.6.27/linux/net/ipv4/ipvs/ip_vs_ctl.c 2008-10-11 12:46:16.000000000 +0300
++++ linux/net/ipv4/ipvs/ip_vs_ctl.c 2008-10-11 14:19:27.000000000 +0300
+@@ -79,6 +79,10 @@ int sysctl_ip_vs_expire_nodest_conn = 0;
int sysctl_ip_vs_expire_quiescent_template = 0;
int sysctl_ip_vs_sync_threshold[2] = { 3, 50 };
int sysctl_ip_vs_nat_icmp_send = 0;
@@ -199,7 +196,7 @@
#ifdef CONFIG_IP_VS_DEBUG
-@@ -1446,6 +1450,15 @@ static struct ctl_table vs_vars[] = {
+@@ -1457,6 +1461,15 @@ static struct ctl_table vs_vars[] = {
.mode = 0644,
.proc_handler = &proc_dointvec,
},
@@ -215,7 +212,7 @@
{
.procname = "drop_entry",
.data = &sysctl_ip_vs_drop_entry,
-@@ -1467,6 +1480,13 @@ static struct ctl_table vs_vars[] = {
+@@ -1478,6 +1491,13 @@ static struct ctl_table vs_vars[] = {
.mode = 0644,
.proc_handler = &proc_do_defense_mode,
},
@@ -229,10 +226,10 @@
#if 0
{
.procname = "timeout_established",
-diff -urNp v2.6.25/linux/net/ipv4/ipvs/ip_vs_ftp.c linux/net/ipv4/ipvs/ip_vs_ftp.c
---- v2.6.25/linux/net/ipv4/ipvs/ip_vs_ftp.c 2008-01-25 10:45:06.000000000 +0200
-+++ linux/net/ipv4/ipvs/ip_vs_ftp.c 2008-04-19 19:55:40.000000000 +0300
-@@ -195,6 +195,11 @@ static int ip_vs_ftp_out(struct ip_vs_ap
+diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_ftp.c linux/net/ipv4/ipvs/ip_vs_ftp.c
+--- v2.6.27/linux/net/ipv4/ipvs/ip_vs_ftp.c 2008-10-11 12:46:16.000000000 +0300
++++ linux/net/ipv4/ipvs/ip_vs_ftp.c 2008-10-11 14:19:27.000000000 +0300
+@@ -193,6 +193,11 @@ static int ip_vs_ftp_out(struct ip_vs_ap
ip_vs_control_add(n_cp, cp);
}
@@ -244,7 +241,7 @@
/*
* Replace the old passive address with the new one
*/
-@@ -327,6 +332,11 @@ static int ip_vs_ftp_in(struct ip_vs_app
+@@ -325,6 +330,11 @@ static int ip_vs_ftp_in(struct ip_vs_app
ip_vs_control_add(n_cp, cp);
}
@@ -256,10 +253,10 @@
/*
* Move tunnel to listen state
*/
-diff -urNp v2.6.25/linux/net/ipv4/ipvs/ip_vs_nfct.c linux/net/ipv4/ipvs/ip_vs_nfct.c
---- v2.6.25/linux/net/ipv4/ipvs/ip_vs_nfct.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux/net/ipv4/ipvs/ip_vs_nfct.c 2008-04-19 20:06:46.000000000 +0300
-@@ -0,0 +1,385 @@
+diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_nfct.c linux/net/ipv4/ipvs/ip_vs_nfct.c
+--- v2.6.27/linux/net/ipv4/ipvs/ip_vs_nfct.c 1970-01-01 02:00:00.000000000 +0200
++++ linux/net/ipv4/ipvs/ip_vs_nfct.c 2008-10-11 14:19:27.000000000 +0300
+@@ -0,0 +1,386 @@
+/*
+ * ip_vs_nfct.c: Netfilter connection tracking support for IPVS
+ *
@@ -576,6 +573,7 @@
+ e->expectfn = ip_vs_nfct_expect_callback;
+ e->helper = NULL;
+ e->flags = 0;
++ e->class = NF_CT_EXPECT_CLASS_DEFAULT;
+ memset(&e->tuple, 0, sizeof(e->tuple));
+ e->tuple.src.u.tcp.port = port;
+ e->tuple.src.l3num = PF_INET;
@@ -645,10 +643,10 @@
+ }
+}
+
-diff -urNp v2.6.25/linux/net/ipv4/ipvs/ip_vs_xmit.c linux/net/ipv4/ipvs/ip_vs_xmit.c
---- v2.6.25/linux/net/ipv4/ipvs/ip_vs_xmit.c 2008-04-17 09:58:09.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_xmit.c 2008-04-19 20:04:42.000000000 +0300
-@@ -141,7 +141,6 @@ int
+diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_xmit.c linux/net/ipv4/ipvs/ip_vs_xmit.c
+--- v2.6.27/linux/net/ipv4/ipvs/ip_vs_xmit.c 2008-10-11 12:46:16.000000000 +0300
++++ linux/net/ipv4/ipvs/ip_vs_xmit.c 2008-10-11 14:19:27.000000000 +0300
+@@ -139,7 +139,6 @@ int
ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
struct ip_vs_protocol *pp)
{
@@ -656,7 +654,7 @@
return NF_ACCEPT;
}
-@@ -199,6 +198,9 @@ ip_vs_bypass_xmit(struct sk_buff *skb, s
+@@ -197,6 +196,9 @@ ip_vs_bypass_xmit(struct sk_buff *skb, s
dst_release(skb->dst);
skb->dst = &rt->u.dst;
@@ -666,7 +664,7 @@
/* Another hack: avoid icmp_send in ip_fragment */
skb->local_df = 1;
-@@ -211,6 +213,7 @@ ip_vs_bypass_xmit(struct sk_buff *skb, s
+@@ -209,6 +211,7 @@ ip_vs_bypass_xmit(struct sk_buff *skb, s
dst_link_failure(skb);
tx_error:
kfree_skb(skb);
@@ -674,7 +672,7 @@
LeaveFunction(10);
return NF_STOLEN;
}
-@@ -263,6 +266,9 @@ ip_vs_nat_xmit(struct sk_buff *skb, stru
+@@ -261,6 +264,9 @@ ip_vs_nat_xmit(struct sk_buff *skb, stru
dst_release(skb->dst);
skb->dst = &rt->u.dst;
@@ -684,7 +682,7 @@
/* mangle the packet */
if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
goto tx_error;
-@@ -286,8 +292,9 @@ ip_vs_nat_xmit(struct sk_buff *skb, stru
+@@ -284,8 +290,9 @@ ip_vs_nat_xmit(struct sk_buff *skb, stru
tx_error_icmp:
dst_link_failure(skb);
tx_error:
@@ -695,7 +693,7 @@
return NF_STOLEN;
tx_error_put:
ip_rt_put(rt);
-@@ -386,14 +393,17 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, s
+@@ -384,14 +391,17 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, s
/* fix old IP header checksum */
ip_send_check(old_iph);
@@ -717,7 +715,7 @@
/*
* Push down and install the IPIP header.
*/
-@@ -421,6 +431,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, s
+@@ -419,6 +429,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, s
dst_link_failure(skb);
tx_error:
kfree_skb(skb);
@@ -725,7 +723,7 @@
LeaveFunction(10);
return NF_STOLEN;
}
-@@ -466,6 +477,9 @@ ip_vs_dr_xmit(struct sk_buff *skb, struc
+@@ -464,6 +475,9 @@ ip_vs_dr_xmit(struct sk_buff *skb, struc
dst_release(skb->dst);
skb->dst = &rt->u.dst;
@@ -735,7 +733,7 @@
/* Another hack: avoid icmp_send in ip_fragment */
skb->local_df = 1;
-@@ -478,6 +492,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struc
+@@ -476,6 +490,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struc
dst_link_failure(skb);
tx_error:
kfree_skb(skb);
@@ -743,7 +741,7 @@
LeaveFunction(10);
return NF_STOLEN;
}
-@@ -537,6 +552,8 @@ ip_vs_icmp_xmit(struct sk_buff *skb, str
+@@ -535,6 +550,8 @@ ip_vs_icmp_xmit(struct sk_buff *skb, str
dst_release(skb->dst);
skb->dst = &rt->u.dst;
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-ipvs-nfct.patch?r1=1.1.4.4&r2=1.1.4.5&f=u
More information about the pld-cvs-commit
mailing list