SOURCES (LINUX_2_6): kernel-ipvs-nfct.patch - updated to 2.6.28; applies bu...

Thu Dec 25 22:50:41 CET 2008

Author: adamg                        Date: Thu Dec 25 21:50:41 2008 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- updated to 2.6.28; applies but breakes build

---- Files affected:
SOURCES:
   kernel-ipvs-nfct.patch (1.1.4.5 -> 1.1.4.6) 

---- Diffs:

================================================================
Index: SOURCES/kernel-ipvs-nfct.patch
diff -u SOURCES/kernel-ipvs-nfct.patch:1.1.4.5 SOURCES/kernel-ipvs-nfct.patch:1.1.4.6

--- SOURCES/kernel-ipvs-nfct.patch:1.1.4.5	Mon Nov  3 19:19:17 2008
+++ SOURCES/kernel-ipvs-nfct.patch	Thu Dec 25 22:50:35 2008
@@ -12,9 +12,9 @@
 +#include <net/netfilter/nf_conntrack_expect.h>
 +#include <net/netfilter/nf_conntrack_helper.h>
 +#endif
- 
- #ifdef CONFIG_IP_VS_DEBUG
- #include <linux/net.h>
+ #include <linux/netfilter.h>		/* for union nf_inet_addr */
+ #include <linux/ip.h>
+ #include <linux/ipv6.h>			/* for struct ipv6hdr */
 @@ -474,6 +481,16 @@ extern void ip_vs_init_hash_table(struct
   */
  
@@ -75,9 +75,9 @@
  extern struct ip_vs_service *
  ip_vs_service_get(__u32 fwmark, __u16 protocol, __be32 vaddr, __be16 vport);
  
-diff -urNp v2.6.27/linux/net/ipv4/ipvs/Kconfig linux/net/ipv4/ipvs/Kconfig
---- v2.6.27/linux/net/ipv4/ipvs/Kconfig	2007-07-10 09:18:43.000000000 +0300
-+++ linux/net/ipv4/ipvs/Kconfig	2008-10-11 14:19:27.000000000 +0300
+diff -urNp v2.6.27/linux/net/netfilter/ipvs/Kconfig linux/net/netfilter/ipvs/Kconfig
+--- v2.6.27/linux/net/netfilter/ipvs/Kconfig	2007-07-10 09:18:43.000000000 +0300
++++ linux/net/netfilter/ipvs/Kconfig	2008-10-11 14:19:27.000000000 +0300
 @@ -221,4 +221,12 @@ config	IP_VS_FTP
  	  If you want to compile it in kernel, say Y. To compile it as a
  	  module, choose M here. If unsure, say N.
@@ -92,12 +92,12 @@
 +
  endif # IP_VS
 diff -urNp v2.6.27/linux/net/ipv4/ipvs/Makefile linux/net/ipv4/ipvs/Makefile
---- v2.6.27/linux/net/ipv4/ipvs/Makefile	2005-06-18 08:50:52.000000000 +0300
-+++ linux/net/ipv4/ipvs/Makefile	2008-10-11 14:19:27.000000000 +0300
+--- v2.6.27/linux/net/netfilter/ipvs/Makefile	2005-06-18 08:50:52.000000000 +0300
++++ linux/net/netfilter/ipvs/Makefile	2008-10-11 14:19:27.000000000 +0300
 @@ -9,10 +9,13 @@ ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_UD
- ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_ESP) += ip_vs_proto_esp.o
- ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_AH) += ip_vs_proto_ah.o
- 
+ ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_UDP) += ip_vs_proto_udp.o
+ ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_AH_ESP) += ip_vs_proto_ah_esp.o
+
 +ip_vs-extra_objs-y :=
 +ip_vs-extra_objs-$(CONFIG_IP_VS_NFCT) += ip_vs_nfct.o
 +
@@ -109,9 +109,9 @@
  
  
  # IPVS core
-diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_conn.c linux/net/ipv4/ipvs/ip_vs_conn.c
---- v2.6.27/linux/net/ipv4/ipvs/ip_vs_conn.c	2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_conn.c	2008-10-11 14:19:27.000000000 +0300
+diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_conn.c linux/net/netfilter/ipvs/ip_vs_conn.c
+--- v2.6.27/linux/net/netfilter/ipvs/ip_vs_conn.c	2008-10-11 12:46:16.000000000 +0300
++++ linux/net/netfilter/ipvs/ip_vs_conn.c	2008-10-11 14:19:27.000000000 +0300
 @@ -591,6 +591,11 @@ static void ip_vs_conn_expire(unsigned l
  		if (cp->control)
  			ip_vs_control_del(cp);
@@ -124,30 +124,12 @@
  		if (unlikely(cp->app != NULL))
  			ip_vs_unbind_app(cp);
  		ip_vs_unbind_dest(cp);
-diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_core.c linux/net/ipv4/ipvs/ip_vs_core.c
---- v2.6.27/linux/net/ipv4/ipvs/ip_vs_core.c	2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_core.c	2008-10-11 14:19:27.000000000 +0300
-@@ -659,6 +659,8 @@ static int ip_vs_out_icmp(struct sk_buff
- 
- 	skb->ipvs_property = 1;
- 	verdict = NF_ACCEPT;
-+	if (sysctl_ip_vs_snat_reroute && ip_route_me_harder(skb, RTN_LOCAL))
-+		verdict = NF_DROP;
- 
-   out:
- 	__ip_vs_conn_put(cp);
-@@ -759,19 +761,31 @@ ip_vs_out(unsigned int hooknum, struct s
- 	if (!skb_make_writable(skb, ihl))
- 		goto drop;
- 
-+	if (!ip_vs_confirm_conntrack(skb, cp, hooknum))
-+		goto out;
-+
- 	/* mangle the packet */
- 	if (pp->snat_handler && !pp->snat_handler(skb, pp, cp))
- 		goto drop;
- 	ip_hdr(skb)->saddr = cp->vaddr;
- 	ip_send_check(ip_hdr(skb));
+diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_core.c linux/net/netfilter/ipvs/ip_vs_core.c
+--- v2.6.27/linux/net/netfilter/ipvs/ip_vs_core.c	2008-10-11 12:46:16.000000000 +0300
++++ linux/net/netfilter/ipvs/ip_vs_core.c	2008-10-11 14:19:27.000000000 +0300
+@@ -890,6 +893,15 @@
+ 		ip_send_check(ip_hdr(skb));
+ 	}
  
 +	/*
 +	 * nf_iterate does not expect change in the skb->dst->dev.
@@ -161,30 +143,31 @@
  	/* For policy routing, packets originating from this
  	 * machine itself may be routed differently to packets
  	 * passing through.  We want this packet to be routed as
- 	 * if it came from this machine itself.  So re-compute
- 	 * the routing information.
- 	 */
--	if (ip_route_me_harder(skb, RTN_LOCAL) != 0)
-+	if (sysctl_ip_vs_snat_reroute && ip_route_me_harder(skb, RTN_LOCAL) != 0)
- 		goto drop;
+@@ -902,7 +914,7 @@
+ 			goto drop;
+ 	} else
+ #endif
+-		if (ip_route_me_harder(skb, RTN_LOCAL) != 0)
++		if (sysctl_ip_vs_snat_reroute && ip_route_me_harder(skb, RTN_LOCAL) != 0)
+ 			goto drop;
  
  	IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
 @@ -786,8 +800,11 @@ ip_vs_out(unsigned int hooknum, struct s
  	return NF_ACCEPT;
  
-   drop:
+ drop:
 -	ip_vs_conn_put(cp);
  	kfree_skb(skb);
 +
-+  out:
++out:
 +	ip_vs_conn_put(cp);
 +	LeaveFunction(11);
  	return NF_STOLEN;
  }
  
-diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_ctl.c linux/net/ipv4/ipvs/ip_vs_ctl.c
---- v2.6.27/linux/net/ipv4/ipvs/ip_vs_ctl.c	2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_ctl.c	2008-10-11 14:19:27.000000000 +0300
+diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_ctl.c linux/net/netfilter/ipvs/ip_vs_ctl.c
+--- v2.6.27/linux/net/netfilter/ipvs/ip_vs_ctl.c	2008-10-11 12:46:16.000000000 +0300
++++ linux/net/netfilter/ipvs/ip_vs_ctl.c	2008-10-11 14:19:27.000000000 +0300
 @@ -79,6 +79,10 @@ int sysctl_ip_vs_expire_nodest_conn = 0;
  int sysctl_ip_vs_expire_quiescent_template = 0;
  int sysctl_ip_vs_sync_threshold[2] = { 3, 50 };
@@ -226,9 +209,9 @@
  #if 0
  	{
  		.procname	= "timeout_established",
-diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_ftp.c linux/net/ipv4/ipvs/ip_vs_ftp.c
---- v2.6.27/linux/net/ipv4/ipvs/ip_vs_ftp.c	2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_ftp.c	2008-10-11 14:19:27.000000000 +0300
+diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_ftp.c linux/net/netfilter/ipvs/ip_vs_ftp.c
+--- v2.6.27/linux/net/netfilter/ipvs/ip_vs_ftp.c	2008-10-11 12:46:16.000000000 +0300
++++ linux/net/netfilter/ipvs/ip_vs_ftp.c	2008-10-11 14:19:27.000000000 +0300
 @@ -193,6 +193,11 @@ static int ip_vs_ftp_out(struct ip_vs_ap
  			ip_vs_control_add(n_cp, cp);
  		}
@@ -253,9 +236,9 @@
  	/*
  	 *	Move tunnel to listen state
  	 */
-diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_nfct.c linux/net/ipv4/ipvs/ip_vs_nfct.c
---- v2.6.27/linux/net/ipv4/ipvs/ip_vs_nfct.c	1970-01-01 02:00:00.000000000 +0200
-+++ linux/net/ipv4/ipvs/ip_vs_nfct.c	2008-10-11 14:19:27.000000000 +0300
+diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_nfct.c linux/net/netfilter/ipvs/ip_vs_nfct.c
+--- v2.6.27/linux/net/netfilter/ipvs/ip_vs_nfct.c	1970-01-01 02:00:00.000000000 +0200
++++ linux/net/netfilter/ipvs/ip_vs_nfct.c	2008-10-11 14:19:27.000000000 +0300
 @@ -0,0 +1,386 @@
 +/*
 + * ip_vs_nfct.c:	Netfilter connection tracking support for IPVS
@@ -643,9 +626,9 @@
 +	}
 +}
 +
-diff -urNp v2.6.27/linux/net/ipv4/ipvs/ip_vs_xmit.c linux/net/ipv4/ipvs/ip_vs_xmit.c
---- v2.6.27/linux/net/ipv4/ipvs/ip_vs_xmit.c	2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/ipv4/ipvs/ip_vs_xmit.c	2008-10-11 14:19:27.000000000 +0300
+diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_xmit.c linux/net/netfilter/ipvs/ip_vs_xmit.c
+--- v2.6.27/linux/net/netfilter/ipvs/ip_vs_xmit.c	2008-10-11 12:46:16.000000000 +0300
++++ linux/net/netfilter/ipvs/ip_vs_xmit.c	2008-10-11 14:19:27.000000000 +0300
 @@ -139,7 +139,6 @@ int
  ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
  		struct ip_vs_protocol *pp)
@@ -750,3 +733,5 @@
  	ip_vs_nat_icmp(skb, pp, cp, 0);
  
  	/* Another hack: avoid icmp_send in ip_fragment */
+--- ip_vs_core.c~	2008-12-25 18:30:56.000000000 +0100
++++ ip_vs_core.c	2008-12-25 18:30:30.000000000 +0100
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-ipvs-nfct.patch?r1=1.1.4.5&r2=1.1.4.6&f=u

