SOURCES (LINUX_2_6): kernel-ipvs-nfct.patch - ipvs-nfct-2.6.28-1
adamg
adamg at pld-linux.org
Wed Jan 7 12:33:27 CET 2009
Author: adamg Date: Wed Jan 7 11:33:27 2009 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- ipvs-nfct-2.6.28-1
---- Files affected:
SOURCES:
kernel-ipvs-nfct.patch (1.1.4.6 -> 1.1.4.7)
---- Diffs:
================================================================
Index: SOURCES/kernel-ipvs-nfct.patch
diff -u SOURCES/kernel-ipvs-nfct.patch:1.1.4.6 SOURCES/kernel-ipvs-nfct.patch:1.1.4.7
--- SOURCES/kernel-ipvs-nfct.patch:1.1.4.6 Thu Dec 25 22:50:35 2008
+++ SOURCES/kernel-ipvs-nfct.patch Wed Jan 7 12:33:22 2009
@@ -1,22 +1,23 @@
-diff -urNp v2.6.27/linux/include/net/ip_vs.h linux/include/net/ip_vs.h
---- v2.6.27/linux/include/net/ip_vs.h 2008-10-11 12:46:15.000000000 +0300
-+++ linux/include/net/ip_vs.h 2008-10-11 14:24:47.000000000 +0300
-@@ -21,6 +21,13 @@
- #include <linux/timer.h>
-
- #include <net/checksum.h>
+diff -urNp v2.6.28/linux/include/net/ip_vs.h linux/include/net/ip_vs.h
+--- v2.6.28/linux/include/net/ip_vs.h 2008-12-25 10:12:24.000000000 +0200
++++ linux/include/net/ip_vs.h 2008-12-26 12:32:55.000000000 +0200
+@@ -25,6 +25,14 @@
+ #include <linux/ip.h>
+ #include <linux/ipv6.h> /* for struct ipv6hdr */
+ #include <net/ipv6.h> /* for ipv6_addr_copy */
+#include <linux/skbuff.h>
++
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_core.h>
+#include <net/netfilter/nf_conntrack_expect.h>
+#include <net/netfilter/nf_conntrack_helper.h>
+#endif
- #include <linux/netfilter.h> /* for union nf_inet_addr */
- #include <linux/ip.h>
- #include <linux/ipv6.h> /* for struct ipv6hdr */
-@@ -474,6 +481,16 @@ extern void ip_vs_init_hash_table(struct
- */
+
+ struct ip_vs_iphdr {
+ int len;
+@@ -595,6 +603,16 @@ extern void ip_vs_init_hash_table(struct
+ #define IP_VS_APP_TYPE_FTP 1
/*
+ * Netfilter connection tracking
@@ -29,10 +30,10 @@
+extern void ip_vs_nfct_conn_drop(struct ip_vs_conn *cp);
+
+/*
- * IPVS connection entry hash table
+ * ip_vs_conn handling functions
+ * (from ip_vs_conn.c)
*/
- #ifndef CONFIG_IP_VS_TAB_BITS
-@@ -643,9 +660,42 @@ extern int sysctl_ip_vs_expire_nodest_co
+@@ -780,9 +798,42 @@ extern int sysctl_ip_vs_expire_nodest_co
extern int sysctl_ip_vs_expire_quiescent_template;
extern int sysctl_ip_vs_sync_threshold[2];
extern int sysctl_ip_vs_nat_icmp_send;
@@ -73,12 +74,12 @@
+#endif
+
extern struct ip_vs_service *
- ip_vs_service_get(__u32 fwmark, __u16 protocol, __be32 vaddr, __be16 vport);
-
-diff -urNp v2.6.27/linux/net/netfilter/ipvs/Kconfig linux/net/netfilter/ipvs/Kconfig
---- v2.6.27/linux/net/netfilter/ipvs/Kconfig 2007-07-10 09:18:43.000000000 +0300
-+++ linux/net/netfilter/ipvs/Kconfig 2008-10-11 14:19:27.000000000 +0300
-@@ -221,4 +221,12 @@ config IP_VS_FTP
+ ip_vs_service_get(int af, __u32 fwmark, __u16 protocol,
+ const union nf_inet_addr *vaddr, __be16 vport);
+diff -urNp v2.6.28/linux/net/netfilter/ipvs/Kconfig linux/net/netfilter/ipvs/Kconfig
+--- v2.6.28/linux/net/netfilter/ipvs/Kconfig 2008-12-25 10:12:26.000000000 +0200
++++ linux/net/netfilter/ipvs/Kconfig 2008-12-26 12:35:37.000000000 +0200
+@@ -238,4 +238,12 @@ config IP_VS_FTP
If you want to compile it in kernel, say Y. To compile it as a
module, choose M here. If unsure, say N.
@@ -91,13 +92,13 @@
+ for filtering purposes.
+
endif # IP_VS
-diff -urNp v2.6.27/linux/net/ipv4/ipvs/Makefile linux/net/ipv4/ipvs/Makefile
---- v2.6.27/linux/net/netfilter/ipvs/Makefile 2005-06-18 08:50:52.000000000 +0300
-+++ linux/net/netfilter/ipvs/Makefile 2008-10-11 14:19:27.000000000 +0300
-@@ -9,10 +9,13 @@ ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_UD
+diff -urNp v2.6.28/linux/net/netfilter/ipvs/Makefile linux/net/netfilter/ipvs/Makefile
+--- v2.6.28/linux/net/netfilter/ipvs/Makefile 2008-12-25 10:12:26.000000000 +0200
++++ linux/net/netfilter/ipvs/Makefile 2008-12-26 12:36:38.000000000 +0200
+@@ -8,10 +8,13 @@ ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_TC
ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_UDP) += ip_vs_proto_udp.o
ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_AH_ESP) += ip_vs_proto_ah_esp.o
-
+
+ip_vs-extra_objs-y :=
+ip_vs-extra_objs-$(CONFIG_IP_VS_NFCT) += ip_vs_nfct.o
+
@@ -109,10 +110,10 @@
# IPVS core
-diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_conn.c linux/net/netfilter/ipvs/ip_vs_conn.c
---- v2.6.27/linux/net/netfilter/ipvs/ip_vs_conn.c 2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/netfilter/ipvs/ip_vs_conn.c 2008-10-11 14:19:27.000000000 +0300
-@@ -591,6 +591,11 @@ static void ip_vs_conn_expire(unsigned l
+diff -urNp v2.6.28/linux/net/netfilter/ipvs/ip_vs_conn.c linux/net/netfilter/ipvs/ip_vs_conn.c
+--- v2.6.28/linux/net/netfilter/ipvs/ip_vs_conn.c 2008-12-25 10:12:26.000000000 +0200
++++ linux/net/netfilter/ipvs/ip_vs_conn.c 2008-12-26 12:38:15.000000000 +0200
+@@ -642,6 +642,11 @@ static void ip_vs_conn_expire(unsigned l
if (cp->control)
ip_vs_control_del(cp);
@@ -124,10 +125,28 @@
if (unlikely(cp->app != NULL))
ip_vs_unbind_app(cp);
ip_vs_unbind_dest(cp);
-diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_core.c linux/net/netfilter/ipvs/ip_vs_core.c
---- v2.6.27/linux/net/netfilter/ipvs/ip_vs_core.c 2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/netfilter/ipvs/ip_vs_core.c 2008-10-11 14:19:27.000000000 +0300
-@@ -890,6 +893,15 @@
+diff -urNp v2.6.28/linux/net/netfilter/ipvs/ip_vs_core.c linux/net/netfilter/ipvs/ip_vs_core.c
+--- v2.6.28/linux/net/netfilter/ipvs/ip_vs_core.c 2008-12-25 10:12:26.000000000 +0200
++++ linux/net/netfilter/ipvs/ip_vs_core.c 2008-12-26 18:21:56.000000000 +0200
+@@ -869,13 +869,16 @@ static inline int is_tcp_reset(const str
+ */
+ static unsigned int
+ handle_response(int af, struct sk_buff *skb, struct ip_vs_protocol *pp,
+- struct ip_vs_conn *cp, int ihl)
++ struct ip_vs_conn *cp, int ihl, unsigned int hooknum)
+ {
+ IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet");
+
+ if (!skb_make_writable(skb, ihl))
+ goto drop;
+
++ if (AF_INET == af && !ip_vs_confirm_conntrack(skb, cp, hooknum))
++ goto out;
++
+ /* mangle the packet */
+ if (pp->snat_handler && !pp->snat_handler(skb, pp, cp))
+ goto drop;
+@@ -890,6 +893,15 @@ handle_response(int af, struct sk_buff *
ip_send_check(ip_hdr(skb));
}
@@ -143,16 +162,17 @@
/* For policy routing, packets originating from this
* machine itself may be routed differently to packets
* passing through. We want this packet to be routed as
-@@ -902,7 +914,7 @@
+@@ -902,7 +914,8 @@ handle_response(int af, struct sk_buff *
goto drop;
} else
#endif
- if (ip_route_me_harder(skb, RTN_LOCAL) != 0)
-+ if (sysctl_ip_vs_snat_reroute && ip_route_me_harder(skb, RTN_LOCAL) != 0)
++ if (sysctl_ip_vs_snat_reroute &&
++ ip_route_me_harder(skb, RTN_LOCAL) != 0)
goto drop;
IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
-@@ -786,8 +800,11 @@ ip_vs_out(unsigned int hooknum, struct s
+@@ -917,8 +930,11 @@ handle_response(int af, struct sk_buff *
return NF_ACCEPT;
drop:
@@ -165,10 +185,43 @@
return NF_STOLEN;
}
-diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_ctl.c linux/net/netfilter/ipvs/ip_vs_ctl.c
---- v2.6.27/linux/net/netfilter/ipvs/ip_vs_ctl.c 2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/netfilter/ipvs/ip_vs_ctl.c 2008-10-11 14:19:27.000000000 +0300
-@@ -79,6 +79,10 @@ int sysctl_ip_vs_expire_nodest_conn = 0;
+@@ -958,8 +974,13 @@ ip_vs_out(unsigned int hooknum, struct s
+ if (unlikely(iph.protocol == IPPROTO_ICMP)) {
+ int related, verdict = ip_vs_out_icmp(skb, &related);
+
+- if (related)
++ if (related) {
++ if (sysctl_ip_vs_snat_reroute &&
++ NF_ACCEPT == verdict &&
++ ip_route_me_harder(skb, RTN_LOCAL))
++ verdict = NF_DROP;
+ return verdict;
++ }
+ ip_vs_fill_iphdr(af, skb_network_header(skb), &iph);
+ }
+
+@@ -1033,7 +1054,7 @@ ip_vs_out(unsigned int hooknum, struct s
+ return NF_ACCEPT;
+ }
+
+- return handle_response(af, skb, pp, cp, iph.len);
++ return handle_response(af, skb, pp, cp, iph.len, hooknum);
+ }
+
+
+@@ -1298,7 +1319,7 @@ ip_vs_in(unsigned int hooknum, struct sk
+ /* For local client packets, it could be a response */
+ cp = pp->conn_out_get(af, skb, pp, &iph, iph.len, 0);
+ if (cp)
+- return handle_response(af, skb, pp, cp, iph.len);
++ return handle_response(af, skb, pp, cp, iph.len, hooknum);
+
+ if (!pp->conn_schedule(af, skb, pp, &v, &cp))
+ return v;
+diff -urNp v2.6.28/linux/net/netfilter/ipvs/ip_vs_ctl.c linux/net/netfilter/ipvs/ip_vs_ctl.c
+--- v2.6.28/linux/net/netfilter/ipvs/ip_vs_ctl.c 2008-12-25 10:12:26.000000000 +0200
++++ linux/net/netfilter/ipvs/ip_vs_ctl.c 2008-12-26 17:18:35.000000000 +0200
+@@ -84,6 +84,10 @@ int sysctl_ip_vs_expire_nodest_conn = 0;
int sysctl_ip_vs_expire_quiescent_template = 0;
int sysctl_ip_vs_sync_threshold[2] = { 3, 50 };
int sysctl_ip_vs_nat_icmp_send = 0;
@@ -179,7 +232,7 @@
#ifdef CONFIG_IP_VS_DEBUG
-@@ -1457,6 +1461,15 @@ static struct ctl_table vs_vars[] = {
+@@ -1575,6 +1579,15 @@ static struct ctl_table vs_vars[] = {
.mode = 0644,
.proc_handler = &proc_dointvec,
},
@@ -195,7 +248,7 @@
{
.procname = "drop_entry",
.data = &sysctl_ip_vs_drop_entry,
-@@ -1478,6 +1491,13 @@ static struct ctl_table vs_vars[] = {
+@@ -1596,6 +1609,13 @@ static struct ctl_table vs_vars[] = {
.mode = 0644,
.proc_handler = &proc_do_defense_mode,
},
@@ -209,10 +262,10 @@
#if 0
{
.procname = "timeout_established",
-diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_ftp.c linux/net/netfilter/ipvs/ip_vs_ftp.c
---- v2.6.27/linux/net/netfilter/ipvs/ip_vs_ftp.c 2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/netfilter/ipvs/ip_vs_ftp.c 2008-10-11 14:19:27.000000000 +0300
-@@ -193,6 +193,11 @@ static int ip_vs_ftp_out(struct ip_vs_ap
+diff -urNp v2.6.28/linux/net/netfilter/ipvs/ip_vs_ftp.c linux/net/netfilter/ipvs/ip_vs_ftp.c
+--- v2.6.28/linux/net/netfilter/ipvs/ip_vs_ftp.c 2008-12-25 10:12:26.000000000 +0200
++++ linux/net/netfilter/ipvs/ip_vs_ftp.c 2008-12-26 17:21:25.000000000 +0200
+@@ -202,6 +202,11 @@ static int ip_vs_ftp_out(struct ip_vs_ap
ip_vs_control_add(n_cp, cp);
}
@@ -224,7 +277,7 @@
/*
* Replace the old passive address with the new one
*/
-@@ -325,6 +330,11 @@ static int ip_vs_ftp_in(struct ip_vs_app
+@@ -342,6 +347,11 @@ static int ip_vs_ftp_in(struct ip_vs_app
ip_vs_control_add(n_cp, cp);
}
@@ -236,9 +289,9 @@
/*
* Move tunnel to listen state
*/
-diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_nfct.c linux/net/netfilter/ipvs/ip_vs_nfct.c
---- v2.6.27/linux/net/netfilter/ipvs/ip_vs_nfct.c 1970-01-01 02:00:00.000000000 +0200
-+++ linux/net/netfilter/ipvs/ip_vs_nfct.c 2008-10-11 14:19:27.000000000 +0300
+diff -urNp v2.6.28/linux/net/netfilter/ipvs/ip_vs_nfct.c linux/net/netfilter/ipvs/ip_vs_nfct.c
+--- v2.6.28/linux/net/netfilter/ipvs/ip_vs_nfct.c 1970-01-01 02:00:00.000000000 +0200
++++ linux/net/netfilter/ipvs/ip_vs_nfct.c 2008-12-26 18:35:40.000000000 +0200
@@ -0,0 +1,386 @@
+/*
+ * ip_vs_nfct.c: Netfilter connection tracking support for IPVS
@@ -372,7 +425,7 @@
+ new_reply = (struct nf_conntrack_tuple) {
+ .dst = { .protonum = iph->protocol, .dir = IP_CT_DIR_REPLY }};
+
-+ new_reply.src.u3.ip = cp->daddr;
++ new_reply.src.u3 = cp->daddr;
+ new_reply.src.u.tcp.port = cp->dport;
+ new_reply.src.l3num = PF_INET;
+ new_reply.dst.u3.ip = iph->saddr;
@@ -475,9 +528,9 @@
+
+ /* RS->CLIENT */
+ orig = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
-+ cp = ip_vs_conn_out_get(orig->dst.protonum,
-+ orig->src.u3.ip, orig->src.u.tcp.port,
-+ orig->dst.u3.ip, orig->dst.u.tcp.port);
++ cp = ip_vs_conn_out_get(exp->tuple.src.l3num, orig->dst.protonum,
++ &orig->src.u3, orig->src.u.tcp.port,
++ &orig->dst.u3, orig->dst.u.tcp.port);
+ if (cp) {
+ /* Change reply CLIENT->RS to CLIENT->VS */
+ new_reply = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
@@ -486,7 +539,7 @@
+ __FUNCTION__, ct, ct->status,
+ ARG_TUPLE(orig), ARG_TUPLE(&new_reply),
+ ARG_CONN(cp));
-+ new_reply.dst.u3.ip = cp->vaddr;
++ new_reply.dst.u3 = cp->vaddr;
+ new_reply.dst.u.tcp.port = cp->vport;
+ IP_VS_DBG(7, "%s: ct=%p, new tuples=" FMT_TUPLE ", " FMT_TUPLE
+ ", inout cp=" FMT_CONN "\n",
@@ -497,9 +550,9 @@
+ }
+
+ /* CLIENT->VS */
-+ cp = ip_vs_conn_in_get(orig->dst.protonum,
-+ orig->src.u3.ip, orig->src.u.tcp.port,
-+ orig->dst.u3.ip, orig->dst.u.tcp.port);
++ cp = ip_vs_conn_in_get(exp->tuple.src.l3num, orig->dst.protonum,
++ &orig->src.u3, orig->src.u.tcp.port,
++ &orig->dst.u3, orig->dst.u.tcp.port);
+ if (cp) {
+ /* Change reply VS->CLIENT to RS->CLIENT */
+ new_reply = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
@@ -508,7 +561,7 @@
+ __FUNCTION__, ct, ct->status,
+ ARG_TUPLE(orig), ARG_TUPLE(&new_reply),
+ ARG_CONN(cp));
-+ new_reply.src.u3.ip = cp->daddr;
++ new_reply.src.u3 = cp->daddr;
+ new_reply.src.u.tcp.port = cp->dport;
+ IP_VS_DBG(7, "%s: ct=%p, new tuples=" FMT_TUPLE ", " FMT_TUPLE
+ ", outin cp=" FMT_CONN "\n",
@@ -566,12 +619,12 @@
+ e->mask.src.u.all = port? 0xffff : 0;
+
+ if (from_rs) {
-+ e->tuple.src.u3.ip = cp->daddr;
-+ e->tuple.dst.u3.ip = cp->caddr;
++ e->tuple.src.u3 = cp->daddr;
++ e->tuple.dst.u3 = cp->caddr;
+ e->tuple.dst.u.tcp.port = cp->cport;
+ } else {
-+ e->tuple.src.u3.ip = cp->caddr;
-+ e->tuple.dst.u3.ip = cp->vaddr;
++ e->tuple.src.u3 = cp->caddr;
++ e->tuple.dst.u3 = cp->vaddr;
+ e->tuple.dst.u.tcp.port = cp->vport;
+ }
+
@@ -595,17 +648,17 @@
+
+ tuple = (struct nf_conntrack_tuple) {
+ .dst = { .protonum = cp->protocol, .dir = IP_CT_DIR_ORIGINAL } };
-+ tuple.src.u3.ip = cp->caddr;
++ tuple.src.u3 = cp->caddr;
+ tuple.src.u.all = cp->cport;
+ tuple.src.l3num = PF_INET;
-+ tuple.dst.u3.ip = cp->vaddr;
++ tuple.dst.u3 = cp->vaddr;
+ tuple.dst.u.all = cp->vport;
+
+ IP_VS_DBG(7, "%s: dropping conntrack with tuple=" FMT_TUPLE
+ " for conn " FMT_CONN "\n",
+ __FUNCTION__, ARG_TUPLE(&tuple), ARG_CONN(cp));
+
-+ h = nf_conntrack_find_get(&tuple);
++ h = nf_conntrack_find_get(&init_net, &tuple);
+ if (h) {
+ ct = nf_ct_tuplehash_to_ctrack(h);
+ if (del_timer(&ct->timeout)) {
@@ -626,18 +679,10 @@
+ }
+}
+
-diff -urNp v2.6.27/linux/net/netfilter/ipvs/ip_vs_xmit.c linux/net/netfilter/ipvs/ip_vs_xmit.c
---- v2.6.27/linux/net/netfilter/ipvs/ip_vs_xmit.c 2008-10-11 12:46:16.000000000 +0300
-+++ linux/net/netfilter/ipvs/ip_vs_xmit.c 2008-10-11 14:19:27.000000000 +0300
-@@ -139,7 +139,6 @@ int
- ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
- struct ip_vs_protocol *pp)
- {
-- /* we do not touch skb and do not need pskb ptr */
- return NF_ACCEPT;
- }
-
-@@ -197,6 +196,9 @@ ip_vs_bypass_xmit(struct sk_buff *skb, s
+diff -urNp v2.6.28/linux/net/netfilter/ipvs/ip_vs_xmit.c linux/net/netfilter/ipvs/ip_vs_xmit.c
+--- v2.6.28/linux/net/netfilter/ipvs/ip_vs_xmit.c 2008-12-25 10:12:26.000000000 +0200
++++ linux/net/netfilter/ipvs/ip_vs_xmit.c 2008-12-26 17:31:51.000000000 +0200
+@@ -265,6 +265,9 @@ ip_vs_bypass_xmit(struct sk_buff *skb, s
dst_release(skb->dst);
skb->dst = &rt->u.dst;
@@ -647,7 +692,7 @@
/* Another hack: avoid icmp_send in ip_fragment */
skb->local_df = 1;
-@@ -209,6 +211,7 @@ ip_vs_bypass_xmit(struct sk_buff *skb, s
+@@ -277,6 +280,7 @@ ip_vs_bypass_xmit(struct sk_buff *skb, s
dst_link_failure(skb);
tx_error:
kfree_skb(skb);
@@ -655,7 +700,7 @@
LeaveFunction(10);
return NF_STOLEN;
}
-@@ -261,6 +264,9 @@ ip_vs_nat_xmit(struct sk_buff *skb, stru
+@@ -393,6 +397,9 @@ ip_vs_nat_xmit(struct sk_buff *skb, stru
dst_release(skb->dst);
skb->dst = &rt->u.dst;
@@ -665,7 +710,7 @@
/* mangle the packet */
if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
goto tx_error;
-@@ -284,8 +290,9 @@ ip_vs_nat_xmit(struct sk_buff *skb, stru
+@@ -416,8 +423,9 @@ ip_vs_nat_xmit(struct sk_buff *skb, stru
tx_error_icmp:
dst_link_failure(skb);
tx_error:
@@ -676,7 +721,7 @@
return NF_STOLEN;
tx_error_put:
ip_rt_put(rt);
-@@ -384,14 +391,17 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, s
+@@ -593,14 +601,17 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, s
/* fix old IP header checksum */
ip_send_check(old_iph);
@@ -698,7 +743,7 @@
/*
* Push down and install the IPIP header.
*/
-@@ -419,6 +429,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, s
+@@ -628,6 +639,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, s
dst_link_failure(skb);
tx_error:
kfree_skb(skb);
@@ -706,7 +751,7 @@
LeaveFunction(10);
return NF_STOLEN;
}
-@@ -464,6 +475,9 @@ ip_vs_dr_xmit(struct sk_buff *skb, struc
+@@ -780,6 +792,9 @@ ip_vs_dr_xmit(struct sk_buff *skb, struc
dst_release(skb->dst);
skb->dst = &rt->u.dst;
@@ -716,7 +761,7 @@
/* Another hack: avoid icmp_send in ip_fragment */
skb->local_df = 1;
-@@ -476,6 +490,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struc
+@@ -792,6 +807,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struc
dst_link_failure(skb);
tx_error:
kfree_skb(skb);
@@ -724,7 +769,7 @@
LeaveFunction(10);
return NF_STOLEN;
}
-@@ -535,6 +550,8 @@ ip_vs_icmp_xmit(struct sk_buff *skb, str
+@@ -905,6 +921,8 @@ ip_vs_icmp_xmit(struct sk_buff *skb, str
dst_release(skb->dst);
skb->dst = &rt->u.dst;
@@ -733,5 +778,3 @@
ip_vs_nat_icmp(skb, pp, cp, 0);
/* Another hack: avoid icmp_send in ip_fragment */
---- ip_vs_core.c~ 2008-12-25 18:30:56.000000000 +0100
-+++ ip_vs_core.c 2008-12-25 18:30:30.000000000 +0100
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-ipvs-nfct.patch?r1=1.1.4.6&r2=1.1.4.7&f=u
More information about the pld-cvs-commit
mailing list