netfilter: xt_ipvs (netfilter matcher for IPVS)
in [Kernel]
|
From: Patrick McHardy on 6 Jul 2010 07:40 Simon Horman wrote: > From: Hannes Eder <heder(a)google.com> > > This implements the kernel-space side of the netfilter matcher xt_ipvs. > > @@ -0,0 +1,25 @@ > +#ifndef _XT_IPVS_H > +#define _XT_IPVS_H > + > +#define XT_IPVS_IPVS_PROPERTY (1 << 0) /* all other options imply this one */ > +#define XT_IPVS_PROTO (1 << 1) > +#define XT_IPVS_VADDR (1 << 2) > +#define XT_IPVS_VPORT (1 << 3) > +#define XT_IPVS_DIR (1 << 4) > +#define XT_IPVS_METHOD (1 << 5) > +#define XT_IPVS_VPORTCTL (1 << 6) > +#define XT_IPVS_MASK ((1 << 7) - 1) > +#define XT_IPVS_ONCE_MASK (XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY) > + > +struct xt_ipvs_mtinfo { > + union nf_inet_addr vaddr, vmask; > + __be16 vport; > + __u16 l4proto; > + __u16 fwd_method; > It seems you could use __u8 for both l4proto and fwd_method and reduce the match size by 2 bytes. > + __be16 vportctl; > + > + __u8 invert; > + __u8 bitmask; > +}; > +static bool > +ipvs_mt(const struct sk_buff *skb, struct xt_action_param *par) > +... > > + if (data->bitmask & XT_IPVS_DIR) { > + enum ip_conntrack_info ctinfo; > + struct nf_conn *ct = nf_ct_get(skb, &ctinfo); > + > + if (ct == NULL || ct == &nf_conntrack_untracked) { > We're using per-cpu structures for nf_conntrack_untracked in the current net-next/nf-next tree, so this doesn't work anymore. You need to use nf_ct_is_untracked() instead. > + match = false; > + goto out_put_cp; > + } -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Patrick McHardy on 23 Jul 2010 06:50 Am 22.07.2010 09:35, schrieb Simon Horman: > From: Hannes Eder <heder(a)google.com> > > This implements the kernel-space side of the netfilter matcher xt_ipvs. > > [ minor fixes by Simon Horman <horms(a)verge.net.au> ] > Signed-off-by: Hannes Eder <heder(a)google.com> > Signed-off-by: Simon Horman <horms(a)verge.net.au> > > --- > > include/linux/netfilter/xt_ipvs.h | 27 ++++ > net/netfilter/Kconfig | 10 + > net/netfilter/Makefile | 1 > net/netfilter/ipvs/ip_vs_proto.c | 1 > net/netfilter/xt_ipvs.c | 189 +++++++++++++++++++++++++++++++++++++ I added xt_ipvs.h to Kbuild and applied the patch, thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
|
Pages: 1 Prev: IPVS: make friends with nf_conntrack Next: IPVS: make FTP work with full NAT support |