On Tuesday 2009-04-28 12:59, Simon Horman wrote:
>>>
>>>union nf_inet_addr fwmark = {
>>> .all = { 0, 0, 0, htonl(svc->fwmark) }
>>>};
>[said something about cp->af...]
It does not make sense to use AF_INE with some address as unreal
as {0,0,0,fwmark}, just BTW.
>> > If you use ->all, then using NFPROTO_UNSPEC as af
>> > seems to me like a good match.
>
>I am guessing that AF_UNSPEC is more appropriate than NFPROTO_UNSPEC.
>Please correct me if I am wrong.
Whatever. You could even use AF_INET6 to mean "take the ipv4 part
of nf_inet_addr", and AF_INET to "take the ipv6 part". The mapping
is on you, so to speak.
Since you are dealing with an *nf*_inet_addr, using *NF*PROTO_ seemed
the closest thing.
>The following patch expresses these ideas as they crrently stand.
>Fabien, is it possible for you to test this?
>
>Index: net-next-2.6/net/netfilter/ipvs/ip_vs_conn.c
>===================================================================
>--- net-next-2.6.orig/net/netfilter/ipvs/ip_vs_conn.c 2009-04-28 20:37:48.000000000 +1000
>+++ net-next-2.6/net/netfilter/ipvs/ip_vs_conn.c 2009-04-28 20:37:51.000000000 +1000
>@@ -260,7 +260,10 @@ struct ip_vs_conn *ip_vs_ct_in_get
> list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
> if (cp->af == af &&
> ip_vs_addr_equal(af, s_addr, &cp->caddr) &&
>- ip_vs_addr_equal(af, d_addr, &cp->vaddr) &&
>+ /* protocol should only be IPPROTO_IP if
>+ * d_addr is a fwmark */
>+ ip_vs_addr_equal(protocol == IPPROTO_IP ? AF_UNSPEC : af,
>+ d_addr, &cp->vaddr) &&
What about IPPROTO_IPV6?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
