Hi Simon, There is a show stopper for IPv6 in this patch. ip_vs_conn_fill_param() doesn't handle IPv6. On Monday 04 October 2010 15:46:28 Simon Horman wrote: > Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx> > Acked-by: Julian Anastasov <ja@xxxxxx> > > --- > > The motivation for this is to allow persistence engine modules to > fill in the parameters. > > v0.3 > * Add missing changes to ip_vs_ftp.c > > v2 > * make "union nf_inet_addr fwmark" const > * Update for the recent addition of ip_vs_nfct.c > > v3 > * As suggested by Julian Anastasov > - Correct logic for inverse case in ip_vs_conn_fill_param_proto() > and ah_esp_conn_fill_param_proto() > - Update ip_vs_conn_out_get()'s comments as its parameters have changed > - Add missing call to ip_vs_conn_fill_param() before the second > invocation of ip_vs_conn_new() in ip_vs_sched_persist() > * Trivial re-diff > > v4 > * As suggested by Julian Anastasov > - Fix logic in ip_vs_conn_out_get_proto() > + An error occurs if ip_vs_conn_fill_param_proto is non-zero, > not if it is zero > v5+ * IPv6 addr copy in ip_vs_conn_fill_param() > Index: lvs-test-2.6/include/net/ip_vs.h > =================================================================== > --- lvs-test-2.6.orig/include/net/ip_vs.h 2010-10-04 17:00:28.000000000 +0900 > +++ lvs-test-2.6/include/net/ip_vs.h 2010-10-04 17:49:20.000000000 +0900 > @@ -357,6 +357,15 @@ struct ip_vs_protocol { > > extern struct ip_vs_protocol * ip_vs_proto_get(unsigned short proto); > > +struct ip_vs_conn_param { > + const union nf_inet_addr *caddr; > + const union nf_inet_addr *vaddr; > + __be16 cport; > + __be16 vport; > + __u16 protocol; > + u16 af; > +}; > + > /* > * IP_VS structure allocated for each dynamically scheduled connection > */ > @@ -626,13 +635,23 @@ enum { > IP_VS_DIR_LAST, > }; > > -extern struct ip_vs_conn *ip_vs_conn_in_get > -(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port, > - const union nf_inet_addr *d_addr, __be16 d_port); > - > -extern struct ip_vs_conn *ip_vs_ct_in_get > -(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port, > - const union nf_inet_addr *d_addr, __be16 d_port); > +static inline void ip_vs_conn_fill_param(int af, int protocol, > + const union nf_inet_addr *caddr, > + __be16 cport, > + const union nf_inet_addr *vaddr, > + __be16 vport, > + struct ip_vs_conn_param *p) > +{ > + p->af = af; > + p->protocol = protocol; #ifdef CONFIG_IP_VS_IPV6 if (af == AF_INET6) { ipv6_addr_copy(&p->caddr, caddr); ipv6_addr_copy(&p->caddr, caddr); } else #else } p->caddr = caddr; p->vaddr = vaddr; } +#endif > + p->caddr = caddr; remove line above > + p->cport = cport; > + p->vaddr = vaddr; > + p->vport = vport; remove line above > +} > + > +struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p); > +struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p); > > struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb, > struct ip_vs_protocol *pp, > @@ -640,9 +659,7 @@ struct ip_vs_conn * ip_vs_conn_in_get_pr > unsigned int proto_off, > int inverse); > > -extern struct ip_vs_conn *ip_vs_conn_out_get > -(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port, > - const union nf_inet_addr *d_addr, __be16 d_port); > +struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p); > > struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb, > struct ip_vs_protocol *pp, > @@ -658,11 +675,10 @@ static inline void __ip_vs_conn_put(stru > extern void ip_vs_conn_put(struct ip_vs_conn *cp); > extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport); > > -extern struct ip_vs_conn * > -ip_vs_conn_new(int af, int proto, const union nf_inet_addr *caddr, __be16 cport, > - const union nf_inet_addr *vaddr, __be16 vport, > - const union nf_inet_addr *daddr, __be16 dport, unsigned flags, > - struct ip_vs_dest *dest); > +struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p, > + const union nf_inet_addr *daddr, > + __be16 dport, unsigned flags, > + struct ip_vs_dest *dest); > extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp); > > extern const char * ip_vs_state_name(__u16 proto, int state); > Index: lvs-test-2.6/net/netfilter/ipvs/ip_vs_conn.c > =================================================================== > --- lvs-test-2.6.orig/net/netfilter/ipvs/ip_vs_conn.c 2010-10-04 17:00:28.000000000 +0900 > +++ lvs-test-2.6/net/netfilter/ipvs/ip_vs_conn.c 2010-10-04 17:49:20.000000000 +0900 > @@ -218,27 +218,26 @@ static inline int ip_vs_conn_unhash(stru > /* > * Gets ip_vs_conn associated with supplied parameters in the ip_vs_conn_tab. > * Called for pkts coming from OUTside-to-INside. > - * s_addr, s_port: pkt source address (foreign host) > - * d_addr, d_port: pkt dest address (load balancer) > + * p->caddr, p->cport: pkt source address (foreign host) > + * p->vaddr, p->vport: pkt dest address (load balancer) > */ > -static inline struct ip_vs_conn *__ip_vs_conn_in_get > -(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port, > - const union nf_inet_addr *d_addr, __be16 d_port) > +static inline struct ip_vs_conn * > +__ip_vs_conn_in_get(const struct ip_vs_conn_param *p) > { > unsigned hash; > struct ip_vs_conn *cp; > > - hash = ip_vs_conn_hashkey(af, protocol, s_addr, s_port); > + hash = ip_vs_conn_hashkey(p->af, p->protocol, p->caddr, p->cport); > > ct_read_lock(hash); > > list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { > - if (cp->af == af && > - ip_vs_addr_equal(af, s_addr, &cp->caddr) && > - ip_vs_addr_equal(af, d_addr, &cp->vaddr) && > - s_port == cp->cport && d_port == cp->vport && > - ((!s_port) ^ (!(cp->flags & IP_VS_CONN_F_NO_CPORT))) && > - protocol == cp->protocol) { > + if (cp->af == p->af && > + ip_vs_addr_equal(p->af, p->caddr, &cp->caddr) && > + ip_vs_addr_equal(p->af, p->vaddr, &cp->vaddr) && > + p->cport == cp->cport && p->vport == cp->vport && > + ((!p->cport) ^ (!(cp->flags & IP_VS_CONN_F_NO_CPORT))) && > + p->protocol == cp->protocol) { > /* HIT */ > atomic_inc(&cp->refcnt); > ct_read_unlock(hash); > @@ -251,71 +250,82 @@ static inline struct ip_vs_conn *__ip_vs > return NULL; > } > > -struct ip_vs_conn *ip_vs_conn_in_get > -(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port, > - const union nf_inet_addr *d_addr, __be16 d_port) > +struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p) > { > struct ip_vs_conn *cp; > > - cp = __ip_vs_conn_in_get(af, protocol, s_addr, s_port, d_addr, d_port); > - if (!cp && atomic_read(&ip_vs_conn_no_cport_cnt)) > - cp = __ip_vs_conn_in_get(af, protocol, s_addr, 0, d_addr, > - d_port); > + cp = __ip_vs_conn_in_get(p); > + if (!cp && atomic_read(&ip_vs_conn_no_cport_cnt)) { > + struct ip_vs_conn_param cport_zero_p = *p; > + cport_zero_p.cport = 0; > + cp = __ip_vs_conn_in_get(&cport_zero_p); > + } > > IP_VS_DBG_BUF(9, "lookup/in %s %s:%d->%s:%d %s\n", > - ip_vs_proto_name(protocol), > - IP_VS_DBG_ADDR(af, s_addr), ntohs(s_port), > - IP_VS_DBG_ADDR(af, d_addr), ntohs(d_port), > + ip_vs_proto_name(p->protocol), > + IP_VS_DBG_ADDR(p->af, p->caddr), ntohs(p->cport), > + IP_VS_DBG_ADDR(p->af, p->vaddr), ntohs(p->vport), > cp ? "hit" : "not hit"); > > return cp; > } > > +static int > +ip_vs_conn_fill_param_proto(int af, const struct sk_buff *skb, > + const struct ip_vs_iphdr *iph, > + unsigned int proto_off, int inverse, > + struct ip_vs_conn_param *p) > +{ > + __be16 _ports[2], *pptr; > + > + pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports); > + if (pptr == NULL) > + return 1; > + > + if (likely(!inverse)) > + ip_vs_conn_fill_param(af, iph->protocol, &iph->saddr, pptr[0], > + &iph->daddr, pptr[1], p); > + else > + ip_vs_conn_fill_param(af, iph->protocol, &iph->daddr, pptr[1], > + &iph->saddr, pptr[0], p); > + return 0; > +} > + > struct ip_vs_conn * > ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb, > struct ip_vs_protocol *pp, > const struct ip_vs_iphdr *iph, > unsigned int proto_off, int inverse) > { > - __be16 _ports[2], *pptr; > + struct ip_vs_conn_param p; > > - pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports); > - if (pptr == NULL) > + if (ip_vs_conn_fill_param_proto(af, skb, iph, proto_off, inverse, &p)) > return NULL; > > - if (likely(!inverse)) > - return ip_vs_conn_in_get(af, iph->protocol, > - &iph->saddr, pptr[0], > - &iph->daddr, pptr[1]); > - else > - return ip_vs_conn_in_get(af, iph->protocol, > - &iph->daddr, pptr[1], > - &iph->saddr, pptr[0]); > + return ip_vs_conn_in_get(&p); > } > EXPORT_SYMBOL_GPL(ip_vs_conn_in_get_proto); > > /* Get reference to connection template */ > -struct ip_vs_conn *ip_vs_ct_in_get > -(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port, > - const union nf_inet_addr *d_addr, __be16 d_port) > +struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p) > { > unsigned hash; > struct ip_vs_conn *cp; > > - hash = ip_vs_conn_hashkey(af, protocol, s_addr, s_port); > + hash = ip_vs_conn_hashkey(p->af, p->protocol, p->caddr, p->cport); > > ct_read_lock(hash); > > list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { > - if (cp->af == af && > - ip_vs_addr_equal(af, s_addr, &cp->caddr) && > + if (cp->af == p->af && > + ip_vs_addr_equal(p->af, p->caddr, &cp->caddr) && > /* protocol should only be IPPROTO_IP if > - * d_addr is a fwmark */ > - ip_vs_addr_equal(protocol == IPPROTO_IP ? AF_UNSPEC : af, > - d_addr, &cp->vaddr) && > - s_port == cp->cport && d_port == cp->vport && > + * p->vaddr is a fwmark */ > + ip_vs_addr_equal(p->protocol == IPPROTO_IP ? AF_UNSPEC : > + p->af, p->vaddr, &cp->vaddr) && > + p->cport == cp->cport && p->vport == cp->vport && > cp->flags & IP_VS_CONN_F_TEMPLATE && > - protocol == cp->protocol) { > + p->protocol == cp->protocol) { > /* HIT */ > atomic_inc(&cp->refcnt); > goto out; > @@ -327,23 +337,19 @@ struct ip_vs_conn *ip_vs_ct_in_get > ct_read_unlock(hash); > > IP_VS_DBG_BUF(9, "template lookup/in %s %s:%d->%s:%d %s\n", > - ip_vs_proto_name(protocol), > - IP_VS_DBG_ADDR(af, s_addr), ntohs(s_port), > - IP_VS_DBG_ADDR(af, d_addr), ntohs(d_port), > + ip_vs_proto_name(p->protocol), > + IP_VS_DBG_ADDR(p->af, p->caddr), ntohs(p->cport), > + IP_VS_DBG_ADDR(p->af, p->vaddr), ntohs(p->vport), > cp ? "hit" : "not hit"); > > return cp; > } > > -/* > - * Gets ip_vs_conn associated with supplied parameters in the ip_vs_conn_tab. > - * Called for pkts coming from inside-to-OUTside. > - * s_addr, s_port: pkt source address (inside host) > - * d_addr, d_port: pkt dest address (foreign host) > - */ > -struct ip_vs_conn *ip_vs_conn_out_get > -(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port, > - const union nf_inet_addr *d_addr, __be16 d_port) > +/* Gets ip_vs_conn associated with supplied parameters in the ip_vs_conn_tab. > + * Called for pkts coming from inside-to-OUTside. > + * p->caddr, p->cport: pkt source address (inside host) > + * p->vaddr, p->vport: pkt dest address (foreign host) */ > +struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p) > { > unsigned hash; > struct ip_vs_conn *cp, *ret=NULL; > @@ -351,16 +357,16 @@ struct ip_vs_conn *ip_vs_conn_out_get > /* > * Check for "full" addressed entries > */ > - hash = ip_vs_conn_hashkey(af, protocol, d_addr, d_port); > + hash = ip_vs_conn_hashkey(p->af, p->protocol, p->vaddr, p->vport); > > ct_read_lock(hash); > > list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { > - if (cp->af == af && > - ip_vs_addr_equal(af, d_addr, &cp->caddr) && > - ip_vs_addr_equal(af, s_addr, &cp->daddr) && > - d_port == cp->cport && s_port == cp->dport && > - protocol == cp->protocol) { > + if (cp->af == p->af && > + ip_vs_addr_equal(p->af, p->vaddr, &cp->caddr) && > + ip_vs_addr_equal(p->af, p->caddr, &cp->daddr) && > + p->vport == cp->cport && p->cport == cp->dport && > + p->protocol == cp->protocol) { > /* HIT */ > atomic_inc(&cp->refcnt); > ret = cp; > @@ -371,9 +377,9 @@ struct ip_vs_conn *ip_vs_conn_out_get > ct_read_unlock(hash); > > IP_VS_DBG_BUF(9, "lookup/out %s %s:%d->%s:%d %s\n", > - ip_vs_proto_name(protocol), > - IP_VS_DBG_ADDR(af, s_addr), ntohs(s_port), > - IP_VS_DBG_ADDR(af, d_addr), ntohs(d_port), > + ip_vs_proto_name(p->protocol), > + IP_VS_DBG_ADDR(p->af, p->caddr), ntohs(p->cport), > + IP_VS_DBG_ADDR(p->af, p->vaddr), ntohs(p->vport), > ret ? "hit" : "not hit"); > > return ret; > @@ -385,20 +391,12 @@ ip_vs_conn_out_get_proto(int af, const s > const struct ip_vs_iphdr *iph, > unsigned int proto_off, int inverse) > { > - __be16 _ports[2], *pptr; > + struct ip_vs_conn_param p; > > - pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports); > - if (pptr == NULL) > + if (ip_vs_conn_fill_param_proto(af, skb, iph, proto_off, inverse, &p)) > return NULL; > > - if (likely(!inverse)) > - return ip_vs_conn_out_get(af, iph->protocol, > - &iph->saddr, pptr[0], > - &iph->daddr, pptr[1]); > - else > - return ip_vs_conn_out_get(af, iph->protocol, > - &iph->daddr, pptr[1], > - &iph->saddr, pptr[0]); > + return ip_vs_conn_out_get(&p); > } > EXPORT_SYMBOL_GPL(ip_vs_conn_out_get_proto); > > @@ -758,13 +756,12 @@ void ip_vs_conn_expire_now(struct ip_vs_ > * Create a new connection entry and hash it into the ip_vs_conn_tab > */ > struct ip_vs_conn * > -ip_vs_conn_new(int af, int proto, const union nf_inet_addr *caddr, __be16 cport, > - const union nf_inet_addr *vaddr, __be16 vport, > +ip_vs_conn_new(const struct ip_vs_conn_param *p, > const union nf_inet_addr *daddr, __be16 dport, unsigned flags, > struct ip_vs_dest *dest) > { > struct ip_vs_conn *cp; > - struct ip_vs_protocol *pp = ip_vs_proto_get(proto); > + struct ip_vs_protocol *pp = ip_vs_proto_get(p->protocol); > > cp = kmem_cache_zalloc(ip_vs_conn_cachep, GFP_ATOMIC); > if (cp == NULL) { > @@ -774,14 +771,14 @@ ip_vs_conn_new(int af, int proto, const > > INIT_LIST_HEAD(&cp->c_list); > setup_timer(&cp->timer, ip_vs_conn_expire, (unsigned long)cp); > - cp->af = af; > - cp->protocol = proto; > - ip_vs_addr_copy(af, &cp->caddr, caddr); > - cp->cport = cport; > - ip_vs_addr_copy(af, &cp->vaddr, vaddr); > - cp->vport = vport; > + cp->af = p->af; > + cp->protocol = p->protocol; > + ip_vs_addr_copy(p->af, &cp->caddr, p->caddr); > + cp->cport = p->cport; > + ip_vs_addr_copy(p->af, &cp->vaddr, p->vaddr); > + cp->vport = p->vport; > /* proto should only be IPPROTO_IP if d_addr is a fwmark */ > - ip_vs_addr_copy(proto == IPPROTO_IP ? AF_UNSPEC : af, > + ip_vs_addr_copy(p->protocol == IPPROTO_IP ? AF_UNSPEC : p->af, > &cp->daddr, daddr); > cp->dport = dport; > cp->flags = flags; > @@ -810,7 +807,7 @@ ip_vs_conn_new(int af, int proto, const > > /* Bind its packet transmitter */ > #ifdef CONFIG_IP_VS_IPV6 > - if (af == AF_INET6) > + if (p->af == AF_INET6) > ip_vs_bind_xmit_v6(cp); > else > #endif > Index: lvs-test-2.6/net/netfilter/ipvs/ip_vs_core.c > =================================================================== > --- lvs-test-2.6.orig/net/netfilter/ipvs/ip_vs_core.c 2010-10-04 17:00:45.000000000 +0900 > +++ lvs-test-2.6/net/netfilter/ipvs/ip_vs_core.c 2010-10-04 17:49:20.000000000 +0900 > @@ -193,14 +193,11 @@ ip_vs_sched_persist(struct ip_vs_service > struct ip_vs_iphdr iph; > struct ip_vs_dest *dest; > struct ip_vs_conn *ct; > - int protocol = iph.protocol; > __be16 dport = 0; /* destination port to forward */ > - __be16 vport = 0; /* virtual service port */ > unsigned int flags; > + struct ip_vs_conn_param param; > union nf_inet_addr snet; /* source network of the client, > after masking */ > - const union nf_inet_addr fwmark = { .ip = htonl(svc->fwmark) }; > - const union nf_inet_addr *vaddr = &iph.daddr; > > ip_vs_fill_iphdr(svc->af, skb_network_header(skb), &iph); > > @@ -232,6 +229,11 @@ ip_vs_sched_persist(struct ip_vs_service > * is created for other persistent services. > */ > { > + int protocol = iph.protocol; > + const union nf_inet_addr *vaddr = &iph.daddr; > + const union nf_inet_addr fwmark = { .ip = htonl(svc->fwmark) }; > + __be16 vport = 0; > + > if (ports[1] == svc->port) { > /* non-FTP template: > * <protocol, caddr, 0, vaddr, vport, daddr, dport> > @@ -253,11 +255,12 @@ ip_vs_sched_persist(struct ip_vs_service > vaddr = &fwmark; > } > } > + ip_vs_conn_fill_param(svc->af, protocol, &snet, 0, > + vaddr, vport, ¶m); > } > > /* Check if a template already exists */ > - ct = ip_vs_ct_in_get(svc->af, protocol, &snet, 0, vaddr, vport); > - > + ct = ip_vs_ct_in_get(¶m); > if (!ct || !ip_vs_check_template(ct)) { > /* No template found or the dest of the connection > * template is not available. > @@ -272,8 +275,7 @@ ip_vs_sched_persist(struct ip_vs_service > dport = dest->port; > > /* Create a template */ > - ct = ip_vs_conn_new(svc->af, protocol, &snet, 0,vaddr, vport, > - &dest->addr, dport, > + ct = ip_vs_conn_new(¶m, &dest->addr, dport, > IP_VS_CONN_F_TEMPLATE, dest); > if (ct == NULL) > return NULL; > @@ -294,12 +296,9 @@ ip_vs_sched_persist(struct ip_vs_service > /* > * Create a new connection according to the template > */ > - cp = ip_vs_conn_new(svc->af, iph.protocol, > - &iph.saddr, ports[0], > - &iph.daddr, ports[1], > - &dest->addr, dport, > - flags, > - dest); > + ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, ports[0], > + &iph.daddr, ports[1], ¶m); > + cp = ip_vs_conn_new(¶m, &dest->addr, dport, flags, dest); > if (cp == NULL) { > ip_vs_conn_put(ct); > return NULL; > @@ -366,14 +365,16 @@ ip_vs_schedule(struct ip_vs_service *svc > /* > * Create a connection entry. > */ > - cp = ip_vs_conn_new(svc->af, iph.protocol, > - &iph.saddr, pptr[0], > - &iph.daddr, pptr[1], > - &dest->addr, dest->port ? dest->port : pptr[1], > - flags, > - dest); > - if (cp == NULL) > - return NULL; > + { > + struct ip_vs_conn_param p; > + ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, > + pptr[0], &iph.daddr, pptr[1], &p); > + cp = ip_vs_conn_new(&p, &dest->addr, > + dest->port ? dest->port : pptr[1], > + flags, dest); > + if (!cp) > + return NULL; > + } > > IP_VS_DBG_BUF(6, "Schedule fwd:%c c:%s:%u v:%s:%u " > "d:%s:%u conn->flags:%X conn->refcnt:%d\n", > @@ -429,14 +430,17 @@ int ip_vs_leave(struct ip_vs_service *sv > > /* create a new connection entry */ > IP_VS_DBG(6, "%s(): create a cache_bypass entry\n", __func__); > - cp = ip_vs_conn_new(svc->af, iph.protocol, > - &iph.saddr, pptr[0], > - &iph.daddr, pptr[1], > - &daddr, 0, > - IP_VS_CONN_F_BYPASS | flags, > - NULL); > - if (cp == NULL) > - return NF_DROP; > + { > + struct ip_vs_conn_param p; > + ip_vs_conn_fill_param(svc->af, iph.protocol, > + &iph.saddr, pptr[0], > + &iph.daddr, pptr[1], &p); > + cp = ip_vs_conn_new(&p, &daddr, 0, > + IP_VS_CONN_F_BYPASS | flags, > + NULL); > + if (!cp) > + return NF_DROP; > + } > > /* statistics */ > ip_vs_in_stats(cp, skb); > Index: lvs-test-2.6/net/netfilter/ipvs/ip_vs_ftp.c > =================================================================== > --- lvs-test-2.6.orig/net/netfilter/ipvs/ip_vs_ftp.c 2010-10-04 16:58:31.000000000 +0900 > +++ lvs-test-2.6/net/netfilter/ipvs/ip_vs_ftp.c 2010-10-04 17:00:45.000000000 +0900 > @@ -195,13 +195,17 @@ static int ip_vs_ftp_out(struct ip_vs_ap > /* > * Now update or create an connection entry for it > */ > - n_cp = ip_vs_conn_out_get(AF_INET, iph->protocol, &from, port, > - &cp->caddr, 0); > + { > + struct ip_vs_conn_param p; > + ip_vs_conn_fill_param(AF_INET, iph->protocol, > + &from, port, &cp->caddr, 0, &p); > + n_cp = ip_vs_conn_out_get(&p); > + } > if (!n_cp) { > - n_cp = ip_vs_conn_new(AF_INET, IPPROTO_TCP, > - &cp->caddr, 0, > - &cp->vaddr, port, > - &from, port, > + struct ip_vs_conn_param p; > + ip_vs_conn_fill_param(AF_INET, IPPROTO_TCP, &cp->caddr, > + 0, &cp->vaddr, port, &p); > + n_cp = ip_vs_conn_new(&p, &from, port, > IP_VS_CONN_F_NO_CPORT | > IP_VS_CONN_F_NFCT, > cp->dest); > @@ -347,21 +351,22 @@ static int ip_vs_ftp_in(struct ip_vs_app > ip_vs_proto_name(iph->protocol), > &to.ip, ntohs(port), &cp->vaddr.ip, 0); > > - n_cp = ip_vs_conn_in_get(AF_INET, iph->protocol, > - &to, port, > - &cp->vaddr, htons(ntohs(cp->vport)-1)); > - if (!n_cp) { > - n_cp = ip_vs_conn_new(AF_INET, IPPROTO_TCP, > - &to, port, > + { > + struct ip_vs_conn_param p; > + ip_vs_conn_fill_param(AF_INET, iph->protocol, &to, port, > &cp->vaddr, htons(ntohs(cp->vport)-1), > - &cp->daddr, htons(ntohs(cp->dport)-1), > - IP_VS_CONN_F_NFCT, > - cp->dest); > - if (!n_cp) > - return 0; > + &p); > + n_cp = ip_vs_conn_in_get(&p); > + if (!n_cp) { > + n_cp = ip_vs_conn_new(&p, &cp->daddr, > + htons(ntohs(cp->dport)-1), > + IP_VS_CONN_F_NFCT, cp->dest); > + if (!n_cp) > + return 0; > > - /* add its controller */ > - ip_vs_control_add(n_cp, cp); > + /* add its controller */ > + ip_vs_control_add(n_cp, cp); > + } > } > > /* > Index: lvs-test-2.6/net/netfilter/ipvs/ip_vs_nfct.c > =================================================================== > --- lvs-test-2.6.orig/net/netfilter/ipvs/ip_vs_nfct.c 2010-10-04 16:58:31.000000000 +0900 > +++ lvs-test-2.6/net/netfilter/ipvs/ip_vs_nfct.c 2010-10-04 17:00:45.000000000 +0900 > @@ -140,6 +140,7 @@ static void ip_vs_nfct_expect_callback(s > { > struct nf_conntrack_tuple *orig, new_reply; > struct ip_vs_conn *cp; > + struct ip_vs_conn_param p; > > if (exp->tuple.src.l3num != PF_INET) > return; > @@ -154,9 +155,10 @@ static void ip_vs_nfct_expect_callback(s > > /* RS->CLIENT */ > orig = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; > - cp = ip_vs_conn_out_get(exp->tuple.src.l3num, orig->dst.protonum, > - &orig->src.u3, orig->src.u.tcp.port, > - &orig->dst.u3, orig->dst.u.tcp.port); > + ip_vs_conn_fill_param(exp->tuple.src.l3num, orig->dst.protonum, > + &orig->src.u3, orig->src.u.tcp.port, > + &orig->dst.u3, orig->dst.u.tcp.port, &p); > + cp = ip_vs_conn_out_get(&p); > if (cp) { > /* Change reply CLIENT->RS to CLIENT->VS */ > new_reply = ct->tuplehash[IP_CT_DIR_REPLY].tuple; > @@ -176,9 +178,7 @@ static void ip_vs_nfct_expect_callback(s > } > > /* CLIENT->VS */ > - cp = ip_vs_conn_in_get(exp->tuple.src.l3num, orig->dst.protonum, > - &orig->src.u3, orig->src.u.tcp.port, > - &orig->dst.u3, orig->dst.u.tcp.port); > + cp = ip_vs_conn_in_get(&p); > if (cp) { > /* Change reply VS->CLIENT to RS->CLIENT */ > new_reply = ct->tuplehash[IP_CT_DIR_REPLY].tuple; > Index: lvs-test-2.6/net/netfilter/ipvs/ip_vs_proto_ah_esp.c > =================================================================== > --- lvs-test-2.6.orig/net/netfilter/ipvs/ip_vs_proto_ah_esp.c 2010-10-04 16:58:31.000000000 +0900 > +++ lvs-test-2.6/net/netfilter/ipvs/ip_vs_proto_ah_esp.c 2010-10-04 17:00:45.000000000 +0900 > @@ -40,6 +40,19 @@ struct isakmp_hdr { > > #define PORT_ISAKMP 500 > > +static void > +ah_esp_conn_fill_param_proto(int af, const struct ip_vs_iphdr *iph, > + int inverse, struct ip_vs_conn_param *p) > +{ > + if (likely(!inverse)) > + ip_vs_conn_fill_param(af, IPPROTO_UDP, > + &iph->saddr, htons(PORT_ISAKMP), > + &iph->daddr, htons(PORT_ISAKMP), p); > + else > + ip_vs_conn_fill_param(af, IPPROTO_UDP, > + &iph->daddr, htons(PORT_ISAKMP), > + &iph->saddr, htons(PORT_ISAKMP), p); > +} > > static struct ip_vs_conn * > ah_esp_conn_in_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp, > @@ -47,21 +60,10 @@ ah_esp_conn_in_get(int af, const struct > int inverse) > { > struct ip_vs_conn *cp; > + struct ip_vs_conn_param p; > > - if (likely(!inverse)) { > - cp = ip_vs_conn_in_get(af, IPPROTO_UDP, > - &iph->saddr, > - htons(PORT_ISAKMP), > - &iph->daddr, > - htons(PORT_ISAKMP)); > - } else { > - cp = ip_vs_conn_in_get(af, IPPROTO_UDP, > - &iph->daddr, > - htons(PORT_ISAKMP), > - &iph->saddr, > - htons(PORT_ISAKMP)); > - } > - > + ah_esp_conn_fill_param_proto(af, iph, inverse, &p); > + cp = ip_vs_conn_in_get(&p); > if (!cp) { > /* > * We are not sure if the packet is from our > @@ -87,21 +89,10 @@ ah_esp_conn_out_get(int af, const struct > int inverse) > { > struct ip_vs_conn *cp; > + struct ip_vs_conn_param p; > > - if (likely(!inverse)) { > - cp = ip_vs_conn_out_get(af, IPPROTO_UDP, > - &iph->saddr, > - htons(PORT_ISAKMP), > - &iph->daddr, > - htons(PORT_ISAKMP)); > - } else { > - cp = ip_vs_conn_out_get(af, IPPROTO_UDP, > - &iph->daddr, > - htons(PORT_ISAKMP), > - &iph->saddr, > - htons(PORT_ISAKMP)); > - } > - > + ah_esp_conn_fill_param_proto(af, iph, inverse, &p); > + cp = ip_vs_conn_out_get(&p); > if (!cp) { > IP_VS_DBG_BUF(12, "Unknown ISAKMP entry for inout packet " > "%s%s %s->%s\n", > Index: lvs-test-2.6/net/netfilter/ipvs/ip_vs_sync.c > =================================================================== > --- lvs-test-2.6.orig/net/netfilter/ipvs/ip_vs_sync.c 2010-10-04 16:58:31.000000000 +0900 > +++ lvs-test-2.6/net/netfilter/ipvs/ip_vs_sync.c 2010-10-04 17:49:20.000000000 +0900 > @@ -301,6 +301,7 @@ static void ip_vs_process_message(const > struct ip_vs_conn *cp; > struct ip_vs_protocol *pp; > struct ip_vs_dest *dest; > + struct ip_vs_conn_param param; > char *p; > int i; > > @@ -370,18 +371,17 @@ static void ip_vs_process_message(const > } > } > > - if (!(flags & IP_VS_CONN_F_TEMPLATE)) > - cp = ip_vs_conn_in_get(AF_INET, s->protocol, > - (union nf_inet_addr *)&s->caddr, > - s->cport, > - (union nf_inet_addr *)&s->vaddr, > - s->vport); > - else > - cp = ip_vs_ct_in_get(AF_INET, s->protocol, > - (union nf_inet_addr *)&s->caddr, > - s->cport, > - (union nf_inet_addr *)&s->vaddr, > - s->vport); > + { > + ip_vs_conn_fill_param(AF_INET, s->protocol, > + (union nf_inet_addr *)&s->caddr, > + s->cport, > + (union nf_inet_addr *)&s->vaddr, > + s->vport, ¶m); > + if (!(flags & IP_VS_CONN_F_TEMPLATE)) > + cp = ip_vs_conn_in_get(¶m); > + else > + cp = ip_vs_ct_in_get(¶m); > + } > if (!cp) { > /* > * Find the appropriate destination for the connection. > @@ -406,14 +406,9 @@ static void ip_vs_process_message(const > else > flags &= ~IP_VS_CONN_F_INACTIVE; > } > - cp = ip_vs_conn_new(AF_INET, s->protocol, > - (union nf_inet_addr *)&s->caddr, > - s->cport, > - (union nf_inet_addr *)&s->vaddr, > - s->vport, > + cp = ip_vs_conn_new(¶m, > (union nf_inet_addr *)&s->daddr, > - s->dport, > - flags, dest); > + s->dport, flags, dest); > if (dest) > atomic_dec(&dest->refcnt); > if (!cp) { > > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Patch applied for patch :-) iff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 52fbe23..7646ff7 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -670,9 +670,19 @@ static inline void ip_vs_conn_fill_param(int af, int protocol, { p->af = af; p->protocol = protocol; - p->caddr = caddr; p->cport = cport; - p->vaddr = vaddr; +#ifdef CONFIG_IP_VS_IPV6 + if (af == AF_INET6) { + ipv6_addr_copy(&p->caddr, caddr); + ipv6_addr_copy(&p->caddr, caddr); + } + else +#else + } + p->caddr = caddr; + p->vaddr = vaddr; + } +#endif p->vport = vport; p->pe = NULL; p->pe_data = NULL; -- Regards Hans Schillstrom <hans.schillstrom@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html