LVS
lvs-devel
Google
 
Web LinuxVirtualServer.org

Re: [PATCH] Runtime interception method switch

To: Raphael Vallazza <raphael@xxxxxxxxxx>
Subject: Re: [PATCH] Runtime interception method switch
Cc: LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>
From: Simon Horman <horms@xxxxxxxxxxxx>
Date: Fri, 18 Jan 2008 17:52:37 +0900
On Wed, Jan 16, 2008 at 12:28:21PM +0100, Raphael Vallazza wrote:
> I've added the documentation for the input_hook switch, and attached  
> both patches for net-2.6.25 (i hope the mailer doesn't mess up things  
> this time :).

Indeed, this seems a lot better :-)


These patches are looking quite good. I only have two minor issues
at this stage.

1) The last fragment of the first patch seems spurious as its
   just a whitespace change. But I'm happy to send it on to DaveM
   and netdev as is.

@@ -1059,7 +1087,7 @@ static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
                .hooknum        = NF_INET_POST_ROUTING,
-               .priority       = NF_IP_PRI_NAT_SRC-1,
+               .priority       = NF_IP_PRI_NAT_SRC - 1,
        },
 };

2) I am still getting errors with the second patch which
   I can resolve by moving the hook definitions to below
   ip_vs_register_hooks() and ip_vs_unregister_hooks()

   The gcc version and errors are bellow.
   As is a patch to do the re-ordering - that is all it does.

   If you are happy with this change I can fold it into your
   patch and send it on to DaveM and netdev, or you can send me
   a fresh patch if you would prefer. I do belive this error is real,
   perhaps your gcc is a different (older?) version and is ignoring
   this?

# gcc --version
i686-unknown-linux-gnu-gcc (GCC) 3.4.5
Copyright (C) 2004 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is
NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.

# make
  CHK     include/linux/version.h
  CHK     include/linux/utsrelease.h
  CALL    scripts/checksyscalls.sh
  CHK     include/linux/compile.h
  CC      net/ipv4/ipvs/ip_vs_core.o
net/ipv4/ipvs/ip_vs_core.c: In function `ip_vs_register_hooks':
net/ipv4/ipvs/ip_vs_core.c:1043: error: `ip_vs_ops_local_in' undeclared (first 
use in this function)
net/ipv4/ipvs/ip_vs_core.c:1043: error: (Each undeclared identifier is reported 
only once
net/ipv4/ipvs/ip_vs_core.c:1043: error: for each function it appears in.)
net/ipv4/ipvs/ip_vs_core.c:1044: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1044: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1044: error: size of array `type name' is negative
net/ipv4/ipvs/ip_vs_core.c:1048: error: `ip_vs_ops_forward' undeclared (first 
use in this function)
net/ipv4/ipvs/ip_vs_core.c:1049: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1049: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1049: error: size of array `type name' is negative
net/ipv4/ipvs/ip_vs_core.c:1053: error: `ip_vs_ops_pre_routing' undeclared 
(first use in this function)
net/ipv4/ipvs/ip_vs_core.c:1054: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1054: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1054: error: size of array `type name' is negative
net/ipv4/ipvs/ip_vs_core.c:1066: error: `ip_vs_ops_generic' undeclared (first 
use in this function)
net/ipv4/ipvs/ip_vs_core.c:1067: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1067: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1067: error: size of array `type name' is negative
net/ipv4/ipvs/ip_vs_core.c: In function `ip_vs_unregister_hooks':
net/ipv4/ipvs/ip_vs_core.c:1091: error: `ip_vs_ops_local_in' undeclared (first 
use in this function)
net/ipv4/ipvs/ip_vs_core.c:1092: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1092: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1092: error: size of array `type name' is negative
net/ipv4/ipvs/ip_vs_core.c:1095: error: `ip_vs_ops_forward' undeclared (first 
use in this function)
net/ipv4/ipvs/ip_vs_core.c:1096: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1096: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1096: error: size of array `type name' is negative
net/ipv4/ipvs/ip_vs_core.c:1099: error: `ip_vs_ops_pre_routing' undeclared 
(first use in this function)
net/ipv4/ipvs/ip_vs_core.c:1100: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1100: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1100: error: size of array `type name' is negative
net/ipv4/ipvs/ip_vs_core.c:1107: error: `ip_vs_ops_generic' undeclared (first 
use in this function)
net/ipv4/ipvs/ip_vs_core.c:1107: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1107: warning: type defaults to `int' in declaration 
of `type name'
net/ipv4/ipvs/ip_vs_core.c:1107: error: size of array `type name' is negative
net/ipv4/ipvs/ip_vs_core.c: At top level:
net/ipv4/ipvs/ip_vs_core.c:1117: warning: 'ip_vs_ops_local_in' defined but not 
used
net/ipv4/ipvs/ip_vs_core.c:1131: warning: 'ip_vs_ops_forward' defined but not 
used
net/ipv4/ipvs/ip_vs_core.c:1152: warning: 'ip_vs_ops_pre_routing' defined but 
not used
net/ipv4/ipvs/ip_vs_core.c:1166: warning: 'ip_vs_ops_generic' defined but not 
used
make[3]: *** [net/ipv4/ipvs/ip_vs_core.o] エラー 1
make[2]: *** [net/ipv4/ipvs] エラー 2
make[1]: *** [net/ipv4] エラー 2
make: *** [net] エラー 2


Index: net-2.6.25/net/ipv4/ipvs/ip_vs_core.c
===================================================================
--- net-2.6.25.orig/net/ipv4/ipvs/ip_vs_core.c  2008-01-18 17:34:23.000000000 
+0900
+++ net-2.6.25/net/ipv4/ipvs/ip_vs_core.c       2008-01-18 17:35:07.000000000 
+0900
@@ -1024,6 +1024,87 @@ ip_vs_forward_icmp(unsigned int hooknum,
        return ip_vs_in_icmp(skb, &r, hooknum);
 }
 
+
+/* After packet filtering, forward packet through VS/DR, VS/TUN,
+ * or VS/NAT(change destination), so that filtering rules can be
+ * applied to IPVS. */
+static struct nf_hook_ops ip_vs_ops_local_in[] __read_mostly = {
+       {
+               .hook           = ip_vs_in,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_INET_LOCAL_IN,
+               .priority       = 100,
+       },
+};
+
+/* Intercept incoming connections after they have traveled through
+ * the INPUT or the FORWARD table. It has the same functionlity of
+ * the "INPUT method", but also processes connections that are
+ * routed through the director, supporting VIP-less setups. */
+static struct nf_hook_ops ip_vs_ops_forward[] __read_mostly = {
+       {
+               .hook           = ip_vs_in,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_INET_LOCAL_IN,
+               .priority       = 100,
+       },
+       {
+               .hook           = ip_vs_in,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_INET_FORWARD,
+               .priority       = 98,
+       },
+};
+
+/* Intercept incoming connections before DNAT and input filtering
+ * has been applied, this enables ransparent proxying on realnodes
+ * and localnode. Hook right after MANGLE and before NAT_DST.
+ */
+static struct nf_hook_ops ip_vs_ops_pre_routing[] __read_mostly = {
+       {
+               .hook           = ip_vs_in,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_INET_PRE_ROUTING,
+               .priority       = NF_IP_PRI_NAT_DST - 1,
+       },
+};
+
+/*
+ * Generic Netfilter hooks required for all the input methods
+ */
+
+static struct nf_hook_ops ip_vs_ops_generic[] __read_mostly = {
+       /* After packet filtering, change source only for VS/NAT */
+       {
+               .hook           = ip_vs_out,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_INET_FORWARD,
+               .priority       = 100,
+       },
+       /* After packet filtering (but before ip_vs_out_icmp), catch icmp
+        * destined for 0.0.0.0/0, which is for incoming IPVS connections */
+       {
+               .hook           = ip_vs_forward_icmp,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_INET_FORWARD,
+               .priority       = 99,
+       },
+       /* Before the netfilter connection tracking, exit from POST_ROUTING */
+       {
+               .hook           = ip_vs_post_routing,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_INET_POST_ROUTING,
+               .priority       = NF_IP_PRI_NAT_SRC - 1,
+       },
+};
+
 /*
  * Register netfilter hook based on input_hook type
  */
@@ -1111,87 +1192,6 @@ int ip_vs_unregister_hooks(int input_hoo
 }
 
 
-/* After packet filtering, forward packet through VS/DR, VS/TUN,
- * or VS/NAT(change destination), so that filtering rules can be
- * applied to IPVS. */
-static struct nf_hook_ops ip_vs_ops_local_in[] __read_mostly = {
-       {
-               .hook           = ip_vs_in,
-               .owner          = THIS_MODULE,
-               .pf             = PF_INET,
-               .hooknum        = NF_INET_LOCAL_IN,
-               .priority       = 100,
-       },
-};
-
-/* Intercept incoming connections after they have traveled through
- * the INPUT or the FORWARD table. It has the same functionlity of
- * the "INPUT method", but also processes connections that are
- * routed through the director, supporting VIP-less setups. */
-static struct nf_hook_ops ip_vs_ops_forward[] __read_mostly = {
-       {
-               .hook           = ip_vs_in,
-               .owner          = THIS_MODULE,
-               .pf             = PF_INET,
-               .hooknum        = NF_INET_LOCAL_IN,
-               .priority       = 100,
-       },
-       {
-               .hook           = ip_vs_in,
-               .owner          = THIS_MODULE,
-               .pf             = PF_INET,
-               .hooknum        = NF_INET_FORWARD,
-               .priority       = 98,
-       },
-};
-
-/* Intercept incoming connections before DNAT and input filtering
- * has been applied, this enables ransparent proxying on realnodes
- * and localnode. Hook right after MANGLE and before NAT_DST.
- */
-static struct nf_hook_ops ip_vs_ops_pre_routing[] __read_mostly = {
-       {
-               .hook           = ip_vs_in,
-               .owner          = THIS_MODULE,
-               .pf             = PF_INET,
-               .hooknum        = NF_INET_PRE_ROUTING,
-               .priority       = NF_IP_PRI_NAT_DST - 1,
-       },
-};
-
-/*
- * Generic Netfilter hooks required for all the input methods
- */
-
-static struct nf_hook_ops ip_vs_ops_generic[] __read_mostly = {
-       /* After packet filtering, change source only for VS/NAT */
-       {
-               .hook           = ip_vs_out,
-               .owner          = THIS_MODULE,
-               .pf             = PF_INET,
-               .hooknum        = NF_INET_FORWARD,
-               .priority       = 100,
-       },
-       /* After packet filtering (but before ip_vs_out_icmp), catch icmp
-        * destined for 0.0.0.0/0, which is for incoming IPVS connections */
-       {
-               .hook           = ip_vs_forward_icmp,
-               .owner          = THIS_MODULE,
-               .pf             = PF_INET,
-               .hooknum        = NF_INET_FORWARD,
-               .priority       = 99,
-       },
-       /* Before the netfilter connection tracking, exit from POST_ROUTING */
-       {
-               .hook           = ip_vs_post_routing,
-               .owner          = THIS_MODULE,
-               .pf             = PF_INET,
-               .hooknum        = NF_INET_POST_ROUTING,
-               .priority       = NF_IP_PRI_NAT_SRC - 1,
-       },
-};
-
-
 /*
  *     Initialize IP Virtual Server
  */
-
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread] Current Thread [Next in Thread>