|
Hi,
I just packed the virtual server patch version 0.8. Virtual FTP server
support was added, and several places were changed for efficiency. Strongly
recommend to upgrade to this version.
The ChangeLog is as follows:
- Add virtual FTP server support
The original ippfvs via IP tunneling could not be used to
build a virtual FTP server, because the real servers could
not establish data connections to clients. The code was
added to parse the port number in the ftp control data
and create the corresponding masquerading entry for the
coming data connection.
Although the original ippfvs via NAT could be used to build
a virtual server, the data connection was established in
this way.
Real Server port:20 ----> ippfvs: allocate a free masq port
-----> the client port
It is not elegent but time-consuming. Now it was changed
as follows:
Real Server port:20 ----> ippfvs port: 20
----> the client port
- Change the port checking order in the ip_fw_demasquerade()
If the size of masquerade hash table is well chosen, checking
a masquerading entry in the hash table will just require one
hit. It is much efficient than checking port for virtual
services, and there are at least 3 incoming packets for each
connection, which require port checking. So, it is efficient
to check the masquerading hash table first and then check
port for virtual services.
- Remove a useless statement in the ip_masq_new_pfvs()
The useless statement in the ip_masq_new_pfvs function is
ip_masq_free_ports[masq_proto_num(proto)]++;
which may disturb system.
- Change the header printing of the ip_pfvs_procinfo()
Wensong
|
