antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel

To:	LVS List <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel
From:	Vinnie <listacct1@xxxxxxxxxx>
Date:	Mon, 14 Apr 2003 19:12:04 -0400

Hi everyone,

With Ben North's very helpful information, I managed to hand-fit the"antefacto" patches into v1.0.7 of the IPVS source and 2.4.19 kernelsource. After completing the patch work, I ran a diff against the wholekernel tree, to come up with a "single kernel patch" of IPVS 1.0.7 forkernel 2.4.19, *WITH* the antefacto patches in place also.

(for those unfamiliar, the Antefacto patches bring enough of netfilter'sconnection tracking code into IPVS to allow an LVS(-NAT) director alsofunction as a stateful inspection-capable iptables firewall also, sothat even traffic destined for a VIP/realserver can bestatefully-inspected by your iptables firewall ruleset).

I know 1.0.8 just came out so this may not be quite as interesting as itwould have been a few days ago... ;)

I've been running an LVS-NAT director with this setup for over a weeknow and haven't seen any probs yet.

Anyway, if anyone is interested in a copy of this "antefacto-enabled"IPVS v1.0.7 single-kernel-patch for kernel 2.4.19, point your browser to:


http://www.lvwnet.com/vince/files/linux-2.4.19_ipvs1.0.7_single-patch+antefacto-netfilter-conntrack.zip

and pick up a copy. Ben North looked over what I did, and advised methat there are a couple of .orig files in the diff, so I will probablyneed to clean them up and re-diff for a cleaner patch.

But as far as I can tell here with a mildly-busy setup, running 13LVS-NAT virtual services on the firewall/director (a P166-MMX), it ischumming right along.

Please ignore the lack of much anything else useful on my linux webpage. Gotta get away from hands-on long enough to update the webpagewith some information. ;)


==========

Any chance the maintainers of the IPVS code would RE-consider bringingthe Antefacto code into the main IPVS source code? It really is a goodfeature (stateful inspection of VIP traffic in the firewall scripts),and I imagine there would be many folks that would consider this useful.Why run a separate firewall box if you can have LVS director andfirewall on the same box (and not lose any functionality)? You can makethat 2nd box a hot standby director/firewall in case the first onefails... ;)

<Prev in Thread]	Current Thread	[Next in Thread>
antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Vinnie <= Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Marc-Christian Petersen Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Vinnie Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Roberto Nibali Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Roberto Nibali Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Marc-Christian Petersen Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Vinnie Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Stoyan Zalev Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Vinnie

Previous by Date:	[ANNOUNCE] Keepalived 1.0.2, Alexandre Cassen
Next by Date:	Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Marc-Christian Petersen
Previous by Thread:	[ANNOUNCE] Keepalived 1.0.2, Alexandre Cassen
Next by Thread:	Re: antefacto patch successful against ipvs1.0.7 and 2.4.19 kernel, Marc-Christian Petersen
Indexes:	[Date] [Thread] [Top] [All Lists]