|
Hello Wensong,
This is basically the linux_ip_fw_compat_c.diff patch in the tar-ball
except that check_for_ip_vs_out() is wrapped into #ifdef CONFIG_IP_VS too.
The reasoning behind this is that this file actually is the only
remaining part of LVS' intrusion into the core kernel tree, which also
means that if we submit LVS for 2.5.x it would be neccessary.
Please consider adjusting linux_ip_fw_compat_c.diff by applying this
patch to your tree. In case you're interested I've already "asked" for
and got permission from the netfilter core developers to eventually
submit this "slight-intrusive" code snippet once LVS will be merged with
the main kernel tree :)
Best regards,
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
--- linux-2.4.20/net/ipv4/netfilter/ip_fw_compat.c 2001-12-21
18:42:05.000000000 +0100
+++ linux-2.4.20-ratz/net/ipv4/netfilter/ip_fw_compat.c 2003-06-18
18:33:32.000000000 +0200
@@ -47,6 +47,12 @@
extern int __init masq_init(void);
extern void masq_cleanup(void);
+#ifdef CONFIG_IP_VS
+/* From ip_vs_core.c */
+extern unsigned int
+check_for_ip_vs_out(struct sk_buff **skb_p, int (*okfn)(struct sk_buff *));
+#endif
+
/* They call these; we do what they want. */
int register_firewall(int pf, struct firewall_ops *fw)
{
@@ -172,8 +178,14 @@
return NF_ACCEPT;
case FW_MASQUERADE:
- if (hooknum == NF_IP_FORWARD)
+ if (hooknum == NF_IP_FORWARD) {
+#ifdef CONFIG_IP_VS
+ /* check if it is for ip_vs */
+ if (check_for_ip_vs_out(pskb, okfn) == NF_STOLEN)
+ return NF_STOLEN;
+#endif
return do_masquerade(pskb, out);
+ }
else return NF_ACCEPT;
case FW_REDIRECT:
|
