|
On Wed, Aug 03, 2005 at 01:34:02PM -0700, Joseph Mack NA3T wrote:
> On Wed, 3 Aug 2005, Ludo Stellingwerff wrote:
>
> >>Have you sent the patch yet? I'd like to include it in the next HOWTO.
> >>
> >>Thanks Joe
> >>
> >Hi Joe,
> >
> >I did send both patches to the list, one for the kernel and one for
> >ipvsadm. (both marked "PATCH x/2 inlining")
>
> got them. Sorry. I assumed they were both kernel patches and didn't
> look any further.
>
> >But I do need some feedback on some concepts in the patches. (especially
> >the kernel patch)
>
> You'll have to wait for Horms, Julian or Wensong for that, sorry.
I had a brief look over the patches and the seem ok to me.
Except that I am not clear on the motivation of the following hooks.
Doesn't this mean that ip_vs_in is registered in three separate places?
Is this actually what you need?
+/* On the forward hook, before any of the above support hooks,
+ filter forwarding packets for new routing.
+ Very powerfull in combination with fwmark */
+static struct nf_hook_ops ip_vs_forward_ops = {
+ .hook = ip_vs_in,
+ .owner = THIS_MODULE,
+ .pf = PF_INET,
+ .hooknum = NF_IP_FORWARD,
+ .priority = 98,
+};
+
+/* Before local outgoing nat, but after mangle,
+ filter outgoing packets for new routing.
+ Very powerfull in combination with fwmark */
+static struct nf_hook_ops ip_vs_doout_ops = {
+ .hook = ip_vs_in,
+ .owner = THIS_MODULE,
+ .pf = PF_INET,
+ .hooknum = NF_IP_LOCAL_OUT,
+ .priority = -125,
+};
+
ip_vs_reinject_xmit() looks fine to me, though other eyes may say
otherwise.
--
Horms
|
