|
Mark de Vries <markdv.lvsuser@xxxxxxxxxx> wrote:
> On Thu, 1 Dec 2005, Horms wrote:
>>
>> I'm pretty sure I agree. Care to cook up a patch?
>
> I'll take a look but I'm not familiar with ip_vs internals so I'd have to
> try to get my head around that first. I already inquired about
> documentation but aparently there isn't a whole lot (targeted at
> developers) so might take some time.
True, the developer documentation is more or less non-existent.
That said, the code isn't actually that large or complex,
so hopefully it won't take you too long to get your mind around it.
In the case of hacking the ftp helper module,
you want to look at ./net/ipv4/ipvs/ip_vs_ftp.c
And in particular ip_vs_ftp_in()
Actually in the course of looking over this I came up
with the following untested patch. The modification should
probably be made a run-time option as it uses no CPORT
entries as a wildcard, and this is a little bit of overhead
that isn't needed for the usual port 20 case.
Signed-Off-By: <horms@xxxxxxxxxxxx>
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index a19a33c..05f4ba7 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -316,14 +316,14 @@ static int ip_vs_ftp_in(struct ip_vs_app
NIPQUAD(to), ntohs(port), NIPQUAD(cp->vaddr), 0);
n_cp = ip_vs_conn_in_get(iph->protocol,
- to, port,
+ to, 0,
cp->vaddr, htons(ntohs(cp->vport)-1));
if (!n_cp) {
n_cp = ip_vs_conn_new(IPPROTO_TCP,
- to, port,
+ to, 0,
cp->vaddr, htons(ntohs(cp->vport)-1),
cp->daddr, htons(ntohs(cp->dport)-1),
- 0,
+ IP_VS_CONN_F_NO_CPORT,
cp->dest);
if (!n_cp)
return 0;
|
