Re: LVS-NAT Active FTP issue...

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: LVS-NAT Active FTP issue...
Cc:	Horms <horms@xxxxxxxxxxxx>
From:	Roberto Nibali <ratz@xxxxxx>
Date:	Mon, 05 Dec 2005 15:32:19 +0100

Horms,

I'll take a look but I'm not familiar with ip_vs internals so I'd have to
try to get my head around that first. I already inquired about
documentation but aparently there isn't a whole lot (targeted at
developers) so might take some time.

True, the developer documentation is more or less non-existent.

That said, the code isn't actually that large or complex,
so hopefully it won't take you too long to get your mind around it.

To me the only mind-boggling thing are those interwoven structs, everytime I get to work on the code again. I happen to think that this levelof complexity would not be needed (also with regard of lockless datastructures). If you know a of a tool that reads *.[ch] files on STDINand writes out a nice UML class diagram, I'd be more than eager to know.

In the case of hacking the ftp helper module,you want to look at ./net/ipv4/ipvs/ip_vs_ftp.c
And in particular ip_vs_ftp_in()

Actually in the course of looking over this I came up
with the following untested patch. The modification should
probably be made a run-time option as it uses no CPORTentries as a wildcard, and this is a little bit of overhead
that isn't needed for the usual port 20 case.

We could also merge some of the ftp helper modules advances of netfilterinto the IPVS ftp helper module. They have added some more recognition code.

Signed-Off-By: <horms@xxxxxxxxxxxx>

diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index a19a33c..05f4ba7 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -316,14 +316,14 @@ static int ip_vs_ftp_in(struct ip_vs_app
                  NIPQUAD(to), ntohs(port), NIPQUAD(cp->vaddr), 0);

n_cp = ip_vs_conn_in_get(iph->protocol,

-                                to, port,
+                                to, 0,
                                 cp->vaddr, htons(ntohs(cp->vport)-1));
        if (!n_cp) {
                n_cp = ip_vs_conn_new(IPPROTO_TCP,
-                                     to, port,
+                                     to, 0,
                                      cp->vaddr, htons(ntohs(cp->vport)-1),
                                      cp->daddr, htons(ntohs(cp->dport)-1),
-                                     0,
+                                     IP_VS_CONN_F_NO_CPORT,
                                      cp->dest);

Bloody cheater :). So now we don't need to make ftp persistent anymore.I'm sure Joe will be happy to scrap a couple of hundreds of his HOWTOpages related to FTP ...


/me runs and hides in the bush

Cheers,
Roberto Nibali, ratz
--
-------------------------------------------------------------
addr://Kasinostrasse 30, CH-5001 Aarau tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Re: LVS-NAT Active FTP issue..., Mark de Vries Re: LVS-NAT Active FTP issue..., Horms Re: LVS-NAT Active FTP issue..., Mark de Vries Re: LVS-NAT Active FTP issue..., Horms Re: LVS-NAT Active FTP issue..., Roberto Nibali <= Re: LVS-NAT Active FTP issue..., Mark de Vries

Previous by Date:	Re: LVS-DR --- real server under AIX box, Joseph Mack NA3T
Next by Date:	ResourceManager doesn't stop anymore, Leon Keijser
Previous by Thread:	Re: LVS-NAT Active FTP issue..., Horms
Next by Thread:	Re: LVS-NAT Active FTP issue..., Mark de Vries
Indexes:	[Date] [Thread] [Top] [All Lists]