Re: [PATCH] Transparent proxy support for LVS with localnode and realser

To:	Raphael Vallazza <raphael@xxxxxxxxxx>
Subject:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING)
Cc:	LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>
From:	Simon Horman <horms@xxxxxxxxxxxx>
Date:	Fri, 11 Jan 2008 13:28:34 +0900

To:

Raphael Vallazza <raphael@xxxxxxxxxx>

Subject:

Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING)

Cc:

LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>

From:

Simon Horman <horms@xxxxxxxxxxxx>

Date:

Fri, 11 Jan 2008 13:28:34 +0900

Sorry, I was a bit to fast on the trigger-button when I sent the
previous patch. I checked that it applied against net-2.4.25, but I
hadn't yet checked that it compiled. I have now done that for both of
the new options and also checked that it boots, though I have not
checked that it does anything sensible with packets.

> Index: net-2.6.25/net/ipv4/ipvs/ip_vs_core.c
> ===================================================================
> --- net-2.6.25.orig/net/ipv4/ipvs/ip_vs_core.c        2008-01-11 
> 12:57:55.000000000 +0900
> +++ net-2.6.25/net/ipv4/ipvs/ip_vs_core.c     2008-01-11 13:00:09.000000000 
> +0900
> @@ -1026,6 +1026,7 @@ ip_vs_forward_icmp(unsigned int hooknum,
>  
>  
>  static struct nf_hook_ops ip_vs_ops[] __read_mostly = {
> +#ifdef CONFIG_IP_VS_INPUT_LOCAL_IN
>       /* After packet filtering, forward packet through VS/DR, VS/TUN,
>        * or VS/NAT(change destination), so that filtering rules can be
>        * applied to IPVS. */
> @@ -1036,6 +1037,20 @@ static struct nf_hook_ops ip_vs_ops[] __
>               .hooknum        = NF_INET_LOCAL_IN,
>               .priority       = 100,
>       },
> +#endif
> +#ifdef CONFIG_IP_VS_INPUT_PRE_ROUTING
> +     /* Intercept incoming connections before DNAT and input filtering
> +      * has been applied, this enables ransparent proxying on realnodes
> +      * and localnode. Hook right after MANGLE and before NAT_DST.
> +      */
> +     static struct nf_hook_ops ip_vs_in_ops = {

This should be:
        ip_vs_in_ops = {

> +             .hook           = ip_vs_in,
> +             .owner          = THIS_MODULE,
> +             .pf             = PF_INET,
> +             .hooknum        = NF_IP_PRE_ROUTING,

This should be:
                .hooknum        = NF_INET_PRE_ROUTING,

> +             .priority       = NF_IP_PRI_NAT_DST - 1,

> +     },
> +#endif
>       /* After packet filtering, change source only for VS/NAT */
>       {
>               .hook           = ip_vs_out,

If you could incoporate those changes, write a comment (the intial mail
will do) and add a sign-off, then I'll send the patch up to net-dev for
further review. If you could also test against net-2.4.25, that would
be awsome.

-- 
Horms

-
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Raphael Vallazza Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Joseph Mack NA3T Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Raphael Vallazza Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Simon Horman Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Simon Horman <= Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Joseph Mack NA3T Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Raphael Vallazza Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Joseph Mack NA3T Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Simon Horman Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Graeme Fowler Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Julian Anastasov Message not available Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Julian Anastasov Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Raphael Vallazza

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Simon Horman
Next by Date:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Joseph Mack NA3T
Previous by Thread:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Simon Horman
Next by Thread:	Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Joseph Mack NA3T
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Simon Horman

Next by Date:

Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Joseph Mack NA3T

Previous by Thread:

Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Simon Horman

Next by Thread:

Re: [PATCH] Transparent proxy support for LVS with localnode and realservers (WORKING), Joseph Mack NA3T

Indexes:

[Date] [Thread] [Top] [All Lists]