LVS
lvs-devel
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

[PATCH 6/6] move ipvs to PRE/POSTROUTING

from [Jason Stubbs] [Permanent Link]
To: LVS Devel <lvs-devel@xxxxxxxxxxxxxxx>
Subject: [PATCH 6/6] move ipvs to PRE/POSTROUTING
From: Jason Stubbs <j.stubbs@xxxxxxxxxxxxxxx>
Date: Tue, 15 Apr 2008 15:43:22 +0900 
Aliasing LOCALNODE to MASQ means that traffic entering the OUTPUT chain
may be replies for a LVS-NAT'd connection. This patch adds the same
hooks that de-LVS packets at the start of PREROUTING to the start of
OUTPUT too.

-- 
Jason Stubbs <j.stubbs@xxxxxxxxxxxxxxx>
LINKTHINK INC.
東京都渋谷区桜ヶ丘町22-14 N.E.S S棟 3F
TEL 03-5728-4772  FAX 03-5728-4773

diff -urp linux.5.localmasq/net/ipv4/ipvs/ip_vs_core.c 
linux.6.localhooks/net/ipv4/ipvs/ip_vs_core.c
--- linux.5.localmasq/net/ipv4/ipvs/ip_vs_core.c        2008-04-15 
13:07:04.000000000 +0900
+++ linux.6.localhooks/net/ipv4/ipvs/ip_vs_core.c       2008-04-15 
13:16:34.159728801 +0900
@@ -1008,6 +1008,25 @@ static struct nf_hook_ops ip_vs_forward_
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
        .hooknum        = NF_IP_PRE_ROUTING,
+       .priority       = NF_IP_PRI_FIRST + 1,
+};
+
+/* After packet filtering, change source only for VS/NAT */
+static struct nf_hook_ops ip_vs_local_out_ops = {
+       .hook           = ip_vs_out,
+       .owner          = THIS_MODULE,
+       .pf             = PF_INET,
+       .hooknum        = NF_IP_LOCAL_OUT,
+       .priority       = NF_IP_PRI_FIRST,
+};
+
+/* After packet filtering (but before ip_vs_out_icmp), catch icmp
+   destined for 0.0.0.0/0, which is for incoming IPVS connections */
+static struct nf_hook_ops ip_vs_local_icmp_ops = {
+       .hook           = ip_vs_forward_icmp,
+       .owner          = THIS_MODULE,
+       .pf             = PF_INET,
+       .hooknum        = NF_IP_LOCAL_OUT,
        .priority       = NF_IP_PRI_FIRST,
 };
 
@@ -1050,15 +1069,32 @@ static int __init ip_vs_init(void)
                IP_VS_ERR("can't register out hook.\n");
                goto cleanup_inops;
        }
+
        ret = nf_register_hook(&ip_vs_forward_icmp_ops);
        if (ret < 0) {
                IP_VS_ERR("can't register forward_icmp hook.\n");
                goto cleanup_outops;
        }
 
+       ret = nf_register_hook(&ip_vs_local_out_ops);
+       if (ret < 0) {
+               IP_VS_ERR("can't register local out hook.\n");
+               goto cleanup_icmpops;
+       }
+
+       ret = nf_register_hook(&ip_vs_local_icmp_ops);
+       if (ret < 0) {
+               IP_VS_ERR("can't register local icmp hook.\n");
+               goto cleanup_localout;
+       }
+
        IP_VS_INFO("ipvs loaded.\n");
        return ret;
 
+  cleanup_localout:
+    nf_unregister_hook(&ip_vs_local_out_ops);
+  cleanup_icmpops:
+    nf_unregister_hook(&ip_vs_forward_icmp_ops);
   cleanup_outops:
        nf_unregister_hook(&ip_vs_out_ops);
   cleanup_inops:
@@ -1076,6 +1112,8 @@ static int __init ip_vs_init(void)
 
 static void __exit ip_vs_cleanup(void)
 {
+       nf_unregister_hook(&ip_vs_local_icmp_ops);
+       nf_unregister_hook(&ip_vs_local_out_ops);
        nf_unregister_hook(&ip_vs_forward_icmp_ops);
        nf_unregister_hook(&ip_vs_out_ops);
        nf_unregister_hook(&ip_vs_in_ops);
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [PATCH 5/6] move ipvs to PRE/POSTROUTING, Jason Stubbs
Next by Date:  Re: moving ipvs() to POST/PREROUTING, Jason Stubbs
Previous by Thread:  [PATCH 5/6] move ipvs to PRE/POSTROUTING, Jason Stubbs
Next by Thread:  Re: [PATCH 0/6] move ipvs to PRE/POSTROUTING, Joseph Mack NA3T
Indexes:  [Date] [Thread] [Top] [All Lists]