From: Simon Horman <horms@verge.net.au>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Julian Anastasov <ja@ssi.bg>,
lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org,
Wensong Zhang <wensong@linux-vs.org>,
Hans Schillstrom <hans.schillstrom@ericsson.com>,
Jesper Dangaard Brouer <brouer@redhat.com>
Subject: Re: [PATCH 1/2] ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper
Date: Tue, 24 Jul 2012 08:11:26 +0900 [thread overview]
Message-ID: <20120723231124.GL2966@verge.net.au> (raw)
In-Reply-To: <20120723173906.GA1430@1984>
On Mon, Jul 23, 2012 at 07:39:06PM +0200, Pablo Neira Ayuso wrote:
> On Mon, Jul 23, 2012 at 03:48:18PM +0900, Simon Horman wrote:
> > On Thu, Jul 12, 2012 at 10:43:22PM +0300, Julian Anastasov wrote:
> > >
> > > Hello,
> > >
> > > On Thu, 12 Jul 2012, Pablo Neira Ayuso wrote:
> > >
> > > > On Wed, Jul 11, 2012 at 09:25:26AM +0900, Simon Horman wrote:
> > > > > From: Julian Anastasov <ja@ssi.bg>
> > > > >
> > > > > The FTP application indirectly depends on the
> > > > > nf_conntrack_ftp helper for proper NAT support. If the
> > > > > module is not loaded, IPVS can resize the packets for the
> > > > > command connection, eg. PASV response but the SEQ adjustment
> > > > > logic in ipv4_confirm is not called without helper.
> > > > >
> > > > > Signed-off-by: Julian Anastasov <ja@ssi.bg>
> > > > > Signed-off-by: Simon Horman <horms@verge.net.au>
> > > > > ---
> > > > > net/netfilter/ipvs/Kconfig | 3 ++-
> > > > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > > > >
> > > > > diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig
> > > > > index f987138..8b2cffd 100644
> > > > > --- a/net/netfilter/ipvs/Kconfig
> > > > > +++ b/net/netfilter/ipvs/Kconfig
> > > > > @@ -250,7 +250,8 @@ comment 'IPVS application helper'
> > > > >
> > > > > config IP_VS_FTP
> > > > > tristate "FTP protocol helper"
> > > > > - depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT
> > > > > + depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \
> > > > > + NF_CONNTRACK_FTP
> > > >
> > > > If you require FTP NAT support, then this depends on NF_NAT_FTP
> > > > instead of NF_CONNTRACK_FTP.
> > >
> > > No, I just checked again, it works without nf_nat_ftp,
> > > only nf_nat, nf_conntrack_ftp and iptable_nat are needed.
> > > We use packet mangling part from nf_nat (nf_nat_mangle_tcp_packet).
> >
> > Is there a consensus on this?
>
> Fine with me, just wanted to make sure this what you wanted. Thanks
> Simon.
Thanks. I'll include this in a pull request after rebasing ipvs-next.
I plan to do that today.
next prev parent reply other threads:[~2012-07-23 23:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-11 0:25 [GIT PULL nf-next] IPVS Simon Horman
2012-07-11 0:25 ` [PATCH 1/2] ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper Simon Horman
2012-07-12 15:39 ` Pablo Neira Ayuso
2012-07-12 19:43 ` Julian Anastasov
2012-07-23 6:48 ` Simon Horman
2012-07-23 17:39 ` Pablo Neira Ayuso
2012-07-23 23:11 ` Simon Horman [this message]
2012-07-11 0:25 ` [PATCH 2/2] ipvs: generalize app registration in netns Simon Horman
2012-07-12 16:22 ` Pablo Neira Ayuso
2012-07-12 20:04 ` Julian Anastasov
2012-07-12 20:06 ` [PATCH v2] " Julian Anastasov
2012-07-13 2:59 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120723231124.GL2966@verge.net.au \
--to=horms@verge.net.au \
--cc=brouer@redhat.com \
--cc=hans.schillstrom@ericsson.com \
--cc=ja@ssi.bg \
--cc=lvs-devel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.