From: Patrick McHardy <kaber@trash.net>
To: Simon Horman <horms@verge.net.au>
Cc: lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, netfilter@vger.kernel.org,
netfilter-devel@vger.kernel.org,
Malcolm Turnbull <malcolm@loadbalancer.org>,
Wensong Zhang <wensong@linux-vs.org>,
Julius Volz <julius.volz@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Hannes Eder <heder@google.com>
Subject: Re: [patch v2.3 1/4] netfilter: xt_ipvs (netfilter matcher for IPVS)
Date: Tue, 06 Jul 2010 13:32:48 +0200 [thread overview]
Message-ID: <4C331460.7050509@trash.net> (raw)
In-Reply-To: <20100704114808.459045895@vergenet.net>
Simon Horman wrote:
> From: Hannes Eder <heder@google.com>
>
> This implements the kernel-space side of the netfilter matcher xt_ipvs.
>
> @@ -0,0 +1,25 @@
> +#ifndef _XT_IPVS_H
> +#define _XT_IPVS_H
> +
> +#define XT_IPVS_IPVS_PROPERTY (1 << 0) /* all other options imply this one */
> +#define XT_IPVS_PROTO (1 << 1)
> +#define XT_IPVS_VADDR (1 << 2)
> +#define XT_IPVS_VPORT (1 << 3)
> +#define XT_IPVS_DIR (1 << 4)
> +#define XT_IPVS_METHOD (1 << 5)
> +#define XT_IPVS_VPORTCTL (1 << 6)
> +#define XT_IPVS_MASK ((1 << 7) - 1)
> +#define XT_IPVS_ONCE_MASK (XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY)
> +
> +struct xt_ipvs_mtinfo {
> + union nf_inet_addr vaddr, vmask;
> + __be16 vport;
> + __u16 l4proto;
> + __u16 fwd_method;
>
It seems you could use __u8 for both l4proto and fwd_method
and reduce the match size by 2 bytes.
> + __be16 vportctl;
> +
> + __u8 invert;
> + __u8 bitmask;
> +};
> +static bool
> +ipvs_mt(const struct sk_buff *skb, struct xt_action_param *par)
> +...
>
> + if (data->bitmask & XT_IPVS_DIR) {
> + enum ip_conntrack_info ctinfo;
> + struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
> +
> + if (ct == NULL || ct == &nf_conntrack_untracked) {
>
We're using per-cpu structures for nf_conntrack_untracked in the
current net-next/nf-next tree, so this doesn't work anymore. You
need to use nf_ct_is_untracked() instead.
> + match = false;
> + goto out_put_cp;
> + }
next prev parent reply other threads:[~2010-07-06 11:32 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-04 11:32 [patch v2.3 0/4], [patch v2.3 0/4] IPVS full NAT support + netfilter 'ipvs' match support Simon Horman
2010-07-04 11:32 ` [patch v2.3 1/4] netfilter: xt_ipvs (netfilter matcher for IPVS) Simon Horman
2010-07-06 11:32 ` Patrick McHardy [this message]
2010-07-04 11:32 ` [patch v2.3 2/4] IPVS: make friends with nf_conntrack Simon Horman
2010-07-06 11:36 ` Patrick McHardy
2010-07-04 11:32 ` [patch v2.3 3/4] IPVS: make FTP work with full NAT support Simon Horman
2010-07-06 11:43 ` Patrick McHardy
2010-07-07 6:53 ` Simon Horman
2010-07-09 15:24 ` Patrick McHardy
2010-07-10 1:54 ` Simon Horman
2010-07-04 11:32 ` [patch v2.3 4/4] libxt_ipvs: user-space lib for netfilter matcher xt_ipvs Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C331460.7050509@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=heder@google.com \
--cc=horms@verge.net.au \
--cc=julius.volz@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lvs-devel@vger.kernel.org \
--cc=malcolm@loadbalancer.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.