* [NF+IPsec 1/6]: Remove okfn usage in ip_vs_core.c
@ 2005-10-17 0:22 Patrick McHardy
2005-10-22 13:45 ` Julian Anastasov
0 siblings, 1 reply; 2+ messages in thread
From: Patrick McHardy @ 2005-10-17 0:22 UTC (permalink / raw)
To: Netfilter Development Mailinglist; +Cc: Kernel Netdev Mailing List, Herbert Xu
[-- Attachment #1: Type: text/plain, Size: 366 bytes --]
This is my current set of netfilter+IPsec patches with Herbert's
suggestions incorporated. Changes since the last posted patches:
- remove okfn use in ipvs and ip_conntrack to avoid deep
callchains with IPsec
- only pass packets to netfilter after tunnel mode transforms,
except for once in plain before encapsulation or after
decapsulation.
- NAT support
[-- Attachment #2: 01.diff --]
[-- Type: text/x-patch, Size: 991 bytes --]
[NETFILTER]: Remove okfn usage in ip_vs_core.c
okfn should only be used from different contexts, i.e. by nf_queue.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 12a6be7122de1d1039298adc6f401b3edf8788e5
tree dff6bfdcfc17dd7eb497bfdcb40214086bcc815c
parent 7a3ca7d2b5ec31b2cfa594b961d77e68075e33c7
author Patrick McHardy <kaber@trash.net> Sun, 16 Oct 2005 16:11:23 +0200
committer Patrick McHardy <kaber@trash.net> Sun, 16 Oct 2005 16:11:23 +0200
net/ipv4/ipvs/ip_vs_core.c | 5 +----
1 files changed, 1 insertions(+), 4 deletions(-)
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -532,11 +532,8 @@ static unsigned int ip_vs_post_routing(u
{
if (!((*pskb)->ipvs_property))
return NF_ACCEPT;
-
/* The packet was sent from IPVS, exit this chain */
- (*okfn)(*pskb);
-
- return NF_STOLEN;
+ return NF_STOP;
}
u16 ip_vs_checksum_complete(struct sk_buff *skb, int offset)
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [NF+IPsec 1/6]: Remove okfn usage in ip_vs_core.c
2005-10-17 0:22 [NF+IPsec 1/6]: Remove okfn usage in ip_vs_core.c Patrick McHardy
@ 2005-10-22 13:45 ` Julian Anastasov
0 siblings, 0 replies; 2+ messages in thread
From: Julian Anastasov @ 2005-10-22 13:45 UTC (permalink / raw)
To: Patrick McHardy
Cc: Kernel Netdev Mailing List, Netfilter Development Mailinglist,
Herbert Xu
Hello,
On Mon, 17 Oct 2005, Patrick McHardy wrote:
> This is my current set of netfilter+IPsec patches with Herbert's
> suggestions incorporated. Changes since the last posted patches:
>
> - remove okfn use in ipvs and ip_conntrack to avoid deep
> callchains with IPsec
Such NF_STOP usage in IPVS looks ok
Acked-by: Julian Anastasov <ja@ssi.bg>
> - only pass packets to netfilter after tunnel mode transforms,
> except for once in plain before encapsulation or after
> decapsulation.
> - NAT support
Regards
--
Julian Anastasov <ja@ssi.bg>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-10-22 13:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-17 0:22 [NF+IPsec 1/6]: Remove okfn usage in ip_vs_core.c Patrick McHardy
2005-10-22 13:45 ` Julian Anastasov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).