[NF+IPsec 1/6]: Remove okfn usage in ip_vs

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [NF+IPsec 1/6]: Remove okfn usage in ip_vs_core.c
@ 2005-10-17  0:22 Patrick McHardy
  2005-10-22 13:45 ` Julian Anastasov
  0 siblings, 1 reply; 2+ messages in thread
From: Patrick McHardy @ 2005-10-17  0:22 UTC (permalink / raw)
  To: Netfilter Development Mailinglist; +Cc: Kernel Netdev Mailing List, Herbert Xu

[-- Attachment #1: Type: text/plain, Size: 366 bytes --]

This is my current set of netfilter+IPsec patches with Herbert's
suggestions incorporated. Changes since the last posted patches:

- remove okfn use in ipvs and ip_conntrack to avoid deep
   callchains with IPsec
- only pass packets to netfilter after tunnel mode transforms,
   except for once in plain before encapsulation or after
   decapsulation.
- NAT support

[-- Attachment #2: 01.diff --]
[-- Type: text/x-patch, Size: 991 bytes --]

[NETFILTER]: Remove okfn usage in ip_vs_core.c

okfn should only be used from different contexts, i.e. by nf_queue.

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 12a6be7122de1d1039298adc6f401b3edf8788e5
tree dff6bfdcfc17dd7eb497bfdcb40214086bcc815c
parent 7a3ca7d2b5ec31b2cfa594b961d77e68075e33c7
author Patrick McHardy <kaber@trash.net> Sun, 16 Oct 2005 16:11:23 +0200
committer Patrick McHardy <kaber@trash.net> Sun, 16 Oct 2005 16:11:23 +0200

 net/ipv4/ipvs/ip_vs_core.c |    5 +----
 1 files changed, 1 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -532,11 +532,8 @@ static unsigned int ip_vs_post_routing(u
 {
 	if (!((*pskb)->ipvs_property))
 		return NF_ACCEPT;
-
 	/* The packet was sent from IPVS, exit this chain */
-	(*okfn)(*pskb);
-
-	return NF_STOLEN;
+	return NF_STOP;
 }
 
 u16 ip_vs_checksum_complete(struct sk_buff *skb, int offset)

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [NF+IPsec 1/6]: Remove okfn usage in ip_vs_core.c
  2005-10-17  0:22 [NF+IPsec 1/6]: Remove okfn usage in ip_vs_core.c Patrick McHardy
@ 2005-10-22 13:45 ` Julian Anastasov
  0 siblings, 0 replies; 2+ messages in thread
From: Julian Anastasov @ 2005-10-22 13:45 UTC (permalink / raw)
  To: Patrick McHardy
  Cc: Kernel Netdev Mailing List, Netfilter Development Mailinglist,
	Herbert Xu


	Hello,

On Mon, 17 Oct 2005, Patrick McHardy wrote:

> This is my current set of netfilter+IPsec patches with Herbert's
> suggestions incorporated. Changes since the last posted patches:
>
> - remove okfn use in ipvs and ip_conntrack to avoid deep
>    callchains with IPsec

	Such NF_STOP usage in IPVS looks ok

Acked-by: Julian Anastasov <ja@ssi.bg>

> - only pass packets to netfilter after tunnel mode transforms,
>    except for once in plain before encapsulation or after
>    decapsulation.
> - NAT support

Regards

--
Julian Anastasov <ja@ssi.bg>

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2005-10-22 13:45 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-10-17  0:22 [NF+IPsec 1/6]: Remove okfn usage in ip_vs_core.c Patrick McHardy
2005-10-22 13:45 ` Julian Anastasov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).