Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 78300
b: refs/heads/master
c: 41c5b31
h: refs/heads/master
v: v3
  • Loading branch information
Patrick McHardy authored and David S. Miller committed Jan 28, 2008
1 parent 4216033 commit 7abc76c
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 92 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: 279c2c74b6a26fbd8c3dc100a59c3ac0ff7559fa
refs/heads/master: 41c5b317036fcb593d14b4dfd12e3318faf3af8a
104 changes: 39 additions & 65 deletions trunk/net/ipv4/ipvs/ip_vs_core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1025,43 +1025,42 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb,
}


/* After packet filtering, forward packet through VS/DR, VS/TUN,
or VS/NAT(change destination), so that filtering rules can be
applied to IPVS. */
static struct nf_hook_ops ip_vs_in_ops = {
.hook = ip_vs_in,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_LOCAL_IN,
.priority = 100,
};

/* After packet filtering, change source only for VS/NAT */
static struct nf_hook_ops ip_vs_out_ops = {
.hook = ip_vs_out,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = 100,
};

/* After packet filtering (but before ip_vs_out_icmp), catch icmp
destined for 0.0.0.0/0, which is for incoming IPVS connections */
static struct nf_hook_ops ip_vs_forward_icmp_ops = {
.hook = ip_vs_forward_icmp,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = 99,
};

/* Before the netfilter connection tracking, exit from POST_ROUTING */
static struct nf_hook_ops ip_vs_post_routing_ops = {
.hook = ip_vs_post_routing,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP_PRI_NAT_SRC-1,
static struct nf_hook_ops ip_vs_ops[] = {
/* After packet filtering, forward packet through VS/DR, VS/TUN,
* or VS/NAT(change destination), so that filtering rules can be
* applied to IPVS. */
{
.hook = ip_vs_in,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_LOCAL_IN,
.priority = 100,
},
/* After packet filtering, change source only for VS/NAT */
{
.hook = ip_vs_out,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = 100,
},
/* After packet filtering (but before ip_vs_out_icmp), catch icmp
* destined for 0.0.0.0/0, which is for incoming IPVS connections */
{
.hook = ip_vs_forward_icmp,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_FORWARD,
.priority = 99,
},
/* Before the netfilter connection tracking, exit from POST_ROUTING */
{
.hook = ip_vs_post_routing,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP_PRI_NAT_SRC-1,
},
};


Expand Down Expand Up @@ -1092,37 +1091,15 @@ static int __init ip_vs_init(void)
goto cleanup_app;
}

ret = nf_register_hook(&ip_vs_in_ops);
ret = nf_register_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));
if (ret < 0) {
IP_VS_ERR("can't register in hook.\n");
IP_VS_ERR("can't register hooks.\n");
goto cleanup_conn;
}

ret = nf_register_hook(&ip_vs_out_ops);
if (ret < 0) {
IP_VS_ERR("can't register out hook.\n");
goto cleanup_inops;
}
ret = nf_register_hook(&ip_vs_post_routing_ops);
if (ret < 0) {
IP_VS_ERR("can't register post_routing hook.\n");
goto cleanup_outops;
}
ret = nf_register_hook(&ip_vs_forward_icmp_ops);
if (ret < 0) {
IP_VS_ERR("can't register forward_icmp hook.\n");
goto cleanup_postroutingops;
}

IP_VS_INFO("ipvs loaded.\n");
return ret;

cleanup_postroutingops:
nf_unregister_hook(&ip_vs_post_routing_ops);
cleanup_outops:
nf_unregister_hook(&ip_vs_out_ops);
cleanup_inops:
nf_unregister_hook(&ip_vs_in_ops);
cleanup_conn:
ip_vs_conn_cleanup();
cleanup_app:
Expand All @@ -1136,10 +1113,7 @@ static int __init ip_vs_init(void)

static void __exit ip_vs_cleanup(void)
{
nf_unregister_hook(&ip_vs_forward_icmp_ops);
nf_unregister_hook(&ip_vs_post_routing_ops);
nf_unregister_hook(&ip_vs_out_ops);
nf_unregister_hook(&ip_vs_in_ops);
nf_unregister_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));
ip_vs_conn_cleanup();
ip_vs_app_cleanup();
ip_vs_protocol_cleanup();
Expand Down
44 changes: 18 additions & 26 deletions trunk/net/sched/sch_ingress.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,20 +231,21 @@ ing_hook(unsigned int hook, struct sk_buff *skb,
}

/* after ipt_filter */
static struct nf_hook_ops ing_ops = {
.hook = ing_hook,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_FILTER + 1,
};

static struct nf_hook_ops ing6_ops = {
.hook = ing_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_FILTER + 1,
static struct nf_hook_ops ing_ops[] = {
{
.hook = ing_hook,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_FILTER + 1,
},
{
.hook = ing_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_FILTER + 1,
},
};

#endif
Expand All @@ -268,17 +269,11 @@ static int ingress_init(struct Qdisc *sch,struct rtattr *opt)
#ifndef CONFIG_NET_CLS_ACT
#ifdef CONFIG_NETFILTER
if (!nf_registered) {
if (nf_register_hook(&ing_ops) < 0) {
if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
printk("ingress qdisc registration error \n");
return -EINVAL;
}
nf_registered++;

if (nf_register_hook(&ing6_ops) < 0) {
printk("IPv6 ingress qdisc registration error, " \
"disabling IPv6 support.\n");
} else
nf_registered++;
}
#endif
#endif
Expand Down Expand Up @@ -385,11 +380,8 @@ static void __exit ingress_module_exit(void)
unregister_qdisc(&ingress_qdisc_ops);
#ifndef CONFIG_NET_CLS_ACT
#ifdef CONFIG_NETFILTER
if (nf_registered) {
nf_unregister_hook(&ing_ops);
if (nf_registered > 1)
nf_unregister_hook(&ing6_ops);
}
if (nf_registered)
nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
#endif
#endif
}
Expand Down

0 comments on commit 7abc76c

Please sign in to comment.