← Back to branch summary

~ubuntu-branches/ubuntu/quantal/linux-linaro-mx51/quantal

« back to all changes in this revision

Viewing changes to net/netfilter/ipvs/ip_vs_core.c

  • Committer: Package Import Robot
  • Author(s): John Rigby, John Rigby
  • Date: 2011-09-26 10:44:23 UTC
  • Revision ID: package-import@ubuntu.com-20110926104423-3o58a3c1bj7x00rs
Tags: 3.0.0-1007.9
https://launchpad.net/bugs/826021
[ John Rigby ]

Enable crypto modules and remove crypto-modules from
exclude-module files
LP: #826021

Show diffs side-by-side

added added

removed removed

Lines of Context:
net/netfilter/ipvs/ip_vs_core.c
1382
1382
        ip_vs_in_stats(cp, skb);
1383
1383
        if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol)
1384
1384
                offset += 2 * sizeof(__u16);
1385
 
        verdict = ip_vs_icmp_xmit(skb, cp, pp, offset);
1386
 
        /* LOCALNODE from FORWARD hook is not supported */
1387
 
        if (verdict == NF_ACCEPT && hooknum == NF_INET_FORWARD &&
1388
 
            skb_rtable(skb)->rt_flags & RTCF_LOCAL) {
1389
 
                IP_VS_DBG(1, "%s(): "
1390
 
                          "local delivery to %pI4 but in FORWARD\n",
1391
 
                          __func__, &skb_rtable(skb)->rt_dst);
1392
 
                verdict = NF_DROP;
1393
 
        }
 
1385
        verdict = ip_vs_icmp_xmit(skb, cp, pp, offset, hooknum);
1394
1386
 
1395
1387
  out:
1396
1388
        __ip_vs_conn_put(cp);
1412
1404
        struct ip_vs_protocol *pp;
1413
1405
        struct ip_vs_proto_data *pd;
1414
1406
        unsigned int offset, verdict;
1415
 
        struct rt6_info *rt;
1416
1407
 
1417
1408
        *related = 1;
1418
1409
 
1474
1465
        if (!cp)
1475
1466
                return NF_ACCEPT;
1476
1467
 
1477
 
        verdict = NF_DROP;
1478
 
 
1479
1468
        /* do the statistics and put it back */
1480
1469
        ip_vs_in_stats(cp, skb);
1481
1470
        if (IPPROTO_TCP == cih->nexthdr || IPPROTO_UDP == cih->nexthdr ||
1482
1471
            IPPROTO_SCTP == cih->nexthdr)
1483
1472
                offset += 2 * sizeof(__u16);
1484
 
        verdict = ip_vs_icmp_xmit_v6(skb, cp, pp, offset);
1485
 
        /* LOCALNODE from FORWARD hook is not supported */
1486
 
        if (verdict == NF_ACCEPT && hooknum == NF_INET_FORWARD &&
1487
 
            (rt = (struct rt6_info *) skb_dst(skb)) &&
1488
 
            rt->rt6i_dev && rt->rt6i_dev->flags & IFF_LOOPBACK) {
1489
 
                IP_VS_DBG(1, "%s(): "
1490
 
                          "local delivery to %pI6 but in FORWARD\n",
1491
 
                          __func__, &rt->rt6i_dst);
1492
 
                verdict = NF_DROP;
1493
 
        }
 
1473
        verdict = ip_vs_icmp_xmit_v6(skb, cp, pp, offset, hooknum);
1494
1474
 
1495
1475
        __ip_vs_conn_put(cp);
1496
1476
 
1792
1772
                .owner          = THIS_MODULE,
1793
1773
                .pf             = PF_INET,
1794
1774
                .hooknum        = NF_INET_LOCAL_IN,
1795
 
                .priority       = 99,
 
1775
                .priority       = NF_IP_PRI_NAT_SRC - 2,
1796
1776
        },
1797
1777
        /* After packet filtering, forward packet through VS/DR, VS/TUN,
1798
1778
         * or VS/NAT(change destination), so that filtering rules can be
1802
1782
                .owner          = THIS_MODULE,
1803
1783
                .pf             = PF_INET,
1804
1784
                .hooknum        = NF_INET_LOCAL_IN,
1805
 
                .priority       = 101,
 
1785
                .priority       = NF_IP_PRI_NAT_SRC - 1,
1806
1786
        },
1807
1787
        /* Before ip_vs_in, change source only for VS/NAT */
1808
1788
        {
1810
1790
                .owner          = THIS_MODULE,
1811
1791
                .pf             = PF_INET,
1812
1792
                .hooknum        = NF_INET_LOCAL_OUT,
1813
 
                .priority       = -99,
 
1793
                .priority       = NF_IP_PRI_NAT_DST + 1,
1814
1794
        },
1815
1795
        /* After mangle, schedule and forward local requests */
1816
1796
        {
1818
1798
                .owner          = THIS_MODULE,
1819
1799
                .pf             = PF_INET,
1820
1800
                .hooknum        = NF_INET_LOCAL_OUT,
1821
 
                .priority       = -98,
 
1801
                .priority       = NF_IP_PRI_NAT_DST + 2,
1822
1802
        },
1823
1803
        /* After packet filtering (but before ip_vs_out_icmp), catch icmp
1824
1804
         * destined for 0.0.0.0/0, which is for incoming IPVS connections */
1844
1824
                .owner          = THIS_MODULE,
1845
1825
                .pf             = PF_INET6,
1846
1826
                .hooknum        = NF_INET_LOCAL_IN,
1847
 
                .priority       = 99,
 
1827
                .priority       = NF_IP6_PRI_NAT_SRC - 2,
1848
1828
        },
1849
1829
        /* After packet filtering, forward packet through VS/DR, VS/TUN,
1850
1830
         * or VS/NAT(change destination), so that filtering rules can be
1854
1834
                .owner          = THIS_MODULE,
1855
1835
                .pf             = PF_INET6,
1856
1836
                .hooknum        = NF_INET_LOCAL_IN,
1857
 
                .priority       = 101,
 
1837
                .priority       = NF_IP6_PRI_NAT_SRC - 1,
1858
1838
        },
1859
1839
        /* Before ip_vs_in, change source only for VS/NAT */
1860
1840
        {
1862
1842
                .owner          = THIS_MODULE,
1863
1843
                .pf             = PF_INET,
1864
1844
                .hooknum        = NF_INET_LOCAL_OUT,
1865
 
                .priority       = -99,
 
1845
                .priority       = NF_IP6_PRI_NAT_DST + 1,
1866
1846
        },
1867
1847
        /* After mangle, schedule and forward local requests */
1868
1848
        {
1870
1850
                .owner          = THIS_MODULE,
1871
1851
                .pf             = PF_INET6,
1872
1852
                .hooknum        = NF_INET_LOCAL_OUT,
1873
 
                .priority       = -98,
 
1853
                .priority       = NF_IP6_PRI_NAT_DST + 2,
1874
1854
        },
1875
1855
        /* After packet filtering (but before ip_vs_out_icmp), catch icmp
1876
1856
         * destined for 0.0.0.0/0, which is for incoming IPVS connections */
1965
1945
{
1966
1946
        EnterFunction(2);
1967
1947
        net_ipvs(net)->enable = 0;      /* Disable packet reception */
 
1948
        smp_wmb();
1968
1949
        __ip_vs_sync_cleanup(net);
1969
1950
        LeaveFunction(2);
1970
1951
}