X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fipvs%2Fip_vs_core.c;h=a8ccdb7976536f096122dcb659248daa0aec9fcf;hb=6a77f38946aaee1cd85eeec6cf4229b204c15071;hp=168e5b342110ad320cda453b919e9d7e3dbdb6b9;hpb=87fc8d1bb10cd459024a742c6a10961fefcef18f;p=linux-2.6.git diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 168e5b342..a8ccdb797 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c @@ -57,7 +57,6 @@ EXPORT_SYMBOL(ip_vs_conn_put); #ifdef CONFIG_IP_VS_DEBUG EXPORT_SYMBOL(ip_vs_get_debug_level); #endif -EXPORT_SYMBOL(check_for_ip_vs_out); EXPORT_SYMBOL(ip_vs_make_skb_writable); @@ -545,9 +544,9 @@ u16 ip_vs_checksum_complete(struct sk_buff *skb, int offset) } static inline struct sk_buff * -ip_vs_gather_frags(struct sk_buff *skb) +ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user) { - skb = ip_defrag(skb); + skb = ip_defrag(skb, user); if (skb) ip_send_check(skb->nh.iph); return skb; @@ -621,7 +620,7 @@ static int ip_vs_out_icmp(struct sk_buff **pskb, int *related) /* reassemble IP fragments */ if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); if (!skb) return NF_STOLEN; *pskb = skb; @@ -760,7 +759,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, /* reassemble IP fragments */ if (unlikely(iph->frag_off & __constant_htons(IP_MF|IP_OFFSET) && !pp->dont_defrag)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT); if (!skb) return NF_STOLEN; iph = skb->nh.iph; @@ -834,38 +833,14 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb, } -/* - * Check if the packet is for VS/NAT connections, then send it - * immediately. - * Called by ip_fw_compact to detect packets for VS/NAT before - * they are changed by ipchains masquerading code. - */ -unsigned int -check_for_ip_vs_out(struct sk_buff **pskb, int (*okfn)(struct sk_buff *)) -{ - unsigned int ret; - - ret = ip_vs_out(NF_IP_FORWARD, pskb, NULL, NULL, NULL); - if (ret != NF_ACCEPT) { - return ret; - } else { - /* send the packet immediately if it is already mangled - by ip_vs_out */ - if ((*pskb)->nfcache & NFC_IPVS_PROPERTY) { - (*okfn)(*pskb); - return NF_STOLEN; - } - } - return NF_ACCEPT; -} - /* * Handle ICMP messages in the outside-to-inside direction (incoming). * Find any that might be relevant, check against existing connections, * forward to the right destination host if relevant. * Currently handles error types - unreachable, quench, ttl exceeded. */ -static int ip_vs_in_icmp(struct sk_buff **pskb, int *related) +static int +ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum) { struct sk_buff *skb = *pskb; struct iphdr *iph; @@ -879,7 +854,9 @@ static int ip_vs_in_icmp(struct sk_buff **pskb, int *related) /* reassemble IP fragments */ if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) { - skb = ip_vs_gather_frags(skb); + skb = ip_vs_gather_frags(skb, + hooknum == NF_IP_LOCAL_IN ? + IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD); if (!skb) return NF_STOLEN; *pskb = skb; @@ -988,7 +965,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb, iph = skb->nh.iph; if (unlikely(iph->protocol == IPPROTO_ICMP)) { - int related, verdict = ip_vs_in_icmp(pskb, &related); + int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum); if (related) return verdict; @@ -1083,7 +1060,7 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb, if ((*pskb)->nh.iph->protocol != IPPROTO_ICMP) return NF_ACCEPT; - return ip_vs_in_icmp(pskb, &r); + return ip_vs_in_icmp(pskb, &r, hooknum); }