diff options
| author | Julian Anastasov <ja@ssi.bg> | 2011-02-08 19:26:38 -0500 |
|---|---|---|
| committer | Simon Horman <horms@verge.net.au> | 2011-02-15 17:00:33 -0500 |
| commit | 6cb90db502c5f276c8d6256762cc3acde4d3bd9d (patch) | |
| tree | 87ebaf22cd6006bbb15b071b1f4363117237a6e7 /net/netfilter/ipvs/ip_vs_core.c | |
| parent | 16a7fd323f93eab88df79fc647575ae9789037c2 (diff) | |
ipvs: remove extra lookups for ICMP packets
Remove code that should not be called anymore.
Now when ip_vs_out handles replies for local clients at
LOCAL_IN hook we do not need to call conn_out_get and
handle_response_icmp from ip_vs_in_icmp* because such
lookups were already performed for the ICMP packet and no
connection was found.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'net/netfilter/ipvs/ip_vs_core.c')
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_core.c | 28 |
1 files changed, 3 insertions, 25 deletions
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index 4d06617fab6..2d1f932add4 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c | |||
| @@ -729,7 +729,7 @@ void ip_vs_nat_icmp_v6(struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
| 729 | #endif | 729 | #endif |
| 730 | 730 | ||
| 731 | /* Handle relevant response ICMP messages - forward to the right | 731 | /* Handle relevant response ICMP messages - forward to the right |
| 732 | * destination host. Used for NAT and local client. | 732 | * destination host. |
| 733 | */ | 733 | */ |
| 734 | static int handle_response_icmp(int af, struct sk_buff *skb, | 734 | static int handle_response_icmp(int af, struct sk_buff *skb, |
| 735 | union nf_inet_addr *snet, | 735 | union nf_inet_addr *snet, |
| @@ -979,7 +979,6 @@ static inline int is_tcp_reset(const struct sk_buff *skb, int nh_len) | |||
| 979 | } | 979 | } |
| 980 | 980 | ||
| 981 | /* Handle response packets: rewrite addresses and send away... | 981 | /* Handle response packets: rewrite addresses and send away... |
| 982 | * Used for NAT and local client. | ||
| 983 | */ | 982 | */ |
| 984 | static unsigned int | 983 | static unsigned int |
| 985 | handle_response(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd, | 984 | handle_response(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd, |
| @@ -1280,7 +1279,6 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
| 1280 | struct ip_vs_protocol *pp; | 1279 | struct ip_vs_protocol *pp; |
| 1281 | struct ip_vs_proto_data *pd; | 1280 | struct ip_vs_proto_data *pd; |
| 1282 | unsigned int offset, ihl, verdict; | 1281 | unsigned int offset, ihl, verdict; |
| 1283 | union nf_inet_addr snet; | ||
| 1284 | 1282 | ||
| 1285 | *related = 1; | 1283 | *related = 1; |
| 1286 | 1284 | ||
| @@ -1339,17 +1337,8 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
| 1339 | ip_vs_fill_iphdr(AF_INET, cih, &ciph); | 1337 | ip_vs_fill_iphdr(AF_INET, cih, &ciph); |
| 1340 | /* The embedded headers contain source and dest in reverse order */ | 1338 | /* The embedded headers contain source and dest in reverse order */ |
| 1341 | cp = pp->conn_in_get(AF_INET, skb, &ciph, offset, 1); | 1339 | cp = pp->conn_in_get(AF_INET, skb, &ciph, offset, 1); |
| 1342 | if (!cp) { | 1340 | if (!cp) |
| 1343 | /* The packet could also belong to a local client */ | ||
| 1344 | cp = pp->conn_out_get(AF_INET, skb, &ciph, offset, 1); | ||
| 1345 | if (cp) { | ||
| 1346 | snet.ip = iph->saddr; | ||
| 1347 | return handle_response_icmp(AF_INET, skb, &snet, | ||
| 1348 | cih->protocol, cp, pp, | ||
| 1349 | offset, ihl); | ||
| 1350 | } | ||
| 1351 | return NF_ACCEPT; | 1341 | return NF_ACCEPT; |
| 1352 | } | ||
| 1353 | 1342 | ||
| 1354 | verdict = NF_DROP; | 1343 | verdict = NF_DROP; |
| 1355 | 1344 | ||
| @@ -1395,7 +1384,6 @@ ip_vs_in_icmp_v6(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
| 1395 | struct ip_vs_protocol *pp; | 1384 | struct ip_vs_protocol *pp; |
| 1396 | struct ip_vs_proto_data *pd; | 1385 | struct ip_vs_proto_data *pd; |
| 1397 | unsigned int offset, verdict; | 1386 | unsigned int offset, verdict; |
| 1398 | union nf_inet_addr snet; | ||
| 1399 | struct rt6_info *rt; | 1387 | struct rt6_info *rt; |
| 1400 | 1388 | ||
| 1401 | *related = 1; | 1389 | *related = 1; |
| @@ -1455,18 +1443,8 @@ ip_vs_in_icmp_v6(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
| 1455 | ip_vs_fill_iphdr(AF_INET6, cih, &ciph); | 1443 | ip_vs_fill_iphdr(AF_INET6, cih, &ciph); |
| 1456 | /* The embedded headers contain source and dest in reverse order */ | 1444 | /* The embedded headers contain source and dest in reverse order */ |
| 1457 | cp = pp->conn_in_get(AF_INET6, skb, &ciph, offset, 1); | 1445 | cp = pp->conn_in_get(AF_INET6, skb, &ciph, offset, 1); |
| 1458 | if (!cp) { | 1446 | if (!cp) |
| 1459 | /* The packet could also belong to a local client */ | ||
| 1460 | cp = pp->conn_out_get(AF_INET6, skb, &ciph, offset, 1); | ||
| 1461 | if (cp) { | ||
| 1462 | ipv6_addr_copy(&snet.in6, &iph->saddr); | ||
| 1463 | return handle_response_icmp(AF_INET6, skb, &snet, | ||
| 1464 | cih->nexthdr, | ||
| 1465 | cp, pp, offset, | ||
| 1466 | sizeof(struct ipv6hdr)); | ||
| 1467 | } | ||
| 1468 | return NF_ACCEPT; | 1447 | return NF_ACCEPT; |
| 1469 | } | ||
| 1470 | 1448 | ||
| 1471 | verdict = NF_DROP; | 1449 | verdict = NF_DROP; |
| 1472 | 1450 | ||