diff options
| -rw-r--r-- | include/net/ip_vs.h | 6 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_conn.c | 5 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_core.c | 8 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ctl.c | 4 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ftp.c | 5 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_sync.c | 4 |
6 files changed, 18 insertions, 14 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index d5a32e47f9d..890f01c215e 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h | |||
| @@ -382,6 +382,7 @@ struct ip_vs_conn { | |||
| 382 | union nf_inet_addr vaddr; /* virtual address */ | 382 | union nf_inet_addr vaddr; /* virtual address */ |
| 383 | union nf_inet_addr daddr; /* destination address */ | 383 | union nf_inet_addr daddr; /* destination address */ |
| 384 | volatile __u32 flags; /* status flags */ | 384 | volatile __u32 flags; /* status flags */ |
| 385 | __u32 fwmark; /* Fire wall mark from skb */ | ||
| 385 | __be16 cport; | 386 | __be16 cport; |
| 386 | __be16 vport; | 387 | __be16 vport; |
| 387 | __be16 dport; | 388 | __be16 dport; |
| @@ -720,7 +721,7 @@ extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport); | |||
| 720 | struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p, | 721 | struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p, |
| 721 | const union nf_inet_addr *daddr, | 722 | const union nf_inet_addr *daddr, |
| 722 | __be16 dport, unsigned flags, | 723 | __be16 dport, unsigned flags, |
| 723 | struct ip_vs_dest *dest); | 724 | struct ip_vs_dest *dest, __u32 fwmark); |
| 724 | extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp); | 725 | extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp); |
| 725 | 726 | ||
| 726 | extern const char * ip_vs_state_name(__u16 proto, int state); | 727 | extern const char * ip_vs_state_name(__u16 proto, int state); |
| @@ -901,7 +902,8 @@ extern int ip_vs_control_init(void); | |||
| 901 | extern void ip_vs_control_cleanup(void); | 902 | extern void ip_vs_control_cleanup(void); |
| 902 | extern struct ip_vs_dest * | 903 | extern struct ip_vs_dest * |
| 903 | ip_vs_find_dest(int af, const union nf_inet_addr *daddr, __be16 dport, | 904 | ip_vs_find_dest(int af, const union nf_inet_addr *daddr, __be16 dport, |
| 904 | const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol); | 905 | const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol, |
| 906 | __u32 fwmark); | ||
| 905 | extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp); | 907 | extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp); |
| 906 | 908 | ||
| 907 | 909 | ||
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c index 7615f9e3d95..66e4662925d 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c | |||
| @@ -613,7 +613,7 @@ struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp) | |||
| 613 | if ((cp) && (!cp->dest)) { | 613 | if ((cp) && (!cp->dest)) { |
| 614 | dest = ip_vs_find_dest(cp->af, &cp->daddr, cp->dport, | 614 | dest = ip_vs_find_dest(cp->af, &cp->daddr, cp->dport, |
| 615 | &cp->vaddr, cp->vport, | 615 | &cp->vaddr, cp->vport, |
| 616 | cp->protocol); | 616 | cp->protocol, cp->fwmark); |
| 617 | ip_vs_bind_dest(cp, dest); | 617 | ip_vs_bind_dest(cp, dest); |
| 618 | return dest; | 618 | return dest; |
| 619 | } else | 619 | } else |
| @@ -803,7 +803,7 @@ void ip_vs_conn_expire_now(struct ip_vs_conn *cp) | |||
| 803 | struct ip_vs_conn * | 803 | struct ip_vs_conn * |
| 804 | ip_vs_conn_new(const struct ip_vs_conn_param *p, | 804 | ip_vs_conn_new(const struct ip_vs_conn_param *p, |
| 805 | const union nf_inet_addr *daddr, __be16 dport, unsigned flags, | 805 | const union nf_inet_addr *daddr, __be16 dport, unsigned flags, |
| 806 | struct ip_vs_dest *dest) | 806 | struct ip_vs_dest *dest, __u32 fwmark) |
| 807 | { | 807 | { |
| 808 | struct ip_vs_conn *cp; | 808 | struct ip_vs_conn *cp; |
| 809 | struct ip_vs_protocol *pp = ip_vs_proto_get(p->protocol); | 809 | struct ip_vs_protocol *pp = ip_vs_proto_get(p->protocol); |
| @@ -827,6 +827,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, | |||
| 827 | &cp->daddr, daddr); | 827 | &cp->daddr, daddr); |
| 828 | cp->dport = dport; | 828 | cp->dport = dport; |
| 829 | cp->flags = flags; | 829 | cp->flags = flags; |
| 830 | cp->fwmark = fwmark; | ||
| 830 | if (flags & IP_VS_CONN_F_TEMPLATE && p->pe) { | 831 | if (flags & IP_VS_CONN_F_TEMPLATE && p->pe) { |
| 831 | ip_vs_pe_get(p->pe); | 832 | ip_vs_pe_get(p->pe); |
| 832 | cp->pe = p->pe; | 833 | cp->pe = p->pe; |
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index b4e51e9c5a0..e2bb3cd41c0 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c | |||
| @@ -293,7 +293,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, | |||
| 293 | * and thus param.pe_data will be destroyed | 293 | * and thus param.pe_data will be destroyed |
| 294 | * when the template expires */ | 294 | * when the template expires */ |
| 295 | ct = ip_vs_conn_new(¶m, &dest->addr, dport, | 295 | ct = ip_vs_conn_new(¶m, &dest->addr, dport, |
| 296 | IP_VS_CONN_F_TEMPLATE, dest); | 296 | IP_VS_CONN_F_TEMPLATE, dest, skb->mark); |
| 297 | if (ct == NULL) { | 297 | if (ct == NULL) { |
| 298 | kfree(param.pe_data); | 298 | kfree(param.pe_data); |
| 299 | return NULL; | 299 | return NULL; |
| @@ -319,7 +319,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, | |||
| 319 | */ | 319 | */ |
| 320 | ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, ports[0], | 320 | ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, ports[0], |
| 321 | &iph.daddr, ports[1], ¶m); | 321 | &iph.daddr, ports[1], ¶m); |
| 322 | cp = ip_vs_conn_new(¶m, &dest->addr, dport, flags, dest); | 322 | cp = ip_vs_conn_new(¶m, &dest->addr, dport, flags, dest, skb->mark); |
| 323 | if (cp == NULL) { | 323 | if (cp == NULL) { |
| 324 | ip_vs_conn_put(ct); | 324 | ip_vs_conn_put(ct); |
| 325 | return NULL; | 325 | return NULL; |
| @@ -423,7 +423,7 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb, | |||
| 423 | pptr[0], &iph.daddr, pptr[1], &p); | 423 | pptr[0], &iph.daddr, pptr[1], &p); |
| 424 | cp = ip_vs_conn_new(&p, &dest->addr, | 424 | cp = ip_vs_conn_new(&p, &dest->addr, |
| 425 | dest->port ? dest->port : pptr[1], | 425 | dest->port ? dest->port : pptr[1], |
| 426 | flags, dest); | 426 | flags, dest, skb->mark); |
| 427 | if (!cp) | 427 | if (!cp) |
| 428 | return NULL; | 428 | return NULL; |
| 429 | } | 429 | } |
| @@ -489,7 +489,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, | |||
| 489 | &iph.daddr, pptr[1], &p); | 489 | &iph.daddr, pptr[1], &p); |
| 490 | cp = ip_vs_conn_new(&p, &daddr, 0, | 490 | cp = ip_vs_conn_new(&p, &daddr, 0, |
| 491 | IP_VS_CONN_F_BYPASS | flags, | 491 | IP_VS_CONN_F_BYPASS | flags, |
| 492 | NULL); | 492 | NULL, skb->mark); |
| 493 | if (!cp) | 493 | if (!cp) |
| 494 | return NF_DROP; | 494 | return NF_DROP; |
| 495 | } | 495 | } |
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c index 3e92558dfcc..a5bd0027904 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c | |||
| @@ -657,12 +657,12 @@ ip_vs_lookup_dest(struct ip_vs_service *svc, const union nf_inet_addr *daddr, | |||
| 657 | struct ip_vs_dest *ip_vs_find_dest(int af, const union nf_inet_addr *daddr, | 657 | struct ip_vs_dest *ip_vs_find_dest(int af, const union nf_inet_addr *daddr, |
| 658 | __be16 dport, | 658 | __be16 dport, |
| 659 | const union nf_inet_addr *vaddr, | 659 | const union nf_inet_addr *vaddr, |
| 660 | __be16 vport, __u16 protocol) | 660 | __be16 vport, __u16 protocol, __u32 fwmark) |
| 661 | { | 661 | { |
| 662 | struct ip_vs_dest *dest; | 662 | struct ip_vs_dest *dest; |
| 663 | struct ip_vs_service *svc; | 663 | struct ip_vs_service *svc; |
| 664 | 664 | ||
| 665 | svc = ip_vs_service_get(af, 0, protocol, vaddr, vport); | 665 | svc = ip_vs_service_get(af, fwmark, protocol, vaddr, vport); |
| 666 | if (!svc) | 666 | if (!svc) |
| 667 | return NULL; | 667 | return NULL; |
| 668 | dest = ip_vs_lookup_dest(svc, daddr, dport); | 668 | dest = ip_vs_lookup_dest(svc, daddr, dport); |
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c index 75455000ad1..84aef65b37d 100644 --- a/net/netfilter/ipvs/ip_vs_ftp.c +++ b/net/netfilter/ipvs/ip_vs_ftp.c | |||
| @@ -208,7 +208,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
| 208 | n_cp = ip_vs_conn_new(&p, &from, port, | 208 | n_cp = ip_vs_conn_new(&p, &from, port, |
| 209 | IP_VS_CONN_F_NO_CPORT | | 209 | IP_VS_CONN_F_NO_CPORT | |
| 210 | IP_VS_CONN_F_NFCT, | 210 | IP_VS_CONN_F_NFCT, |
| 211 | cp->dest); | 211 | cp->dest, skb->mark); |
| 212 | if (!n_cp) | 212 | if (!n_cp) |
| 213 | return 0; | 213 | return 0; |
| 214 | 214 | ||
| @@ -365,7 +365,8 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
| 365 | if (!n_cp) { | 365 | if (!n_cp) { |
| 366 | n_cp = ip_vs_conn_new(&p, &cp->daddr, | 366 | n_cp = ip_vs_conn_new(&p, &cp->daddr, |
| 367 | htons(ntohs(cp->dport)-1), | 367 | htons(ntohs(cp->dport)-1), |
| 368 | IP_VS_CONN_F_NFCT, cp->dest); | 368 | IP_VS_CONN_F_NFCT, cp->dest, |
| 369 | skb->mark); | ||
| 369 | if (!n_cp) | 370 | if (!n_cp) |
| 370 | return 0; | 371 | return 0; |
| 371 | 372 | ||
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c index 3897d6bf3b2..47eed672dc0 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c | |||
| @@ -404,7 +404,7 @@ static void ip_vs_process_message(char *buffer, const size_t buflen) | |||
| 404 | s->dport, | 404 | s->dport, |
| 405 | (union nf_inet_addr *)&s->vaddr, | 405 | (union nf_inet_addr *)&s->vaddr, |
| 406 | s->vport, | 406 | s->vport, |
| 407 | s->protocol); | 407 | s->protocol, 0); |
| 408 | /* Set the approprite ativity flag */ | 408 | /* Set the approprite ativity flag */ |
| 409 | if (s->protocol == IPPROTO_TCP) { | 409 | if (s->protocol == IPPROTO_TCP) { |
| 410 | if (state != IP_VS_TCP_S_ESTABLISHED) | 410 | if (state != IP_VS_TCP_S_ESTABLISHED) |
| @@ -419,7 +419,7 @@ static void ip_vs_process_message(char *buffer, const size_t buflen) | |||
| 419 | } | 419 | } |
| 420 | cp = ip_vs_conn_new(¶m, | 420 | cp = ip_vs_conn_new(¶m, |
| 421 | (union nf_inet_addr *)&s->daddr, | 421 | (union nf_inet_addr *)&s->daddr, |
| 422 | s->dport, flags, dest); | 422 | s->dport, flags, dest, 0); |
| 423 | if (dest) | 423 | if (dest) |
| 424 | atomic_dec(&dest->refcnt); | 424 | atomic_dec(&dest->refcnt); |
| 425 | if (!cp) { | 425 | if (!cp) { |