diff options
| -rw-r--r-- | include/net/ip_vs.h | 3 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_core.c | 1 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_ftp.c | 6 | ||||
| -rw-r--r-- | net/netfilter/ipvs/ip_vs_xmit.c | 18 |
4 files changed, 16 insertions, 12 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index a4747a0f7303..f976885f686f 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h | |||
| @@ -955,6 +955,9 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum) | |||
| 955 | return csum_partial(diff, sizeof(diff), oldsum); | 955 | return csum_partial(diff, sizeof(diff), oldsum); |
| 956 | } | 956 | } |
| 957 | 957 | ||
| 958 | extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, | ||
| 959 | int outin); | ||
| 960 | |||
| 958 | #endif /* __KERNEL__ */ | 961 | #endif /* __KERNEL__ */ |
| 959 | 962 | ||
| 960 | #endif /* _NET_IP_VS_H */ | 963 | #endif /* _NET_IP_VS_H */ |
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c index 4f8ddba48011..4c2f89df5cce 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c | |||
| @@ -924,6 +924,7 @@ handle_response(int af, struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
| 924 | 924 | ||
| 925 | ip_vs_out_stats(cp, skb); | 925 | ip_vs_out_stats(cp, skb); |
| 926 | ip_vs_set_state(cp, IP_VS_DIR_OUTPUT, skb, pp); | 926 | ip_vs_set_state(cp, IP_VS_DIR_OUTPUT, skb, pp); |
| 927 | ip_vs_update_conntrack(skb, cp, 0); | ||
| 927 | ip_vs_conn_put(cp); | 928 | ip_vs_conn_put(cp); |
| 928 | 929 | ||
| 929 | skb->ipvs_property = 1; | 930 | skb->ipvs_property = 1; |
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c index 33b329bfc2d2..7e9af5b76d9e 100644 --- a/net/netfilter/ipvs/ip_vs_ftp.c +++ b/net/netfilter/ipvs/ip_vs_ftp.c | |||
| @@ -410,7 +410,6 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
| 410 | union nf_inet_addr to; | 410 | union nf_inet_addr to; |
| 411 | __be16 port; | 411 | __be16 port; |
| 412 | struct ip_vs_conn *n_cp; | 412 | struct ip_vs_conn *n_cp; |
| 413 | struct nf_conn *ct; | ||
| 414 | 413 | ||
| 415 | #ifdef CONFIG_IP_VS_IPV6 | 414 | #ifdef CONFIG_IP_VS_IPV6 |
| 416 | /* This application helper doesn't work with IPv6 yet, | 415 | /* This application helper doesn't work with IPv6 yet, |
| @@ -497,11 +496,6 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, | |||
| 497 | ip_vs_control_add(n_cp, cp); | 496 | ip_vs_control_add(n_cp, cp); |
| 498 | } | 497 | } |
| 499 | 498 | ||
| 500 | ct = (struct nf_conn *)skb->nfct; | ||
| 501 | if (ct && ct != &nf_conntrack_untracked) | ||
| 502 | ip_vs_expect_related(skb, ct, n_cp, | ||
| 503 | IPPROTO_TCP, &n_cp->dport, 1); | ||
| 504 | |||
| 505 | /* | 499 | /* |
| 506 | * Move tunnel to listen state | 500 | * Move tunnel to listen state |
| 507 | */ | 501 | */ |
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c index 21e1a5e9b9d3..49df6bea6a2d 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c | |||
| @@ -349,8 +349,8 @@ ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 349 | } | 349 | } |
| 350 | #endif | 350 | #endif |
| 351 | 351 | ||
| 352 | static void | 352 | void |
| 353 | ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp) | 353 | ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, int outin) |
| 354 | { | 354 | { |
| 355 | struct nf_conn *ct = (struct nf_conn *)skb->nfct; | 355 | struct nf_conn *ct = (struct nf_conn *)skb->nfct; |
| 356 | struct nf_conntrack_tuple new_tuple; | 356 | struct nf_conntrack_tuple new_tuple; |
| @@ -365,11 +365,17 @@ ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp) | |||
| 365 | * real-server we will see RIP->DIP. | 365 | * real-server we will see RIP->DIP. |
| 366 | */ | 366 | */ |
| 367 | new_tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple; | 367 | new_tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple; |
| 368 | new_tuple.src.u3 = cp->daddr; | 368 | if (outin) |
| 369 | new_tuple.src.u3 = cp->daddr; | ||
| 370 | else | ||
| 371 | new_tuple.dst.u3 = cp->vaddr; | ||
| 369 | /* | 372 | /* |
| 370 | * This will also take care of UDP and other protocols. | 373 | * This will also take care of UDP and other protocols. |
| 371 | */ | 374 | */ |
| 372 | new_tuple.src.u.tcp.port = cp->dport; | 375 | if (outin) |
| 376 | new_tuple.src.u.tcp.port = cp->dport; | ||
| 377 | else | ||
| 378 | new_tuple.dst.u.tcp.port = cp->vport; | ||
| 373 | nf_conntrack_alter_reply(ct, &new_tuple); | 379 | nf_conntrack_alter_reply(ct, &new_tuple); |
| 374 | } | 380 | } |
| 375 | 381 | ||
| @@ -428,7 +434,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 428 | 434 | ||
| 429 | IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT"); | 435 | IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT"); |
| 430 | 436 | ||
| 431 | ip_vs_update_conntrack(skb, cp); | 437 | ip_vs_update_conntrack(skb, cp, 1); |
| 432 | 438 | ||
| 433 | /* FIXME: when application helper enlarges the packet and the length | 439 | /* FIXME: when application helper enlarges the packet and the length |
| 434 | is larger than the MTU of outgoing device, there will be still | 440 | is larger than the MTU of outgoing device, there will be still |
| @@ -506,7 +512,7 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, | |||
| 506 | 512 | ||
| 507 | IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT"); | 513 | IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT"); |
| 508 | 514 | ||
| 509 | ip_vs_update_conntrack(skb, cp); | 515 | ip_vs_update_conntrack(skb, cp, 1); |
| 510 | 516 | ||
| 511 | /* FIXME: when application helper enlarges the packet and the length | 517 | /* FIXME: when application helper enlarges the packet and the length |
| 512 | is larger than the MTU of outgoing device, there will be still | 518 | is larger than the MTU of outgoing device, there will be still |