2 files changed, 45 insertions, 1 deletions
diff --git a/include/linux/ip_vs.h b/include/linux/ip_vs.h
index 003d75f6ffe1..df7728613720 100644
--- a/include/linux/ip_vs.h
+++ b/include/linux/ip_vs.h
@@ -90,10 +90,12 @@
 #define IP_VS_CONN_F_ONE_PACKET 0x2000          /* forward only one packet */
 /* Flags that are not sent to backup server start from bit 16 */
+#define IP_VS_CONN_F_NFCT       (1 << 16)       /* use netfilter conntrack */
 /* Connection flags from destination that can be changed by user space */
 #define IP_VS_CONN_F_DEST_MASK (IP_VS_CONN_F_FWD_MASK | \
                                IP_VS_CONN_F_ONE_PACKET | \
+                                IP_VS_CONN_F_NFCT | \
                                0)
 #define IP_VS_SCHEDNAME_MAXLEN  16
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 62698a9c1631..e8ec5231eae9 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -25,7 +25,9 @@
 #include <linux/ip.h>
 #include <linux/ipv6.h>                 /* for struct ipv6hdr */
 #include <net/ipv6.h>                   /* for ipv6_addr_copy */
+#ifdef CONFIG_IP_VS_NFCT
+#include <net/netfilter/nf_conntrack.h>
+#endif
 /* Connections' size value needed by ip_vs_ctl.c */
 extern int ip_vs_conn_tab_size;
@@ -798,6 +800,7 @@ extern int sysctl_ip_vs_expire_nodest_conn;
 extern int sysctl_ip_vs_expire_quiescent_template;
 extern int sysctl_ip_vs_sync_threshold[2];
 extern int sysctl_ip_vs_nat_icmp_send;
+extern int sysctl_ip_vs_conntrack;
 extern struct ip_vs_stats ip_vs_stats;
 extern const struct ctl_path net_vs_ctl_path[];
@@ -955,8 +958,47 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum)
        return csum_partial(diff, sizeof(diff), oldsum);
 }
+#ifdef CONFIG_IP_VS_NFCT
+/*
+ *      Netfilter connection tracking
+ *      (from ip_vs_nfct.c)
+ */
+static inline int ip_vs_conntrack_enabled(void)
+{
+        return sysctl_ip_vs_conntrack;
+}
 extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
                                   int outin);
+extern int ip_vs_confirm_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp);
+extern void ip_vs_nfct_expect_related(struct sk_buff *skb, struct nf_conn *ct,
+                                      struct ip_vs_conn *cp, u_int8_t proto,
+                                      const __be16 port, int from_rs);
+extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp);
+#else
+static inline int ip_vs_conntrack_enabled(void)
+{
+        return 0;
+}
+static inline void ip_vs_update_conntrack(struct sk_buff *skb,
+                                          struct ip_vs_conn *cp, int outin)
+{
+}
+static inline int ip_vs_confirm_conntrack(struct sk_buff *skb,
+                                          struct ip_vs_conn *cp)
+{
+        return NF_ACCEPT;
+}
+static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
+{
+}
+/* CONFIG_IP_VS_NFCT */
+#endif
 #endif /* __KERNEL__ */

diff --git a/include/linux/ip_vs.h b/include/linux/ip_vs.h index 003d75f6ffe1..df7728613720 100644 --- a/include/linux/ip_vs.h +++ b/include/linux/ip_vs.h
@@ -90,10 +90,12 @@
90	#define IP_VS_CONN_F_ONE_PACKET 0x2000 /* forward only one packet */	90	#define IP_VS_CONN_F_ONE_PACKET 0x2000 /* forward only one packet */
91		91
92	/* Flags that are not sent to backup server start from bit 16 */	92	/* Flags that are not sent to backup server start from bit 16 */
		93	#define IP_VS_CONN_F_NFCT (1 << 16) /* use netfilter conntrack */
93		94
94	/* Connection flags from destination that can be changed by user space */	95	/* Connection flags from destination that can be changed by user space */
95	#define IP_VS_CONN_F_DEST_MASK (IP_VS_CONN_F_FWD_MASK \| \	96	#define IP_VS_CONN_F_DEST_MASK (IP_VS_CONN_F_FWD_MASK \| \
96	IP_VS_CONN_F_ONE_PACKET \| \	97	IP_VS_CONN_F_ONE_PACKET \| \
		98	IP_VS_CONN_F_NFCT \| \
97	0)	99	0)
98		100
99	#define IP_VS_SCHEDNAME_MAXLEN 16	101	#define IP_VS_SCHEDNAME_MAXLEN 16


diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 62698a9c1631..e8ec5231eae9 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h
@@ -25,7 +25,9 @@
25	#include <linux/ip.h>	25	#include <linux/ip.h>
26	#include <linux/ipv6.h> /* for struct ipv6hdr */	26	#include <linux/ipv6.h> /* for struct ipv6hdr */
27	#include <net/ipv6.h> /* for ipv6_addr_copy */	27	#include <net/ipv6.h> /* for ipv6_addr_copy */
28		28	#ifdef CONFIG_IP_VS_NFCT
		29	#include <net/netfilter/nf_conntrack.h>
		30	#endif
29		31
30	/* Connections' size value needed by ip_vs_ctl.c */	32	/* Connections' size value needed by ip_vs_ctl.c */
31	extern int ip_vs_conn_tab_size;	33	extern int ip_vs_conn_tab_size;
@@ -798,6 +800,7 @@ extern int sysctl_ip_vs_expire_nodest_conn;
798	extern int sysctl_ip_vs_expire_quiescent_template;	800	extern int sysctl_ip_vs_expire_quiescent_template;
799	extern int sysctl_ip_vs_sync_threshold[2];	801	extern int sysctl_ip_vs_sync_threshold[2];
800	extern int sysctl_ip_vs_nat_icmp_send;	802	extern int sysctl_ip_vs_nat_icmp_send;
		803	extern int sysctl_ip_vs_conntrack;
801	extern struct ip_vs_stats ip_vs_stats;	804	extern struct ip_vs_stats ip_vs_stats;
802	extern const struct ctl_path net_vs_ctl_path[];	805	extern const struct ctl_path net_vs_ctl_path[];
803		806
@@ -955,8 +958,47 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum)
955	return csum_partial(diff, sizeof(diff), oldsum);	958	return csum_partial(diff, sizeof(diff), oldsum);
956	}	959	}
957		960
		961	#ifdef CONFIG_IP_VS_NFCT
		962	/*
		963	* Netfilter connection tracking
		964	* (from ip_vs_nfct.c)
		965	*/
		966	static inline int ip_vs_conntrack_enabled(void)
		967	{
		968	return sysctl_ip_vs_conntrack;
		969	}
		970
958	extern void ip_vs_update_conntrack(struct sk_buff skb, struct ip_vs_conn cp,	971	extern void ip_vs_update_conntrack(struct sk_buff skb, struct ip_vs_conn cp,
959	int outin);	972	int outin);
		973	extern int ip_vs_confirm_conntrack(struct sk_buff skb, struct ip_vs_conn cp);
		974	extern void ip_vs_nfct_expect_related(struct sk_buff skb, struct nf_conn ct,
		975	struct ip_vs_conn *cp, u_int8_t proto,
		976	const __be16 port, int from_rs);
		977	extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp);
		978
		979	#else
		980
		981	static inline int ip_vs_conntrack_enabled(void)
		982	{
		983	return 0;
		984	}
		985
		986	static inline void ip_vs_update_conntrack(struct sk_buff *skb,
		987	struct ip_vs_conn *cp, int outin)
		988	{
		989	}
		990
		991	static inline int ip_vs_confirm_conntrack(struct sk_buff *skb,
		992	struct ip_vs_conn *cp)
		993	{
		994	return NF_ACCEPT;
		995	}
		996
		997	static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
		998	{
		999	}
		1000	/* CONFIG_IP_VS_NFCT */
		1001	#endif
960		1002
961	#endif /* __KERNEL__ */	1003	#endif /* __KERNEL__ */
962		1004