diff options
author | Julian Anastasov <ja@ssi.bg> | 2010-10-17 16:21:07 +0300 |
---|---|---|
committer | Simon Horman <horms@verge.net.au> | 2010-10-21 10:50:20 +0200 |
commit | cf356d69db0afef692cd640917bc70f708c27f14 (patch) | |
tree | 1c1e0a277ba783066e639524bbdef0c19996e8c0 /include/net | |
parent | 8b27b10f5863a5b63e46304a71aa01463d1efac4 (diff) | |
download | op-kernel-dev-cf356d69db0afef692cd640917bc70f708c27f14.zip op-kernel-dev-cf356d69db0afef692cd640917bc70f708c27f14.tar.gz |
ipvs: switch to notrack mode
Change skb->ipvs_property semantic. This is preparation
to support ip_vs_out processing in LOCAL_OUT. ipvs_property=1
will be used to avoid expensive lookups for traffic sent by
transmitters. Now when conntrack support is not used we call
ip_vs_notrack method to avoid problems in OUTPUT and
POST_ROUTING hooks instead of exiting POST_ROUTING as before.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/ip_vs.h | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index adcdba9..0e46184 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -25,7 +25,7 @@ #include <linux/ip.h> #include <linux/ipv6.h> /* for struct ipv6hdr */ #include <net/ipv6.h> /* for ipv6_addr_copy */ -#ifdef CONFIG_IP_VS_NFCT +#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) #include <net/netfilter/nf_conntrack.h> #endif @@ -1021,6 +1021,24 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum) return csum_partial(diff, sizeof(diff), oldsum); } +/* + * Forget current conntrack (unconfirmed) and attach notrack entry + */ +static inline void ip_vs_notrack(struct sk_buff *skb) +{ +#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) + enum ip_conntrack_info ctinfo; + struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo); + + if (!ct || !nf_ct_is_untracked(ct)) { + nf_reset(skb); + skb->nfct = &nf_ct_untracked_get()->ct_general; + skb->nfctinfo = IP_CT_NEW; + nf_conntrack_get(skb->nfct); + } +#endif +} + #ifdef CONFIG_IP_VS_NFCT /* * Netfilter connection tracking |