2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-11 23:23:52 +08:00
linux-next/net/netfilter/ipvs
Julian Anastasov afb523c547 ipvs: restore support for iptables SNAT
Fix the IPVS priority in LOCAL_IN hook,
so that SNAT target in POSTROUTING is supported for IPVS
traffic as in 2.6.36 where it worked depending on
module load order.

	Before 2.6.37 we used priority 100 in LOCAL_IN to
process remote requests. We used the same priority as
iptables SNAT and if IPVS handlers are installed before
SNAT handlers we supported SNAT in POSTROUTING for the IPVS
traffic. If SNAT is installed before IPVS, the netfilter
handlers are before IPVS and netfilter checks the NAT
table twice for the IPVS requests: once in LOCAL_IN where
IPS_SRC_NAT_DONE is set and second time in POSTROUTING
where the SNAT rules are ignored because IPS_SRC_NAT_DONE
was already set in LOCAL_IN.

	But in 2.6.37 we changed the IPVS priority for
LOCAL_IN with the goal to be unique (101) forgetting the
fact that for IPVS traffic we should not walk both
LOCAL_IN and POSTROUTING nat tables.

	So, change the priority for processing remote
IPVS requests from 101 to 99, i.e. before NAT_SRC (100)
because we prefer to support SNAT in POSTROUTING
instead of LOCAL_IN. It also moves the priority for
IPVS replies from 99 to 98. Use constants instead of
magic numbers at these places.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-06-06 01:35:13 +02:00
..
ip_vs_app.c IPVS: fix netns if reading ip_vs_* procfs entries 2011-05-15 17:27:18 +02:00
ip_vs_conn.c IPVS: fix netns if reading ip_vs_* procfs entries 2011-05-15 17:27:18 +02:00
ip_vs_core.c ipvs: restore support for iptables SNAT 2011-06-06 01:35:13 +02:00
ip_vs_ctl.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-17 17:33:11 -04:00
ip_vs_dh.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip_vs_est.c IPVS: init and cleanup restructuring 2011-05-10 09:52:47 +02:00
ip_vs_ftp.c IPVS: bug in ip_vs_ftp, same list heaad used in all netns. 2011-05-27 13:37:46 +02:00
ip_vs_lblc.c Fix common misspellings 2011-03-31 11:26:23 -03:00
ip_vs_lblcr.c Fix common misspellings 2011-03-31 11:26:23 -03:00
ip_vs_lc.c ipvs: unify the formula to estimate the overhead of processing connections 2011-02-25 11:35:41 +09:00
ip_vs_nfct.c IPVS: netns, connection hash got net as param. 2011-01-13 10:30:28 +09:00
ip_vs_nq.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_pe_sip.c netfilter:ipvs: use kmemdup 2011-03-15 09:36:49 +09:00
ip_vs_pe.c IPVS: Backup, Adding Version 1 receive capability 2010-11-25 10:42:59 +09:00
ip_vs_proto_ah_esp.c IPVS: netns, connection hash got net as param. 2011-01-13 10:30:28 +09:00
ip_vs_proto_sctp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
ip_vs_proto_tcp.c IPVS: netns, ip_vs_ctl local vars moved to ipvs struct. 2011-01-13 10:30:28 +09:00
ip_vs_proto_udp.c IPVS: netns, ip_vs_ctl local vars moved to ipvs struct. 2011-01-13 10:30:28 +09:00
ip_vs_proto.c IPVS: init and cleanup restructuring 2011-05-10 09:52:47 +02:00
ip_vs_rr.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_sched.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_sed.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_sh.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_sync.c IPVS: init and cleanup restructuring 2011-05-10 09:52:47 +02:00
ip_vs_wlc.c ipvs: unify the formula to estimate the overhead of processing connections 2011-02-25 11:35:41 +09:00
ip_vs_wrr.c ipvs: make "no destination available" message more informative 2011-02-16 14:53:33 +09:00
ip_vs_xmit.c ipvs: Remove all remaining references to rt->rt_{src,dst} 2011-05-12 18:24:46 -04:00
Kconfig netfilter: fix IP_VS dependencies 2010-11-18 13:14:33 -08:00
Makefile IPVS: sip persistence engine 2010-10-04 22:45:24 +09:00