1. 27 9月, 2010 1 次提交
  2. 21 9月, 2010 1 次提交
    • T
      xfrm: Allow different selector family in temporary state · 8444cf71
      Thomas Egerer 提交于
      The family parameter xfrm_state_find is used to find a state matching a
      certain policy. This value is set to the template's family
      (encap_family) right before xfrm_state_find is called.
      The family parameter is however also used to construct a temporary state
      in xfrm_state_find itself which is wrong for inter-family scenarios
      because it produces a selector for the wrong family. Since this selector
      is included in the xfrm_user_acquire structure, user space programs
      misinterpret IPv6 addresses as IPv4 and vice versa.
      This patch splits up the original init_tempsel function into a part that
      initializes the selector respectively the props and id of the temporary
      state, to allow for differing ip address families whithin the state.
      Signed-off-by: NThomas Egerer <thomas.egerer@secunet.com>
      Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8444cf71
  3. 16 9月, 2010 1 次提交
  4. 09 9月, 2010 2 次提交
    • E
      udp: add rehash on connect() · 719f8358
      Eric Dumazet 提交于
      commit 30fff923 introduced in linux-2.6.33 (udp: bind() optimisation)
      added a secondary hash on UDP, hashed on (local addr, local port).
      
      Problem is that following sequence :
      
      fd = socket(...)
      connect(fd, &remote, ...)
      
      not only selects remote end point (address and port), but also sets
      local address, while UDP stack stored in secondary hash table the socket
      while its local address was INADDR_ANY (or ipv6 equivalent)
      
      Sequence is :
       - autobind() : choose a random local port, insert socket in hash tables
                    [while local address is INADDR_ANY]
       - connect() : set remote address and port, change local address to IP
                    given by a route lookup.
      
      When an incoming UDP frame comes, if more than 10 sockets are found in
      primary hash table, we switch to secondary table, and fail to find
      socket because its local address changed.
      
      One solution to this problem is to rehash datagram socket if needed.
      
      We add a new rehash(struct socket *) method in "struct proto", and
      implement this method for UDP v4 & v6, using a common helper.
      
      This rehashing only takes care of secondary hash table, since primary
      hash (based on local port only) is not changed.
      Reported-by: NKrzysztof Piotr Oledzki <ole@ans.pl>
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Tested-by: NKrzysztof Piotr Oledzki <ole@ans.pl>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      719f8358
    • J
      ipvs: fix active FTP · 6523ce15
      Julian Anastasov 提交于
      - Do not create expectation when forwarding the PORT
        command to avoid blocking the connection. The problem is that
        nf_conntrack_ftp.c:help() tries to create the same expectation later in
        POST_ROUTING and drops the packet with "dropping packet" message after
        failure in nf_ct_expect_related.
      
      - Change ip_vs_update_conntrack to alter the conntrack
        for related connections from real server. If we do not alter the reply in
        this direction the next packet from client sent to vport 20 comes as NEW
        connection. We alter it but may be some collision happens for both
        conntracks and the second conntrack gets destroyed immediately. The
        connection stucks too.
      Signed-off-by: NJulian Anastasov <ja@ssi.bg>
      Signed-off-by: NSimon Horman <horms@verge.net.au>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6523ce15
  5. 04 9月, 2010 1 次提交
  6. 25 8月, 2010 1 次提交
  7. 10 8月, 2010 3 次提交
    • M
      Bluetooth: Use 3-DH5 payload size for default ERTM max PDU size · db12d647
      Mat Martineau 提交于
      The previous value of 672 for L2CAP_DEFAULT_MAX_PDU_SIZE is based on
      the default L2CAP MTU.  That default MTU is calculated from the size
      of two DH5 packets, minus ACL and L2CAP b-frame header overhead.
      
      ERTM is used with newer basebands that typically support larger 3-DH5
      packets, and i-frames and s-frames have more header overhead.  With
      clean RF conditions, basebands will typically attempt to use 1021-byte
      3-DH5 packets for maximum throughput.  Adjusting for 2 bytes of ACL
      headers plus 10 bytes of worst-case L2CAP headers yields 1009 bytes
      of payload.
      
      This PDU size imposes less overhead for header bytes and gives the
      baseband the option to choose 3-DH5 packets, but is small enough for
      ERTM traffic to interleave well with other L2CAP or SCO data.
      672-byte payloads do not allow the most efficient over-the-air
      packet choice, and cannot achieve maximum throughput over BR/EDR.
      Signed-off-by: NMat Martineau <mathewm@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      db12d647
    • M
      Bluetooth: Change default L2CAP ERTM retransmit timeout · fa235562
      Mat Martineau 提交于
      The L2CAP specification requires that the ERTM retransmit timeout be at
      least 2 seconds for BR/EDR connections.
      Signed-off-by: NMat Martineau <mathewm@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      fa235562
    • R
      net/sock.h: add missing kernel-doc notation · 53c3fa20
      Randy Dunlap 提交于
      Add missing kernel-doc notation to struct sock:
      
      Warning(include/net/sock.h:324): No description found for parameter 'sk_peer_pid'
      Warning(include/net/sock.h:324): No description found for parameter 'sk_peer_cred'
      Warning(include/net/sock.h:324): No description found for parameter 'sk_classid'
      Warning(include/net/sock.h:324): Excess struct/union/enum/typedef member 'sk_peercred' description in 'sock'
      Signed-off-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      53c3fa20
  8. 03 8月, 2010 11 次提交
    • A
      net/9p: Implement TXATTRCREATE 9p call · eda25e46
      Aneesh Kumar K.V 提交于
      TXATTRCREATE:  Prepare a fid for setting xattr value on a file system object.
      
       size[4] TXATTRCREATE tag[2] fid[4] name[s] attr_size[8] flags[4]
       size[4] RXATTRCREATE tag[2]
      
      txattrcreate gets a fid pointing to xattr. This fid can later be
      used to set the xattr value.
      
      flag value is derived from set Linux setxattr. The manpage says
      "The flags parameter can be used to refine the semantics of the operation.
      XATTR_CREATE specifies a pure create, which fails if the named attribute
      exists already. XATTR_REPLACE specifies a pure replace operation, which
      fails if the named attribute does not already exist. By default (no flags),
      the extended attribute will be created if need be, or will simply replace
      the value if the attribute exists."
      
      The actual setxattr operation happens when the fid is clunked. At that point
      the written byte count and the attr_size specified in TXATTRCREATE should be
      same otherwise an error will be returned.
      Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      eda25e46
    • A
      net/9p: Implement attrwalk 9p call · 0ef63f34
      Aneesh Kumar K.V 提交于
      TXATTRWALK: Descend a ATTR namespace
      
       size[4] TXATTRWALK tag[2] fid[4] newfid[4] name[s]
       size[4] RXATTRWALK tag[2] size[8]
      
      txattrwalk gets a fid pointing to xattr. This fid can later be
      used to read the xattr value. If name is NULL the fid returned
      can be used to get the list of extended attribute associated to
      the file system object.
      Signed-off-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      0ef63f34
    • M
      9p: Implement LOPEN · ef56547e
      M. Mohan Kumar 提交于
      Implement 9p2000.L version of open(LOPEN) interface in 9p client.
      
      For LOPEN, no need to convert the flags to and from 9p mode to VFS mode.
      
      Synopsis:
      
          size[4] Tlopen tag[2] fid[4] mode[4]
      
          size[4] Rlopen tag[2] qid[13] iounit[4]
      
      [Fix mode bit format - jvrao@linux.vnet.ibm.com]
      Signed-off-by: NM. Mohan Kumar <mohan@in.ibm.com>
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbegren <ericvh@gmail.com>
      ef56547e
    • V
      fs/9p: This patch implements TLCREATE for 9p2000.L protocol. · 5643135a
      Venkateswararao Jujjuri (JV) 提交于
      SYNOPSIS
      
          size[4] Tlcreate tag[2] fid[4] name[s] flags[4] mode[4] gid[4]
      
          size[4] Rlcreate tag[2] qid[13] iounit[4]
      
      DESCRIPTION
      
      The Tlreate request asks the file server to create a new regular file with the
      name supplied, in the directory (dir) represented by fid.
      The mode argument specifies the permissions to use. New file is created with
      the uid if the fid and with supplied gid.
      
      The flags argument represent Linux access mode flags with which the caller
      is requesting to open the file with. Protocol allows all the Linux access
      modes but it is upto the server to allow/disallow any of these acess modes.
      If the server doesn't support any of the access mode, it is expected to
      return error.
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      5643135a
    • M
      9p: Implement TMKDIR · 01a622bd
      M. Mohan Kumar 提交于
      Implement TMKDIR as part of 2000.L Work
      
      Synopsis
      
          size[4] Tmkdir tag[2] fid[4] name[s] mode[4] gid[4]
      
          size[4] Rmkdir tag[2] qid[13]
      
      Description
      
          mkdir asks the file server to create a directory with given name,
          mode and gid. The qid for the new directory is returned with
          the mkdir reply message.
      
      Note: 72 is selected as the opcode for TMKDIR from the reserved list.
      Signed-off-by: NM. Mohan Kumar <mohan@in.ibm.com>
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      01a622bd
    • M
      9p: Implement TMKNOD · 4b43516a
      M. Mohan Kumar 提交于
      Synopsis
      
          size[4] Tmknod tag[2] fid[4] name[s] mode[4] major[4] minor[4] gid[4]
      
          size[4] Rmknod tag[2] qid[13]
      
      Description
      
          mknod asks the file server to create a device node with given major and
          minor number, mode and gid. The qid for the new device node is returned
          with the mknod reply message.
      
      [sripathik@in.ibm.com: Fix error handling code]
      Signed-off-by: NM. Mohan Kumar <mohan@in.ibm.com>
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      4b43516a
    • V
      9p: Define and implement TSYMLINK for 9P2000.L · 50cc42ff
      Venkateswararao Jujjuri (JV) 提交于
      Create a symbolic link
      
      SYNOPSIS
      
      size[4] Tsymlink tag[2] fid[4] name[s] symtgt[s] gid[4]
      
      size[4] Rsymlink tag[2] qid[13]
      
      DESCRIPTION
      
      Create a symbolic link named 'name' pointing to 'symtgt'.
      gid represents the effective group id of the caller.
      The  permissions of a symbolic link are irrelevant hence it is omitted
      from the protocol.
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Reviewed-by: NSripathi Kodi <sripathik@in.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      50cc42ff
    • V
      9p: Define and implement TLINK for 9P2000.L · 652df9a7
      Venkateswararao Jujjuri (JV) 提交于
      This patch adds a helper function to get the dentry from inode and
      uses it in creating a Hardlink
      
      SYNOPSIS
      
      size[4] Tlink tag[2] dfid[4] oldfid[4] newpath[s]
      
      size[4] Rlink tag[2]
      
      DESCRIPTION
      
      Create a link 'newpath' in directory pointed by dfid linking to oldfid path.
      
      [sripathik@in.ibm.com : p9_client_link should not free req structure
      if p9_client_rpc has returned an error.]
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      652df9a7
    • S
      9p: Implement client side of setattr for 9P2000.L protocol. · 87d7845a
      Sripathi Kodi 提交于
          SYNOPSIS
      
            size[4] Tsetattr tag[2] attr[n]
      
            size[4] Rsetattr tag[2]
      
          DESCRIPTION
      
            The setattr command changes some of the file status information.
            attr resembles the iattr structure used in Linux kernel. It
            specifies which status parameter is to be changed and to what
            value. It is laid out as follows:
      
               valid[4]
                  specifies which status information is to be changed. Possible
                  values are:
                  ATTR_MODE       (1 << 0)
                  ATTR_UID        (1 << 1)
                  ATTR_GID        (1 << 2)
                  ATTR_SIZE       (1 << 3)
                  ATTR_ATIME      (1 << 4)
                  ATTR_MTIME      (1 << 5)
                  ATTR_ATIME_SET  (1 << 7)
                  ATTR_MTIME_SET  (1 << 8)
      
                  The last two bits represent whether the time information
                  is being sent by the client's user space. In the absense
                  of these bits the server always uses server's time.
      
               mode[4]
                  File permission bits
      
               uid[4]
                  Owner id of file
      
               gid[4]
                  Group id of the file
      
               size[8]
                  File size
      
               atime_sec[8]
                  Time of last file access, seconds
      
               atime_nsec[8]
                  Time of last file access, nanoseconds
      
               mtime_sec[8]
                  Time of last file modification, seconds
      
               mtime_nsec[8]
                  Time of last file modification, nanoseconds
      
      Explanation of the patches:
      --------------------------
      
      *) The kernel just copies relevent contents of iattr structure to
         p9_iattr_dotl structure and passes it down to the client. The
         only check it has is calling inode_change_ok()
      *) The p9_iattr_dotl structure does not have ctime and ia_file
         parameters because I don't think these are needed in our case.
         The client user space can request updating just ctime by calling
         chown(fd, -1, -1). This is handled on server side without a need
         for putting ctime on the wire.
      *) The server currently supports changing mode, time, ownership and
         size of the file.
      *) 9P RFC says "Either all the changes in wstat request happen, or
         none of them does: if the request succeeds, all changes were made;
         if it fails, none were."
         I have not done anything to implement this specifically because I
         don't see a reason.
      Signed-off-by: NSripathi Kodi <sripathik@in.ibm.com>
      Signed-off-by: NVenkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      87d7845a
    • S
      9p: getattr client implementation for 9P2000.L protocol. · f0853122
      Sripathi Kodi 提交于
              SYNOPSIS
      
                    size[4] Tgetattr tag[2] fid[4] request_mask[8]
      
                    size[4] Rgetattr tag[2] lstat[n]
      
                 DESCRIPTION
      
                    The getattr transaction inquires about the file identified by fid.
                    request_mask is a bit mask that specifies which fields of the
                    stat structure is the client interested in.
      
                    The reply will contain a machine-independent directory entry,
                    laid out as follows:
      
                       st_result_mask[8]
                          Bit mask that indicates which fields in the stat structure
                          have been populated by the server
      
                       qid.type[1]
                          the type of the file (directory, etc.), represented as a bit
                          vector corresponding to the high 8 bits of the file's mode
                          word.
      
                       qid.vers[4]
                          version number for given path
      
                       qid.path[8]
                          the file server's unique identification for the file
      
                       st_mode[4]
                          Permission and flags
      
                       st_uid[4]
                          User id of owner
      
                       st_gid[4]
                          Group ID of owner
      
                       st_nlink[8]
                          Number of hard links
      
                       st_rdev[8]
                          Device ID (if special file)
      
                       st_size[8]
                          Size, in bytes
      
                       st_blksize[8]
                          Block size for file system IO
      
                       st_blocks[8]
                          Number of file system blocks allocated
      
                       st_atime_sec[8]
                          Time of last access, seconds
      
                       st_atime_nsec[8]
                          Time of last access, nanoseconds
      
                       st_mtime_sec[8]
                          Time of last modification, seconds
      
                       st_mtime_nsec[8]
                          Time of last modification, nanoseconds
      
                       st_ctime_sec[8]
                          Time of last status change, seconds
      
                       st_ctime_nsec[8]
                          Time of last status change, nanoseconds
      
                       st_btime_sec[8]
                          Time of creation (birth) of file, seconds
      
                       st_btime_nsec[8]
                          Time of creation (birth) of file, nanoseconds
      
                       st_gen[8]
                          Inode generation
      
                       st_data_version[8]
                          Data version number
      
                    request_mask and result_mask bit masks contain the following bits
                       #define P9_STATS_MODE          0x00000001ULL
                       #define P9_STATS_NLINK         0x00000002ULL
                       #define P9_STATS_UID           0x00000004ULL
                       #define P9_STATS_GID           0x00000008ULL
                       #define P9_STATS_RDEV          0x00000010ULL
                       #define P9_STATS_ATIME         0x00000020ULL
                       #define P9_STATS_MTIME         0x00000040ULL
                       #define P9_STATS_CTIME         0x00000080ULL
                       #define P9_STATS_INO           0x00000100ULL
                       #define P9_STATS_SIZE          0x00000200ULL
                       #define P9_STATS_BLOCKS        0x00000400ULL
      
                       #define P9_STATS_BTIME         0x00000800ULL
                       #define P9_STATS_GEN           0x00001000ULL
                       #define P9_STATS_DATA_VERSION  0x00002000ULL
      
                       #define P9_STATS_BASIC         0x000007ffULL
                       #define P9_STATS_ALL           0x00003fffULL
      
              This patch implements the client side of getattr implementation for
              9P2000.L. It introduces a new structure p9_stat_dotl for getting
              Linux stat information along with QID. The data layout is similar to
              stat structure in Linux user space with the following major
              differences:
      
              inode (st_ino) is not part of data. Instead qid is.
      
              device (st_dev) is not part of data because this doesn't make sense
              on the client.
      
              All time variables are 64 bit wide on the wire. The kernel seems to use
              32 bit variables for these variables. However, some of the architectures
              have used 64 bit variables and glibc exposes 64 bit variables to user
              space on some architectures. Hence to be on the safer side we have made
              these 64 bit in the protocol. Refer to the comments in
              include/asm-generic/stat.h
      
              There are some additional fields: st_btime_sec, st_btime_nsec, st_gen,
              st_data_version apart from the bitmask, st_result_mask. The bit mask
              is filled by the server to indicate which stat fields have been
              populated by the server. Currently there is no clean way for the
              server to obtain these additional fields, so it sends back just the
              basic fields.
      Signed-off-by: NSripathi Kodi <sripathik@in.ibm.com>
      Signed-off-by: NEric Van Hensbegren <ericvh@gmail.com>
      f0853122
    • S
      9p: readdir implementation for 9p2000.L · 7751bdb3
      Sripathi Kodi 提交于
      This patch implements the kernel part of readdir() implementation for 9p2000.L
      
          Change from V3: Instead of inode, server now sends qids for each dirent
      
          SYNOPSIS
      
          size[4] Treaddir tag[2] fid[4] offset[8] count[4]
          size[4] Rreaddir tag[2] count[4] data[count]
      
          DESCRIPTION
      
          The readdir request asks the server to read the directory specified by 'fid'
          at an offset specified by 'offset' and return as many dirent structures as
          possible that fit into count bytes. Each dirent structure is laid out as
          follows.
      
                  qid.type[1]
                    the type of the file (directory, etc.), represented as a bit
                    vector corresponding to the high 8 bits of the file's mode
                    word.
      
                  qid.vers[4]
                    version number for given path
      
                  qid.path[8]
                    the file server's unique identification for the file
      
                  offset[8]
                    offset into the next dirent.
      
                  type[1]
                    type of this directory entry.
      
                  name[256]
                    name of this directory entry.
      
          This patch adds v9fs_dir_readdir_dotl() as the readdir() call for 9p2000.L.
          This function sends P9_TREADDIR command to the server. In response the server
          sends a buffer filled with dirent structures. This is different from the
          existing v9fs_dir_readdir() call which receives stat structures from the server.
          This results in significant speedup of readdir() on large directories.
          For example, doing 'ls >/dev/null' on a directory with 10000 files on my
          laptop takes 1.088 seconds with the existing code, but only takes 0.339 seconds
          with the new readdir.
      Signed-off-by: NSripathi Kodi <sripathik@in.ibm.com>
      Reviewed-by: NAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Signed-off-by: NEric Van Hensbergen <ericvh@gmail.com>
      7751bdb3
  9. 02 8月, 2010 3 次提交
  10. 01 8月, 2010 1 次提交
  11. 30 7月, 2010 2 次提交
  12. 29 7月, 2010 1 次提交
  13. 28 7月, 2010 3 次提交
    • M
      Bluetooth: Defer SCO setup if mode change is pending · e73439d8
      Marcel Holtmann 提交于
      Certain headsets such as the Motorola H350 will reject SCO and eSCO
      connection requests while the ACL is transitioning from sniff mode
      to active mode. Add synchronization so that SCO and eSCO connection
      requests will wait until the ACL has fully transitioned to active mode.
      
      < HCI Command: Exit Sniff Mode (0x02|0x0004) plen 2
          handle 12
      > HCI Event: Command Status (0x0f) plen 4
          Exit Sniff Mode (0x02|0x0004) status 0x00 ncmd 1
      < HCI Command:  Setup Synchronous Connection (0x01|0x0028) plen 17
          handle 12 voice setting 0x0040
      > HCI Event: Command Status (0x0f) plen 4
          Setup Synchronous Connection (0x01|0x0028) status 0x00 ncmd 1
      > HCI Event: Number of Completed Packets (0x13) plen 5
          handle 12 packets 1
      > HCI Event: Mode Change (0x14) plen 6
          status 0x00 handle 12 mode 0x00 interval 0
          Mode: Active
      > HCI Event: Synchronous Connect Complete (0x2c) plen 17
          status 0x10 handle 14 bdaddr 00:1A:0E:50:28:A4 type SCO
          Error: Connection Accept Timeout Exceeded
      Signed-off-by: NRon Shaffer <rshaffer@codeaurora.org>
      Signed-off-by: NMarcel Holtmann <marcel@holtmann.org>
      e73439d8
    • J
      wireless: Convert wiphy_debug macro to function · 073730d7
      Joe Perches 提交于
      Save a few bytes of text
      
      (allyesconfig)
      $ size drivers/net/wireless/built-in.o*
         text	   data	    bss	    dec	    hex	filename
      3924568	 100548	 871056	4896172	 4ab5ac	drivers/net/wireless/built-in.o.new
      3926520	 100548	 871464	4898532	 4abee4	drivers/net/wireless/built-in.o.old
      
      $ size net/wireless/core.o*
         text	   data	    bss	    dec	    hex	filename
        12843	    216	   3768	  16827	   41bb	net/wireless/core.o.new
        12328	    216	   3656	  16200	   3f48	net/wireless/core.o
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      073730d7
    • J
      include/net/cfg80211.h: Add wiphy_<level> printk equivalents · e1db74fc
      Joe Perches 提交于
      Simplify logging messages for wiphy devices
      Signed-off-by: NJoe Perches <joe@perches.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      e1db74fc
  14. 27 7月, 2010 1 次提交
  15. 25 7月, 2010 1 次提交
  16. 23 7月, 2010 1 次提交
    • H
      IPVS: make FTP work with full NAT support · 7f1c4075
      Hannes Eder 提交于
      Use nf_conntrack/nf_nat code to do the packet mangling and the TCP
      sequence adjusting.  The function 'ip_vs_skb_replace' is now dead
      code, so it is removed.
      
      To SNAT FTP, use something like:
      
      % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \
          --vport 21 -j SNAT --to-source 192.168.10.10
      and for the data connections in passive mode:
      
      % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \
          --vportctl 21 -j SNAT --to-source 192.168.10.10
      using '-m state --state RELATED' would also works.
      
      Make sure the kernel modules ip_vs_ftp, nf_conntrack_ftp, and
      nf_nat_ftp are loaded.
      
      [ up-port and minor fixes by Simon Horman <horms@verge.net.au> ]
      Signed-off-by: NHannes Eder <heder@google.com>
      Signed-off-by: NSimon Horman <horms@verge.net.au>
      Signed-off-by: NPatrick McHardy <kaber@trash.net>
      7f1c4075
  17. 22 7月, 2010 6 次提交