linux.git/net/netfilter/ipvs, branch v3.1-rc3

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-2.6

2011-07-29T01:38:53+00:00

IPVS: Free resources on module removal

2011-07-22T00:17:21+00:00

This resolves a panic on module removal.

Reported-by: Dave Jones 
Acked-by: Julian Anastasov 
Signed-off-by: Hans Schillstrom 
Signed-off-by: Simon Horman

ip: introduce ip_is_fragment helper inline function

2011-06-22T03:33:34+00:00

There are enough instances of this:

    iph->frag_off & htons(IP_MF | IP_OFFSET)

that a helper function is probably warranted.

Signed-off-by: Paul Gortmaker 
Signed-off-by: David S. Miller

Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

2011-06-21T05:29:08+00:00

Conflicts:
	drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
	drivers/net/wireless/rtlwifi/pci.c
	net/netfilter/ipvs/ip_vs_core.c

IPVS: remove unused init and cleanup functions.

2011-06-14T00:07:32+00:00

After restructuring, there is some unused or empty functions
left to be removed.

Signed-off-by: Hans Schillstrom 
Signed-off-by: Simon Horman

IPVS: labels at pos 0

2011-06-14T00:07:25+00:00

Put goto labels at the beginig of row
acording to coding style example.

Signed-off-by: Hans Schillstrom 
Signed-off-by: Simon Horman

IPVS netns exit causes crash in conntrack

2011-06-13T08:41:47+00:00

Quote from Patric Mc Hardy
"This looks like nfnetlink.c excited and destroyed the nfnl socket, but
ip_vs was still holding a reference to a conntrack. When the conntrack
got destroyed it created a ctnetlink event, causing an oops in
netlink_has_listeners when trying to use the destroyed nfnetlink
socket."

If nf_conntrack_netlink is loaded before ip_vs this is not a problem.

This patch simply avoids calling ip_vs_conn_drop_conntrack()
when netns is dying as suggested by Julian.

Signed-off-by: Hans Schillstrom 
Signed-off-by: Simon Horman

IPVS: rename of netns init and cleanup functions.

2011-06-13T08:10:09+00:00

Make it more clear what the functions does,
on request by Julian.

Signed-off-by: Hans Schillstrom 
Signed-off-by: Hans Schillstrom 
Signed-off-by: Simon Horman

ipvs: support more FTP PASV responses

2011-06-13T01:03:01+00:00

	Change the parsing of FTP commands and responses to
support skip character. It allows to detect variations in
the 227 PASV response.

Signed-off-by: Julian Anastasov 
Signed-off-by: Simon Horman

ipvs: restore support for iptables SNAT

2011-06-05T23:35:13+00:00

	Fix the IPVS priority in LOCAL_IN hook,
so that SNAT target in POSTROUTING is supported for IPVS
traffic as in 2.6.36 where it worked depending on
module load order.

	Before 2.6.37 we used priority 100 in LOCAL_IN to
process remote requests. We used the same priority as
iptables SNAT and if IPVS handlers are installed before
SNAT handlers we supported SNAT in POSTROUTING for the IPVS
traffic. If SNAT is installed before IPVS, the netfilter
handlers are before IPVS and netfilter checks the NAT
table twice for the IPVS requests: once in LOCAL_IN where
IPS_SRC_NAT_DONE is set and second time in POSTROUTING
where the SNAT rules are ignored because IPS_SRC_NAT_DONE
was already set in LOCAL_IN.

	But in 2.6.37 we changed the IPVS priority for
LOCAL_IN with the goal to be unique (101) forgetting the
fact that for IPVS traffic we should not walk both
LOCAL_IN and POSTROUTING nat tables.

	So, change the priority for processing remote
IPVS requests from 101 to 99, i.e. before NAT_SRC (100)
because we prefer to support SNAT in POSTROUTING
instead of LOCAL_IN. It also moves the priority for
IPVS replies from 99 to 98. Use constants instead of
magic numbers at these places.

Signed-off-by: Julian Anastasov 
Signed-off-by: Simon Horman 
Signed-off-by: Pablo Neira Ayuso