[Devel] [PATCH 1/2] virtualized ipt_REDIRECT
Kirill Korotaev
dev at sw.ru
Thu Mar 16 05:12:21 PST 2006
Jason,
I fixed error path in do_ve_iptables().
Here is the patch which is commited in 2.6.8.
It will be also commited in coming 2.6.16.
Thanks,
Kirill
> Missed two defines when bringing the patch forward from 2.6.8.
> How embarrassing...
>
> Patch from Jason (jstubbs at work-at.co.jp):
> This patch virtualizes the ipt_REDIRECT iptables module.
>
> --
> Jason Stubbs
>
>
> ------------------------------------------------------------------------
>
> diff -ur linux-2.6.15-openvz-025.014.orig/include/linux/nfcalls.h linux-2.6.15-openvz-025.014/include/linux/nfcalls.h
> --- linux-2.6.15-openvz-025.014.orig/include/linux/nfcalls.h 2006-03-03 14:36:32.560909760 +0900
> +++ linux-2.6.15-openvz-025.014/include/linux/nfcalls.h 2006-03-03 15:20:12.223660488 +0900
> @@ -143,6 +143,7 @@
> DECL_KSYM_MODULE(iptable_nat);
> DECL_KSYM_MODULE(ip_nat_ftp);
> DECL_KSYM_MODULE(ip_nat_irc);
> +DECL_KSYM_MODULE(ipt_REDIRECT);
>
> struct sk_buff;
>
> @@ -170,6 +171,7 @@
> DECL_KSYM_CALL(int, init_iptable_nat, (void));
> DECL_KSYM_CALL(int, init_iptable_nat_ftp, (void));
> DECL_KSYM_CALL(int, init_iptable_nat_irc, (void));
> +DECL_KSYM_CALL(int, init_iptable_REDIRECT, (void));
> DECL_KSYM_CALL(void, fini_iptable_nat_irc, (void));
> DECL_KSYM_CALL(void, fini_iptable_nat_ftp, (void));
> DECL_KSYM_CALL(void, fini_iptable_nat, (void));
> @@ -194,6 +196,7 @@
> DECL_KSYM_CALL(void, fini_iptable_mangle, (void));
> DECL_KSYM_CALL(void, fini_iptables, (void));
> DECL_KSYM_CALL(void, fini_netfilter, (void));
> +DECL_KSYM_CALL(void, fini_iptable_REDIRECT, (void));
>
> DECL_KSYM_CALL(void, ipt_flush_table, (struct ipt_table *table));
> #endif /* CONFIG_VE_IPTABLES */
> diff -ur linux-2.6.15-openvz-025.014.orig/include/linux/ve_proto.h linux-2.6.15-openvz-025.014/include/linux/ve_proto.h
> --- linux-2.6.15-openvz-025.014.orig/include/linux/ve_proto.h 2006-03-03 14:36:32.560909760 +0900
> +++ linux-2.6.15-openvz-025.014/include/linux/ve_proto.h 2006-03-03 14:38:42.914093064 +0900
> @@ -55,6 +55,7 @@
> extern int init_iptable_multiport(void);
> extern int init_iptable_tos(void);
> extern int init_iptable_REJECT(void);
> +extern int init_iptable_REDIRECT(void);
> extern void fini_netfilter(void);
> extern int fini_iptables(void);
> extern int fini_iptable_filter(void);
> @@ -62,6 +63,7 @@
> extern int fini_iptable_multiport(void);
> extern int fini_iptable_tos(void);
> extern int fini_iptable_REJECT(void);
> +extern int fini_iptable_REDIRECT(void);
> #endif
>
> #define VE_HOOK_INIT 0
> diff -ur linux-2.6.15-openvz-025.014.orig/include/linux/vzcalluser.h linux-2.6.15-openvz-025.014/include/linux/vzcalluser.h
> --- linux-2.6.15-openvz-025.014.orig/include/linux/vzcalluser.h 2006-03-03 14:36:32.561909608 +0900
> +++ linux-2.6.15-openvz-025.014/include/linux/vzcalluser.h 2006-03-03 14:39:39.544483936 +0900
> @@ -80,6 +80,7 @@
> #define VE_IP_NAT_MOD (1U<<20)
> #define VE_IP_NAT_FTP_MOD (1U<<21)
> #define VE_IP_NAT_IRC_MOD (1U<<22)
> +#define VE_IP_TARGET_REDIRECT_MOD (1U<<23)
>
> /* these masks represent modules with their dependences */
> #define VE_IP_IPTABLES (VE_IP_IPTABLES_MOD)
> @@ -125,6 +126,8 @@
> | VE_IP_NAT | VE_IP_CONNTRACK_FTP)
> #define VE_IP_NAT_IRC (VE_IP_NAT_IRC_MOD \
> | VE_IP_NAT | VE_IP_CONNTRACK_IRC)
> +#define VE_IP_TARGET_REDIRECT (VE_IP_TARGET_REDIRECT_MOD \
> + | VE_IP_NAT)
>
> /* safe iptables mask to be used by default */
> #define VE_IP_DEFAULT \
> diff -ur linux-2.6.15-openvz-025.014.orig/kernel/ve.c linux-2.6.15-openvz-025.014/kernel/ve.c
> --- linux-2.6.15-openvz-025.014.orig/kernel/ve.c 2006-03-03 14:36:33.253804424 +0900
> +++ linux-2.6.15-openvz-025.014/kernel/ve.c 2006-03-03 14:41:02.759833280 +0900
> @@ -75,6 +75,7 @@
> INIT_KSYM_MODULE(iptable_nat);
> INIT_KSYM_MODULE(ip_nat_ftp);
> INIT_KSYM_MODULE(ip_nat_irc);
> +INIT_KSYM_MODULE(ipt_REDIRECT);
>
> INIT_KSYM_CALL(int, init_netfilter, (void));
> INIT_KSYM_CALL(int, init_iptables, (void));
> @@ -100,6 +101,7 @@
> INIT_KSYM_CALL(int, init_iptable_nat, (void));
> INIT_KSYM_CALL(int, init_iptable_nat_ftp, (void));
> INIT_KSYM_CALL(int, init_iptable_nat_irc, (void));
> +INIT_KSYM_CALL(int, init_iptable_REDIRECT, (void));
> INIT_KSYM_CALL(void, fini_iptable_nat_irc, (void));
> INIT_KSYM_CALL(void, fini_iptable_nat_ftp, (void));
> INIT_KSYM_CALL(void, fini_iptable_nat, (void));
> @@ -124,6 +126,7 @@
> INIT_KSYM_CALL(void, fini_iptable_mangle, (void));
> INIT_KSYM_CALL(void, fini_iptables, (void));
> INIT_KSYM_CALL(void, fini_netfilter, (void));
> +INIT_KSYM_CALL(void, fini_iptable_REDIRECT, (void));
>
> INIT_KSYM_CALL(void, ipt_flush_table, (struct ipt_table *table));
> #endif
> diff -ur linux-2.6.15-openvz-025.014.orig/kernel/vecalls.c linux-2.6.15-openvz-025.014/kernel/vecalls.c
> --- linux-2.6.15-openvz-025.014.orig/kernel/vecalls.c 2006-03-03 14:36:33.253804424 +0900
> +++ linux-2.6.15-openvz-025.014/kernel/vecalls.c 2006-03-03 14:42:35.671708528 +0900
> @@ -1592,6 +1592,13 @@
> if (err < 0)
> goto err_iptable_length;
> #endif
> +#if defined(CONFIG_IP_NF_TARGET_REDIRECT) || \
> + defined(CONFIG_IP_NF_TARGET_REDIRECT_MODULE)
> + err = KSYMIPTINIT(init_mask, ve, VE_IP_TARGET_REDIRECT,
> + ipt_REDIRECT, init_iptable_REDIRECT, ());
> + if (err < 0)
> + goto err_iptable_REDIRECT;
> +#endif
> return 0;
>
> /* ------------------------------------------------------------------------- */
> @@ -1732,6 +1739,12 @@
> ip_tables, fini_iptables, ());
> err_iptables:
> #endif
> +#if defined(CONFIG_IP_NF_TARGET_REDIRECT) || \
> + defined(CONFIG_IP_NF_TARGET_REDIRECT_MODULE)
> + KSYMIPTFINI(ve->_iptables_modules, VE_IP_TARGET_REDIRECT,
> + ipt_REDIRECT, fini_iptable_REDIRECT, ());
> +err_iptable_REDIRECT:
> +#endif
> ve->_iptables_modules = 0;
>
> return err;
> diff -ur linux-2.6.15-openvz-025.014.orig/net/ipv4/netfilter/ipt_REDIRECT.c linux-2.6.15-openvz-025.014/net/ipv4/netfilter/ipt_REDIRECT.c
> --- linux-2.6.15-openvz-025.014.orig/net/ipv4/netfilter/ipt_REDIRECT.c 2006-03-03 14:36:33.952698176 +0900
> +++ linux-2.6.15-openvz-025.014/net/ipv4/netfilter/ipt_REDIRECT.c 2006-03-03 14:47:44.502759072 +0900
> @@ -17,6 +17,7 @@
> #include <linux/inetdevice.h>
> #include <net/protocol.h>
> #include <net/checksum.h>
> +#include <linux/nfcalls.h>
> #include <linux/netfilter_ipv4.h>
> #include <linux/netfilter_ipv4/ip_nat_rule.h>
>
> @@ -25,7 +26,7 @@
> MODULE_DESCRIPTION("iptables REDIRECT target module");
>
> #if 0
> -#define DEBUGP printk
> +#define DEBUGP ve_printk
> #else
> #define DEBUGP(format, args...)
> #endif
> @@ -119,14 +120,36 @@
> .me = THIS_MODULE,
> };
>
> +int init_iptable_REDIRECT(void)
> +{
> + return virt_ipt_register_target(&redirect_reg);
> +}
> +
> +void fini_iptable_REDIRECT(void)
> +{
> + virt_ipt_unregister_target(&redirect_reg);
> +}
> +
> static int __init init(void)
> {
> - return ipt_register_target(&redirect_reg);
> + int err;
> +
> + err = init_iptable_REDIRECT();
> + if (err < 0)
> + return err;
> +
> + KSYMRESOLVE(init_iptable_REDIRECT);
> + KSYMRESOLVE(fini_iptable_REDIRECT);
> + KSYMMODRESOLVE(ipt_REDIRECT);
> + return 0;
> }
>
> static void __exit fini(void)
> {
> - ipt_unregister_target(&redirect_reg);
> + KSYMMODUNRESOLVE(ipt_REDIRECT);
> + KSYMUNRESOLVE(init_iptable_REDIRECT);
> + KSYMUNRESOLVE(fini_iptable_REDIRECT);
> + fini_iptable_REDIRECT();
> }
>
> module_init(init);
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://openvz.org/mailman/listinfo/devel
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff-ve-ipt-redirect-20060316
URL: <http://lists.openvz.org/pipermail/devel/attachments/20060316/0e6f594c/attachment-0001.ksh>
More information about the Devel
mailing list