[Devel] [PATCH] vzctl: Add support for xt_tcpudp (aka ipt_tcp/ipt_udp) module introduced by x_tables
Konstantin A. Lepikhov
lakostis at altlinux.org
Wed Nov 8 23:48:35 PST 2006
In recent 2.6 kernels (2.6.16+) netfilter code is changed by new x_tables
(Abstraction layer for {ip,ip6,arp}_tables). This patch updates iptables
wrapper code in vzctl for this changes (adding xt_tcpudp support).
Signed-off-by: Konstantin A. Lepikhov <lakostis at altlinux.org>
---
etc/vz.conf | 2 +-
include/linux/vzcalluser.h | 7 +++++--
man/vzctl.8 | 2 +-
src/lib/iptables.c | 1 +
5 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/etc/vz.conf b/etc/vz.conf
index f1e9a42..5f23b90 100644
--- a/etc/vz.conf
+++ b/etc/vz.conf
@@ -29,5 +29,5 @@ DEF_OSTEMPLATE="fedora-core-4"
## Load vzwdog module
VZWDOG="no"
-IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
+IPTABLES="xt_tcpudp ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"
diff --git a/include/linux/vzcalluser.h b/include/linux/vzcalluser.h
index 360f246..31100b1 100644
--- a/include/linux/vzcalluser.h
+++ b/include/linux/vzcalluser.h
@@ -97,6 +97,7 @@ #define VE_IP_NAT_FTP_MOD (1U<<21)
#define VE_IP_NAT_IRC_MOD (1U<<22)
#define VE_IP_TARGET_REDIRECT_MOD (1U<<23)
#define VE_IP_MATCH_MAC_MOD (1U<<24)
+#define VE_IP_MATCH_TCPUDP_MOD (1U<<25)
/* these masks represent modules with their dependences */
#define VE_IP_IPTABLES (VE_IP_IPTABLES_MOD)
@@ -143,13 +144,15 @@ #define VE_IP_NAT_FTP (VE_IP_NAT_FTP_MO
#define VE_IP_NAT_IRC (VE_IP_NAT_IRC_MOD \
| VE_IP_NAT | VE_IP_CONNTRACK_IRC)
#define VE_IP_TARGET_REDIRECT (VE_IP_TARGET_REDIRECT_MOD \
- | VE_IP_NAT)
+ | VE_IP_NAT)
#define VE_IP_MATCH_MAC (VE_IP_MATCH_MAC_MOD \
+ | VE_IP_IPTABLES)
+#define VE_IP_MATCH_TCPUDP (VE_IP_MATCH_TCPUDP_MOD \
| VE_IP_IPTABLES)
/* safe iptables mask to be used by default */
#define VE_IP_DEFAULT \
- (VE_IP_IPTABLES | \
+ (VE_IP_IPTABLES | VE_IP_MATCH_TCPUDP | \
VE_IP_FILTER | VE_IP_MANGLE | \
VE_IP_MATCH_LIMIT | VE_IP_MATCH_MULTIPORT | \
VE_IP_MATCH_TOS | VE_IP_TARGET_REJECT | \
diff --git a/man/vzctl.8 b/man/vzctl.8
index eec3155..0fb6eaa 100644
--- a/man/vzctl.8
+++ b/man/vzctl.8
@@ -311,7 +311,7 @@ You can use the following values for \fI
\fIipt_length\fR, \fIip_conntrack\fR, \fIip_conntrack_ftp\fR,
\fIip_conntrack_irc\fR, \fIipt_conntrack\fR, \fIipt_state\fR,
\fIipt_helper\fR, \fIiptable_nat\fR, \fIip_nat_ftp\fR, \fIip_nat_irc\fR,
-\fIipt_REDIRECT\fR \fIxt_mac\fR.
+\fIipt_REDIRECT\fR, \fIxt_mac\fR, \fIxt_tcpudp\fR.
.TP
\fBNetwork devices control parameters\fR
.IP "\fB--netdev_add\fR \fIname\fR"
diff --git a/src/lib/iptables.c b/src/lib/iptables.c
index 8d07264..93bbbc5 100644
--- a/src/lib/iptables.c
+++ b/src/lib/iptables.c
@@ -52,6 +52,7 @@ #endif
#ifdef VE_IP_MATCH_MAC
{"xt_mac", VE_IP_MATCH_MAC_MOD, VE_IP_MATCH_MAC},
#endif
+ {"xt_tcpudp", VE_IP_MATCH_TCPUDP_MOD, VE_IP_MATCH_TCPUDP},
#endif /* VZCTL_ENV_CREATE_DATA */
{NULL, 0}
};
--
1.4.2.GIT
--
WBR et al.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.openvz.org/pipermail/devel/attachments/20061109/beb7791e/attachment-0001.sig>
More information about the Devel
mailing list