OpenVZ Forum: Devel » [PATCH 1/2] virtualized ipt

Home » Mailing lists » Devel » [PATCH 1/2] virtualized ipt_REDIRECT

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [PATCH 1/2] virtualized ipt_REDIRECT [message #1880 is a reply to message #1877]

Fri, 03 March 2006 06:14

Jason Stubbs
Messages: 18
Registered: March 2006
Location: Japan

Junior Member

Missed two defines when bringing the patch forward from 2.6.8.
How embarrassing...

Patch from Jason (jstubbs@work-at.co.jp):
This patch virtualizes the ipt_REDIRECT iptables module.

--
Jason Stubbs

diff -ur linux-2.6.15-openvz-025.014.orig/include/linux/nfcalls.h linux-2.6.15-openvz-025.014/include/linux/nfcalls.h
--- linux-2.6.15-openvz-025.014.orig/include/linux/nfcalls.h 2006-03-03 14:36:32.560909760 +0900
+++ linux-2.6.15-openvz-025.014/include/linux/nfcalls.h 2006-03-03 15:20:12.223660488 +0900
@@ -143,6 +143,7 @@
DECL_KSYM_MODULE(iptable_nat);
DECL_KSYM_MODULE(ip_nat_ftp);
DECL_KSYM_MODULE(ip_nat_irc);
+DECL_KSYM_MODULE(ipt_REDIRECT);

struct sk_buff;

@@ -170,6 +171,7 @@
DECL_KSYM_CALL(int, init_iptable_nat, (void));
DECL_KSYM_CALL(int, init_iptable_nat_ftp, (void));
DECL_KSYM_CALL(int, init_iptable_nat_irc, (void));
+DECL_KSYM_CALL(int, init_iptable_REDIRECT, (void));
DECL_KSYM_CALL(void, fini_iptable_nat_irc, (void));
DECL_KSYM_CALL(void, fini_iptable_nat_ftp, (void));
DECL_KSYM_CALL(void, fini_iptable_nat, (void));
@@ -194,6 +196,7 @@
DECL_KSYM_CALL(void, fini_iptable_mangle, (void));
DECL_KSYM_CALL(void, fini_iptables, (void));
DECL_KSYM_CALL(void, fini_netfilter, (void));
+DECL_KSYM_CALL(void, fini_iptable_REDIRECT, (void));

DECL_KSYM_CALL(void, ipt_flush_table, (struct ipt_table *table));
#endif /* CONFIG_VE_IPTABLES */
diff -ur linux-2.6.15-openvz-025.014.orig/include/linux/ve_proto.h linux-2.6.15-openvz-025.014/include/linux/ve_proto.h
--- linux-2.6.15-openvz-025.014.orig/include/linux/ve_proto.h 2006-03-03 14:36:32.560909760 +0900
+++ linux-2.6.15-openvz-025.014/include/linux/ve_proto.h 2006-03-03 14:38:42.914093064 +0900
@@ -55,6 +55,7 @@
extern int init_iptable_multiport(void);
extern int init_iptable_tos(void);
extern int init_iptable_REJECT(void);
+extern int init_iptable_REDIRECT(void);
extern void fini_netfilter(void);
extern int fini_iptables(void);
extern int fini_iptable_filter(void);
@@ -62,6 +63,7 @@
extern int fini_iptable_multiport(void);
extern int fini_iptable_tos(void);
extern int fini_iptable_REJECT(void);
+extern int fini_iptable_REDIRECT(void);
#endif

#define VE_HOOK_INIT 0
diff -ur linux-2.6.15-openvz-025.014.orig/include/linux/vzcalluser.h linux-2.6.15-openvz-025.014/include/linux/vzcalluser.h
--- linux-2.6.15-openvz-025.014.orig/include/linux/vzcalluser.h 2006-03-03 14:36:32.561909608 +0900
+++ linux-2.6.15-openvz-025.014/include/linux/vzcalluser.h 2006-03-03 14:39:39.544483936 +0900
@@ -80,6 +80,7 @@
#define VE_IP_NAT_MOD (1U<<20)
#define VE_IP_NAT_FTP_MOD (1U<<21)
#define VE_IP_NAT_IRC_MOD (1U<<22)
+#define VE_IP_TARGET_REDIRECT_MOD (1U<<23)

/* these masks represent modules with their dependences */
#define VE_IP_IPTABLES (VE_IP_IPTABLES_MOD)
@@ -125,6 +126,8 @@
| VE_IP_NAT | VE_IP_CONNTRACK_FTP)
#define VE_IP_NAT_IRC (VE_IP_NAT_IRC_MOD \
| VE_IP_NAT | VE_IP_CONNTRACK_IRC)
+#define VE_IP_TARGET_REDIRECT (VE_IP_TARGET_REDIRECT_MOD \
+ | VE_IP_NAT)

/* safe iptables mask to be used by default */
#define VE_IP_DEFAULT \
diff -ur linux-2.6.15-openvz-025.014.orig/kernel/ve.c linux-2.6.15-openvz-025.014/kernel/ve.c
--- linux-2.6.15-openvz-025.014.orig/kernel/ve.c 2006-03-03 14:36:33.253804424 +0900
+++ linux-2.6.15-openvz-025.014/kernel/ve.c 2006-03-03 14:41:02.759833280 +0900
@@ -75,6 +75,7 @@
INIT_KSYM_MODULE(iptable_nat);
INIT_KSYM_MODULE(ip_nat_ftp);
INIT_KSYM_MODULE(ip_nat_irc);
+INIT_KSYM_MODULE(ipt_REDIRECT);

INIT_KSYM_CALL(int, init_netfilter, (void));
INIT_KSYM_CALL(int, init_iptables, (void));
@@ -100,6 +101,7 @@
INIT_KSYM_CALL(int, init_iptable_nat, (void));
INIT_KSYM_CALL(int, init_iptable_nat_ftp, (void));
INIT_KSYM_CALL(int, init_iptable_nat_irc, (void));
+INIT_KSYM_CALL(int, init_iptable_REDIRECT, (void));
INIT_KSYM_CALL(void, fini_iptable_nat_irc, (void));
INIT_KSYM_CALL(void, fini_iptable_nat_ftp, (void));
INIT_KSYM_CALL(void, fini_iptable_nat, (void));
@@ -124,6 +126,7 @@
INIT_KSYM_CALL(void, fini_iptable_mangle, (void));
INIT_KSYM_CALL(void, fini_iptables, (void));
INIT_KSYM_CALL(void, fini_netfilter, (void));
+INIT_KSYM_CALL(void, fini_iptable_REDIRECT, (void));

INIT_KSYM_CALL(void, ipt_flush_table, (struct ipt_table *table));
#endif
diff -ur linux-2.6.15-openvz-025.014.orig/kernel/vecalls.c linux-2.6.15-openvz-025.014/kernel/vecalls.c
--- linux-2.6.15-openvz-025.014.orig/kernel/vecalls.c 2006-03-03 14:36:33.253804424 +0900
+++ linux-2.6.15-openvz-025.014/kernel/vecalls.c 2006-03-03 14:42:35.671708528 +0900
@@ -1592,6 +1592,13 @@
if (err < 0)
goto err_iptable_length;
#endif
+#if defined(CONFIG_IP_NF_TARGET_REDIRECT) || \
+ defined(CONFIG_IP_NF_TARGET_REDIRECT_MODULE)
+ err = KSYMIPTINIT(init_mask, ve, VE_IP_TARGET_REDIRECT,
+ ipt_REDIRECT, init_iptable_REDIRECT, ());
+ if (err < 0)
+ goto err_iptable_REDIRECT;
+#endif
return 0;

/* ------------------------------------------------------------ ------------- */
@@ -1732,6 +1739,12 @@
ip_tables, fini_iptables, ());
err_iptables:
#endif
+#if defined(CONFIG_IP_NF_TARGET_REDIRECT) || \
+ defined(CONFIG_IP_NF_TARGET_REDIRECT_MODULE)
+ KSYMIPTFINI(ve->_iptables_modules, VE_IP_TARGET_REDIRECT,
+ ipt_REDIRECT, fini_iptable_REDIRECT, ());
+err_iptable_REDIRECT:
+#endif
ve->_iptables_modules = 0;

return err;
diff -ur linux-2.6.15-openvz-025.014.orig/net/ipv4/netfilter/ipt_REDI RECT.c linux-2.6.15-openvz-025.014/net/ipv4/netfilter/ipt_REDIRECT. c
--- linux-2.6.15-openvz-025.014.orig/net/ipv4/netfilter/ipt_REDI RECT.c 2006-03-03 14:36:33.952698176 +0900
+++ linux-2.6.15-openvz-025.014/net/ipv4/netfilter/ipt_REDIRECT. c 2006-03-03 14:47:44.502759072 +0900
@@ -17,6 +17,7 @@
#include <linux/inetdevice.h>
#include <net/protocol.h>
#include <net/checksum.h>
+#include <linux/nfcalls.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>

@@ -25,7 +26,7 @@
MODULE_DESCRIPTION("iptables REDIRECT target module");

#if 0
-#define DEBUGP printk
+#define DEBUGP ve_printk
#else
#define DEBUGP(format, args...)
#endif
@@ -119,14 +120,36 @@
.me = THIS_MODULE,
};

+int init_iptable_REDIRECT(void)
+{
+ return virt_ipt_register_target(&redirect_reg);
+}
+
+void fini_iptable_REDIRECT(void)
+{
+ virt_ipt_unregister_target(&redirect_reg);
+}
+
static int __init init(void)
{
- return ipt_register_target(&redirect_reg);
+ int err;
+
+ err = init_iptable_REDIRECT();
+ if (err < 0)
+ return err;
+
+ KSYMRESOLVE(init_iptable_REDIRECT);
+ KSYMRESOLVE(fini_iptable_REDIRECT);
+ KSYMMODRESOLVE(ipt_REDIRECT);
+ return 0;
}

static void __exit fini(void)
{
- ipt_unregister_target(&redirect_reg);
+ KSYMMODUNRESOLVE(ipt_REDIRECT);
+ KSYMUNRESOLVE(init_iptable_REDIRECT);
+ KSYMUNRESOLVE(fini_iptable_REDIRECT);
+ fini_iptable_REDIRECT();
}

module_init(init);

Report message to a moderator

[Message index]

		[PATCH 1/2] virtualized ipt_REDIRECT By: Jason Stubbs on Fri, 03 March 2006 06:00
		Re: [PATCH 2/2] virtualized ipt_REDIRECT By: Jason Stubbs on Fri, 03 March 2006 06:04
		Re: [PATCH 1/2] virtualized ipt_REDIRECT By: Jason Stubbs on Fri, 03 March 2006 06:14
		Re: [PATCH 1/2] virtualized ipt_REDIRECT By: dev on Thu, 16 March 2006 13:07

Previous Topic:	[PATCH] ext3: ext3_symlink should use GFP_NOFS allocations inside (ver. 3)
Next Topic:	[PATCH] futher {ip,ip6,arp}_tables unification

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed Oct 16 11:11:49 GMT 2024

Total time taken to generate the page: 0.05260 seconds