OpenVZ Forum: Devel » [PATCH 1/2] virtualized ipt

Home » Mailing lists » Devel » [PATCH 1/2] virtualized ipt_REDIRECT

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

[PATCH 1/2] virtualized ipt_REDIRECT [message #1877]

Fri, 03 March 2006 06:00

Jason Stubbs
Messages: 18
Registered: March 2006
Location: Japan

Junior Member

Hi all,

I'm not exactly sure on the format I'm supposed to submit patches in, so
I'll just follow what everybody else is doing.

Patch from Jason (jstubbs@work-at.co.jp):
This patch virtualizes the ipt_REDIRECT iptables module.

--
Jason Stubbs

diff -uNr linux-2.6.15-openvz-025.014.orig/include/linux/nfcalls.h linux-2.6.15-openvz-025.014/include/linux/nfcalls.h
--- linux-2.6.15-openvz-025.014.orig/include/linux/nfcalls.h 2006-03-03 14:36:32.560909760 +0900
+++ linux-2.6.15-openvz-025.014/include/linux/nfcalls.h 2006-03-03 14:37:38.401900408 +0900
@@ -143,6 +143,7 @@
DECL_KSYM_MODULE(iptable_nat);
DECL_KSYM_MODULE(ip_nat_ftp);
DECL_KSYM_MODULE(ip_nat_irc);
+DECL_KSYM_MODULE(ipt_REDIRECT);

struct sk_buff;

diff -uNr linux-2.6.15-openvz-025.014.orig/include/linux/ve_proto.h linux-2.6.15-openvz-025.014/include/linux/ve_proto.h
--- linux-2.6.15-openvz-025.014.orig/include/linux/ve_proto.h 2006-03-03 14:36:32.560909760 +0900
+++ linux-2.6.15-openvz-025.014/include/linux/ve_proto.h 2006-03-03 14:38:42.914093064 +0900
@@ -55,6 +55,7 @@
extern int init_iptable_multiport(void);
extern int init_iptable_tos(void);
extern int init_iptable_REJECT(void);
+extern int init_iptable_REDIRECT(void);
extern void fini_netfilter(void);
extern int fini_iptables(void);
extern int fini_iptable_filter(void);
@@ -62,6 +63,7 @@
extern int fini_iptable_multiport(void);
extern int fini_iptable_tos(void);
extern int fini_iptable_REJECT(void);
+extern int fini_iptable_REDIRECT(void);
#endif

#define VE_HOOK_INIT 0
diff -uNr linux-2.6.15-openvz-025.014.orig/include/linux/vzcalluser.h linux-2.6.15-openvz-025.014/include/linux/vzcalluser.h
--- linux-2.6.15-openvz-025.014.orig/include/linux/vzcalluser.h 2006-03-03 14:36:32.561909608 +0900
+++ linux-2.6.15-openvz-025.014/include/linux/vzcalluser.h 2006-03-03 14:39:39.544483936 +0900
@@ -80,6 +80,7 @@
#define VE_IP_NAT_MOD (1U<<20)
#define VE_IP_NAT_FTP_MOD (1U<<21)
#define VE_IP_NAT_IRC_MOD (1U<<22)
+#define VE_IP_TARGET_REDIRECT_MOD (1U<<23)

/* these masks represent modules with their dependences */
#define VE_IP_IPTABLES (VE_IP_IPTABLES_MOD)
@@ -125,6 +126,8 @@
| VE_IP_NAT | VE_IP_CONNTRACK_FTP)
#define VE_IP_NAT_IRC (VE_IP_NAT_IRC_MOD \
| VE_IP_NAT | VE_IP_CONNTRACK_IRC)
+#define VE_IP_TARGET_REDIRECT (VE_IP_TARGET_REDIRECT_MOD \
+ | VE_IP_NAT)

/* safe iptables mask to be used by default */
#define VE_IP_DEFAULT \
diff -uNr linux-2.6.15-openvz-025.014.orig/kernel/ve.c linux-2.6.15-openvz-025.014/kernel/ve.c
--- linux-2.6.15-openvz-025.014.orig/kernel/ve.c 2006-03-03 14:36:33.253804424 +0900
+++ linux-2.6.15-openvz-025.014/kernel/ve.c 2006-03-03 14:41:02.759833280 +0900
@@ -75,6 +75,7 @@
INIT_KSYM_MODULE(iptable_nat);
INIT_KSYM_MODULE(ip_nat_ftp);
INIT_KSYM_MODULE(ip_nat_irc);
+INIT_KSYM_MODULE(ipt_REDIRECT);

INIT_KSYM_CALL(int, init_netfilter, (void));
INIT_KSYM_CALL(int, init_iptables, (void));
@@ -100,6 +101,7 @@
INIT_KSYM_CALL(int, init_iptable_nat, (void));
INIT_KSYM_CALL(int, init_iptable_nat_ftp, (void));
INIT_KSYM_CALL(int, init_iptable_nat_irc, (void));
+INIT_KSYM_CALL(int, init_iptable_REDIRECT, (void));
INIT_KSYM_CALL(void, fini_iptable_nat_irc, (void));
INIT_KSYM_CALL(void, fini_iptable_nat_ftp, (void));
INIT_KSYM_CALL(void, fini_iptable_nat, (void));
@@ -124,6 +126,7 @@
INIT_KSYM_CALL(void, fini_iptable_mangle, (void));
INIT_KSYM_CALL(void, fini_iptables, (void));
INIT_KSYM_CALL(void, fini_netfilter, (void));
+INIT_KSYM_CALL(void, fini_iptable_REDIRECT, (void));

INIT_KSYM_CALL(void, ipt_flush_table, (struct ipt_table *table));
#endif
diff -uNr linux-2.6.15-openvz-025.014.orig/kernel/vecalls.c linux-2.6.15-openvz-025.014/kernel/vecalls.c
--- linux-2.6.15-openvz-025.014.orig/kernel/vecalls.c 2006-03-03 14:36:33.253804424 +0900
+++ linux-2.6.15-openvz-025.014/kernel/vecalls.c 2006-03-03 14:42:35.671708528 +0900
@@ -1592,6 +1592,13 @@
if (err < 0)
goto err_iptable_length;
#endif
+#if defined(CONFIG_IP_NF_TARGET_REDIRECT) || \
+ defined(CONFIG_IP_NF_TARGET_REDIRECT_MODULE)
+ err = KSYMIPTINIT(init_mask, ve, VE_IP_TARGET_REDIRECT,
+ ipt_REDIRECT, init_iptable_REDIRECT, ());
+ if (err < 0)
+ goto err_iptable_REDIRECT;
+#endif
return 0;

/* ------------------------------------------------------------ ------------- */
@@ -1732,6 +1739,12 @@
ip_tables, fini_iptables, ());
err_iptables:
#endif
+#if defined(CONFIG_IP_NF_TARGET_REDIRECT) || \
+ defined(CONFIG_IP_NF_TARGET_REDIRECT_MODULE)
+ KSYMIPTFINI(ve->_iptables_modules, VE_IP_TARGET_REDIRECT,
+ ipt_REDIRECT, fini_iptable_REDIRECT, ());
+err_iptable_REDIRECT:
+#endif
ve->_iptables_modules = 0;

return err;
diff -uNr linux-2.6.15-openvz-025.014.orig/net/ipv4/netfilter/ipt_REDI RECT.c linux-2.6.15-openvz-025.014/net/ipv4/netfilter/ipt_REDIRECT. c
--- linux-2.6.15-openvz-025.014.orig/net/ipv4/netfilter/ipt_REDI RECT.c 2006-03-03 14:36:33.952698176 +0900
+++ linux-2.6.15-openvz-025.014/net/ipv4/netfilter/ipt_REDIRECT. c 2006-03-03 14:47:44.502759072 +0900
@@ -17,6 +17,7 @@
#include <linux/inetdevice.h>
#include <net/protocol.h>
#include <net/checksum.h>
+#include <linux/nfcalls.h>
#include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>

@@ -25,7 +26,7 @@
MODULE_DESCRIPTION("iptables REDIRECT target module");

#if 0
-#define DEBUGP printk
+#define DEBUGP ve_printk
#else
#define DEBUGP(format, args...)
#endif
@@ -119,14 +120,36 @@
.me = THIS_MODULE,
};

+int init_iptable_REDIRECT(void)
+{
+ return virt_ipt_register_target(&redirect_reg);
+}
+
+void fini_iptable_REDIRECT(void)
+{
+ virt_ipt_unregister_target(&redirect_reg);
+}
+
static int __init init(void)
{
- return ipt_register_target(&redirect_reg);
+ int err;
+
+ err = init_iptable_REDIRECT();
+ if (err < 0)
+ return err;
+
+ KSYMRESOLVE(init_iptable_REDIRECT);
+ KSYMRESOLVE(fini_iptable_REDIRECT);
+ KSYMMODRESOLVE(ipt_REDIRECT);
+ return 0;
}

static void __exit fini(void)
{
- ipt_unregister_target(&redirect_reg);
+ KSYMMODUNRESOLVE(ipt_REDIRECT);
+ KSYMUNRESOLVE(init_iptable_REDIRECT);
+ KSYMUNRESOLVE(fini_iptable_REDIRECT);
+ fini_iptable_REDIRECT();
}

module_init(init);

Report message to a moderator

[Message index]

		[PATCH 1/2] virtualized ipt_REDIRECT By: Jason Stubbs on Fri, 03 March 2006 06:00
		Re: [PATCH 2/2] virtualized ipt_REDIRECT By: Jason Stubbs on Fri, 03 March 2006 06:04
		Re: [PATCH 1/2] virtualized ipt_REDIRECT By: Jason Stubbs on Fri, 03 March 2006 06:14
		Re: [PATCH 1/2] virtualized ipt_REDIRECT By: dev on Thu, 16 March 2006 13:07

Previous Topic:	[PATCH] ext3: ext3_symlink should use GFP_NOFS allocations inside (ver. 3)
Next Topic:	[PATCH] futher {ip,ip6,arp}_tables unification

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed Oct 16 09:08:31 GMT 2024

Total time taken to generate the page: 0.05139 seconds