ipvs: remove extra lookups for ICMP packets

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Remove code that should not be called anymore.
Now when ip_vs_out handles replies for local clients at
LOCAL_IN hook we do not need to call conn_out_get and
handle_response_icmp from ip_vs_in_icmp* because such
lookups were already performed for the ICMP packet and no
connection was found.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>

authored by

Julian Anastasov and committed by

Simon Horman 15 years ago 6cb90db5 16a7fd32

+3 -25

1 changed file

expand all

net

netfilter

ipvs

ip_vs_core.c

+3 -25

net/netfilter/ipvs/ip_vs_core.c

··· 729 729 #endif 730 730 731 731 /* Handle relevant response ICMP messages - forward to the right 732 - * destination host. Used for NAT and local client. 732 + * destination host. 733 733 */ 734 734 static int handle_response_icmp(int af, struct sk_buff *skb, 735 735 union nf_inet_addr *snet, ··· 979 979 } 980 980 981 981 /* Handle response packets: rewrite addresses and send away... 982 - * Used for NAT and local client. 983 982 */ 984 983 static unsigned int 985 984 handle_response(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd, ··· 1279 1280 struct ip_vs_protocol *pp; 1280 1281 struct ip_vs_proto_data *pd; 1281 1282 unsigned int offset, ihl, verdict; 1282 - union nf_inet_addr snet; 1283 1283 1284 1284 *related = 1; 1285 1285 ··· 1337 1339 ip_vs_fill_iphdr(AF_INET, cih, &ciph); 1338 1340 /* The embedded headers contain source and dest in reverse order */ 1339 1341 cp = pp->conn_in_get(AF_INET, skb, &ciph, offset, 1); 1340 - if (!cp) { 1341 - /* The packet could also belong to a local client */ 1342 - cp = pp->conn_out_get(AF_INET, skb, &ciph, offset, 1); 1343 - if (cp) { 1344 - snet.ip = iph->saddr; 1345 - return handle_response_icmp(AF_INET, skb, &snet, 1346 - cih->protocol, cp, pp, 1347 - offset, ihl); 1348 - } 1342 + if (!cp) 1349 1343 return NF_ACCEPT; 1350 - } 1351 1344 1352 1345 verdict = NF_DROP; 1353 1346 ··· 1384 1395 struct ip_vs_protocol *pp; 1385 1396 struct ip_vs_proto_data *pd; 1386 1397 unsigned int offset, verdict; 1387 - union nf_inet_addr snet; 1388 1398 struct rt6_info *rt; 1389 1399 1390 1400 *related = 1; ··· 1443 1455 ip_vs_fill_iphdr(AF_INET6, cih, &ciph); 1444 1456 /* The embedded headers contain source and dest in reverse order */ 1445 1457 cp = pp->conn_in_get(AF_INET6, skb, &ciph, offset, 1); 1446 - if (!cp) { 1447 - /* The packet could also belong to a local client */ 1448 - cp = pp->conn_out_get(AF_INET6, skb, &ciph, offset, 1); 1449 - if (cp) { 1450 - ipv6_addr_copy(&snet.in6, &iph->saddr); 1451 - return handle_response_icmp(AF_INET6, skb, &snet, 1452 - cih->nexthdr, 1453 - cp, pp, offset, 1454 - sizeof(struct ipv6hdr)); 1455 - } 1458 + if (!cp) 1456 1459 return NF_ACCEPT; 1457 - } 1458 1460 1459 1461 verdict = NF_DROP; 1460 1462