From: klavs klavsen (kl_at_vsen.dk)
Date: Tue 28 Jan 2003 - 09:43:21 GMT
On Mon, 2003-01-27 at 17:52, Herbert Poetzl wrote:
> On Mon, Jan 27, 2003 at 05:20:57PM +0100, klavs klavsen wrote:
> > Hi guys,
> >
> > While hoping to test vserver on 2.5 (which includes USAGI - but
> > unfortunately not vserver yet) at some point :) I'm trying to patch my
> > 2.4.20 kernel with Usage (www.linux-ipv6.org) and cryptoapi.
>
> first, as far as I know the crypto api was created
> to separate the crypto issues from the kernel and
> establish a single interface point (which is the
> patched loop device) ... so I would suggest to patch
> the crypto stuff last, because it should "adapt"
>
I only patched the loopback device - but no problem - unfortunately
doesn't change anything :(
[SNIP]
> > when looking in tcp_ipv4.c I find that the patch #hunk 2:
> >
> > *** 201,207 ****
> > !sk2->reuse ||
> > sk2->state == TCP_LISTEN) {
> > ! if (!sk2->rcv_saddr ||
> > ! !sk->rcv_saddr ||
> > ! (sk2->rcv_saddr == sk->rcv_saddr))
> > break;
> > }
> > --- 251,255 ----
> > !sk2->reuse ||
> > sk2->state == TCP_LISTEN) {
> > ! if (tcp_ipv4_addr_conflict(sk,sk2))
> > break;
> > }
> > ***************
> >
> > the line sk2->state == TCP_LISTEN is nowhere to be found in tcp_ipv4
> > (since the USAGI patch was applied) so I'm at a loss, to figure out a
> > way to get USAGI and vserver working together on 2.4.20.
>
> had a look at usagi-linux24-s20030120-2.4.20.diff.bz2
same I used :)
> (don't know which version you used) but a look at the
> diff should show you the following lines ...
>
> @@ -177,23 +191,157 @@
>
> ...
>
> - sk2->state == TCP_LISTEN) {
> - if (!sk2->rcv_saddr ||
> - !sk->rcv_saddr ||
> - (sk2->rcv_saddr == sk->rcv_saddr))
> - break;
> +#if defined(CONFIG_NET_RESTRICTED_REUSE) || defined(CONFIG_IPV6_RESTRICTED_DOUBLE_BIND)
> + uid_t sk2_uid;
> + int uid_ok;
> +#endif
> + int both_specified = 0;
>
> ...
>
> I guess this "was" the code addressed in the vserver
> patch ... (hope this helps)
>
Thank you for this - but unfortunately I'm not even close too knowing
enough to figure out, how I get an "if (tcp_ipv4_addr_conflict(sk,sk2))
break;" in the replacement code.
> > I was hoping perhaps any of you had suggestions? Perhaps any you would
> > like a kernel that supports IPV6 (including IPSEC - which the current
> > 2.4 ipv6 doesn't - which is also probably why USAGI went in to the 2.5
> > kernel) and vserver :)
>
> IPv6, as far as I know, is still on Jacques TODO list,
> so the IPv6 with or without IPSEC will lack the vserver
> features until this is done (right Jacques?)
>
Though this is correct, still one would be able to use IPv6 addresses -
and then use iptables rules to rewrite them internally to a ipv4 vserver
service, right(?)
> > Thank you for just reading this far ;)
>
> you are welcome
>
Thanks again Herbert :)
-- Regards, Klavs Klavsen--------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant klavs_at_EnableIT.dk - http://www.EnableIT.dk
Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = 2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62 ---------------------------------------------------------------- Open Source Software - Sometimes you get more than you paid for. -- unknown