On Mon, 2003-01-27 at 17:52, Herbert Poetzl wrote: > On Mon, Jan 27, 2003 at 05:20:57PM +0100, klavs klavsen wrote: > > Hi guys, > > > > While hoping to test vserver on 2.5 (which includes USAGI - but > > unfortunately not vserver yet) at some point :) I'm trying to patch my > > 2.4.20 kernel with Usage (www.linux-ipv6.org) and cryptoapi. > > first, as far as I know the crypto api was created > to separate the crypto issues from the kernel and > establish a single interface point (which is the > patched loop device) ... so I would suggest to patch > the crypto stuff last, because it should "adapt" > I only patched the loopback device - but no problem - unfortunately doesn't change anything :(
[SNIP]
> > when looking in tcp_ipv4.c I find that the patch #hunk 2:
> >
> > *** 201,207 ****
> > !sk2->reuse ||
> > sk2->state == TCP_LISTEN) {
> > ! if (!sk2->rcv_saddr ||
> > ! !sk->rcv_saddr ||
> > ! (sk2->rcv_saddr == sk->rcv_saddr))
> > break;
> > }
> > --- 251,255 ----
> > !sk2->reuse ||
> > sk2->state == TCP_LISTEN) {
> > ! if (tcp_ipv4_addr_conflict(sk,sk2))
> > break;
> > }
> > ***************
> >
> > the line sk2->state == TCP_LISTEN is nowhere to be found in tcp_ipv4
> > (since the USAGI patch was applied) so I'm at a loss, to figure out a
> > way to get USAGI and vserver working together on 2.4.20.
>
> had a look at usagi-linux24-s20030120-2.4.20.diff.bz2
same I used :)
> (don't know which version you used) but a look at the
> diff should show you the following lines ...
>
> @@ -177,23 +191,157 @@
>
> ...
>
> - sk2->state == TCP_LISTEN) {
> - if (!sk2->rcv_saddr ||
> - !sk->rcv_saddr ||
> - (sk2->rcv_saddr == sk->rcv_saddr))
> - break;
> +#if defined(CONFIG_NET_RESTRICTED_REUSE) ||
>defined(CONFIG_IPV6_RESTRICTED_DOUBLE_BIND)
> + uid_t sk2_uid;
> + int uid_ok;
> +#endif
> + int both_specified = 0;
>
> ...
>
> I guess this "was" the code addressed in the vserver
> patch ... (hope this helps)
>
Thank you for this - but unfortunately I'm not even close too knowing
enough to figure out, how I get an "if (tcp_ipv4_addr_conflict(sk,sk2))
break;" in the replacement code.
> > I was hoping perhaps any of you had suggestions? Perhaps any you would
> > like a kernel that supports IPV6 (including IPSEC - which the current
> > 2.4 ipv6 doesn't - which is also probably why USAGI went in to the 2.5
> > kernel) and vserver :)
>
> IPv6, as far as I know, is still on Jacques TODO list,
> so the IPv6 with or without IPSEC will lack the vserver
> features until this is done (right Jacques?)
>
Though this is correct, still one would be able to use IPv6 addresses -
and then use iptables rules to rewrite them internally to a ipv4 vserver
service, right(?)
> > Thank you for just reading this far ;)
>
> you are welcome
>
Thanks again Herbert :)
--
Regards,
Klavs Klavsen
--------------| This mail has been sent to you by: |------------
Klavs Klavsen - Open Source Consultant
[EMAIL PROTECTED] - http://www.EnableIT.dk
Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA
Fingerprint = 2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62
----------------------------------------------------------------
Open Source Software - Sometimes you get more than you paid for.
-- unknown
signature.asc
Description: This is a digitally signed message part
