41 lines
1.6 KiB
Diff
41 lines
1.6 KiB
Diff
|
From 50e8a8d56cd5a3d7184b035708865302bbc7ef69 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Quentin Armitage <quentin@armitage.org.uk>
|
||
|
|
Date: Tue, 8 Feb 2022 17:43:49 +0000
|
||
|
|
Subject: [PATCH] ipvs: nft didn't support meta l4proro until Linux 3.14
|
||
|
|
|
||
|
|
For Linux 3.13 (first version to support nftables), we instead specify:
|
||
|
|
ipv4: @nh,72,8 PROTO
|
||
|
|
ipv6: @nh,48,8 PROTO
|
||
|
|
|
||
|
|
Signed-off-by: Quentin Armitage <quentin@armitage.org.uk>
|
||
|
|
|
||
|
|
[Retrieved from:
|
||
|
|
https://github.com/acassen/keepalived/commit/50e8a8d56cd5a3d7184b035708865302bbc7ef69]
|
||
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||
|
|
---
|
||
|
|
keepalived/check/check_nftables.c | 11 ++++++++++-
|
||
|
|
1 file changed, 10 insertions(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/keepalived/check/check_nftables.c b/keepalived/check/check_nftables.c
|
||
|
|
index 2d163ac14..45831203b 100644
|
||
|
|
--- a/keepalived/check/check_nftables.c
|
||
|
|
+++ b/keepalived/check/check_nftables.c
|
||
|
|
@@ -150,7 +150,16 @@ setup_rule_set_mark(uint8_t family, const char *table,
|
||
|
|
nftnl_rule_set_u64(r, NFTNL_RULE_POSITION, handle_num);
|
||
|
|
}
|
||
|
|
|
||
|
|
- add_meta(r, NFT_META_L4PROTO, NFT_REG_1);
|
||
|
|
+#if HAVE_DECL_NFT_META_L4PROTO
|
||
|
|
+ add_meta(r, NFT_META_L4PROTO, NFT_REG_1); /* From Linux 3.14 */
|
||
|
|
+#else
|
||
|
|
+ if (family == NFPROTO_IPV4)
|
||
|
|
+ add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
|
||
|
|
+ offsetof(struct iphdr, protocol), sizeof(((struct iphdr *)NULL)->protocol));
|
||
|
|
+ else
|
||
|
|
+ add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
|
||
|
|
+ offsetof(struct ip6_hdr, ip6_nxt), sizeof(((struct ip6_hdr *)NULL)->ip6_nxt));
|
||
|
|
+#endif
|
||
|
|
add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &l4_protocol, sizeof(l4_protocol));
|
||
|
|
if (family == NFPROTO_IPV4)
|
||
|
|
add_payload(r, NFT_PAYLOAD_NETWORK_HEADER, NFT_REG_1,
|