linux.git/net/netfilter/ipvs, branch v3.0-rc2 Linux kernel source tree IPVS: bug in ip_vs_ftp, same list heaad used in all netns. 2011-05-27T11:37:46+00:00 Hans Schillstrom hans.schillstrom@ericsson.com 2011-05-24T12:11:05+00:00 c74c0bfe0b61cf41a897c2444c038e0d3f600556 When ip_vs was adapted to netns the ftp application was not adapted in a correct way. However this is a fix to avoid kernel errors. In the long term another solution might be chosen. I.e the ports that the ftp appl, uses should be per netns. Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
When ip_vs was adapted to netns the ftp application was not adapted
in a correct way.
However this is a fix to avoid kernel errors. In the long term another solution
might be chosen.  I.e the ports that the ftp appl, uses should be per netns.

Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-17T21:33:11+00:00 David S. Miller davem@davemloft.net 2011-05-17T21:33:11+00:00 9cbc94eabb0791906051bbfac024ef2c2be8e079 Conflicts: drivers/net/vmxnet3/vmxnet3_ethtool.c net/core/dev.c 
Conflicts:
	drivers/net/vmxnet3/vmxnet3_ethtool.c
	net/core/dev.c
IPVS: fix netns if reading ip_vs_* procfs entries 2011-05-15T15:27:18+00:00 Hans Schillstrom hans.schillstrom@ericsson.com 2011-05-15T15:20:29+00:00 0f08190fe8af3cdb6ba19690eb0fa253ecef4bde Without this patch every access to ip_vs in procfs will increase the netns count i.e. an unbalanced get_net()/put_net(). (ipvsadm commands also use procfs.) The result is you can't exit a netns if reading ip_vs_* procfs entries. Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
Without this patch every access to ip_vs in procfs will increase
the netns count i.e. an unbalanced get_net()/put_net().
(ipvsadm commands also use procfs.)
The result is you can't exit a netns if reading ip_vs_* procfs entries.

Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ipvs: Remove all remaining references to rt->rt_{src,dst} 2011-05-12T22:24:46+00:00 Julian Anastasov ja@ssi.bg 2011-05-10T12:46:05+00:00 c92f5ca2e5120796c56455e0a4b7cc0dfd6ceb49 Remove all remaining references to rt->rt_{src,dst} by using dest->dst_saddr to cache saddr (used for TUN mode). For ICMP in FORWARD hook just restrict the rt_mode for NAT to disable LOCALNODE. All other modes do not allow IP_VS_RT_MODE_RDR, so we should be safe with the ICMP forwarding. Using cp->daddr as replacement for rt_dst is safe for all modes except BYPASS, even when cp->dest is NULL because it is cp->daddr that is used to assign cp->dest for sync-ed connections. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net> 
Remove all remaining references to rt->rt_{src,dst}
by using dest->dst_saddr to cache saddr (used for TUN mode).
For ICMP in FORWARD hook just restrict the rt_mode for NAT
to disable LOCALNODE. All other modes do not allow
IP_VS_RT_MODE_RDR, so we should be safe with the ICMP
forwarding. Using cp->daddr as replacement for rt_dst
is safe for all modes except BYPASS, even when cp->dest is
NULL because it is cp->daddr that is used to assign cp->dest
for sync-ed connections.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: David S. Miller <davem@davemloft.net>
ipvs: Eliminate rt->rt_dst usage in __ip_vs_get_out_rt(). 2011-05-12T22:23:23+00:00 David S. Miller davem@davemloft.net 2011-05-09T21:38:06+00:00 44e3125ccd521585e73e6dd228b283ab26993c68 We can simply track what destination address is used based upon which code block is taken at the top of the function. Signed-off-by: David S. Miller <davem@davemloft.net> 
We can simply track what destination address is used based upon which
code block is taken at the top of the function.

Signed-off-by: David S. Miller <davem@davemloft.net>
ipvs: Use IP_VS_RT_MODE_* instead of magic constants. 2011-05-12T22:22:34+00:00 David S. Miller davem@davemloft.net 2011-05-12T22:22:34+00:00 e58b34425bfcb08c6bc8c520b82c37ffcec87072 [ Add some cases I missed, from Julian Anastasov ] Signed-off-by: David S. Miller <davem@davemloft.net> 
[ Add some cases I missed, from Julian Anastasov ]

Signed-off-by: David S. Miller <davem@davemloft.net>
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-3.6 2011-05-11T18:26:58+00:00 David S. Miller davem@davemloft.net 2011-05-11T18:26:15+00:00 3c709f8fb43e07a0403bba4a8ca7ba00ab874994 Conflicts: drivers/net/benet/be_main.c 
Conflicts:
	drivers/net/benet/be_main.c
IPVS: init and cleanup restructuring 2011-05-10T07:52:47+00:00 Hans Schillstrom hans@schillstrom.com 2011-05-03T20:09:31+00:00 7a4f0761fce32ff4918a7c23b08db564ad33092d DESCRIPTION This patch tries to restore the initial init and cleanup sequences that was before namspace patch. Netns also requires action when net devices unregister which has never been implemented. I.e this patch also covers when a device moves into a network namespace, and has to be released. IMPLEMENTATION The number of calls to register_pernet_device have been reduced to one for the ip_vs.ko Schedulers still have their own calls. This patch adds a function __ip_vs_service_cleanup() and an enable flag for the netfilter hooks. The nf hooks will be enabled when the first service is loaded and never disabled again, except when a namespace exit starts. Signed-off-by: Hans Schillstrom <hans@schillstrom.com> Acked-by: Julian Anastasov <ja@ssi.bg> [horms@verge.net.au: minor edit to changelog] Signed-off-by: Simon Horman <horms@verge.net.au> 
DESCRIPTION
This patch tries to restore the initial init and cleanup
sequences that was before namspace patch.
Netns also requires action when net devices unregister
which has never been implemented. I.e this patch also
covers when a device moves into a network namespace,
and has to be released.

IMPLEMENTATION
The number of calls to register_pernet_device have been
reduced to one for the ip_vs.ko
Schedulers still have their own calls.

This patch adds a function __ip_vs_service_cleanup()
and an enable flag for the netfilter hooks.

The nf hooks will be enabled when the first service is loaded
and never disabled again, except when a namespace exit starts.

Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
[horms@verge.net.au: minor edit to changelog]
Signed-off-by: Simon Horman <horms@verge.net.au>
IPVS: Change of socket usage to enable name space exit. 2011-05-10T07:52:33+00:00 Hans Schillstrom hans@schillstrom.com 2011-05-03T20:09:30+00:00 1ae132b0347907ac95b8bc9dba37934f59d2a508 If the sync daemons run in a name space while it crashes or get killed, there is no way to stop them except for a reboot. When all patches are there, ip_vs_core will handle register_pernet_(), i.e. ip_vs_sync_init() and ip_vs_sync_cleanup() will be removed. Kernel threads should not increment the use count of a socket. By calling sk_change_net() after creating a socket this is avoided. sock_release cant be used intead sk_release_kernel() should be used. Thanks Eric W Biederman for your advices. Signed-off-by: Hans Schillstrom <hans@schillstrom.com> [horms@verge.net.au: minor edit to changelog] Signed-off-by: Simon Horman <horms@verge.net.au> 
If the sync daemons run in a name space while it crashes
or get killed, there is no way to stop them except for a reboot.
When all patches are there, ip_vs_core will handle register_pernet_(),
i.e. ip_vs_sync_init() and ip_vs_sync_cleanup() will be removed.

Kernel threads should not increment the use count of a socket.
By calling sk_change_net() after creating a socket this is avoided.
sock_release cant be used intead sk_release_kernel() should be used.

Thanks Eric W Biederman for your advices.

Signed-off-by: Hans Schillstrom <hans@schillstrom.com>
[horms@verge.net.au: minor edit to changelog]
Signed-off-by: Simon Horman <horms@verge.net.au>
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2011-04-19T18:24:06+00:00 David S. Miller davem@davemloft.net 2011-04-19T18:24:06+00:00 4805347c1eb12cfe79f42a12a5442ee01590a9c0