From: ebiederm@xmission.com (Eric W. Biederman)
To: Simon Horman <horms@verge.net.au>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org,
Wensong Zhang <wensong@linux-vs.org>,
Julian Anastasov <ja@ssi.bg>
Subject: Re: [GIT-PULL nf-next 00/15] IPVS Updates for v4.4
Date: Fri, 18 Sep 2015 09:20:42 -0500 [thread overview]
Message-ID: <87io77stad.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <1442468451-24012-1-git-send-email-horms@verge.net.au> (Simon Horman's message of "Thu, 17 Sep 2015 14:40:36 +0900")
Simon Horman <horms@verge.net.au> writes:
> Hi Pablo,
>
> please consider these IPVS Updates for v4.4.
Just a quick heads up.
In my work to pass struct net down into the netfilter functions so they
don't have to guess, I wound up performing some significant surgery on
ipvs. In particular so the code stayed clean I wound up turning the
relationship between struct net, and the structures netns_ipvs,
ip_vs_conn_param, ip_vs_conn, ip_vs_service inside out. That is in
every structure holds a struct net reference and in every function that
takes a struct net reference I use a struct netns_ipvs reference
instead.
In most cases netns_ipvs is what the code actually wants so this just
reduces the unncessary rigamarole the code has to go through, and just
plain feels cleaner. For example all of the sysctl wrappers wind up
taking struct netns_ipvs reference because it has become the natural
thing for them to do.
There are also quite a few functions where I have added a netns_ipvs
parameter so they would not have to guess, so in the addition of
parameters the code change is about the same as my previous patch.
I do not think there are any conflicts that will be difficult to resolve
between this patchset and my pending changes, as my pending changes
barely perform any changes of substance. My changes do result in
conflicts.
For example in my pending changes and in this patchset they both change
the function prototype of ip_vs_protocol.conn_in_get. My pending
changes add struct netns_ipvs as the first parameter and these patches
remove the final inverse parameter.
Eric
> The updates include the following from Alex Gartrell:
> * Scheduling of ICMP
> * Sysctl to ignore tunneled packets; and hence some packet-looping scenarios
>
> The following changes since commit 851345c5bbb4644911f7c351c042559a71f57d19:
>
> netfilter: reduce sparse warnings (2015-08-28 21:04:12 +0200)
>
> are available in the git repository at:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git tags/ipvs-for-v4.4
>
> for you to fetch changes up to 4e478098ac0ac1b6ef9a70fcdc2ec8b93f1b59a1:
>
> ipvs: add sysctl to ignore tunneled packets (2015-09-17 11:50:02 +0900)
>
> ----------------------------------------------------------------
> Alex Gartrell (15):
> ipvs: replace ip_vs_fill_ip4hdr with ip_vs_fill_iph_skb_off
> ipvs: Add hdr_flags to iphdr
> ipvs: Handle inverse and icmp headers in ip_vs_leave
> ipvs: pull out ip_vs_try_to_schedule function
> ipvs: drop inverse argument to conn_{in,out}_get
> ipvs: Make ip_vs_schedule aware of inverse iph'es
> ipvs: add schedule_icmp sysctl
> ipvs: Use outer header in ip_vs_bypass_xmit_v6
> ipvs: sh: support scheduling icmp/inverse packets consistently
> ipvs: attempt to schedule icmp packets
> ipvs: ensure that ICMP cannot be sent in reply to ICMP
> ipvs: support scheduling inverse and icmp TCP packets
> ipvs: support scheduling inverse and icmp UDP packets
> ipvs: support scheduling inverse and icmp SCTP packets
> ipvs: add sysctl to ignore tunneled packets
>
> Documentation/networking/ipvs-sysctl.txt | 10 ++
> include/net/ip_vs.h | 120 ++++++++++---
> net/netfilter/ipvs/ip_vs_conn.c | 12 +-
> net/netfilter/ipvs/ip_vs_core.c | 299 +++++++++++++++++++------------
> net/netfilter/ipvs/ip_vs_ctl.c | 15 +-
> net/netfilter/ipvs/ip_vs_pe_sip.c | 2 +-
> net/netfilter/ipvs/ip_vs_proto_ah_esp.c | 17 +-
> net/netfilter/ipvs/ip_vs_proto_sctp.c | 34 ++--
> net/netfilter/ipvs/ip_vs_proto_tcp.c | 38 +++-
> net/netfilter/ipvs/ip_vs_proto_udp.c | 25 ++-
> net/netfilter/ipvs/ip_vs_sh.c | 45 +++--
> net/netfilter/ipvs/ip_vs_xmit.c | 24 +--
> net/netfilter/xt_ipvs.c | 4 +-
> 13 files changed, 427 insertions(+), 218 deletions(-)
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2015-09-18 14:20 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-17 5:40 [GIT-PULL nf-next 00/15] IPVS Updates for v4.4 Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 01/15] ipvs: replace ip_vs_fill_ip4hdr with ip_vs_fill_iph_skb_off Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 02/15] ipvs: Add hdr_flags to iphdr Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 03/15] ipvs: Handle inverse and icmp headers in ip_vs_leave Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 04/15] ipvs: pull out ip_vs_try_to_schedule function Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 05/15] ipvs: drop inverse argument to conn_{in,out}_get Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 06/15] ipvs: Make ip_vs_schedule aware of inverse iph'es Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 07/15] ipvs: add schedule_icmp sysctl Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 08/15] ipvs: Use outer header in ip_vs_bypass_xmit_v6 Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 09/15] ipvs: sh: support scheduling icmp/inverse packets consistently Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 10/15] ipvs: attempt to schedule icmp packets Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 11/15] ipvs: ensure that ICMP cannot be sent in reply to ICMP Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 12/15] ipvs: support scheduling inverse and icmp TCP packets Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 13/15] ipvs: support scheduling inverse and icmp UDP packets Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 14/15] ipvs: support scheduling inverse and icmp SCTP packets Simon Horman
2015-09-17 5:40 ` [PATCH nf-next 15/15] ipvs: add sysctl to ignore tunneled packets Simon Horman
2015-09-18 14:20 ` Eric W. Biederman [this message]
2015-09-18 20:17 ` [GIT-PULL nf-next 00/15] IPVS Updates for v4.4 Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87io77stad.fsf@x220.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=lvs-devel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=wensong@linux-vs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.