* Re: [RFC PATCH 5/9] ipvs network name space aware
From: Simon Horman @ 2010-10-21 11:16 UTC (permalink / raw)
To: Hans Schillstrom
Cc: lvs-devel, netdev, netfilter-devel, ja, wensong, daniel.lezcano
In-Reply-To: <201010081317.04167.hans.schillstrom@ericsson.com>
On Fri, Oct 08, 2010 at 01:17:02PM +0200, Hans Schillstrom wrote:
> This patch just contains ip_vs_ctl
>
> Signed-off-by:Hans Schillstrom <hans.schillstrom@ericsson.com>
>
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index ca8ec8c..7e99cbc 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
[ snip ]
> @@ -2680,10 +2664,15 @@ static int ip_vs_genl_dump_services(struct sk_buff *skb,
> int idx = 0, i;
> int start = cb->args[0];
> struct ip_vs_service *svc;
> -
> + struct net *net = skb->sk->sk_net;
skb->sk->sk_net needs CONFIG_NS_NET.
Is your plan for IPVS to unconditionally depend on CONFIG_NS_NET?
It would be nice to avoid that, but I fear it will be too messy.
> + struct netns_ipvs *ipvs;
> + if (!net)
> + net = dev_net(skb->dev);
> + BUG_ON(!net);
> + ipvs = net->ipvs;
> mutex_lock(&__ip_vs_mutex);
> for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
> - list_for_each_entry(svc, &ip_vs_svc_table[i], s_list) {
> + list_for_each_entry(svc, &ipvs->ctl_svc_table[i], s_list) {
> if (++idx <= start)
> continue;
> if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
[ snip ]
^ permalink raw reply
* Re: [RFC PATCH 5/9] ipvs network name space aware
From: Eric Dumazet @ 2010-10-21 11:26 UTC (permalink / raw)
To: Simon Horman
Cc: Hans Schillstrom, lvs-devel, netdev, netfilter-devel, ja, wensong,
daniel.lezcano
In-Reply-To: <20101021111644.GA25555@verge.net.au>
Le jeudi 21 octobre 2010 à 13:16 +0200, Simon Horman a écrit :
> > @@ -2680,10 +2664,15 @@ static int ip_vs_genl_dump_services(struct sk_buff *skb,
> > int idx = 0, i;
> > int start = cb->args[0];
> > struct ip_vs_service *svc;
> > -
> > + struct net *net = skb->sk->sk_net;
>
> skb->sk->sk_net needs CONFIG_NS_NET.
> Is your plan for IPVS to unconditionally depend on CONFIG_NS_NET?
> It would be nice to avoid that, but I fear it will be too messy.
>
struct net *net = sock_net(skb->sk);
is your friend ;)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
* Re: [PATCH net-next-2.6] be2net: Changes to use only priority codes allowed by f/w
From: David Miller @ 2010-10-21 11:27 UTC (permalink / raw)
To: somnath.kotur; +Cc: netdev
In-Reply-To: <20101019085114.GA352@emulex.com>
From: Somnath Kotur <somnath.kotur@emulex.com>
Date: Tue, 19 Oct 2010 14:21:14 +0530
> Changes to use one of the priority codes allowed by CNA f/w for NIC traffic
> from host. The driver gets the bit map of the priority codes allowed for
> host traffic through a asynchronous message from the f/w that the driver
> subscribes to.
>
> Signed-off-by: Somnath Kotur <somnath.kotur@emulex.com>
This patch does not apply to the current tree.
^ permalink raw reply
* Re: [PATCH v2.6.36-rc7] net/neighbour: cancel_delayed_work() + flush_scheduled_work() -> cancel_delayed_work_sync()
From: David Miller @ 2010-10-21 11:29 UTC (permalink / raw)
To: tj; +Cc: netdev, linux-kernel
In-Reply-To: <4CBDC19A.60709@kernel.org>
From: Tejun Heo <tj@kernel.org>
Date: Tue, 19 Oct 2010 18:04:42 +0200
> flush_scheduled_work() is going away. Prepare for it.
>
> Signed-off-by: Tejun Heo <tj@kernel.org>
Applied.
^ permalink raw reply
* Re: [PATCH] bridge: Forward reserved group addresses if !STP
From: David Miller @ 2010-10-21 11:29 UTC (permalink / raw)
To: shemminger
Cc: benjamin.poirier, herbert, eric.dumazet, jpirko, bridge, netdev,
linux-kernel
In-Reply-To: <20101018202858.7342f2cb@nehalam>
From: Stephen Hemminger <shemminger@linux-foundation.org>
Date: Mon, 18 Oct 2010 20:28:58 -0700
> On Mon, 18 Oct 2010 22:09:35 -0400
> Benjamin Poirier <benjamin.poirier@polymtl.ca> wrote:
>
>> Make all frames sent to reserved group MAC addresses (01:80:c2:00:00:00 to
>> 01:80:c2:00:00:0f) be forwarded if STP is disabled. This enables
>> forwarding EAPOL frames, among other things.
>>
>> Signed-off-by: Benjamin Poirier <benjamin.poirier@polymtl.ca>
>
> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Applied, thanks.
^ permalink raw reply
* mmotm 2010-10-20 - netfilter Kconfig whinge
From: Valdis.Kletnieks @ 2010-10-21 11:14 UTC (permalink / raw)
To: Andrew Morton, Patrick McHardy; +Cc: linux-kernel, netfilter, netdev
In-Reply-To: <201010202233.o9KMXNoL008303@imap1.linux-foundation.org>
[-- Attachment #1: Type: text/plain, Size: 633 bytes --]
On Wed, 20 Oct 2010 15:01:43 PDT, akpm@linux-foundation.org said:
> The mm-of-the-moment snapshot 2010-10-20-15-01 has been uploaded to
>
> http://userweb.kernel.org/~akpm/mmotm/
Seen during 'make oldconfig':
Input subsystem LEDs Trigger (LEDS_TRIGGER_INPUT) [N/m/y/?] (NEW) m
*
* iptables trigger is under Netfilter config (LED target)
*
warning: (NETFILTER_XT_MATCH_REALM && NET && INET && NETFILTER && NETFILTER_XTABLES && NETFILTER_ADVANCED || NET_CLS_ROUTE4 && NET && NET_SCHED) selects NET_CLS_ROUTE which has unmet direct dependencies (NET && NET_SCHED)
#
# configuration written to .config
#
[-- Attachment #2: Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply
* Re: [PATCH] ipv4: synchronize bind() with RTM_NEWADDR notifications
From: Timo Teräs @ 2010-10-21 11:29 UTC (permalink / raw)
To: David Miller; +Cc: eric.dumazet, netdev
In-Reply-To: <20101021.040319.191412436.davem@davemloft.net>
On 10/21/2010 02:03 PM, David Miller wrote:
> From: Timo Teräs <timo.teras@iki.fi>
> Date: Thu, 21 Oct 2010 13:58:08 +0300
>
>> On 10/21/2010 01:50 PM, David Miller wrote:
>>> From: Timo Teräs <timo.teras@iki.fi>
>>> Date: Thu, 21 Oct 2010 13:41:37 +0300
>>>
>>>> Is inet_bind() called from non-userland context? If yes, then this is a
>>>> bad idea. Otherwise I don't think it's that hot path...
>>>
>>> It is.
>>
>> Yet, almost immediately after that there is lock_sock() which can also
>> sleep. How does that work then?
>
> RTNL interlocks globally with a heavy primitive, a mutex, lock_sock()
> grabs a spinlcok which is local to the socket's context.
>
> So if we have 100,000 sockets binding we'll suck with you're change
> whereas the lock_sock() does not cause that problem.
>
> Is this so difficult for you to comprehend?
I was confused with Dave's original reply "It is." as referring to that
inet_bind() can get called from non-userland context. But apparently you
just meant that "It is (bad idea regardless)."
I thought the problem was possible sleeping, and not contention. Which
became very obvious from Eric's example. I didn't realize that many do
bind()/recv()/send() as general workload.
Sorry for not seeing the obvious.
This is the third time asking, what would be a good way to fix the
problem described in the original commit log?
Changing RTM_NEWADDR after FIB update would break Netlink event
ordering. And this breaks performance. I can't really use RTN_LOCAL
RTM_NEWROUTE events since (at least IPv6 side) has incorrect ifindex.
Should inet_addr_type() be rewritten to not use FIB lookups?
^ permalink raw reply
* Re: [PATCH v2] CAPI: Silence lockdep warning on get_capi_appl_by_nr usage
From: David Miller @ 2010-10-21 11:29 UTC (permalink / raw)
To: jan.kiszka; +Cc: linux-kernel, i4ldeveloper, netdev, isdn, peterz
In-Reply-To: <4CBB13B7.8080705@web.de>
From: Jan Kiszka <jan.kiszka@web.de>
Date: Sun, 17 Oct 2010 17:18:15 +0200
> As long as we hold capi_controller_lock, we can safely access
> capi_applications without RCU protection as no one can modify the
> application list underneath us. Introduce an RCU-free
> __get_capi_appl_by_nr for this purpose. This silences lockdep warnings
> on suspicious rcu_dereference usage.
>
> Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Applied.
^ permalink raw reply
* Re: [PATCH 2/3] cxgb4: function namespace cleanup (v3)
From: David Miller @ 2010-10-21 11:30 UTC (permalink / raw)
To: dm; +Cc: shemminger, swise, divy, leedom, netdev
In-Reply-To: <4CBCD548.3030005@chelsio.com>
From: Dimitris Michailidis <dm@chelsio.com>
Date: Mon, 18 Oct 2010 16:16:24 -0700
> Stephen Hemminger wrote:
>> Make functions only used in one file local.
>> Remove lots of dead code, relating to unsupported functions
>> in mainline driver like RSS, IPv6, and TCP offload.
>> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
>
> Acked-by: Dimitris Michailidis <dm@chelsio.com>
Applied.
^ permalink raw reply
* Re: [PATCH v2] b44: fix resume, request_irq after hw reset
From: David Miller @ 2010-10-21 11:30 UTC (permalink / raw)
To: james
Cc: zambrano, jpirko, fujita.tomonori, hauke, Larry.Finger, netdev,
linux-kernel, akpm
In-Reply-To: <201010171249.00485.james@albanarts.com>
From: James Hogan <james@albanarts.com>
Date: Sun, 17 Oct 2010 12:48:59 +0100
> On resume, call request_irq() after resetting the hardware rather than
> before. It's a shared interrupt so the handler could be called
> immediately if another device on the same irq interrupts (and will be
> called immediately if CONFIG_DEBUG_SHIRQ=y), but unless the hardware is
> reinitialised with b44_init_hw() the read of the interrupt status
> register will hang the system.
>
> Signed-off-by: James Hogan <james@albanarts.com>
Applied.
^ permalink raw reply
* Re: [PATCH v2 1/9] tproxy: split off ipv6 defragmentation to a separate module
From: Patrick McHardy @ 2010-10-21 11:30 UTC (permalink / raw)
To: KOVACS Krisztian; +Cc: netdev, netfilter-devel, Balazs Scheidler, David Miller
In-Reply-To: <20101021104709.5192.64336.stgit@este.odu>
Am 21.10.2010 12:47, schrieb KOVACS Krisztian:
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
> index 138a8b3..bb669b4 100644
> --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
> +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
> @@ -73,7 +73,7 @@ static struct inet_frags nf_frags;
> static struct netns_frags nf_init_frags;
>
> #ifdef CONFIG_SYSCTL
> -struct ctl_table nf_ct_ipv6_sysctl_table[] = {
> +struct ctl_table nf_ct_frag6_sysctl_table[] = {
> {
> .procname = "nf_conntrack_frag6_timeout",
> .data = &nf_init_frags.timeout,
> @@ -97,6 +97,8 @@ struct ctl_table nf_ct_ipv6_sysctl_table[] = {
> },
> { }
> };
> +
> +static struct ctl_table_header *nf_ct_frag6_sysctl_header;
> #endif
>
> static unsigned int nf_hashfn(struct inet_frag_queue *q)
> @@ -623,11 +625,19 @@ int nf_ct_frag6_init(void)
> inet_frags_init_net(&nf_init_frags);
> inet_frags_init(&nf_frags);
>
> + nf_ct_frag6_sysctl_header = register_sysctl_paths(nf_net_netfilter_sysctl_path,
> + nf_ct_frag6_sysctl_table);
> + if (!nf_ct_frag6_sysctl_header)
> + return -ENOMEM;
This needs to call inet_frags_fini() on errors since inet_frags_init()
starts a timer to recalculate the secret.
> +
> return 0;
> }
>
> void nf_ct_frag6_cleanup(void)
> {
> + unregister_sysctl_table(nf_ct_frag6_sysctl_header);
> + nf_ct_frag6_sysctl_header = NULL;
> +
> inet_frags_fini(&nf_frags);
>
> nf_init_frags.low_thresh = 0;
> diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
> new file mode 100644
> index 0000000..99abfb5
> --- /dev/null
> +++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
> @@ -0,0 +1,131 @@
> +/* (C) 1999-2001 Paul `Rusty' Russell
> + * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
> + *
> + * This program is free software; you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License version 2 as
> + * published by the Free Software Foundation.
> + */
> +
> +#include <linux/types.h>
> +#include <linux/ipv6.h>
> +#include <linux/in6.h>
> +#include <linux/netfilter.h>
> +#include <linux/module.h>
> +#include <linux/skbuff.h>
> +#include <linux/icmp.h>
> +#include <linux/sysctl.h>
> +#include <net/ipv6.h>
> +#include <net/inet_frag.h>
> +
> +#include <linux/netfilter_ipv6.h>
> +#include <linux/netfilter_bridge.h>
> +#include <net/netfilter/nf_conntrack.h>
> +#include <net/netfilter/nf_conntrack_helper.h>
> +#include <net/netfilter/nf_conntrack_l4proto.h>
> +#include <net/netfilter/nf_conntrack_l3proto.h>
> +#include <net/netfilter/nf_conntrack_core.h>
> +#include <net/netfilter/nf_conntrack_zones.h>
> +#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
> +#include <net/netfilter/ipv6/nf_defrag_ipv6.h>
> +
> +static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
> + struct sk_buff *skb)
> +{
> + u16 zone = NF_CT_DEFAULT_ZONE;
> +
> + if (skb->nfct)
> + zone = nf_ct_zone((struct nf_conn *)skb->nfct);
> +
> +#ifdef CONFIG_BRIDGE_NETFILTER
> + if (skb->nf_bridge &&
> + skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
> + return IP6_DEFRAG_CONNTRACK_BRIDGE_IN + zone;
> +#endif
> + if (hooknum == NF_INET_PRE_ROUTING)
> + return IP6_DEFRAG_CONNTRACK_IN + zone;
> + else
> + return IP6_DEFRAG_CONNTRACK_OUT + zone;
> +
> +}
> +
> +static unsigned int ipv6_defrag(unsigned int hooknum,
> + struct sk_buff *skb,
> + const struct net_device *in,
> + const struct net_device *out,
> + int (*okfn)(struct sk_buff *))
> +{
> + struct sk_buff *reasm;
> +
> + /* Previously seen (loopback)? */
> + if (skb->nfct && !nf_ct_is_template((struct nf_conn *)skb->nfct))
> + return NF_ACCEPT;
> +
> + reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(hooknum, skb));
> + /* queued */
> + if (reasm == NULL)
> + return NF_STOLEN;
> +
> + /* error occured or not fragmented */
> + if (reasm == skb)
> + return NF_ACCEPT;
> +
> + nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in,
> + (struct net_device *)out, okfn);
> +
> + return NF_STOLEN;
> +}
> +
> +static struct nf_hook_ops ipv6_defrag_ops[] = {
> + {
> + .hook = ipv6_defrag,
> + .owner = THIS_MODULE,
> + .pf = NFPROTO_IPV6,
> + .hooknum = NF_INET_PRE_ROUTING,
> + .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
> + },
> + {
> + .hook = ipv6_defrag,
> + .owner = THIS_MODULE,
> + .pf = NFPROTO_IPV6,
> + .hooknum = NF_INET_LOCAL_OUT,
> + .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
> + },
> +};
> +
> +static int __init nf_defrag_init(void)
> +{
> + int ret = 0;
> +
> + ret = nf_ct_frag6_init();
> + if (ret < 0) {
> + pr_err("nf_defrag_ipv6: can't initialize frag6.\n");
> + return ret;
> + }
> + ret = nf_register_hooks(ipv6_defrag_ops, ARRAY_SIZE(ipv6_defrag_ops));
> + if (ret < 0) {
> + pr_err("nf_defrag_ipv6: can't register hooks\n");
> + goto cleanup_frag6;
> + }
> + return ret;
> +
> +cleanup_frag6:
> + nf_ct_frag6_cleanup();
> + return ret;
> +
> +}
> +
> +static void __exit nf_defrag_fini(void)
> +{
> + nf_unregister_hooks(ipv6_defrag_ops, ARRAY_SIZE(ipv6_defrag_ops));
> + nf_ct_frag6_cleanup();
> +}
> +
> +void nf_defrag_ipv6_enable(void)
> +{
> +}
> +EXPORT_SYMBOL_GPL(nf_defrag_ipv6_enable);
> +
> +module_init(nf_defrag_init);
> +module_exit(nf_defrag_fini);
> +
> +MODULE_LICENSE("GPL");
>
>
^ permalink raw reply
* Re: [PATCH 2/2] drivers/net/ax88796.c: Return error code in failure
From: David Miller @ 2010-10-21 11:31 UTC (permalink / raw)
To: julia; +Cc: p_gortmaker, kernel-janitors, netdev, linux-kernel
In-Reply-To: <1287411074-19825-2-git-send-email-julia@diku.dk>
From: Julia Lawall <julia@diku.dk>
Date: Mon, 18 Oct 2010 16:11:14 +0200
> In this code, 0 is returned on failure, even though other
> failures return -ENOMEM or other similar values.
>
> A simplified version of the semantic match that finds this problem is as
> follows: (http://coccinelle.lip6.fr/)
...
> Signed-off-by: Julia Lawall <julia@diku.dk>
Applied.
^ permalink raw reply
* Re: [PATCH net-next 3/5] tipc: Optimizations to bearer enabling logic
From: David Miller @ 2010-10-21 11:31 UTC (permalink / raw)
To: paul.gortmaker; +Cc: nhorman, netdev, allan.stephens
In-Reply-To: <20101018214356.GA27204@windriver.com>
From: Paul Gortmaker <paul.gortmaker@windriver.com>
Date: Mon, 18 Oct 2010 17:43:56 -0400
>>From 35b078621c4ca6e6f5a5aed80c34594e00f08c8e Mon Sep 17 00:00:00 2001
> From: Allan Stephens <allan.stephens@windriver.com>
> Date: Thu, 14 Oct 2010 16:09:23 -0400
> Subject: [PATCH] tipc: delete needless memset from bearer enabling.
>
> Eliminates zeroing out of the new bearer structure at the start of
> activation, since it is already in that state.
>
> Signed-off-by: Allan Stephens <allan.stephens@windriver.com>
> Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Applied, thanks.
^ permalink raw reply
* Re: [PATCH net-next] napi: unexport napi_reuse_skb
From: David Miller @ 2010-10-21 11:31 UTC (permalink / raw)
To: shemminger; +Cc: netdev
In-Reply-To: <20101019101210.1bcff4af@nehalam>
From: Stephen Hemminger <shemminger@vyatta.com>
Date: Tue, 19 Oct 2010 10:12:10 -0700
> The function napi_reuse_skb is only used inside core.
>
> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Applied.
^ permalink raw reply
* Re: [PATCH net-next] rds: make local functions/variables static
From: David Miller @ 2010-10-21 11:31 UTC (permalink / raw)
To: shemminger; +Cc: andy.grover, zach.brown, chris.mason, rds-devel, netdev
In-Reply-To: <20101019110833.7ef05180@nehalam>
From: Stephen Hemminger <shemminger@vyatta.com>
Date: Tue, 19 Oct 2010 11:08:33 -0700
> The RDS protocol has lots of functions that should be
> declared static. rds_message_get/add_version_extension is
> removed since it defined but never used.
>
> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Applied.
^ permalink raw reply
* Re: [PATCH net-next] 9p: client code cleanup
From: David Miller @ 2010-10-21 11:32 UTC (permalink / raw)
To: shemminger; +Cc: ericvh, rminnich, lucho, v9fs-developer, netdev
In-Reply-To: <20101019094816.7898beff@nehalam>
From: Stephen Hemminger <shemminger@vyatta.com>
Date: Tue, 19 Oct 2010 09:48:16 -0700
> Make p9_client_version static since only used in one file.
> Remove p9_client_auth because it is defined but never used.
> Compile tested only.
>
> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Applied.
^ permalink raw reply
* Re: [PATCH net-next-2.6] can-raw: add msg_flags to distinguish local traffic
From: David Miller @ 2010-10-21 11:32 UTC (permalink / raw)
To: socketcan-fJ+pQTUTwRTk1uMJSBkQmQ
Cc: socketcan-core-0fE9KPoRgkgATYTw5x5z8w,
netdev-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <4CBDF234.9000509-fJ+pQTUTwRTk1uMJSBkQmQ@public.gmane.org>
From: Oliver Hartkopp <socketcan-fJ+pQTUTwRTk1uMJSBkQmQ@public.gmane.org>
Date: Tue, 19 Oct 2010 21:32:04 +0200
> CAN has no addressing scheme. It is currently impossible for userspace
> to tell is a received CAN frame comes from another process on the local
> host, or from a remote CAN device.
>
> This patch add support for userspace applications to distinguish between
> 'own', 'local' and 'remote' CAN traffic. The distinction is made by returning
> flags in msg->msg_flags in the call to recvmsg().
>
> The added documentation explains the introduced flags.
>
> Signed-off-by: Kurt Van Dijck <kurt.van.dijck-/BeEPy95v10@public.gmane.org>
> Signed-off-by: Oliver Hartkopp <socketcan-fJ+pQTUTwRTk1uMJSBkQmQ@public.gmane.org>
Applied.
^ permalink raw reply
* Re: [PATCH 1/2] can: mcp251x: fix endless loop in interrupt handler if CANINTF_MERRF is set
From: David Miller @ 2010-10-21 11:32 UTC (permalink / raw)
To: mkl-bIcnvbaLZ9MEGnE8C9+IrQ
Cc: socketcan-core-0fE9KPoRgkgATYTw5x5z8w,
netdev-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <1287568946-32727-2-git-send-email-mkl-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
From: Marc Kleine-Budde <mkl-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
Date: Wed, 20 Oct 2010 12:02:25 +0200
> Commit d3cd15657516141adce387810be8cb377baf020e introduced a bug, the
> interrupt handler would loop endlessly if the CANINTF_MERRF bit is set,
> because it's not cleared.
>
> This patch fixes the problem by masking out the CANINTF_MERRF and all other
> non interesting bits.
>
> Signed-off-by: Marc Kleine-Budde <mkl-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
Applied.
^ permalink raw reply
* Re: [PATCH 2/2] can: mcp251x: fix generation of error frames
From: David Miller @ 2010-10-21 11:33 UTC (permalink / raw)
To: mkl-bIcnvbaLZ9MEGnE8C9+IrQ
Cc: socketcan-core-0fE9KPoRgkgATYTw5x5z8w,
netdev-u79uwXL29TY76Z2rM5mHXA
In-Reply-To: <1287568946-32727-3-git-send-email-mkl-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
From: Marc Kleine-Budde <mkl-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
Date: Wed, 20 Oct 2010 12:02:26 +0200
> The function "mcp251x_error_skb" is used to generate error frames.
> They are identified by the "CAN_ERR_FLAG" in can_id. The function
> overwrites the can_id so that the frames show up as normal frames instead
> of error frames.
>
> This patch fixes the problem by or'ing the can_id instead of overwriting it.
>
> Signed-off-by: Marc Kleine-Budde <mkl-bIcnvbaLZ9MEGnE8C9+IrQ@public.gmane.org>
> Tested-by: Jargalan Nermunkh <jargalan.nermunkh-wZX4cNJlHJ2sVWG7oymsAA@public.gmane.org>
Applied.
^ permalink raw reply
* Re: [PATCH] ipv4: synchronize bind() with RTM_NEWADDR notifications
From: David Miller @ 2010-10-21 11:34 UTC (permalink / raw)
To: timo.teras; +Cc: eric.dumazet, netdev
In-Reply-To: <4CC02412.8050000@iki.fi>
From: Timo Teräs <timo.teras@iki.fi>
Date: Thu, 21 Oct 2010 14:29:22 +0300
> This is the third time asking, what would be a good way to fix the
> problem described in the original commit log?
I kept your report in my inbox backlog and intended to think about
it as time permitted.
As the merge window has just openned up, for me time will not be
"permitted" for some time.
^ permalink raw reply
* [PATCH] l2tp: small cleanup
From: Eric Dumazet @ 2010-10-21 11:36 UTC (permalink / raw)
To: David Miller; +Cc: netdev
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
net/l2tp/l2tp_ip.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c
index 226a0ae..1c770c0 100644
--- a/net/l2tp/l2tp_ip.c
+++ b/net/l2tp/l2tp_ip.c
@@ -65,9 +65,7 @@ static struct sock *__l2tp_ip_bind_lookup(struct net *net, __be32 laddr, int dif
continue;
if ((l2tp->conn_id == tunnel_id) &&
-#ifdef CONFIG_NET_NS
- (sk->sk_net == net) &&
-#endif
+ net_eq(sock_net(sk), net) &&
!(inet->inet_rcv_saddr && inet->inet_rcv_saddr != laddr) &&
!(sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif))
goto found;
^ permalink raw reply related
* Re: [PATCH] l2tp: small cleanup
From: David Miller @ 2010-10-21 11:39 UTC (permalink / raw)
To: eric.dumazet; +Cc: netdev
In-Reply-To: <1287660971.6871.97.camel@edumazet-laptop>
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Thu, 21 Oct 2010 13:36:11 +0200
> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Applied.
^ permalink raw reply
* Re: [RFC PATCH 5/9] ipvs network name space aware
From: Hans Schillstrom @ 2010-10-21 11:42 UTC (permalink / raw)
To: Simon Horman
Cc: lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org, ja@ssi.bg, wensong@linux-vs.org,
daniel.lezcano@free.fr
In-Reply-To: <20101021111644.GA25555@verge.net.au>
On Thursday 21 October 2010 13:16:47 Simon Horman wrote:
> On Fri, Oct 08, 2010 at 01:17:02PM +0200, Hans Schillstrom wrote:
> > This patch just contains ip_vs_ctl
> >
> > Signed-off-by:Hans Schillstrom <hans.schillstrom@ericsson.com>
> >
> > diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> > index ca8ec8c..7e99cbc 100644
> > --- a/net/netfilter/ipvs/ip_vs_ctl.c
> > +++ b/net/netfilter/ipvs/ip_vs_ctl.c
>
> [ snip ]
>
> > @@ -2680,10 +2664,15 @@ static int ip_vs_genl_dump_services(struct sk_buff *skb,
> > int idx = 0, i;
> > int start = cb->args[0];
> > struct ip_vs_service *svc;
> > -
> > + struct net *net = skb->sk->sk_net;
>
> skb->sk->sk_net needs CONFIG_NS_NET.
> Is your plan for IPVS to unconditionally depend on CONFIG_NS_NET?
No.
> It would be nice to avoid that, but I fear it will be too messy.
Crap, I missed that.
I think a couple of inlines in ip_vs.h can do the job like;
static inline struct net * ipvs_sknet(struct sock *sk)
{
#ifdef CONFIG_NS_NET
return sk->sk_net;
#else
return init_net;
#endif
}
static inline struct net * ipvs_devnet(struct skb *skb)
{
#ifdef CONFIG_NS_NET
return dev_net(skb->dev);
#else
return init_net;
#endif
}
and use it like this
struct net *net = ipvs_sknet(skb->sk);
> > + struct netns_ipvs *ipvs;
> > + if (!net)
> > + net = dev_net(dev_net(skb->dev););
net = ipvs_devnet(skb->dev);
> > + BUG_ON(!net);
> > + ipvs = net->ipvs;
> > mutex_lock(&__ip_vs_mutex);
> > for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
> > - list_for_each_entry(svc, &ip_vs_svc_table[i], s_list) {
> > + list_for_each_entry(svc, &ipvs->ctl_svc_table[i], s_list) {
> > if (++idx <= start)
> > continue;
> > if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
>
> [ snip ]
> --
--
Regards
Hans Schillstrom <hans.schillstrom@ericsson.com>
^ permalink raw reply
* Re: [PATCH v2 1/9] tproxy: split off ipv6 defragmentation to a separate module
From: KOVACS Krisztian @ 2010-10-21 11:43 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netdev, netfilter-devel, Balazs Scheidler, David Miller
In-Reply-To: <4CC02456.4050301@trash.net>
On Thu, 2010-10-21 at 13:30 +0200, Patrick McHardy wrote:
> > @@ -623,11 +625,19 @@ int nf_ct_frag6_init(void)
> > inet_frags_init_net(&nf_init_frags);
> > inet_frags_init(&nf_frags);
> >
> > + nf_ct_frag6_sysctl_header = register_sysctl_paths(nf_net_netfilter_sysctl_path,
> > + nf_ct_frag6_sysctl_table);
> > + if (!nf_ct_frag6_sysctl_header)
> > + return -ENOMEM;
>
>
> This needs to call inet_frags_fini() on errors since inet_frags_init()
> starts a timer to recalculate the secret.
That's a good catch, should be fixed in the patch below. Thanks Patrick!
commit 7e9c541b2d6129757a250b8be21b46d4f84d628d
Author: Balazs Scheidler <bazsi@balabit.hu>
Date: Tue Oct 19 01:16:21 2010 +0200
tproxy: split off ipv6 defragmentation to a separate module
Like with IPv4, TProxy needs IPv6 defragmentation but does not
require connection tracking. Since defragmentation was coupled
with conntrack, I split off the two, creating an nf_defrag_ipv6 module,
similar to the already existing nf_defrag_ipv4.
Signed-off-by: Balazs Scheidler <bazsi@balabit.hu>
Signed-off-by: KOVACS Krisztian <hidden@balabit.hu>
diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
new file mode 100644
index 0000000..94dd54d
--- /dev/null
+++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h
@@ -0,0 +1,6 @@
+#ifndef _NF_DEFRAG_IPV6_H
+#define _NF_DEFRAG_IPV6_H
+
+extern void nf_defrag_ipv6_enable(void);
+
+#endif /* _NF_DEFRAG_IPV6_H */
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index aafbba3..3f8e4a3 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -11,10 +11,11 @@ obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
obj-$(CONFIG_IP6_NF_SECURITY) += ip6table_security.o
# objects for l3 independent conntrack
-nf_conntrack_ipv6-objs := nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o nf_conntrack_reasm.o
+nf_conntrack_ipv6-objs := nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o
+nf_defrag_ipv6-objs := nf_defrag_ipv6_hooks.o nf_conntrack_reasm.o
# l3 independent conntrack
-obj-$(CONFIG_NF_CONNTRACK_IPV6) += nf_conntrack_ipv6.o
+obj-$(CONFIG_NF_CONNTRACK_IPV6) += nf_conntrack_ipv6.o nf_defrag_ipv6.o
# matches
obj-$(CONFIG_IP6_NF_MATCH_AH) += ip6t_ah.o
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index ff43461..c8af58b 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -16,7 +16,6 @@
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/icmp.h>
-#include <linux/sysctl.h>
#include <net/ipv6.h>
#include <net/inet_frag.h>
@@ -29,6 +28,7 @@
#include <net/netfilter/nf_conntrack_core.h>
#include <net/netfilter/nf_conntrack_zones.h>
#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
+#include <net/netfilter/ipv6/nf_defrag_ipv6.h>
#include <net/netfilter/nf_log.h>
static bool ipv6_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
@@ -189,53 +189,6 @@ out:
return nf_conntrack_confirm(skb);
}
-static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
- struct sk_buff *skb)
-{
- u16 zone = NF_CT_DEFAULT_ZONE;
-
- if (skb->nfct)
- zone = nf_ct_zone((struct nf_conn *)skb->nfct);
-
-#ifdef CONFIG_BRIDGE_NETFILTER
- if (skb->nf_bridge &&
- skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
- return IP6_DEFRAG_CONNTRACK_BRIDGE_IN + zone;
-#endif
- if (hooknum == NF_INET_PRE_ROUTING)
- return IP6_DEFRAG_CONNTRACK_IN + zone;
- else
- return IP6_DEFRAG_CONNTRACK_OUT + zone;
-
-}
-
-static unsigned int ipv6_defrag(unsigned int hooknum,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
- struct sk_buff *reasm;
-
- /* Previously seen (loopback)? */
- if (skb->nfct && !nf_ct_is_template((struct nf_conn *)skb->nfct))
- return NF_ACCEPT;
-
- reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(hooknum, skb));
- /* queued */
- if (reasm == NULL)
- return NF_STOLEN;
-
- /* error occured or not fragmented */
- if (reasm == skb)
- return NF_ACCEPT;
-
- nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in,
- (struct net_device *)out, okfn);
-
- return NF_STOLEN;
-}
-
static unsigned int __ipv6_conntrack_in(struct net *net,
unsigned int hooknum,
struct sk_buff *skb,
@@ -288,13 +241,6 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum,
static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {
{
- .hook = ipv6_defrag,
- .owner = THIS_MODULE,
- .pf = NFPROTO_IPV6,
- .hooknum = NF_INET_PRE_ROUTING,
- .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
- },
- {
.hook = ipv6_conntrack_in,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
@@ -309,13 +255,6 @@ static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {
.priority = NF_IP6_PRI_CONNTRACK,
},
{
- .hook = ipv6_defrag,
- .owner = THIS_MODULE,
- .pf = NFPROTO_IPV6,
- .hooknum = NF_INET_LOCAL_OUT,
- .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
- },
- {
.hook = ipv6_confirm,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
@@ -387,10 +326,6 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 __read_mostly = {
.nlattr_to_tuple = ipv6_nlattr_to_tuple,
.nla_policy = ipv6_nla_policy,
#endif
-#ifdef CONFIG_SYSCTL
- .ctl_table_path = nf_net_netfilter_sysctl_path,
- .ctl_table = nf_ct_ipv6_sysctl_table,
-#endif
.me = THIS_MODULE,
};
@@ -403,16 +338,12 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
int ret = 0;
need_conntrack();
+ nf_defrag_ipv6_enable();
- ret = nf_ct_frag6_init();
- if (ret < 0) {
- pr_err("nf_conntrack_ipv6: can't initialize frag6.\n");
- return ret;
- }
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_tcp6);
if (ret < 0) {
pr_err("nf_conntrack_ipv6: can't register tcp.\n");
- goto cleanup_frag6;
+ return ret;
}
ret = nf_conntrack_l4proto_register(&nf_conntrack_l4proto_udp6);
@@ -450,8 +381,6 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_udp6);
cleanup_tcp:
nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_tcp6);
- cleanup_frag6:
- nf_ct_frag6_cleanup();
return ret;
}
@@ -463,7 +392,6 @@ static void __exit nf_conntrack_l3proto_ipv6_fini(void)
nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_icmpv6);
nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_udp6);
nf_conntrack_l4proto_unregister(&nf_conntrack_l4proto_tcp6);
- nf_ct_frag6_cleanup();
}
module_init(nf_conntrack_l3proto_ipv6_init);
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 138a8b3..489d71b 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -73,7 +73,7 @@ static struct inet_frags nf_frags;
static struct netns_frags nf_init_frags;
#ifdef CONFIG_SYSCTL
-struct ctl_table nf_ct_ipv6_sysctl_table[] = {
+struct ctl_table nf_ct_frag6_sysctl_table[] = {
{
.procname = "nf_conntrack_frag6_timeout",
.data = &nf_init_frags.timeout,
@@ -97,6 +97,8 @@ struct ctl_table nf_ct_ipv6_sysctl_table[] = {
},
{ }
};
+
+static struct ctl_table_header *nf_ct_frag6_sysctl_header;
#endif
static unsigned int nf_hashfn(struct inet_frag_queue *q)
@@ -623,11 +625,21 @@ int nf_ct_frag6_init(void)
inet_frags_init_net(&nf_init_frags);
inet_frags_init(&nf_frags);
+ nf_ct_frag6_sysctl_header = register_sysctl_paths(nf_net_netfilter_sysctl_path,
+ nf_ct_frag6_sysctl_table);
+ if (!nf_ct_frag6_sysctl_header) {
+ inet_frags_fini(&nf_frags);
+ return -ENOMEM;
+ }
+
return 0;
}
void nf_ct_frag6_cleanup(void)
{
+ unregister_sysctl_table(nf_ct_frag6_sysctl_header);
+ nf_ct_frag6_sysctl_header = NULL;
+
inet_frags_fini(&nf_frags);
nf_init_frags.low_thresh = 0;
diff --git a/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
new file mode 100644
index 0000000..99abfb5
--- /dev/null
+++ b/net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
@@ -0,0 +1,131 @@
+/* (C) 1999-2001 Paul `Rusty' Russell
+ * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#include <linux/types.h>
+#include <linux/ipv6.h>
+#include <linux/in6.h>
+#include <linux/netfilter.h>
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/icmp.h>
+#include <linux/sysctl.h>
+#include <net/ipv6.h>
+#include <net/inet_frag.h>
+
+#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_bridge.h>
+#include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_helper.h>
+#include <net/netfilter/nf_conntrack_l4proto.h>
+#include <net/netfilter/nf_conntrack_l3proto.h>
+#include <net/netfilter/nf_conntrack_core.h>
+#include <net/netfilter/nf_conntrack_zones.h>
+#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
+#include <net/netfilter/ipv6/nf_defrag_ipv6.h>
+
+static enum ip6_defrag_users nf_ct6_defrag_user(unsigned int hooknum,
+ struct sk_buff *skb)
+{
+ u16 zone = NF_CT_DEFAULT_ZONE;
+
+ if (skb->nfct)
+ zone = nf_ct_zone((struct nf_conn *)skb->nfct);
+
+#ifdef CONFIG_BRIDGE_NETFILTER
+ if (skb->nf_bridge &&
+ skb->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)
+ return IP6_DEFRAG_CONNTRACK_BRIDGE_IN + zone;
+#endif
+ if (hooknum == NF_INET_PRE_ROUTING)
+ return IP6_DEFRAG_CONNTRACK_IN + zone;
+ else
+ return IP6_DEFRAG_CONNTRACK_OUT + zone;
+
+}
+
+static unsigned int ipv6_defrag(unsigned int hooknum,
+ struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ struct sk_buff *reasm;
+
+ /* Previously seen (loopback)? */
+ if (skb->nfct && !nf_ct_is_template((struct nf_conn *)skb->nfct))
+ return NF_ACCEPT;
+
+ reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(hooknum, skb));
+ /* queued */
+ if (reasm == NULL)
+ return NF_STOLEN;
+
+ /* error occured or not fragmented */
+ if (reasm == skb)
+ return NF_ACCEPT;
+
+ nf_ct_frag6_output(hooknum, reasm, (struct net_device *)in,
+ (struct net_device *)out, okfn);
+
+ return NF_STOLEN;
+}
+
+static struct nf_hook_ops ipv6_defrag_ops[] = {
+ {
+ .hook = ipv6_defrag,
+ .owner = THIS_MODULE,
+ .pf = NFPROTO_IPV6,
+ .hooknum = NF_INET_PRE_ROUTING,
+ .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
+ },
+ {
+ .hook = ipv6_defrag,
+ .owner = THIS_MODULE,
+ .pf = NFPROTO_IPV6,
+ .hooknum = NF_INET_LOCAL_OUT,
+ .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
+ },
+};
+
+static int __init nf_defrag_init(void)
+{
+ int ret = 0;
+
+ ret = nf_ct_frag6_init();
+ if (ret < 0) {
+ pr_err("nf_defrag_ipv6: can't initialize frag6.\n");
+ return ret;
+ }
+ ret = nf_register_hooks(ipv6_defrag_ops, ARRAY_SIZE(ipv6_defrag_ops));
+ if (ret < 0) {
+ pr_err("nf_defrag_ipv6: can't register hooks\n");
+ goto cleanup_frag6;
+ }
+ return ret;
+
+cleanup_frag6:
+ nf_ct_frag6_cleanup();
+ return ret;
+
+}
+
+static void __exit nf_defrag_fini(void)
+{
+ nf_unregister_hooks(ipv6_defrag_ops, ARRAY_SIZE(ipv6_defrag_ops));
+ nf_ct_frag6_cleanup();
+}
+
+void nf_defrag_ipv6_enable(void)
+{
+}
+EXPORT_SYMBOL_GPL(nf_defrag_ipv6_enable);
+
+module_init(nf_defrag_init);
+module_exit(nf_defrag_fini);
+
+MODULE_LICENSE("GPL");
^ permalink raw reply related
* Re: [RFC PATCH 5/9] ipvs network name space aware
From: Hans Schillstrom @ 2010-10-21 11:49 UTC (permalink / raw)
To: Eric Dumazet
Cc: Simon Horman, lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org, ja@ssi.bg, wensong@linux-vs.org,
daniel.lezcano@free.fr
In-Reply-To: <1287660414.6871.85.camel@edumazet-laptop>
On Thursday 21 October 2010 13:26:54 Eric Dumazet wrote:
> Le jeudi 21 octobre 2010 à 13:16 +0200, Simon Horman a écrit :
>
> > > @@ -2680,10 +2664,15 @@ static int ip_vs_genl_dump_services(struct sk_buff *skb,
> > > int idx = 0, i;
> > > int start = cb->args[0];
> > > struct ip_vs_service *svc;
> > > -
> > > + struct net *net = skb->sk->sk_net;
> >
> > skb->sk->sk_net needs CONFIG_NS_NET.
> > Is your plan for IPVS to unconditionally depend on CONFIG_NS_NET?
> > It would be nice to avoid that, but I fear it will be too messy.
> >
>
>
> struct net *net = sock_net(skb->sk);
>
> is your friend ;)
>
>
Tanks Eric,
Simon,
do forget about my last mail....
>
--
Regards
Hans Schillstrom <hans.schillstrom@ericsson.com>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox