From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 18/34] ipvs: prevent mixing heterogeneous pools and synchronization
Date: Mon, 29 Sep 2014 14:39:07 +0200 [thread overview]
Message-ID: <1411994363-8451-19-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1411994363-8451-1-git-send-email-pablo@netfilter.org>
From: Alex Gartrell <agartrell@fb.com>
The synchronization protocol is not compatible with heterogeneous pools, so
we need to verify that we're not turning both on at the same time.
Signed-off-by: Alex Gartrell <agartrell@fb.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
include/net/ip_vs.h | 4 ++++
net/netfilter/ipvs/ip_vs_ctl.c | 15 +++++++++++++++
2 files changed, 19 insertions(+)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 7600dbe..576d7f0 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -990,6 +990,10 @@ struct netns_ipvs {
char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
/* net name space ptr */
struct net *net; /* Needed by timer routines */
+ /* Number of heterogeneous destinations, needed because
+ * heterogeneous are not supported when synchronization is
+ * enabled */
+ unsigned int mixed_address_family_dests;
};
#define DEFAULT_SYNC_THRESHOLD 3
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 6bd2cc6..462760e 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -779,6 +779,12 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
struct ip_vs_scheduler *sched;
int conn_flags;
+ /* We cannot modify an address and change the address family */
+ BUG_ON(!add && udest->af != dest->af);
+
+ if (add && udest->af != svc->af)
+ ipvs->mixed_address_family_dests++;
+
/* set the weight and the flags */
atomic_set(&dest->weight, udest->weight);
conn_flags = udest->conn_flags & IP_VS_CONN_F_DEST_MASK;
@@ -1061,6 +1067,9 @@ static void __ip_vs_unlink_dest(struct ip_vs_service *svc,
list_del_rcu(&dest->n_list);
svc->num_dests--;
+ if (dest->af != svc->af)
+ net_ipvs(svc->net)->mixed_address_family_dests--;
+
if (svcupd) {
struct ip_vs_scheduler *sched;
@@ -3256,6 +3265,12 @@ static int ip_vs_genl_new_daemon(struct net *net, struct nlattr **attrs)
attrs[IPVS_DAEMON_ATTR_SYNC_ID]))
return -EINVAL;
+ /* The synchronization protocol is incompatible with mixed family
+ * services
+ */
+ if (net_ipvs(net)->mixed_address_family_dests > 0)
+ return -EINVAL;
+
return start_sync_thread(net,
nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]),
nla_data(attrs[IPVS_DAEMON_ATTR_MCAST_IFN]),
--
1.7.10.4
next prev parent reply other threads:[~2014-09-29 12:39 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-29 12:38 [PATCH 00/34] pull request: netfilter/ipvs updates for net-next Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 01/34] netfilter: fix compilation of masquerading without IP_NF_TARGET_MASQUERADE Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 02/34] netfilter: nf_tables: add NFTA_MASQ_UNSPEC to nft_masq_attributes Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 03/34] netfilter: NFT_CHAIN_NAT_IPV* is independent of NFT_NAT Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 04/34] netfilter: masquerading needs to be independent of x_tables in Kconfig Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 05/34] netfilter: ipset: Fix static checker warning in ip_set_core.c Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 06/34] netfilter: ipset: Add skbinfo extension kernel support in the ipset core Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 07/34] netfilter: ipset: Add skbinfo extension kernel support for the bitmap set types Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 08/34] netfilter: ipset: Add skbinfo extension kernel support for the hash " Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 09/34] netfilter: ipset: Add skbinfo extension kernel support for the list set type Pablo Neira Ayuso
2014-09-29 12:38 ` [PATCH 10/34] netfilter: ipset: Add skbinfo extension support to SET target Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 11/34] netfilter: ipset: send nonzero skbinfo extensions only Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 12/34] netfilter: ipset: hash:mac type added to ipset Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 13/34] ipvs: Add simple weighted failover scheduler Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 14/34] ipvs: Add destination address family to netlink interface Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 15/34] ipvs: Supply destination addr family to ip_vs_{lookup_dest,find_dest} Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 16/34] ipvs: Pass destination address family to ip_vs_trash_get_dest Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 17/34] ipvs: Supply destination address family to ip_vs_conn_new Pablo Neira Ayuso
2014-09-29 12:39 ` Pablo Neira Ayuso [this message]
2014-09-29 16:17 ` [PATCH 18/34] ipvs: prevent mixing heterogeneous pools and synchronization Sergei Shtylyov
2014-09-30 2:21 ` Simon Horman
2014-09-29 12:39 ` [PATCH 19/34] ipvs: Pull out crosses_local_route_boundary logic Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 20/34] ipvs: Pull out update_pmtu code Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 21/34] ipvs: Add generic ensure_mtu_is_adequate to handle mixed pools Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 22/34] ipvs: support ipv4 in ipv6 and ipv6 in ipv4 tunnel forwarding Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 23/34] ipvs: address family of LBLC entry depends on svc family Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 24/34] ipvs: address family of LBLCR " Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 25/34] ipvs: use correct address family in scheduler logs Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 26/34] ipvs: use the new dest addr family field Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 27/34] ipvs: Allow heterogeneous pools now that we support them Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 28/34] netfilter: nfnetlink: use original skbuff when committing/aborting Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 29/34] netfilter: nf_tables: export rule-set generation ID Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 30/34] net/netfilter/x_tables.c: use __seq_open_private() Pablo Neira Ayuso
2014-09-29 16:07 ` Sergei Shtylyov
2014-09-29 12:39 ` [PATCH 31/34] netfilter: bridge: nf_bridge_copy_header as static inline in header Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 32/34] netfilter: bridge: move br_netfilter out of the core Pablo Neira Ayuso
2014-09-29 22:04 ` Eric Dumazet
2014-09-29 23:17 ` Florian Westphal
2014-09-30 8:56 ` Pablo Neira Ayuso
2014-09-30 15:58 ` Stephen Hemminger
2014-10-01 10:33 ` Pablo Neira Ayuso
2014-09-29 12:39 ` [PATCH 33/34] netfilter: nf_tables: store and dump set policy Pablo Neira Ayuso
2014-09-29 16:14 ` Sergei Shtylyov
2014-10-01 13:47 ` Arturo Borrero Gonzalez
2014-09-29 12:39 ` [PATCH 34/34] netfilter: conntrack: disable generic tracking for known protocols Pablo Neira Ayuso
2014-09-29 18:54 ` [PATCH 00/34] pull request: netfilter/ipvs updates for net-next David Miller
2014-09-30 0:22 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1411994363-8451-19-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).