* [question] ipt_CLUSTERIP and address length
@ 2010-02-25 10:12 Jiri Pirko
2010-02-25 10:23 ` Patrick McHardy
0 siblings, 1 reply; 13+ messages in thread
From: Jiri Pirko @ 2010-02-25 10:12 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber, coreteam, netfilter
Hi all.
I want to ask if there is any particular reason for ipt_CLUSTERIP to support
only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
even with another types of network hw with different addr_len.
Thanks.
Jirka
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 10:12 [question] ipt_CLUSTERIP and address length Jiri Pirko
@ 2010-02-25 10:23 ` Patrick McHardy
2010-02-25 11:04 ` Jan Engelhardt
2010-02-25 12:18 ` Pablo Neira Ayuso
0 siblings, 2 replies; 13+ messages in thread
From: Patrick McHardy @ 2010-02-25 10:23 UTC (permalink / raw)
To: Jiri Pirko; +Cc: netfilter-devel, coreteam, netfilter
Jiri Pirko wrote:
> Hi all.
>
> I want to ask if there is any particular reason for ipt_CLUSTERIP to support
> only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
> even with another types of network hw with different addr_len.
None that I'm aware of, but the length is also used in the ABI,
so you presently can't supply larger addresses.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 10:23 ` Patrick McHardy
@ 2010-02-25 11:04 ` Jan Engelhardt
2010-02-25 11:37 ` Jiri Pirko
2010-02-25 12:18 ` Pablo Neira Ayuso
1 sibling, 1 reply; 13+ messages in thread
From: Jan Engelhardt @ 2010-02-25 11:04 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Jiri Pirko, netfilter-devel, coreteam, netfilter
On Thursday 2010-02-25 11:23, Patrick McHardy wrote:
>Jiri Pirko wrote:
>> Hi all.
>>
>> I want to ask if there is any particular reason for ipt_CLUSTERIP
>> to support only address length of 6 (ETH_ALEN)? It seems to me
>> reasonable for this to work even with another types of network hw
>> with different addr_len.
>
>None that I'm aware of, but the length is also used in the ABI,
>so you presently can't supply larger addresses.
The larger picture is that there seems to be quite a bit of ABI
even outside of the kernel that uses ETH_ALEN and/or ETH_HLEN
in many places; for example, the tcpdump cooked interface IIRC.
Is there an _actual_ use case however? Is it suddenly possible
to use EUI-64s? Or a run on IPX? :-)
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 11:04 ` Jan Engelhardt
@ 2010-02-25 11:37 ` Jiri Pirko
2010-02-25 12:05 ` Jan Engelhardt
0 siblings, 1 reply; 13+ messages in thread
From: Jiri Pirko @ 2010-02-25 11:37 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Patrick McHardy, netfilter-devel, coreteam, netfilter
Thu, Feb 25, 2010 at 12:04:23PM CET, jengelh@medozas.de wrote:
>
>On Thursday 2010-02-25 11:23, Patrick McHardy wrote:
>>Jiri Pirko wrote:
>>> Hi all.
>>>
>>> I want to ask if there is any particular reason for ipt_CLUSTERIP
>>> to support only address length of 6 (ETH_ALEN)? It seems to me
>>> reasonable for this to work even with another types of network hw
>>> with different addr_len.
>>
>>None that I'm aware of, but the length is also used in the ABI,
>>so you presently can't supply larger addresses.
>
>The larger picture is that there seems to be quite a bit of ABI
>even outside of the kernel that uses ETH_ALEN and/or ETH_HLEN
>in many places; for example, the tcpdump cooked interface IIRC.
Hmm, thats sad :( IMHO this should be ETH independent...
>
>Is there an _actual_ use case however? Is it suddenly possible
>to use EUI-64s? Or a run on IPX? :-)
Well for example Infiniband has 20-bytes address. But I do not know much about
this kinds of hw & iptables use. I'm just looking at code and wondering :)
Jirka
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 11:37 ` Jiri Pirko
@ 2010-02-25 12:05 ` Jan Engelhardt
2010-02-25 12:13 ` Jiri Pirko
0 siblings, 1 reply; 13+ messages in thread
From: Jan Engelhardt @ 2010-02-25 12:05 UTC (permalink / raw)
To: Jiri Pirko; +Cc: Patrick McHardy, netfilter-devel, coreteam, netfilter
On Thursday 2010-02-25 12:37, Jiri Pirko wrote:
>>
>>Is there an _actual_ use case however? Is it suddenly possible
>>to use EUI-64s? Or a run on IPX? :-)
>
>Well for example Infiniband has 20-bytes address. But I do not know much about
>this kinds of hw & iptables use. I'm just looking at code and wondering :)
First have IPv4/v6 running over InfiniBand, then we can talk ;-)
I did something like that once, but what it came down to was that
an Ethernet layer was inserted between Myrinet and IPv4.
(`ip link` will show.)
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 12:05 ` Jan Engelhardt
@ 2010-02-25 12:13 ` Jiri Pirko
0 siblings, 0 replies; 13+ messages in thread
From: Jiri Pirko @ 2010-02-25 12:13 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Patrick McHardy, netfilter-devel, coreteam, netfilter
Thu, Feb 25, 2010 at 01:05:06PM CET, jengelh@medozas.de wrote:
>
>On Thursday 2010-02-25 12:37, Jiri Pirko wrote:
>>>
>>>Is there an _actual_ use case however? Is it suddenly possible
>>>to use EUI-64s? Or a run on IPX? :-)
>>
>>Well for example Infiniband has 20-bytes address. But I do not know much about
>>this kinds of hw & iptables use. I'm just looking at code and wondering :)
>
>First have IPv4/v6 running over InfiniBand, then we can talk ;-)
>
>I did something like that once, but what it came down to was that
>an Ethernet layer was inserted between Myrinet and IPv4.
>(`ip link` will show.)
Ok, fair enough :)
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 10:23 ` Patrick McHardy
2010-02-25 11:04 ` Jan Engelhardt
@ 2010-02-25 12:18 ` Pablo Neira Ayuso
2010-02-25 12:23 ` Patrick McHardy
2010-02-25 12:54 ` Jan Engelhardt
1 sibling, 2 replies; 13+ messages in thread
From: Pablo Neira Ayuso @ 2010-02-25 12:18 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Jiri Pirko, netfilter-devel, coreteam, netfilter
Patrick McHardy wrote:
> Jiri Pirko wrote:
>> Hi all.
>>
>> I want to ask if there is any particular reason for ipt_CLUSTERIP to support
>> only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
>> even with another types of network hw with different addr_len.
>
> None that I'm aware of, but the length is also used in the ABI,
> so you presently can't supply larger addresses.
Not directly related to this but I wanted to discuss this time ago. Now
that we have xt_CLUSTER I think that we can deprecate ipt_CLUSTERIP.
With regards to this issue, it seems arptables only support EUI-48 (6
bytes) for ethernet addresses, so xt_CLUSTER would inherit the same
problem but the point would be to fix arptables (not sure if possible
now without breaking ABI or adding some versioning like iptables).
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 12:18 ` Pablo Neira Ayuso
@ 2010-02-25 12:23 ` Patrick McHardy
2010-02-25 12:38 ` Pablo Neira Ayuso
2010-02-25 12:54 ` Jan Engelhardt
1 sibling, 1 reply; 13+ messages in thread
From: Patrick McHardy @ 2010-02-25 12:23 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: Jiri Pirko, netfilter-devel, coreteam, netfilter
Pablo Neira Ayuso wrote:
> Patrick McHardy wrote:
>> Jiri Pirko wrote:
>>> Hi all.
>>>
>>> I want to ask if there is any particular reason for ipt_CLUSTERIP to support
>>> only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
>>> even with another types of network hw with different addr_len.
>> None that I'm aware of, but the length is also used in the ABI,
>> so you presently can't supply larger addresses.
>
> Not directly related to this but I wanted to discuss this time ago. Now
> that we have xt_CLUSTER I think that we can deprecate ipt_CLUSTERIP.
If xt_cluster supports everything ipt_CLUSTERIP does, thats fine
with me.
> With regards to this issue, it seems arptables only support EUI-48 (6
> bytes) for ethernet addresses, so xt_CLUSTER would inherit the same
> problem but the point would be to fix arptables (not sure if possible
> now without breaking ABI or adding some versioning like iptables).
arptables currently supports up to 16 byte long addresses. Increasing
this is difficult since the addresses are embedded in struct arpt_arp.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 12:23 ` Patrick McHardy
@ 2010-02-25 12:38 ` Pablo Neira Ayuso
0 siblings, 0 replies; 13+ messages in thread
From: Pablo Neira Ayuso @ 2010-02-25 12:38 UTC (permalink / raw)
To: Patrick McHardy; +Cc: Jiri Pirko, netfilter-devel, coreteam, netfilter
Patrick McHardy wrote:
> Pablo Neira Ayuso wrote:
>> Patrick McHardy wrote:
>>> Jiri Pirko wrote:
>>>> Hi all.
>>>>
>>>> I want to ask if there is any particular reason for ipt_CLUSTERIP to support
>>>> only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
>>>> even with another types of network hw with different addr_len.
>>> None that I'm aware of, but the length is also used in the ABI,
>>> so you presently can't supply larger addresses.
>> Not directly related to this but I wanted to discuss this time ago. Now
>> that we have xt_CLUSTER I think that we can deprecate ipt_CLUSTERIP.
>
> If xt_cluster supports everything ipt_CLUSTERIP does, thats fine
> with me.
Yes, xt_cluster supports gateway and back-end clustering while
ipt_CLUSTERIP only works for back-end setup.
I wanted to have some time to document xt_cluster, I have some scripts
lying here and some unfinished documents. I think that we can deprecated
as soon as I have that doc ready.
>> With regards to this issue, it seems arptables only support EUI-48 (6
>> bytes) for ethernet addresses, so xt_CLUSTER would inherit the same
>> problem but the point would be to fix arptables (not sure if possible
>> now without breaking ABI or adding some versioning like iptables).
>
> arptables currently supports up to 16 byte long addresses. Increasing
> this is difficult since the addresses are embedded in struct arpt_arp.
Hm, so the problem seems to be user-space then:
# arptables -I OUTPUT -o eth1 --h-length 8 \
> -j mangle --mangle-mac-s 01:00:5e:00:01:01:00:00
arptables v0.0.3.3: only --h-length 6 supported
Try `arptables -h' or 'arptables --help' for more information.
As soon as this is fixed. Are 16 bytes long addresses long enough by now?
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 12:18 ` Pablo Neira Ayuso
2010-02-25 12:23 ` Patrick McHardy
@ 2010-02-25 12:54 ` Jan Engelhardt
2010-02-25 12:56 ` Jiri Pirko
2010-02-25 12:57 ` Jan Engelhardt
1 sibling, 2 replies; 13+ messages in thread
From: Jan Engelhardt @ 2010-02-25 12:54 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: Patrick McHardy, Jiri Pirko, netfilter-devel, coreteam, netfilter
On Thursday 2010-02-25 13:18, Pablo Neira Ayuso wrote:
>>>
>>> I want to ask if there is any particular reason for ipt_CLUSTERIP to support
>>> only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
>>> even with another types of network hw with different addr_len.
>>
>> None that I'm aware of, but the length is also used in the ABI,
>> so you presently can't supply larger addresses.
>
>Not directly related to this but I wanted to discuss this time ago. Now
>that we have xt_CLUSTER I think that we can deprecate ipt_CLUSTERIP.
xt_CLUSTER - where in the tree would that be?
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 12:54 ` Jan Engelhardt
@ 2010-02-25 12:56 ` Jiri Pirko
2010-02-25 13:03 ` Pablo Neira Ayuso
2010-02-25 12:57 ` Jan Engelhardt
1 sibling, 1 reply; 13+ messages in thread
From: Jiri Pirko @ 2010-02-25 12:56 UTC (permalink / raw)
To: Jan Engelhardt
Cc: Pablo Neira Ayuso, Patrick McHardy, netfilter-devel, netfilter
Thu, Feb 25, 2010 at 01:54:50PM CET, jengelh@medozas.de wrote:
>On Thursday 2010-02-25 13:18, Pablo Neira Ayuso wrote:
>>>>
>>>> I want to ask if there is any particular reason for ipt_CLUSTERIP to support
>>>> only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
>>>> even with another types of network hw with different addr_len.
>>>
>>> None that I'm aware of, but the length is also used in the ABI,
>>> so you presently can't supply larger addresses.
>>
>>Not directly related to this but I wanted to discuss this time ago. Now
>>that we have xt_CLUSTER I think that we can deprecate ipt_CLUSTERIP.
>
>xt_CLUSTER - where in the tree would that be?
I was trying to find it too. I guess it stands out of it (at least net-next).
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 12:56 ` Jiri Pirko
@ 2010-02-25 13:03 ` Pablo Neira Ayuso
0 siblings, 0 replies; 13+ messages in thread
From: Pablo Neira Ayuso @ 2010-02-25 13:03 UTC (permalink / raw)
To: Jiri Pirko; +Cc: Jan Engelhardt, Patrick McHardy, netfilter-devel, netfilter
Jiri Pirko wrote:
> Thu, Feb 25, 2010 at 01:54:50PM CET, jengelh@medozas.de wrote:
>> On Thursday 2010-02-25 13:18, Pablo Neira Ayuso wrote:
>>>>> I want to ask if there is any particular reason for ipt_CLUSTERIP to support
>>>>> only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
>>>>> even with another types of network hw with different addr_len.
>>>> None that I'm aware of, but the length is also used in the ABI,
>>>> so you presently can't supply larger addresses.
>>> Not directly related to this but I wanted to discuss this time ago. Now
>>> that we have xt_CLUSTER I think that we can deprecate ipt_CLUSTERIP.
>> xt_CLUSTER - where in the tree would that be?
>
> I was trying to find it too. I guess it stands out of it (at least net-next).
sorry, it's xt_cluster, no capitalization.
pablo@decadence:~/devel/scm/git/nf-2.6$ ls net/netfilter/xt_cluster.c
It's there since quite some time.
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [question] ipt_CLUSTERIP and address length
2010-02-25 12:54 ` Jan Engelhardt
2010-02-25 12:56 ` Jiri Pirko
@ 2010-02-25 12:57 ` Jan Engelhardt
1 sibling, 0 replies; 13+ messages in thread
From: Jan Engelhardt @ 2010-02-25 12:57 UTC (permalink / raw)
To: Pablo Neira Ayuso
Cc: Patrick McHardy, Jiri Pirko, netfilter-devel, coreteam, netfilter
On Thursday 2010-02-25 13:54, Jan Engelhardt wrote:
>On Thursday 2010-02-25 13:18, Pablo Neira Ayuso wrote:
>>>>
>>>> I want to ask if there is any particular reason for ipt_CLUSTERIP to support
>>>> only address length of 6 (ETH_ALEN)? It seems to me reasonable for this to work
>>>> even with another types of network hw with different addr_len.
>>>
>>> None that I'm aware of, but the length is also used in the ABI,
>>> so you presently can't supply larger addresses.
>>
>>Not directly related to this but I wanted to discuss this time ago. Now
>>that we have xt_CLUSTER I think that we can deprecate ipt_CLUSTERIP.
>
>xt_CLUSTER - where in the tree would that be?
Oh nevermind, it's xt_cluster actually.
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2010-02-25 13:03 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-25 10:12 [question] ipt_CLUSTERIP and address length Jiri Pirko
2010-02-25 10:23 ` Patrick McHardy
2010-02-25 11:04 ` Jan Engelhardt
2010-02-25 11:37 ` Jiri Pirko
2010-02-25 12:05 ` Jan Engelhardt
2010-02-25 12:13 ` Jiri Pirko
2010-02-25 12:18 ` Pablo Neira Ayuso
2010-02-25 12:23 ` Patrick McHardy
2010-02-25 12:38 ` Pablo Neira Ayuso
2010-02-25 12:54 ` Jan Engelhardt
2010-02-25 12:56 ` Jiri Pirko
2010-02-25 13:03 ` Pablo Neira Ayuso
2010-02-25 12:57 ` Jan Engelhardt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).