Hi, Linux 2.6.28 is likely nearing release so with a bit of prodding from Joseph Mack I thought this would be a good time to let everyone know about a few significant changes to LVS (aka IPVS) that will be included in 2.6.28.
LVS IPV6 -------- >From 2.6.28 LVS will support IPv6 thanks to work by Julis Volz and Vince Busam. In order to use the IPV6 functionality, a new version of ipvsadm is needed. It is based on the new netlink API for LVS kernel - user-space communication. This version of ipvsam is a fork of the main ipvsadm code and was written by Vince Busam and can be found at. http://sixpak.org/vince/google/ipvsadm/ There are loose plans to merge this code into the main ipvsadm relese, but there has been little activity on this of late. Wensong gave Vince, Julius and myself write access to the ipvsadm svn repository, but I don't believe that anyone has merged the code. Vince's version of ipvsadm can also configure IPV4. And the 2.6.28 kernel can work work old versions of ipvsadm - its just that user's won't be able to configure IPV6 LVS with the older tool. IPVS under Netfilter -------------------- A related change, of note is that ipvs has moved from net/ipv4/ipvs to net/netfilter/ipvs. This means that when you are using make menuconfig (or similar) the configuration for IPVS has moved and is now under the Netfilter menu. This does not effect using IPVS, just configuring the kernel configuration. This has not resulted in any restructuring of the code, the code has just been moved as now that it supports IPV6 it seemed a little odd for it to live under net/ipv4/. Local Connections ----------------- The change by Malcolm Turnbull and Siim Põder added support to allow connections from a local process to be load balanced. ChangeLog --------- For the record, here is a list of changes (matching IPVS) since 2.6.27. I don't anticipate anything more going into 2.6.28 unless a bug shows up. # git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6 # cd linux-2.6 # git log --grep=IPVS v2.6.27..HEAD commit 071d7ab6649eb34a873a53e71635186e9117101d Author: Sven Wegener <[email protected]> Date: Wed Oct 8 14:41:35 2008 -0700 ipvs: Remove stray file left over from ipvs move Commit cb7f6a7b716e801097b564dec3ccb58d330aef56 ("IPVS: Move IPVS to net/netfilter/ipvs") has left a stray file in the old location of ipvs. Signed-off-by: Sven Wegener <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 4de6f16b9ec2422fa7ef9c22f7b1c8d5a55499b4 Author: Alexey Dobriyan <[email protected]> Date: Wed Oct 8 11:35:11 2008 +0200 netfilter: enable netfilter in netns From kernel perspective, allow entrance in nf_hook_slow(). Stuff which uses nf_register_hook/nf_register_hooks, but otherwise not netns-ready: DECnet netfilter ipt_CLUSTERIP nf_nat_standalone.c together with XFRM (?) IPVS several individual match modules (like hashlimit) ctnetlink NOTRACK all sorts of queueing and reporting to userspace L3 and L4 protocol sysctls, bridge sysctls probably something else Anyway critical mass has been achieved, there is no reason to hide netfilter any longer. From userspace perspective, allow to manipulate all sorts of iptables/ip6tables/arptables rules. Signed-off-by: Alexey Dobriyan <[email protected]> Signed-off-by: Patrick McHardy <[email protected]> commit b21f89019399ff75d9c239010e38b840eb6e01e7 Author: Alexey Dobriyan <[email protected]> Date: Wed Oct 8 11:35:03 2008 +0200 netfilter: netns: fix {ip,6}_route_me_harder() in netns Take netns from skb->dst->dev. It should be safe because, they are called from LOCAL_OUT hook where dst is valid (though, I'm not exactly sure about IPVS and queueing packets to userspace). [Patrick: its safe everywhere since they already expect skb->dst to be set] Signed-off-by: Alexey Dobriyan <[email protected]> Signed-off-by: Patrick McHardy <[email protected]> commit cb7f6a7b716e801097b564dec3ccb58d330aef56 Author: Julius Volz <[email protected]> Date: Fri Sep 19 12:32:57 2008 +0200 IPVS: Move IPVS to net/netfilter/ipvs Since IPVS now has partial IPv6 support, this patch moves IPVS from net/ipv4/ipvs to net/netfilter/ipvs. It's a result of: $ git mv net/ipv4/ipvs net/netfilter and adapting the relevant Kconfigs/Makefiles to the new path. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit d286600e199aa2f1058a1f883d234e73626304d2 Author: Brian Haley <[email protected]> Date: Tue Sep 16 11:11:11 2008 -0400 ipvs: change some __constant_htons() to htons() Change __contant_htons() to htons() in the IPVS code when not in an initializer. -Brian Signed-off-by: Brian Haley <[email protected]> Acked-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 9d7f2a2b1aa9e55537a053c68bdbd119fc479dd3 Author: Julius Volz <[email protected]> Date: Mon Sep 8 14:55:42 2008 +0200 IPVS: Remove incorrect ip_route_me_harder(), fix IPv6 Remove an incorrect ip_route_me_harder() that was probably a result of merging my IPv6 patches with the local client patches. With this, IPv6+NAT are working again. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 178f5e494e3c0252d06a9b1473016addff71e01e Author: Simon Horman <[email protected]> Date: Mon Sep 8 09:34:46 2008 +1000 IPVS: use ipv6_addr_copy() It is standard to use ipv6_addr_copy() to fill in the in6 element of a union nf_inet_addr snet. Thanks to Julius Volz for pointing this out. Cc: Brian Haley <[email protected]> Signed-off-by: Simon Horman <[email protected]> Acked-by: Julius Volz <[email protected]> commit 5af149cc34143c4e24abcc6355b29b3161eff3b8 Author: Simon Horman <[email protected]> Date: Mon Sep 8 09:34:45 2008 +1000 IPVS: fix bogus indentation Sorry, this was my error. Thanks to Julius Volz for pointing it out. Signed-off-by: Simon Horman <[email protected]> Acked-by: Julius Volz <[email protected]> commit f2428ed5e7bc89c7716ead22748cb5d076e204f0 Author: Simon Horman <[email protected]> Date: Fri Sep 5 11:17:14 2008 +1000 ipvs: load balance ipv6 connections from a local process This allows IPVS to load balance IPv6 connections made by a local process. For example a proxy server running locally. External client --> pound:443 -> Local:443 --> IPVS:80 --> RealServer This is an extenstion to the IPv4 work done in this area by Siim Põder and Malcolm Turnbull. Cc: Siim Põder <[email protected]> Cc: Malcolm Turnbull <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 4856c84c1358b79852743ac64e50c1e9d5118f05 Author: Malcolm Turnbull <[email protected]> Date: Fri Sep 5 11:17:13 2008 +1000 ipvs: load balance IPv4 connections from a local process This allows IPVS to load balance connections made by a local process. For example a proxy server running locally. External client --> pound:443 -> Local:443 --> IPVS:80 --> RealServer Signed-off-by: Siim Põder <[email protected]> Signed-off-by: Malcolm Turnbull <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit f94fd041402e4e70d2b4ed00008b9bb857e6ae87 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:55 2008 +0200 IPVS: Allow adding IPv6 services from userspace Allow adding IPv6 services through the genetlink interface and add checks to see if the chosen scheduler is supported with IPv6 and whether the supplied prefix length is sane. Make sure the service count exported via the sockopt interface only counts IPv4 services. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 473b23d37b697c66ac0bfcfdcc9badf718e25d2a Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:54 2008 +0200 IPVS: Activate IPv6 Netfilter hooks Register the previously defined or adapted netfilter hook functions for IPv6 as PF_INET6 hooks. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit cfc78c5a09241a3a9561466834996a7fb90c4228 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:53 2008 +0200 IPVS: Adjust various debug outputs to use new macros Adjust various debug outputs to use the new *_BUF macro variants for correct output of v4/v6 addresses. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 09571c7ae30865adfa79dccd12a822a65d2c4b5a Author: Vince Busam <[email protected]> Date: Tue Sep 2 15:55:52 2008 +0200 IPVS: Add function to determine if IPv6 address is local Add __ip_vs_addr_is_local_v6() to find out if an IPv6 address belongs to a local interface. Use this function to decide whether to set the IP_VS_CONN_F_LOCALNODE flag for IPv6 destinations. Signed-off-by: Vince Busam <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit a0eb662f9ec8962928d937a185ad128db12c4637 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:51 2008 +0200 IPVS: Turn off FTP application helper for IPv6 Immediately return from FTP application helper and do nothing when dealing with IPv6 packets. IPv6 is not supported by this helper yet. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 667a5f18162e803e30722af46ade1737e3b93198 Author: Vince Busam <[email protected]> Date: Tue Sep 2 15:55:49 2008 +0200 IPVS: Convert procfs files for IPv6 entry output Correctly output IPv6 connection/service/dest entries in procfs files. Signed-off-by: Vince Busam <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 7937df1564783806c285d34a1c6fd63d8da29d7a Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:48 2008 +0200 IPVS: Convert real server lookup functions Convert functions for looking up destinations (real servers) to support IPv6 services/dests. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 2a3b791e6e1169f374224d164738e9f7be703d77 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:47 2008 +0200 IPVS: Add/adjust Netfilter hook functions and helpers for v6 Add Netfilter hook functions or modify existing ones, if possible, to process IPv6 packets. Some support functions are also added/modified for this. ip_vs_nat_icmp_v6() was already added in the patch that added the v6 xmit functions, as it is called from one of them. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit cd17f9ed099ed27e9b0d298253e5c05e335ac656 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:46 2008 +0200 IPVS: Extend scheduling functions for IPv6 support Convert ip_vs_schedule() and ip_vs_sched_persist() to support scheduling of IPv6 connections. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit b3cdd2a73867d309dca288b8e820c09e3b7f1da1 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:45 2008 +0200 IPVS: Add and bind IPv6 xmit functions Add xmit functions for IPv6. Also add the already needed __ip_vs_get_out_rt_v6() to ip_vs_core.c. Bind the new xmit functions to v6 connections. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 38cdcc9a039b92a9972dca3c954fb3d8b3ef13bf Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:44 2008 +0200 IPVS: Add IPv6 support to xmit() support functions Add IPv6 support to IP_VS_XMIT() and to the xmit routing cache, introducing a new function __ip_vs_get_out_rt_v6(). Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 28364a59f3dfe7fed3560ec7aff9b7aeb02824fb Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:43 2008 +0200 IPVS: Extend functions for getting/creating connections Extend functions for getting/creating connections and connection templates for IPv6 support and fix the callers. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 0bbdd42b7efa66685b6d74701bcde3a596a3a59d Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:42 2008 +0200 IPVS: Extend protocol DNAT/SNAT and state handlers Extend protocol DNAT/SNAT and state handlers to work with IPv6. Also change/introduce new checksumming helper functions for this. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 3b047d9d0407e78a52f009835a0e26cb62edb8c7 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:41 2008 +0200 IPVS: Add protocol debug functions for IPv6 Add protocol (TCP, UDP, AH, ESP) debug functions for IPv6 packet debug output. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 51ef348b14183789e4cb3444d05ce83b1b69d8fb Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:40 2008 +0200 IPVS: Add 'af' args to protocol handler functions Add 'af' arguments to conn_schedule(), conn_in_get(), conn_out_get() and csum_check() function pointers in struct ip_vs_protocol. Extend the respective functions for TCP, UDP, AH and ESP and adjust the callers. The changes in the callers need to be somewhat extensive, since they now need to pass a filled out struct ip_vs_iphdr * to the modified functions instead of a struct iphdr *. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit b14198f6c1bea1687d20723db35d8effecd9d899 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:39 2008 +0200 IPVS: Add IPv6 support flag to schedulers Add 'supports_ipv6' flag to struct ip_vs_scheduler to indicate whether a scheduler supports IPv6. Set the flag to 1 in schedulers that work with IPv6, 0 otherwise. This flag is checked in a later patch while trying to add a service with a specific scheduler. Adjust debug in v6-supporting schedulers to work with both address families. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 3c2e0505d25cdc9425336f167fd4ff5f505aecff Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:38 2008 +0200 IPVS: Add v6 support to ip_vs_service_get() Add support for selecting services based on their address family to ip_vs_service_get() and adjust the callers. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit b18610de9ec2728159f723a9b864ca78a5774193 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:37 2008 +0200 IPVS: Convert __ip_vs_svc_get() and __ip_vs_fwm_get() Add support for getting services based on their address family to __ip_vs_service_get(), __ip_vs_fwm_get() and the helper hash function ip_vs_svc_hashkey(). Adjust the callers. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit c860c6b1479992440e4962e9c95d258bfdce4fca Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:36 2008 +0200 IPVS: Add internal versions of sockopt interface structs Add extended internal versions of struct ip_vs_service_user and struct ip_vs_dest_user (the originals can't be modified as they are part of the old sockopt interface). Adjust ip_vs_ctl.c to work with the new data structures and add some minor AF-awareness. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit c842a3ada9ba8f0cca38a70de3fe0effcfab254c Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:35 2008 +0200 IPVS: Add debug macros for v4 and v6 address output Add some debugging macros that allow conditional output of either v4 or v6 addresses, depending on an 'af' parameter. This is done by creating a temporary string buffer in an outer debug macro and writing addresses' string representations into it from another macro which can only be used when inside the outer one. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 64aae3cb9fd22f33e491c4730d363eb2229ef910 Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:34 2008 +0200 IPVS: Add general v4/v6 helper functions / data structures Add a struct ip_vs_iphdr for easier handling of common v4 and v6 header fields in the same code path. ip_vs_fill_iphdr() helps to fill this struct from an IPv4 or IPv6 header. Add further helper functions for copying and comparing addresses. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit e7ade46a53055c19a01c8becbe7807f9075d6fee Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:33 2008 +0200 IPVS: Change IPVS data structures to support IPv6 addresses Introduce new 'af' fields into IPVS data structures for specifying an entry's address family. Convert IP addresses to be of type union nf_inet_addr. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit fab0de02fb0da83b90cec7fce4294747d86d5c6f Author: Julius Volz <[email protected]> Date: Tue Sep 2 15:55:32 2008 +0200 IPVS: Add CONFIG_IP_VS_IPV6 option for IPv6 support Add boolean config option CONFIG_IP_VS_IPV6 for enabling experimental IPv6 support in IPVS. Only visible if IPv6 support is set to 'y' or both IPv6 and IPVS are modules. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit e3c2ced8d21410e8bc897480081e2ffc516c0f70 Author: Julius Volz <[email protected]> Date: Fri Aug 22 14:06:13 2008 +0200 IPVS: Rename ip_vs_proto_ah.c to ip_vs_proto_ah_esp.c After integrating ESP into ip_vs_proto_ah, rename it (and the references to it) to ip_vs_proto_ah_esp.c and delete the old ip_vs_proto_esp.c. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 409a19669e4cd8d1bab7dff31d3b6aa493ff60f0 Author: Julius Volz <[email protected]> Date: Fri Aug 22 14:06:12 2008 +0200 IPVS: Integrate ESP protocol into ip_vs_proto_ah.c Rename all ah_* functions to ah_esp_* (and adjust comments). Move ESP protocol definition into ip_vs_proto_ah.c and remove all usage of ip_vs_proto_esp.c. Make the compilation of ip_vs_proto_ah.c dependent on a new config variable, IP_VS_PROTO_AH_ESP, which is selected either by IP_VS_PROTO_ESP or IP_VS_PROTO_AH. Only compile the selected protocols' structures within this file. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit a919cf4b6b499416b6e2247dbc79196c4325f2e6 Author: Sven Wegener <[email protected]> Date: Thu Aug 14 00:47:16 2008 +0200 ipvs: Create init functions for estimator code Commit 8ab19ea36c5c5340ff598e4d15fc084eb65671dc ("ipvs: Fix possible deadlock in estimator code") fixed a deadlock condition, but that condition can only happen during unload of IPVS, because during normal operation there is at least our global stats structure in the estimator list. The mod_timer() and del_timer_sync() calls are actually initialization and cleanup code in disguise. Let's make it explicit and move them to their own init and cleanup function. Signed-off-by: Sven Wegener <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit 9a812198ae49967f239789164c55ec3e72b7e0dd Author: Julius Volz <[email protected]> Date: Thu Aug 14 14:08:44 2008 +0200 IPVS: Add genetlink interface implementation Add the implementation of the new Generic Netlink interface to IPVS and keep the old set/getsockopt interface for userspace backwards compatibility. Signed-off-by: Julius Volz <[email protected]> Acked-by: Sven Wegener <[email protected]> Signed-off-by: Simon Horman <[email protected]> commit c1bc667e844c2677cdf927102ab384fe7b033762 Author: Julius Volz <[email protected]> Date: Thu Aug 7 16:43:38 2008 +0200 IPVS: Add genetlink interface definitions to ip_vs.h Add IPVS Generic Netlink interface definitions to include/linux/ip_vs.h. Signed-off-by: Julius Volz <[email protected]> Signed-off-by: Simon Horman <[email protected]> ----- End forwarded message ----- -- Simon Horman VA Linux Systems Japan K.K., Sydney, Australia Satellite Office H: www.vergenet.net/~horms/ W: www.valinux.co.jp/en _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - [email protected] Send requests to [email protected] or go to http://lists.graemef.net/mailman/listinfo/lvs-users
