[PATCH next 06/84] ipvs: Pass ipvs not net to ip_vs_fill_conn

[Eric W. Biederman]

ipvs is what is actually desired so change the parameter and the modify
the callers to pass struct netns_ipvs.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h |  4 ++--
 net/netfilter/ipvs/ip_vs_conn.c |  8 
 net/netfilter/ipvs/ip_vs_core.c |  8 
 net/netfilter/ipvs/ip_vs_ftp.c  |  6 +++---
 net/netfilter/ipvs/ip_vs_nfct.c |  2 +-
 net/netfilter/ipvs/ip_vs_proto_ah_esp.c | 14 +++---
 net/netfilter/ipvs/ip_vs_sync.c | 16 
 7 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 8cca99bbe15b..83e2aea63db2 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1201,14 +1201,14 @@ enum {
IP_VS_DIR_LAST,
 };
 
-static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol,
+static inline void ip_vs_conn_fill_param(struct netns_ipvs *ipvs, int af, int 
protocol,
 const union nf_inet_addr *caddr,
 __be16 cport,
 const union nf_inet_addr *vaddr,
 __be16 vport,
 struct ip_vs_conn_param *p)
 {
-   p->ipvs = net_ipvs(net);
+   p->ipvs = ipvs;
p->af = af;
p->protocol = protocol;
p->caddr = caddr;
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index d1b19bbacb45..afc7a7558434 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -148,7 +148,7 @@ static unsigned int ip_vs_conn_hashkey_conn(const struct 
ip_vs_conn *cp)
 {
struct ip_vs_conn_param p;
 
-   ip_vs_conn_fill_param(cp->ipvs->net, cp->af, cp->protocol,
+   ip_vs_conn_fill_param(cp->ipvs, cp->af, cp->protocol,
  >caddr, cp->cport, NULL, 0, );
 
if (cp->pe) {
@@ -319,17 +319,17 @@ ip_vs_conn_fill_param_proto(int af, const struct sk_buff 
*skb,
struct ip_vs_conn_param *p)
 {
__be16 _ports[2], *pptr;
-   struct net *net = skb_net(skb);
+   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
 
pptr = frag_safe_skb_hp(skb, iph->len, sizeof(_ports), _ports, iph);
if (pptr == NULL)
return 1;
 
if (likely(!ip_vs_iph_inverse(iph)))
-   ip_vs_conn_fill_param(net, af, iph->protocol, >saddr,
+   ip_vs_conn_fill_param(ipvs, af, iph->protocol, >saddr,
  pptr[0], >daddr, pptr[1], p);
else
-   ip_vs_conn_fill_param(net, af, iph->protocol, >daddr,
+   ip_vs_conn_fill_param(ipvs, af, iph->protocol, >daddr,
  pptr[1], >saddr, pptr[0], p);
return 0;
 }
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 3f33a076aaec..fd02aec0a11a 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -215,7 +215,7 @@ ip_vs_conn_fill_param_persist(const struct ip_vs_service 
*svc,
  const union nf_inet_addr *vaddr, __be16 vport,
  struct ip_vs_conn_param *p)
 {
-   ip_vs_conn_fill_param(svc->net, svc->af, protocol, caddr, cport, vaddr,
+   ip_vs_conn_fill_param(net_ipvs(svc->net), svc->af, protocol, caddr, 
cport, vaddr,
  vport, p);
p->pe = rcu_dereference(svc->pe);
if (p->pe && p->pe->fill_param)
@@ -376,7 +376,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
/*
 *Create a new connection according to the template
 */
-   ip_vs_conn_fill_param(svc->net, svc->af, iph->protocol, src_addr,
+   ip_vs_conn_fill_param(net_ipvs(svc->net), svc->af, iph->protocol, 
src_addr,
  src_port, dst_addr, dst_port, );
 
cp = ip_vs_conn_new(, dest->af, >addr, dport, flags, dest,
@@ -524,7 +524,7 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff 
*skb,
{
struct ip_vs_conn_param p;
 
-   ip_vs_conn_fill_param(svc->net, svc->af, iph->protocol,
+   ip_vs_conn_fill_param(net_ipvs(svc->net), svc->af, 
iph->protocol,
  caddr, cport, vaddr, vport, );
cp = ip_vs_conn_new(, dest->af, >addr,
dest->port ? dest->port : vport,
@@ -600,7 +600,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff 
*skb,
IP_VS_DBG(6, "%s(): create a cache_bypass entry\n", __func__);
{
struct ip_vs_conn_param p;
-   ip_vs_conn_fill_param(svc->net, svc->af, iph->protocol,
+   ip_vs_conn_fill_param(net_ipvs(svc->net), svc->af, 
iph->protocol,

[PATCH next 09/84] ipvs: Pass ipvs not net to __ip_vs_svc_fwm_find

[Eric W. Biederman]

ipvs is what the code actually wants to use.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 4eb3c4aca86b..5e8ef1593f3e 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -386,9 +386,8 @@ __ip_vs_service_find(struct net *net, int af, __u16 
protocol,
  * Get service by {fwmark} in the service table.
  */
 static inline struct ip_vs_service *
-__ip_vs_svc_fwm_find(struct net *net, int af, __u32 fwmark)
+__ip_vs_svc_fwm_find(struct netns_ipvs *ipvs, int af, __u32 fwmark)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
unsigned int hash;
struct ip_vs_service *svc;
 
@@ -418,7 +417,7 @@ ip_vs_service_find(struct net *net, int af, __u32 fwmark, 
__u16 protocol,
 *  Check the table hashed by fwmark first
 */
if (fwmark) {
-   svc = __ip_vs_svc_fwm_find(net, af, fwmark);
+   svc = __ip_vs_svc_fwm_find(ipvs, af, fwmark);
if (svc)
goto out;
}
@@ -2415,7 +2414,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
svc = __ip_vs_service_find(net, usvc.af, usvc.protocol,
   , usvc.port);
else
-   svc = __ip_vs_svc_fwm_find(net, usvc.af, usvc.fwmark);
+   svc = __ip_vs_svc_fwm_find(ipvs, usvc.af, usvc.fwmark);
rcu_read_unlock();
 
if (cmd != IP_VS_SO_SET_ADD
@@ -2543,13 +2542,14 @@ static inline int
 __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
 struct ip_vs_get_dests __user *uptr)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_service *svc;
union nf_inet_addr addr = { .ip = get->addr };
int ret = 0;
 
rcu_read_lock();
if (get->fwmark)
-   svc = __ip_vs_svc_fwm_find(net, AF_INET, get->fwmark);
+   svc = __ip_vs_svc_fwm_find(ipvs, AF_INET, get->fwmark);
else
svc = __ip_vs_service_find(net, AF_INET, get->protocol, ,
   get->port);
@@ -2743,7 +2743,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user 
*user, int *len)
addr.ip = entry->addr;
rcu_read_lock();
if (entry->fwmark)
-   svc = __ip_vs_svc_fwm_find(net, AF_INET, entry->fwmark);
+   svc = __ip_vs_svc_fwm_find(ipvs, AF_INET, 
entry->fwmark);
else
svc = __ip_vs_service_find(net, AF_INET,
   entry->protocol, ,
@@ -3051,6 +3051,7 @@ static int ip_vs_genl_parse_service(struct net *net,
struct nlattr *nla, int full_entry,
struct ip_vs_service **ret_svc)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
struct nlattr *attrs[IPVS_SVC_ATTR_MAX + 1];
struct nlattr *nla_af, *nla_port, *nla_fwmark, *nla_protocol, *nla_addr;
struct ip_vs_service *svc;
@@ -3091,7 +3092,7 @@ static int ip_vs_genl_parse_service(struct net *net,
 
rcu_read_lock();
if (usvc->fwmark)
-   svc = __ip_vs_svc_fwm_find(net, usvc->af, usvc->fwmark);
+   svc = __ip_vs_svc_fwm_find(ipvs, usvc->af, usvc->fwmark);
else
svc = __ip_vs_service_find(net, usvc->af, usvc->protocol,
   >addr, usvc->port);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 02/84] ipvs: Don't use current in proc_do_defense_mode

[Eric W. Biederman]

Instead store ipvs in extra2 so that proc_do_defense_mode can easily
find the ipvs that it's value is associated with.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 7338827ee5e9..b88a1daeb78e 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1615,7 +1615,7 @@ static int
 proc_do_defense_mode(struct ctl_table *table, int write,
 void __user *buffer, size_t *lenp, loff_t *ppos)
 {
-   struct net *net = current->nsproxy->net_ns;
+   struct netns_ipvs *ipvs = table->extra2;
int *valp = table->data;
int val = *valp;
int rc;
@@ -1626,7 +1626,7 @@ proc_do_defense_mode(struct ctl_table *table, int write,
/* Restore the correct value */
*valp = val;
} else {
-   update_defense_level(net_ipvs(net));
+   update_defense_level(ipvs);
}
}
return rc;
@@ -3866,6 +3866,10 @@ static int __net_init 
ip_vs_control_net_init_sysctl(struct net *net)
} else
tbl = vs_vars;
/* Initialize sysctl defaults */
+   for (idx = 0; idx < sizeof(vs_vars)/sizeof(vs_vars[0]); idx++) {
+   if (tbl[idx].proc_handler == proc_do_defense_mode)
+   tbl[idx].extra2 = ipvs;
+   }
idx = 0;
ipvs->sysctl_amemthresh = 1024;
tbl[idx++].data = >sysctl_amemthresh;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 01/84] ipvs: Hoist computation of ipvs earlier in sctp_conn_schedule

[Eric W. Biederman]

The addition of sysctl_sloppy_sctp in sctp_conn_schedule resulted
in a use of ipvs before it was computed.  Hoist the computation of
ipvs earlier to avoid this problem.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_proto_sctp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c 
b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 2026fca7e1c3..ac628a9afdb5 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -20,6 +20,9 @@ sctp_conn_schedule(int af, struct sk_buff *skb, struct 
ip_vs_proto_data *pd,
sctp_sctphdr_t *sh, _sctph;
__be16 _ports[2], *ports = NULL;
 
+   net = skb_net(skb);
+   ipvs = net_ipvs(net);
+
if (likely(!ip_vs_iph_icmp(iph))) {
sh = skb_header_pointer(skb, iph->len, sizeof(_sctph), &_sctph);
if (sh) {
@@ -40,8 +43,6 @@ sctp_conn_schedule(int af, struct sk_buff *skb, struct 
ip_vs_proto_data *pd,
return 0;
}
 
-   net = skb_net(skb);
-   ipvs = net_ipvs(net);
rcu_read_lock();
if (likely(!ip_vs_iph_inverse(iph)))
svc = ip_vs_service_find(net, af, skb->mark, iph->protocol,
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 07/84] ipvs: Store ipvs not net in struct ip_vs_service

[Eric W. Biederman]

In practice struct netns_ipvs is as meaningful as struct net and more
useful as it holds the ipvs specific data.  So store a pointer to
struct netns_ipvs.

Update the accesses of param->net to access param->ipvs->net instead.

In functions where we are searching for an svc and filtering by net
filter by ipvs instead.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h  |  2 +-
 net/netfilter/ipvs/ip_vs_core.c  | 10 +++
 net/netfilter/ipvs/ip_vs_ctl.c   | 64 ++--
 net/netfilter/ipvs/ip_vs_lblc.c  |  3 +-
 net/netfilter/ipvs/ip_vs_lblcr.c |  3 +-
 5 files changed, 43 insertions(+), 39 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 83e2aea63db2..2c22380b9ad7 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -678,7 +678,7 @@ struct ip_vs_service {
unsigned intflags;/* service status flags */
unsigned inttimeout;  /* persistent timeout in ticks */
__be32  netmask;  /* grouping granularity, mask/plen */
-   struct net  *net;
+   struct netns_ipvs   *ipvs;
 
struct list_headdestinations;  /* real server d-linked list */
__u32   num_dests; /* number of servers */
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index fd02aec0a11a..583199c2bcdc 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -179,7 +179,7 @@ ip_vs_out_stats(struct ip_vs_conn *cp, struct sk_buff *skb)
 static inline void
 ip_vs_conn_stats(struct ip_vs_conn *cp, struct ip_vs_service *svc)
 {
-   struct netns_ipvs *ipvs = net_ipvs(svc->net);
+   struct netns_ipvs *ipvs = svc->ipvs;
struct ip_vs_cpu_stats *s;
 
s = this_cpu_ptr(cp->dest->stats.cpustats);
@@ -215,7 +215,7 @@ ip_vs_conn_fill_param_persist(const struct ip_vs_service 
*svc,
  const union nf_inet_addr *vaddr, __be16 vport,
  struct ip_vs_conn_param *p)
 {
-   ip_vs_conn_fill_param(net_ipvs(svc->net), svc->af, protocol, caddr, 
cport, vaddr,
+   ip_vs_conn_fill_param(svc->ipvs, svc->af, protocol, caddr, cport, vaddr,
  vport, p);
p->pe = rcu_dereference(svc->pe);
if (p->pe && p->pe->fill_param)
@@ -376,7 +376,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
/*
 *Create a new connection according to the template
 */
-   ip_vs_conn_fill_param(net_ipvs(svc->net), svc->af, iph->protocol, 
src_addr,
+   ip_vs_conn_fill_param(svc->ipvs, svc->af, iph->protocol, src_addr,
  src_port, dst_addr, dst_port, );
 
cp = ip_vs_conn_new(, dest->af, >addr, dport, flags, dest,
@@ -524,7 +524,7 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff 
*skb,
{
struct ip_vs_conn_param p;
 
-   ip_vs_conn_fill_param(net_ipvs(svc->net), svc->af, 
iph->protocol,
+   ip_vs_conn_fill_param(svc->ipvs, svc->af, iph->protocol,
  caddr, cport, vaddr, vport, );
cp = ip_vs_conn_new(, dest->af, >addr,
dest->port ? dest->port : vport,
@@ -600,7 +600,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff 
*skb,
IP_VS_DBG(6, "%s(): create a cache_bypass entry\n", __func__);
{
struct ip_vs_conn_param p;
-   ip_vs_conn_fill_param(net_ipvs(svc->net), svc->af, 
iph->protocol,
+   ip_vs_conn_fill_param(svc->ipvs, svc->af, iph->protocol,
  >saddr, pptr[0],
  >daddr, pptr[1], );
cp = ip_vs_conn_new(, svc->af, , 0,
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index b88a1daeb78e..2277da6b8e9f 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -309,14 +309,14 @@ static int ip_vs_svc_hash(struct ip_vs_service *svc)
/*
 *  Hash it by  in ip_vs_svc_table
 */
-   hash = ip_vs_svc_hashkey(svc->net, svc->af, svc->protocol,
+   hash = ip_vs_svc_hashkey(svc->ipvs->net, svc->af, svc->protocol,
 >addr, svc->port);
hlist_add_head_rcu(>s_list, _vs_svc_table[hash]);
} else {
/*
 *  Hash it by fwmark in svc_fwm_table
 */
-   hash = ip_vs_svc_fwm_hashkey(svc->net, svc->fwmark);
+   hash = ip_vs_svc_fwm_hashkey(svc->ipvs->net, svc->fwmark);
hlist_add_head_rcu(>f_list, _vs_svc_fwm_table[hash]);
}
 
@@ -360,6 +360,7 @@ static inline struct ip_vs_service *
 

[PATCH next 05/84] ipvs: Store ipvs not net in struct ip_vs_conn_param

[Eric W. Biederman]

In practice struct netns_ipvs is as meaningful as struct net and more
useful as it holds the ipvs specific data.  So store a pointer to
struct netns_ipvs.

Update the accesses of param->net to access param->ipvs->net instead.

When lookup up struct ip_vs_conn in a hash table replace comparisons
of cp->net with comparisons of cp->ipvs which is possible
now that ipvs is present in ip_vs_conn_param.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h |  4 ++--
 net/netfilter/ipvs/ip_vs_conn.c | 14 +++---
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 3bf6da8fdaf1..8cca99bbe15b 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -545,7 +545,7 @@ struct ip_vs_proto_data *ip_vs_proto_data_get(struct net 
*net,
  unsigned short proto);
 
 struct ip_vs_conn_param {
-   struct net  *net;
+   struct netns_ipvs   *ipvs;
const union nf_inet_addr*caddr;
const union nf_inet_addr*vaddr;
__be16  cport;
@@ -1208,7 +1208,7 @@ static inline void ip_vs_conn_fill_param(struct net *net, 
int af, int protocol,
 __be16 vport,
 struct ip_vs_conn_param *p)
 {
-   p->net = net;
+   p->ipvs = net_ipvs(net);
p->af = af;
p->protocol = protocol;
p->caddr = caddr;
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 899f5d3e46ed..d1b19bbacb45 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -141,7 +141,7 @@ static unsigned int ip_vs_conn_hashkey_param(const struct 
ip_vs_conn_param *p,
port = p->vport;
}
 
-   return ip_vs_conn_hashkey(p->net, p->af, p->protocol, addr, port);
+   return ip_vs_conn_hashkey(p->ipvs->net, p->af, p->protocol, addr, port);
 }
 
 static unsigned int ip_vs_conn_hashkey_conn(const struct ip_vs_conn *cp)
@@ -279,7 +279,7 @@ __ip_vs_conn_in_get(const struct ip_vs_conn_param *p)
ip_vs_addr_equal(p->af, p->vaddr, >vaddr) &&
((!p->cport) ^ (!(cp->flags & IP_VS_CONN_F_NO_CPORT))) &&
p->protocol == cp->protocol &&
-   net_eq(cp->ipvs->net, p->net)) {
+   cp->ipvs == p->ipvs) {
if (!__ip_vs_conn_get(cp))
continue;
/* HIT */
@@ -359,7 +359,7 @@ struct ip_vs_conn *ip_vs_ct_in_get(const struct 
ip_vs_conn_param *p)
 
hlist_for_each_entry_rcu(cp, _vs_conn_tab[hash], c_list) {
if (unlikely(p->pe_data && p->pe->ct_match)) {
-   if (net_eq(cp->ipvs->net, p->net))
+   if (cp->ipvs == p->ipvs)
continue;
if (p->pe == cp->pe && p->pe->ct_match(p, cp)) {
if (__ip_vs_conn_get(cp))
@@ -377,7 +377,7 @@ struct ip_vs_conn *ip_vs_ct_in_get(const struct 
ip_vs_conn_param *p)
p->vport == cp->vport && p->cport == cp->cport &&
cp->flags & IP_VS_CONN_F_TEMPLATE &&
p->protocol == cp->protocol &&
-   net_eq(cp->ipvs->net, p->net)) {
+   cp->ipvs == p->ipvs) {
if (__ip_vs_conn_get(cp))
goto out;
}
@@ -418,7 +418,7 @@ struct ip_vs_conn *ip_vs_conn_out_get(const struct 
ip_vs_conn_param *p)
ip_vs_addr_equal(p->af, p->vaddr, >caddr) &&
ip_vs_addr_equal(p->af, p->caddr, >daddr) &&
p->protocol == cp->protocol &&
-   net_eq(cp->ipvs->net, p->net)) {
+   cp->ipvs == p->ipvs) {
if (!__ip_vs_conn_get(cp))
continue;
/* HIT */
@@ -875,8 +875,8 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, int 
dest_af,
   struct ip_vs_dest *dest, __u32 fwmark)
 {
struct ip_vs_conn *cp;
-   struct netns_ipvs *ipvs = net_ipvs(p->net);
-   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(p->net,
+   struct netns_ipvs *ipvs = p->ipvs;
+   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(p->ipvs->net,
   p->protocol);
 
cp = kmem_cache_alloc(ip_vs_conn_cachep, GFP_ATOMIC);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 25/84] ipvs: Pass ipvs not net to ip_vs_set_timeout

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index b9426a5fb667..81eb3ed4ce90 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2202,10 +2202,9 @@ static const struct file_operations 
ip_vs_stats_percpu_fops = {
 /*
  * Set timeout values for tcp tcpfin udp in the timeout_table.
  */
-static int ip_vs_set_timeout(struct net *net, struct ip_vs_timeout_user *u)
+static int ip_vs_set_timeout(struct netns_ipvs *ipvs, struct 
ip_vs_timeout_user *u)
 {
 #if defined(CONFIG_IP_VS_PROTO_TCP) || defined(CONFIG_IP_VS_PROTO_UDP)
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_proto_data *pd;
 #endif
 
@@ -2369,7 +2368,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
goto out_unlock;
} else if (cmd == IP_VS_SO_SET_TIMEOUT) {
/* Set timeout values for (tcp tcpfin udp) */
-   ret = ip_vs_set_timeout(net, (struct ip_vs_timeout_user *)arg);
+   ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg);
goto out_unlock;
}
 
@@ -3461,6 +3460,7 @@ static int ip_vs_genl_del_daemon(struct net *net, struct 
nlattr **attrs)
 
 static int ip_vs_genl_set_config(struct net *net, struct nlattr **attrs)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_timeout_user t;
 
__ip_vs_get_timeouts(net, );
@@ -3475,7 +3475,7 @@ static int ip_vs_genl_set_config(struct net *net, struct 
nlattr **attrs)
if (attrs[IPVS_CMD_ATTR_TIMEOUT_UDP])
t.udp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_UDP]);
 
-   return ip_vs_set_timeout(net, );
+   return ip_vs_set_timeout(ipvs, );
 }
 
 static int ip_vs_genl_set_daemon(struct sk_buff *skb, struct genl_info *info)
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 50/84] ipvs: Pass ipvs not net to estimation_timer

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_est.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_est.c b/net/netfilter/ipvs/ip_vs_est.c
index 638a301f7ee4..c86dc456c8f4 100644
--- a/net/netfilter/ipvs/ip_vs_est.c
+++ b/net/netfilter/ipvs/ip_vs_est.c
@@ -102,10 +102,8 @@ static void estimation_timer(unsigned long arg)
struct ip_vs_estimator *e;
struct ip_vs_stats *s;
u64 rate;
-   struct net *net = (struct net *)arg;
-   struct netns_ipvs *ipvs;
+   struct netns_ipvs *ipvs = (struct netns_ipvs *)arg;
 
-   ipvs = net_ipvs(net);
spin_lock(>est_lock);
list_for_each_entry(e, >est_list, list) {
s = container_of(e, struct ip_vs_stats, est);
@@ -196,7 +194,7 @@ int __net_init ip_vs_estimator_net_init(struct net *net)
 
INIT_LIST_HEAD(>est_list);
spin_lock_init(>est_lock);
-   setup_timer(>est_timer, estimation_timer, (unsigned long)net);
+   setup_timer(>est_timer, estimation_timer, (unsigned long)ipvs);
mod_timer(>est_timer, jiffies + 2 * HZ);
return 0;
 }
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 21/84] ipvs: Pass ipvs not net to ip_vs_service_net_cleanup

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 2 +-
 net/netfilter/ipvs/ip_vs_core.c | 6 --
 net/netfilter/ipvs/ip_vs_ctl.c  | 3 +--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index b54a19eaa630..3c7040a313b5 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1335,7 +1335,7 @@ void ip_vs_protocol_net_cleanup(struct net *net);
 void ip_vs_control_net_cleanup(struct net *net);
 void ip_vs_estimator_net_cleanup(struct net *net);
 void ip_vs_sync_net_cleanup(struct net *net);
-void ip_vs_service_net_cleanup(struct net *net);
+void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs);
 
 /* IPVS application functions
  * (from ip_vs_app.c)
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index c22e0692e22d..787d561e200b 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -2110,13 +2110,15 @@ estimator_fail:
 
 static void __net_exit __ip_vs_cleanup(struct net *net)
 {
-   ip_vs_service_net_cleanup(net); /* ip_vs_flush() with locks */
+   struct netns_ipvs *ipvs = net_ipvs(net);
+
+   ip_vs_service_net_cleanup(ipvs);/* ip_vs_flush() with locks */
ip_vs_conn_net_cleanup(net);
ip_vs_app_net_cleanup(net);
ip_vs_protocol_net_cleanup(net);
ip_vs_control_net_cleanup(net);
ip_vs_estimator_net_cleanup(net);
-   IP_VS_DBG(2, "ipvs netns %d released\n", net_ipvs(net)->gen);
+   IP_VS_DBG(2, "ipvs netns %d released\n", ipvs->gen);
net->ipvs = NULL;
 }
 
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 51dab90bf184..d3407ad866bb 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1484,9 +1484,8 @@ static int ip_vs_flush(struct netns_ipvs *ipvs, bool 
cleanup)
  * Delete service by {netns} in the service table.
  * Called by __ip_vs_cleanup()
  */
-void ip_vs_service_net_cleanup(struct net *net)
+void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
EnterFunction(2);
/* Check for "full" addressed entries */
mutex_lock(&__ip_vs_mutex);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 65/84] ipvs: Pass ipvs not net into ip_vs_conn_net_init and ip_vs_conn_net_cleanup

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 4 ++--
 net/netfilter/ipvs/ip_vs_conn.c | 8 
 net/netfilter/ipvs/ip_vs_core.c | 6 +++---
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 0ca436ef7dad..5ad04be64895 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1331,9 +1331,9 @@ int ip_vs_estimator_net_init(struct netns_ipvs *ipvs);
 int ip_vs_control_net_init(struct netns_ipvs *ipvs);
 int ip_vs_protocol_net_init(struct net *net);
 int ip_vs_app_net_init(struct netns_ipvs *ipvs);
-int ip_vs_conn_net_init(struct net *net);
+int ip_vs_conn_net_init(struct netns_ipvs *ipvs);
 int ip_vs_sync_net_init(struct netns_ipvs *ipvs);
-void ip_vs_conn_net_cleanup(struct net *net);
+void ip_vs_conn_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_app_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_protocol_net_cleanup(struct net *net);
 void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs);
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 43b7a7d2ba4d..3d461f417c1d 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -1345,9 +1345,9 @@ flush_again:
 /*
  * per netns init and exit
  */
-int __net_init ip_vs_conn_net_init(struct net *net)
+int __net_init ip_vs_conn_net_init(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
+   struct net *net = ipvs->net;
 
atomic_set(>conn_count, 0);
 
@@ -1356,9 +1356,9 @@ int __net_init ip_vs_conn_net_init(struct net *net)
return 0;
 }
 
-void __net_exit ip_vs_conn_net_cleanup(struct net *net)
+void __net_exit ip_vs_conn_net_cleanup(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
+   struct net *net = ipvs->net;
 
/* flush all the connection entries first */
ip_vs_conn_flush(ipvs);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index f0369e7602a0..9b37fe30dcac 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -2086,7 +2086,7 @@ static int __net_init __ip_vs_init(struct net *net)
if (ip_vs_app_net_init(ipvs) < 0)
goto app_fail;
 
-   if (ip_vs_conn_net_init(net) < 0)
+   if (ip_vs_conn_net_init(ipvs) < 0)
goto conn_fail;
 
if (ip_vs_sync_net_init(ipvs) < 0)
@@ -2100,7 +2100,7 @@ static int __net_init __ip_vs_init(struct net *net)
  */
 
 sync_fail:
-   ip_vs_conn_net_cleanup(net);
+   ip_vs_conn_net_cleanup(ipvs);
 conn_fail:
ip_vs_app_net_cleanup(ipvs);
 app_fail:
@@ -2119,7 +2119,7 @@ static void __net_exit __ip_vs_cleanup(struct net *net)
struct netns_ipvs *ipvs = net_ipvs(net);
 
ip_vs_service_net_cleanup(ipvs);/* ip_vs_flush() with locks */
-   ip_vs_conn_net_cleanup(net);
+   ip_vs_conn_net_cleanup(ipvs);
ip_vs_app_net_cleanup(ipvs);
ip_vs_protocol_net_cleanup(net);
ip_vs_control_net_cleanup(ipvs);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 23/84] ipvs: Cache ipvs in ip_vs_in_icmp and ip_vs_in_icmp_v6

[Eric W. Biederman]

Storte the value of net_ipvs in a variable named ipvs so that when
there are more users struct netns_ipvs in ip_vs_in_cmp and
ip_vs_in_icmp_v6 they won't need to compute the value again.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 8 ++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 787d561e200b..77dcd3ed27de 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1403,6 +1403,7 @@ static int
 ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
 {
struct net *net = NULL;
+   struct netns_ipvs *ipvs;
struct iphdr *iph;
struct icmphdr  _icmph, *ic;
struct iphdr_ciph, *cih;/* The ip header contained within the 
ICMP */
@@ -1452,6 +1453,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned 
int hooknum)
return NF_ACCEPT; /* The packet looks wrong, ignore */
 
net = skb_net(skb);
+   ipvs = net_ipvs(net);
 
/* Special case for errors for IPIP packets */
ipip = false;
@@ -1493,7 +1495,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned 
int hooknum)
if (!cp) {
int v;
 
-   if (!sysctl_schedule_icmp(net_ipvs(net)))
+   if (!sysctl_schedule_icmp(ipvs))
return NF_ACCEPT;
 
if (!ip_vs_try_to_schedule(AF_INET, skb, pd, , , ))
@@ -1589,6 +1591,7 @@ static int ip_vs_in_icmp_v6(struct sk_buff *skb, int 
*related,
unsigned int hooknum, struct ip_vs_iphdr *iph)
 {
struct net *net = NULL;
+   struct netns_ipvs *ipvs;
struct icmp6hdr _icmph, *ic;
struct ip_vs_iphdr ciph = {.flags = 0, .fragoffs = 0};/*Contained IP */
struct ip_vs_conn *cp;
@@ -1629,6 +1632,7 @@ static int ip_vs_in_icmp_v6(struct sk_buff *skb, int 
*related,
return NF_ACCEPT;
 
net = skb_net(skb);
+   ipvs = net_ipvs(net);
pd = ip_vs_proto_data_get(net, ciph.protocol);
if (!pd)
return NF_ACCEPT;
@@ -1649,7 +1653,7 @@ static int ip_vs_in_icmp_v6(struct sk_buff *skb, int 
*related,
if (!cp) {
int v;
 
-   if (!sysctl_schedule_icmp(net_ipvs(net)))
+   if (!sysctl_schedule_icmp(ipvs))
return NF_ACCEPT;
 
if (!ip_vs_try_to_schedule(AF_INET6, skb, pd, , , ))
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH] usbnet: New driver for QinHeng CH9200 devices

[Matthew Garrett]

From: Matthew Garrett 

There's a bunch of cheap USB 10/100 devices based on QinHeng chipsets. The
vendor driver supports the CH9100 and CH9200 devices, but the majority of
the code is of the if (ch9100) {} else {} form, with the most significant
difference being that CH9200 provides a real MII interface but CH9100 fakes
one with a bunch of global variables and magic commands. I don't have a
CH9100, so it's probably better if someone who does provides an independent
driver for it. In any case, this is a lightly cleaned up version of the
vendor driver with all the CH9100 code dropped.

Signed-off-by: Matthew Garrett 
---
 drivers/net/usb/Kconfig  |  11 ++
 drivers/net/usb/Makefile |   2 +-
 drivers/net/usb/ch9200.c | 443 +++
 3 files changed, 455 insertions(+), 1 deletion(-)
 create mode 100644 drivers/net/usb/ch9200.c

diff --git a/drivers/net/usb/Kconfig b/drivers/net/usb/Kconfig
index 1610b79..fbb9325 100644
--- a/drivers/net/usb/Kconfig
+++ b/drivers/net/usb/Kconfig
@@ -583,4 +583,15 @@ config USB_VL600
 
  http://ubuntuforums.org/showpost.php?p=10589647=17
 
+config USB_NET_CH9200
+   tristate "QingHeng CH9200 USB ethernet support"
+   depends on USB_USBNET
+   select MII
+   help
+ Choose this option if you have a USB ethernet adapter with a QinHeng
+ CH9200 chipset.
+
+ To compile this driver as a module, choose M here: the
+ module will be called ch9200.
+
 endif # USB_NET_DRIVERS
diff --git a/drivers/net/usb/Makefile b/drivers/net/usb/Makefile
index cf6a0e6..b5f0406 100644
--- a/drivers/net/usb/Makefile
+++ b/drivers/net/usb/Makefile
@@ -38,4 +38,4 @@ obj-$(CONFIG_USB_NET_HUAWEI_CDC_NCM)  += huawei_cdc_ncm.o
 obj-$(CONFIG_USB_VL600)+= lg-vl600.o
 obj-$(CONFIG_USB_NET_QMI_WWAN) += qmi_wwan.o
 obj-$(CONFIG_USB_NET_CDC_MBIM) += cdc_mbim.o
-
+obj-$(CONFIG_USB_NET_CH9200)   += ch9200.o
diff --git a/drivers/net/usb/ch9200.c b/drivers/net/usb/ch9200.c
new file mode 100644
index 000..cabb670
--- /dev/null
+++ b/drivers/net/usb/ch9200.c
@@ -0,0 +1,443 @@
+/*
+ * USB 10M/100M ethernet adapter
+ *
+ * This file is licensed under the terms of the GNU General Public License
+ * version 2. This program is licensed "as is" without any warranty of any
+ * kind, whether express or implied
+ *
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define CH9200_VID 0x1A86
+#define CH9200_PID_E0920xE092
+
+#define CTRL_TIMEOUT_MS1000
+
+#define CONTROL_TIMEOUT_MS 1000
+
+#define REQUEST_READ   0x0E
+#define REQUEST_WRITE  0x0F
+
+/* Address space:
+ * 00-63 : MII
+ * 64-128: MAC
+ *
+ * Note: all accesses must be 16-bit
+ */
+
+#define MAC_REG_CTRL 64
+#define MAC_REG_STATUS 66
+#define MAC_REG_INTERRUPT_MASK 68
+#define MAC_REG_PHY_COMMAND 70
+#define MAC_REG_PHY_DATA 72
+#define MAC_REG_STATION_L 74
+#define MAC_REG_STATION_M 76
+#define MAC_REG_STATION_H 78
+#define MAC_REG_HASH_L 80
+#define MAC_REG_HASH_M1 82
+#define MAC_REG_HASH_M2 84
+#define MAC_REG_HASH_H 86
+#define MAC_REG_THRESHOLD 88
+#define MAC_REG_FIFO_DEPTH 90
+#define MAC_REG_PAUSE 92
+#define MAC_REG_FLOW_CONTROL 94
+
+/* Control register bits
+ *
+ * Note: bits 13 and 15 are reserved
+ */
+#define LOOPBACK   (0x01 << 14)
+#define BASE100X   (0x01 << 12)
+#define MBPS_10(0x01 << 11)
+#define DUPLEX_MODE(0x01 << 10)
+#define PAUSE_FRAME(0x01 << 9)
+#define PROMISCUOUS(0x01 << 8)
+#define MULTICAST  (0x01 << 7)
+#define BROADCAST  (0x01 << 6)
+#define HASH   (0x01 << 5)
+#define APPEND_PAD (0x01 << 4)
+#define APPEND_CRC (0x01 << 3)
+#define TRANSMITTER_ACTION (0x01 << 2)
+#define RECEIVER_ACTION(0x01 << 1)
+#define DMA_ACTION (0x01 << 0)
+
+/* Status register bits
+ *
+ * Note: bits 7-15 are reserved
+ */
+#define ALIGNMENT  (0x01 << 6)
+#define FIFO_OVER_RUN  (0x01 << 5)
+#define FIFO_UNDER_RUN (0x01 << 4)
+#define RX_ERROR   (0x01 << 3)
+#define RX_COMPLETE(0x01 << 2)
+#define TX_ERROR   (0x01 << 1)
+#define TX_COMPLETE(0x01 << 0)
+
+/* FIFO depth register bits
+ *
+ * Note: bits 6 and 14 are reserved
+ */
+
+#define ETH_TXBD   (0x01 << 15)
+#define ETN_TX_FIFO_DEPTH  (0x01 << 8)
+#define ETH_RXBD   (0x01 << 7)
+#define ETH_RX_FIFO_DEPTH  (0x01 << 0)
+
+static int control_read(struct usbnet *dev,
+   unsigned char request, unsigned short value,
+   unsigned short index, void *data, unsigned short size,
+   int timeout)
+{
+   unsigned char *buf = NULL;
+   unsigned char request_type;
+   int 

[PATCH next 08/84] ipvs: Pass ipvs not net to ip_vs_svc_fwm_hashkey

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 2277da6b8e9f..4eb3c4aca86b 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -285,9 +285,9 @@ ip_vs_svc_hashkey(struct net *net, int af, unsigned int 
proto,
 /*
  * Returns hash value of fwmark for virtual service lookup
  */
-static inline unsigned int ip_vs_svc_fwm_hashkey(struct net *net, __u32 fwmark)
+static inline unsigned int ip_vs_svc_fwm_hashkey(struct netns_ipvs *ipvs, 
__u32 fwmark)
 {
-   return (((size_t)net>>8) ^ fwmark) & IP_VS_SVC_TAB_MASK;
+   return (((size_t)ipvs>>8) ^ fwmark) & IP_VS_SVC_TAB_MASK;
 }
 
 /*
@@ -316,7 +316,7 @@ static int ip_vs_svc_hash(struct ip_vs_service *svc)
/*
 *  Hash it by fwmark in svc_fwm_table
 */
-   hash = ip_vs_svc_fwm_hashkey(svc->ipvs->net, svc->fwmark);
+   hash = ip_vs_svc_fwm_hashkey(svc->ipvs, svc->fwmark);
hlist_add_head_rcu(>f_list, _vs_svc_fwm_table[hash]);
}
 
@@ -393,7 +393,7 @@ __ip_vs_svc_fwm_find(struct net *net, int af, __u32 fwmark)
struct ip_vs_service *svc;
 
/* Check for fwmark addressed entries */
-   hash = ip_vs_svc_fwm_hashkey(net, fwmark);
+   hash = ip_vs_svc_fwm_hashkey(ipvs, fwmark);
 
hlist_for_each_entry_rcu(svc, _vs_svc_fwm_table[hash], f_list) {
if (svc->fwmark == fwmark && svc->af == af
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 10/84] ipvs: Pass ipvs not net to ip_vs_svc_hashkey

[Eric W. Biederman]

Use the address of ipvs not the address of net when computing the
hash value.  This removes an unncessary dependency on struct net.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 5e8ef1593f3e..3911cf03fef9 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -263,7 +263,7 @@ static struct hlist_head 
ip_vs_svc_fwm_table[IP_VS_SVC_TAB_SIZE];
  * Returns hash value for virtual service
  */
 static inline unsigned int
-ip_vs_svc_hashkey(struct net *net, int af, unsigned int proto,
+ip_vs_svc_hashkey(struct netns_ipvs *ipvs, int af, unsigned int proto,
  const union nf_inet_addr *addr, __be16 port)
 {
register unsigned int porth = ntohs(port);
@@ -276,7 +276,7 @@ ip_vs_svc_hashkey(struct net *net, int af, unsigned int 
proto,
addr->ip6[2]^addr->ip6[3];
 #endif
ahash = ntohl(addr_fold);
-   ahash ^= ((size_t) net >> 8);
+   ahash ^= ((size_t) ipvs >> 8);
 
return (proto ^ ahash ^ (porth >> IP_VS_SVC_TAB_BITS) ^ porth) &
   IP_VS_SVC_TAB_MASK;
@@ -309,7 +309,7 @@ static int ip_vs_svc_hash(struct ip_vs_service *svc)
/*
 *  Hash it by  in ip_vs_svc_table
 */
-   hash = ip_vs_svc_hashkey(svc->ipvs->net, svc->af, svc->protocol,
+   hash = ip_vs_svc_hashkey(svc->ipvs, svc->af, svc->protocol,
 >addr, svc->port);
hlist_add_head_rcu(>s_list, _vs_svc_table[hash]);
} else {
@@ -365,7 +365,7 @@ __ip_vs_service_find(struct net *net, int af, __u16 
protocol,
struct ip_vs_service *svc;
 
/* Check for "full" addressed entries */
-   hash = ip_vs_svc_hashkey(net, af, protocol, vaddr, vport);
+   hash = ip_vs_svc_hashkey(ipvs, af, protocol, vaddr, vport);
 
hlist_for_each_entry_rcu(svc, _vs_svc_table[hash], s_list) {
if ((svc->af == af)
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 03/84] ipvs: Use state->net in the ipvs forward functions

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 1fa12edccbcc..3f33a076aaec 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1905,15 +1905,13 @@ ip_vs_forward_icmp(void *priv, struct sk_buff *skb,
   const struct nf_hook_state *state)
 {
int r;
-   struct net *net;
struct netns_ipvs *ipvs;
 
if (ip_hdr(skb)->protocol != IPPROTO_ICMP)
return NF_ACCEPT;
 
/* ipvs enabled in this netns ? */
-   net = skb_net(skb);
-   ipvs = net_ipvs(net);
+   ipvs = net_ipvs(state->net);
if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable))
return NF_ACCEPT;
 
@@ -1926,7 +1924,6 @@ ip_vs_forward_icmp_v6(void *priv, struct sk_buff *skb,
  const struct nf_hook_state *state)
 {
int r;
-   struct net *net;
struct netns_ipvs *ipvs;
struct ip_vs_iphdr iphdr;
 
@@ -1935,8 +1932,7 @@ ip_vs_forward_icmp_v6(void *priv, struct sk_buff *skb,
return NF_ACCEPT;
 
/* ipvs enabled in this netns ? */
-   net = skb_net(skb);
-   ipvs = net_ipvs(net);
+   ipvs = net_ipvs(state->net);
if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable))
return NF_ACCEPT;
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 04/84] ipvs: Store ipvs not net in struct ip_vs_conn

[Eric W. Biederman]

In practice struct netns_ipvs is as meaningful as struct net and more
useful as it holds the ipvs specific data.  So store a pointer to
struct netns_ipvs.

Update the accesses of conn->net to access conn->ipvs->net instead.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h   | 31 +--
 net/netfilter/ipvs/ip_vs_conn.c   | 30 +++---
 net/netfilter/ipvs/ip_vs_ftp.c|  6 +++---
 net/netfilter/ipvs/ip_vs_nfct.c   |  3 +--
 net/netfilter/ipvs/ip_vs_proto_sctp.c |  2 +-
 net/netfilter/ipvs/ip_vs_proto_tcp.c  |  2 +-
 net/netfilter/ipvs/ip_vs_proto_udp.c  |  2 +-
 net/netfilter/ipvs/ip_vs_xmit.c   |  4 ++--
 8 files changed, 25 insertions(+), 55 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 1096a71ab6ed..3bf6da8fdaf1 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -572,9 +572,7 @@ struct ip_vs_conn {
volatile __u32  flags;  /* status flags */
__u16   protocol;   /* Which protocol (TCP/UDP) */
__u16   daf;/* Address family of the dest */
-#ifdef CONFIG_NET_NS
-   struct net  *net;   /* Name space */
-#endif
+   struct netns_ipvs   *ipvs;
 
/* counter and timer */
atomic_trefcnt; /* reference count */
@@ -621,33 +619,6 @@ struct ip_vs_conn {
struct rcu_head rcu_head;
 };
 
-/* To save some memory in conn table when name space is disabled. */
-static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp)
-{
-#ifdef CONFIG_NET_NS
-   return cp->net;
-#else
-   return _net;
-#endif
-}
-
-static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net)
-{
-#ifdef CONFIG_NET_NS
-   cp->net = net;
-#endif
-}
-
-static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp,
-   struct net *net)
-{
-#ifdef CONFIG_NET_NS
-   return cp->net == net;
-#else
-   return 1;
-#endif
-}
-
 /* Extended internal versions of struct ip_vs_service_user and ip_vs_dest_user
  * for IPv6 support.
  *
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index f71b3146a5a1..899f5d3e46ed 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -148,7 +148,7 @@ static unsigned int ip_vs_conn_hashkey_conn(const struct 
ip_vs_conn *cp)
 {
struct ip_vs_conn_param p;
 
-   ip_vs_conn_fill_param(ip_vs_conn_net(cp), cp->af, cp->protocol,
+   ip_vs_conn_fill_param(cp->ipvs->net, cp->af, cp->protocol,
  >caddr, cp->cport, NULL, 0, );
 
if (cp->pe) {
@@ -279,7 +279,7 @@ __ip_vs_conn_in_get(const struct ip_vs_conn_param *p)
ip_vs_addr_equal(p->af, p->vaddr, >vaddr) &&
((!p->cport) ^ (!(cp->flags & IP_VS_CONN_F_NO_CPORT))) &&
p->protocol == cp->protocol &&
-   ip_vs_conn_net_eq(cp, p->net)) {
+   net_eq(cp->ipvs->net, p->net)) {
if (!__ip_vs_conn_get(cp))
continue;
/* HIT */
@@ -359,7 +359,7 @@ struct ip_vs_conn *ip_vs_ct_in_get(const struct 
ip_vs_conn_param *p)
 
hlist_for_each_entry_rcu(cp, _vs_conn_tab[hash], c_list) {
if (unlikely(p->pe_data && p->pe->ct_match)) {
-   if (!ip_vs_conn_net_eq(cp, p->net))
+   if (net_eq(cp->ipvs->net, p->net))
continue;
if (p->pe == cp->pe && p->pe->ct_match(p, cp)) {
if (__ip_vs_conn_get(cp))
@@ -377,7 +377,7 @@ struct ip_vs_conn *ip_vs_ct_in_get(const struct 
ip_vs_conn_param *p)
p->vport == cp->vport && p->cport == cp->cport &&
cp->flags & IP_VS_CONN_F_TEMPLATE &&
p->protocol == cp->protocol &&
-   ip_vs_conn_net_eq(cp, p->net)) {
+   net_eq(cp->ipvs->net, p->net)) {
if (__ip_vs_conn_get(cp))
goto out;
}
@@ -418,7 +418,7 @@ struct ip_vs_conn *ip_vs_conn_out_get(const struct 
ip_vs_conn_param *p)
ip_vs_addr_equal(p->af, p->vaddr, >caddr) &&
ip_vs_addr_equal(p->af, p->caddr, >daddr) &&
p->protocol == cp->protocol &&
-   ip_vs_conn_net_eq(cp, p->net)) {
+   net_eq(cp->ipvs->net, p->net)) {
if (!__ip_vs_conn_get(cp))
continue;
/* HIT */
@@ -638,7 +638,7 @@ void ip_vs_try_bind_dest(struct ip_vs_conn *cp)
 * so we can make the assumption that the svc_af is the same as the
 * dest_af
 */
-   dest = ip_vs_find_dest(ip_vs_conn_net(cp), 

[PATCH next 00/84] ipvs: Stop guessing the network namespace

[Eric W. Biederman]

I am gradually working my way through the netfilter stack passing struct
down into the netfilter hooks and from the netfilter hooks and from
there down into the functions that actually care.  This removes the need
for netfilter functions to guess how to figure out how to compute which
network namespace they are in and instead provides a simple and reliable
method to do so.

The cleanups stand on their own but this is part of a larger effort
to have routes with an output device that is not in the current network
namespace.

The IPVS code has been a bit more of a challenge than most.  Just
passing struct net through to where it is needed did not feel clean
to me.  The practical issue is that the ipvs code in most places
actually wants struct netns_ipvs and not struct net.

So as part of this process I have turned the relationship between struct
net and the structs netns_ipvs, ip_vs_conn_param, ip_vs_conn, and
ip_vs_service inside out.  I have modified the ipvs functions to take a
struct netns_ipvs not a struct net.  The net is code with fewer
conversions from one type of structure to another.  I did wind up adding
a struct netns_ipvs parameter to quite a few functions that did not have
it before so I could pass the structure down from the netfilter hooks to
where it is actually needed to avoid guessing.

I have broken up the work in a bunch of small patches so there is at
least a chance and reviewing that each step I took is correct.  The
series compiles at each step so bisecting it should not be a problem
if something weird comes up.

The first two changes in this series are actually bug fixes.  The first
is a compile fix for a bug in sctp that came in, in the last round of
ipvs changes merged into nf-next.  The second fixes an older bug where
in pathological circumstances the wrong network namespace could be used
when a proc file is written to.

The rest of the patchset is a bunch of boring changes getting pushing
struct netns_ipvs (and by extension ipvs->net) where it needs to be.
Either by replacing struct net pointers or adding new struct netns_ipvs
pointers.  With a handful of other minor cleanups (like removing skb_net).

The changes are also available against nf-next at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/net-next.git master

My entire pending set of changes for those who want to look ahead is at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/net-next.git for-testing

Eric

Eric W. Biederman (84):
  ipvs: Hoist computation of ipvs earlier in sctp_conn_schedule
  ipvs: Don't use current in proc_do_defense_mode
  ipvs: Use state->net in the ipvs forward functions
  ipvs: Store ipvs not net in struct ip_vs_conn
  ipvs: Store ipvs not net in struct ip_vs_conn_param
  ipvs: Pass ipvs not net to ip_vs_fill_conn
  ipvs: Store ipvs not net in struct ip_vs_service
  ipvs: Pass ipvs not net to ip_vs_svc_fwm_hashkey
  ipvs: Pass ipvs not net to __ip_vs_svc_fwm_find
  ipvs: Pass ipvs not net to ip_vs_svc_hashkey
  ipvs: Pass ipvs not net to __ip_vs_service_find
  ipvs: Pass ipvs not net to ipvs_service_find
  ipvs: Pass ipvs not net to ip_vs_has_real_service
  ipvs: Pass ipvs not net to ip_vs_find_dest
  ipvs: Pass ipvs not net to ip_vs_trash_cleanup
  ipvs: Pass ipvs not net to __ip_vs_del_dest
  ipvs: Pass ipvs not net to ip_vs_dest_trash_expire
  ipvs: Cache ipvs in ip_vs_genl_set_cmd
  ipvs: Pass ipvs not net to ip_vs_add_service
  ipvs: Pass ipvs not net to ip_vs_flush
  ipvs: Pass ipvs not net to ip_vs_service_net_cleanup
  ipvs: Pass ipvs not net to ip_vs_zero_all
  ipvs: Cache ipvs in ip_vs_in_icmp and ip_vs_in_icmp_v6
  ipvs: Pass ipvs not net to ip_vs_proto_data_get
  ipvs: Pass ipvs not net to ip_vs_set_timeout
  ipvs: Pass ipvs not net to __ip_vs_get_servie_entries
  ipvs: Pass ipvs not net to __ip_vs_get_dest_entries
  ipvs: Pass ipvs not net to __ip_vs_get_timeouts
  ipvs: Pass ipvs not net to ip_vs_genl_parse_service
  ipvs: Pass ipvs not net to ip_vs_genl_find_service
  ipvs: Pass ipvs not net to ip_vs_genl_new_daemon
  ipvs: Pass ipvs not net to ip_vs_genl_del_daemon
  ipvs: Pass ipvs not net to start_sync_thread
  ipvs: Pass ipvs not net to stop_sync_thread
  ipvs: Pass ipvs not net to make_send_sock
  ipvs: Pass ipvs not net to make_receive_sock
  ipvs: Store ipvs not net in struct ip_vs_sync_thread_data
  ipvs: Pass ipvs not net to ip_vs_process_message
  ipvs: Pass ipvs not net to ip_vs_sync_conn_v0
  ipvs: Pass ipvs not net to ip_vs_sync_conn
  ipvs: Pass ipvs not net to ip_vs_proc_conn
  ipvs: Pass ipvs not net to ip_vs_proc_sync_conn
  ipvs: Pass ipvs not net to ip_vs_sync_net_init
  ipvs: Pass ipvs not net to ip_vs_sync_net_cleanup
  ipvs: Pass ipvs not net to ip_vs_genl_set_config
  ipvs: Pass ipvs not net to ip_vs_start_estimator aned ip_vs_stop_estimator
  ipvs: Pass 

Re: [PATCH 00/15] RDS: connection scalability and performance improvements

[Sagi Grimberg]

On 9/20/2015 2:04 AM, Santosh Shilimkar wrote:

This series addresses RDS connection bottlenecks on massive workloads and
improve the RDMA performance almost by 3X. RDS TCP also gets a small gain
of about 12%.

RDS is being used in massive systems with high scalability where several
hundred thousand end points and tens of thousands of local processes
are operating in tens of thousand sockets. Being RC(reliable connection),
socket bind and release happens very often and any inefficiencies in
bind hash look ups hurts the overall system performance. RDS bin hash-table
uses global spin-lock which is the biggest bottleneck. To make matter worst,
it uses rcu inside global lock for hash buckets.
This is being addressed by simply using per bucket rw lock which makes the
locking simple and very efficient. The hash table size is also scaled up
accordingly.

For RDS RDMA improvement, the completion handling is revamped so that we
can do batch completions. Both send and receive completion handlers are
split logically to achieve the same. RDS 8K messages being one of the
key usecase, mr pool is adapted to have the 8K mrs along with default 1M
mrs. And while doing this, few fixes and couple of bottlenecks seen with
rds_sendmsg() are addressed.


Hi Santosh,

I think that can get a more effective code review if you CC the
Linux-rdma mailing list.

Sagi.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 41/84] ipvs: Pass ipvs not net to ip_vs_proc_conn

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_sync.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index a0808f230cd6..98180904ccd2 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -835,7 +835,7 @@ ip_vs_conn_fill_param_sync(struct netns_ipvs *ipvs, int af, 
union ip_vs_sync_con
  *  Param: ...
  * timeout is in sec.
  */
-static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param,
+static void ip_vs_proc_conn(struct netns_ipvs *ipvs, struct ip_vs_conn_param 
*param,
unsigned int flags, unsigned int state,
unsigned int protocol, unsigned int type,
const union nf_inet_addr *daddr, __be16 dport,
@@ -844,7 +844,6 @@ static void ip_vs_proc_conn(struct net *net, struct 
ip_vs_conn_param *param,
 {
struct ip_vs_dest *dest;
struct ip_vs_conn *cp;
-   struct netns_ipvs *ipvs = net_ipvs(net);
 
if (!(flags & IP_VS_CONN_F_TEMPLATE)) {
cp = ip_vs_conn_in_get(param);
@@ -1014,7 +1013,7 @@ static void ip_vs_process_message_v0(struct netns_ipvs 
*ipvs, const char *buffer
  s->vport, );
 
/* Send timeout as Zero */
-   ip_vs_proc_conn(ipvs->net, , flags, state, s->protocol, 
AF_INET,
+   ip_vs_proc_conn(ipvs, , flags, state, s->protocol, 
AF_INET,
(union nf_inet_addr *)>daddr, s->dport,
0, 0, opt);
}
@@ -1067,6 +1066,7 @@ static int ip_vs_proc_str(__u8 *p, unsigned int plen, 
unsigned int *data_len,
  */
 static inline int ip_vs_proc_sync_conn(struct net *net, __u8 *p, __u8 *msg_end)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_sync_conn_options opt;
union  ip_vs_sync_conn *s;
struct ip_vs_protocol *pp;
@@ -1169,21 +1169,21 @@ static inline int ip_vs_proc_sync_conn(struct net *net, 
__u8 *p, __u8 *msg_end)
state = 0;
}
}
-   if (ip_vs_conn_fill_param_sync(net_ipvs(net), af, s, , pe_data,
+   if (ip_vs_conn_fill_param_sync(ipvs, af, s, , pe_data,
   pe_data_len, pe_name, pe_name_len)) {
retc = 50;
goto out;
}
/* If only IPv4, just silent skip IPv6 */
if (af == AF_INET)
-   ip_vs_proc_conn(net, , flags, state, s->v4.protocol, af,
+   ip_vs_proc_conn(ipvs, , flags, state, s->v4.protocol, af,
(union nf_inet_addr *)>v4.daddr, s->v4.dport,
ntohl(s->v4.timeout), ntohl(s->v4.fwmark),
(opt_flags & IPVS_OPT_F_SEQ_DATA ?  : NULL)
);
 #ifdef CONFIG_IP_VS_IPV6
else
-   ip_vs_proc_conn(net, , flags, state, s->v6.protocol, af,
+   ip_vs_proc_conn(ipvs, , flags, state, s->v6.protocol, af,
(union nf_inet_addr *)>v6.daddr, s->v6.dport,
ntohl(s->v6.timeout), ntohl(s->v6.fwmark),
(opt_flags & IPVS_OPT_F_SEQ_DATA ?  : NULL)
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 52/84] ipvs: Pass ipvs not net into register_app and unregister_app

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h   | 4 ++--
 net/netfilter/ipvs/ip_vs_app.c| 6 --
 net/netfilter/ipvs/ip_vs_proto_sctp.c | 7 +++
 net/netfilter/ipvs/ip_vs_proto_tcp.c  | 7 +++
 net/netfilter/ipvs/ip_vs_proto_udp.c  | 7 +++
 5 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 02734eaae679..a7275ae18b96 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -517,9 +517,9 @@ struct ip_vs_protocol {
 const struct sk_buff *skb,
 struct ip_vs_proto_data *pd);
 
-   int (*register_app)(struct net *net, struct ip_vs_app *inc);
+   int (*register_app)(struct netns_ipvs *ipvs, struct ip_vs_app *inc);
 
-   void (*unregister_app)(struct net *net, struct ip_vs_app *inc);
+   void (*unregister_app)(struct netns_ipvs *ipvs, struct ip_vs_app *inc);
 
int (*app_conn_bind)(struct ip_vs_conn *cp);
 
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index dfd7b65b3d2a..f20f72c4ac80 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -78,6 +78,7 @@ static int
 ip_vs_app_inc_new(struct net *net, struct ip_vs_app *app, __u16 proto,
  __u16 port)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_protocol *pp;
struct ip_vs_app *inc;
int ret;
@@ -107,7 +108,7 @@ ip_vs_app_inc_new(struct net *net, struct ip_vs_app *app, 
__u16 proto,
}
}
 
-   ret = pp->register_app(net, inc);
+   ret = pp->register_app(ipvs, inc);
if (ret)
goto out;
 
@@ -129,13 +130,14 @@ ip_vs_app_inc_new(struct net *net, struct ip_vs_app *app, 
__u16 proto,
 static void
 ip_vs_app_inc_release(struct net *net, struct ip_vs_app *inc)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_protocol *pp;
 
if (!(pp = ip_vs_proto_get(inc->protocol)))
return;
 
if (pp->unregister_app)
-   pp->unregister_app(net, inc);
+   pp->unregister_app(ipvs, inc);
 
IP_VS_DBG(9, "%s App %s:%u unregistered\n",
  pp->name, inc->name, ntohs(inc->port));
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c 
b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 8f39e0266ade..345fc7485f2e 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -487,13 +487,12 @@ static inline __u16 sctp_app_hashkey(__be16 port)
& SCTP_APP_TAB_MASK;
 }
 
-static int sctp_register_app(struct net *net, struct ip_vs_app *inc)
+static int sctp_register_app(struct netns_ipvs *ipvs, struct ip_vs_app *inc)
 {
struct ip_vs_app *i;
__u16 hash;
__be16 port = inc->port;
int ret = 0;
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_proto_data *pd = ip_vs_proto_data_get(ipvs, IPPROTO_SCTP);
 
hash = sctp_app_hashkey(port);
@@ -511,9 +510,9 @@ out:
return ret;
 }
 
-static void sctp_unregister_app(struct net *net, struct ip_vs_app *inc)
+static void sctp_unregister_app(struct netns_ipvs *ipvs, struct ip_vs_app *inc)
 {
-   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(net_ipvs(net), 
IPPROTO_SCTP);
+   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(ipvs, IPPROTO_SCTP);
 
atomic_dec(>appcnt);
list_del_rcu(>p_list);
diff --git a/net/netfilter/ipvs/ip_vs_proto_tcp.c 
b/net/netfilter/ipvs/ip_vs_proto_tcp.c
index 975aa69eec9c..94bea31ec388 100644
--- a/net/netfilter/ipvs/ip_vs_proto_tcp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_tcp.c
@@ -595,13 +595,12 @@ static inline __u16 tcp_app_hashkey(__be16 port)
 }
 
 
-static int tcp_register_app(struct net *net, struct ip_vs_app *inc)
+static int tcp_register_app(struct netns_ipvs *ipvs, struct ip_vs_app *inc)
 {
struct ip_vs_app *i;
__u16 hash;
__be16 port = inc->port;
int ret = 0;
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_proto_data *pd = ip_vs_proto_data_get(ipvs, IPPROTO_TCP);
 
hash = tcp_app_hashkey(port);
@@ -621,9 +620,9 @@ static int tcp_register_app(struct net *net, struct 
ip_vs_app *inc)
 
 
 static void
-tcp_unregister_app(struct net *net, struct ip_vs_app *inc)
+tcp_unregister_app(struct netns_ipvs *ipvs, struct ip_vs_app *inc)
 {
-   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(net_ipvs(net), 
IPPROTO_TCP);
+   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(ipvs, IPPROTO_TCP);
 
atomic_dec(>appcnt);
list_del_rcu(>p_list);
diff --git a/net/netfilter/ipvs/ip_vs_proto_udp.c 
b/net/netfilter/ipvs/ip_vs_proto_udp.c
index 1baa7494446a..234521ec9703 100644
--- a/net/netfilter/ipvs/ip_vs_proto_udp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_udp.c
@@ -365,13 +365,12 @@ static inline __u16 udp_app_hashkey(__be16 port)
 }
 
 

[PATCH next 11/84] ipvs: Pass ipvs not net to __ip_vs_service_find

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 17 -
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 3911cf03fef9..9a56256502b6 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -357,10 +357,9 @@ static int ip_vs_svc_unhash(struct ip_vs_service *svc)
  * Get service by {netns, proto,addr,port} in the service table.
  */
 static inline struct ip_vs_service *
-__ip_vs_service_find(struct net *net, int af, __u16 protocol,
+__ip_vs_service_find(struct netns_ipvs *ipvs, int af, __u16 protocol,
 const union nf_inet_addr *vaddr, __be16 vport)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
unsigned int hash;
struct ip_vs_service *svc;
 
@@ -426,7 +425,7 @@ ip_vs_service_find(struct net *net, int af, __u32 fwmark, 
__u16 protocol,
 *  Check the table hashed by 
 *  for "full" addressed entries
 */
-   svc = __ip_vs_service_find(net, af, protocol, vaddr, vport);
+   svc = __ip_vs_service_find(ipvs, af, protocol, vaddr, vport);
 
if (svc == NULL
&& protocol == IPPROTO_TCP
@@ -436,7 +435,7 @@ ip_vs_service_find(struct net *net, int af, __u32 fwmark, 
__u16 protocol,
 * Check if ftp service entry exists, the packet
 * might belong to FTP data connections.
 */
-   svc = __ip_vs_service_find(net, af, protocol, vaddr, FTPPORT);
+   svc = __ip_vs_service_find(ipvs, af, protocol, vaddr, FTPPORT);
}
 
if (svc == NULL
@@ -444,7 +443,7 @@ ip_vs_service_find(struct net *net, int af, __u32 fwmark, 
__u16 protocol,
/*
 * Check if the catch-all port (port zero) exists
 */
-   svc = __ip_vs_service_find(net, af, protocol, vaddr, 0);
+   svc = __ip_vs_service_find(ipvs, af, protocol, vaddr, 0);
}
 
   out:
@@ -2411,7 +2410,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
/* Lookup the exact service by  or fwmark */
rcu_read_lock();
if (usvc.fwmark == 0)
-   svc = __ip_vs_service_find(net, usvc.af, usvc.protocol,
+   svc = __ip_vs_service_find(ipvs, usvc.af, usvc.protocol,
   , usvc.port);
else
svc = __ip_vs_svc_fwm_find(ipvs, usvc.af, usvc.fwmark);
@@ -2551,7 +2550,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct 
ip_vs_get_dests *get,
if (get->fwmark)
svc = __ip_vs_svc_fwm_find(ipvs, AF_INET, get->fwmark);
else
-   svc = __ip_vs_service_find(net, AF_INET, get->protocol, ,
+   svc = __ip_vs_service_find(ipvs, AF_INET, get->protocol, ,
   get->port);
rcu_read_unlock();
 
@@ -2745,7 +2744,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user 
*user, int *len)
if (entry->fwmark)
svc = __ip_vs_svc_fwm_find(ipvs, AF_INET, 
entry->fwmark);
else
-   svc = __ip_vs_service_find(net, AF_INET,
+   svc = __ip_vs_service_find(ipvs, AF_INET,
   entry->protocol, ,
   entry->port);
rcu_read_unlock();
@@ -3094,7 +3093,7 @@ static int ip_vs_genl_parse_service(struct net *net,
if (usvc->fwmark)
svc = __ip_vs_svc_fwm_find(ipvs, usvc->af, usvc->fwmark);
else
-   svc = __ip_vs_service_find(net, usvc->af, usvc->protocol,
+   svc = __ip_vs_service_find(ipvs, usvc->af, usvc->protocol,
   >addr, usvc->port);
rcu_read_unlock();
*ret_svc = svc;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 75/84] ipvs: Pass ipvs into ip_vs_out

[Eric W. Biederman]

Derive ipvs from state->net in the callers of ip_vs_out and pass it
into ip_vs_out.  Removing the need to use the hack skb_net.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 15 ++-
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index b25fb3309472..07a4ddca650d 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1173,10 +1173,9 @@ drop:
  * Check if outgoing packet belongs to the established ip_vs_conn.
  */
 static unsigned int
-ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int af)
+ip_vs_out(struct netns_ipvs *ipvs, unsigned int hooknum, struct sk_buff *skb, 
int af)
 {
-   struct net *net = NULL;
-   struct netns_ipvs *ipvs;
+   struct net *net = ipvs->net;
struct ip_vs_iphdr iph;
struct ip_vs_protocol *pp;
struct ip_vs_proto_data *pd;
@@ -1201,8 +1200,6 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int 
af)
if (unlikely(!skb_dst(skb)))
return NF_ACCEPT;
 
-   net = skb_net(skb);
-   ipvs = net_ipvs(net);
if (!ipvs->enable)
return NF_ACCEPT;
 
@@ -1306,7 +1303,7 @@ static unsigned int
 ip_vs_reply4(void *priv, struct sk_buff *skb,
 const struct nf_hook_state *state)
 {
-   return ip_vs_out(state->hook, skb, AF_INET);
+   return ip_vs_out(net_ipvs(state->net), state->hook, skb, AF_INET);
 }
 
 /*
@@ -1317,7 +1314,7 @@ static unsigned int
 ip_vs_local_reply4(void *priv, struct sk_buff *skb,
   const struct nf_hook_state *state)
 {
-   return ip_vs_out(state->hook, skb, AF_INET);
+   return ip_vs_out(net_ipvs(state->net), state->hook, skb, AF_INET);
 }
 
 #ifdef CONFIG_IP_VS_IPV6
@@ -1331,7 +1328,7 @@ static unsigned int
 ip_vs_reply6(void *priv, struct sk_buff *skb,
 const struct nf_hook_state *state)
 {
-   return ip_vs_out(state->hook, skb, AF_INET6);
+   return ip_vs_out(net_ipvs(state->net), state->hook, skb, AF_INET6);
 }
 
 /*
@@ -1342,7 +1339,7 @@ static unsigned int
 ip_vs_local_reply6(void *priv, struct sk_buff *skb,
   const struct nf_hook_state *state)
 {
-   return ip_vs_out(state->hook, skb, AF_INET6);
+   return ip_vs_out(net_ipvs(state->net), state->hook, skb, AF_INET6);
 }
 
 #endif
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 26/84] ipvs: Pass ipvs not net to __ip_vs_get_servie_entries

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 81eb3ed4ce90..9c307a822962 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2477,11 +2477,10 @@ ip_vs_copy_service(struct ip_vs_service_entry *dst, 
struct ip_vs_service *src)
 }
 
 static inline int
-__ip_vs_get_service_entries(struct net *net,
+__ip_vs_get_service_entries(struct netns_ipvs *ipvs,
const struct ip_vs_get_services *get,
struct ip_vs_get_services __user *uptr)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
int idx, count=0;
struct ip_vs_service *svc;
struct ip_vs_service_entry entry;
@@ -2720,7 +2719,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user 
*user, int *len)
ret = -EINVAL;
goto out;
}
-   ret = __ip_vs_get_service_entries(net, get, user);
+   ret = __ip_vs_get_service_entries(ipvs, get, user);
}
break;
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 68/84] ipvs: Pass ipvs into __ip_vs_get_out_rt

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_xmit.c | 15 ---
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index ec10ebf246fd..5cfd914d9a39 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -257,11 +257,12 @@ static inline bool ensure_mtu_is_adequate(int skb_af, int 
rt_mode,
 
 /* Get route to destination or remote server */
 static int
-__ip_vs_get_out_rt(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
+__ip_vs_get_out_rt(struct netns_ipvs *ipvs, int skb_af, struct sk_buff *skb,
+  struct ip_vs_dest *dest,
   __be32 daddr, int rt_mode, __be32 *ret_saddr,
   struct ip_vs_iphdr *ipvsh)
 {
-   struct net *net = dev_net(skb_dst(skb)->dev);
+   struct net *net = ipvs->net;
struct ip_vs_dest_dst *dest_dst;
struct rtable *rt;  /* Route to the other host */
int mtu;
@@ -630,7 +631,7 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn 
*cp,
EnterFunction(10);
 
rcu_read_lock();
-   if (__ip_vs_get_out_rt(cp->af, skb, NULL, iph->daddr,
+   if (__ip_vs_get_out_rt(cp->ipvs, cp->af, skb, NULL, iph->daddr,
   IP_VS_RT_MODE_NON_LOCAL, NULL, ipvsh) < 0)
goto tx_error;
 
@@ -709,7 +710,7 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
}
 
was_input = rt_is_input_route(skb_rtable(skb));
-   local = __ip_vs_get_out_rt(cp->af, skb, cp->dest, cp->daddr.ip,
+   local = __ip_vs_get_out_rt(cp->ipvs, cp->af, skb, cp->dest, 
cp->daddr.ip,
   IP_VS_RT_MODE_LOCAL |
   IP_VS_RT_MODE_NON_LOCAL |
   IP_VS_RT_MODE_RDR, NULL, ipvsh);
@@ -988,7 +989,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn 
*cp,
EnterFunction(10);
 
rcu_read_lock();
-   local = __ip_vs_get_out_rt(cp->af, skb, cp->dest, cp->daddr.ip,
+   local = __ip_vs_get_out_rt(ipvs, cp->af, skb, cp->dest, cp->daddr.ip,
   IP_VS_RT_MODE_LOCAL |
   IP_VS_RT_MODE_NON_LOCAL |
   IP_VS_RT_MODE_CONNECT |
@@ -1169,7 +1170,7 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
EnterFunction(10);
 
rcu_read_lock();
-   local = __ip_vs_get_out_rt(cp->af, skb, cp->dest, cp->daddr.ip,
+   local = __ip_vs_get_out_rt(cp->ipvs, cp->af, skb, cp->dest, 
cp->daddr.ip,
   IP_VS_RT_MODE_LOCAL |
   IP_VS_RT_MODE_NON_LOCAL |
   IP_VS_RT_MODE_KNOWN_NH, NULL, ipvsh);
@@ -1277,7 +1278,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn 
*cp,
  IP_VS_RT_MODE_LOCAL | IP_VS_RT_MODE_NON_LOCAL |
  IP_VS_RT_MODE_RDR : IP_VS_RT_MODE_NON_LOCAL;
rcu_read_lock();
-   local = __ip_vs_get_out_rt(cp->af, skb, cp->dest, cp->daddr.ip, rt_mode,
+   local = __ip_vs_get_out_rt(cp->ipvs, cp->af, skb, cp->dest, 
cp->daddr.ip, rt_mode,
   NULL, iph);
if (local < 0)
goto tx_error;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 45/84] ipvs: Pass ipvs not net to ip_vs_genl_set_config

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 85a2f2699a18..851bd121ed94 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3453,9 +3453,8 @@ static int ip_vs_genl_del_daemon(struct netns_ipvs *ipvs, 
struct nlattr **attrs)
return ret;
 }
 
-static int ip_vs_genl_set_config(struct net *net, struct nlattr **attrs)
+static int ip_vs_genl_set_config(struct netns_ipvs *ipvs, struct nlattr 
**attrs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_timeout_user t;
 
__ip_vs_get_timeouts(ipvs, );
@@ -3522,7 +3521,7 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct 
genl_info *info)
ret = ip_vs_flush(ipvs, false);
goto out;
} else if (cmd == IPVS_CMD_SET_CONFIG) {
-   ret = ip_vs_genl_set_config(net, info->attrs);
+   ret = ip_vs_genl_set_config(ipvs, info->attrs);
goto out;
} else if (cmd == IPVS_CMD_ZERO &&
   !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 14/84] ipvs: Pass ipvs not net to ip_vs_find_dest

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 2 +-
 net/netfilter/ipvs/ip_vs_conn.c | 2 +-
 net/netfilter/ipvs/ip_vs_ctl.c  | 4 ++--
 net/netfilter/ipvs/ip_vs_sync.c | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index b93ee28fb011..b54a19eaa630 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1423,7 +1423,7 @@ void ip_vs_unregister_nl_ioctl(void);
 int ip_vs_control_init(void);
 void ip_vs_control_cleanup(void);
 struct ip_vs_dest *
-ip_vs_find_dest(struct net *net, int svc_af, int dest_af,
+ip_vs_find_dest(struct netns_ipvs *ipvs, int svc_af, int dest_af,
const union nf_inet_addr *daddr, __be16 dport,
const union nf_inet_addr *vaddr, __be16 vport,
__u16 protocol, __u32 fwmark, __u32 flags);
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index afc7a7558434..fff4011ea47f 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -638,7 +638,7 @@ void ip_vs_try_bind_dest(struct ip_vs_conn *cp)
 * so we can make the assumption that the svc_af is the same as the
 * dest_af
 */
-   dest = ip_vs_find_dest(cp->ipvs->net, cp->af, cp->af, >daddr,
+   dest = ip_vs_find_dest(cp->ipvs, cp->af, cp->af, >daddr,
   cp->dport, >vaddr, cp->vport,
   cp->protocol, cp->fwmark, cp->flags);
if (dest) {
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index c2f4694f626f..186e49c111f3 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -599,7 +599,7 @@ ip_vs_lookup_dest(struct ip_vs_service *svc, int dest_af,
  * on the backup.
  * Called under RCU lock, no refcnt is returned.
  */
-struct ip_vs_dest *ip_vs_find_dest(struct net  *net, int svc_af, int dest_af,
+struct ip_vs_dest *ip_vs_find_dest(struct netns_ipvs *ipvs, int svc_af, int 
dest_af,
   const union nf_inet_addr *daddr,
   __be16 dport,
   const union nf_inet_addr *vaddr,
@@ -610,7 +610,7 @@ struct ip_vs_dest *ip_vs_find_dest(struct net  *net, int 
svc_af, int dest_af,
struct ip_vs_service *svc;
__be16 port = dport;
 
-   svc = ip_vs_service_find(net_ipvs(net), svc_af, fwmark, protocol, 
vaddr, vport);
+   svc = ip_vs_service_find(ipvs, svc_af, fwmark, protocol, vaddr, vport);
if (!svc)
return NULL;
if (fwmark && (flags & IP_VS_CONN_F_FWD_MASK) != IP_VS_CONN_F_MASQ)
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index f8bc2027a6c4..9a49c3899f2e 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -904,7 +904,7 @@ static void ip_vs_proc_conn(struct net *net, struct 
ip_vs_conn_param *param,
 * with synchronization, so we can make the assumption that
 * the svc_af is the same as the dest_af
 */
-   dest = ip_vs_find_dest(net, type, type, daddr, dport,
+   dest = ip_vs_find_dest(ipvs, type, type, daddr, dport,
   param->vaddr, param->vport, protocol,
   fwmark, flags);
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 24/84] ipvs: Pass ipvs not net to ip_vs_proto_data_get

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h   |  2 +-
 net/netfilter/ipvs/ip_vs_conn.c   |  4 ++--
 net/netfilter/ipvs/ip_vs_core.c   |  8 
 net/netfilter/ipvs/ip_vs_ctl.c| 12 +++-
 net/netfilter/ipvs/ip_vs_proto.c  | 12 ++--
 net/netfilter/ipvs/ip_vs_proto_sctp.c |  4 ++--
 net/netfilter/ipvs/ip_vs_proto_tcp.c  |  6 +++---
 net/netfilter/ipvs/ip_vs_proto_udp.c  |  4 ++--
 net/netfilter/ipvs/ip_vs_sync.c   |  2 +-
 9 files changed, 24 insertions(+), 30 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 3c7040a313b5..3c077e8a038c 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -541,7 +541,7 @@ struct ip_vs_proto_data {
 };
 
 struct ip_vs_protocol   *ip_vs_proto_get(unsigned short proto);
-struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net,
+struct ip_vs_proto_data *ip_vs_proto_data_get(struct netns_ipvs *ipvs,
  unsigned short proto);
 
 struct ip_vs_conn_param {
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index fff4011ea47f..f54e9afdf4dd 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -668,7 +668,7 @@ void ip_vs_try_bind_dest(struct ip_vs_conn *cp)
 #endif
ip_vs_bind_xmit(cp);
 
-   pd = ip_vs_proto_data_get(cp->ipvs->net, cp->protocol);
+   pd = ip_vs_proto_data_get(cp->ipvs, cp->protocol);
if (pd && atomic_read(>appcnt))
ip_vs_bind_app(cp, pd->pp);
}
@@ -876,7 +876,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, int 
dest_af,
 {
struct ip_vs_conn *cp;
struct netns_ipvs *ipvs = p->ipvs;
-   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(p->ipvs->net,
+   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(p->ipvs,
   p->protocol);
 
cp = kmem_cache_alloc(ip_vs_conn_cachep, GFP_ATOMIC);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 77dcd3ed27de..2e96500c6f3f 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1237,7 +1237,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int 
af)
return verdict;
}
 
-   pd = ip_vs_proto_data_get(net, iph.protocol);
+   pd = ip_vs_proto_data_get(ipvs, iph.protocol);
if (unlikely(!pd))
return NF_ACCEPT;
pp = pd->pp;
@@ -1470,7 +1470,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned 
int hooknum)
ipip = true;
}
 
-   pd = ip_vs_proto_data_get(net, cih->protocol);
+   pd = ip_vs_proto_data_get(ipvs, cih->protocol);
if (!pd)
return NF_ACCEPT;
pp = pd->pp;
@@ -1633,7 +1633,7 @@ static int ip_vs_in_icmp_v6(struct sk_buff *skb, int 
*related,
 
net = skb_net(skb);
ipvs = net_ipvs(net);
-   pd = ip_vs_proto_data_get(net, ciph.protocol);
+   pd = ip_vs_proto_data_get(ipvs, ciph.protocol);
if (!pd)
return NF_ACCEPT;
pp = pd->pp;
@@ -1765,7 +1765,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int 
af)
}
 
/* Protocol supported? */
-   pd = ip_vs_proto_data_get(net, iph.protocol);
+   pd = ip_vs_proto_data_get(ipvs, iph.protocol);
if (unlikely(!pd)) {
/* The only way we'll see this packet again is if it's
 * encapsulated, so mark it with ipvs_property=1 so we
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 591f528e4ed6..b9426a5fb667 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2205,6 +2205,7 @@ static const struct file_operations 
ip_vs_stats_percpu_fops = {
 static int ip_vs_set_timeout(struct net *net, struct ip_vs_timeout_user *u)
 {
 #if defined(CONFIG_IP_VS_PROTO_TCP) || defined(CONFIG_IP_VS_PROTO_UDP)
+   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_proto_data *pd;
 #endif
 
@@ -2215,13 +2216,13 @@ static int ip_vs_set_timeout(struct net *net, struct 
ip_vs_timeout_user *u)
 
 #ifdef CONFIG_IP_VS_PROTO_TCP
if (u->tcp_timeout) {
-   pd = ip_vs_proto_data_get(net, IPPROTO_TCP);
+   pd = ip_vs_proto_data_get(ipvs, IPPROTO_TCP);
pd->timeout_table[IP_VS_TCP_S_ESTABLISHED]
= u->tcp_timeout * HZ;
}
 
if (u->tcp_fin_timeout) {
-   pd = ip_vs_proto_data_get(net, IPPROTO_TCP);
+   pd = ip_vs_proto_data_get(ipvs, IPPROTO_TCP);
pd->timeout_table[IP_VS_TCP_S_FIN_WAIT]
= u->tcp_fin_timeout * HZ;
}
@@ -2229,7 +2230,7 @@ static int ip_vs_set_timeout(struct net *net, struct 
ip_vs_timeout_user *u)
 
 #ifdef 

[PATCH next 53/84] ipvs: Pass ipvs not net into ip_vs_app_inc_new

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_app.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index f20f72c4ac80..951516b7783b 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -75,10 +75,9 @@ static void ip_vs_app_inc_rcu_free(struct rcu_head *head)
  * Allocate/initialize app incarnation and register it in proto apps.
  */
 static int
-ip_vs_app_inc_new(struct net *net, struct ip_vs_app *app, __u16 proto,
+ip_vs_app_inc_new(struct netns_ipvs *ipvs, struct ip_vs_app *app, __u16 proto,
  __u16 port)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_protocol *pp;
struct ip_vs_app *inc;
int ret;
@@ -180,11 +179,12 @@ int
 register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app, __u16 proto,
   __u16 port)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
int result;
 
mutex_lock(&__ip_vs_app_mutex);
 
-   result = ip_vs_app_inc_new(net, app, proto, port);
+   result = ip_vs_app_inc_new(ipvs, app, proto, port);
 
mutex_unlock(&__ip_vs_app_mutex);
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 55/84] ipvs: Pass ipvs not net to register_ip_vs_app and unregister_ip_vs_app

[Eric W. Biederman]

Also move the tests for net_ipvs being NULL into __ip_vs_ftp_init
and __ip_vs_ftp_exit.  The only places where they possibly make
sense.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h|  4 ++--
 net/netfilter/ipvs/ip_vs_app.c | 16 +---
 net/netfilter/ipvs/ip_vs_ftp.c |  9 ++---
 3 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index c06bad39958d..5caafed5af2e 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1341,8 +1341,8 @@ void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs);
  * (from ip_vs_app.c)
  */
 #define IP_VS_APP_MAX_PORTS  8
-struct ip_vs_app *register_ip_vs_app(struct net *net, struct ip_vs_app *app);
-void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
+struct ip_vs_app *register_ip_vs_app(struct netns_ipvs *ipvs, struct ip_vs_app 
*app);
+void unregister_ip_vs_app(struct netns_ipvs *ipvs, struct ip_vs_app *app);
 int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 void ip_vs_unbind_app(struct ip_vs_conn *cp);
 int register_ip_vs_app_inc(struct netns_ipvs *ipvs, struct ip_vs_app *app, 
__u16 proto,
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index 20cb947a3ddd..4a2daa3976c6 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -192,15 +192,11 @@ register_ip_vs_app_inc(struct netns_ipvs *ipvs, struct 
ip_vs_app *app, __u16 pro
 
 
 /* Register application for netns */
-struct ip_vs_app *register_ip_vs_app(struct net *net, struct ip_vs_app *app)
+struct ip_vs_app *register_ip_vs_app(struct netns_ipvs *ipvs, struct ip_vs_app 
*app)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_app *a;
int err = 0;
 
-   if (!ipvs)
-   return ERR_PTR(-ENOENT);
-
mutex_lock(&__ip_vs_app_mutex);
 
list_for_each_entry(a, >app_list, a_list) {
@@ -231,13 +227,10 @@ out_unlock:
  * We are sure there are no app incarnations attached to services
  * Caller should use synchronize_rcu() or rcu_barrier()
  */
-void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app)
+void unregister_ip_vs_app(struct netns_ipvs *ipvs, struct ip_vs_app *app)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_app *a, *anxt, *inc, *nxt;
-
-   if (!ipvs)
-   return;
+   struct net *net = ipvs->net;
 
mutex_lock(&__ip_vs_app_mutex);
 
@@ -623,6 +616,7 @@ int __net_init ip_vs_app_net_init(struct net *net)
 
 void __net_exit ip_vs_app_net_cleanup(struct net *net)
 {
-   unregister_ip_vs_app(net, NULL /* all */);
+   struct netns_ipvs *ipvs = net_ipvs(net);
+   unregister_ip_vs_app(ipvs, NULL /* all */);
remove_proc_entry("ip_vs_app", net->proc_net);
 }
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index 24bab8e5a507..dd94525eb9e6 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -447,7 +447,7 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
if (!ipvs)
return -ENOENT;
 
-   app = register_ip_vs_app(net, _vs_ftp);
+   app = register_ip_vs_app(ipvs, _vs_ftp);
if (IS_ERR(app))
return PTR_ERR(app);
 
@@ -463,7 +463,7 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
return 0;
 
 err_unreg:
-   unregister_ip_vs_app(net, _vs_ftp);
+   unregister_ip_vs_app(ipvs, _vs_ftp);
return ret;
 }
 /*
@@ -471,7 +471,10 @@ err_unreg:
  */
 static void __ip_vs_ftp_exit(struct net *net)
 {
-   unregister_ip_vs_app(net, _vs_ftp);
+   struct netns_ipvs *ipvs = net_ipvs(net);
+   if (!ipvs)
+   return;
+   unregister_ip_vs_app(ipvs, _vs_ftp);
 }
 
 static struct pernet_operations ip_vs_ftp_ops = {
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 16/84] ipvs: Pass ipvs not net to __ip_vs_del_dest

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 10 --
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index ee2ec40d0f12..4f08611347a2 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1033,12 +1033,10 @@ ip_vs_edit_dest(struct ip_vs_service *svc, struct 
ip_vs_dest_user_kern *udest)
 /*
  * Delete a destination (must be already unlinked from the service)
  */
-static void __ip_vs_del_dest(struct net *net, struct ip_vs_dest *dest,
+static void __ip_vs_del_dest(struct netns_ipvs *ipvs, struct ip_vs_dest *dest,
 bool cleanup)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
-
-   ip_vs_stop_estimator(net, >stats);
+   ip_vs_stop_estimator(ipvs->net, >stats);
 
/*
 *  Remove it from the d-linked list with the real services.
@@ -1117,7 +1115,7 @@ ip_vs_del_dest(struct ip_vs_service *svc, struct 
ip_vs_dest_user_kern *udest)
/*
 *  Delete the destination
 */
-   __ip_vs_del_dest(svc->ipvs->net, dest, false);
+   __ip_vs_del_dest(svc->ipvs, dest, false);
 
LeaveFunction(2);
 
@@ -1402,7 +1400,7 @@ static void __ip_vs_del_service(struct ip_vs_service 
*svc, bool cleanup)
 */
list_for_each_entry_safe(dest, nxt, >destinations, n_list) {
__ip_vs_unlink_dest(svc, dest, 0);
-   __ip_vs_del_dest(svc->ipvs->net, dest, cleanup);
+   __ip_vs_del_dest(svc->ipvs, dest, cleanup);
}
 
/*
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 37/84] ipvs: Store ipvs not net in struct ip_vs_sync_thread_data

[Eric W. Biederman]

In practice struct netns_ipvs is as meaningful as struct net and more
useful as it holds the ipvs specific data.  So store a pointer to
struct netns_ipvs.

Update the accesses of tinfo->net to access tinfo->ipvs->net instead.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_sync.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 304eade977d2..cd32e3ab0c4d 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -193,7 +193,7 @@ union ip_vs_sync_conn {
 #define IPVS_OPT_F_PARAM   (1 << (IPVS_OPT_PARAM-1))
 
 struct ip_vs_sync_thread_data {
-   struct net *net;
+   struct netns_ipvs *ipvs;
struct socket *sock;
char *buf;
int id;
@@ -1685,7 +1685,7 @@ next_sync_buff(struct netns_ipvs *ipvs, struct 
ipvs_master_sync_state *ms)
 static int sync_thread_master(void *data)
 {
struct ip_vs_sync_thread_data *tinfo = data;
-   struct netns_ipvs *ipvs = net_ipvs(tinfo->net);
+   struct netns_ipvs *ipvs = tinfo->ipvs;
struct ipvs_master_sync_state *ms = >ms[tinfo->id];
struct sock *sk = tinfo->sock->sk;
struct ip_vs_sync_buff *sb;
@@ -1741,7 +1741,7 @@ done:
 static int sync_thread_backup(void *data)
 {
struct ip_vs_sync_thread_data *tinfo = data;
-   struct netns_ipvs *ipvs = net_ipvs(tinfo->net);
+   struct netns_ipvs *ipvs = tinfo->ipvs;
int len;
 
pr_info("sync thread started: state = BACKUP, mcast_ifn = %s, "
@@ -1763,7 +1763,7 @@ static int sync_thread_backup(void *data)
break;
}
 
-   ip_vs_process_message(tinfo->net, tinfo->buf, len);
+   ip_vs_process_message(ipvs->net, tinfo->buf, len);
}
}
 
@@ -1880,7 +1880,7 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
tinfo = kmalloc(sizeof(*tinfo), GFP_KERNEL);
if (!tinfo)
goto outsocket;
-   tinfo->net = ipvs->net;
+   tinfo->ipvs = ipvs;
tinfo->sock = sock;
if (state == IP_VS_STATE_BACKUP) {
tinfo->buf = kmalloc(ipvs->bcfg.sync_maxlen,
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 54/84] ipvs: Pass ipvs not net to register_ip_vs_app_inc

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h| 2 +-
 net/netfilter/ipvs/ip_vs_app.c | 3 +--
 net/netfilter/ipvs/ip_vs_ftp.c | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index a7275ae18b96..c06bad39958d 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1345,7 +1345,7 @@ struct ip_vs_app *register_ip_vs_app(struct net *net, 
struct ip_vs_app *app);
 void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
 int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 void ip_vs_unbind_app(struct ip_vs_conn *cp);
-int register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app, __u16 proto,
+int register_ip_vs_app_inc(struct netns_ipvs *ipvs, struct ip_vs_app *app, 
__u16 proto,
   __u16 port);
 int ip_vs_app_inc_get(struct ip_vs_app *inc);
 void ip_vs_app_inc_put(struct ip_vs_app *inc);
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index 951516b7783b..20cb947a3ddd 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -176,10 +176,9 @@ void ip_vs_app_inc_put(struct ip_vs_app *inc)
  * Register an application incarnation in protocol applications
  */
 int
-register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app, __u16 proto,
+register_ip_vs_app_inc(struct netns_ipvs *ipvs, struct ip_vs_app *app, __u16 
proto,
   __u16 port)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
int result;
 
mutex_lock(&__ip_vs_app_mutex);
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index cf0cba956a21..24bab8e5a507 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -454,7 +454,7 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
for (i = 0; i < ports_count; i++) {
if (!ports[i])
continue;
-   ret = register_ip_vs_app_inc(net, app, app->protocol, ports[i]);
+   ret = register_ip_vs_app_inc(ipvs, app, app->protocol, 
ports[i]);
if (ret)
goto err_unreg;
pr_info("%s: loaded support on port[%d] = %d\n",
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 71/84] ipvs: Better derivation of ipvs in ip_vs_in_stats and ip_vs_out_stats

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 514596b7a324..1c9c52349b7c 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -112,7 +112,7 @@ static inline void
 ip_vs_in_stats(struct ip_vs_conn *cp, struct sk_buff *skb)
 {
struct ip_vs_dest *dest = cp->dest;
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
+   struct netns_ipvs *ipvs = cp->ipvs;
 
if (dest && (dest->flags & IP_VS_DEST_F_AVAILABLE)) {
struct ip_vs_cpu_stats *s;
@@ -146,7 +146,7 @@ static inline void
 ip_vs_out_stats(struct ip_vs_conn *cp, struct sk_buff *skb)
 {
struct ip_vs_dest *dest = cp->dest;
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
+   struct netns_ipvs *ipvs = cp->ipvs;
 
if (dest && (dest->flags & IP_VS_DEST_F_AVAILABLE)) {
struct ip_vs_cpu_stats *s;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 79/84] ipvs: Pass ipvs through ip_vs_route_me_harder into sysctl_snat_reroute

[Eric W. Biederman]

This removes the need to use the hack skb_net.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 15 +++
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 9967c9fac7f7..22eae0231cbb 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -651,9 +651,8 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff 
*skb,
 
 #ifdef CONFIG_SYSCTL
 
-static int sysctl_snat_reroute(struct sk_buff *skb)
+static int sysctl_snat_reroute(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
return ipvs->sysctl_snat_reroute;
 }
 
@@ -669,7 +668,7 @@ static int sysctl_expire_nodest_conn(struct netns_ipvs 
*ipvs)
 
 #else
 
-static int sysctl_snat_reroute(struct sk_buff *skb) { return 0; }
+static int sysctl_snat_reroute(struct netns_ipvs *ipvs) { return 0; }
 static int sysctl_nat_icmp_send(struct netns_ipvs *ipvs) { return 0; }
 static int sysctl_expire_nodest_conn(struct netns_ipvs *ipvs) { return 0; }
 
@@ -702,10 +701,10 @@ static inline int ip_vs_gather_frags(struct sk_buff *skb, 
u_int32_t user)
return err;
 }
 
-static int ip_vs_route_me_harder(int af, struct sk_buff *skb,
-unsigned int hooknum)
+static int ip_vs_route_me_harder(struct netns_ipvs *ipvs, int af,
+struct sk_buff *skb, unsigned int hooknum)
 {
-   if (!sysctl_snat_reroute(skb))
+   if (!sysctl_snat_reroute(ipvs))
return 0;
/* Reroute replies only to remote clients (FORWARD and LOCAL_OUT) */
if (NF_INET_LOCAL_IN == hooknum)
@@ -873,7 +872,7 @@ static int handle_response_icmp(int af, struct sk_buff *skb,
 #endif
ip_vs_nat_icmp(skb, pp, cp, 1);
 
-   if (ip_vs_route_me_harder(af, skb, hooknum))
+   if (ip_vs_route_me_harder(cp->ipvs, af, skb, hooknum))
goto out;
 
/* do the statistics and put it back */
@@ -1144,7 +1143,7 @@ handle_response(int af, struct sk_buff *skb, struct 
ip_vs_proto_data *pd,
 * if it came from this machine itself.  So re-compute
 * the routing information.
 */
-   if (ip_vs_route_me_harder(af, skb, hooknum))
+   if (ip_vs_route_me_harder(cp->ipvs, af, skb, hooknum))
goto drop;
 
IP_VS_DBG_PKT(10, af, pp, skb, iph->off, "After SNAT");
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 70/84] ipvs: Pass ipvs into ensure_mtu_is adequate

[Eric W. Biederman]

This allows two different ways for computing/guessing net to be
removed from ensure_mtu_is_adequate.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_xmit.c | 11 +--
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 13a678a63ed5..77182b9750cd 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -212,13 +212,14 @@ static inline void maybe_update_pmtu(int skb_af, struct 
sk_buff *skb, int mtu)
ort->dst.ops->update_pmtu(>dst, sk, NULL, mtu);
 }
 
-static inline bool ensure_mtu_is_adequate(int skb_af, int rt_mode,
+static inline bool ensure_mtu_is_adequate(struct netns_ipvs *ipvs, int skb_af,
+ int rt_mode,
  struct ip_vs_iphdr *ipvsh,
  struct sk_buff *skb, int mtu)
 {
 #ifdef CONFIG_IP_VS_IPV6
if (skb_af == AF_INET6) {
-   struct net *net = dev_net(skb_dst(skb)->dev);
+   struct net *net = ipvs->net;
 
if (unlikely(__mtu_check_toobig_v6(skb, mtu))) {
if (!skb->dev)
@@ -233,8 +234,6 @@ static inline bool ensure_mtu_is_adequate(int skb_af, int 
rt_mode,
} else
 #endif
{
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
-
/* If we're going to tunnel the packet and pmtu discovery
 * is disabled, we'll just fragment it anyway
 */
@@ -338,7 +337,7 @@ __ip_vs_get_out_rt(struct netns_ipvs *ipvs, int skb_af, 
struct sk_buff *skb,
maybe_update_pmtu(skb_af, skb, mtu);
}
 
-   if (!ensure_mtu_is_adequate(skb_af, rt_mode, ipvsh, skb, mtu))
+   if (!ensure_mtu_is_adequate(ipvs, skb_af, rt_mode, ipvsh, skb, mtu))
goto err_put;
 
skb_dst_drop(skb);
@@ -487,7 +486,7 @@ __ip_vs_get_out_rt_v6(struct netns_ipvs *ipvs, int skb_af, 
struct sk_buff *skb,
maybe_update_pmtu(skb_af, skb, mtu);
}
 
-   if (!ensure_mtu_is_adequate(skb_af, rt_mode, ipvsh, skb, mtu))
+   if (!ensure_mtu_is_adequate(ipvs, skb_af, rt_mode, ipvsh, skb, mtu))
goto err_put;
 
skb_dst_drop(skb);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 22/84] ipvs: Pass ipvs not net to ip_vs_zero_all

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index d3407ad866bb..591f528e4ed6 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1576,9 +1576,8 @@ static int ip_vs_zero_service(struct ip_vs_service *svc)
return 0;
 }
 
-static int ip_vs_zero_all(struct net *net)
+static int ip_vs_zero_all(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
int idx;
struct ip_vs_service *svc;
 
@@ -2384,7 +2383,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
if (cmd == IP_VS_SO_SET_ZERO) {
/* if no service address is set, zero counters in all */
if (!usvc.fwmark && !usvc.addr.ip && !usvc.port) {
-   ret = ip_vs_zero_all(net);
+   ret = ip_vs_zero_all(ipvs);
goto out_unlock;
}
}
@@ -3530,7 +3529,7 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct 
genl_info *info)
goto out;
} else if (cmd == IPVS_CMD_ZERO &&
   !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
-   ret = ip_vs_zero_all(net);
+   ret = ip_vs_zero_all(ipvs);
goto out;
}
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 66/84] ipvs: Pass ipvs into .conn_schedule and ip_vs_try_to_schedule

[Eric W. Biederman]

This moves the hack "net_ipvs(skb_net(skb))" up one level where it
will be easier to remove.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h |  3 ++-
 net/netfilter/ipvs/ip_vs_core.c | 11 ++-
 net/netfilter/ipvs/ip_vs_proto_ah_esp.c |  3 ++-
 net/netfilter/ipvs/ip_vs_proto_sctp.c   |  8 ++--
 net/netfilter/ipvs/ip_vs_proto_tcp.c|  8 ++--
 net/netfilter/ipvs/ip_vs_proto_udp.c|  9 +++--
 6 files changed, 17 insertions(+), 25 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 5ad04be64895..c68c2c8ae48a 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -487,7 +487,8 @@ struct ip_vs_protocol {
 
void (*exit_netns)(struct netns_ipvs *ipvs, struct ip_vs_proto_data 
*pd);
 
-   int (*conn_schedule)(int af, struct sk_buff *skb,
+   int (*conn_schedule)(struct netns_ipvs *ipvs,
+int af, struct sk_buff *skb,
 struct ip_vs_proto_data *pd,
 int *verdict, struct ip_vs_conn **cpp,
 struct ip_vs_iphdr *iph);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 9b37fe30dcac..514596b7a324 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1360,7 +1360,8 @@ ip_vs_local_reply6(void *priv, struct sk_buff *skb,
 #endif
 
 static unsigned int
-ip_vs_try_to_schedule(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd,
+ip_vs_try_to_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
+ struct ip_vs_proto_data *pd,
  int *verdict, struct ip_vs_conn **cpp,
  struct ip_vs_iphdr *iph)
 {
@@ -1372,7 +1373,7 @@ ip_vs_try_to_schedule(int af, struct sk_buff *skb, struct 
ip_vs_proto_data *pd,
 */
 
/* Schedule and create new connection entry into cpp */
-   if (!pp->conn_schedule(af, skb, pd, verdict, cpp, iph))
+   if (!pp->conn_schedule(ipvs, af, skb, pd, verdict, cpp, iph))
return 0;
}
 
@@ -1500,7 +1501,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned 
int hooknum)
if (!sysctl_schedule_icmp(ipvs))
return NF_ACCEPT;
 
-   if (!ip_vs_try_to_schedule(AF_INET, skb, pd, , , ))
+   if (!ip_vs_try_to_schedule(ipvs, AF_INET, skb, pd, , , 
))
return v;
new_cp = true;
}
@@ -1658,7 +1659,7 @@ static int ip_vs_in_icmp_v6(struct sk_buff *skb, int 
*related,
if (!sysctl_schedule_icmp(ipvs))
return NF_ACCEPT;
 
-   if (!ip_vs_try_to_schedule(AF_INET6, skb, pd, , , ))
+   if (!ip_vs_try_to_schedule(ipvs, AF_INET6, skb, pd, , , 
))
return v;
 
new_cp = true;
@@ -1799,7 +1800,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int 
af)
if (unlikely(!cp)) {
int v;
 
-   if (!ip_vs_try_to_schedule(af, skb, pd, , , ))
+   if (!ip_vs_try_to_schedule(ipvs, af, skb, pd, , , ))
return v;
}
 
diff --git a/net/netfilter/ipvs/ip_vs_proto_ah_esp.c 
b/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
index e924455de5c0..5320d39976e1 100644
--- a/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
@@ -104,7 +104,8 @@ ah_esp_conn_out_get(struct netns_ipvs *ipvs, int af, const 
struct sk_buff *skb,
 
 
 static int
-ah_esp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd,
+ah_esp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
+struct ip_vs_proto_data *pd,
 int *verdict, struct ip_vs_conn **cpp,
 struct ip_vs_iphdr *iph)
 {
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c 
b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 3e9418ab276a..010ddeec135f 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -9,20 +9,16 @@
 #include 
 
 static int
-sctp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd,
+sctp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
+  struct ip_vs_proto_data *pd,
   int *verdict, struct ip_vs_conn **cpp,
   struct ip_vs_iphdr *iph)
 {
-   struct net *net;
struct ip_vs_service *svc;
-   struct netns_ipvs *ipvs;
sctp_chunkhdr_t _schunkh, *sch;
sctp_sctphdr_t *sh, _sctph;
__be16 _ports[2], *ports = NULL;
 
-   net = skb_net(skb);
-   ipvs = net_ipvs(net);
-
if (likely(!ip_vs_iph_icmp(iph))) {
sh = skb_header_pointer(skb, iph->len, sizeof(_sctph), &_sctph);
if (sh) {
diff --git a/net/netfilter/ipvs/ip_vs_proto_tcp.c 

[PATCH next 51/84] ipvs: Pass ipvs not net to ip_vs_estimator_net_init and ip_vs_estimator_cleanup

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 4 ++--
 net/netfilter/ipvs/ip_vs_core.c | 6 +++---
 net/netfilter/ipvs/ip_vs_est.c  | 8 +++-
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 38c1fca0c1a7..02734eaae679 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1323,7 +1323,7 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct 
ip_vs_conn *ctl_cp)
 }
 
 /* IPVS netns init & cleanup functions */
-int ip_vs_estimator_net_init(struct net *net);
+int ip_vs_estimator_net_init(struct netns_ipvs *ipvs);
 int ip_vs_control_net_init(struct netns_ipvs *ipvs);
 int ip_vs_protocol_net_init(struct net *net);
 int ip_vs_app_net_init(struct net *net);
@@ -1333,7 +1333,7 @@ void ip_vs_conn_net_cleanup(struct net *net);
 void ip_vs_app_net_cleanup(struct net *net);
 void ip_vs_protocol_net_cleanup(struct net *net);
 void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs);
-void ip_vs_estimator_net_cleanup(struct net *net);
+void ip_vs_estimator_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs);
 
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index b5f451f20f52..ec6f022fba6a 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -2072,7 +2072,7 @@ static int __net_init __ip_vs_init(struct net *net)
atomic_inc(_netns_cnt);
net->ipvs = ipvs;
 
-   if (ip_vs_estimator_net_init(net) < 0)
+   if (ip_vs_estimator_net_init(ipvs) < 0)
goto estimator_fail;
 
if (ip_vs_control_net_init(ipvs) < 0)
@@ -2106,7 +2106,7 @@ app_fail:
 protocol_fail:
ip_vs_control_net_cleanup(ipvs);
 control_fail:
-   ip_vs_estimator_net_cleanup(net);
+   ip_vs_estimator_net_cleanup(ipvs);
 estimator_fail:
net->ipvs = NULL;
return -ENOMEM;
@@ -2121,7 +2121,7 @@ static void __net_exit __ip_vs_cleanup(struct net *net)
ip_vs_app_net_cleanup(net);
ip_vs_protocol_net_cleanup(net);
ip_vs_control_net_cleanup(ipvs);
-   ip_vs_estimator_net_cleanup(net);
+   ip_vs_estimator_net_cleanup(ipvs);
IP_VS_DBG(2, "ipvs netns %d released\n", ipvs->gen);
net->ipvs = NULL;
 }
diff --git a/net/netfilter/ipvs/ip_vs_est.c b/net/netfilter/ipvs/ip_vs_est.c
index c86dc456c8f4..457c6c193e13 100644
--- a/net/netfilter/ipvs/ip_vs_est.c
+++ b/net/netfilter/ipvs/ip_vs_est.c
@@ -188,10 +188,8 @@ void ip_vs_read_estimator(struct ip_vs_kstats *dst, struct 
ip_vs_stats *stats)
dst->outbps = (e->outbps + 0xF) >> 5;
 }
 
-int __net_init ip_vs_estimator_net_init(struct net *net)
+int __net_init ip_vs_estimator_net_init(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
-
INIT_LIST_HEAD(>est_list);
spin_lock_init(>est_lock);
setup_timer(>est_timer, estimation_timer, (unsigned long)ipvs);
@@ -199,7 +197,7 @@ int __net_init ip_vs_estimator_net_init(struct net *net)
return 0;
 }
 
-void __net_exit ip_vs_estimator_net_cleanup(struct net *net)
+void __net_exit ip_vs_estimator_net_cleanup(struct netns_ipvs *ipvs)
 {
-   del_timer_sync(_ipvs(net)->est_timer);
+   del_timer_sync(>est_timer);
 }
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 83/84] ipvs: Remove skb_sknet

[Eric W. Biederman]

This function adds no real value and it obscures what the code is doing.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h| 22 --
 net/netfilter/ipvs/ip_vs_ctl.c | 25 ++---
 2 files changed, 10 insertions(+), 37 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index d621330d423c..0816c872b689 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -38,28 +38,6 @@ static inline struct netns_ipvs *net_ipvs(struct net* net)
return net->ipvs;
 }
 
-static inline struct net *skb_sknet(const struct sk_buff *skb)
-{
-#ifdef CONFIG_NET_NS
-#ifdef CONFIG_IP_VS_DEBUG
-   /* Start with the most likely hit */
-   if (likely(skb->sk && sock_net(skb->sk)))
-   return sock_net(skb->sk);
-   WARN(skb->dev, "Maybe skb_net should be used instead in %s() line:%d\n",
-  __func__, __LINE__);
-   if (likely(skb->dev && dev_net(skb->dev)))
-   return dev_net(skb->dev);
-   pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
-   __func__, __LINE__);
-   BUG();
-#else
-   return sock_net(skb->sk);
-#endif
-#else
-   return _net;
-#endif
-}
-
 /* This one needed for single_open_net since net is stored directly in
  * private not as a struct i.e. seq_file_net can't be used.
  */
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index c71c4cbbf3b6..f7386d5b231c 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3002,7 +3002,8 @@ static int ip_vs_genl_dump_services(struct sk_buff *skb,
int idx = 0, i;
int start = cb->args[0];
struct ip_vs_service *svc;
-   struct netns_ipvs *ipvs = net_ipvs(skb_sknet(skb));
+   struct net *net = sock_net(skb->sk);
+   struct netns_ipvs *ipvs = net_ipvs(net);
 
mutex_lock(&__ip_vs_mutex);
for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
@@ -3201,7 +3202,7 @@ static int ip_vs_genl_dump_dests(struct sk_buff *skb,
struct ip_vs_service *svc;
struct ip_vs_dest *dest;
struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1];
-   struct net *net = skb_sknet(skb);
+   struct net *net = sock_net(skb->sk);
struct netns_ipvs *ipvs = net_ipvs(net);
 
mutex_lock(&__ip_vs_mutex);
@@ -3348,7 +3349,7 @@ nla_put_failure:
 static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
   struct netlink_callback *cb)
 {
-   struct net *net = skb_sknet(skb);
+   struct net *net = sock_net(skb->sk);
struct netns_ipvs *ipvs = net_ipvs(net);
 
mutex_lock(>sync_mutex);
@@ -3475,11 +3476,9 @@ static int ip_vs_genl_set_config(struct netns_ipvs 
*ipvs, struct nlattr **attrs)
 static int ip_vs_genl_set_daemon(struct sk_buff *skb, struct genl_info *info)
 {
int ret = -EINVAL, cmd;
-   struct net *net;
-   struct netns_ipvs *ipvs;
+   struct net *net = sock_net(skb->sk);
+   struct netns_ipvs *ipvs = net_ipvs(net);
 
-   net = skb_sknet(skb);
-   ipvs = net_ipvs(net);
cmd = info->genlhdr->cmd;
 
if (cmd == IPVS_CMD_NEW_DAEMON || cmd == IPVS_CMD_DEL_DAEMON) {
@@ -3508,11 +3507,9 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, 
struct genl_info *info)
struct ip_vs_dest_user_kern udest;
int ret = 0, cmd;
int need_full_svc = 0, need_full_dest = 0;
-   struct net *net;
-   struct netns_ipvs *ipvs;
+   struct net *net = sock_net(skb->sk);
+   struct netns_ipvs *ipvs = net_ipvs(net);
 
-   net = skb_sknet(skb);
-   ipvs = net_ipvs(net);
cmd = info->genlhdr->cmd;
 
mutex_lock(&__ip_vs_mutex);
@@ -3632,11 +3629,9 @@ static int ip_vs_genl_get_cmd(struct sk_buff *skb, 
struct genl_info *info)
struct sk_buff *msg;
void *reply;
int ret, cmd, reply_cmd;
-   struct net *net;
-   struct netns_ipvs *ipvs;
+   struct net *net = sock_net(skb->sk);
+   struct netns_ipvs *ipvs = net_ipvs(net);
 
-   net = skb_sknet(skb);
-   ipvs = net_ipvs(net);
cmd = info->genlhdr->cmd;
 
if (cmd == IPVS_CMD_GET_SERVICE)
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 56/84] ipvs: Pass ipvs not net into ip_vs_app_inc_release

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_app.c | 6 ++
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index 4a2daa3976c6..cb1246912f0f 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -127,9 +127,8 @@ ip_vs_app_inc_new(struct netns_ipvs *ipvs, struct ip_vs_app 
*app, __u16 proto,
  * Release app incarnation
  */
 static void
-ip_vs_app_inc_release(struct net *net, struct ip_vs_app *inc)
+ip_vs_app_inc_release(struct netns_ipvs *ipvs, struct ip_vs_app *inc)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_protocol *pp;
 
if (!(pp = ip_vs_proto_get(inc->protocol)))
@@ -230,7 +229,6 @@ out_unlock:
 void unregister_ip_vs_app(struct netns_ipvs *ipvs, struct ip_vs_app *app)
 {
struct ip_vs_app *a, *anxt, *inc, *nxt;
-   struct net *net = ipvs->net;
 
mutex_lock(&__ip_vs_app_mutex);
 
@@ -238,7 +236,7 @@ void unregister_ip_vs_app(struct netns_ipvs *ipvs, struct 
ip_vs_app *app)
if (app && strcmp(app->name, a->name))
continue;
list_for_each_entry_safe(inc, nxt, >incs_list, a_list) {
-   ip_vs_app_inc_release(net, inc);
+   ip_vs_app_inc_release(ipvs, inc);
}
 
list_del(>a_list);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 80/84] ipvs: Remove net argument from ip_vs_tcp_conn_listen

[Eric W. Biederman]

The argument is unnecessary and in practice confusing,
and has caused the callers to do all manner of silly things.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h  | 2 +-
 net/netfilter/ipvs/ip_vs_ftp.c   | 8 ++--
 net/netfilter/ipvs/ip_vs_proto_tcp.c | 4 ++--
 3 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index dacd873e8bb9..f0a39ce3bf0e 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1271,7 +1271,7 @@ void ip_vs_conn_expire_now(struct ip_vs_conn *cp);
 
 const char *ip_vs_state_name(__u16 proto, int state);
 
-void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp);
+void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp);
 int ip_vs_check_template(struct ip_vs_conn *ct);
 void ip_vs_random_dropentry(struct netns_ipvs *ipvs);
 int ip_vs_conn_init(void);
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index dd94525eb9e6..0733f36732b4 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -181,7 +181,6 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct 
ip_vs_conn *cp,
int ret = 0;
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;
-   struct net *net;
 
*diff = 0;
 
@@ -289,9 +288,8 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct 
ip_vs_conn *cp,
 * would be adjusted twice.
 */
 
-   net = skb_net(skb);
cp->app_data = NULL;
-   ip_vs_tcp_conn_listen(net, n_cp);
+   ip_vs_tcp_conn_listen(n_cp);
ip_vs_conn_put(n_cp);
return ret;
}
@@ -320,7 +318,6 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct 
ip_vs_conn *cp,
union nf_inet_addr to;
__be16 port;
struct ip_vs_conn *n_cp;
-   struct net *net;
 
/* no diff required for incoming packets */
*diff = 0;
@@ -413,8 +410,7 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct 
ip_vs_conn *cp,
/*
 *  Move tunnel to listen state
 */
-   net = skb_net(skb);
-   ip_vs_tcp_conn_listen(net, n_cp);
+   ip_vs_tcp_conn_listen(n_cp);
ip_vs_conn_put(n_cp);
 
return 1;
diff --git a/net/netfilter/ipvs/ip_vs_proto_tcp.c 
b/net/netfilter/ipvs/ip_vs_proto_tcp.c
index c913c2d00caf..d7024b2ed769 100644
--- a/net/netfilter/ipvs/ip_vs_proto_tcp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_tcp.c
@@ -672,9 +672,9 @@ tcp_app_conn_bind(struct ip_vs_conn *cp)
 /*
  * Set LISTEN timeout. (ip_vs_conn_put will setup timer)
  */
-void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp)
+void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp)
 {
-   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(net_ipvs(net), 
IPPROTO_TCP);
+   struct ip_vs_proto_data *pd = ip_vs_proto_data_get(cp->ipvs, 
IPPROTO_TCP);
 
spin_lock_bh(>lock);
cp->state = IP_VS_TCP_S_LISTEN;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 81/84] ipvs: Pass ipvs not net to ip_vs_protocol_net_(init|cleanup)

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h  | 4 ++--
 net/netfilter/ipvs/ip_vs_core.c  | 6 +++---
 net/netfilter/ipvs/ip_vs_proto.c | 8 +++-
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index f0a39ce3bf0e..00318d63a565 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1340,13 +1340,13 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct 
ip_vs_conn *ctl_cp)
 /* IPVS netns init & cleanup functions */
 int ip_vs_estimator_net_init(struct netns_ipvs *ipvs);
 int ip_vs_control_net_init(struct netns_ipvs *ipvs);
-int ip_vs_protocol_net_init(struct net *net);
+int ip_vs_protocol_net_init(struct netns_ipvs *ipvs);
 int ip_vs_app_net_init(struct netns_ipvs *ipvs);
 int ip_vs_conn_net_init(struct netns_ipvs *ipvs);
 int ip_vs_sync_net_init(struct netns_ipvs *ipvs);
 void ip_vs_conn_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_app_net_cleanup(struct netns_ipvs *ipvs);
-void ip_vs_protocol_net_cleanup(struct net *net);
+void ip_vs_protocol_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_estimator_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 22eae0231cbb..ab85ae0f531f 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -2052,7 +2052,7 @@ static int __net_init __ip_vs_init(struct net *net)
if (ip_vs_control_net_init(ipvs) < 0)
goto control_fail;
 
-   if (ip_vs_protocol_net_init(net) < 0)
+   if (ip_vs_protocol_net_init(ipvs) < 0)
goto protocol_fail;
 
if (ip_vs_app_net_init(ipvs) < 0)
@@ -2076,7 +2076,7 @@ sync_fail:
 conn_fail:
ip_vs_app_net_cleanup(ipvs);
 app_fail:
-   ip_vs_protocol_net_cleanup(net);
+   ip_vs_protocol_net_cleanup(ipvs);
 protocol_fail:
ip_vs_control_net_cleanup(ipvs);
 control_fail:
@@ -2093,7 +2093,7 @@ static void __net_exit __ip_vs_cleanup(struct net *net)
ip_vs_service_net_cleanup(ipvs);/* ip_vs_flush() with locks */
ip_vs_conn_net_cleanup(ipvs);
ip_vs_app_net_cleanup(ipvs);
-   ip_vs_protocol_net_cleanup(net);
+   ip_vs_protocol_net_cleanup(ipvs);
ip_vs_control_net_cleanup(ipvs);
ip_vs_estimator_net_cleanup(ipvs);
IP_VS_DBG(2, "ipvs netns %d released\n", ipvs->gen);
diff --git a/net/netfilter/ipvs/ip_vs_proto.c b/net/netfilter/ipvs/ip_vs_proto.c
index f05ee668a1d1..8ae480715cea 100644
--- a/net/netfilter/ipvs/ip_vs_proto.c
+++ b/net/netfilter/ipvs/ip_vs_proto.c
@@ -307,7 +307,7 @@ ip_vs_tcpudp_debug_packet(int af, struct ip_vs_protocol *pp,
 /*
  * per network name-space init
  */
-int __net_init ip_vs_protocol_net_init(struct net *net)
+int __net_init ip_vs_protocol_net_init(struct netns_ipvs *ipvs)
 {
int i, ret;
static struct ip_vs_protocol *protos[] = {
@@ -327,7 +327,6 @@ int __net_init ip_vs_protocol_net_init(struct net *net)
_vs_protocol_esp,
 #endif
};
-   struct netns_ipvs *ipvs = net_ipvs(net);
 
for (i = 0; i < ARRAY_SIZE(protos); i++) {
ret = register_ip_vs_proto_netns(ipvs, protos[i]);
@@ -337,13 +336,12 @@ int __net_init ip_vs_protocol_net_init(struct net *net)
return 0;
 
 cleanup:
-   ip_vs_protocol_net_cleanup(net);
+   ip_vs_protocol_net_cleanup(ipvs);
return ret;
 }
 
-void __net_exit ip_vs_protocol_net_cleanup(struct net *net)
+void __net_exit ip_vs_protocol_net_cleanup(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_proto_data *pd;
int i;
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 36/84] ipvs: Pass ipvs not net to make_receive_sock

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_sync.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index dc987762ca2c..304eade977d2 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1549,16 +1549,15 @@ error:
 /*
  *  Set up receiving multicast socket over UDP
  */
-static struct socket *make_receive_sock(struct net *net, int id)
+static struct socket *make_receive_sock(struct netns_ipvs *ipvs, int id)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
/* multicast addr */
union ipvs_sockaddr mcast_addr;
struct socket *sock;
int result, salen;
 
/* First create a socket */
-   result = sock_create_kern(net, ipvs->bcfg.mcast_af, SOCK_DGRAM,
+   result = sock_create_kern(ipvs->net, ipvs->bcfg.mcast_af, SOCK_DGRAM,
  IPPROTO_UDP, );
if (result < 0) {
pr_err("Error during creation of socket; terminating\n");
@@ -1873,7 +1872,7 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
if (state == IP_VS_STATE_MASTER)
sock = make_send_sock(ipvs, id);
else
-   sock = make_receive_sock(ipvs->net, id);
+   sock = make_receive_sock(ipvs, id);
if (IS_ERR(sock)) {
result = PTR_ERR(sock);
goto outtinfo;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 42/84] ipvs: Pass ipvs not net to ip_vs_proc_sync_conn

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_sync.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 98180904ccd2..e3f72cbc1204 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1064,9 +1064,8 @@ static int ip_vs_proc_str(__u8 *p, unsigned int plen, 
unsigned int *data_len,
 /*
  *   Process a Version 1 sync. connection
  */
-static inline int ip_vs_proc_sync_conn(struct net *net, __u8 *p, __u8 *msg_end)
+static inline int ip_vs_proc_sync_conn(struct netns_ipvs *ipvs, __u8 *p, __u8 
*msg_end)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_sync_conn_options opt;
union  ip_vs_sync_conn *s;
struct ip_vs_protocol *pp;
@@ -1254,7 +1253,7 @@ static void ip_vs_process_message(struct netns_ipvs 
*ipvs, __u8 *buffer,
return;
}
/* Process a single sync_conn */
-   retc = ip_vs_proc_sync_conn(ipvs->net, p, msg_end);
+   retc = ip_vs_proc_sync_conn(ipvs, p, msg_end);
if (retc < 0) {
IP_VS_ERR_RL("BACKUP, Dropping buffer, Err: %d 
in decoding\n",
 retc);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 59/84] ipvs: Pass ipvs not net into init_netns and exit_netns

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h   | 4 ++--
 net/netfilter/ipvs/ip_vs_proto.c  | 4 ++--
 net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 ++
 net/netfilter/ipvs/ip_vs_proto_tcp.c  | 6 ++
 net/netfilter/ipvs/ip_vs_proto_udp.c  | 6 ++
 5 files changed, 10 insertions(+), 16 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 728a670d69fd..fe3373c9bb3b 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -483,9 +483,9 @@ struct ip_vs_protocol {
 
void (*exit)(struct ip_vs_protocol *pp);
 
-   int (*init_netns)(struct net *net, struct ip_vs_proto_data *pd);
+   int (*init_netns)(struct netns_ipvs *ipvs, struct ip_vs_proto_data *pd);
 
-   void (*exit_netns)(struct net *net, struct ip_vs_proto_data *pd);
+   void (*exit_netns)(struct netns_ipvs *ipvs, struct ip_vs_proto_data 
*pd);
 
int (*conn_schedule)(int af, struct sk_buff *skb,
 struct ip_vs_proto_data *pd,
diff --git a/net/netfilter/ipvs/ip_vs_proto.c b/net/netfilter/ipvs/ip_vs_proto.c
index fb581babe5e2..f05ee668a1d1 100644
--- a/net/netfilter/ipvs/ip_vs_proto.c
+++ b/net/netfilter/ipvs/ip_vs_proto.c
@@ -78,7 +78,7 @@ register_ip_vs_proto_netns(struct netns_ipvs *ipvs, struct 
ip_vs_protocol *pp)
atomic_set(>appcnt, 0); /* Init app counter */
 
if (pp->init_netns != NULL) {
-   int ret = pp->init_netns(ipvs->net, pd);
+   int ret = pp->init_netns(ipvs, pd);
if (ret) {
/* unlink an free proto data */
ipvs->proto_data_table[hash] = pd->next;
@@ -125,7 +125,7 @@ unregister_ip_vs_proto_netns(struct netns_ipvs *ipvs, 
struct ip_vs_proto_data *p
if (*pd_p == pd) {
*pd_p = pd->next;
if (pd->pp->exit_netns != NULL)
-   pd->pp->exit_netns(ipvs->net, pd);
+   pd->pp->exit_netns(ipvs, pd);
kfree(pd);
return 0;
}
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c 
b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 345fc7485f2e..3e9418ab276a 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -561,10 +561,8 @@ out:
  *   timeouts is netns related now.
  * -
  */
-static int __ip_vs_sctp_init(struct net *net, struct ip_vs_proto_data *pd)
+static int __ip_vs_sctp_init(struct netns_ipvs *ipvs, struct ip_vs_proto_data 
*pd)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
-
ip_vs_init_hash_table(ipvs->sctp_apps, SCTP_APP_TAB_SIZE);
pd->timeout_table = ip_vs_create_timeout_table((int *)sctp_timeouts,
sizeof(sctp_timeouts));
@@ -573,7 +571,7 @@ static int __ip_vs_sctp_init(struct net *net, struct 
ip_vs_proto_data *pd)
return 0;
 }
 
-static void __ip_vs_sctp_exit(struct net *net, struct ip_vs_proto_data *pd)
+static void __ip_vs_sctp_exit(struct netns_ipvs *ipvs, struct ip_vs_proto_data 
*pd)
 {
kfree(pd->timeout_table);
 }
diff --git a/net/netfilter/ipvs/ip_vs_proto_tcp.c 
b/net/netfilter/ipvs/ip_vs_proto_tcp.c
index 94bea31ec388..93ba6b1fe9d1 100644
--- a/net/netfilter/ipvs/ip_vs_proto_tcp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_tcp.c
@@ -691,10 +691,8 @@ void ip_vs_tcp_conn_listen(struct net *net, struct 
ip_vs_conn *cp)
  *   timeouts is netns related now.
  * -
  */
-static int __ip_vs_tcp_init(struct net *net, struct ip_vs_proto_data *pd)
+static int __ip_vs_tcp_init(struct netns_ipvs *ipvs, struct ip_vs_proto_data 
*pd)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
-
ip_vs_init_hash_table(ipvs->tcp_apps, TCP_APP_TAB_SIZE);
pd->timeout_table = ip_vs_create_timeout_table((int *)tcp_timeouts,
sizeof(tcp_timeouts));
@@ -704,7 +702,7 @@ static int __ip_vs_tcp_init(struct net *net, struct 
ip_vs_proto_data *pd)
return 0;
 }
 
-static void __ip_vs_tcp_exit(struct net *net, struct ip_vs_proto_data *pd)
+static void __ip_vs_tcp_exit(struct netns_ipvs *ipvs, struct ip_vs_proto_data 
*pd)
 {
kfree(pd->timeout_table);
 }
diff --git a/net/netfilter/ipvs/ip_vs_proto_udp.c 
b/net/netfilter/ipvs/ip_vs_proto_udp.c
index 234521ec9703..382dcc9cfe11 100644
--- a/net/netfilter/ipvs/ip_vs_proto_udp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_udp.c
@@ -472,10 +472,8 @@ udp_state_transition(struct ip_vs_conn *cp, int direction,
cp->timeout = pd->timeout_table[IP_VS_UDP_S_NORMAL];
 }
 
-static int __udp_init(struct net *net, struct ip_vs_proto_data *pd)
+static int __udp_init(struct netns_ipvs *ipvs, struct ip_vs_proto_data *pd)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
-
ip_vs_init_hash_table(ipvs->udp_apps, 

[PATCH next 64/84] ipvs: Pass ipvs not net into ip_vs_conn_net_flush

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_conn.c | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 76cdb6c06a52..43b7a7d2ba4d 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -1309,11 +1309,10 @@ void ip_vs_random_dropentry(struct netns_ipvs *ipvs)
 /*
  *  Flush all the connection entries in the ip_vs_conn_tab
  */
-static void ip_vs_conn_flush(struct net *net)
+static void ip_vs_conn_flush(struct netns_ipvs *ipvs)
 {
int idx;
struct ip_vs_conn *cp, *cp_c;
-   struct netns_ipvs *ipvs = net_ipvs(net);
 
 flush_again:
rcu_read_lock();
@@ -1359,8 +1358,10 @@ int __net_init ip_vs_conn_net_init(struct net *net)
 
 void __net_exit ip_vs_conn_net_cleanup(struct net *net)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
+
/* flush all the connection entries first */
-   ip_vs_conn_flush(net);
+   ip_vs_conn_flush(ipvs);
remove_proc_entry("ip_vs_conn", net->proc_net);
remove_proc_entry("ip_vs_conn_sync", net->proc_net);
 }
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 82/84] ipvs: Remove skb_net

[Eric W. Biederman]

This hack has no more users so remove it.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 31 ---
 1 file changed, 31 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 00318d63a565..d621330d423c 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -38,37 +38,6 @@ static inline struct netns_ipvs *net_ipvs(struct net* net)
return net->ipvs;
 }
 
-/* Get net ptr from skb in traffic cases
- * use skb_sknet when call is from userland (ioctl or netlink)
- */
-static inline struct net *skb_net(const struct sk_buff *skb)
-{
-#ifdef CONFIG_NET_NS
-#ifdef CONFIG_IP_VS_DEBUG
-   /*
-* This is used for debug only.
-* Start with the most likely hit
-* End with BUG
-*/
-   if (likely(skb->dev && dev_net(skb->dev)))
-   return dev_net(skb->dev);
-   if (skb_dst(skb) && skb_dst(skb)->dev)
-   return dev_net(skb_dst(skb)->dev);
-   WARN(skb->sk, "Maybe skb_sknet should be used in %s() at line:%d\n",
- __func__, __LINE__);
-   if (likely(skb->sk && sock_net(skb->sk)))
-   return sock_net(skb->sk);
-   pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
-   __func__, __LINE__);
-   BUG();
-#else
-   return dev_net(skb->dev ? : skb_dst(skb)->dev);
-#endif
-#else
-   return _net;
-#endif
-}
-
 static inline struct net *skb_sknet(const struct sk_buff *skb)
 {
 #ifdef CONFIG_NET_NS
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 62/84] ipvs: Pass ipvs into conn_out_get

[Eric W. Biederman]

Move the hack of relying on "net_ipvs(skb_net(skb))" to dreive the ipvs up
a layer.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 6 --
 net/netfilter/ipvs/ip_vs_conn.c | 4 ++--
 net/netfilter/ipvs/ip_vs_core.c | 8 +---
 net/netfilter/ipvs/ip_vs_proto_ah_esp.c | 3 +--
 net/netfilter/xt_ipvs.c | 3 ++-
 5 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 5c26383542e3..0ca436ef7dad 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -499,7 +499,8 @@ struct ip_vs_protocol {
   const struct ip_vs_iphdr *iph);
 
struct ip_vs_conn *
-   (*conn_out_get)(int af,
+   (*conn_out_get)(struct netns_ipvs *ipvs,
+   int af,
const struct sk_buff *skb,
const struct ip_vs_iphdr *iph);
 
@@ -1229,7 +1230,8 @@ struct ip_vs_conn * ip_vs_conn_in_get_proto(struct 
netns_ipvs *ipvs, int af,
 
 struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);
 
-struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
+struct ip_vs_conn * ip_vs_conn_out_get_proto(struct netns_ipvs *ipvs, int af,
+const struct sk_buff *skb,
 const struct ip_vs_iphdr *iph);
 
 /* Get reference to gain full access to conn.
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index b27b06eb693c..70ad51050cd8 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -440,10 +440,10 @@ struct ip_vs_conn *ip_vs_conn_out_get(const struct 
ip_vs_conn_param *p)
 }
 
 struct ip_vs_conn *
-ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
+ip_vs_conn_out_get_proto(struct netns_ipvs *ipvs, int af,
+const struct sk_buff *skb,
 const struct ip_vs_iphdr *iph)
 {
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
struct ip_vs_conn_param p;
 
if (ip_vs_conn_fill_param_proto(ipvs, af, skb, iph, ))
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 9b5c2af7b63a..f0369e7602a0 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -912,6 +912,7 @@ out:
 static int ip_vs_out_icmp(struct sk_buff *skb, int *related,
  unsigned int hooknum)
 {
+   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
struct iphdr *iph;
struct icmphdr  _icmph, *ic;
struct iphdr_ciph, *cih;/* The ip header contained within the 
ICMP */
@@ -974,7 +975,7 @@ static int ip_vs_out_icmp(struct sk_buff *skb, int *related,
ip_vs_fill_iph_skb_icmp(AF_INET, skb, offset, true, );
 
/* The embedded headers contain source and dest in reverse order */
-   cp = pp->conn_out_get(AF_INET, skb, );
+   cp = pp->conn_out_get(ipvs, AF_INET, skb, );
if (!cp)
return NF_ACCEPT;
 
@@ -987,6 +988,7 @@ static int ip_vs_out_icmp(struct sk_buff *skb, int *related,
 static int ip_vs_out_icmp_v6(struct sk_buff *skb, int *related,
 unsigned int hooknum, struct ip_vs_iphdr *ipvsh)
 {
+   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
struct icmp6hdr _icmph, *ic;
struct ip_vs_iphdr ciph = {.flags = 0, .fragoffs = 0};/*Contained IP */
struct ip_vs_conn *cp;
@@ -1029,7 +1031,7 @@ static int ip_vs_out_icmp_v6(struct sk_buff *skb, int 
*related,
return NF_ACCEPT;
 
/* The embedded headers contain source and dest in reverse order */
-   cp = pp->conn_out_get(AF_INET6, skb, );
+   cp = pp->conn_out_get(ipvs, AF_INET6, skb, );
if (!cp)
return NF_ACCEPT;
 
@@ -1257,7 +1259,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int 
af)
/*
 * Check if the packet belongs to an existing entry
 */
-   cp = pp->conn_out_get(af, skb, );
+   cp = pp->conn_out_get(ipvs, af, skb, );
 
if (likely(cp))
return handle_response(af, skb, pd, cp, , hooknum);
diff --git a/net/netfilter/ipvs/ip_vs_proto_ah_esp.c 
b/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
index a96d93d11807..e924455de5c0 100644
--- a/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
@@ -82,12 +82,11 @@ ah_esp_conn_in_get(struct netns_ipvs *ipvs, int af, const 
struct sk_buff *skb,
 
 
 static struct ip_vs_conn *
-ah_esp_conn_out_get(int af, const struct sk_buff *skb,
+ah_esp_conn_out_get(struct netns_ipvs *ipvs, int af, const struct sk_buff *skb,
const struct ip_vs_iphdr *iph)
 {
struct ip_vs_conn *cp;
struct ip_vs_conn_param p;
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
 
ah_esp_conn_fill_param_proto(ipvs, af, iph, );
cp = 

[PATCH next 33/84] ipvs: Pass ipvs not net to start_sync_thread

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h |  2 +-
 net/netfilter/ipvs/ip_vs_ctl.c  |  4 ++--
 net/netfilter/ipvs/ip_vs_sync.c | 11 +--
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 3c077e8a038c..dd7cd3a48fd4 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1449,7 +1449,7 @@ static inline void ip_vs_dest_put_and_free(struct 
ip_vs_dest *dest)
 /* IPVS sync daemon data and function prototypes
  * (from ip_vs_sync.c)
  */
-int start_sync_thread(struct net *net, struct ipvs_sync_daemon_cfg *cfg,
+int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg 
*cfg,
  int state);
 int stop_sync_thread(struct net *net, int state);
 void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp, int pkts);
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 6a8238adda02..07106bfe2ac4 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2350,7 +2350,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
cfg.syncid = dm->syncid;
rtnl_lock();
mutex_lock(>sync_mutex);
-   ret = start_sync_thread(net, , dm->state);
+   ret = start_sync_thread(ipvs, , dm->state);
mutex_unlock(>sync_mutex);
rtnl_unlock();
} else {
@@ -3432,7 +3432,7 @@ static int ip_vs_genl_new_daemon(struct netns_ipvs *ipvs, 
struct nlattr **attrs)
 
rtnl_lock();
mutex_lock(>sync_mutex);
-   ret = start_sync_thread(ipvs->net, ,
+   ret = start_sync_thread(ipvs, ,
nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
mutex_unlock(>sync_mutex);
rtnl_unlock();
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index d158e0713ab9..90c455c0b42b 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1778,13 +1778,12 @@ static int sync_thread_backup(void *data)
 }
 
 
-int start_sync_thread(struct net *net, struct ipvs_sync_daemon_cfg *c,
+int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c,
  int state)
 {
struct ip_vs_sync_thread_data *tinfo;
struct task_struct **array = NULL, *task;
struct socket *sock;
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct net_device *dev;
char *name;
int (*threadfn)(void *data);
@@ -1811,7 +1810,7 @@ int start_sync_thread(struct net *net, struct 
ipvs_sync_daemon_cfg *c,
if (!c->mcast_ttl)
c->mcast_ttl = 1;
 
-   dev = __dev_get_by_name(net, c->mcast_ifn);
+   dev = __dev_get_by_name(ipvs->net, c->mcast_ifn);
if (!dev) {
pr_err("Unknown mcast interface: %s\n", c->mcast_ifn);
return -ENODEV;
@@ -1873,9 +1872,9 @@ int start_sync_thread(struct net *net, struct 
ipvs_sync_daemon_cfg *c,
tinfo = NULL;
for (id = 0; id < count; id++) {
if (state == IP_VS_STATE_MASTER)
-   sock = make_send_sock(net, id);
+   sock = make_send_sock(ipvs->net, id);
else
-   sock = make_receive_sock(net, id);
+   sock = make_receive_sock(ipvs->net, id);
if (IS_ERR(sock)) {
result = PTR_ERR(sock);
goto outtinfo;
@@ -1883,7 +1882,7 @@ int start_sync_thread(struct net *net, struct 
ipvs_sync_daemon_cfg *c,
tinfo = kmalloc(sizeof(*tinfo), GFP_KERNEL);
if (!tinfo)
goto outsocket;
-   tinfo->net = net;
+   tinfo->net = ipvs->net;
tinfo->sock = sock;
if (state == IP_VS_STATE_BACKUP) {
tinfo->buf = kmalloc(ipvs->bcfg.sync_maxlen,
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH v2] [net] af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag

[Aaron Conole]

From: Aaron Conole 

AF_UNIX sockets now return multiple skbs from recv() when MSG_PEEK flag
is set.

This is referenced in kernel bugzilla #12323 @
https://bugzilla.kernel.org/show_bug.cgi?id=12323

As described both in the BZ and lkml thread @
http://lkml.org/lkml/2008/1/8/444 calling recv() with MSG_PEEK on an
AF_UNIX socket only reads a single skb, where the desired effect is
to return as much skb data has been queued, until hitting the recv
buffer size (whichever comes first).

The modified MSG_PEEK path will now move to the next skb in the tree
and jump to the again: label, rather than following the natural loop
structure. This requires duplicating some of the loop head actions.

This was tested using the python socketpair python code attached to
the bugzilla issue.

Signed-off-by: Aaron Conole 
---
 net/unix/af_unix.c | 19 +--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 03ee4d3..988fbbd4 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2179,9 +2179,24 @@ unlock:
if (UNIXCB(skb).fp)
scm.fp = scm_fp_dup(UNIXCB(skb).fp);
 
-   sk_peek_offset_fwd(sk, chunk);
+   if (skip) {
+   sk_peek_offset_fwd(sk, chunk);
+   skip -= chunk;
+   }
 
-   break;
+   if (UNIXCB(skb).fp)
+   break;
+
+   /* XXX - this is ugly; a better approach would be
+* rewriting this function
+*/
+   last = skb;
+   last_len = skb->len;
+   unix_state_lock();
+   skb = skb_peek_next(skb, >sk_receive_queue);
+   if (skb)
+   goto again;
+   goto unlock;
}
} while (size);
 
-- 
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 67/84] ipvs: Better derivation of ipvs in ip_vs_tunnel_xmit

[Eric W. Biederman]

Don't use "net_ipvs(skb_net(skb))" as skb_net is a bad hack.  Instead
use cp->ipvs and ipvs->net for the net.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_xmit.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 5b5ec0b688de..ec10ebf246fd 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -971,8 +971,8 @@ int
 ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
  struct ip_vs_protocol *pp, struct ip_vs_iphdr *ipvsh)
 {
-   struct net *net = skb_net(skb);
-   struct netns_ipvs *ipvs = net_ipvs(net);
+   struct netns_ipvs *ipvs = cp->ipvs;
+   struct net *net = ipvs->net;
struct rtable *rt;  /* Route to the other host */
__be32 saddr;   /* Source for tunnel */
struct net_device *tdev;/* Device to other host */
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 58/84] ipvs: Pass ipvs not net into [un]register_ip_vs_proto_netns

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_proto.c | 15 +++
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_proto.c b/net/netfilter/ipvs/ip_vs_proto.c
index 82ccfd2f235c..fb581babe5e2 100644
--- a/net/netfilter/ipvs/ip_vs_proto.c
+++ b/net/netfilter/ipvs/ip_vs_proto.c
@@ -63,9 +63,8 @@ static int __used __init register_ip_vs_protocol(struct 
ip_vs_protocol *pp)
  * register an ipvs protocols netns related data
  */
 static int
-register_ip_vs_proto_netns(struct net *net, struct ip_vs_protocol *pp)
+register_ip_vs_proto_netns(struct netns_ipvs *ipvs, struct ip_vs_protocol *pp)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
unsigned int hash = IP_VS_PROTO_HASH(pp->protocol);
struct ip_vs_proto_data *pd =
kzalloc(sizeof(struct ip_vs_proto_data), GFP_KERNEL);
@@ -79,7 +78,7 @@ register_ip_vs_proto_netns(struct net *net, struct 
ip_vs_protocol *pp)
atomic_set(>appcnt, 0); /* Init app counter */
 
if (pp->init_netns != NULL) {
-   int ret = pp->init_netns(net, pd);
+   int ret = pp->init_netns(ipvs->net, pd);
if (ret) {
/* unlink an free proto data */
ipvs->proto_data_table[hash] = pd->next;
@@ -116,9 +115,8 @@ static int unregister_ip_vs_protocol(struct ip_vs_protocol 
*pp)
  * unregister an ipvs protocols netns data
  */
 static int
-unregister_ip_vs_proto_netns(struct net *net, struct ip_vs_proto_data *pd)
+unregister_ip_vs_proto_netns(struct netns_ipvs *ipvs, struct ip_vs_proto_data 
*pd)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_proto_data **pd_p;
unsigned int hash = IP_VS_PROTO_HASH(pd->pp->protocol);
 
@@ -127,7 +125,7 @@ unregister_ip_vs_proto_netns(struct net *net, struct 
ip_vs_proto_data *pd)
if (*pd_p == pd) {
*pd_p = pd->next;
if (pd->pp->exit_netns != NULL)
-   pd->pp->exit_netns(net, pd);
+   pd->pp->exit_netns(ipvs->net, pd);
kfree(pd);
return 0;
}
@@ -329,9 +327,10 @@ int __net_init ip_vs_protocol_net_init(struct net *net)
_vs_protocol_esp,
 #endif
};
+   struct netns_ipvs *ipvs = net_ipvs(net);
 
for (i = 0; i < ARRAY_SIZE(protos); i++) {
-   ret = register_ip_vs_proto_netns(net, protos[i]);
+   ret = register_ip_vs_proto_netns(ipvs, protos[i]);
if (ret < 0)
goto cleanup;
}
@@ -351,7 +350,7 @@ void __net_exit ip_vs_protocol_net_cleanup(struct net *net)
/* unregister all the ipvs proto data for this netns */
for (i = 0; i < IP_VS_PROTO_TAB_SIZE; i++) {
while ((pd = ipvs->proto_data_table[i]) != NULL)
-   unregister_ip_vs_proto_netns(net, pd);
+   unregister_ip_vs_proto_netns(ipvs, pd);
}
 }
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 76/84] ipvs: Pass ipvs into ip_vs_in

[Eric W. Biederman]

Derive ipvs from state->net in the callers of ip_vs_in and pass it
into ip_vs_out.  Removing the need to use the hack skb_net.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 14 +-
 1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 07a4ddca650d..3ab96bdc66fd 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1684,15 +1684,13 @@ out:
  * and send it on its way...
  */
 static unsigned int
-ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
+ip_vs_in(struct netns_ipvs *ipvs, unsigned int hooknum, struct sk_buff *skb, 
int af)
 {
-   struct net *net;
struct ip_vs_iphdr iph;
struct ip_vs_protocol *pp;
struct ip_vs_proto_data *pd;
struct ip_vs_conn *cp;
int ret, pkts;
-   struct netns_ipvs *ipvs;
int conn_reuse_mode;
 
/* Already marked as IPVS request or reply? */
@@ -1715,8 +1713,6 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int 
af)
return NF_ACCEPT;
}
/* ipvs enabled in this netns ? */
-   net = skb_net(skb);
-   ipvs = net_ipvs(net);
if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable))
return NF_ACCEPT;
 
@@ -1844,7 +1840,7 @@ static unsigned int
 ip_vs_remote_request4(void *priv, struct sk_buff *skb,
  const struct nf_hook_state *state)
 {
-   return ip_vs_in(state->hook, skb, AF_INET);
+   return ip_vs_in(net_ipvs(state->net), state->hook, skb, AF_INET);
 }
 
 /*
@@ -1855,7 +1851,7 @@ static unsigned int
 ip_vs_local_request4(void *priv, struct sk_buff *skb,
 const struct nf_hook_state *state)
 {
-   return ip_vs_in(state->hook, skb, AF_INET);
+   return ip_vs_in(net_ipvs(state->net), state->hook, skb, AF_INET);
 }
 
 #ifdef CONFIG_IP_VS_IPV6
@@ -1868,7 +1864,7 @@ static unsigned int
 ip_vs_remote_request6(void *priv, struct sk_buff *skb,
  const struct nf_hook_state *state)
 {
-   return ip_vs_in(state->hook, skb, AF_INET6);
+   return ip_vs_in(net_ipvs(state->net), state->hook, skb, AF_INET6);
 }
 
 /*
@@ -1879,7 +1875,7 @@ static unsigned int
 ip_vs_local_request6(void *priv, struct sk_buff *skb,
 const struct nf_hook_state *state)
 {
-   return ip_vs_in(state->hook, skb, AF_INET6);
+   return ip_vs_in(net_ipvs(state->net), state->hook, skb, AF_INET6);
 }
 
 #endif
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 72/84] ipvs: Wrap sysctl_cache_bypass and remove ifdefs in ip_vs_leave

[Eric W. Biederman]

With sysctl_cache_bypass now a compile time constant the compiler can
figue out that it can elimiate all of the code that depends on
sysctl_cache_bypass being true.

Also remove the duplicate computation of net previously necessitated
by #ifdef CONFIG_SYSCTL

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 10 ++
 net/netfilter/ipvs/ip_vs_core.c | 13 +++--
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index c68c2c8ae48a..dacd873e8bb9 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1101,6 +1101,11 @@ static inline int sysctl_ignore_tunneled(struct 
netns_ipvs *ipvs)
return ipvs->sysctl_ignore_tunneled;
 }
 
+static inline int sysctl_cache_bypass(struct netns_ipvs *ipvs)
+{
+   return ipvs->sysctl_cache_bypass;
+}
+
 #else
 
 static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
@@ -1183,6 +1188,11 @@ static inline int sysctl_ignore_tunneled(struct 
netns_ipvs *ipvs)
return 0;
 }
 
+static inline int sysctl_cache_bypass(struct netns_ipvs *ipvs)
+{
+   return 0;
+}
+
 #endif
 
 /* IPVS core functions
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 1c9c52349b7c..7e9ee1dece19 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -568,17 +568,14 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff 
*skb,
struct ip_vs_proto_data *pd, struct ip_vs_iphdr *iph)
 {
__be16 _ports[2], *pptr, dport;
-#ifdef CONFIG_SYSCTL
struct net *net;
struct netns_ipvs *ipvs;
-#endif
 
pptr = frag_safe_skb_hp(skb, iph->len, sizeof(_ports), _ports, iph);
if (!pptr)
return NF_DROP;
dport = likely(!ip_vs_iph_inverse(iph)) ? pptr[1] : pptr[0];
 
-#ifdef CONFIG_SYSCTL
net = skb_net(skb);
 
 
@@ -586,7 +583,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff 
*skb,
   and the destination is a non-local unicast, then create
   a cache_bypass connection entry */
ipvs = net_ipvs(net);
-   if (ipvs->sysctl_cache_bypass && svc->fwmark &&
+   if (sysctl_cache_bypass(ipvs) && svc->fwmark &&
!(iph->hdr_flags & (IP_VS_HDR_INVERSE | IP_VS_HDR_ICMP)) &&
ip_vs_addr_is_unicast(net, svc->af, >daddr)) {
int ret;
@@ -624,7 +621,6 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff 
*skb,
ip_vs_conn_put(cp);
return ret;
}
-#endif
 
/*
 * When the virtual ftp service is presented, packets destined
@@ -647,11 +643,8 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff 
*skb,
 */
 #ifdef CONFIG_IP_VS_IPV6
if (svc->af == AF_INET6) {
-   if (!skb->dev) {
-   struct net *net_ = dev_net(skb_dst(skb)->dev);
-
-   skb->dev = net_->loopback_dev;
-   }
+   if (!skb->dev)
+   skb->dev = net->loopback_dev;
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
} else
 #endif
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 20/84] ipvs: Pass ipvs not net to ip_vs_flush

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 10 +-
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 7f0635242c7f..51dab90bf184 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1449,9 +1449,8 @@ static int ip_vs_del_service(struct ip_vs_service *svc)
 /*
  * Flush all the virtual services
  */
-static int ip_vs_flush(struct net *net, bool cleanup)
+static int ip_vs_flush(struct netns_ipvs *ipvs, bool cleanup)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
int idx;
struct ip_vs_service *svc;
struct hlist_node *n;
@@ -1487,10 +1486,11 @@ static int ip_vs_flush(struct net *net, bool cleanup)
  */
 void ip_vs_service_net_cleanup(struct net *net)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
EnterFunction(2);
/* Check for "full" addressed entries */
mutex_lock(&__ip_vs_mutex);
-   ip_vs_flush(net, true);
+   ip_vs_flush(ipvs, true);
mutex_unlock(&__ip_vs_mutex);
LeaveFunction(2);
 }
@@ -2366,7 +2366,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
mutex_lock(&__ip_vs_mutex);
if (cmd == IP_VS_SO_SET_FLUSH) {
/* Flush the virtual service */
-   ret = ip_vs_flush(net, false);
+   ret = ip_vs_flush(ipvs, false);
goto out_unlock;
} else if (cmd == IP_VS_SO_SET_TIMEOUT) {
/* Set timeout values for (tcp tcpfin udp) */
@@ -3524,7 +3524,7 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct 
genl_info *info)
mutex_lock(&__ip_vs_mutex);
 
if (cmd == IPVS_CMD_FLUSH) {
-   ret = ip_vs_flush(net, false);
+   ret = ip_vs_flush(ipvs, false);
goto out;
} else if (cmd == IPVS_CMD_SET_CONFIG) {
ret = ip_vs_genl_set_config(net, info->attrs);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 31/84] ipvs: Pass ipvs not net to ip_vs_genl_new_daemon

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 9dab372ceedb..30ed3a93bf22 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3374,9 +3374,8 @@ nla_put_failure:
return skb->len;
 }
 
-static int ip_vs_genl_new_daemon(struct net *net, struct nlattr **attrs)
+static int ip_vs_genl_new_daemon(struct netns_ipvs *ipvs, struct nlattr 
**attrs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ipvs_sync_daemon_cfg c;
struct nlattr *a;
int ret;
@@ -3433,7 +3432,7 @@ static int ip_vs_genl_new_daemon(struct net *net, struct 
nlattr **attrs)
 
rtnl_lock();
mutex_lock(>sync_mutex);
-   ret = start_sync_thread(net, ,
+   ret = start_sync_thread(ipvs->net, ,
nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
mutex_unlock(>sync_mutex);
rtnl_unlock();
@@ -3495,7 +3494,7 @@ static int ip_vs_genl_set_daemon(struct sk_buff *skb, 
struct genl_info *info)
goto out;
 
if (cmd == IPVS_CMD_NEW_DAEMON)
-   ret = ip_vs_genl_new_daemon(net, daemon_attrs);
+   ret = ip_vs_genl_new_daemon(ipvs, daemon_attrs);
else
ret = ip_vs_genl_del_daemon(net, daemon_attrs);
}
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 78/84] ipvs: Pass ipvs into ip_vs_out_icmp and ip_vs_out_icmp_v6

[Eric W. Biederman]

This removes the need to compute ipvs with the hack "net_ipvs(skb_net(skb))"

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 15 +++
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 0304c7cbb786..9967c9fac7f7 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -897,10 +897,9 @@ out:
  * Find any that might be relevant, check against existing connections.
  * Currently handles error types - unreachable, quench, ttl exceeded.
  */
-static int ip_vs_out_icmp(struct sk_buff *skb, int *related,
- unsigned int hooknum)
+static int ip_vs_out_icmp(struct netns_ipvs *ipvs, struct sk_buff *skb,
+ int *related, unsigned int hooknum)
 {
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
struct iphdr *iph;
struct icmphdr  _icmph, *ic;
struct iphdr_ciph, *cih;/* The ip header contained within the 
ICMP */
@@ -973,10 +972,10 @@ static int ip_vs_out_icmp(struct sk_buff *skb, int 
*related,
 }
 
 #ifdef CONFIG_IP_VS_IPV6
-static int ip_vs_out_icmp_v6(struct sk_buff *skb, int *related,
-unsigned int hooknum, struct ip_vs_iphdr *ipvsh)
+static int ip_vs_out_icmp_v6(struct netns_ipvs *ipvs, struct sk_buff *skb,
+int *related,  unsigned int hooknum,
+struct ip_vs_iphdr *ipvsh)
 {
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
struct icmp6hdr _icmph, *ic;
struct ip_vs_iphdr ciph = {.flags = 0, .fragoffs = 0};/*Contained IP */
struct ip_vs_conn *cp;
@@ -1208,7 +1207,7 @@ ip_vs_out(struct netns_ipvs *ipvs, unsigned int hooknum, 
struct sk_buff *skb, in
if (af == AF_INET6) {
if (unlikely(iph.protocol == IPPROTO_ICMPV6)) {
int related;
-   int verdict = ip_vs_out_icmp_v6(skb, ,
+   int verdict = ip_vs_out_icmp_v6(ipvs, skb, ,
hooknum, );
 
if (related)
@@ -1218,7 +1217,7 @@ ip_vs_out(struct netns_ipvs *ipvs, unsigned int hooknum, 
struct sk_buff *skb, in
 #endif
if (unlikely(iph.protocol == IPPROTO_ICMP)) {
int related;
-   int verdict = ip_vs_out_icmp(skb, , hooknum);
+   int verdict = ip_vs_out_icmp(ipvs, skb, , 
hooknum);
 
if (related)
return verdict;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 84/84] ipvs: Pass ipvs into ip_vs_gather_frags

[Eric W. Biederman]

This will be needed later when the network namespace guessing is removed from 
ip_defrag

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index ab85ae0f531f..fb6b6c87d841 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -688,7 +688,8 @@ static inline enum ip_defrag_users 
ip_vs_defrag_user(unsigned int hooknum)
return IP_DEFRAG_VS_OUT;
 }
 
-static inline int ip_vs_gather_frags(struct sk_buff *skb, u_int32_t user)
+static inline int ip_vs_gather_frags(struct netns_ipvs *ipvs,
+struct sk_buff *skb, u_int32_t user)
 {
int err;
 
@@ -912,7 +913,7 @@ static int ip_vs_out_icmp(struct netns_ipvs *ipvs, struct 
sk_buff *skb,
 
/* reassemble IP fragments */
if (ip_is_fragment(ip_hdr(skb))) {
-   if (ip_vs_gather_frags(skb, ip_vs_defrag_user(hooknum)))
+   if (ip_vs_gather_frags(ipvs, skb, ip_vs_defrag_user(hooknum)))
return NF_STOLEN;
}
 
@@ -1232,7 +1233,7 @@ ip_vs_out(struct netns_ipvs *ipvs, unsigned int hooknum, 
struct sk_buff *skb, in
if (af == AF_INET)
 #endif
if (unlikely(ip_is_fragment(ip_hdr(skb)) && !pp->dont_defrag)) {
-   if (ip_vs_gather_frags(skb,
+   if (ip_vs_gather_frags(ipvs, skb,
   ip_vs_defrag_user(hooknum)))
return NF_STOLEN;
 
@@ -1403,7 +1404,7 @@ ip_vs_in_icmp(struct netns_ipvs *ipvs, struct sk_buff 
*skb, int *related,
 
/* reassemble IP fragments */
if (ip_is_fragment(ip_hdr(skb))) {
-   if (ip_vs_gather_frags(skb, ip_vs_defrag_user(hooknum)))
+   if (ip_vs_gather_frags(ipvs, skb, ip_vs_defrag_user(hooknum)))
return NF_STOLEN;
}
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 74/84] ipvs: Pass ipvs not net into sysctl_nat_icmp_send

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 15661691bf7d..b25fb3309472 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -657,9 +657,8 @@ static int sysctl_snat_reroute(struct sk_buff *skb)
return ipvs->sysctl_snat_reroute;
 }
 
-static int sysctl_nat_icmp_send(struct net *net)
+static int sysctl_nat_icmp_send(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
return ipvs->sysctl_nat_icmp_send;
 }
 
@@ -671,7 +670,7 @@ static int sysctl_expire_nodest_conn(struct netns_ipvs 
*ipvs)
 #else
 
 static int sysctl_snat_reroute(struct sk_buff *skb) { return 0; }
-static int sysctl_nat_icmp_send(struct net *net) { return 0; }
+static int sysctl_nat_icmp_send(struct netns_ipvs *ipvs) { return 0; }
 static int sysctl_expire_nodest_conn(struct netns_ipvs *ipvs) { return 0; }
 
 #endif
@@ -1252,7 +1251,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int 
af)
 
if (likely(cp))
return handle_response(af, skb, pd, cp, , hooknum);
-   if (sysctl_nat_icmp_send(net) &&
+   if (sysctl_nat_icmp_send(ipvs) &&
(pp->protocol == IPPROTO_TCP ||
 pp->protocol == IPPROTO_UDP ||
 pp->protocol == IPPROTO_SCTP)) {
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 13/84] ipvs: Pass ipvs not net to ip_vs_has_real_service

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 2 +-
 net/netfilter/ipvs/ip_vs_core.c | 6 --
 net/netfilter/ipvs/ip_vs_ctl.c  | 3 +--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 828b19b23e02..b93ee28fb011 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1413,7 +1413,7 @@ struct ip_vs_service *
 ip_vs_service_find(struct netns_ipvs *ipvs, int af, __u32 fwmark, __u16 
protocol,
  const union nf_inet_addr *vaddr, __be16 vport);
 
-bool ip_vs_has_real_service(struct net *net, int af, __u16 protocol,
+bool ip_vs_has_real_service(struct netns_ipvs *ipvs, int af, __u16 protocol,
const union nf_inet_addr *daddr, __be16 dport);
 
 int ip_vs_use_count_inc(void);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 583199c2bcdc..c22e0692e22d 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1186,6 +1186,7 @@ static unsigned int
 ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int af)
 {
struct net *net = NULL;
+   struct netns_ipvs *ipvs;
struct ip_vs_iphdr iph;
struct ip_vs_protocol *pp;
struct ip_vs_proto_data *pd;
@@ -1211,7 +1212,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int 
af)
return NF_ACCEPT;
 
net = skb_net(skb);
-   if (!net_ipvs(net)->enable)
+   ipvs = net_ipvs(net);
+   if (!ipvs->enable)
return NF_ACCEPT;
 
ip_vs_fill_iph_skb(af, skb, false, );
@@ -1269,7 +1271,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int 
af)
 sizeof(_ports), _ports, );
if (pptr == NULL)
return NF_ACCEPT;   /* Not for me */
-   if (ip_vs_has_real_service(net, af, iph.protocol, ,
+   if (ip_vs_has_real_service(ipvs, af, iph.protocol, ,
   pptr[0])) {
/*
 * Notify the real server: there is no
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index f9151d8ee1ac..c2f4694f626f 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -542,10 +542,9 @@ static void ip_vs_rs_unhash(struct ip_vs_dest *dest)
 }
 
 /* Check if real service by  is present */
-bool ip_vs_has_real_service(struct net *net, int af, __u16 protocol,
+bool ip_vs_has_real_service(struct netns_ipvs *ipvs, int af, __u16 protocol,
const union nf_inet_addr *daddr, __be16 dport)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
unsigned int hash;
struct ip_vs_dest *dest;
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 29/84] ipvs: Pass ipvs not net to ip_vs_genl_parse_service

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 4ca8d64ab6f1..1e3fc8962627 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3034,12 +3034,11 @@ nla_put_failure:
return skb->len;
 }
 
-static int ip_vs_genl_parse_service(struct net *net,
+static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs,
struct ip_vs_service_user_kern *usvc,
struct nlattr *nla, int full_entry,
struct ip_vs_service **ret_svc)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct nlattr *attrs[IPVS_SVC_ATTR_MAX + 1];
struct nlattr *nla_af, *nla_port, *nla_fwmark, *nla_protocol, *nla_addr;
struct ip_vs_service *svc;
@@ -3123,11 +3122,12 @@ static int ip_vs_genl_parse_service(struct net *net,
 static struct ip_vs_service *ip_vs_genl_find_service(struct net *net,
 struct nlattr *nla)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_service_user_kern usvc;
struct ip_vs_service *svc;
int ret;
 
-   ret = ip_vs_genl_parse_service(net, , nla, 0, );
+   ret = ip_vs_genl_parse_service(ipvs, , nla, 0, );
return ret ? ERR_PTR(ret) : svc;
 }
 
@@ -3538,7 +3538,7 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct 
genl_info *info)
if (cmd == IPVS_CMD_NEW_SERVICE || cmd == IPVS_CMD_SET_SERVICE)
need_full_svc = 1;
 
-   ret = ip_vs_genl_parse_service(net, ,
+   ret = ip_vs_genl_parse_service(ipvs, ,
   info->attrs[IPVS_CMD_ATTR_SERVICE],
   need_full_svc, );
if (ret)
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 46/84] ipvs: Pass ipvs not net to ip_vs_start_estimator aned ip_vs_stop_estimator

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h|  4 ++--
 net/netfilter/ipvs/ip_vs_ctl.c | 12 ++--
 net/netfilter/ipvs/ip_vs_est.c |  6 ++
 3 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index f3ddf7696d68..2d49357b328c 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1455,8 +1455,8 @@ int stop_sync_thread(struct netns_ipvs *ipvs, int state);
 void ip_vs_sync_conn(struct netns_ipvs *ipvs, struct ip_vs_conn *cp, int pkts);
 
 /* IPVS rate estimator prototypes (from ip_vs_est.c) */
-void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats);
-void ip_vs_stop_estimator(struct net *net, struct ip_vs_stats *stats);
+void ip_vs_start_estimator(struct netns_ipvs *ipvs, struct ip_vs_stats *stats);
+void ip_vs_stop_estimator(struct netns_ipvs *ipvs, struct ip_vs_stats *stats);
 void ip_vs_zero_estimator(struct ip_vs_stats *stats);
 void ip_vs_read_estimator(struct ip_vs_kstats *dst, struct ip_vs_stats *stats);
 
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 851bd121ed94..8eb5453a75f8 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -840,7 +840,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct 
ip_vs_dest *dest,
spin_unlock_bh(>dst_lock);
 
if (add) {
-   ip_vs_start_estimator(svc->ipvs->net, >stats);
+   ip_vs_start_estimator(svc->ipvs, >stats);
list_add_rcu(>n_list, >destinations);
svc->num_dests++;
sched = rcu_dereference_protected(svc->scheduler, 1);
@@ -1036,7 +1036,7 @@ ip_vs_edit_dest(struct ip_vs_service *svc, struct 
ip_vs_dest_user_kern *udest)
 static void __ip_vs_del_dest(struct netns_ipvs *ipvs, struct ip_vs_dest *dest,
 bool cleanup)
 {
-   ip_vs_stop_estimator(ipvs->net, >stats);
+   ip_vs_stop_estimator(ipvs, >stats);
 
/*
 *  Remove it from the d-linked list with the real services.
@@ -1254,7 +1254,7 @@ static int
else if (svc->port == 0)
atomic_inc(>nullsvc_counter);
 
-   ip_vs_start_estimator(ipvs->net, >stats);
+   ip_vs_start_estimator(ipvs, >stats);
 
/* Count only IPv4 services for old get/setsockopt interface */
if (svc->af == AF_INET)
@@ -1382,7 +1382,7 @@ static void __ip_vs_del_service(struct ip_vs_service 
*svc, bool cleanup)
if (svc->af == AF_INET)
ipvs->num_services--;
 
-   ip_vs_stop_estimator(svc->ipvs->net, >stats);
+   ip_vs_stop_estimator(svc->ipvs, >stats);
 
/* Unbind scheduler */
old_sched = rcu_dereference_protected(svc->scheduler, 1);
@@ -3917,7 +3917,7 @@ static int __net_init 
ip_vs_control_net_init_sysctl(struct net *net)
kfree(tbl);
return -ENOMEM;
}
-   ip_vs_start_estimator(net, >tot_stats);
+   ip_vs_start_estimator(ipvs, >tot_stats);
ipvs->sysctl_tbl = tbl;
/* Schedule defense work */
INIT_DELAYED_WORK(>defense_work, defense_work_handler);
@@ -3933,7 +3933,7 @@ static void __net_exit 
ip_vs_control_net_cleanup_sysctl(struct net *net)
cancel_delayed_work_sync(>defense_work);
cancel_work_sync(>defense_work.work);
unregister_net_sysctl_table(ipvs->sysctl_hdr);
-   ip_vs_stop_estimator(net, >tot_stats);
+   ip_vs_stop_estimator(ipvs, >tot_stats);
 
if (!net_eq(net, _net))
kfree(ipvs->sysctl_tbl);
diff --git a/net/netfilter/ipvs/ip_vs_est.c b/net/netfilter/ipvs/ip_vs_est.c
index ef0eb0a8d552..638a301f7ee4 100644
--- a/net/netfilter/ipvs/ip_vs_est.c
+++ b/net/netfilter/ipvs/ip_vs_est.c
@@ -140,9 +140,8 @@ static void estimation_timer(unsigned long arg)
mod_timer(>est_timer, jiffies + 2*HZ);
 }
 
-void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats)
+void ip_vs_start_estimator(struct netns_ipvs *ipvs, struct ip_vs_stats *stats)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_estimator *est = >est;
 
INIT_LIST_HEAD(>list);
@@ -152,9 +151,8 @@ void ip_vs_start_estimator(struct net *net, struct 
ip_vs_stats *stats)
spin_unlock_bh(>est_lock);
 }
 
-void ip_vs_stop_estimator(struct net *net, struct ip_vs_stats *stats)
+void ip_vs_stop_estimator(struct netns_ipvs *ipvs, struct ip_vs_stats *stats)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_estimator *est = >est;
 
spin_lock_bh(>est_lock);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 17/84] ipvs: Pass ipvs not net to ip_vs_dest_trash_expire

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 4f08611347a2..9169a27be6e7 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1124,8 +1124,7 @@ ip_vs_del_dest(struct ip_vs_service *svc, struct 
ip_vs_dest_user_kern *udest)
 
 static void ip_vs_dest_trash_expire(unsigned long data)
 {
-   struct net *net = (struct net *) data;
-   struct netns_ipvs *ipvs = net_ipvs(net);
+   struct netns_ipvs *ipvs = (struct netns_ipvs *)data;
struct ip_vs_dest *dest, *next;
unsigned long now = jiffies;
 
@@ -3966,7 +3965,7 @@ int __net_init ip_vs_control_net_init(struct net *net)
INIT_LIST_HEAD(>dest_trash);
spin_lock_init(>dest_trash_lock);
setup_timer(>dest_trash_timer, ip_vs_dest_trash_expire,
-   (unsigned long) net);
+   (unsigned long) ipvs);
atomic_set(>ftpsvc_counter, 0);
atomic_set(>nullsvc_counter, 0);
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 32/84] ipvs: Pass ipvs not net to ip_vs_genl_del_daemon

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 30ed3a93bf22..6a8238adda02 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3439,16 +3439,15 @@ static int ip_vs_genl_new_daemon(struct netns_ipvs 
*ipvs, struct nlattr **attrs)
return ret;
 }
 
-static int ip_vs_genl_del_daemon(struct net *net, struct nlattr **attrs)
+static int ip_vs_genl_del_daemon(struct netns_ipvs *ipvs, struct nlattr 
**attrs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
int ret;
 
if (!attrs[IPVS_DAEMON_ATTR_STATE])
return -EINVAL;
 
mutex_lock(>sync_mutex);
-   ret = stop_sync_thread(net,
+   ret = stop_sync_thread(ipvs->net,
   nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
mutex_unlock(>sync_mutex);
return ret;
@@ -3496,7 +3495,7 @@ static int ip_vs_genl_set_daemon(struct sk_buff *skb, 
struct genl_info *info)
if (cmd == IPVS_CMD_NEW_DAEMON)
ret = ip_vs_genl_new_daemon(ipvs, daemon_attrs);
else
-   ret = ip_vs_genl_del_daemon(net, daemon_attrs);
+   ret = ip_vs_genl_del_daemon(ipvs, daemon_attrs);
}
 
 out:
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 69/84] ipvs: Pass ipvs into __ip_vs_get_out_rt_v6

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_xmit.c | 21 +
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 5cfd914d9a39..13a678a63ed5 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -404,11 +404,12 @@ out_err:
  * Get route to destination or remote server
  */
 static int
-__ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
+__ip_vs_get_out_rt_v6(struct netns_ipvs *ipvs, int skb_af, struct sk_buff *skb,
+ struct ip_vs_dest *dest,
  struct in6_addr *daddr, struct in6_addr *ret_saddr,
  struct ip_vs_iphdr *ipvsh, int do_xfrm, int rt_mode)
 {
-   struct net *net = dev_net(skb_dst(skb)->dev);
+   struct net *net = ipvs->net;
struct ip_vs_dest_dst *dest_dst;
struct rt6_info *rt;/* Route to the other host */
struct dst_entry *dst;
@@ -663,7 +664,8 @@ ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn 
*cp,
EnterFunction(10);
 
rcu_read_lock();
-   if (__ip_vs_get_out_rt_v6(cp->af, skb, NULL, >daddr, NULL,
+   if (__ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, NULL,
+ >daddr, NULL,
  ipvsh, 0, IP_VS_RT_MODE_NON_LOCAL) < 0)
goto tx_error;
 
@@ -799,7 +801,8 @@ ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn 
*cp,
IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
}
 
-   local = __ip_vs_get_out_rt_v6(cp->af, skb, cp->dest, >daddr.in6,
+   local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest,
+ >daddr.in6,
  NULL, ipvsh, 0,
  IP_VS_RT_MODE_LOCAL |
  IP_VS_RT_MODE_NON_LOCAL |
@@ -1083,7 +1086,8 @@ ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct 
ip_vs_conn *cp,
EnterFunction(10);
 
rcu_read_lock();
-   local = __ip_vs_get_out_rt_v6(cp->af, skb, cp->dest, >daddr.in6,
+   local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest,
+ >daddr.in6,
  , ipvsh, 1,
  IP_VS_RT_MODE_LOCAL |
  IP_VS_RT_MODE_NON_LOCAL |
@@ -1209,7 +1213,8 @@ ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn 
*cp,
EnterFunction(10);
 
rcu_read_lock();
-   local = __ip_vs_get_out_rt_v6(cp->af, skb, cp->dest, >daddr.in6,
+   local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest,
+ >daddr.in6,
  NULL, ipvsh, 0,
  IP_VS_RT_MODE_LOCAL |
  IP_VS_RT_MODE_NON_LOCAL |
@@ -1370,8 +1375,8 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn 
*cp,
  IP_VS_RT_MODE_LOCAL | IP_VS_RT_MODE_NON_LOCAL |
  IP_VS_RT_MODE_RDR : IP_VS_RT_MODE_NON_LOCAL;
rcu_read_lock();
-   local = __ip_vs_get_out_rt_v6(cp->af, skb, cp->dest, >daddr.in6,
- NULL, ipvsh, 0, rt_mode);
+   local = __ip_vs_get_out_rt_v6(cp->ipvs, cp->af, skb, cp->dest,
+ >daddr.in6, NULL, ipvsh, 0, rt_mode);
if (local < 0)
goto tx_error;
rt = (struct rt6_info *) skb_dst(skb);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 34/84] ipvs: Pass ipvs not net to stop_sync_thread

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 2 +-
 net/netfilter/ipvs/ip_vs_ctl.c  | 4 ++--
 net/netfilter/ipvs/ip_vs_sync.c | 7 +++
 3 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index dd7cd3a48fd4..71f4d338c208 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1451,7 +1451,7 @@ static inline void ip_vs_dest_put_and_free(struct 
ip_vs_dest *dest)
  */
 int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg 
*cfg,
  int state);
-int stop_sync_thread(struct net *net, int state);
+int stop_sync_thread(struct netns_ipvs *ipvs, int state);
 void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp, int pkts);
 
 /* IPVS rate estimator prototypes (from ip_vs_est.c) */
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 07106bfe2ac4..85a2f2699a18 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2355,7 +2355,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
rtnl_unlock();
} else {
mutex_lock(>sync_mutex);
-   ret = stop_sync_thread(net, dm->state);
+   ret = stop_sync_thread(ipvs, dm->state);
mutex_unlock(>sync_mutex);
}
goto out_dec;
@@ -3447,7 +3447,7 @@ static int ip_vs_genl_del_daemon(struct netns_ipvs *ipvs, 
struct nlattr **attrs)
return -EINVAL;
 
mutex_lock(>sync_mutex);
-   ret = stop_sync_thread(ipvs->net,
+   ret = stop_sync_thread(ipvs,
   nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
mutex_unlock(>sync_mutex);
return ret;
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 90c455c0b42b..0b2e01aa764a 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1946,9 +1946,8 @@ out:
 }
 
 
-int stop_sync_thread(struct net *net, int state)
+int stop_sync_thread(struct netns_ipvs *ipvs, int state)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct task_struct **array;
int id;
int retc = -EINVAL;
@@ -2030,11 +2029,11 @@ void ip_vs_sync_net_cleanup(struct net *net)
struct netns_ipvs *ipvs = net_ipvs(net);
 
mutex_lock(>sync_mutex);
-   retc = stop_sync_thread(net, IP_VS_STATE_MASTER);
+   retc = stop_sync_thread(ipvs, IP_VS_STATE_MASTER);
if (retc && retc != -ESRCH)
pr_err("Failed to stop Master Daemon\n");
 
-   retc = stop_sync_thread(net, IP_VS_STATE_BACKUP);
+   retc = stop_sync_thread(ipvs, IP_VS_STATE_BACKUP);
if (retc && retc != -ESRCH)
pr_err("Failed to stop Backup Daemon\n");
mutex_unlock(>sync_mutex);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 30/84] ipvs: Pass ipvs not net to ip_vs_genl_find_service

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 1e3fc8962627..9dab372ceedb 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3119,10 +3119,9 @@ static int ip_vs_genl_parse_service(struct netns_ipvs 
*ipvs,
return 0;
 }
 
-static struct ip_vs_service *ip_vs_genl_find_service(struct net *net,
+static struct ip_vs_service *ip_vs_genl_find_service(struct netns_ipvs *ipvs,
 struct nlattr *nla)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_service_user_kern usvc;
struct ip_vs_service *svc;
int ret;
@@ -3203,6 +3202,7 @@ static int ip_vs_genl_dump_dests(struct sk_buff *skb,
struct ip_vs_dest *dest;
struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1];
struct net *net = skb_sknet(skb);
+   struct netns_ipvs *ipvs = net_ipvs(net);
 
mutex_lock(&__ip_vs_mutex);
 
@@ -3212,7 +3212,7 @@ static int ip_vs_genl_dump_dests(struct sk_buff *skb,
goto out_err;
 
 
-   svc = ip_vs_genl_find_service(net, attrs[IPVS_CMD_ATTR_SERVICE]);
+   svc = ip_vs_genl_find_service(ipvs, attrs[IPVS_CMD_ATTR_SERVICE]);
if (IS_ERR(svc) || svc == NULL)
goto out_err;
 
@@ -3668,7 +3668,7 @@ static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct 
genl_info *info)
{
struct ip_vs_service *svc;
 
-   svc = ip_vs_genl_find_service(net,
+   svc = ip_vs_genl_find_service(ipvs,
  
info->attrs[IPVS_CMD_ATTR_SERVICE]);
if (IS_ERR(svc)) {
ret = PTR_ERR(svc);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 63/84] ipvs: Pass ipvs not net to ip_vs_conn_hashkey

[Eric W. Biederman]

Use the address of struct netns_ipvs in the hash not the address of
struct net.  Both addresses are equally valid candidates and by using
the address of struct netns_ipvs there becomes no need deal with
struct net in this part of the code.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_conn.c | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 70ad51050cd8..76cdb6c06a52 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -108,7 +108,7 @@ static inline void ct_write_unlock_bh(unsigned int key)
 /*
  * Returns hash value for IPVS connection entry
  */
-static unsigned int ip_vs_conn_hashkey(struct net *net, int af, unsigned int 
proto,
+static unsigned int ip_vs_conn_hashkey(struct netns_ipvs *ipvs, int af, 
unsigned int proto,
   const union nf_inet_addr *addr,
   __be16 port)
 {
@@ -116,11 +116,11 @@ static unsigned int ip_vs_conn_hashkey(struct net *net, 
int af, unsigned int pro
if (af == AF_INET6)
return (jhash_3words(jhash(addr, 16, ip_vs_conn_rnd),
(__force u32)port, proto, ip_vs_conn_rnd) ^
-   ((size_t)net>>8)) & ip_vs_conn_tab_mask;
+   ((size_t)ipvs>>8)) & ip_vs_conn_tab_mask;
 #endif
return (jhash_3words((__force u32)addr->ip, (__force u32)port, proto,
ip_vs_conn_rnd) ^
-   ((size_t)net>>8)) & ip_vs_conn_tab_mask;
+   ((size_t)ipvs>>8)) & ip_vs_conn_tab_mask;
 }
 
 static unsigned int ip_vs_conn_hashkey_param(const struct ip_vs_conn_param *p,
@@ -141,7 +141,7 @@ static unsigned int ip_vs_conn_hashkey_param(const struct 
ip_vs_conn_param *p,
port = p->vport;
}
 
-   return ip_vs_conn_hashkey(p->ipvs->net, p->af, p->protocol, addr, port);
+   return ip_vs_conn_hashkey(p->ipvs, p->af, p->protocol, addr, port);
 }
 
 static unsigned int ip_vs_conn_hashkey_conn(const struct ip_vs_conn *cp)
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 73/84] ipvs: Simplify ipvs and net access in ip_vs_leave

[Eric W. Biederman]

Stop using the hack skb_net(skb) to compute the network namespace.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 8 ++--
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 7e9ee1dece19..15661691bf7d 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -568,21 +568,17 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff 
*skb,
struct ip_vs_proto_data *pd, struct ip_vs_iphdr *iph)
 {
__be16 _ports[2], *pptr, dport;
-   struct net *net;
-   struct netns_ipvs *ipvs;
+   struct netns_ipvs *ipvs = svc->ipvs;
+   struct net *net = ipvs->net;
 
pptr = frag_safe_skb_hp(skb, iph->len, sizeof(_ports), _ports, iph);
if (!pptr)
return NF_DROP;
dport = likely(!ip_vs_iph_inverse(iph)) ? pptr[1] : pptr[0];
 
-   net = skb_net(skb);
-
-
/* if it is fwmark-based service, the cache_bypass sysctl is up
   and the destination is a non-local unicast, then create
   a cache_bypass connection entry */
-   ipvs = net_ipvs(net);
if (sysctl_cache_bypass(ipvs) && svc->fwmark &&
!(iph->hdr_flags & (IP_VS_HDR_INVERSE | IP_VS_HDR_ICMP)) &&
ip_vs_addr_is_unicast(net, svc->af, >daddr)) {
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch net-next RFC 0/6] switchdev: introduce tranction enfra and for pre-commit split

[Jiri Pirko]

Sat, Sep 19, 2015 at 07:46:14PM CEST, sfel...@gmail.com wrote:
>On Sat, Sep 19, 2015 at 5:29 AM, Jiri Pirko  wrote:
>> Jiri Pirko (6):
>>   switchdev: rename "trans" to "trans_ph".
>>   switchdev: introduce transaction infrastructure for attr_set and
>> obj_add
>>   rocker: switch to local transaction phase enum
>>   switchdev: move transaction phase enum under transaction structure
>>   rocker: use switchdev transaction queue for allocated memory
>>   switchdev: split commit and prepare phase into two callbacks
>
>Whew, that's a lot of work!  Seems like a good idea to up-level this
>for other drivers to share.  Let me apply the patches and run my tests
>and get back to you.

Expect some blow-ups. Untested. Will test, fix some spelling issues and
post v1, most probably during Monday.

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch net-next RFC 0/6] switchdev: introduce tranction enfra and for pre-commit split

[Jiri Pirko]

Sat, Sep 19, 2015 at 09:02:00PM CEST, vivien.dide...@savoirfairelinux.com wrote:
>Hi Jiri,
>
>On Sep. Saturday 19 (38) 06:23 PM, Jiri Pirko wrote:
>> Sat, Sep 19, 2015 at 03:35:51PM CEST, rami.ro...@intel.com wrote:
>> >Hi,
>> >
>> >>introduce tranction enfra and for pre-commit split
>> >
>> >Typo:
>> >Instead "tranction enfra" should be "transaction infrastructure".
>> 
>> Will fix. Thanks!
>
>Just being picky, there are a couple more typos in:
>
>2/6: s/separatelly/separately/
>6/6: s/nore/more/ and s/separete/separate/


Will fix. Thanks!

>
>
>Thanks,
>-v
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [patch net-next RFC 3/6] rocker: switch to local transaction phase enum

[Jiri Pirko]

Sat, Sep 19, 2015 at 09:25:04PM CEST, vivien.dide...@savoirfairelinux.com wrote:
>Hi Jiri,
>
>On Sep. Saturday 19 (38) 02:29 PM, Jiri Pirko wrote:
>> Since switchdev_trans_ph anum is going to be removed, and rocker code is
>> way too complicated in this matter to be converted, just introduce local
>> enum for transaction phase. Pass it around in local transaction
>> structure.
>
>I missed this typo here: s/anum/enum/.
>
>> Signed-off-by: Jiri Pirko 
>
>I found the renaming trick is a bit hard to follow. I am wondering if
>this patch could be used first and drop patch 1/6?
>
>That way, you can first add the rocker_trans structure and set its ph
>member to obj->trans in obj_add/attr_set, then the following patch
>(currently 2/6) would just assign it to the new trans parameter.

That could work locally for rocker, but for the rest of the code, I
belive it would not. Anyway, the result would be the same.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 47/84] ipvs: Pass ipvs not net to ip_vs_random_drop_entry

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 2 +-
 net/netfilter/ipvs/ip_vs_conn.c | 4 ++--
 net/netfilter/ipvs/ip_vs_ctl.c  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 2d49357b328c..c88a3bf85f98 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1258,7 +1258,7 @@ const char *ip_vs_state_name(__u16 proto, int state);
 
 void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp);
 int ip_vs_check_template(struct ip_vs_conn *ct);
-void ip_vs_random_dropentry(struct net *net);
+void ip_vs_random_dropentry(struct netns_ipvs *ipvs);
 int ip_vs_conn_init(void);
 void ip_vs_conn_cleanup(void);
 
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 5d001f410fc5..3917ea1b20df 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -1239,7 +1239,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp)
 }
 
 /* Called from keventd and must protect itself from softirqs */
-void ip_vs_random_dropentry(struct net *net)
+void ip_vs_random_dropentry(struct netns_ipvs *ipvs)
 {
int idx;
struct ip_vs_conn *cp, *cp_c;
@@ -1255,7 +1255,7 @@ void ip_vs_random_dropentry(struct net *net)
if (cp->flags & IP_VS_CONN_F_TEMPLATE)
/* connection template */
continue;
-   if (!net_eq(cp->ipvs->net, net))
+   if (cp->ipvs != ipvs)
continue;
if (cp->protocol == IPPROTO_TCP) {
switch(cp->state) {
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 8eb5453a75f8..67278c6e41a3 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -228,7 +228,7 @@ static void defense_work_handler(struct work_struct *work)
 
update_defense_level(ipvs);
if (atomic_read(>dropentry))
-   ip_vs_random_dropentry(ipvs->net);
+   ip_vs_random_dropentry(ipvs);
schedule_delayed_work(>defense_work, DEFENSE_TIMER_PERIOD);
 }
 #endif
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 15/84] ipvs: Pass ipvs not net to ip_vs_trash_cleanup

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 186e49c111f3..ee2ec40d0f12 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -713,10 +713,9 @@ static void ip_vs_dest_free(struct ip_vs_dest *dest)
  *  are expired, and the refcnt of each destination in the trash must
  *  be 0, so we simply release them here.
  */
-static void ip_vs_trash_cleanup(struct net *net)
+static void ip_vs_trash_cleanup(struct netns_ipvs *ipvs)
 {
struct ip_vs_dest *dest, *nxt;
-   struct netns_ipvs *ipvs = net_ipvs(net);
 
del_timer_sync(>dest_trash_timer);
/* No need to use dest_trash_lock */
@@ -4005,7 +4004,7 @@ void __net_exit ip_vs_control_net_cleanup(struct net *net)
 {
struct netns_ipvs *ipvs = net_ipvs(net);
 
-   ip_vs_trash_cleanup(net);
+   ip_vs_trash_cleanup(ipvs);
ip_vs_control_net_cleanup_sysctl(net);
remove_proc_entry("ip_vs_stats_percpu", net->proc_net);
remove_proc_entry("ip_vs_stats", net->proc_net);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 35/84] ipvs: Pass ipvs not net to make_send_sock

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_sync.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 0b2e01aa764a..dc987762ca2c 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1493,16 +1493,15 @@ static void get_mcast_sockaddr(union ipvs_sockaddr *sa, 
int *salen,
 /*
  *  Set up sending multicast socket over UDP
  */
-static struct socket *make_send_sock(struct net *net, int id)
+static struct socket *make_send_sock(struct netns_ipvs *ipvs, int id)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
/* multicast addr */
union ipvs_sockaddr mcast_addr;
struct socket *sock;
int result, salen;
 
/* First create a socket */
-   result = sock_create_kern(net, ipvs->mcfg.mcast_af, SOCK_DGRAM,
+   result = sock_create_kern(ipvs->net, ipvs->mcfg.mcast_af, SOCK_DGRAM,
  IPPROTO_UDP, );
if (result < 0) {
pr_err("Error during creation of socket; terminating\n");
@@ -1872,7 +1871,7 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct 
ipvs_sync_daemon_cfg *c,
tinfo = NULL;
for (id = 0; id < count; id++) {
if (state == IP_VS_STATE_MASTER)
-   sock = make_send_sock(ipvs->net, id);
+   sock = make_send_sock(ipvs, id);
else
sock = make_receive_sock(ipvs->net, id);
if (IS_ERR(sock)) {
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 77/84] ipvs: Pass ipvs into ip_vs_in_icmp and ip_vs_in_icmp_v6

[Eric W. Biederman]

With ipvs passed into ip_vs_in_icmp and ip_vs_in_icmp_v6
they no longer need to call the hack that is skb_net.

Additionally ipvs_in_icmp no longer needs to call dev_net(skb->dev)
and can use the ipvs->net instead.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_core.c | 36 ++--
 1 file changed, 14 insertions(+), 22 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 3ab96bdc66fd..0304c7cbb786 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1388,10 +1388,9 @@ ip_vs_try_to_schedule(struct netns_ipvs *ipvs, int af, 
struct sk_buff *skb,
  * Currently handles error types - unreachable, quench, ttl exceeded.
  */
 static int
-ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
+ip_vs_in_icmp(struct netns_ipvs *ipvs, struct sk_buff *skb, int *related,
+ unsigned int hooknum)
 {
-   struct net *net = NULL;
-   struct netns_ipvs *ipvs;
struct iphdr *iph;
struct icmphdr  _icmph, *ic;
struct iphdr_ciph, *cih;/* The ip header contained within the 
ICMP */
@@ -1440,9 +1439,6 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned 
int hooknum)
if (cih == NULL)
return NF_ACCEPT; /* The packet looks wrong, ignore */
 
-   net = skb_net(skb);
-   ipvs = net_ipvs(net);
-
/* Special case for errors for IPIP packets */
ipip = false;
if (cih->protocol == IPPROTO_IPIP) {
@@ -1520,7 +1516,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned 
int hooknum)
skb_reset_network_header(skb);
IP_VS_DBG(12, "ICMP for IPIP %pI4->%pI4: mtu=%u\n",
_hdr(skb)->saddr, _hdr(skb)->daddr, mtu);
-   ipv4_update_pmtu(skb, dev_net(skb->dev),
+   ipv4_update_pmtu(skb, ipvs->net,
 mtu, 0, 0, 0, 0);
/* Client uses PMTUD? */
if (!(frag_off & htons(IP_DF)))
@@ -1575,11 +1571,10 @@ out:
 }
 
 #ifdef CONFIG_IP_VS_IPV6
-static int ip_vs_in_icmp_v6(struct sk_buff *skb, int *related,
-   unsigned int hooknum, struct ip_vs_iphdr *iph)
+static int ip_vs_in_icmp_v6(struct netns_ipvs *ipvs, struct sk_buff *skb,
+   int *related, unsigned int hooknum,
+   struct ip_vs_iphdr *iph)
 {
-   struct net *net = NULL;
-   struct netns_ipvs *ipvs;
struct icmp6hdr _icmph, *ic;
struct ip_vs_iphdr ciph = {.flags = 0, .fragoffs = 0};/*Contained IP */
struct ip_vs_conn *cp;
@@ -1619,8 +1614,6 @@ static int ip_vs_in_icmp_v6(struct sk_buff *skb, int 
*related,
if (!ip_vs_fill_iph_skb_icmp(AF_INET6, skb, offset, true, ))
return NF_ACCEPT;
 
-   net = skb_net(skb);
-   ipvs = net_ipvs(net);
pd = ip_vs_proto_data_get(ipvs, ciph.protocol);
if (!pd)
return NF_ACCEPT;
@@ -1732,8 +1725,8 @@ ip_vs_in(struct netns_ipvs *ipvs, unsigned int hooknum, 
struct sk_buff *skb, int
if (af == AF_INET6) {
if (unlikely(iph.protocol == IPPROTO_ICMPV6)) {
int related;
-   int verdict = ip_vs_in_icmp_v6(skb, , hooknum,
-  );
+   int verdict = ip_vs_in_icmp_v6(ipvs, skb, ,
+  hooknum, );
 
if (related)
return verdict;
@@ -1742,7 +1735,8 @@ ip_vs_in(struct netns_ipvs *ipvs, unsigned int hooknum, 
struct sk_buff *skb, int
 #endif
if (unlikely(iph.protocol == IPPROTO_ICMP)) {
int related;
-   int verdict = ip_vs_in_icmp(skb, , hooknum);
+   int verdict = ip_vs_in_icmp(ipvs, skb, ,
+   hooknum);
 
if (related)
return verdict;
@@ -1895,17 +1889,16 @@ ip_vs_forward_icmp(void *priv, struct sk_buff *skb,
   const struct nf_hook_state *state)
 {
int r;
-   struct netns_ipvs *ipvs;
+   struct netns_ipvs *ipvs = net_ipvs(state->net);
 
if (ip_hdr(skb)->protocol != IPPROTO_ICMP)
return NF_ACCEPT;
 
/* ipvs enabled in this netns ? */
-   ipvs = net_ipvs(state->net);
if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable))
return NF_ACCEPT;
 
-   return ip_vs_in_icmp(skb, , state->hook);
+   return ip_vs_in_icmp(ipvs, skb, , state->hook);
 }
 
 #ifdef CONFIG_IP_VS_IPV6
@@ -1914,7 +1907,7 @@ ip_vs_forward_icmp_v6(void *priv, struct sk_buff *skb,
  const struct nf_hook_state *state)
 {
int r;
- 

[PATCH next 12/84] ipvs: Pass ipvs not net to ipvs_service_find

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h   | 2 +-
 net/netfilter/ipvs/ip_vs_ctl.c| 5 ++---
 net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 ++--
 net/netfilter/ipvs/ip_vs_proto_tcp.c  | 4 ++--
 net/netfilter/ipvs/ip_vs_proto_udp.c  | 6 --
 5 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 2c22380b9ad7..828b19b23e02 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1410,7 +1410,7 @@ extern struct ip_vs_stats ip_vs_stats;
 extern int sysctl_ip_vs_sync_ver;
 
 struct ip_vs_service *
-ip_vs_service_find(struct net *net, int af, __u32 fwmark, __u16 protocol,
+ip_vs_service_find(struct netns_ipvs *ipvs, int af, __u32 fwmark, __u16 
protocol,
  const union nf_inet_addr *vaddr, __be16 vport);
 
 bool ip_vs_has_real_service(struct net *net, int af, __u16 protocol,
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 9a56256502b6..f9151d8ee1ac 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -406,11 +406,10 @@ __ip_vs_svc_fwm_find(struct netns_ipvs *ipvs, int af, 
__u32 fwmark)
 
 /* Find service, called under RCU lock */
 struct ip_vs_service *
-ip_vs_service_find(struct net *net, int af, __u32 fwmark, __u16 protocol,
+ip_vs_service_find(struct netns_ipvs *ipvs, int af, __u32 fwmark, __u16 
protocol,
   const union nf_inet_addr *vaddr, __be16 vport)
 {
struct ip_vs_service *svc;
-   struct netns_ipvs *ipvs = net_ipvs(net);
 
/*
 *  Check the table hashed by fwmark first
@@ -612,7 +611,7 @@ struct ip_vs_dest *ip_vs_find_dest(struct net  *net, int 
svc_af, int dest_af,
struct ip_vs_service *svc;
__be16 port = dport;
 
-   svc = ip_vs_service_find(net, svc_af, fwmark, protocol, vaddr, vport);
+   svc = ip_vs_service_find(net_ipvs(net), svc_af, fwmark, protocol, 
vaddr, vport);
if (!svc)
return NULL;
if (fwmark && (flags & IP_VS_CONN_F_FWD_MASK) != IP_VS_CONN_F_MASQ)
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c 
b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index ce615866bd63..373a4751c328 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -45,10 +45,10 @@ sctp_conn_schedule(int af, struct sk_buff *skb, struct 
ip_vs_proto_data *pd,
 
rcu_read_lock();
if (likely(!ip_vs_iph_inverse(iph)))
-   svc = ip_vs_service_find(net, af, skb->mark, iph->protocol,
+   svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
 >daddr, ports[1]);
else
-   svc = ip_vs_service_find(net, af, skb->mark, iph->protocol,
+   svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
 >saddr, ports[0]);
if (svc) {
int ignored;
diff --git a/net/netfilter/ipvs/ip_vs_proto_tcp.c 
b/net/netfilter/ipvs/ip_vs_proto_tcp.c
index e00623a88518..48af3ca6be03 100644
--- a/net/netfilter/ipvs/ip_vs_proto_tcp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_tcp.c
@@ -70,10 +70,10 @@ tcp_conn_schedule(int af, struct sk_buff *skb, struct 
ip_vs_proto_data *pd,
rcu_read_lock();
 
if (likely(!ip_vs_iph_inverse(iph)))
-   svc = ip_vs_service_find(net, af, skb->mark, iph->protocol,
+   svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
 >daddr, ports[1]);
else
-   svc = ip_vs_service_find(net, af, skb->mark, iph->protocol,
+   svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
 >saddr, ports[0]);
 
if (svc) {
diff --git a/net/netfilter/ipvs/ip_vs_proto_udp.c 
b/net/netfilter/ipvs/ip_vs_proto_udp.c
index 3b0a2dc1826b..e9f5f7e30bef 100644
--- a/net/netfilter/ipvs/ip_vs_proto_udp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_udp.c
@@ -34,6 +34,7 @@ udp_conn_schedule(int af, struct sk_buff *skb, struct 
ip_vs_proto_data *pd,
  struct ip_vs_iphdr *iph)
 {
struct net *net;
+   struct netns_ipvs *ipvs;
struct ip_vs_service *svc;
struct udphdr _udph, *uh;
__be16 _ports[2], *ports = NULL;
@@ -54,12 +55,13 @@ udp_conn_schedule(int af, struct sk_buff *skb, struct 
ip_vs_proto_data *pd,
}
 
net = skb_net(skb);
+   ipvs = net_ipvs(net);
rcu_read_lock();
if (likely(!ip_vs_iph_inverse(iph)))
-   svc = ip_vs_service_find(net, af, skb->mark, iph->protocol,
+   svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
 >daddr, ports[1]);
else
-   svc = ip_vs_service_find(net, af, skb->mark, iph->protocol,
+   svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
 

[PATCH next 44/84] ipvs: Pass ipvs not net to ip_vs_sync_net_cleanup

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 2 +-
 net/netfilter/ipvs/ip_vs_core.c | 5 +++--
 net/netfilter/ipvs/ip_vs_sync.c | 3 +--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 47a4cddb7c33..f3ddf7696d68 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1334,7 +1334,7 @@ void ip_vs_app_net_cleanup(struct net *net);
 void ip_vs_protocol_net_cleanup(struct net *net);
 void ip_vs_control_net_cleanup(struct net *net);
 void ip_vs_estimator_net_cleanup(struct net *net);
-void ip_vs_sync_net_cleanup(struct net *net);
+void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs);
 
 /* IPVS application functions
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 5a5a6d63b3d9..cae395fc6523 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -2128,10 +2128,11 @@ static void __net_exit __ip_vs_cleanup(struct net *net)
 
 static void __net_exit __ip_vs_dev_cleanup(struct net *net)
 {
+   struct netns_ipvs *ipvs = net_ipvs(net);
EnterFunction(2);
-   net_ipvs(net)->enable = 0;  /* Disable packet reception */
+   ipvs->enable = 0;   /* Disable packet reception */
smp_wmb();
-   ip_vs_sync_net_cleanup(net);
+   ip_vs_sync_net_cleanup(ipvs);
LeaveFunction(2);
 }
 
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 11b4f17e2e1a..803001a45aa1 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -2015,10 +2015,9 @@ int __net_init ip_vs_sync_net_init(struct netns_ipvs 
*ipvs)
return 0;
 }
 
-void ip_vs_sync_net_cleanup(struct net *net)
+void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs)
 {
int retc;
-   struct netns_ipvs *ipvs = net_ipvs(net);
 
mutex_lock(>sync_mutex);
retc = stop_sync_thread(ipvs, IP_VS_STATE_MASTER);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 57/84] ipvs: Pass ipvs not net into ip_vs_app_net_init and ip_vs_app_net_cleanup

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 4 ++--
 net/netfilter/ipvs/ip_vs_app.c  | 9 +
 net/netfilter/ipvs/ip_vs_core.c | 6 +++---
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 5caafed5af2e..728a670d69fd 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1326,11 +1326,11 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct 
ip_vs_conn *ctl_cp)
 int ip_vs_estimator_net_init(struct netns_ipvs *ipvs);
 int ip_vs_control_net_init(struct netns_ipvs *ipvs);
 int ip_vs_protocol_net_init(struct net *net);
-int ip_vs_app_net_init(struct net *net);
+int ip_vs_app_net_init(struct netns_ipvs *ipvs);
 int ip_vs_conn_net_init(struct net *net);
 int ip_vs_sync_net_init(struct netns_ipvs *ipvs);
 void ip_vs_conn_net_cleanup(struct net *net);
-void ip_vs_app_net_cleanup(struct net *net);
+void ip_vs_app_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_protocol_net_cleanup(struct net *net);
 void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_estimator_net_cleanup(struct netns_ipvs *ipvs);
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index cb1246912f0f..0328f7250693 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -603,18 +603,19 @@ static const struct file_operations ip_vs_app_fops = {
 };
 #endif
 
-int __net_init ip_vs_app_net_init(struct net *net)
+int __net_init ip_vs_app_net_init(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
+   struct net *net = ipvs->net;
 
INIT_LIST_HEAD(>app_list);
proc_create("ip_vs_app", 0, net->proc_net, _vs_app_fops);
return 0;
 }
 
-void __net_exit ip_vs_app_net_cleanup(struct net *net)
+void __net_exit ip_vs_app_net_cleanup(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
+   struct net *net = ipvs->net;
+
unregister_ip_vs_app(ipvs, NULL /* all */);
remove_proc_entry("ip_vs_app", net->proc_net);
 }
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index ec6f022fba6a..01398eb757fa 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -2081,7 +2081,7 @@ static int __net_init __ip_vs_init(struct net *net)
if (ip_vs_protocol_net_init(net) < 0)
goto protocol_fail;
 
-   if (ip_vs_app_net_init(net) < 0)
+   if (ip_vs_app_net_init(ipvs) < 0)
goto app_fail;
 
if (ip_vs_conn_net_init(net) < 0)
@@ -2100,7 +2100,7 @@ static int __net_init __ip_vs_init(struct net *net)
 sync_fail:
ip_vs_conn_net_cleanup(net);
 conn_fail:
-   ip_vs_app_net_cleanup(net);
+   ip_vs_app_net_cleanup(ipvs);
 app_fail:
ip_vs_protocol_net_cleanup(net);
 protocol_fail:
@@ -2118,7 +2118,7 @@ static void __net_exit __ip_vs_cleanup(struct net *net)
 
ip_vs_service_net_cleanup(ipvs);/* ip_vs_flush() with locks */
ip_vs_conn_net_cleanup(net);
-   ip_vs_app_net_cleanup(net);
+   ip_vs_app_net_cleanup(ipvs);
ip_vs_protocol_net_cleanup(net);
ip_vs_control_net_cleanup(ipvs);
ip_vs_estimator_net_cleanup(ipvs);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 39/84] ipvs: Pass ipvs not net to ip_vs_sync_conn_v0

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_sync.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 280e1c03e598..58ec7850ab06 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -533,10 +533,9 @@ set:
  *  Version 0 , could be switched in by sys_ctl.
  *  Add an ip_vs_conn information into the current sync_buff.
  */
-static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp,
+static void ip_vs_sync_conn_v0(struct netns_ipvs *ipvs, struct ip_vs_conn *cp,
   int pkts)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_sync_mesg_v0 *m;
struct ip_vs_sync_conn_v0 *s;
struct ip_vs_sync_buff *buff;
@@ -615,7 +614,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct 
ip_vs_conn *cp,
pkts = atomic_add_return(1, >in_pkts);
else
pkts = sysctl_sync_threshold(ipvs);
-   ip_vs_sync_conn(net, cp, pkts);
+   ip_vs_sync_conn(ipvs->net, cp, pkts);
}
 }
 
@@ -637,7 +636,7 @@ void ip_vs_sync_conn(struct net *net, struct ip_vs_conn 
*cp, int pkts)
 
/* Handle old version of the protocol */
if (sysctl_sync_ver(ipvs) == 0) {
-   ip_vs_sync_conn_v0(net, cp, pkts);
+   ip_vs_sync_conn_v0(ipvs, cp, pkts);
return;
}
/* Do not sync ONE PACKET */
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 19/84] ipvs: Pass ipvs not net to ip_vs_add_service

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index b192bb45f697..7f0635242c7f 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -1157,14 +1157,13 @@ static void ip_vs_dest_trash_expire(unsigned long data)
  * Add a service into the service hash table
  */
 static int
-ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u,
+ ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u,
  struct ip_vs_service **svc_p)
 {
int ret = 0, i;
struct ip_vs_scheduler *sched = NULL;
struct ip_vs_pe *pe = NULL;
struct ip_vs_service *svc = NULL;
-   struct netns_ipvs *ipvs = net_ipvs(net);
 
/* increase the module use count */
ip_vs_use_count_inc();
@@ -1255,7 +1254,7 @@ ip_vs_add_service(struct net *net, struct 
ip_vs_service_user_kern *u,
else if (svc->port == 0)
atomic_inc(>nullsvc_counter);
 
-   ip_vs_start_estimator(net, >stats);
+   ip_vs_start_estimator(ipvs->net, >stats);
 
/* Count only IPv4 services for old get/setsockopt interface */
if (svc->af == AF_INET)
@@ -2421,7 +2420,7 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user 
*user, unsigned int len)
if (svc != NULL)
ret = -EEXIST;
else
-   ret = ip_vs_add_service(net, , );
+   ret = ip_vs_add_service(ipvs, , );
break;
case IP_VS_SO_SET_EDIT:
ret = ip_vs_edit_service(svc, );
@@ -3601,7 +3600,7 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct 
genl_info *info)
switch (cmd) {
case IPVS_CMD_NEW_SERVICE:
if (svc == NULL)
-   ret = ip_vs_add_service(net, , );
+   ret = ip_vs_add_service(ipvs, , );
else
ret = -EEXIST;
break;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 27/84] ipvs: Pass ipvs not net to __ip_vs_get_dest_entries

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 9c307a822962..176068c3a7fe 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2528,10 +2528,9 @@ out:
 }
 
 static inline int
-__ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
+__ip_vs_get_dest_entries(struct netns_ipvs *ipvs, const struct ip_vs_get_dests 
*get,
 struct ip_vs_get_dests __user *uptr)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_service *svc;
union nf_inet_addr addr = { .ip = get->addr };
int ret = 0;
@@ -2761,7 +2760,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user 
*user, int *len)
ret = -EINVAL;
goto out;
}
-   ret = __ip_vs_get_dest_entries(net, get, user);
+   ret = __ip_vs_get_dest_entries(ipvs, get, user);
}
break;
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 28/84] ipvs: Pass ipvs not net to __ip_vs_get_timeouts

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 11 ++-
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 176068c3a7fe..4ca8d64ab6f1 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2584,10 +2584,9 @@ __ip_vs_get_dest_entries(struct netns_ipvs *ipvs, const 
struct ip_vs_get_dests *
 }
 
 static inline void
-__ip_vs_get_timeouts(struct net *net, struct ip_vs_timeout_user *u)
+__ip_vs_get_timeouts(struct netns_ipvs *ipvs, struct ip_vs_timeout_user *u)
 {
 #if defined(CONFIG_IP_VS_PROTO_TCP) || defined(CONFIG_IP_VS_PROTO_UDP)
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_proto_data *pd;
 #endif
 
@@ -2768,7 +2767,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user 
*user, int *len)
{
struct ip_vs_timeout_user t;
 
-   __ip_vs_get_timeouts(net, );
+   __ip_vs_get_timeouts(ipvs, );
if (copy_to_user(user, , sizeof(t)) != 0)
ret = -EFAULT;
}
@@ -3461,7 +3460,7 @@ static int ip_vs_genl_set_config(struct net *net, struct 
nlattr **attrs)
struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_timeout_user t;
 
-   __ip_vs_get_timeouts(net, );
+   __ip_vs_get_timeouts(ipvs, );
 
if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP])
t.tcp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP]);
@@ -3637,8 +3636,10 @@ static int ip_vs_genl_get_cmd(struct sk_buff *skb, 
struct genl_info *info)
void *reply;
int ret, cmd, reply_cmd;
struct net *net;
+   struct netns_ipvs *ipvs;
 
net = skb_sknet(skb);
+   ipvs = net_ipvs(net);
cmd = info->genlhdr->cmd;
 
if (cmd == IPVS_CMD_GET_SERVICE)
@@ -3688,7 +3689,7 @@ static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct 
genl_info *info)
{
struct ip_vs_timeout_user t;
 
-   __ip_vs_get_timeouts(net, );
+   __ip_vs_get_timeouts(ipvs, );
 #ifdef CONFIG_IP_VS_PROTO_TCP
if (nla_put_u32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP,
t.tcp_timeout) ||
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 43/84] ipvs: Pass ipvs not net to ip_vs_sync_net_init

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 2 +-
 net/netfilter/ipvs/ip_vs_core.c | 2 +-
 net/netfilter/ipvs/ip_vs_sync.c | 4 +---
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index b10b337ce974..47a4cddb7c33 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1328,7 +1328,7 @@ int ip_vs_control_net_init(struct net *net);
 int ip_vs_protocol_net_init(struct net *net);
 int ip_vs_app_net_init(struct net *net);
 int ip_vs_conn_net_init(struct net *net);
-int ip_vs_sync_net_init(struct net *net);
+int ip_vs_sync_net_init(struct netns_ipvs *ipvs);
 void ip_vs_conn_net_cleanup(struct net *net);
 void ip_vs_app_net_cleanup(struct net *net);
 void ip_vs_protocol_net_cleanup(struct net *net);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index a8128b06f73b..5a5a6d63b3d9 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -2087,7 +2087,7 @@ static int __net_init __ip_vs_init(struct net *net)
if (ip_vs_conn_net_init(net) < 0)
goto conn_fail;
 
-   if (ip_vs_sync_net_init(net) < 0)
+   if (ip_vs_sync_net_init(ipvs) < 0)
goto sync_fail;
 
printk(KERN_INFO "IPVS: Creating netns size=%zu id=%d\n",
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index e3f72cbc1204..11b4f17e2e1a 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -2007,10 +2007,8 @@ int stop_sync_thread(struct netns_ipvs *ipvs, int state)
 /*
  * Initialize data struct for each netns
  */
-int __net_init ip_vs_sync_net_init(struct net *net)
+int __net_init ip_vs_sync_net_init(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
-
__mutex_init(>sync_mutex, "ipvs->sync_mutex", &__ipvs_sync_key);
spin_lock_init(>sync_lock);
spin_lock_init(>sync_buff_lock);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 40/84] ipvs: Pass ipvs not net to ip_vs_sync_conn

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 2 +-
 net/netfilter/ipvs/ip_vs_conn.c | 3 +--
 net/netfilter/ipvs/ip_vs_core.c | 2 +-
 net/netfilter/ipvs/ip_vs_sync.c | 5 ++---
 4 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 71f4d338c208..b10b337ce974 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1452,7 +1452,7 @@ static inline void ip_vs_dest_put_and_free(struct 
ip_vs_dest *dest)
 int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg 
*cfg,
  int state);
 int stop_sync_thread(struct netns_ipvs *ipvs, int state);
-void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp, int pkts);
+void ip_vs_sync_conn(struct netns_ipvs *ipvs, struct ip_vs_conn *cp, int pkts);
 
 /* IPVS rate estimator prototypes (from ip_vs_est.c) */
 void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats);
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index f54e9afdf4dd..5d001f410fc5 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -801,7 +801,6 @@ static void ip_vs_conn_expire(unsigned long data)
 {
struct ip_vs_conn *cp = (struct ip_vs_conn *)data;
struct netns_ipvs *ipvs = cp->ipvs;
-   struct net *net = ipvs->net;
 
/*
 *  do I control anybody?
@@ -847,7 +846,7 @@ static void ip_vs_conn_expire(unsigned long data)
cp->timeout = 60*HZ;
 
if (ipvs->sync_state & IP_VS_STATE_MASTER)
-   ip_vs_sync_conn(net, cp, sysctl_sync_threshold(ipvs));
+   ip_vs_sync_conn(ipvs, cp, sysctl_sync_threshold(ipvs));
 
ip_vs_conn_put(cp);
 }
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 2e96500c6f3f..a8128b06f73b 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1842,7 +1842,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int 
af)
pkts = atomic_add_return(1, >in_pkts);
 
if (ipvs->sync_state & IP_VS_STATE_MASTER)
-   ip_vs_sync_conn(net, cp, pkts);
+   ip_vs_sync_conn(ipvs, cp, pkts);
 
ip_vs_conn_put(cp);
return ret;
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 58ec7850ab06..a0808f230cd6 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -614,7 +614,7 @@ static void ip_vs_sync_conn_v0(struct netns_ipvs *ipvs, 
struct ip_vs_conn *cp,
pkts = atomic_add_return(1, >in_pkts);
else
pkts = sysctl_sync_threshold(ipvs);
-   ip_vs_sync_conn(ipvs->net, cp, pkts);
+   ip_vs_sync_conn(ipvs, cp, pkts);
}
 }
 
@@ -623,9 +623,8 @@ static void ip_vs_sync_conn_v0(struct netns_ipvs *ipvs, 
struct ip_vs_conn *cp,
  *  Called by ip_vs_in.
  *  Sending Version 1 messages
  */
-void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp, int pkts)
+void ip_vs_sync_conn(struct netns_ipvs *ipvs, struct ip_vs_conn *cp, int pkts)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_sync_mesg *m;
union ip_vs_sync_conn *s;
struct ip_vs_sync_buff *buff;
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 61/84] ipvs: Pass ipvs into .conn_in_get and ip_vs_conn_in_get_proto

[Eric W. Biederman]

Stop relying on "net_ipvs(skb_net(skb))" to dreive the ipvs as
skb_net is a hack.

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 6 --
 net/netfilter/ipvs/ip_vs_conn.c | 4 ++--
 net/netfilter/ipvs/ip_vs_core.c | 8 
 net/netfilter/ipvs/ip_vs_proto_ah_esp.c | 3 +--
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index fe3373c9bb3b..5c26383542e3 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -493,7 +493,8 @@ struct ip_vs_protocol {
 struct ip_vs_iphdr *iph);
 
struct ip_vs_conn *
-   (*conn_in_get)(int af,
+   (*conn_in_get)(struct netns_ipvs *ipvs,
+  int af,
   const struct sk_buff *skb,
   const struct ip_vs_iphdr *iph);
 
@@ -1222,7 +1223,8 @@ static inline void ip_vs_conn_fill_param(struct 
netns_ipvs *ipvs, int af, int pr
 struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p);
 struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p);
 
-struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
+struct ip_vs_conn * ip_vs_conn_in_get_proto(struct netns_ipvs *ipvs, int af,
+   const struct sk_buff *skb,
const struct ip_vs_iphdr *iph);
 
 struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 3b1f57af739a..b27b06eb693c 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -335,10 +335,10 @@ ip_vs_conn_fill_param_proto(struct netns_ipvs *ipvs,
 }
 
 struct ip_vs_conn *
-ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
+ip_vs_conn_in_get_proto(struct netns_ipvs *ipvs, int af,
+   const struct sk_buff *skb,
const struct ip_vs_iphdr *iph)
 {
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
struct ip_vs_conn_param p;
 
if (ip_vs_conn_fill_param_proto(ipvs, af, skb, iph, ))
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 01398eb757fa..9b5c2af7b63a 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -469,7 +469,7 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff 
*skb,
 */
if ((!skb->dev || skb->dev->flags & IFF_LOOPBACK)) {
iph->hdr_flags ^= IP_VS_HDR_INVERSE;
-   cp = pp->conn_in_get(svc->af, skb, iph);
+   cp = pp->conn_in_get(svc->ipvs, svc->af, skb, iph);
iph->hdr_flags ^= IP_VS_HDR_INVERSE;
 
if (cp) {
@@ -1490,7 +1490,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned 
int hooknum)
/* The embedded headers contain source and dest in reverse order.
 * For IPIP this is error for request, not for reply.
 */
-   cp = pp->conn_in_get(AF_INET, skb, );
+   cp = pp->conn_in_get(ipvs, AF_INET, skb, );
 
if (!cp) {
int v;
@@ -1648,7 +1648,7 @@ static int ip_vs_in_icmp_v6(struct sk_buff *skb, int 
*related,
/* The embedded headers contain source and dest in reverse order
 * if not from localhost
 */
-   cp = pp->conn_in_get(AF_INET6, skb, );
+   cp = pp->conn_in_get(ipvs, AF_INET6, skb, );
 
if (!cp) {
int v;
@@ -1780,7 +1780,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int 
af)
/*
 * Check if the packet belongs to an existing connection entry
 */
-   cp = pp->conn_in_get(af, skb, );
+   cp = pp->conn_in_get(ipvs, af, skb, );
 
conn_reuse_mode = sysctl_conn_reuse_mode(ipvs);
if (conn_reuse_mode && !iph.fragoffs &&
diff --git a/net/netfilter/ipvs/ip_vs_proto_ah_esp.c 
b/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
index 406d9a433d92..a96d93d11807 100644
--- a/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
@@ -56,12 +56,11 @@ ah_esp_conn_fill_param_proto(struct netns_ipvs *ipvs, int 
af,
 }
 
 static struct ip_vs_conn *
-ah_esp_conn_in_get(int af, const struct sk_buff *skb,
+ah_esp_conn_in_get(struct netns_ipvs *ipvs, int af, const struct sk_buff *skb,
   const struct ip_vs_iphdr *iph)
 {
struct ip_vs_conn *cp;
struct ip_vs_conn_param p;
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
 
ah_esp_conn_fill_param_proto(ipvs, af, iph, );
cp = ip_vs_conn_in_get();
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 38/84] ipvs: Pass ipvs not net to ip_vs_process_message

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_sync.c | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index cd32e3ab0c4d..280e1c03e598 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1204,10 +1204,9 @@ out:
  *  ip_vs_conn entries.
  *  Handles Version 0 & 1
  */
-static void ip_vs_process_message(struct net *net, __u8 *buffer,
+static void ip_vs_process_message(struct netns_ipvs *ipvs, __u8 *buffer,
  const size_t buflen)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ip_vs_sync_mesg *m2 = (struct ip_vs_sync_mesg *)buffer;
__u8 *p, *msg_end;
int i, nr_conns;
@@ -1257,7 +1256,7 @@ static void ip_vs_process_message(struct net *net, __u8 
*buffer,
return;
}
/* Process a single sync_conn */
-   retc = ip_vs_proc_sync_conn(net, p, msg_end);
+   retc = ip_vs_proc_sync_conn(ipvs->net, p, msg_end);
if (retc < 0) {
IP_VS_ERR_RL("BACKUP, Dropping buffer, Err: %d 
in decoding\n",
 retc);
@@ -1763,7 +1762,7 @@ static int sync_thread_backup(void *data)
break;
}
 
-   ip_vs_process_message(ipvs->net, tinfo->buf, len);
+   ip_vs_process_message(ipvs, tinfo->buf, len);
}
}
 
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 48/84] ipvs: Pass ipvs not net to ip_vs_control_net_(init|cleanup)_sysctl

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 67278c6e41a3..1665db8e9f2a 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3841,10 +3841,10 @@ static void ip_vs_genl_unregister(void)
  * per netns intit/exit func.
  */
 #ifdef CONFIG_SYSCTL
-static int __net_init ip_vs_control_net_init_sysctl(struct net *net)
+static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
 {
+   struct net *net = ipvs->net;
int idx;
-   struct netns_ipvs *ipvs = net_ipvs(net);
struct ctl_table *tbl;
 
atomic_set(>dropentry, 0);
@@ -3926,9 +3926,9 @@ static int __net_init 
ip_vs_control_net_init_sysctl(struct net *net)
return 0;
 }
 
-static void __net_exit ip_vs_control_net_cleanup_sysctl(struct net *net)
+static void __net_exit ip_vs_control_net_cleanup_sysctl(struct netns_ipvs 
*ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
+   struct net *net = ipvs->net;
 
cancel_delayed_work_sync(>defense_work);
cancel_work_sync(>defense_work.work);
@@ -3941,8 +3941,8 @@ static void __net_exit 
ip_vs_control_net_cleanup_sysctl(struct net *net)
 
 #else
 
-static int __net_init ip_vs_control_net_init_sysctl(struct net *net) { return 
0; }
-static void __net_exit ip_vs_control_net_cleanup_sysctl(struct net *net) { }
+static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs) { 
return 0; }
+static void __net_exit ip_vs_control_net_cleanup_sysctl(struct netns_ipvs 
*ipvs) { }
 
 #endif
 
@@ -3984,7 +3984,7 @@ int __net_init ip_vs_control_net_init(struct net *net)
proc_create("ip_vs_stats_percpu", 0, net->proc_net,
_vs_stats_percpu_fops);
 
-   if (ip_vs_control_net_init_sysctl(net))
+   if (ip_vs_control_net_init_sysctl(ipvs))
goto err;
 
return 0;
@@ -3999,7 +3999,7 @@ void __net_exit ip_vs_control_net_cleanup(struct net *net)
struct netns_ipvs *ipvs = net_ipvs(net);
 
ip_vs_trash_cleanup(ipvs);
-   ip_vs_control_net_cleanup_sysctl(net);
+   ip_vs_control_net_cleanup_sysctl(ipvs);
remove_proc_entry("ip_vs_stats_percpu", net->proc_net);
remove_proc_entry("ip_vs_stats", net->proc_net);
remove_proc_entry("ip_vs", net->proc_net);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 18/84] ipvs: Cache ipvs in ip_vs_genl_set_cmd

[Eric W. Biederman]

Compute ipvs early in ip_vs_genl_set_cmd and use the cached value to
access ipvs->sync_state.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_ctl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 9169a27be6e7..b192bb45f697 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3516,8 +3516,10 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, 
struct genl_info *info)
int ret = 0, cmd;
int need_full_svc = 0, need_full_dest = 0;
struct net *net;
+   struct netns_ipvs *ipvs;
 
net = skb_sknet(skb);
+   ipvs = net_ipvs(net);
cmd = info->genlhdr->cmd;
 
mutex_lock(&__ip_vs_mutex);
@@ -3579,7 +3581,7 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct 
genl_info *info)
/* The synchronization protocol is incompatible
 * with mixed family services
 */
-   if (net_ipvs(net)->sync_state) {
+   if (ipvs->sync_state) {
ret = -EINVAL;
goto out;
}
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 60/84] ipvs: Pass ipvs into ip_vs_conn_fill_param_proto

[Eric W. Biederman]

Move the ugly hack net_ipvs(skb_net(skb)) up a layer in the call stack
so it is easier to remove.

Signed-off-by: "Eric W. Biederman" 
---
 net/netfilter/ipvs/ip_vs_conn.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index 3917ea1b20df..3b1f57af739a 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -314,12 +314,12 @@ struct ip_vs_conn *ip_vs_conn_in_get(const struct 
ip_vs_conn_param *p)
 }
 
 static int
-ip_vs_conn_fill_param_proto(int af, const struct sk_buff *skb,
+ip_vs_conn_fill_param_proto(struct netns_ipvs *ipvs,
+   int af, const struct sk_buff *skb,
const struct ip_vs_iphdr *iph,
struct ip_vs_conn_param *p)
 {
__be16 _ports[2], *pptr;
-   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
 
pptr = frag_safe_skb_hp(skb, iph->len, sizeof(_ports), _ports, iph);
if (pptr == NULL)
@@ -338,9 +338,10 @@ struct ip_vs_conn *
 ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
const struct ip_vs_iphdr *iph)
 {
+   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
struct ip_vs_conn_param p;
 
-   if (ip_vs_conn_fill_param_proto(af, skb, iph, ))
+   if (ip_vs_conn_fill_param_proto(ipvs, af, skb, iph, ))
return NULL;
 
return ip_vs_conn_in_get();
@@ -442,9 +443,10 @@ struct ip_vs_conn *
 ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
 const struct ip_vs_iphdr *iph)
 {
+   struct netns_ipvs *ipvs = net_ipvs(skb_net(skb));
struct ip_vs_conn_param p;
 
-   if (ip_vs_conn_fill_param_proto(af, skb, iph, ))
+   if (ip_vs_conn_fill_param_proto(ipvs, af, skb, iph, ))
return NULL;
 
return ip_vs_conn_out_get();
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH next 49/84] ipvs: Pass ipvs not net into ip_vs_control_net_(init|cleanup)

[Eric W. Biederman]

Signed-off-by: "Eric W. Biederman" 
---
 include/net/ip_vs.h | 4 ++--
 net/netfilter/ipvs/ip_vs_core.c | 6 +++---
 net/netfilter/ipvs/ip_vs_ctl.c  | 8 
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index c88a3bf85f98..38c1fca0c1a7 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1324,7 +1324,7 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct 
ip_vs_conn *ctl_cp)
 
 /* IPVS netns init & cleanup functions */
 int ip_vs_estimator_net_init(struct net *net);
-int ip_vs_control_net_init(struct net *net);
+int ip_vs_control_net_init(struct netns_ipvs *ipvs);
 int ip_vs_protocol_net_init(struct net *net);
 int ip_vs_app_net_init(struct net *net);
 int ip_vs_conn_net_init(struct net *net);
@@ -1332,7 +1332,7 @@ int ip_vs_sync_net_init(struct netns_ipvs *ipvs);
 void ip_vs_conn_net_cleanup(struct net *net);
 void ip_vs_app_net_cleanup(struct net *net);
 void ip_vs_protocol_net_cleanup(struct net *net);
-void ip_vs_control_net_cleanup(struct net *net);
+void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_estimator_net_cleanup(struct net *net);
 void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs);
 void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index cae395fc6523..b5f451f20f52 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -2075,7 +2075,7 @@ static int __net_init __ip_vs_init(struct net *net)
if (ip_vs_estimator_net_init(net) < 0)
goto estimator_fail;
 
-   if (ip_vs_control_net_init(net) < 0)
+   if (ip_vs_control_net_init(ipvs) < 0)
goto control_fail;
 
if (ip_vs_protocol_net_init(net) < 0)
@@ -2104,7 +2104,7 @@ conn_fail:
 app_fail:
ip_vs_protocol_net_cleanup(net);
 protocol_fail:
-   ip_vs_control_net_cleanup(net);
+   ip_vs_control_net_cleanup(ipvs);
 control_fail:
ip_vs_estimator_net_cleanup(net);
 estimator_fail:
@@ -2120,7 +2120,7 @@ static void __net_exit __ip_vs_cleanup(struct net *net)
ip_vs_conn_net_cleanup(net);
ip_vs_app_net_cleanup(net);
ip_vs_protocol_net_cleanup(net);
-   ip_vs_control_net_cleanup(net);
+   ip_vs_control_net_cleanup(ipvs);
ip_vs_estimator_net_cleanup(net);
IP_VS_DBG(2, "ipvs netns %d released\n", ipvs->gen);
net->ipvs = NULL;
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 1665db8e9f2a..c71c4cbbf3b6 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3950,10 +3950,10 @@ static struct notifier_block ip_vs_dst_notifier = {
.notifier_call = ip_vs_dst_event,
 };
 
-int __net_init ip_vs_control_net_init(struct net *net)
+int __net_init ip_vs_control_net_init(struct netns_ipvs *ipvs)
 {
+   struct net *net = ipvs->net;
int i, idx;
-   struct netns_ipvs *ipvs = net_ipvs(net);
 
/* Initialize rs_table */
for (idx = 0; idx < IP_VS_RTAB_SIZE; idx++)
@@ -3994,9 +3994,9 @@ err:
return -ENOMEM;
 }
 
-void __net_exit ip_vs_control_net_cleanup(struct net *net)
+void __net_exit ip_vs_control_net_cleanup(struct netns_ipvs *ipvs)
 {
-   struct netns_ipvs *ipvs = net_ipvs(net);
+   struct net *net = ipvs->net;
 
ip_vs_trash_cleanup(ipvs);
ip_vs_control_net_cleanup_sysctl(ipvs);
-- 
2.2.1

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: sr-iov and bridges (mlx4)

[Or Gerlitz]

On Sun, Sep 20, 2015 at 2:58 AM, Matthew Monaco
 wrote:
[...]
> In all cases, VMs with SR-IOV work fine, IP on the host works fine, outbound
> DHCP from the virtio VMs work fine, but inbound frames are not making it back 
> to
> the VM.
[...]
> Is there a know limitation of mixing SR-IOV and bridges in general? Does the
> SR-IOV switch specific to the mlx4 hardware not work well with linux bridges? 
> ...?

It would be a bit hard for bridge based promiscuous environment to work OOB
for one of the functions (PF or VF) in SRIOV, this is generic issue,
and not related
to specific vendor.

You need to use the bridge (8) tool (part of iproute2) and add the P.V
VM MACs to
the PF interface as "self" see some slides  (21/22/23) from netdev 0.1
that deal with that
https://netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf

Or.

It also possible to mark one bridge port (the PF) as non-promiscuous,
but I haven't
played with that myself yet (slide 32), so can't just send you doing it...
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: sr-iov and bridges (mlx4)

[Nieścierowicz Adam]

Hi Matthew,
in near future i want to do exactly the same, if you make progress with 
SR-IOV+Bridge+OpenStack please leave here some advice.


---
Pozdrawiam
Adam Nieścierowicz

W dniu 20.09.2015 18:21, Matthew Monaco napisał(a):

On 09/20/2015 05:01 AM, Or Gerlitz wrote: On Sun, Sep 20, 2015 at 2:58 
AM, Matthew Monaco

 wrote:
[...] In all cases, VMs with SR-IOV work fine, IP on the host works 
fine, outbound
DHCP from the virtio VMs work fine, but inbound frames are not making 
it back to
the VM. [...] Is there a know limitation of mixing SR-IOV and bridges 
in general? Does the
SR-IOV switch specific to the mlx4 hardware not work well with linux 
bridges? ...?
It would be a bit hard for bridge based promiscuous environment to work 
OOB

for one of the functions (PF or VF) in SRIOV, this is generic issue,
and not related
to specific vendor.

You need to use the bridge (8) tool (part of iproute2) and add the P.V
VM MACs to
the PF interface as "self" see some slides (21/22/23) from netdev 0.1
that deal with that
https://netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf [1]

Or.

It also possible to mark one bridge port (the PF) as non-promiscuous,
but I haven't
played with that myself yet (slide 32), so can't just send you doing 
it...


 Many thanks, that helps. Now to figure out the best approach for 
shoving this

 into OpenStack =)



Links:
--
[1] https://netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2] [net] af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag

[Aaron Conole]

Eric Dumazet  writes:

> On Sun, 2015-09-20 at 05:18 -0400, Aaron Conole wrote:
>> From: Aaron Conole 
>> 
>
> I am wondering what this is expected to do, and how this code would
> possibly not trigger a crash.
Are you suspecting it should crash from a possible double-lock case?
On line 2125, there is an unconditional unlock, which should be 
guaranteeing that there is no longer a condition to 'double lock' the
socket.

With my patch, I re-do a lock just before entering skb_peek_next, and
then loop to again: label (line 2078); I admit that there is a check
at the top of the loop which I do not include (the check for SOCK_DEAD).
Do you think this check is needed (and the cause for your concern on
the suspected crash)?

I will re-do the testing as you outline later, and report the results.

> Are you 100% sure you tested this patch and code path ?
Yes, 100%; I used the python code attached to the bug before hacking on
this function whatsoever to ensure that the bug still exists in current
kernel (it does). Then after my patch, I reran the same test. There 
were no oops, bugs, panics, or other errors reported.

> Before resending v3, please make sure to compile and test with
> CONFIG_LOCKDEP=y. Add a temporary (in your tree, not final patch)
>
> pr_err_once("went there at least one time\n");
>
> (to make sure this code path was tested)
I will do this testing as requested; my current config does include
LOCKDEP_SUPPORT=y.

> It might be time to get rid of unix_sk macro for a proper function to
> avoid these kind of errors.
>
> diff --git a/include/net/af_unix.h b/include/net/af_unix.h
> index 4a167b30a12f..cb1b9bbda332 100644
> --- a/include/net/af_unix.h
> +++ b/include/net/af_unix.h
> @@ -63,7 +63,11 @@ struct unix_sock {
>  #define UNIX_GC_MAYBE_CYCLE  1
>   struct socket_wqpeer_wq;
>  };
> -#define unix_sk(__sk) ((struct unix_sock *)__sk)
> +
> +static inline struct unix_sock *unix_sk(struct sock *sk)
> +{
> + return (struct unix_sock *)sk;
> +}
>  
>  #define peer_wait peer_wq.wait
If you'd like, I'll add this to a V3 version of this patch, re-do
testing with your requested config above, and report the results.

> Thanks.
Thank you for the feedback, it is very good.

-Aaron
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH v2] [net] af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag

[Aaron Conole]

Resending, I accidentally dropped the list.

> Eric Dumazet  writes:
>
>> On Sun, 2015-09-20 at 15:07 -0400, Aaron Conole wrote:
>>> Eric Dumazet  writes:
>>> 
>>> > On Sun, 2015-09-20 at 05:18 -0400, Aaron Conole wrote:
>>> >> From: Aaron Conole 
>>> >> 
>>> >
>>> > I am wondering what this is expected to do, and how this code would
>>> > possibly not trigger a crash.
>>> Are you suspecting it should crash from a possible double-lock case?
>>> On line 2125, there is an unconditional unlock, which should be 
>>> guaranteeing that there is no longer a condition to 'double lock' the
>>> socket.
>>
>> Not at all.
>>
>> I am suggesting there is a big difference between
>>
>> unix_state_lock();
>>
>> and
>>
>> unix_state_lock(sk);
>>
>> Can you see it ?

Wow!

That's an excellent catch, thank you! I did test the originally
submitted patch, and got no oops, bug, panic, etc (I usually have
panic_on_oops set to 1 when first testing new code).

I guess I got very lucky, somehow. I'll change this, and make sure
to retest.

I will also try to enhance the python case attached to the bug to
include a filepointer as well, and will repost a v3 when I have done
this.

Thanks,
-Aaron

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH/RFC net-next v3 3/4] ravb: Document binding for r8a7795 SoC

[Simon Horman]

On Fri, Sep 18, 2015 at 09:27:11AM +0200, Geert Uytterhoeven wrote:
> On Fri, Sep 18, 2015 at 8:03 AM, Simon Horman
>  wrote:
> > From: Kazuya Mizuguchi 
> >
> > This patch updates the ravb binding to support the r8a7795 SoC by:
> > - Adding a compat string for the new hardware
> > - Adding 25 named interrupts to binding for the new SoC;
> >   older SoCs continue to use a single multiplexed interrupt
> >
> > The example is also updated to reflect the r8a7795 as this is the
> > more complex case.
> >
> > Based on work by Kazuya Mizuguchi and others.
> >
> > Signed-off-by: Simon Horman 
> 
> Acked-by: Geert Uytterhoeven 
> 
> Modulo the minor nit below...
> 
> > --- a/Documentation/devicetree/bindings/net/renesas,ravb.txt
> > +++ b/Documentation/devicetree/bindings/net/renesas,ravb.txt
> 
> > @@ -18,6 +22,12 @@ Required properties:
> >  Optional properties:
> >  - interrupt-parent: the phandle for the interrupt controller that services
> > interrupts for this device.
> > +- interrupt-names: A list of interrupt names.
> > +  For the R8A7795 SoC this property is mandatory;
> > +  it should include one entry per channel, named "ch%u",
> > +  where %u is the channel number ranging from 0 to 24.
> > +  For other SoCs this property is optional; if present
> > +  is should contain "mux" for a single muxed interrupt.
> 
> it

Thanks, I will fix that.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net] openvswitch: Zero flows on allocation.

[Eric Dumazet]

On Fri, 2015-09-18 at 19:06 -0700, Jesse Gross wrote:

> 
> Fixes: 07148121 ("openvswitch: Eliminate memset() from flow_extract.")
> Signed-off-by: Jesse Gross 
> ---
>  net/openvswitch/flow_table.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/openvswitch/flow_table.c b/net/openvswitch/flow_table.c
> index d22d8e9..5248322 100644
> --- a/net/openvswitch/flow_table.c
> +++ b/net/openvswitch/flow_table.c
> @@ -80,7 +80,7 @@ struct sw_flow *ovs_flow_alloc(void)
>   struct flow_stats *stats;
>   int node;
>  
> - flow = kmem_cache_alloc(flow_cache, GFP_KERNEL);
> + flow = kmem_cache_alloc(flow_cache, GFP_KERNEL | __GFP_ZERO);

Or kmem_cache_zalloc(flow_cache, GFP_KERNEL) ?




--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH net-next 7/7] switchdev: update documentation on FDB ageing_time

[Scott Feldman]

On Sun, Sep 20, 2015 at 7:24 AM, roopa  wrote:
> On 9/19/15, 7:21 PM, Scott Feldman wrote:
>>
>> Yes, your switch driver is in user-space so you have to use NTF_USE to
>> refresh the entry since you cannot use the kernel driver model to
>> call_switchdev_notifiers(SWITCHDEV_FDB_ADD, ...).  Consequently, your
>> entries are not marked with NTF_EXT_LEARNED, so this patch is a no-op
>> for you.  You can continue to use the bridge driver to age out your
>> entries.
>
> yes, correct.  I was not really saying this because it will cause us any
> problems.
> I was trying to say this for switchdev in general.
>
>> I'd rather someone add that knob when it's actually needed. When the first
>> in-kernel switchdev driver that wants to use the bridge driver's ageing
>> function, then we can make that adjustment.
>
> I was suggesting the other way around. Keep the default to what is in the
> kernel today and the first in-kernel switchdev driver that wants to age,
> should introduce the ability to not age in the bridge driver (Rocker will
> continue to work as it does today). Because, I am only concerned that rocker
> may end up being the only device that uses the default behavior introduced
> by this patch. And every real hardware uses the bridge driver to age
> (because there are no in kernel examples today).  I am curious to know who
> else is using hardware ageing today.

A driver patch for a (real) hardware device which does the ageing in
hw is around the corner.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: sr-iov and bridges (mlx4)

[Matthew Monaco]

On 09/20/2015 05:01 AM, Or Gerlitz wrote:
> On Sun, Sep 20, 2015 at 2:58 AM, Matthew Monaco
>  wrote:
> [...]
>> In all cases, VMs with SR-IOV work fine, IP on the host works fine, outbound
>> DHCP from the virtio VMs work fine, but inbound frames are not making it 
>> back to
>> the VM.
> [...]
>> Is there a know limitation of mixing SR-IOV and bridges in general? Does the
>> SR-IOV switch specific to the mlx4 hardware not work well with linux 
>> bridges? ...?
> 
> It would be a bit hard for bridge based promiscuous environment to work OOB
> for one of the functions (PF or VF) in SRIOV, this is generic issue,
> and not related
> to specific vendor.
> 
> You need to use the bridge (8) tool (part of iproute2) and add the P.V
> VM MACs to
> the PF interface as "self" see some slides  (21/22/23) from netdev 0.1
> that deal with that
> https://netdev01.org/docs/netdev_tutorial_bridge_makita_150213.pdf
> 
> Or.
> 
> It also possible to mark one bridge port (the PF) as non-promiscuous,
> but I haven't
> played with that myself yet (slide 32), so can't just send you doing it...
>

Many thanks, that helps. Now to figure out the best approach for shoving this
into OpenStack =)



signature.asc
Description: OpenPGP digital signature

Re: [PATCH v2] [net] af_unix: return data from multiple SKBs on recv() with MSG_PEEK flag

[Eric Dumazet]

On Sun, 2015-09-20 at 05:18 -0400, Aaron Conole wrote:
> From: Aaron Conole 
> 
> AF_UNIX sockets now return multiple skbs from recv() when MSG_PEEK flag
> is set.
> 
> This is referenced in kernel bugzilla #12323 @
> https://bugzilla.kernel.org/show_bug.cgi?id=12323
> 
> As described both in the BZ and lkml thread @
> http://lkml.org/lkml/2008/1/8/444 calling recv() with MSG_PEEK on an
> AF_UNIX socket only reads a single skb, where the desired effect is
> to return as much skb data has been queued, until hitting the recv
> buffer size (whichever comes first).
> 
> The modified MSG_PEEK path will now move to the next skb in the tree
> and jump to the again: label, rather than following the natural loop
> structure. This requires duplicating some of the loop head actions.
> 
> This was tested using the python socketpair python code attached to
> the bugzilla issue.
> 
> Signed-off-by: Aaron Conole 
> ---
>  net/unix/af_unix.c | 19 +--
>  1 file changed, 17 insertions(+), 2 deletions(-)
> 
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index 03ee4d3..988fbbd4 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -2179,9 +2179,24 @@ unlock:
>   if (UNIXCB(skb).fp)
>   scm.fp = scm_fp_dup(UNIXCB(skb).fp);
>  
> - sk_peek_offset_fwd(sk, chunk);
> + if (skip) {
> + sk_peek_offset_fwd(sk, chunk);
> + skip -= chunk;
> + }
>  
> - break;
> + if (UNIXCB(skb).fp)
> + break;
> +
> + /* XXX - this is ugly; a better approach would be
> +  * rewriting this function
> +  */
> + last = skb;
> + last_len = skb->len;
> + unix_state_lock();

I am wondering what this is expected to do, and how this code would
possibly not trigger a crash.

Are you 100% sure you tested this patch and code path ?

Before resending v3, please make sure to compile and test with
CONFIG_LOCKDEP=y. Add a temporary (in your tree, not final patch)

pr_err_once("went there at least one time\n");

(to make sure this code path was tested)

It might be time to get rid of unix_sk macro for a proper function to
avoid these kind of errors.

diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 4a167b30a12f..cb1b9bbda332 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -63,7 +63,11 @@ struct unix_sock {
 #define UNIX_GC_MAYBE_CYCLE1
struct socket_wqpeer_wq;
 };
-#define unix_sk(__sk) ((struct unix_sock *)__sk)
+
+static inline struct unix_sock *unix_sk(struct sock *sk)
+{
+   return (struct unix_sock *)sk;
+}
 
 #define peer_wait peer_wq.wait
 

Thanks.


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html