On Mon, Jul 01, 2019 at 10:34:15PM +0300, Julian Anastasov wrote:
> Recognize GRE tunnels in received ICMP errors and
> properly strip the tunnel headers.
>
> Signed-off-by: Julian Anastasov
Thanks Julian,
this looks good to me.
Signed-off-by: Simon Horman
Pablo, please consid
ulation with the tunneling method, thereby letting ipvs
> > be load balancer for windows-based services
> >
> > Signed-off-by: Vadim Fedorenko
>
> Looks good to me, thanks!
>
> Acked-by: Julian Anastasov
Likewise,
Signed-off-by: Simon Horman
Pablo, pleas
On Mon, Jul 01, 2019 at 01:28:49AM +0300, Vadim Fedorenko wrote:
> windows real servers can handle gre tunnels, this patch allows
> gre encapsulation with the tunneling method, thereby letting ipvs
> be load balancer for windows-based services
>
> Signed-off-by: Vadim Fedorenko
> ---
> include/u
cess kernel/fork.c:1800 [inline]
>[<c344af7c>] _do_fork+0x121/0x4f0 kernel/fork.c:2369
>
> Reported-by: syzbot+722da59ccb264bc19...@syzkaller.appspotmail.com
> Fixes: 719c7d563c17 ("ipvs: Fix use-after-free in ip_vs_in")
> Signed-off-by: Julian Anastasov
Thanks Julian.
Pablo, please consider applying this to nf.
Acked-by: Simon Horman
x44/0xa9
>
> Reported-by: syzbot+7e2e50c8adfccd2e5...@syzkaller.appspotmail.com
> Suggested-by: Eric Biggers
> Fixes: 998e7a76804b ("ipvs: Use kthread_run() instead of doing a double-fork
> via kernel_thread()")
> Signed-off-by: Julian Anastasov
Thanks Julian.
Pablo, please consider this for inclusion in nf.
Acked-by: Simon Horman
On Thu, May 23, 2019 at 03:44:06PM +0200, Florian Westphal wrote:
> It does the same thing, use it instead so we can remove skb_make_writable.
>
> Signed-off-by: Florian Westphal
Acked-by: Simon Horman
CMP errors for UDP, do not do that
> patch 3: add comment for fragment check
>
> Julian Anastasov (3):
> ipvs: allow rs_table to contain different real server types
> ipvs: add function to find tunnels
> ipvs: strip udp tunnel headers from icmp errors
Thanks Julian,
this looks
On Wed, May 01, 2019 at 05:07:16PM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Wed, 1 May 2019, Simon Horman wrote:
>
> > > > > > We can easily add simple FOU in ipvs_udp_decap() by
> > > > > > returning 0 and correct *proto
On Mon, Apr 08, 2019 at 01:28:26PM +0200, Simon Horman wrote:
> On Sat, Apr 06, 2019 at 01:07:34PM +0300, Julian Anastasov wrote:
> >
> > Hello,
> >
> > On Thu, 4 Apr 2019, Simon Horman wrote:
> >
> > > On Thu, Apr 04, 2019 a
On Sat, Apr 06, 2019 at 01:07:34PM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 4 Apr 2019, Simon Horman wrote:
>
> > On Thu, Apr 04, 2019 at 12:18:08AM +0300, Julian Anastasov wrote:
> > >
> > > We can easily add simple FOU in ipvs_udp_d
On Thu, Apr 04, 2019 at 12:18:08AM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Wed, 3 Apr 2019, Simon Horman wrote:
>
> > On Sun, Mar 31, 2019 at 01:26:21PM +0300, Julian Anastasov wrote:
> > > Recognize UDP tunnels in received ICMP errors and
> >
On Wed, Apr 03, 2019 at 11:52:37PM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Wed, 3 Apr 2019, Simon Horman wrote:
>
> > On Sun, Mar 31, 2019 at 01:26:20PM +0300, Julian Anastasov wrote:
> >
> > > diff --git a/net/netfilter/ipvs/ip_vs_core.c
>
Hi Julian,
On Sun, Mar 31, 2019 at 01:26:19PM +0300, Julian Anastasov wrote:
> Before now rs_table was used only for NAT real servers.
> Change it to allow TUN real severs from different types,
> possibly hashed with different port key.
>
> Signed-off-by: Julian Anastasov
This looks good to me,
Hi Julian,
On Sun, Mar 31, 2019 at 01:26:21PM +0300, Julian Anastasov wrote:
> Recognize UDP tunnels in received ICMP errors and
> properly strip the tunnel headers. GUE is what we
> have for now.
>
> Signed-off-by: Julian Anastasov
> ---
> net/netfilter/ipvs/ip_vs_core.c | 58 +
On Sun, Mar 31, 2019 at 01:26:20PM +0300, Julian Anastasov wrote:
> Add ip_vs_find_tunnel() to match tunnel headers
> by family, address and optional port. Use it to
> properly find the tunnel real server used in
> received ICMP errors.
>
> Signed-off-by: Julian Anastasov
> ---
> include/net/ip_
ection is found.
>
> Fixes: 6044eeffafbe ("ipvs: attempt to schedule icmp packets")
> Signed-off-by: Julian Anastasov
Thanks Julian, I assume this is also relevant to -stable.
Pablo, please consider applying this to nf.
Signed-off-by: Simon Horman
> ---
> net/netfilter/ip
ollowing functions to use bool full_entry param
> instead of int:
>
> - ip_vs_genl_parse_dest()
> - ip_vs_genl_parse_service()
>
> This patch does not change any functionality but makes the source
> code slightly easier to read.
>
> Signed-off-by: Andrea Claudi
Acked-by: S
k().
>
> Signed-off-by: Xin Long
Acked-by: Simon Horman
Pablo,
please consider applying this to nf-next.
> ---
> net/netfilter/ipvs/ip_vs_proto_sctp.c | 7 ++-
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c
Thanks,
Pablo could you consider applying this to nf?
Acked-by: Simon Horman
> ---
> Changes since v1:
> - Move nf_defrag_ipv6_enable() call from __ip_vs_init() to
> ip_vs_new_dest() and ip_vs_add_service() for further optimization.
> ---
> net/netfilter/ipvs/Kconf
) helper:
>
> size = struct_size(instance, entry, count);
>
> This code was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva
Acked-by: Simon Horman
Pablo, could you consider applying this?
> ---
> net/netfilter/ipvs/ip_vs_ctl.c | 6 ++
Croce
>
> Looks good to me, thanks!
>
> Acked-by: Julian Anastasov
Likewise, Pablo could you consider applying this to nf-next?
Acked-by: Simon Horman
>
> > ---
> > include/net/ip_vs.h | 3 ---
> > net/netfilter/ipvs/ip_vs_proto_
direct calls in IPVS, and reduces the performance
> > impact of the Spectre mitigation.
> >
> > Signed-off-by: Matteo Croce
>
> Looks good to me, thanks!
>
> Acked-by: Julian Anastasov
Likewise, Pablo could you consider applying this to nf-next?
Acked-by:
On Sat, Nov 17, 2018 at 07:14:57PM +0100, Pablo Neira Ayuso wrote:
> On Sat, Nov 17, 2018 at 09:19:52PM +0900, Xin Long wrote:
> > On Sat, Nov 17, 2018 at 8:15 PM Pablo Neira Ayuso
> > wrote:
> > >
> > > On Fri, Nov 16, 2018 at 06:37:19AM -0800, Simon Horman wr
esn't set dst's
> > dev to lo in NETDEV_DOWN event, so this fix is only needed when
> > IP_VS_IPV6 is defined.
> >
> > v1->v2:
> > - apply it only when CONFIG_IP_VS_IPV6 is defined.
> >
> > Fixes: 7a4f0761fce3 ("IPVS: init and clean
link_dest()
> >~IP_VS_DEST_F_AVAILABLE
> > cp->dest && !IP_VS_DEST_F_AVAILABLE
> > __ip_vs_conn_put
> > ...
> > cleanup_net ---> infinite looping
> >
> > Fix this by checking whether the
on't show negative times in ip_vs_conn
Acked-by: Simon Horman
Pablo, please consider taking these via the nf tree.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
| 8 +-
> net/netfilter/ipvs/ip_vs_mh.c | 4 +-
IPVS portion:
Acked-by: Simon Horman
> tools/power/cpupower/po/de.po | 44 +++
> tools/power/cpupower/po/fr.po | 120 +-
> 12 files changed, 103 insertions(
On Tue, Jul 17, 2018 at 03:09:02PM +0200, Pablo Neira Ayuso wrote:
> On Fri, Jul 06, 2018 at 08:25:51AM +0300, Julian Anastasov wrote:
> > This patchset changes how templates are dropped under attack.
> >
> > Patch 1 changes ip_vs_state_name arguments, so that we can
> > print in followup patch in
nown bits in the state received by backup server
Sorry for the delay. This looks good to me.
Reviewed-by: Simon Horman
Pablo, could you take this through nf-next?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
ll out crosses_local_route_boundary logic")
> Signed-off-by: Julian Anastasov
Acked-by: Simon Horman
Pablo, if its not too much trouble please take this into nf.
> ---
> net/netfilter/ipvs/ip_vs_xmit.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/n
The hooks will be registered while the service is
> present.
>
> Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when
> needed by ruleset")
> Signed-off-by: Julian Anastasov
Acked-by: Simon Horman
Pablo, please take this into nf if it is not to
cond patch changes ip_vs_ftp.c to support EPRT and EPSV
> commands with extended format (RFC 2428) which supports both
> IPv4 and IPv6 addresses.
>
> v1->v2: two places were missing the (void *) cast for cp->app_data,
> reported by kbuild test robot
Acked-by: Simon Horman
dd f3 f9 <0f> 0b 90 90
> 90 90 90 90 90 90 90 90 90 55 48 89 e5 41 57 41 56
> RIP: fortify_panic+0x13/0x20 lib/string.c:1051 RSP: 8801c976f800
>
> Reported-and-tested-by: syzbot+aac887f7731986864...@syzkaller.appspotmail.com
> Fixes: e4ff67513096 ("ipvs: add sync_maxlen pa
On Tue, May 08, 2018 at 02:16:23PM +0200, Pablo Neira Ayuso wrote:
> On Mon, May 07, 2018 at 01:18:53PM +0200, Simon Horman wrote:
> > On Mon, May 07, 2018 at 01:17:40PM +0200, Simon Horman wrote:
> > > On Thu, May 03, 2018 at 10:01:40PM +0300, Julian Anastasov wrote:
> >
On Mon, May 07, 2018 at 01:17:40PM +0200, Simon Horman wrote:
> On Thu, May 03, 2018 at 10:01:40PM +0300, Julian Anastasov wrote:
> > Connections in One-packet scheduling mode (-o, --ops) are
> > removed with refcnt=0 because they are not hashed in conn table.
> > To avoid r
elp us debug this:
> Possible unsafe locking scenario:
>
> CPU0
>
> lock(&syncp->seq#6);
>
>lock(&syncp->seq#6);
>
> *** DEADLOCK ***
>
> Fixes: ac69269a45e8 ("ipvs: do not disable bh for long time")
> Signed-off-by:
8 R11: 025f942d R12: 025f940e
> R13: 7fc9d1301e20 R14: 025f9408 R15: 7fc9d1302720
> Code: 48 8b 95 80 00 00 00 41 55 49 8d 8c 24 e0 05 00
> 00 45 8b 84 24 38 04 00 00 41 89 c1 48 89 de 48 c7 c7 a8 2f f2 92 e8
> 7c fa ff ff <0f> 0b 58 5b 5d 41 5c 41 5d
e(),
> > as reported by syzbot.
> >
> > Reported-by:
> > Cc: Simon Horman
> > Cc: Julian Anastasov
> > Cc: Pablo Neira Ayuso
> > Signed-off-by: Cong Wang
>
> Thanks!
>
> Acked-by: Julian Anastasov
Thanks.
Pablo, could you take thi
re()
> > as reported by syzbot.
> >
> > Reported-by:
> > Cc: Simon Horman
> > Cc: Julian Anastasov
> > Cc: Pablo Neira Ayuso
> > Signed-off-by: Cong Wang
>
> Thanks!
>
> Acked-by: Julian Anastasov
Thanks.
Pablo, could you take this into nf?
Ac
Anastasov
Signed-off-by: Simon Horman
---
include/net/ip_vs.h| 1 +
net/netfilter/ipvs/ip_vs_ctl.c | 4
2 files changed, 5 insertions(+)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index eb0bec043c96..0ac795b41ab8 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
From: Arvind Yadav
Fix checkpatch.pl error:
ERROR: space prohibited before open square bracket '['.
Signed-off-by: Arvind Yadav
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_proto_tcp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netf
Hi Pablo,
please consider these IPVS enhancements for v4.18.
* Whitepace cleanup
* Add Maglev hashing algorithm as a IPVS scheduler
Inju Song says "Implements the Google's Maglev hashing algorithm as a
IPVS scheduler. Basically it provides consistent hashing but offers some
special featu
Song
Signed-off-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_mh.c | 540 ++
1 file changed, 540 insertions(+)
create mode 100644 net/netfilter/ipvs/ip_vs_mh.c
diff --git a/net/netfilter/ipvs/ip_vs_mh.c b/net/netfilter
From: Inju Song
To build the maglev hashing scheduler, add some configuration
to Kconfig and Makefile.
- The compile configurations of MH are added to the Kconfig.
- The MH build rule is added to the Makefile.
Signed-off-by: Inju Song
Signed-off-by: Julian Anastasov
Signed-off-by: Simon
ernat
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_dh.c| 3 ++-
net/netfilter/ipvs/ip_vs_lblc.c | 3 ++-
net/netfilter/ipvs/ip_vs_lblcr.c | 3 ++-
net/netfilter/ipvs/ip_vs_sh.c| 3 ++-
4 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/net
On Mon, Apr 09, 2018 at 04:53:22PM +0200, Pablo Neira Ayuso wrote:
> On Mon, Apr 09, 2018 at 10:20:18AM +0300, Simon Horman wrote:
> > On Sat, Apr 07, 2018 at 03:50:47PM +0300, Julian Anastasov wrote:
> > > syzkaller reports for wrong rtnl_lock usage in sync code [1] and [2]
>
reads that execute
> sock_release when they are stopped by stop_sync_thread.
...
> Reported-and-tested-by: syzbot+a46d6abf9d56b1365...@syzkaller.appspotmail.com
> Reported-and-tested-by: syzbot+5fe074c01b2032ce9...@syzkaller.appspotmail.com
> Fixes: e0b26cc997d5 ("ipvs: call rtnl_loc
On Mon, Mar 05, 2018 at 03:35:57PM -0600, Gustavo A. R. Silva wrote:
> Assign true or false to boolean variables instead of an integer value.
>
> This issue was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva
Signed-off-by: Simon Horman
Pablo, coul
Li Shuang
> Fixes: be7be6e161a2 ("netfilter: ipvs: fix incorrect conflict resolution")
> Signed-off-by: Julian Anastasov
Acked-by: Simon Horman
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
> VFS stopped pinning module at this point.
>
> # ipvs
> Acked-by: Julian Anastasov
Likewise, the IPVS portion looks good to me.
Acked-by: Simon Horman
> Signed-off-by: Alexey Dobriyan
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
patch to netfilter group
Acked-by: Simon Horman
Pablo, can you take this through the nf-next tree?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
115120
> Addresses-Coverity-ID: 115121
> Signed-off-by: Gustavo A. R. Silva
Signed-off-by: Simon Horman
Pablo, could you take this one directly?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kerne
p() and from_timer()
> > to pass the timer pointer explicitly.
> >
> > Cc: Wensong Zhang
> > Cc: Simon Horman
> > Cc: Julian Anastasov
> > Cc: Pablo Neira Ayuso
> > Cc: Jozsef Kadlecsik
> > Cc: Florian Westphal
> > Cc: "David S. Mille
parisc64
> architectures.
>
> Signed-off-by: Helge Deller
> Cc: Wensong Zhang
> Cc: net...@vger.kernel.org
> Cc: lvs-de...@vger.kernel.org
> Cc: netfilter-devel@vger.kernel.org
Sorry for the delay in processing this.
Acked-by: Simon Horman
Pablo, could you take this thr
for Julian and Simon to tell me what I should do with this.
Hi Pablo,
could you take these directly with Julian's Ack and the following?
Signed-off-by: Simon Horman
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...
On Sun, Jul 30, 2017 at 12:29:25PM +0530, Arvind Yadav wrote:
> Fix checkpatch.pl error:
> ERROR: space prohibited before open square bracket '['.
>
> Signed-off-by: Arvind Yadav
Thanks, applied for v4.14.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body
On Thu, May 04, 2017 at 09:48:08PM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 4 May 2017, Pablo Neira Ayuso wrote:
>
> > On Mon, May 01, 2017 at 04:45:34PM +0300, Julian Anastasov wrote:
> > > Hello,
> > >
> > > The following patches are rediffs for "ipvs: SNAT packet replies
Hi Pablo,
please consider this fix to IPVS for v4.12.
* It is a fix from Julian Anastasov to only SNAT SNAT packet replies only for
NATed connections
My understanding is that this fix is appropriate for 4.9.25, 4.10.13, 4.11
as well as the nf tree. Julian has separately posted backports for o
r to be more precise for the reply traffic.
As replies are not expected for DR/TUN connections, better
to not touch them.
Reported-by: Nick Moriarty
Tested-by: Nick Moriarty
Signed-off-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_core.c | 19 ++-
1
From: Aaron Conole
The sync_refresh_period variable is unsigned, so it can never be < 0.
Signed-off-by: Aaron Conole
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_sync.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/
From: Aaron Conole
There are no in-tree callers of this function and it isn't exported.
Signed-off-by: Aaron Conole
Signed-off-by: Simon Horman
---
include/net/ip_vs.h | 2 --
net/netfilter/ipvs/ip_vs_proto.c | 22 --
2 files changed, 24 deletions(-)
termine if IPv6 address is
local")
Signed-off-by: Paolo Abeni
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_ctl.c | 22 +-
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ip
Hi Pablo,
please consider these enhancements to IPVS for v4.12.
If it is too late for v4.12 then please consider them for v4.13.
* Remove unused function
* Correct comparison of unsigned value
The following changes since commit 9a08ecfe74d7796ddc92ec312d3b7eaeba5a7c22:
netfilter: don't attach
Hi Pablo,
please consider this fix to IPVS for v4.11.
Or if it is too late for v4.11 please consider it for v4.12.
I would also like it considered for stable.
* Explicitly forbid ipv6 service/dest creation if ipv6 mod is disabled
to avoid oops caused by IPVS accesing IPv6 routing code in such
Sorry, I messed this up.
I will repost.
On Fri, Apr 28, 2017 at 11:58:15AM +0200, Simon Horman wrote:
> Hi Pablo,
>
> please consider this fix to IPVS for v4.11.
> Or if it is too late for v4.11 please consider it for v4.12.
> I would also like it considered for stable.
>
>
Hi Pablo,
please consider this fix to IPVS for v4.11.
Or if it is too late for v4.11 please consider it for v4.12.
I would also like it considered for stable.
* Explicitly forbid ipv6 service/dest creation if ipv6 mod is disabled
to avoid oops caused by IPVS accesing IPv6 routing code in such
termine if IPv6 address is
local")
Signed-off-by: Paolo Abeni
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_ctl.c | 22 +-
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ip
On Mon, Apr 24, 2017 at 10:21:30AM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Mon, 24 Apr 2017, Paolo Abeni wrote:
>
> > Hi,
> >
> > The problem with the patched code is that it tries to resolve ipv6
> > addresses that are not created/validated by the kernel.
>
> OK. Simon, p
On vr, apr 14, 2017 at 02:13:09 +0200, Pablo Neira Ayuso wrote:
> On Mon, Apr 10, 2017 at 03:50:44PM -0400, Aaron Conole wrote:
> > There are no in-tree callers of this function and it isn't exported.
>
> Simon, let me know if you want to take this, or just add your
> Signed-off-by.
Hi Pablo,
I
On Fri, Apr 14, 2017 at 01:01:34AM +0200, Pablo Neira Ayuso wrote:
> Hi Simon,
>
> On Mon, Apr 10, 2017 at 09:58:32AM -0700, Simon Horman wrote:
> > Hi Pablo,
> >
> > please consider these clean-ups and enhancements to IPVS for v4.12.
> >
> > * Removal
On Wed, Apr 12, 2017 at 04:38:12PM -0400, Aaron Conole wrote:
> The sync_refresh_period variable is unsigned, so it can never be < 0.
>
> Signed-off-by: Aaron Conole
Thanks Aaron,
I have applied this to ipvs-next after updating the prefix to "ipvs:".
--
To unsubscribe from this list: send the l
On Mon, Apr 10, 2017 at 03:50:44PM -0400, Aaron Conole wrote:
> There are no in-tree callers of this function and it isn't exported.
>
> Signed-off-by: Aaron Conole
Thanks, applied to ipvs-next.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a messag
From: Varsha Rao
Replace kzalloc with kcalloc. As kcalloc is preferred for allocating an
array instead of kzalloc. This patch fixes the checkpatch issue.
Signed-off-by: Varsha Rao
---
net/netfilter/ipvs/ip_vs_sync.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ne
From: Florian Westphal
Check for the NAT status bits, they are set once conntrack needs NAT in source
or
reply direction, this is slightly faster than nfct_nat() as that has to check
the
extension area.
Signed-off-by: Florian Westphal
---
net/netfilter/ipvs/ip_vs_ftp.c | 2 +-
1 file changed
;
Signed-off-by: Arushi Singhal
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_ftp.c | 5 +
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index 2e2bf7428cd1..6caf4459e981 100644
--- a/net/netfilter/ipvs
Hi Pablo,
please consider these clean-ups and enhancements to IPVS for v4.12.
* Removal unused variable
* Use kzalloc where appropriate
* More efficient detection of presence of NAT extension
The following changes since commit 592d42ac7fd36408979e09bf2f170f2595dab7b8:
Merge branch 'qed-IOV-c
-
Simran, I would be happy to pick up the IPVS version if it was posted as a
separate patch.
Alternative, Pablo, if you would like to take this patch feel free to add:
Acked-by: Simon Horman
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the bod
On Tue, Mar 28, 2017 at 06:56:48PM +0530, Arushi Singhal wrote:
> Rmoved parentheses on the right hand side of assignment, as they are
> not required. The following coccinelle script was used to fix this
> issue:
>
> @@
> local idexpression id;
> expression e;
> @@
>
> id =
> -(
> e
> -)
>
> Sig
On Wed, Mar 29, 2017 at 03:45:01PM +0530, Arushi Singhal wrote:
> Replace explicit NULL comparison with ! operator to simplify code.
>
> Signed-off-by: Arushi Singhal
> ---
> net/netfilter/ipvs/ip_vs_ctl.c | 8 ++---
> net/netfilter/ipvs/ip_vs_proto.c | 8 ++---
I count 18 instan
On Wed, Mar 29, 2017 at 08:27:52PM +0530, Arushi Singhal wrote:
> This patch uses the following coccinelle script to remove
> a variable that was simply used to store the return
> value of a function call before returning it:
>
> @@
> identifier len,f;
> @@
>
> -int len;
> ... when != len
>
On Tue, Mar 28, 2017 at 10:31:20AM +0200, Florian Westphal wrote:
> Check for the NAT status bits, they are set once conntrack needs NAT in
> source or
> reply direction, this is slightly faster than nfct_nat() as that has to check
> the
> extension area.
>
> Signed-off-by: Florian Westphal
Th
From: Cong Wang
At most it is used for debugging purpose, but I don't think
it is even useful for debugging, just remove it.
Signed-off-by: Cong Wang
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_core.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/net/netfilter
From: Hangbin Liu
Document sysctl pmtu_disc based on commit 3654e61137db ("ipvs: add
pmtu_disc option to disable IP DF for TUN packets").
Signed-off-by: Hangbin Liu
Signed-off-by: Simon Horman
---
Documentation/networking/ipvs-sysctl.txt | 8
1 file changed, 8 insertion
Hi Pablo,
please consider these enhancements to the IPVS for v4.12.
* Update sysctl documentation
* Remove unnecessary printk in __ip_vs_init
The following changes since commit 03e5fd0e9bcc1f34b7a542786b34b8f771e7c260:
netfilter: nft_set_rbtree: use per-set rwlock to improve the scalability
From: Hangbin Liu
Document sysctl sync_qlen_max and sync_sock_size based on
commit 1c003b1580e2 ("ipvs: wakeup master thread").
Signed-off-by: Hangbin Liu
Signed-off-by: Simon Horman
---
Documentation/networking/ipvs-sysctl.txt | 14 ++
1 file changed, 14 insertion
From: Hangbin Liu
Document sysctl sync_ports based on commit f73181c8288f ("ipvs: add support
for sync threads").
Signed-off-by: Hangbin Liu
Signed-off-by: Simon Horman
---
Documentation/networking/ipvs-sysctl.txt | 8
1 file changed, 8 insertions(+)
diff --git a/Doc
From: Hangbin Liu
Fix sync_threshold description which should have two values. Also add
sync_refresh_period and sync_retries based on commit 749c42b620a9
("ipvs: reduce sync rate with time thresholds").
Signed-off-by: Hangbin Liu
Signed-off-by: Simon Horman
---
Documentation/netwo
On Fri, Jan 27, 2017 at 01:21:11PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Jan 27, 2017 at 09:07:38AM +0100, Simon Horman wrote:
> > On Thu, Jan 26, 2017 at 10:49:10PM +0200, Julian Anastasov wrote:
> > >
> > > Hello,
> > >
> >
n Anastasov
>
> Simon and Pablo, this is more appropriate for
> ipvs-next/nf-next. Please apply!
Pablo, would you mind taking this one directly into nf-next?
Signed-off-by: Simon Horman
>
> > ---
> > include/net/ip_vs.h| 2 +-
> > net/netfilter/
Hi Pablo,
please consider these enhancements to the IPVS for v4.10.
* Decrement the IP ttl in all the modes in order to prevent infinite
route loops. Thanks to Dwip Banerjee.
* Use IS_ERR_OR_NULL macro. Clean-up from Gao Feng.
The following changes since commit 7d384846b9987f7b611357adf3cdfec
From: Gao Feng
This minor refactoring does not change the logic of function
ip_vs_genl_dump_dests.
Signed-off-by: Gao Feng
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_ctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net
nd in __ip_vs_get_out_rt_v6(), for the IPv6
case. decrement_ttl() implements the actual functionality for the
two cases.
Signed-off-by: Dwip Banerjee
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_xmit.c | 54 +
1 file changed, 54 inser
Wang
Signed-off-by: Simon Horman
Pablo, can you take this one into nf?
> ---
> net/netfilter/ipvs/ip_vs_ctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index c3c809b..a6
ks because
> > > the layout is identical, but seems error-prone, so I'm changing
> > > this in the process to directly copy the two members. This change
> > > seemed to have no effect on the object code or the warning, but
> > > it deals with the same data,
Hi Pablo,
On Fri, Aug 12, 2016 at 12:24:43PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Aug 03, 2016 at 03:21:28PM +0200, Florian Westphal wrote:
> > Once timer is removed from nf_conn struct we cannot open-code
> > the removal sequence anymore.
>
> @Simon and other IPVS folks: I'm going to take t
ot; quickly but at that time, all of them are already assigned to one
real server (or few), resulting in highly unbalanced distribution.
Address this by counting the "pre-established" states as "active".
Signed-off-by: Michal Kubecek
Acked-by: Julian Anastasov
Signed-off
Hi Pablo,
please consider these enhancements to the IPVS. This alters the behaviour
of the "least connection" schedulers such that pre-established connections
are included in the active connection count. This avoids overloading
servers when a large number of new connections arrive in a short space
>sk_bound_dev_if on the socket before calling
inet6_bind() resolves the issue.
Fixes: d33288172e72 ("ipvs: add more mcast parameters for the sync daemon")
Signed-off-by: Quentin Armitage
Acked-by: Julian Anastasov
Signed-off-by: Simon Horman
---
net/netfilter/ipvs/ip_vs_sync.c | 6 ++
Hi Pablo,
please consider this IPVS fix for v4.7.
The fix from Quentin Armitage allows the backup sync daemon to
be bound to a link-local mcast IPv6 address as is already the case
for IPv4.
The following changes since commit 62131e5d735226074cba53095545d76b491e5003:
netfilter: nft_meta: set s
On Fri, Jun 17, 2016 at 09:42:49AM +0300, Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 16 Jun 2016, Quentin Armitage wrote:
>
> > When using HEAD from
> > https://git.kernel.org/cgit/utils/kernel/ipvsadm/ipvsadm.git/,
> > the command:
> > ipvsadm --start-daemon backup --mcast-interface e
1 - 100 of 123 matches
Mail list logo
