[GIT PULL nf-next] IPVS

[GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

please consider the following enhancements to IPVS for inclusion in 3.6.

----------------------------------------------------------------
The following changes since commit 46ba5a25f521e3c50d7bb81b1abb977769047456:

  netfilter: nfnetlink_queue: do not allow to set unsupported flag bits (2012-07-04 19:51:50 +0200)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master

for you to fetch changes up to 1fd130ebf10e1185022a9c0470f2298943bad1c4:

  ipvs: generalize app registration in netns (2012-07-10 17:58:10 +0900)

----------------------------------------------------------------
Julian Anastasov (2):
      ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper
      ipvs: generalize app registration in netns

 include/net/ip_vs.h            |  5 ++--
 net/netfilter/ipvs/Kconfig     |  3 ++-
 net/netfilter/ipvs/ip_vs_app.c | 61 +++++++++++++++++++++++++++++++-----------
 net/netfilter/ipvs/ip_vs_ftp.c | 21 ++++-----------
 4 files changed, 54 insertions(+), 36 deletions(-)

[PATCH 1/2] ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper

[Simon Horman]

From: Julian Anastasov <ja@ssi.bg>

	The FTP application indirectly depends on the
nf_conntrack_ftp helper for proper NAT support. If the
module is not loaded, IPVS can resize the packets for the
command connection, eg. PASV response but the SEQ adjustment
logic in ipv4_confirm is not called without helper.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 net/netfilter/ipvs/Kconfig | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig
index f987138..8b2cffd 100644
--- a/net/netfilter/ipvs/Kconfig
+++ b/net/netfilter/ipvs/Kconfig
@@ -250,7 +250,8 @@ comment 'IPVS application helper'
 
 config	IP_VS_FTP
   	tristate "FTP protocol helper"
-        depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT
+	depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \
+		NF_CONNTRACK_FTP
 	select IP_VS_NFCT
 	---help---
 	  FTP is a protocol that transfers IP address and/or port number in
-- 
1.7.10.2.484.gcd07cc5

[PATCH 2/2] ipvs: generalize app registration in netns

[Simon Horman]

From: Julian Anastasov <ja@ssi.bg>

	Get rid of the ftp_app pointer and allow applications
to be registered without adding fields in the netns_ipvs structure.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 include/net/ip_vs.h            |  5 ++--
 net/netfilter/ipvs/ip_vs_app.c | 61 +++++++++++++++++++++++++++++++-----------
 net/netfilter/ipvs/ip_vs_ftp.c | 21 ++++-----------
 3 files changed, 52 insertions(+), 35 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index d6146b4..6cb4699 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -808,8 +808,6 @@ struct netns_ipvs {
 	struct list_head	rs_table[IP_VS_RTAB_SIZE];
 	/* ip_vs_app */
 	struct list_head	app_list;
-	/* ip_vs_ftp */
-	struct ip_vs_app	*ftp_app;
 	/* ip_vs_proto */
 	#define IP_VS_PROTO_TAB_SIZE	32	/* must be power of 2 */
 	struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
@@ -1179,7 +1177,8 @@ extern void ip_vs_service_net_cleanup(struct net *net);
  *      (from ip_vs_app.c)
  */
 #define IP_VS_APP_MAX_PORTS  8
-extern int register_ip_vs_app(struct net *net, struct ip_vs_app *app);
+extern struct ip_vs_app *register_ip_vs_app(struct net *net,
+					    struct ip_vs_app *app);
 extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
 extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 extern void ip_vs_unbind_app(struct ip_vs_conn *cp);
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index 64f9e8f..11caaea 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -180,22 +180,41 @@ register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app, __u16 proto,
 }
 
 
-/*
- *	ip_vs_app registration routine
- */
-int register_ip_vs_app(struct net *net, struct ip_vs_app *app)
+/* Register application for netns */
+struct ip_vs_app *register_ip_vs_app(struct net *net, struct ip_vs_app *app)
 {
 	struct netns_ipvs *ipvs = net_ipvs(net);
-	/* increase the module use count */
-	ip_vs_use_count_inc();
+	struct ip_vs_app *a;
+	int err = 0;
+
+	if (!ipvs)
+		return ERR_PTR(-ENOENT);
 
 	mutex_lock(&__ip_vs_app_mutex);
 
-	list_add(&app->a_list, &ipvs->app_list);
+	list_for_each_entry(a, &ipvs->app_list, a_list) {
+		if (!strcmp(app->name, a->name)) {
+			err = -EEXIST;
+			break;
+		}
+	}
+	if (!err) {
+		a = kmemdup(app, sizeof(*app), GFP_KERNEL);
+		if (!a)
+			err = -ENOMEM;
+	}
+	if (!err) {
+		INIT_LIST_HEAD(&a->incs_list);
+		list_add(&a->a_list, &ipvs->app_list);
+		/* increase the module use count */
+		ip_vs_use_count_inc();
+	}
 
 	mutex_unlock(&__ip_vs_app_mutex);
 
-	return 0;
+	if (err)
+		return ERR_PTR(err);
+	return a;
 }
 
 
@@ -205,20 +224,29 @@ int register_ip_vs_app(struct net *net, struct ip_vs_app *app)
  */
 void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app)
 {
-	struct ip_vs_app *inc, *nxt;
+	struct netns_ipvs *ipvs = net_ipvs(net);
+	struct ip_vs_app *a, *anxt, *inc, *nxt;
+
+	if (!ipvs)
+		return;
 
 	mutex_lock(&__ip_vs_app_mutex);
 
-	list_for_each_entry_safe(inc, nxt, &app->incs_list, a_list) {
-		ip_vs_app_inc_release(net, inc);
-	}
+	list_for_each_entry_safe(a, anxt, &ipvs->app_list, a_list) {
+		if (app && strcmp(app->name, a->name))
+			continue;
+		list_for_each_entry_safe(inc, nxt, &a->incs_list, a_list) {
+			ip_vs_app_inc_release(net, inc);
+		}
 
-	list_del(&app->a_list);
+		list_del(&a->a_list);
+		kfree(a);
 
-	mutex_unlock(&__ip_vs_app_mutex);
+		/* decrease the module use count */
+		ip_vs_use_count_dec();
+	}
 
-	/* decrease the module use count */
-	ip_vs_use_count_dec();
+	mutex_unlock(&__ip_vs_app_mutex);
 }
 
 
@@ -586,5 +614,6 @@ int __net_init ip_vs_app_net_init(struct net *net)
 
 void __net_exit ip_vs_app_net_cleanup(struct net *net)
 {
+	unregister_ip_vs_app(net, NULL /* all */);
 	proc_net_remove(net, "ip_vs_app");
 }
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index b20b29c..ad70b7e 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -441,16 +441,10 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
 
 	if (!ipvs)
 		return -ENOENT;
-	app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL);
-	if (!app)
-		return -ENOMEM;
-	INIT_LIST_HEAD(&app->a_list);
-	INIT_LIST_HEAD(&app->incs_list);
-	ipvs->ftp_app = app;
 
-	ret = register_ip_vs_app(net, app);
-	if (ret)
-		goto err_exit;
+	app = register_ip_vs_app(net, &ip_vs_ftp);
+	if (IS_ERR(app))
+		return PTR_ERR(app);
 
 	for (i = 0; i < ports_count; i++) {
 		if (!ports[i])
@@ -464,9 +458,7 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
 	return 0;
 
 err_unreg:
-	unregister_ip_vs_app(net, app);
-err_exit:
-	kfree(ipvs->ftp_app);
+	unregister_ip_vs_app(net, &ip_vs_ftp);
 	return ret;
 }
 /*
@@ -474,10 +466,7 @@ err_exit:
  */
 static void __ip_vs_ftp_exit(struct net *net)
 {
-	struct netns_ipvs *ipvs = net_ipvs(net);

Re: [PATCH 1/2] ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper

[Pablo Neira Ayuso]

On Wed, Jul 11, 2012 at 09:25:26AM +0900, Simon Horman wrote:
> From: Julian Anastasov <ja@ssi.bg>
> 
> 	The FTP application indirectly depends on the
> nf_conntrack_ftp helper for proper NAT support. If the
> module is not loaded, IPVS can resize the packets for the
> command connection, eg. PASV response but the SEQ adjustment
> logic in ipv4_confirm is not called without helper.
> 
> Signed-off-by: Julian Anastasov <ja@ssi.bg>
> Signed-off-by: Simon Horman <horms@verge.net.au>
> ---
>  net/netfilter/ipvs/Kconfig | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig
> index f987138..8b2cffd 100644
> --- a/net/netfilter/ipvs/Kconfig
> +++ b/net/netfilter/ipvs/Kconfig
> @@ -250,7 +250,8 @@ comment 'IPVS application helper'
>  
>  config	IP_VS_FTP
>    	tristate "FTP protocol helper"
> -        depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT
> +	depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \
> +		NF_CONNTRACK_FTP

If you require FTP NAT support, then this depends on NF_NAT_FTP
instead of NF_CONNTRACK_FTP.

Re: [PATCH 2/2] ipvs: generalize app registration in netns

[Pablo Neira Ayuso]

On Wed, Jul 11, 2012 at 09:25:27AM +0900, Simon Horman wrote:
> From: Julian Anastasov <ja@ssi.bg>
> 
> 	Get rid of the ftp_app pointer and allow applications
> to be registered without adding fields in the netns_ipvs structure.
> 
> Signed-off-by: Julian Anastasov <ja@ssi.bg>
> Signed-off-by: Simon Horman <horms@verge.net.au>
> ---
>  include/net/ip_vs.h            |  5 ++--
>  net/netfilter/ipvs/ip_vs_app.c | 61 +++++++++++++++++++++++++++++++-----------
>  net/netfilter/ipvs/ip_vs_ftp.c | 21 ++++-----------
>  3 files changed, 52 insertions(+), 35 deletions(-)
> 
> diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
> index d6146b4..6cb4699 100644
> --- a/include/net/ip_vs.h
> +++ b/include/net/ip_vs.h
> @@ -808,8 +808,6 @@ struct netns_ipvs {
>  	struct list_head	rs_table[IP_VS_RTAB_SIZE];
>  	/* ip_vs_app */
>  	struct list_head	app_list;
> -	/* ip_vs_ftp */
> -	struct ip_vs_app	*ftp_app;
>  	/* ip_vs_proto */
>  	#define IP_VS_PROTO_TAB_SIZE	32	/* must be power of 2 */
>  	struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
> @@ -1179,7 +1177,8 @@ extern void ip_vs_service_net_cleanup(struct net *net);
>   *      (from ip_vs_app.c)
>   */
>  #define IP_VS_APP_MAX_PORTS  8
> -extern int register_ip_vs_app(struct net *net, struct ip_vs_app *app);
> +extern struct ip_vs_app *register_ip_vs_app(struct net *net,
> +					    struct ip_vs_app *app);
>  extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
>  extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
>  extern void ip_vs_unbind_app(struct ip_vs_conn *cp);
> diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
> index 64f9e8f..11caaea 100644
> --- a/net/netfilter/ipvs/ip_vs_app.c
> +++ b/net/netfilter/ipvs/ip_vs_app.c
> @@ -180,22 +180,41 @@ register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app, __u16 proto,
>  }
>  
>  
> -/*
> - *	ip_vs_app registration routine
> - */
> -int register_ip_vs_app(struct net *net, struct ip_vs_app *app)
> +/* Register application for netns */
> +struct ip_vs_app *register_ip_vs_app(struct net *net, struct ip_vs_app *app)
>  {
>  	struct netns_ipvs *ipvs = net_ipvs(net);
> -	/* increase the module use count */
> -	ip_vs_use_count_inc();
> +	struct ip_vs_app *a;
> +	int err = 0;
> +
> +	if (!ipvs)
> +		return ERR_PTR(-ENOENT);
>  
>  	mutex_lock(&__ip_vs_app_mutex);
>  
> -	list_add(&app->a_list, &ipvs->app_list);
> +	list_for_each_entry(a, &ipvs->app_list, a_list) {
> +		if (!strcmp(app->name, a->name)) {
> +			err = -EEXIST;
> +			break;
> +		}
> +	}
> +	if (!err) {
> +		a = kmemdup(app, sizeof(*app), GFP_KERNEL);
> +		if (!a)
> +			err = -ENOMEM;
> +	}
> +	if (!err) {
> +		INIT_LIST_HEAD(&a->incs_list);
> +		list_add(&a->a_list, &ipvs->app_list);
> +		/* increase the module use count */
> +		ip_vs_use_count_inc();
> +	}

I think this code will look better if you use something like:

+		if (!strcmp(app->name, a->name)) {
+			err = -EEXIST;
+			goto err_unlock;
+		}

err_unlock:
        mutex_unlock(...)

>  
>  	mutex_unlock(&__ip_vs_app_mutex);
>  
> -	return 0;
> +	if (err)
> +		return ERR_PTR(err);
> +	return a;

For this three lines above, you can use:

return err ? return ERR_PTR(err) : a;

>  }
>  
>  
> @@ -205,20 +224,29 @@ int register_ip_vs_app(struct net *net, struct ip_vs_app *app)
>   */
>  void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app)
>  {
> -	struct ip_vs_app *inc, *nxt;
> +	struct netns_ipvs *ipvs = net_ipvs(net);
> +	struct ip_vs_app *a, *anxt, *inc, *nxt;
> +
> +	if (!ipvs)
> +		return;
>  
>  	mutex_lock(&__ip_vs_app_mutex);
>  
> -	list_for_each_entry_safe(inc, nxt, &app->incs_list, a_list) {
> -		ip_vs_app_inc_release(net, inc);
> -	}
> +	list_for_each_entry_safe(a, anxt, &ipvs->app_list, a_list) {
> +		if (app && strcmp(app->name, a->name))
> +			continue;
> +		list_for_each_entry_safe(inc, nxt, &a->incs_list, a_list) {
> +			ip_vs_app_inc_release(net, inc);
> +		}
>  
> -	list_del(&app->a_list);
> +		list_del(&a->a_list);
> +		kfree(a);
>  
> -	mutex_unlock(&__ip_vs_app_mutex);
> +		/* decrease the module use count */
> +		ip_vs_use_count_dec();
> +	}
>  
> -	/* decrease the module use count */
> -	ip_vs_use_count_dec();
> +	mutex_unlock(&__ip_vs_app_mutex);
>  }
>  
>  
> @@ -586,5 +614,6 @@ int __net_init ip_vs_app_net_init(struct net *net)
>  
>  void __net_exit ip_vs_app_net_cleanup(struct net *net)
>  {
> +	unregister_ip_vs_app(net, NULL /* all */);
>  	proc_net_remove(net, "ip_vs_app");
>  }
> diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
> index b20b29c..ad70b7e 100644
> --- a/net/netfilter/ipvs/ip_vs_ftp.c
> +++ b/net/netfilter/ipvs/ip_vs_ftp.c
> @@ -441,16 +441,10 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
>  
>  	if (!ipvs)
>  		return -ENOENT;
> -	app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL);
> -	if (!app)
> -		return -ENOMEM;
> -	INIT_LIST_HEAD(&app->a_list);
> -	INIT_LIST_HEAD(&app->incs_list);
> -	ipvs->ftp_app = app;
>  
> -	ret = register_ip_vs_app(net, app);
> -	if (ret)
> -		goto err_exit;
> +	app = register_ip_vs_app(net, &ip_vs_ftp);
> +	if (IS_ERR(app))
> +		return PTR_ERR(app);
>  
>  	for (i = 0; i < ports_count; i++) {
>  		if (!ports[i])
> @@ -464,9 +458,7 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
>  	return 0;
>  
>  err_unreg:
> -	unregister_ip_vs_app(net, app);
> -err_exit:
> -	kfree(ipvs->ftp_app);
> +	unregister_ip_vs_app(net, &ip_vs_ftp);
>  	return ret;
>  }
>  /*
> @@ -474,10 +466,7 @@ err_exit:
>   */
>  static void __ip_vs_ftp_exit(struct net *net)
>  {
> -	struct netns_ipvs *ipvs = net_ipvs(net);
> -
> -	unregister_ip_vs_app(net, ipvs->ftp_app);
> -	kfree(ipvs->ftp_app);
> +	unregister_ip_vs_app(net, &ip_vs_ftp);
>  }
>  
>  static struct pernet_operations ip_vs_ftp_ops = {
> -- 
> 1.7.10.2.484.gcd07cc5
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH 1/2] ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper

[Julian Anastasov]

	Hello,

On Thu, 12 Jul 2012, Pablo Neira Ayuso wrote:

> On Wed, Jul 11, 2012 at 09:25:26AM +0900, Simon Horman wrote:
> > From: Julian Anastasov <ja@ssi.bg>
> > 
> > 	The FTP application indirectly depends on the
> > nf_conntrack_ftp helper for proper NAT support. If the
> > module is not loaded, IPVS can resize the packets for the
> > command connection, eg. PASV response but the SEQ adjustment
> > logic in ipv4_confirm is not called without helper.
> > 
> > Signed-off-by: Julian Anastasov <ja@ssi.bg>
> > Signed-off-by: Simon Horman <horms@verge.net.au>
> > ---
> >  net/netfilter/ipvs/Kconfig | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig
> > index f987138..8b2cffd 100644
> > --- a/net/netfilter/ipvs/Kconfig
> > +++ b/net/netfilter/ipvs/Kconfig
> > @@ -250,7 +250,8 @@ comment 'IPVS application helper'
> >  
> >  config	IP_VS_FTP
> >    	tristate "FTP protocol helper"
> > -        depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT
> > +	depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \
> > +		NF_CONNTRACK_FTP
> 
> If you require FTP NAT support, then this depends on NF_NAT_FTP
> instead of NF_CONNTRACK_FTP.

	No, I just checked again, it works without nf_nat_ftp,
only nf_nat, nf_conntrack_ftp and iptable_nat are needed.
We use packet mangling part from nf_nat (nf_nat_mangle_tcp_packet).

Regards

--
Julian Anastasov <ja@ssi.bg>

Re: [PATCH 2/2] ipvs: generalize app registration in netns

[Julian Anastasov]

	Hello,

On Thu, 12 Jul 2012, Pablo Neira Ayuso wrote:

> > +struct ip_vs_app *register_ip_vs_app(struct net *net, struct ip_vs_app *app)
> >  {
> >  	struct netns_ipvs *ipvs = net_ipvs(net);
> > -	/* increase the module use count */
> > -	ip_vs_use_count_inc();
> > +	struct ip_vs_app *a;
> > +	int err = 0;
> > +
> > +	if (!ipvs)
> > +		return ERR_PTR(-ENOENT);
> >  
> >  	mutex_lock(&__ip_vs_app_mutex);
> >  
> > -	list_add(&app->a_list, &ipvs->app_list);
> > +	list_for_each_entry(a, &ipvs->app_list, a_list) {
> > +		if (!strcmp(app->name, a->name)) {
> > +			err = -EEXIST;
> > +			break;
> > +		}
> > +	}
> > +	if (!err) {
> > +		a = kmemdup(app, sizeof(*app), GFP_KERNEL);
> > +		if (!a)
> > +			err = -ENOMEM;
> > +	}
> > +	if (!err) {
> > +		INIT_LIST_HEAD(&a->incs_list);
> > +		list_add(&a->a_list, &ipvs->app_list);
> > +		/* increase the module use count */
> > +		ip_vs_use_count_inc();
> > +	}
> 
> I think this code will look better if you use something like:
> 
> +		if (!strcmp(app->name, a->name)) {
> +			err = -EEXIST;
> +			goto err_unlock;
> +		}
> 
> err_unlock:
>         mutex_unlock(...)
> 
> >  
> >  	mutex_unlock(&__ip_vs_app_mutex);
> >  
> > -	return 0;
> > +	if (err)
> > +		return ERR_PTR(err);
> > +	return a;
> 
> For this three lines above, you can use:
> 
> return err ? return ERR_PTR(err) : a;

	Good point, sending v2 ...

Regards

--
Julian Anastasov <ja@ssi.bg>

[PATCH v2] ipvs: generalize app registration in netns

[Julian Anastasov]

	Get rid of the ftp_app pointer and allow applications
to be registered without adding fields in the netns_ipvs structure.

v2: fix coding style as suggested by Pablo Neira Ayuso <pablo@netfilter.org>

Signed-off-by: Julian Anastasov <ja@ssi.bg>
---
 include/net/ip_vs.h            |    5 +--
 net/netfilter/ipvs/ip_vs_app.c |   58 +++++++++++++++++++++++++++++-----------
 net/netfilter/ipvs/ip_vs_ftp.c |   21 +++-----------
 3 files changed, 49 insertions(+), 35 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index d6146b4..6cb4699 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -808,8 +808,6 @@ struct netns_ipvs {
 	struct list_head	rs_table[IP_VS_RTAB_SIZE];
 	/* ip_vs_app */
 	struct list_head	app_list;
-	/* ip_vs_ftp */
-	struct ip_vs_app	*ftp_app;
 	/* ip_vs_proto */
 	#define IP_VS_PROTO_TAB_SIZE	32	/* must be power of 2 */
 	struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
@@ -1179,7 +1177,8 @@ extern void ip_vs_service_net_cleanup(struct net *net);
  *      (from ip_vs_app.c)
  */
 #define IP_VS_APP_MAX_PORTS  8
-extern int register_ip_vs_app(struct net *net, struct ip_vs_app *app);
+extern struct ip_vs_app *register_ip_vs_app(struct net *net,
+					    struct ip_vs_app *app);
 extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
 extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 extern void ip_vs_unbind_app(struct ip_vs_conn *cp);
diff --git a/net/netfilter/ipvs/ip_vs_app.c b/net/netfilter/ipvs/ip_vs_app.c
index 64f9e8f..9713e6e 100644
--- a/net/netfilter/ipvs/ip_vs_app.c
+++ b/net/netfilter/ipvs/ip_vs_app.c
@@ -180,22 +180,38 @@ register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app, __u16 proto,
 }
 
 
-/*
- *	ip_vs_app registration routine
- */
-int register_ip_vs_app(struct net *net, struct ip_vs_app *app)
+/* Register application for netns */
+struct ip_vs_app *register_ip_vs_app(struct net *net, struct ip_vs_app *app)
 {
 	struct netns_ipvs *ipvs = net_ipvs(net);
-	/* increase the module use count */
-	ip_vs_use_count_inc();
+	struct ip_vs_app *a;
+	int err = 0;
+
+	if (!ipvs)
+		return ERR_PTR(-ENOENT);
 
 	mutex_lock(&__ip_vs_app_mutex);
 
-	list_add(&app->a_list, &ipvs->app_list);
+	list_for_each_entry(a, &ipvs->app_list, a_list) {
+		if (!strcmp(app->name, a->name)) {
+			err = -EEXIST;
+			goto out_unlock;
+		}
+	}
+	a = kmemdup(app, sizeof(*app), GFP_KERNEL);
+	if (!a) {
+		err = -ENOMEM;
+		goto out_unlock;
+	}
+	INIT_LIST_HEAD(&a->incs_list);
+	list_add(&a->a_list, &ipvs->app_list);
+	/* increase the module use count */
+	ip_vs_use_count_inc();
 
+out_unlock:
 	mutex_unlock(&__ip_vs_app_mutex);
 
-	return 0;
+	return err ? ERR_PTR(err) : a;
 }
 
 
@@ -205,20 +221,29 @@ int register_ip_vs_app(struct net *net, struct ip_vs_app *app)
  */
 void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app)
 {
-	struct ip_vs_app *inc, *nxt;
+	struct netns_ipvs *ipvs = net_ipvs(net);
+	struct ip_vs_app *a, *anxt, *inc, *nxt;
+
+	if (!ipvs)
+		return;
 
 	mutex_lock(&__ip_vs_app_mutex);
 
-	list_for_each_entry_safe(inc, nxt, &app->incs_list, a_list) {
-		ip_vs_app_inc_release(net, inc);
-	}
+	list_for_each_entry_safe(a, anxt, &ipvs->app_list, a_list) {
+		if (app && strcmp(app->name, a->name))
+			continue;
+		list_for_each_entry_safe(inc, nxt, &a->incs_list, a_list) {
+			ip_vs_app_inc_release(net, inc);
+		}
 
-	list_del(&app->a_list);
+		list_del(&a->a_list);
+		kfree(a);
 
-	mutex_unlock(&__ip_vs_app_mutex);
+		/* decrease the module use count */
+		ip_vs_use_count_dec();
+	}
 
-	/* decrease the module use count */
-	ip_vs_use_count_dec();
+	mutex_unlock(&__ip_vs_app_mutex);
 }
 
 
@@ -586,5 +611,6 @@ int __net_init ip_vs_app_net_init(struct net *net)
 
 void __net_exit ip_vs_app_net_cleanup(struct net *net)
 {
+	unregister_ip_vs_app(net, NULL /* all */);
 	proc_net_remove(net, "ip_vs_app");
 }
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index b20b29c..ad70b7e 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -441,16 +441,10 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
 
 	if (!ipvs)
 		return -ENOENT;
-	app = kmemdup(&ip_vs_ftp, sizeof(struct ip_vs_app), GFP_KERNEL);
-	if (!app)
-		return -ENOMEM;
-	INIT_LIST_HEAD(&app->a_list);
-	INIT_LIST_HEAD(&app->incs_list);
-	ipvs->ftp_app = app;
 
-	ret = register_ip_vs_app(net, app);
-	if (ret)
-		goto err_exit;
+	app = register_ip_vs_app(net, &ip_vs_ftp);
+	if (IS_ERR(app))
+		return PTR_ERR(app);
 
 	for (i = 0; i < ports_count; i++) {
 		if (!ports[i])
@@ -464,9 +458,7 @@ static int __net_init __ip_vs_ftp_init(struct net *net)
 	return 0;
 
 err_unreg:
-	unregister_ip_vs_app(net, app);
-err_exit:
-	kfree(ipvs->ftp_app);
+	unregister_ip_vs_app(net, &ip_vs_ftp);
 	return ret;
 }
 /*
@@ -474,10 +466,7 @@ err_exit:
  */
 static void __ip_vs_ftp_exit(struct net *net)
 {
-	struct netns_ipvs *ipvs = net_ipvs(net);

Re: [PATCH v2] ipvs: generalize app registration in netns

[Simon Horman]

On Thu, Jul 12, 2012 at 11:06:20PM +0300, Julian Anastasov wrote:
> 
> 	Get rid of the ftp_app pointer and allow applications
> to be registered without adding fields in the netns_ipvs structure.
> 
> v2: fix coding style as suggested by Pablo Neira Ayuso <pablo@netfilter.org>

Thanks, I have (forcibly) pushed this into the ipvs-next tree in
place of v1.

I will want for consensus on the "ipvs: ip_vs_ftp depends on
nf_conntrack_ftp helper" change before sending a fresh
pull request to Pablo.

Re: [PATCH 1/2] ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper

[Simon Horman]

On Thu, Jul 12, 2012 at 10:43:22PM +0300, Julian Anastasov wrote:
> 
> 	Hello,
> 
> On Thu, 12 Jul 2012, Pablo Neira Ayuso wrote:
> 
> > On Wed, Jul 11, 2012 at 09:25:26AM +0900, Simon Horman wrote:
> > > From: Julian Anastasov <ja@ssi.bg>
> > > 
> > > 	The FTP application indirectly depends on the
> > > nf_conntrack_ftp helper for proper NAT support. If the
> > > module is not loaded, IPVS can resize the packets for the
> > > command connection, eg. PASV response but the SEQ adjustment
> > > logic in ipv4_confirm is not called without helper.
> > > 
> > > Signed-off-by: Julian Anastasov <ja@ssi.bg>
> > > Signed-off-by: Simon Horman <horms@verge.net.au>
> > > ---
> > >  net/netfilter/ipvs/Kconfig | 3 ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig
> > > index f987138..8b2cffd 100644
> > > --- a/net/netfilter/ipvs/Kconfig
> > > +++ b/net/netfilter/ipvs/Kconfig
> > > @@ -250,7 +250,8 @@ comment 'IPVS application helper'
> > >  
> > >  config	IP_VS_FTP
> > >    	tristate "FTP protocol helper"
> > > -        depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT
> > > +	depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \
> > > +		NF_CONNTRACK_FTP
> > 
> > If you require FTP NAT support, then this depends on NF_NAT_FTP
> > instead of NF_CONNTRACK_FTP.
> 
> 	No, I just checked again, it works without nf_nat_ftp,
> only nf_nat, nf_conntrack_ftp and iptable_nat are needed.
> We use packet mangling part from nf_nat (nf_nat_mangle_tcp_packet).

Is there a consensus on this?

Re: [PATCH 1/2] ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper

[Pablo Neira Ayuso]

On Mon, Jul 23, 2012 at 03:48:18PM +0900, Simon Horman wrote:
> On Thu, Jul 12, 2012 at 10:43:22PM +0300, Julian Anastasov wrote:
> > 
> > 	Hello,
> > 
> > On Thu, 12 Jul 2012, Pablo Neira Ayuso wrote:
> > 
> > > On Wed, Jul 11, 2012 at 09:25:26AM +0900, Simon Horman wrote:
> > > > From: Julian Anastasov <ja@ssi.bg>
> > > > 
> > > > 	The FTP application indirectly depends on the
> > > > nf_conntrack_ftp helper for proper NAT support. If the
> > > > module is not loaded, IPVS can resize the packets for the
> > > > command connection, eg. PASV response but the SEQ adjustment
> > > > logic in ipv4_confirm is not called without helper.
> > > > 
> > > > Signed-off-by: Julian Anastasov <ja@ssi.bg>
> > > > Signed-off-by: Simon Horman <horms@verge.net.au>
> > > > ---
> > > >  net/netfilter/ipvs/Kconfig | 3 ++-
> > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig
> > > > index f987138..8b2cffd 100644
> > > > --- a/net/netfilter/ipvs/Kconfig
> > > > +++ b/net/netfilter/ipvs/Kconfig
> > > > @@ -250,7 +250,8 @@ comment 'IPVS application helper'
> > > >  
> > > >  config	IP_VS_FTP
> > > >    	tristate "FTP protocol helper"
> > > > -        depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT
> > > > +	depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \
> > > > +		NF_CONNTRACK_FTP
> > > 
> > > If you require FTP NAT support, then this depends on NF_NAT_FTP
> > > instead of NF_CONNTRACK_FTP.
> > 
> > 	No, I just checked again, it works without nf_nat_ftp,
> > only nf_nat, nf_conntrack_ftp and iptable_nat are needed.
> > We use packet mangling part from nf_nat (nf_nat_mangle_tcp_packet).
> 
> Is there a consensus on this?

Fine with me, just wanted to make sure this what you wanted. Thanks
Simon.

Re: [PATCH 1/2] ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper

[Simon Horman]

On Mon, Jul 23, 2012 at 07:39:06PM +0200, Pablo Neira Ayuso wrote:
> On Mon, Jul 23, 2012 at 03:48:18PM +0900, Simon Horman wrote:
> > On Thu, Jul 12, 2012 at 10:43:22PM +0300, Julian Anastasov wrote:
> > > 
> > > 	Hello,
> > > 
> > > On Thu, 12 Jul 2012, Pablo Neira Ayuso wrote:
> > > 
> > > > On Wed, Jul 11, 2012 at 09:25:26AM +0900, Simon Horman wrote:
> > > > > From: Julian Anastasov <ja@ssi.bg>
> > > > > 
> > > > > 	The FTP application indirectly depends on the
> > > > > nf_conntrack_ftp helper for proper NAT support. If the
> > > > > module is not loaded, IPVS can resize the packets for the
> > > > > command connection, eg. PASV response but the SEQ adjustment
> > > > > logic in ipv4_confirm is not called without helper.
> > > > > 
> > > > > Signed-off-by: Julian Anastasov <ja@ssi.bg>
> > > > > Signed-off-by: Simon Horman <horms@verge.net.au>
> > > > > ---
> > > > >  net/netfilter/ipvs/Kconfig | 3 ++-
> > > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > > > 
> > > > > diff --git a/net/netfilter/ipvs/Kconfig b/net/netfilter/ipvs/Kconfig
> > > > > index f987138..8b2cffd 100644
> > > > > --- a/net/netfilter/ipvs/Kconfig
> > > > > +++ b/net/netfilter/ipvs/Kconfig
> > > > > @@ -250,7 +250,8 @@ comment 'IPVS application helper'
> > > > >  
> > > > >  config	IP_VS_FTP
> > > > >    	tristate "FTP protocol helper"
> > > > > -        depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT
> > > > > +	depends on IP_VS_PROTO_TCP && NF_CONNTRACK && NF_NAT && \
> > > > > +		NF_CONNTRACK_FTP
> > > > 
> > > > If you require FTP NAT support, then this depends on NF_NAT_FTP
> > > > instead of NF_CONNTRACK_FTP.
> > > 
> > > 	No, I just checked again, it works without nf_nat_ftp,
> > > only nf_nat, nf_conntrack_ftp and iptable_nat are needed.
> > > We use packet mangling part from nf_nat (nf_nat_mangle_tcp_packet).
> > 
> > Is there a consensus on this?
> 
> Fine with me, just wanted to make sure this what you wanted. Thanks
> Simon.

Thanks. I'll include this in a pull request after rebasing ipvs-next.
I plan to do that today.

Re: [GIT PULL nf-next] IPVS

[Simon Horman]

On Tue, Mar 19, 2013 at 12:31:15AM +0100, Pablo Neira Ayuso wrote:
> Hi Simon,
> 
> On Mon, Mar 18, 2013 at 10:15:38PM +0900, Simon Horman wrote:
> [...]
> > ----------------------------------------------------------------
> > IPVS enhancements for v3.10 from Julian Anastasov
> > 
> > ----------------------------------------------------------------
> > Julian Anastasov (5):
> >       ipvs: add backup_only flag to avoid loops
> >       ipvs: remove extra rcu lock
> >       ipvs: fix sctp chunk length order
> >       ipvs: fix hashing in ip_vs_svc_hashkey
> >       ipvs: fix some sparse warnings
> 
> I think that these three fixes:
> 
> ipvs: add backup_only flag to avoid loops
> ipvs: remove extra rcu lock
> ipvs: fix sctp chunk length order
> 
> should find their path to the net tree.
> 
> The remaining two sparse fixes should go to net-next.
> 
> I can manually apply these patch if you want to the corresponding
> trees.

Thanks. I'll send two fresh pull requests shortly.

Re: [GIT PULL nf-next] IPVS

[Pablo Neira Ayuso]

Hi Simon,

On Mon, Mar 18, 2013 at 10:15:38PM +0900, Simon Horman wrote:
[...]
> ----------------------------------------------------------------
> IPVS enhancements for v3.10 from Julian Anastasov
> 
> ----------------------------------------------------------------
> Julian Anastasov (5):
>       ipvs: add backup_only flag to avoid loops
>       ipvs: remove extra rcu lock
>       ipvs: fix sctp chunk length order
>       ipvs: fix hashing in ip_vs_svc_hashkey
>       ipvs: fix some sparse warnings

I think that these three fixes:

ipvs: add backup_only flag to avoid loops
ipvs: remove extra rcu lock
ipvs: fix sctp chunk length order

should find their path to the net tree.

The remaining two sparse fixes should go to net-next.

I can manually apply these patch if you want to the corresponding
trees.

[GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

please consider the following IPVS enhancements from Julian for 3.10.

----------------------------------------------------------------
The following changes since commit 1cdb09056b27b2a06b06dc7187d2c33d57082d20:

  netfilter: nfnetlink_queue: use xor hash function to distribute instances (2013-03-15 12:38:40 +0100)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git tags/ipvs-for-v3.10

for you to fetch changes up to e095c65caffc923a0d1fb27763c3f9ec1dcb57fc:

  ipvs: fix some sparse warnings (2013-03-18 19:25:14 +0900)

----------------------------------------------------------------
IPVS enhancements for v3.10 from Julian Anastasov

----------------------------------------------------------------
Julian Anastasov (5):
      ipvs: add backup_only flag to avoid loops
      ipvs: remove extra rcu lock
      ipvs: fix sctp chunk length order
      ipvs: fix hashing in ip_vs_svc_hashkey
      ipvs: fix some sparse warnings

 Documentation/networking/ipvs-sysctl.txt |    7 +++++++
 include/net/ip_vs.h                      |   14 +++++++++++++-
 net/netfilter/ipvs/ip_vs_core.c          |   22 +++++++++-------------
 net/netfilter/ipvs/ip_vs_ctl.c           |   15 ++++++++++++---
 net/netfilter/ipvs/ip_vs_est.c           |    2 +-
 net/netfilter/ipvs/ip_vs_proto_sctp.c    |   16 +++++++++-------
 6 files changed, 51 insertions(+), 25 deletions(-)

Re: [GIT PULL nf-next] IPVS

[Pablo Neira Ayuso]

On Fri, Aug 10, 2012 at 10:41:29AM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> please consider the following enhancements to IPVS for inclusion in 3.7.
> 
> ----------------------------------------------------------------
> The following changes since commit 173f8654746c138a08f51a8a0db7747763a896a2:
> 
>   Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 (2012-07-27 20:52:25 -0700)
> 
> are available in the git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master

Pulled, thanks Simon.

[GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

please consider the following enhancements to IPVS for inclusion in 3.7.

----------------------------------------------------------------
The following changes since commit 173f8654746c138a08f51a8a0db7747763a896a2:

  Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 (2012-07-27 20:52:25 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master

for you to fetch changes up to 3654e61137db891f5312e6dd813b961484b5fdf3:

  ipvs: add pmtu_disc option to disable IP DF for TUN packets (2012-08-10 10:35:07 +0900)

----------------------------------------------------------------
Claudiu Ghioc (1):
      ipvs: fixed sparse warning

Julian Anastasov (4):
      ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper
      ipvs: generalize app registration in netns
      ipvs: implement passive PMTUD for IPIP packets
      ipvs: add pmtu_disc option to disable IP DF for TUN packets

 include/net/ip_vs.h             | 16 ++++++--
 net/netfilter/ipvs/Kconfig      |  3 +-
 net/netfilter/ipvs/ip_vs_app.c  | 58 ++++++++++++++++++++--------
 net/netfilter/ipvs/ip_vs_core.c | 76 +++++++++++++++++++++++++++++++++++--
 net/netfilter/ipvs/ip_vs_ctl.c  | 16 ++++++--
 net/netfilter/ipvs/ip_vs_ftp.c  | 21 +++--------
 net/netfilter/ipvs/ip_vs_xmit.c | 83 ++++++++++++++++++++++++++++-------------
 7 files changed, 204 insertions(+), 69 deletions(-)

Re: [GIT PULL nf-next] IPVS

[David Miller]

From: Simon Horman <horms@verge.net.au>
Date: Tue, 24 Jul 2012 10:01:05 +0900

> On Mon, Jul 23, 2012 at 04:35:08PM -0700, David Miller wrote:
>> From: Simon Horman <horms@verge.net.au>
>> Date: Tue, 24 Jul 2012 08:28:55 +0900
>> 
>> > please consider the following enhancements to IPVS for inclusion in 3.6.
>> 
>> The merge window has just openned, therefore any new work should have
>> been submitted and queued up already.
> 
> Sorry for my lateness. I can hold these changes for 3.7 if that is the
> best option at this point.

No worries, there is always the next merge window :-)

Re: [GIT PULL nf-next] IPVS

[Simon Horman]

On Mon, Jul 23, 2012 at 04:35:08PM -0700, David Miller wrote:
> From: Simon Horman <horms@verge.net.au>
> Date: Tue, 24 Jul 2012 08:28:55 +0900
> 
> > please consider the following enhancements to IPVS for inclusion in 3.6.
> 
> The merge window has just openned, therefore any new work should have
> been submitted and queued up already.

Sorry for my lateness. I can hold these changes for 3.7 if that is the
best option at this point.

Re: [GIT PULL nf-next] IPVS

[David Miller]

From: Simon Horman <horms@verge.net.au>
Date: Tue, 24 Jul 2012 08:28:55 +0900

> please consider the following enhancements to IPVS for inclusion in 3.6.

The merge window has just openned, therefore any new work should have
been submitted and queued up already.

[GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

please consider the following enhancements to IPVS for inclusion in 3.6.

----------------------------------------------------------------
The following changes since commit 9b70749e64132e17ab02239b82fcb4a2c55554d1:

  niu: Change niu_rbr_fill() to use unlikely() to check niu_rbr_add_page() return value (2012-07-22 23:31:07 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master

for you to fetch changes up to a805cfbcaaf819ab71a052d8a9d5d4c88cf2aba0:

  ipvs: add pmtu_disc option to disable IP DF for TUN packets (2012-07-24 08:23:06 +0900)

----------------------------------------------------------------
Claudiu Ghioc (1):
      ipvs: fixed sparse warning

Julian Anastasov (4):
      ipvs: ip_vs_ftp depends on nf_conntrack_ftp helper
      ipvs: generalize app registration in netns
      ipvs: implement passive PMTUD for IPIP packets
      ipvs: add pmtu_disc option to disable IP DF for TUN packets

 include/net/ip_vs.h             | 16 ++++++--
 net/netfilter/ipvs/Kconfig      |  3 +-
 net/netfilter/ipvs/ip_vs_app.c  | 58 ++++++++++++++++++++--------
 net/netfilter/ipvs/ip_vs_core.c | 76 +++++++++++++++++++++++++++++++++++--
 net/netfilter/ipvs/ip_vs_ctl.c  | 16 ++++++--
 net/netfilter/ipvs/ip_vs_ftp.c  | 21 +++--------
 net/netfilter/ipvs/ip_vs_xmit.c | 83 ++++++++++++++++++++++++++++-------------
 7 files changed, 204 insertions(+), 69 deletions(-)

[GIT PULL nf-next] IPVS

[Simon Horman]

please consider pulling
git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs.git master
to get the following enhancements to IPVS connection synchronisation
from Julian and a minor clean-up from myself.

The following changes since commit ace30d73ef09fd5f95b24c5c1c5aa11963981494:

  netfilter: xt_LOG: add __printf() to sb_add() (2012-03-07 17:41:52 +0100)

are available in the git repository at:
  git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master

Julian Anastasov (8):
      ipvs: ignore IP_VS_CONN_F_NOOUTPUT in backup server
      ipvs: remove check for IP_VS_CONN_F_SYNC from ip_vs_bind_dest
      ipvs: fix ip_vs_try_bind_dest to rebind app and transmitter
      ipvs: always update some of the flags bits in backup
      ipvs: use adaptive pause in master thread
      ipvs: reduce sync rate with time thresholds
      ipvs: add support for sync threads
      ipvs: optimize the use of flags in ip_vs_bind_dest

Simon Horman (1):
      ipvs: Provide a generic ip_vs_bind_xmit()

 include/linux/ip_vs.h           |    5 +
 include/net/ip_vs.h             |   59 ++++-
 net/netfilter/ipvs/ip_vs_conn.c |   83 ++++--
 net/netfilter/ipvs/ip_vs_core.c |   30 +--
 net/netfilter/ipvs/ip_vs_ctl.c  |   54 ++++-
 net/netfilter/ipvs/ip_vs_sync.c |  585 +++++++++++++++++++++++++--------------
 6 files changed, 547 insertions(+), 269 deletions(-)

Re: [GIT PULL nf-next] IPVS

[Pablo Neira Ayuso]

On Fri, Dec 09, 2011 at 04:13:16PM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> please consider pulling
> git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master
> to obtain and enhancement to the SH scheduelr from Michael Maixim.
> 
> This patch includes the changes that you requested; A note about the
> Kconfig change in the changelog and removal of whitespace-only changes.

Pulled, thanks!

[GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

please consider pulling
git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master
to obtain and enhancement to the SH scheduelr from Michael Maixim.

This patch includes the changes that you requested; A note about the
Kconfig change in the changelog and removal of whitespace-only changes.

Michael Maxim (1):
      IPVS: Modify the SH scheduler to use weights

 net/netfilter/ipvs/Kconfig    |   15 +++++++++++++++
 net/netfilter/ipvs/ip_vs_sh.c |   18 +++++++++++++++++-
 2 files changed, 32 insertions(+), 1 deletions(-)

[GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

please consider pulling
git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master
to obtain and enhancement to the SH scheduelr from Michael Maixim.

Michael Maxim (1):
      IPVS: Modify the SH scheduler to use weights

 net/netfilter/ipvs/Kconfig    |   15 +++++++++++++++
 net/netfilter/ipvs/ip_vs_sh.c |   20 ++++++++++++++++++--
 2 files changed, 33 insertions(+), 2 deletions(-)

Re: [GIT PULL nf-next] IPVS

[Simon Horman]

On Wed, Nov 09, 2011 at 03:36:41PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Nov 09, 2011 at 09:58:07AM +0900, Simon Horman wrote:
> > Hi Pablo,
> > 
> > On Mon, Nov 07, 2011 at 09:29:56AM +0100, Pablo Neira Ayuso wrote:
> > > Hi Simon,
> > > 
> > > On Mon, Nov 07, 2011 at 12:07:01PM +0900, Simon Horman wrote:
> > > > Hi Pablo,
> > > > 
> > > > I am a little confused. The nf-next branch seems to have disappeared.
> > > > 
> > > > Could you consider pulling git://github.com/horms/ipvs-next.git master
> > > > to get the following changes that were in your nf-next branch.
> > > 
> > > I was late to get it into net-next. Since net-next became net after
> > > the 3.1 release, my moved those changes to net to get it into 3.2
> > > once Linus announced that the merge window was opened again.
> > > 
> > > > Or would
> > > > you like me to rebase the ipvs patches (9 or the 11 changes below) on
> > > > top of git://1984.lsi.us.es/net-next/.git master ?
> > > 
> > > They are already in net davem's tree, they will be included in the
> > > upcoming 3.2 release.
> > > 
> > > http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet.git&a=search&h=HEAD&st=commit&s=Neira
> > 
> > Thanks, and sorry for missing that when I checked yesterday.
> > 
> > Could you suggest which tree and branch I should base the master branch of my
> > ipvs and ipvs-next trees on? Their purposes are to provide a reference for
> > people wishing to fix or enhance IPVS and a mechanism to send pull requests to
> > you. As of now I am using the master branch of your net tree for both.
> 
> The 1984.lsi.us.es trees are fine.
> 
> There are no branch yet because I have no patches queued for upstream
> so far. You can use master if you don't see any nf branch, OK?

Ok :)

Re: [GIT PULL nf-next] IPVS

[Pablo Neira Ayuso]

On Wed, Nov 09, 2011 at 09:58:07AM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> On Mon, Nov 07, 2011 at 09:29:56AM +0100, Pablo Neira Ayuso wrote:
> > Hi Simon,
> > 
> > On Mon, Nov 07, 2011 at 12:07:01PM +0900, Simon Horman wrote:
> > > Hi Pablo,
> > > 
> > > I am a little confused. The nf-next branch seems to have disappeared.
> > > 
> > > Could you consider pulling git://github.com/horms/ipvs-next.git master
> > > to get the following changes that were in your nf-next branch.
> > 
> > I was late to get it into net-next. Since net-next became net after
> > the 3.1 release, my moved those changes to net to get it into 3.2
> > once Linus announced that the merge window was opened again.
> > 
> > > Or would
> > > you like me to rebase the ipvs patches (9 or the 11 changes below) on
> > > top of git://1984.lsi.us.es/net-next/.git master ?
> > 
> > They are already in net davem's tree, they will be included in the
> > upcoming 3.2 release.
> > 
> > http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet.git&a=search&h=HEAD&st=commit&s=Neira
> 
> Thanks, and sorry for missing that when I checked yesterday.
> 
> Could you suggest which tree and branch I should base the master branch of my
> ipvs and ipvs-next trees on? Their purposes are to provide a reference for
> people wishing to fix or enhance IPVS and a mechanism to send pull requests to
> you. As of now I am using the master branch of your net tree for both.

The 1984.lsi.us.es trees are fine.

There are no branch yet because I have no patches queued for upstream
so far. You can use master if you don't see any nf branch, OK?

Re: [GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

On Mon, Nov 07, 2011 at 09:29:56AM +0100, Pablo Neira Ayuso wrote:
> Hi Simon,
> 
> On Mon, Nov 07, 2011 at 12:07:01PM +0900, Simon Horman wrote:
> > Hi Pablo,
> > 
> > I am a little confused. The nf-next branch seems to have disappeared.
> > 
> > Could you consider pulling git://github.com/horms/ipvs-next.git master
> > to get the following changes that were in your nf-next branch.
> 
> I was late to get it into net-next. Since net-next became net after
> the 3.1 release, my moved those changes to net to get it into 3.2
> once Linus announced that the merge window was opened again.
> 
> > Or would
> > you like me to rebase the ipvs patches (9 or the 11 changes below) on
> > top of git://1984.lsi.us.es/net-next/.git master ?
> 
> They are already in net davem's tree, they will be included in the
> upcoming 3.2 release.
> 
> http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet.git&a=search&h=HEAD&st=commit&s=Neira

Thanks, and sorry for missing that when I checked yesterday.

Could you suggest which tree and branch I should base the master branch of my
ipvs and ipvs-next trees on? Their purposes are to provide a reference for
people wishing to fix or enhance IPVS and a mechanism to send pull requests to
you. As of now I am using the master branch of your net tree for both.

Re: [GIT PULL nf-next] IPVS

[Pablo Neira Ayuso]

Hi Simon,

On Mon, Nov 07, 2011 at 12:07:01PM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> I am a little confused. The nf-next branch seems to have disappeared.
> 
> Could you consider pulling git://github.com/horms/ipvs-next.git master
> to get the following changes that were in your nf-next branch.

I was late to get it into net-next. Since net-next became net after
the 3.1 release, my moved those changes to net to get it into 3.2
once Linus announced that the merge window was opened again.

> Or would
> you like me to rebase the ipvs patches (9 or the 11 changes below) on
> top of git://1984.lsi.us.es/net-next/.git master ?

They are already in net davem's tree, they will be included in the
upcoming 3.2 release.

http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet.git&a=search&h=HEAD&st=commit&s=Neira

Re: [GIT PULL nf-next] IPVS

[Simon Horman]

On Fri, Oct 21, 2011 at 09:27:15AM +0200, Pablo Neira Ayuso wrote:
> On Fri, Oct 21, 2011 at 10:33:01AM +0900, Simon Horman wrote:
> > Hi Pablo,
> > 
> > please consider pulling the following to get compile fix
> > and cleanup patches from Krzysztof Wilczynski.
> > 
> > The following changes since commit 2ca5b853f1dd81c605ddc8a55e06bdad85636597:
> > 
> >   netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h (2011-10-11 03:32:34 +0200)
> > 
> > are available in the git repository at:
> >   git://github.com/horms/ipvs-next.git master
> 
> Pulled, thanks.
> 
> http://1984.lsi.us.es/git/?p=net-next/.git;a=shortlog;h=refs/heads/nf-next
> 
> > Krzysztof Wilczynski (2):
> >       ipvs: Remove unused variable "cs" from ip_vs_leave function.
> >       ipvs: Fix compilation error in ip_vs.h for ip_vs_confirm_conntrack function.
> 
> Strange, I have all IPVS configs enabled here and I didn't hit this error.

Hi Pablo,

I am a little confused. The nf-next branch seems to have disappeared.

Could you consider pulling git://github.com/horms/ipvs-next.git master
to get the following changes that were in your nf-next branch. Or would
you like me to rebase the ipvs patches (9 or the 11 changes below) on
top of git://1984.lsi.us.es/net-next/.git master ?

------

The following changes since commit a9e9fd7182332d0cf5f3e601df3e71dd431b70d7:

  skge: handle irq better on single port card (2011-09-27 13:41:37 -0400)

are available in the git repository at:
  git://github.com/horms/ipvs-next.git master

Joe Perches (1):
      netfilter: Remove unnecessary OOM logging messages

Krzysztof Wilczynski (3):
      ipvs: Expose ip_vs_ftp module parameters via sysfs.
      ipvs: Remove unused variable "cs" from ip_vs_leave function.
      ipvs: Fix compilation error in ip_vs.h for ip_vs_confirm_conntrack function.

Pablo Neira Ayuso (1):
      netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h

Simon Horman (6):
      ipvs: Add documentation for new sysctl entries
      ipvs: Remove unused parameter from ip_vs_confirm_conntrack()
      ipvs: Remove unused return value of protocol state transitions
      ipvs: Removed unused variables
      ipvs: secure_tcp does provide alternate state timeouts
      ipvs: Enhance grammar used to refer to Kconfig options

 Documentation/networking/ipvs-sysctl.txt   |   62 ++++++++++++++++++++++++---
 include/linux/netfilter_ipv4/Kbuild        |    1 +
 include/linux/netfilter_ipv4/nf_nat.h      |   58 ++++++++++++++++++++++++++
 include/net/ip_vs.h                        |   11 ++---
 include/net/netfilter/nf_conntrack_tuple.h |   27 +------------
 include/net/netfilter/nf_nat.h             |   26 +-----------
 net/bridge/netfilter/ebt_ulog.c            |    7 +--
 net/ipv4/netfilter/ipt_CLUSTERIP.c         |    1 -
 net/ipv4/netfilter/ipt_ULOG.c              |    4 +-
 net/ipv4/netfilter/nf_nat_snmp_basic.c     |   22 +---------
 net/ipv6/netfilter/nf_conntrack_reasm.c    |    7 +--
 net/netfilter/ipset/ip_set_core.c          |    4 +-
 net/netfilter/ipvs/ip_vs_core.c            |   20 ++++-----
 net/netfilter/ipvs/ip_vs_ctl.c             |   22 +++-------
 net/netfilter/ipvs/ip_vs_dh.c              |    5 +-
 net/netfilter/ipvs/ip_vs_ftp.c             |    5 +-
 net/netfilter/ipvs/ip_vs_lblc.c            |    9 +---
 net/netfilter/ipvs/ip_vs_lblcr.c           |   13 ++----
 net/netfilter/ipvs/ip_vs_nfct.c            |    2 +-
 net/netfilter/ipvs/ip_vs_proto.c           |    5 +-
 net/netfilter/ipvs/ip_vs_proto_sctp.c      |   14 ++----
 net/netfilter/ipvs/ip_vs_proto_tcp.c       |    6 +--
 net/netfilter/ipvs/ip_vs_proto_udp.c       |    5 +-
 net/netfilter/ipvs/ip_vs_sh.c              |    5 +-
 net/netfilter/ipvs/ip_vs_wrr.c             |    5 +-
 net/netfilter/ipvs/ip_vs_xmit.c            |    2 +-
 net/netfilter/nf_conntrack_core.c          |    5 +--
 net/netfilter/nfnetlink_log.c              |    7 +--
 net/netfilter/xt_IDLETIMER.c               |    2 -
 net/netfilter/xt_hashlimit.c               |    5 +--
 30 files changed, 178 insertions(+), 189 deletions(-)
 create mode 100644 include/linux/netfilter_ipv4/nf_nat.h

Re: [GIT PULL nf-next] IPVS

[Pablo Neira Ayuso]

On Fri, Oct 21, 2011 at 10:33:01AM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> please consider pulling the following to get compile fix
> and cleanup patches from Krzysztof Wilczynski.
> 
> The following changes since commit 2ca5b853f1dd81c605ddc8a55e06bdad85636597:
> 
>   netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h (2011-10-11 03:32:34 +0200)
> 
> are available in the git repository at:
>   git://github.com/horms/ipvs-next.git master

Pulled, thanks.

http://1984.lsi.us.es/git/?p=net-next/.git;a=shortlog;h=refs/heads/nf-next

> Krzysztof Wilczynski (2):
>       ipvs: Remove unused variable "cs" from ip_vs_leave function.
>       ipvs: Fix compilation error in ip_vs.h for ip_vs_confirm_conntrack function.

Strange, I have all IPVS configs enabled here and I didn't hit this error.

[GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

please consider pulling the following to get compile fix
and cleanup patches from Krzysztof Wilczynski.

The following changes since commit 2ca5b853f1dd81c605ddc8a55e06bdad85636597:

  netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h (2011-10-11 03:32:34 +0200)

are available in the git repository at:
  git://github.com/horms/ipvs-next.git master

Krzysztof Wilczynski (2):
      ipvs: Remove unused variable "cs" from ip_vs_leave function.
      ipvs: Fix compilation error in ip_vs.h for ip_vs_confirm_conntrack function.

 include/net/ip_vs.h             |    2 +-
 net/netfilter/ipvs/ip_vs_core.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Re: [GIT PULL nf-next] IPVS

[Pablo Neira Ayuso]

On Sat, Oct 01, 2011 at 12:34:17PM +0900, Simon Horman wrote:
> Hi Pablo,
> 
> please consider pulling the following to get some
> documentation changes from myself.
> 
> The following changes since commit 6fa4dec85e199f31774faf29be26a53329d02e9e:
> 
>   ipvs: Removed unused variables (2011-09-28 21:09:24 +0200)
> 
> are available in the git repository at:
>   git@github.com:horms/ipvs-next.git master
> 
> Simon Horman (2):
>       IPVS: secure_tcp does provide alternate state timeouts
>       IPVS: Enhance grammar used to refer to Kconfig options
> 
>  Documentation/networking/ipvs-sysctl.txt |   14 ++++++--------

Pulled, thanks Simon.

http://1984.lsi.us.es/git/?p=net-next/.git;a=shortlog;h=refs/heads/nf-next

[GIT PULL nf-next] IPVS

[Simon Horman]

Hi Pablo,

please consider pulling the following to get some
documentation changes from myself.

The following changes since commit 6fa4dec85e199f31774faf29be26a53329d02e9e:

  ipvs: Removed unused variables (2011-09-28 21:09:24 +0200)

are available in the git repository at:
  git@github.com:horms/ipvs-next.git master

Simon Horman (2):
      IPVS: secure_tcp does provide alternate state timeouts
      IPVS: Enhance grammar used to refer to Kconfig options

 Documentation/networking/ipvs-sysctl.txt |   14 ++++++--------
 1 files changed, 6 insertions(+), 8 deletions(-)