[PATCH 0/4] IPVS: sysctl Documentation and Various Clean-Ups

[PATCH 0/4] IPVS: sysctl Documentation and Various Clean-Ups

[Simon Horman]

Hi,

patch one of this series adds some missing entries to the sysctl
documentation. Julian, I would appreciate a review of this change.

The remaining three patches are minor code clean-ups flagged
by gcc 4.6.1.

My intention for this post is to solicit review.
I intend to post a pull request separately at a later date.

[PATCH 1/4] IPVS: Add documentation for new sysctl entries

[Simon Horman]

Add missing documentation for conntrack, snat_reroute and sync_version.

Also fix up a typo, IPVS_DEBUG should be IP_VS_DEBUG.

Signed-off-by: Simon Horman <horms@verge.net.au>

conntrack
---
 Documentation/networking/ipvs-sysctl.txt |   53 +++++++++++++++++++++++++++++-
 1 files changed, 52 insertions(+), 1 deletions(-)

diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt
index 4ccdbca..5214339 100644
--- a/Documentation/networking/ipvs-sysctl.txt
+++ b/Documentation/networking/ipvs-sysctl.txt
@@ -15,6 +15,23 @@ amemthresh - INTEGER
         enabled and the variable is automatically set to 2, otherwise
         the strategy is disabled and the variable is  set  to 1.
 
+conntrack - BOOLEAN
+	0 - disabled (default)
+	not 0 - enabled
+
+	If set, maintain connection tracking entries for
+	connections handled by IPVS.
+
+	This should be enabled if connections handled by IPVS are to be
+	also handled by stateful firewall rules. That is, iptables rules
+	that make use of connection tracking.  It is a performance
+	optimisation to disable this setting otherwise.
+
+	Connections handled by the IPVS FTP application module
+	will have connection tracking entries regardless of this setting.
+
+	Only available when IPVS is compiled with the CONFIG_IP_VS_NFCT
+
 cache_bypass - BOOLEAN
         0 - disabled (default)
         not 0 - enabled
@@ -39,7 +56,7 @@ debug_level - INTEGER
 	11         - IPVS packet handling (ip_vs_in/ip_vs_out)
 	12 or more - packet traversal
 
-	Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG
+	Only available when IPVS is compiled with the CONFIG_IP_VS_DEBUG
 
 	Higher debugging levels include the messages for lower debugging
 	levels, so setting debug level 2, includes level 0, 1 and 2
@@ -141,3 +158,37 @@ sync_threshold - INTEGER
         synchronized, every time the number of its incoming packets
         modulus 50 equals the threshold. The range of the threshold is
         from 0 to 49.
+
+snat_reroute - BOOLEAN
+	0 - disabled
+	not 0 - enabled (default)
+
+	If enabled, recalculate the route of SNATed packets from
+	realservers so that they are routed as if they originate from the
+	director. Otherwise they are routed as if they are forwarded by the
+	director.
+
+	If policy routing is in effect then it is possible that the route
+	of a packet originating from a director is routed differently to a
+	packet being forwarded by the director.
+
+	If policy routing is not in effect then the recalculated route will
+	always be the same as the original route so it is an optimisation
+	to disable snat_reroute and avoid the recalculation.
+
+sync_version - INTEGER
+	default 1
+
+	The version of the synchronisation protocol used when sending
+	synchronisation messages.
+
+	0 selects the original synchronisation protocol (version 0). This
+	shuold be used Use this when sending synchronisation messages to a
+	legacy system that only understands the original synchronisation
+	protocol.
+
+	1 selects the current synchronisation protocol (version 1). This
+	should be used where possible.
+
+	Kernels with this sync_version entry are able to receive messages
+	of both version 1 and version 2 of the synchronisation protocol.
-- 
1.7.5.4

[PATCH 2/4] IPVS: Remove unused parameter from ip_vs_confirm_conntrack()

[Simon Horman]

Signed-off-by: Simon Horman <horms@verge.net.au>
---
 include/net/ip_vs.h             |    5 ++---
 net/netfilter/ipvs/ip_vs_nfct.c |    2 +-
 net/netfilter/ipvs/ip_vs_xmit.c |    2 +-
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 30b49ed..5207248 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -1371,7 +1371,7 @@ static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
 
 extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
 				   int outin);
-extern int ip_vs_confirm_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp);
+extern int ip_vs_confirm_conntrack(struct sk_buff *skb);
 extern void ip_vs_nfct_expect_related(struct sk_buff *skb, struct nf_conn *ct,
 				      struct ip_vs_conn *cp, u_int8_t proto,
 				      const __be16 port, int from_rs);
@@ -1389,8 +1389,7 @@ static inline void ip_vs_update_conntrack(struct sk_buff *skb,
 {
 }
 
-static inline int ip_vs_confirm_conntrack(struct sk_buff *skb,
-					  struct ip_vs_conn *cp)
+static inline int ip_vs_confirm_conntrack(struct sk_buff *skb);
 {
 	return NF_ACCEPT;
 }
diff --git a/net/netfilter/ipvs/ip_vs_nfct.c b/net/netfilter/ipvs/ip_vs_nfct.c
index f454c80..022e77e 100644
--- a/net/netfilter/ipvs/ip_vs_nfct.c
+++ b/net/netfilter/ipvs/ip_vs_nfct.c
@@ -127,7 +127,7 @@ ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, int outin)
 	nf_conntrack_alter_reply(ct, &new_tuple);
 }
 
-int ip_vs_confirm_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp)
+int ip_vs_confirm_conntrack(struct sk_buff *skb)
 {
 	return nf_conntrack_confirm(skb);
 }
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 6132b21..2820eb7 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -323,7 +323,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest)
 								\
 	(skb)->ipvs_property = 1;				\
 	if (unlikely((cp)->flags & IP_VS_CONN_F_NFCT))		\
-		__ret = ip_vs_confirm_conntrack(skb, cp);	\
+		__ret = ip_vs_confirm_conntrack(skb);		\
 	if (__ret == NF_ACCEPT) {				\
 		nf_reset(skb);					\
 		skb_forward_csum(skb);				\
-- 
1.7.5.4

[PATCH 3/4] IPVS: Remove unused return value of protocol state transitions

[Simon Horman]

Signed-off-by: Simon Horman <horms@verge.net.au>
---
 include/net/ip_vs.h                   |    6 +++---
 net/netfilter/ipvs/ip_vs_core.c       |   13 ++++++-------
 net/netfilter/ipvs/ip_vs_proto_sctp.c |   14 ++++----------
 net/netfilter/ipvs/ip_vs_proto_tcp.c  |    6 ++----
 net/netfilter/ipvs/ip_vs_proto_udp.c  |    5 ++---
 5 files changed, 17 insertions(+), 27 deletions(-)

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 5207248..ec70a0d 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -428,9 +428,9 @@ struct ip_vs_protocol {
 
 	const char *(*state_name)(int state);
 
-	int (*state_transition)(struct ip_vs_conn *cp, int direction,
-				const struct sk_buff *skb,
-				struct ip_vs_proto_data *pd);
+	void (*state_transition)(struct ip_vs_conn *cp, int direction,
+				 const struct sk_buff *skb,
+				 struct ip_vs_proto_data *pd);
 
 	int (*register_app)(struct net *net, struct ip_vs_app *inc);
 
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 0e4422b..c1ec85d 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -188,14 +188,13 @@ ip_vs_conn_stats(struct ip_vs_conn *cp, struct ip_vs_service *svc)
 }
 
 
-static inline int
+static inline void
 ip_vs_set_state(struct ip_vs_conn *cp, int direction,
 		const struct sk_buff *skb,
 		struct ip_vs_proto_data *pd)
 {
-	if (unlikely(!pd->pp->state_transition))
-		return 0;
-	return pd->pp->state_transition(cp, direction, skb, pd);
+	if (likely(pd->pp->state_transition))
+		pd->pp->state_transition(cp, direction, skb, pd);
 }
 
 static inline int
@@ -557,7 +556,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
 		ip_vs_in_stats(cp, skb);
 
 		/* set state */
-		cs = ip_vs_set_state(cp, IP_VS_DIR_INPUT, skb, pd);
+		ip_vs_set_state(cp, IP_VS_DIR_INPUT, skb, pd);
 
 		/* transmit the first SYN packet */
 		ret = cp->packet_xmit(skb, cp, pd->pp);
@@ -1507,7 +1506,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
 	struct ip_vs_protocol *pp;
 	struct ip_vs_proto_data *pd;
 	struct ip_vs_conn *cp;
-	int ret, restart, pkts;
+	int ret, pkts;
 	struct netns_ipvs *ipvs;
 
 	/* Already marked as IPVS request or reply? */
@@ -1605,7 +1604,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
 	}
 
 	ip_vs_in_stats(cp, skb);
-	restart = ip_vs_set_state(cp, IP_VS_DIR_INPUT, skb, pd);
+	ip_vs_set_state(cp, IP_VS_DIR_INPUT, skb, pd);
 	if (cp->packet_xmit)
 		ret = cp->packet_xmit(skb, cp, pp);
 		/* do not touch skb anymore */
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index b027ccc..df9f13b 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -906,7 +906,7 @@ static const char *sctp_state_name(int state)
 	return "?";
 }
 
-static inline int
+static inline void
 set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp,
 		int direction, const struct sk_buff *skb)
 {
@@ -924,7 +924,7 @@ set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp,
 	sch = skb_header_pointer(skb, ihl + sizeof(sctp_sctphdr_t),
 				sizeof(_sctpch), &_sctpch);
 	if (sch == NULL)
-		return 0;
+		return;
 
 	chunk_type = sch->type;
 	/*
@@ -993,21 +993,15 @@ set_sctp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp,
 		cp->timeout = pd->timeout_table[cp->state = next_state];
 	else	/* What to do ? */
 		cp->timeout = sctp_timeouts[cp->state = next_state];
-
-	return 1;
 }
 
-static int
+static void
 sctp_state_transition(struct ip_vs_conn *cp, int direction,
 		const struct sk_buff *skb, struct ip_vs_proto_data *pd)
 {
-	int ret = 0;
-
 	spin_lock(&cp->lock);
-	ret = set_sctp_state(pd, cp, direction, skb);
+	set_sctp_state(pd, cp, direction, skb);
 	spin_unlock(&cp->lock);
-
-	return ret;
 }
 
 static inline __u16 sctp_app_hashkey(__be16 port)
diff --git a/net/netfilter/ipvs/ip_vs_proto_tcp.c b/net/netfilter/ipvs/ip_vs_proto_tcp.c
index c0cc341..ef8641f 100644
--- a/net/netfilter/ipvs/ip_vs_proto_tcp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_tcp.c
@@ -546,7 +546,7 @@ set_tcp_state(struct ip_vs_proto_data *pd, struct ip_vs_conn *cp,
 /*
  *	Handle state transitions
  */
-static int
+static void
 tcp_state_transition(struct ip_vs_conn *cp, int direction,
 		     const struct sk_buff *skb,
 		     struct ip_vs_proto_data *pd)
@@ -561,13 +561,11 @@ tcp_state_transition(struct ip_vs_conn *cp, int direction,
 
 	th = skb_header_pointer(skb, ihl, sizeof(_tcph), &_tcph);
 	if (th == NULL)
-		return 0;
+		return;
 
 	spin_lock(&cp->lock);
 	set_tcp_state(pd, cp, direction, th);
 	spin_unlock(&cp->lock);
-
-	return 1;
 }
 
 static inline __u16 tcp_app_hashkey(__be16 port)
diff --git a/net/netfilter/ipvs/ip_vs_proto_udp.c b/net/netfilter/ipvs/ip_vs_proto_udp.c
index f1282cb..f4b7262 100644
--- a/net/netfilter/ipvs/ip_vs_proto_udp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_udp.c
@@ -454,18 +454,17 @@ static const char * udp_state_name(int state)
 	return udp_state_name_table[state] ? udp_state_name_table[state] : "?";
 }
 
-static int
+static void
 udp_state_transition(struct ip_vs_conn *cp, int direction,
 		     const struct sk_buff *skb,
 		     struct ip_vs_proto_data *pd)
 {
 	if (unlikely(!pd)) {
 		pr_err("UDP no ns data\n");
-		return 0;
+		return;
 	}
 
 	cp->timeout = pd->timeout_table[IP_VS_UDP_S_NORMAL];
-	return 1;
 }
 
 static void __udp_init(struct net *net, struct ip_vs_proto_data *pd)
-- 
1.7.5.4

[PATCH 4/4] IPVS: Removed unused variables

[Simon Horman]

ipvs is not used in ip_vs_genl_set_cmd() or ip_vs_genl_get_cmd()

Signed-off-by: Simon Horman <horms@verge.net.au>
---
 net/netfilter/ipvs/ip_vs_ctl.c |    4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 36f4495..f10a903 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3194,10 +3194,8 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
 	int ret = 0, cmd;
 	int need_full_svc = 0, need_full_dest = 0;
 	struct net *net;
-	struct netns_ipvs *ipvs;
 
 	net = skb_sknet(skb);
-	ipvs = net_ipvs(net);
 	cmd = info->genlhdr->cmd;
 
 	mutex_lock(&__ip_vs_mutex);
@@ -3307,10 +3305,8 @@ static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct genl_info *info)
 	void *reply;
 	int ret, cmd, reply_cmd;
 	struct net *net;
-	struct netns_ipvs *ipvs;
 
 	net = skb_sknet(skb);
-	ipvs = net_ipvs(net);
 	cmd = info->genlhdr->cmd;
 
 	if (cmd == IPVS_CMD_GET_SERVICE)
-- 
1.7.5.4

Re: [PATCH 0/4] IPVS: sysctl Documentation and Various Clean-Ups

[Julian Anastasov]

	Hello,

On Mon, 26 Sep 2011, Simon Horman wrote:

> Hi,
> 
> patch one of this series adds some missing entries to the sysctl
> documentation. Julian, I would appreciate a review of this change.

Acked-by: Julian Anastasov <ja@ssi.bg>

	for all changes, with one minor problem in patch 1
for sync_version: 'sh[uo]ld be used [Use this ]when'

> The remaining three patches are minor code clean-ups flagged
> by gcc 4.6.1.
> 
> My intention for this post is to solicit review.
> I intend to post a pull request separately at a later date.

Regards

--
Julian Anastasov <ja@ssi.bg>

Re: [PATCH 0/4] IPVS: sysctl Documentation and Various Clean-Ups

[Hans Schillstrom]

Hello Simon

On Monday, September 26, 2011 03:23:49 Simon Horman wrote:
> Hi,
> 
> patch one of this series adds some missing entries to the sysctl
> documentation. Julian, I would appreciate a review of this change.
> 
> The remaining three patches are minor code clean-ups flagged
> by gcc 4.6.1.
> 
> My intention for this post is to solicit review.
> I intend to post a pull request separately at a later date.
> 

Your patches looks fine to me,
you can have mine ack as well

Acked-by Hans Schillstrom <hans@schillstrom.com>

I have two small pending patches,  Deadlock and lockdep fixes. 
Hopefully the patches will be ready this week. The deadlock is a tricky bastard to fix. 

Regards
Hans

Re: [PATCH 0/4] IPVS: sysctl Documentation and Various Clean-Ups

[Simon Horman]

On Mon, Sep 26, 2011 at 08:43:17AM +0200, Hans Schillstrom wrote:
> Hello Simon
> 
> On Monday, September 26, 2011 03:23:49 Simon Horman wrote:
> > Hi,
> > 
> > patch one of this series adds some missing entries to the sysctl
> > documentation. Julian, I would appreciate a review of this change.
> > 
> > The remaining three patches are minor code clean-ups flagged
> > by gcc 4.6.1.
> > 
> > My intention for this post is to solicit review.
> > I intend to post a pull request separately at a later date.
> > 
> 
> Your patches looks fine to me,
> you can have mine ack as well
> 
> Acked-by Hans Schillstrom <hans@schillstrom.com>
> 
> I have two small pending patches,  Deadlock and lockdep fixes. 
> Hopefully the patches will be ready this week. The deadlock is a tricky bastard to fix. 

Ok. I will try and send a pull request to Patrick before then,
but feel free to send the patches any time. Do you expect
they will be -stable material?

Re: [PATCH 0/4] IPVS: sysctl Documentation and Various Clean-Ups

[Simon Horman]

On Mon, Sep 26, 2011 at 08:39:02AM +0300, Julian Anastasov wrote:
> 
> 	Hello,
> 
> On Mon, 26 Sep 2011, Simon Horman wrote:
> 
> > Hi,
> > 
> > patch one of this series adds some missing entries to the sysctl
> > documentation. Julian, I would appreciate a review of this change.
> 
> Acked-by: Julian Anastasov <ja@ssi.bg>
> 
> 	for all changes, with one minor problem in patch 1
> for sync_version: 'sh[uo]ld be used [Use this ]when'

Thanks, fixed.

Re: [PATCH 1/4] IPVS: Add documentation for new sysctl entries

[Randy Dunlap]

On 09/25/2011 06:23 PM, Simon Horman wrote:
> Add missing documentation for conntrack, snat_reroute and sync_version.
> 
> Also fix up a typo, IPVS_DEBUG should be IP_VS_DEBUG.
> 
> Signed-off-by: Simon Horman <horms@verge.net.au>
> 
> conntrack
> ---
>  Documentation/networking/ipvs-sysctl.txt |   53 +++++++++++++++++++++++++++++-
>  1 files changed, 52 insertions(+), 1 deletions(-)
> 
> diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt
> index 4ccdbca..5214339 100644
> --- a/Documentation/networking/ipvs-sysctl.txt
> +++ b/Documentation/networking/ipvs-sysctl.txt
> @@ -15,6 +15,23 @@ amemthresh - INTEGER
>          enabled and the variable is automatically set to 2, otherwise
>          the strategy is disabled and the variable is  set  to 1.
>  
> +conntrack - BOOLEAN
> +	0 - disabled (default)
> +	not 0 - enabled
> +
> +	If set, maintain connection tracking entries for
> +	connections handled by IPVS.
> +
> +	This should be enabled if connections handled by IPVS are to be
> +	also handled by stateful firewall rules. That is, iptables rules
> +	that make use of connection tracking.  It is a performance
> +	optimisation to disable this setting otherwise.
> +
> +	Connections handled by the IPVS FTP application module
> +	will have connection tracking entries regardless of this setting.
> +
> +	Only available when IPVS is compiled with the CONFIG_IP_VS_NFCT

seems to be missing something.  Maybe

	Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled.
or
	Only available when IPVS is compiled with the CONFIG_IP_VS_NFCT
	symbol enabled.

> +
>  cache_bypass - BOOLEAN
>          0 - disabled (default)
>          not 0 - enabled
> @@ -39,7 +56,7 @@ debug_level - INTEGER
>  	11         - IPVS packet handling (ip_vs_in/ip_vs_out)
>  	12 or more - packet traversal
>  
> -	Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG
> +	Only available when IPVS is compiled with the CONFIG_IP_VS_DEBUG

	                                     with CONFIG_IP_VS_DEBUG enabled.

>  
>  	Higher debugging levels include the messages for lower debugging
>  	levels, so setting debug level 2, includes level 0, 1 and 2


-- 
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***

Re: [PATCH 1/4] IPVS: Add documentation for new sysctl entries

[Simon Horman]

On Mon, Sep 26, 2011 at 10:16:41AM -0700, Randy Dunlap wrote:
> On 09/25/2011 06:23 PM, Simon Horman wrote:
> > Add missing documentation for conntrack, snat_reroute and sync_version.
> > 
> > Also fix up a typo, IPVS_DEBUG should be IP_VS_DEBUG.
> > 
> > Signed-off-by: Simon Horman <horms@verge.net.au>
> > 
> > conntrack
> > ---
> >  Documentation/networking/ipvs-sysctl.txt |   53 +++++++++++++++++++++++++++++-
> >  1 files changed, 52 insertions(+), 1 deletions(-)
> > 
> > diff --git a/Documentation/networking/ipvs-sysctl.txt b/Documentation/networking/ipvs-sysctl.txt
> > index 4ccdbca..5214339 100644
> > --- a/Documentation/networking/ipvs-sysctl.txt
> > +++ b/Documentation/networking/ipvs-sysctl.txt
> > @@ -15,6 +15,23 @@ amemthresh - INTEGER
> >          enabled and the variable is automatically set to 2, otherwise
> >          the strategy is disabled and the variable is  set  to 1.
> >  
> > +conntrack - BOOLEAN
> > +	0 - disabled (default)
> > +	not 0 - enabled
> > +
> > +	If set, maintain connection tracking entries for
> > +	connections handled by IPVS.
> > +
> > +	This should be enabled if connections handled by IPVS are to be
> > +	also handled by stateful firewall rules. That is, iptables rules
> > +	that make use of connection tracking.  It is a performance
> > +	optimisation to disable this setting otherwise.
> > +
> > +	Connections handled by the IPVS FTP application module
> > +	will have connection tracking entries regardless of this setting.
> > +
> > +	Only available when IPVS is compiled with the CONFIG_IP_VS_NFCT
> 
> seems to be missing something.  Maybe
> 
> 	Only available when IPVS is compiled with CONFIG_IP_VS_NFCT enabled.
> or
> 	Only available when IPVS is compiled with the CONFIG_IP_VS_NFCT
> 	symbol enabled.
> 
> > +
> >  cache_bypass - BOOLEAN
> >          0 - disabled (default)
> >          not 0 - enabled
> > @@ -39,7 +56,7 @@ debug_level - INTEGER
> >  	11         - IPVS packet handling (ip_vs_in/ip_vs_out)
> >  	12 or more - packet traversal
> >  
> > -	Only available when IPVS is compiled with the CONFIG_IPVS_DEBUG
> > +	Only available when IPVS is compiled with the CONFIG_IP_VS_DEBUG
> 
> 	                                     with CONFIG_IP_VS_DEBUG enabled.
> 
> >  
> >  	Higher debugging levels include the messages for lower debugging
> >  	levels, so setting debug level 2, includes level 0, 1 and 2

Thanks Randy,

I was just blindly copying the existing language.
I'll make a follow up patch which incorporates your suggestions.