From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 10/16] ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf
Date: Wed, 28 Nov 2018 11:17:35 +0100 [thread overview]
Message-ID: <20181128101741.20924-11-pablo@netfilter.org> (raw)
In-Reply-To: <20181128101741.20924-1-pablo@netfilter.org>
From: Xin Long <lucien.xin@gmail.com>
ip_vs_dst_event is supposed to clean up all dst used in ipvs'
destinations when a net dev is going down. But it works only
when the dst's dev is the same as the dev from the event.
Now with the same priority but late registration,
ip_vs_dst_notifier is always called later than ipv6_dev_notf
where the dst's dev is set to lo for NETDEV_DOWN event.
As the dst's dev lo is not the same as the dev from the event
in ip_vs_dst_event, ip_vs_dst_notifier doesn't actually work.
Also as these dst have to wait for dest_trash_timer to clean
them up. It would cause some non-permanent kernel warnings:
unregister_netdevice: waiting for br0 to become free. Usage count = 3
To fix it, call ip_vs_dst_notifier earlier than ipv6_dev_notf
by increasing its priority to ADDRCONF_NOTIFY_PRIORITY + 5.
Note that for ipv4 route fib_netdev_notifier doesn't set dst's
dev to lo in NETDEV_DOWN event, so this fix is only needed when
IP_VS_IPV6 is defined.
Fixes: 7a4f0761fce3 ("IPVS: init and cleanup restructuring")
Reported-by: Li Shuang <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/ipvs/ip_vs_ctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 83395bf6dc35..432141f04af3 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -3980,6 +3980,9 @@ static void __net_exit ip_vs_control_net_cleanup_sysctl(struct netns_ipvs *ipvs)
static struct notifier_block ip_vs_dst_notifier = {
.notifier_call = ip_vs_dst_event,
+#ifdef CONFIG_IP_VS_IPV6
+ .priority = ADDRCONF_NOTIFY_PRIORITY + 5,
+#endif
};
int __net_init ip_vs_control_net_init(struct netns_ipvs *ipvs)
--
2.11.0
next prev parent reply other threads:[~2018-11-28 21:19 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-28 10:17 [PATCH 00/16] Netfilter fixes for net Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 01/16] netfilter: nf_conncount: use spin_lock_bh instead of spin_lock Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 02/16] netfilter: nf_conncount: fix list_del corruption in conn_free Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 03/16] netfilter: nf_conncount: fix unexpected permanent node of list Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 04/16] netfilter: nf_tables: don't skip inactive chains during update Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 05/16] selftests: add script to stress-test nft packet path vs. control plane Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 06/16] netfilter: nf_tables: don't use position attribute on rule replacement Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 07/16] netfilter: xt_RATEEST: remove netns exit routine Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 08/16] netfilter: nf_tables: fix use-after-free when deleting compat expressions Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 09/16] netfilter: xt_hashlimit: fix a possible memory leak in htable_create() Pablo Neira Ayuso
2018-11-28 16:04 ` Sergei Shtylyov
2018-11-28 10:17 ` Pablo Neira Ayuso [this message]
2018-11-28 10:17 ` [PATCH 11/16] netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 12/16] netfilter: ipv6: Preserve link scope traffic original oif Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 13/16] netfilter: add missing error handling code for register functions Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 14/16] netfilter: nat: fix double register in masquerade modules Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 15/16] netfilter: nf_conncount: remove wrong condition check routine Pablo Neira Ayuso
2018-11-28 10:17 ` [PATCH 16/16] netfilter: nf_tables: deactivate expressions in rule replecement routine Pablo Neira Ayuso
2018-11-28 19:03 ` [PATCH 00/16] Netfilter fixes for net David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181128101741.20924-11-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.