LVS changes in Linux 2.6.36

[Simon Horman <horms@xxxxxxxxxxxx>]

Hi,

In an effort to keep people up to date about changes
to LVS I am trying to write a summary of changes each
time a new kernel is released.

In 2.6.35 (released on the 20th October 2010):

* Features
  - Full NAT
  - One packet Scheduling

----------------------------------------------------------------------

The following commands were used to generate data for this report:

$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
$ cd linux-2.6
$ git log --no-merges v2.6.35..v2.6.36 \
        include/net/ip_vs.h include/linux/ip_vs.h net/netfilter/ipvs/

commit 6523ce1525e88c598c75a1a6b8c4edddfa9defe8
Author: Julian Anastasov <ja@xxxxxx>
Date:   Sun Sep 5 18:02:29 2010 +0000

    ipvs: fix active FTP
    
    - Do not create expectation when forwarding the PORT
      command to avoid blocking the connection. The problem is that
      nf_conntrack_ftp.c:help() tries to create the same expectation later in
      POST_ROUTING and drops the packet with "dropping packet" message after
      failure in nf_ct_expect_related.
    
    - Change ip_vs_update_conntrack to alter the conntrack
      for related connections from real server. If we do not alter the reply in
      this direction the next packet from client sent to vport 20 comes as NEW
      connection. We alter it but may be some collision happens for both
      conntracks and the second conntrack gets destroyed immediately. The
      connection stucks too.
    
    Signed-off-by: Julian Anastasov <ja@xxxxxx>
    Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>

commit 7bcbf81a2296a8f71342445560dcbe16100b567c
Author: Julian Anastasov <ja@xxxxxx>
Date:   Wed Sep 1 23:07:10 2010 +0000

    ipvs: avoid oops for passive FTP
    
    Fix Passive FTP problem in ip_vs_ftp:
    
    - Do not oops in nf_nat_set_seq_adjust (adjust_tcp_sequence) when
      iptable_nat module is not loaded
    
    Signed-off-by: Julian Anastasov <ja@xxxxxx>
    Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>

commit 5c0d2374a16fcb52096df914ee57720987677be5
Author: Simon Horman <horms@xxxxxxxxxxxx>
Date:   Mon Aug 2 17:12:44 2010 +0200

    ipvs: provide default ip_vs_conn_{in,out}_get_proto
    
    This removes duplicate code by providing a default implementation
    which is used by 3 of the 4 modules that provide these call.
    
    Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

commit 2890a1573d1ae859a4d77e2fdbecacf21f96c0db
Author: Simon Horman <horms@xxxxxxxxxxxx>
Date:   Mon Aug 2 17:08:11 2010 +0200

    ipvs: remove EXPERIMENTAL tag
    
    IPVS was merged into the kernel quite a long time ago and
    has been seeing wide-spread production use for even longer.
    
    It seems appropriate for it to be no longer tagged as EXPERIMENTAL
    
    Signed-off-as: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

commit 7f1c407579519e71a0dcadc05614fd98acec585e
Author: Hannes Eder <heder@xxxxxxxxxx>
Date:   Fri Jul 23 12:48:52 2010 +0200

    IPVS: make FTP work with full NAT support
    
    Use nf_conntrack/nf_nat code to do the packet mangling and the TCP
    sequence adjusting.  The function 'ip_vs_skb_replace' is now dead
    code, so it is removed.
    
    To SNAT FTP, use something like:
    
    % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \
        --vport 21 -j SNAT --to-source 192.168.10.10
    and for the data connections in passive mode:
    
    % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \
        --vportctl 21 -j SNAT --to-source 192.168.10.10
    using '-m state --state RELATED' would also works.
    
    Make sure the kernel modules ip_vs_ftp, nf_conntrack_ftp, and
    nf_nat_ftp are loaded.
    
    [ up-port and minor fixes by Simon Horman <horms@xxxxxxxxxxxx> ]
    Signed-off-by: Hannes Eder <heder@xxxxxxxxxx>
    Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

commit 7b215ffc3885a38182d3d49ceb41d0a81c3e041a
Author: Hannes Eder <heder@xxxxxxxxxx>
Date:   Fri Jul 23 12:46:32 2010 +0200

    IPVS: make friends with nf_conntrack
    
    Update the nf_conntrack tuple in reply direction, as we will see
    traffic from the real server (RIP) to the client (CIP).  Once this is
    done we can use netfilters SNAT in POSTROUTING, especially with
    xt_ipvs, to do source NAT, e.g.:
    
    % iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 --vport 
80 \
                  -j SNAT --to-source 192.168.10.10
    
    [ minor fixes by Simon Horman <horms@xxxxxxxxxxxx> ]
    Signed-off-by: Hannes Eder <heder@xxxxxxxxxx>
    Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

commit 9c3e1c39679144c250dda95098333ecb5f1f407a
Author: Hannes Eder <heder@xxxxxxxxxx>
Date:   Fri Jul 23 12:42:58 2010 +0200

    netfilter: xt_ipvs (netfilter matcher for IPVS)
    
    This implements the kernel-space side of the netfilter matcher xt_ipvs.
    
    [ minor fixes by Simon Horman <horms@xxxxxxxxxxxx> ]
    Signed-off-by: Hannes Eder <heder@xxxxxxxxxx>
    Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
    [ Patrick: added xt_ipvs.h to Kbuild ]
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

commit 8a0acaac807ec3fcb7b5a895c6bbb8e8b61e6275
Author: Xiaoyu Du <tingsrain@xxxxxxxxx>
Date:   Fri Jul 9 17:27:47 2010 +0200

    ipvs: lvs sctp protocol handler is incorrectly invoked ip_vs_app_pkt_out
    
    lvs sctp protocol handler is incorrectly invoked ip_vs_app_pkt_out
    Since there's no sctp helpers at present, it does the same thing as
    ip_vs_app_pkt_in.
    
    Signed-off-by: Xiaoyu Du <tingsrain@xxxxxxxxx>
    Acked-by: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

commit 72c7664f9278b31fcf6b7828c1417caca5b68104
Author: Michal Marek <mmarek@xxxxxxx>
Date:   Mon Jul 5 10:42:37 2010 +0200

    ipvs: Kconfig cleanup
    
    IP_VS_PROTO_AH_ESP should be set iff either of IP_VS_PROTO_{AH,ESP} is
    selected. Express this with standard kconfig syntax.
    
    Signed-off-by: Michal Marek <mmarek@xxxxxxx>
    Acked-by: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

commit 26ec037f9841e49cc5c615deb8e1e73e5beab2ca
Author: Nick Chalk <nick@xxxxxxxxxxxxxxxx>
Date:   Tue Jun 22 08:07:01 2010 +0200

    IPVS: one-packet scheduling
    
    Allow one-packet scheduling for UDP connections. When the fwmark-based or
    normal virtual service is marked with '-o' or '--ops' options all
    connections are created only to schedule one packet. Useful to schedule UDP
    packets from same client port to different real servers. Recommended with
    RR or WRR schedulers (the connections are not visible with ipvsadm -L).
    
    Signed-off-by: Nick Chalk <nick@xxxxxxxxxxxxxxxx>
    Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

commit 421f91d21ad6f799dc7b489bb33cc560ccc56f98
Author: Uwe Kleine-König <u.kleine-koenig@xxxxxxxxxxxxxx>
Date:   Fri Jun 11 12:17:00 2010 +0200

    fix typos concerning "initiali[zs]e"
    
    Signed-off-by: Uwe Kleine-König <u.kleine-koenig@xxxxxxxxxxxxxx>
    Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>

commit d8d1f30b95a635dbd610dcc5eb641aca8f4768cf
Author: Changli Gao <xiaosuo@xxxxxxxxx>
Date:   Thu Jun 10 23:31:35 2010 -0700

    net-next: remove useless union keyword
    
    remove useless union keyword in rtable, rt6_info and dn_route.
    
    Since there is only one member in a union, the union keyword isn't useful.
    
    Signed-off-by: Changli Gao <xiaosuo@xxxxxxxxx>
    Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html