lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 12 Jun 2008 11:45:48 +1000
From:	Simon Horman <horms@...ge.net.au>
To:	Vince Busam <vbusam@...gle.com>
Cc:	Ben Greear <greearb@...delatech.com>,
	Julius Volz <juliusv@...gle.com>,
	Patrick McHardy <kaber@...sh.net>, lvs-devel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH 00/26] IPVS: Add first IPv6 support to IPVS.

On Wed, Jun 11, 2008 at 03:26:06PM -0700, Vince Busam wrote:
> Ben Greear wrote:
>> You can have the kernel ignore any data it doesn't understand (ie, if  
>> struct is 24 bytes,
>> but the kernel expects 20 bytes, just ignore the last 4).  This way it  
>> should
>> work with newer binaries.
>
> Currently, the IPVS code specifically checks that length, so all kernels  
> up to now won't play well with any changes to the structs.

Adding new features to IPVS that require ipvsadm to be extended
has always been problematic due to the set/getsockopt interface
that is used.

A long time ago, before this code was merged into the kernel, the
interface changed quite a lot and this was painful. There was an
assumption that ipvsadm and kernel versions needed to match,
and the version checking code was added basically to stop people
shooting themselves in the foot. It was quite successful at that.

Eventially the changes settled down, and for the past few years they
have been very infrequent.  But the problem that the interface isn't
really extendable and that when changes are made kernel and ipvsadm
versions need to be incremented together remains. For instance, the
Debian package of ipvsadm actually shipps three different ipvsadm
binaries, and a wrapper works out which one to use based on the kernel
version.

I wonder if now would be a good time to bite the bullet and design
a new interface that is extendable.


-- 
Horms

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ