lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 13 Jun 2008 16:26:23 +1000
From:	Simon Horman <horms@...ge.net.au>
To:	Julius Volz <juliusv@...gle.com>
Cc:	Patrick McHardy <kaber@...sh.net>, Vince Busam <vbusam@...gle.com>,
	Ben Greear <greearb@...delatech.com>,
	lvs-devel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH 00/26] IPVS: Add first IPv6 support to IPVS.

On Thu, Jun 12, 2008 at 09:33:27PM +0200, Julius Volz wrote:
> On Thu, Jun 12, 2008, Patrick McHardy <kaber@...sh.net> wrote:
> > Julius Volz wrote:
> >> Ah, that's what I thought... Are there any simple kernel examples with
> >> userspace counterparts to look at? I know iproute2 uses netlink, but
> >> it seems like a rather complicated example.
> >
> > For nfnetlink: net/netfilter/nf_conntrack_netlink.c and
> > libnfnetlink_conntrack from git.netfilter.org.
> 
> Thanks!
> 
> >> Genetlink seems especially nice, although I couldn't find a general
> >> explanation of it other than in git history.
> >
> > I don't have an example for genetlink, but I guess you should
> > find some in libnl. In this case I guess both would be fine
> > since ipvs is only loosely tied to the rest of netfilter.
> 
> Ok, my first impression is that genetlink is aimed at being simple to
> use (and has a nice howto).
> 
> So we'll work on a genetlink interface and some of the other v6 patch
> issues and then post again in a while. Thanks for the feedback!
> 
> Horms: ping if you're interested or have some good ideas for this.

Julius: pong

The main two problems that I see in the existing interface are
a) lack of extendibility (which is why we are here) and;
b) non-idempotent actions, especially adding and deleting
   real servers, which mean that user-space programs that
   manipulate ipvsadm have have extra (racy) logic.
   (ok, perhaps that is more a pet peeve than a problem).

I don't really have any concrete ideas about what a better
interface would look like. But I am more than happy to hash our ideas.

-- 
Horms

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ