lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 27 Aug 2008 16:09:44 +1000
From:	Simon Horman <horms@...ge.net.au>
To:	Julius Volz <juliusv@...gle.com>
Cc:	Sven Wegener <sven.wegener@...aler.net>,
	Graeme Fowler <graeme@...emef.net>, netdev@...r.kernel.org,
	lvs-devel@...r.kernel.org, kaber@...sh.net, vbusam@...gle.com
Subject: Re: [PATCH RFC 00/24] IPVS: Add first IPv6 support to IPVS

On Fri, Aug 22, 2008 at 02:14:11PM +0200, Julius Volz wrote:
> On Fri, Aug 22, 2008 at 1:23 PM, Sven Wegener <sven.wegener@...aler.net> wrote:
> >> He :) Imagine an old kernel on the backup receiving new messages and
> >> not understanding them. How could we at least handle that situation
> >> gracefully (without totally confusing the older kernel)? We'd need to
> >> do it in a way that old features are still communicated in the same
> >> way. E.g., v4-only connection syncs still use the same message format,
> >> but once you use v6 entries, an unused flag or the 'reserved' field in
> >> ip_vs_sync_conn is used. A v6 message would still confuse an older
> >> kernel then, but a user would already notice that ipvsadm can't
> >> configure the v6 services on the older kernel, so that's not too bad.
> >
> > If that's a problem, we can easily change the communication port and even
> > completely redesign the protocol this way, without having old kernels
> > getting confused about the data they get. We might lose the ability to
> > sync between different versions, but in the end this is just the
> > connection synchronziation and both systems should be running the same
> > version. We could also keep the old communication port for some time, if
> > that's really needed.
> 
> Yes, starting from scratch on another port sounds like a good idea.
> Losing sync ability totally isn't as bad as confusing an older kernel
> with new messages, so I hope it's not necessary to keep the old
> baggage around?

That does sound like a nice idea. I think that is important that we don't
confuse older kernels. I guess the only time that ineroperability would be
important is when upgrading kernels, where you might want to take the
master ldirector down to upgrade it, then the standby.

> 
> Is there enough motivation for doing this though before having a
> cleaned-up minimal v6 version without the sync daemon? This is where
> I'm currently a bit stuck with... any help is appreciated :)

IPv6 without sync is fine by me. Its certainly much better than no IPv6.
Lets tackle sync a bit later.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ