lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <201006252110.08508.michal.humpula@hudrydum.cz>
Date:	Fri, 25 Jun 2010 21:10:08 +0200
From:	Michal Humpula <michal.humpula@...rydum.cz>
To:	"Rémi Denis-Courmont" <remi@...lab.net>
Cc:	netdev@...r.kernel.org
Subject: Re: nonlocal_bind & IPv6

Ok, more detail example. 

Let on each node be an apache (just for an example), and you configure VirtualHost for 
specific IP. So when node A fails, keepalived move IP to the node B and everything is 
still running. No need for restart of apache or anything else. There is a probably a 
better solution, but I can't find anything more simple than the posted patch:)

On Friday 25 of June 2010 20:59:58 Rémi Denis-Courmont wrote:
> On Fri, 25 Jun 2010 20:43:45 +0200, Michal Humpula
> 
> <michal.humpula@...rydum.cz> wrote:
> > I was just wondering, what's wrong with this?
> 
> It's not in unified format :D
> 
> > *** linux-2.6.34/net/ipv6/af_inet6.c    2010-05-16 23:17:36.000000000
> > +0200
> > --- linux-2.6.34-hack/net/ipv6/af_inet6.c       2010-06-25
> > 19:50:19.000000000 +0200
> > ***************
> > *** 345,354 ****
> > --- 345,356 ----
> > 
> >                         if (!(addr_type & IPV6_ADDR_MULTICAST)) {
> >                         
> >                                 if (!ipv6_chk_addr(net, &addr->sin6_addr,
> >                                 
> >                                                    dev, 0)) {
> > 
> > +           if (!sysctl_ip_nonlocal_bind) {
> > 
> >                                         err = -EADDRNOTAVAIL;
> >                                         goto out_unlock;
> >             
> >             }
> >             
> >                                 }
> > 
> > +                       }
> > 
> >                         rcu_read_unlock();
> >                 
> >                 }
> >         
> >         }
> > 
> > Motivation: just want to balance one IPv6 address between two nodes with
> > the help of keepalived the same way I do it with IPv4 without the need
> > of restarting the daemons binding on that IP.
> 
> nonlocal_bind seems a bit 80's to me. Why don't you bind the daemon to
> [::]? If it needs to know its own address, it can always use getsockname()
> for connected sockets and IPV6_PKTINFO ancillary data for datagram sockets.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ