lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1362642190.17102.134.camel@hawk.mlab.se>
Date:	Thu, 07 Mar 2013 08:43:10 +0100
From:	Hans Schillstrom <hans@...illstrom.com>
To:	Julian Anastasov <ja@....bg>
Cc:	Simon Horman <horms@...ge.net.au>, lvs-devel@...r.kernel.org,
	netdev@...r.kernel.org
Subject: Re: [PATCH net-next 03/12] ipvs: prefer NETDEV_DOWN event to free
 cached dsts

Hello
On Wed, 2013-03-06 at 23:21 +0200, Julian Anastasov wrote:
> 	Hello,
> 
> On Wed, 6 Mar 2013, Hans Schillstrom wrote:
> 
> > Hi Julian
> > 
> > On Wed, 2013-03-06 at 10:42 +0200, Julian Anastasov wrote:
> > > 	The real server becomes unreachable on down event,
> > > no need to wait device unregistration. Should help in
> > > releasing dsts early before dst->dev is replaced with lo.
> > 
> > Have you test this in a network namespace ?
> > i.e. kill the namespace with heave traffic through it
> 
> 	This should not be a problem. Even without ns exit
> situation, we can have a case where device goes down,
> the output routes will start to fail and we will
> not cache route anymore. It can happen while the
> input device floods us with requests.

I've gone through the unregister code a couple of times now
and in theory it should work. 
The test suit have also been running without problem 


> > From what I remember this was a tricky area...
> > 
> > I have some test cases for this, should I run them ?
> 
> 	If it is easy...
> 
> > > Signed-off-by: Julian Anastasov <ja@....bg>

Signed-off by: Hans Schillstrom <hans@...illstrom.com>

> > > ---
> > >  net/netfilter/ipvs/ip_vs_ctl.c |    8 +++-----
> > >  1 files changed, 3 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> > > index c68198b..76fc8f2 100644
> > > --- a/net/netfilter/ipvs/ip_vs_ctl.c
> > > +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> > > @@ -1512,10 +1512,8 @@ __ip_vs_dev_reset(struct ip_vs_dest *dest, struct net_device *dev)
> > >  	spin_unlock_bh(&dest->dst_lock);
> > >  
> > >  }
> > > -/*
> > > - * Netdev event receiver
> > > - * Currently only NETDEV_UNREGISTER is handled, i.e. if we hold a reference to
> > > - * a device that is "unregister" it must be released.
> > > +/* Netdev event receiver
> > > + * Currently only NETDEV_DOWN is handled to release refs to cached dsts
> > >   */
> > >  static int ip_vs_dst_event(struct notifier_block *this, unsigned long event,
> > >  			    void *ptr)
> > > @@ -1527,7 +1525,7 @@ static int ip_vs_dst_event(struct notifier_block *this, unsigned long event,
> > >  	struct ip_vs_dest *dest;
> > >  	unsigned int idx;
> > >  
> > > -	if (event != NETDEV_UNREGISTER || !ipvs)
> > > +	if (event != NETDEV_DOWN || !ipvs)
> > >  		return NOTIFY_DONE;
> > >  	IP_VS_DBG(3, "%s() dev=%s\n", __func__, dev->name);
> > >  	EnterFunction(2);
> > 
> > 
> > Regards
> > Hans
> 
> Regards
> 
> --
> Julian Anastasov <ja@....bg>

Regargs
Hans

Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (6177 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ