Hi,
In an effort to keep people up to date about changes
to LVS I am trying to write a summary of changes each
time a new kernel is released.
In 2.6.35 (released on the 20th October 2010):
* Features
- Full NAT
- One packet Scheduling
----------------------------------------------------------------------
The following commands were used to generate data for this report:
$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
$ cd linux-2.6
$ git log --no-merges v2.6.35..v2.6.36 \
include/net/ip_vs.h include/linux/ip_vs.h net/netfilter/ipvs/
commit 6523ce1525e88c598c75a1a6b8c4edddfa9defe8
Author: Julian Anastasov <ja@xxxxxx>
Date: Sun Sep 5 18:02:29 2010 +0000
ipvs: fix active FTP
- Do not create expectation when forwarding the PORT
command to avoid blocking the connection. The problem is that
nf_conntrack_ftp.c:help() tries to create the same expectation later in
POST_ROUTING and drops the packet with "dropping packet" message after
failure in nf_ct_expect_related.
- Change ip_vs_update_conntrack to alter the conntrack
for related connections from real server. If we do not alter the reply in
this direction the next packet from client sent to vport 20 comes as NEW
connection. We alter it but may be some collision happens for both
conntracks and the second conntrack gets destroyed immediately. The
connection stucks too.
Signed-off-by: Julian Anastasov <ja@xxxxxx>
Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
commit 7bcbf81a2296a8f71342445560dcbe16100b567c
Author: Julian Anastasov <ja@xxxxxx>
Date: Wed Sep 1 23:07:10 2010 +0000
ipvs: avoid oops for passive FTP
Fix Passive FTP problem in ip_vs_ftp:
- Do not oops in nf_nat_set_seq_adjust (adjust_tcp_sequence) when
iptable_nat module is not loaded
Signed-off-by: Julian Anastasov <ja@xxxxxx>
Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
commit 5c0d2374a16fcb52096df914ee57720987677be5
Author: Simon Horman <horms@xxxxxxxxxxxx>
Date: Mon Aug 2 17:12:44 2010 +0200
ipvs: provide default ip_vs_conn_{in,out}_get_proto
This removes duplicate code by providing a default implementation
which is used by 3 of the 4 modules that provide these call.
Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
commit 2890a1573d1ae859a4d77e2fdbecacf21f96c0db
Author: Simon Horman <horms@xxxxxxxxxxxx>
Date: Mon Aug 2 17:08:11 2010 +0200
ipvs: remove EXPERIMENTAL tag
IPVS was merged into the kernel quite a long time ago and
has been seeing wide-spread production use for even longer.
It seems appropriate for it to be no longer tagged as EXPERIMENTAL
Signed-off-as: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
commit 7f1c407579519e71a0dcadc05614fd98acec585e
Author: Hannes Eder <heder@xxxxxxxxxx>
Date: Fri Jul 23 12:48:52 2010 +0200
IPVS: make FTP work with full NAT support
Use nf_conntrack/nf_nat code to do the packet mangling and the TCP
sequence adjusting. The function 'ip_vs_skb_replace' is now dead
code, so it is removed.
To SNAT FTP, use something like:
% iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \
--vport 21 -j SNAT --to-source 192.168.10.10
and for the data connections in passive mode:
% iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 \
--vportctl 21 -j SNAT --to-source 192.168.10.10
using '-m state --state RELATED' would also works.
Make sure the kernel modules ip_vs_ftp, nf_conntrack_ftp, and
nf_nat_ftp are loaded.
[ up-port and minor fixes by Simon Horman <horms@xxxxxxxxxxxx> ]
Signed-off-by: Hannes Eder <heder@xxxxxxxxxx>
Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
commit 7b215ffc3885a38182d3d49ceb41d0a81c3e041a
Author: Hannes Eder <heder@xxxxxxxxxx>
Date: Fri Jul 23 12:46:32 2010 +0200
IPVS: make friends with nf_conntrack
Update the nf_conntrack tuple in reply direction, as we will see
traffic from the real server (RIP) to the client (CIP). Once this is
done we can use netfilters SNAT in POSTROUTING, especially with
xt_ipvs, to do source NAT, e.g.:
% iptables -t nat -A POSTROUTING -m ipvs --vaddr 192.168.100.30/32 --vport 80 \
-j SNAT --to-source 192.168.10.10
[ minor fixes by Simon Horman <horms@xxxxxxxxxxxx> ]
Signed-off-by: Hannes Eder <heder@xxxxxxxxxx>
Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
commit 9c3e1c39679144c250dda95098333ecb5f1f407a
Author: Hannes Eder <heder@xxxxxxxxxx>
Date: Fri Jul 23 12:42:58 2010 +0200
netfilter: xt_ipvs (netfilter matcher for IPVS)
This implements the kernel-space side of the netfilter matcher xt_ipvs.
[ minor fixes by Simon Horman <horms@xxxxxxxxxxxx> ]
Signed-off-by: Hannes Eder <heder@xxxxxxxxxx>
Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
[ Patrick: added xt_ipvs.h to Kbuild ]
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
commit 8a0acaac807ec3fcb7b5a895c6bbb8e8b61e6275
Author: Xiaoyu Du <tingsrain@xxxxxxxxx>
Date: Fri Jul 9 17:27:47 2010 +0200
ipvs: lvs sctp protocol handler is incorrectly invoked ip_vs_app_pkt_out
lvs sctp protocol handler is incorrectly invoked ip_vs_app_pkt_out
Since there's no sctp helpers at present, it does the same thing as
ip_vs_app_pkt_in.
Signed-off-by: Xiaoyu Du <tingsrain@xxxxxxxxx>
Acked-by: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
commit 72c7664f9278b31fcf6b7828c1417caca5b68104
Author: Michal Marek <mmarek@xxxxxxx>
Date: Mon Jul 5 10:42:37 2010 +0200
ipvs: Kconfig cleanup
IP_VS_PROTO_AH_ESP should be set iff either of IP_VS_PROTO_{AH,ESP} is
selected. Express this with standard kconfig syntax.
Signed-off-by: Michal Marek <mmarek@xxxxxxx>
Acked-by: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
commit 26ec037f9841e49cc5c615deb8e1e73e5beab2ca
Author: Nick Chalk <nick@xxxxxxxxxxxxxxxx>
Date: Tue Jun 22 08:07:01 2010 +0200
IPVS: one-packet scheduling
Allow one-packet scheduling for UDP connections. When the fwmark-based or
normal virtual service is marked with '-o' or '--ops' options all
connections are created only to schedule one packet. Useful to schedule UDP
packets from same client port to different real servers. Recommended with
RR or WRR schedulers (the connections are not visible with ipvsadm -L).
Signed-off-by: Nick Chalk <nick@xxxxxxxxxxxxxxxx>
Signed-off-by: Simon Horman <horms@xxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
commit 421f91d21ad6f799dc7b489bb33cc560ccc56f98
Author: Uwe Kleine-KÃnig <u.kleine-koenig@xxxxxxxxxxxxxx>
Date: Fri Jun 11 12:17:00 2010 +0200
fix typos concerning "initiali[zs]e"
Signed-off-by: Uwe Kleine-KÃnig <u.kleine-koenig@xxxxxxxxxxxxxx>
Signed-off-by: Jiri Kosina <jkosina@xxxxxxx>
commit d8d1f30b95a635dbd610dcc5eb641aca8f4768cf
Author: Changli Gao <xiaosuo@xxxxxxxxx>
Date: Thu Jun 10 23:31:35 2010 -0700
net-next: remove useless union keyword
remove useless union keyword in rtable, rt6_info and dn_route.
Since there is only one member in a union, the union keyword isn't useful.
Signed-off-by: Changli Gao <xiaosuo@xxxxxxxxx>
Signed-off-by: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
