mirror of
https://github.com/torvalds/linux.git
synced 2024-12-17 16:43:08 +00:00
99cb99aa05
Pablo Neira Ayuso says: ==================== Netfilter/IPVS updates for net-next The following patchset contains Netfilter/IPVS updates for your net-next tree in this 4.4 development cycle, they are: 1) Schedule ICMP traffic to IPVS instances, this introduces a new schedule_icmp proc knob to enable/disable it. By default is off to retain the old behaviour. Patchset from Alex Gartrell. I'm also including what Alex originally said for the record: "The configuration of ipvs at Facebook is relatively straightforward. All ipvs instances bgp advertise a set of VIPs and the network prefers the nearest one or uses ECMP in the event of a tie. For the uninitiated, ECMP deterministically and statelessly load balances by hashing the packet (usually a 5-tuple of protocol, saddr, daddr, sport, and dport) and using that number as an index (basic hash table type logic). The problem is that ICMP packets (which contain really important information like whether or not an MTU has been exceeded) will get a different hash value and may end up at a different ipvs instance. With no information about where to route these packets, they are dropped, creating ICMP black holes and breaking Path MTU discovery. Suddenly, my mom's pictures can't load and I'm fielding midday calls that I want nothing to do with. To address this, this patch set introduces the ability to schedule icmp packets which is gated by a sysctl net.ipv4.vs.schedule_icmp. If set to 0, the old behavior is maintained -- otherwise ICMP packets are scheduled." 2) Add another proc entry to ignore tunneled packets to avoid routing loops from IPVS, also from Alex. 3) Fifteen patches from Eric Biederman to: * Stop passing nf_hook_ops as parameter to the hook and use the state hook object instead all around the netfilter code, so only the private data pointer is passed to the registered hook function. * Now that we've got state->net, propagate the netns pointer to netfilter hook clients to avoid its computation over and over again. A good example of how this has been simplified is the former TEE target (now nf_dup infrastructure) since it has killed the ugly pick_net() function. There's another round of netns updates from Eric Biederman making the line. To avoid the patchbomb again to almost all the networking mailing list (that is 84 patches) I'd suggest we send you a pull request with no patches or let me know if you prefer a better way. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| acpi | ||
| asm-generic | ||
| clocksource | ||
| crypto | ||
| drm | ||
| dt-bindings | ||
| keys | ||
| kvm | ||
| linux | ||
| math-emu | ||
| media | ||
| memory | ||
| misc | ||
| net | ||
| pcmcia | ||
| ras | ||
| rdma | ||
| rxrpc | ||
| scsi | ||
| soc | ||
| sound | ||
| target | ||
| trace | ||
| uapi | ||
| video | ||
| xen | ||
| Kbuild | ||