[Debian] Re: lenny updates (networking)

Ola Lundqvist ola at inguza.com
Sat Mar 14 13:14:54 EDT 2009


Hi Kir

More comments...

On Tue, Mar 10, 2009 at 02:54:04AM +0300, Kir Kolyshkin wrote:
> Kir Kolyshkin wrote:
> >I am currently checking all the ~80 patches that are not in openvz 
> >lenny kernel. Looks like most are really needed. Let me suggest some 
> >in a few emails I will send as a reply to this one.
> Some networking fixes. Networking changed much in 2.6.26 (net namespaces 
> etc.) so some fixes came out later.
> 
> 
> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=24cebf40278cb071ff8b5671b03c763f0f74b5ec
> netns: add support for net namespace in igmp code
> Fixes networking lock up while dealing with multicast traffic. Backport 
> from mainstream.
> OpenVZ bug #992 (http://bugzilla.openvz.org/992)
> Could be an ABI breaker.
> Attached as 0013*

Already in Debian openvz patch.

> 
> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=849af42466bed078e6953a4eeeff28c81f64a983
> [UB]: Double free for UDP socket
> Found by internal testing. Not an ABI breaker.
> Attached as 0015*

I assume this can be a security issue, right?

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=b6133ea5860a6c549065be5eaca57244ac8ccc92
> Removes a compilation warning. Very trivial :)
> Attached as 0030*

I assume this one is not very important, right? On the other hand it can not really disturb anything.

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=9baf6095c98f930e02769b09addbd4b5f18772d5
> Simplify call __dev_change_net_namespace() by remove parameters.
> Related to OpenVZ bug #1044, prerequisite to the next patch.
> Attached as 0040*
> 
> 
> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=35f41f111afc1a9f024153ac43d8d829a894fb2b
> Adjust VE before call netdev_unregister_kobject/netdev_register_kobject
> Fix for OpenVZ bug #1044 (http://bugzilla.openvz.org/1044)
> Attached as 0041*

Looks like an important thing to fix, yes.

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ce67d5b4cc85fa0c6a6d226d436276ab307ae041
> iptables: setup init iptables mask before net initialization
> Trivial fix for IPv6 iptables in container. Not an ABI breaker.
> Attached as 0042*

IPv6 is not really working in the current version. However this is an improvement to the current state.
Not sure it should be included. I have added to my test build but I think I need advice from Dann here.

> 
> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=fffc6ffba65ec0b12aeb89f2e4a448785298aa75
> net: set ve context when init/exit method is called
> Attached as 0043*

Security issue?

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=8a951e3f434541143a639dd529a504d343d28cc7
> tun: mark tun/tap devices with NETIF_F_VIRTUAL flag
> Fix for OpenVZ bug #1145 (http://bugzilla.openvz.org/1145)
> Attached as 0062*

Ok.

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=5c591aeb2a194a9554b0cf0bd3959d8c18fa5129
> bridge: don't leak master device on brctl addif
> Fix for OpenVZ bug #1145 (http://bugzilla.openvz.org/1145)
> Attached as 0063*

Same bug as above. Ok.

> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=c578262d8816d27ab5530696d7b5f1e102e3b977
> net: NETIF_F_VIRTUAL intersects with NETIF_F_LRO
> Fix for OpenVZ bug #1145 (http://bugzilla.openvz.org/1145)
> Attached as 0064*

Same bug as above. Ok.

Best regards,

// Ola

-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola at inguza.com                    Annebergsslingan 37        \
|  opal at debian.org                   654 65 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------


More information about the Debian mailing list