[Debian] Re: lenny updates (networking)
Kir Kolyshkin
kir at openvz.org
Mon Mar 16 07:19:39 EDT 2009
Ola Lundqvist wrote:
> Hi Kir
>
> More comments...
>
> On Tue, Mar 10, 2009 at 02:54:04AM +0300, Kir Kolyshkin wrote:
>
>> Kir Kolyshkin wrote:
>>
>>> I am currently checking all the ~80 patches that are not in openvz
>>> lenny kernel. Looks like most are really needed. Let me suggest some
>>> in a few emails I will send as a reply to this one.
>>>
>> Some networking fixes. Networking changed much in 2.6.26 (net namespaces
>> etc.) so some fixes came out later.
>>
>>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=24cebf40278cb071ff8b5671b03c763f0f74b5ec
>> netns: add support for net namespace in igmp code
>> Fixes networking lock up while dealing with multicast traffic. Backport
>> from mainstream.
>> OpenVZ bug #992 (http://bugzilla.openvz.org/992)
>> Could be an ABI breaker.
>> Attached as 0013*
>>
>
> Already in Debian openvz patch.
>
>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=849af42466bed078e6953a4eeeff28c81f64a983
>> [UB]: Double free for UDP socket
>> Found by internal testing. Not an ABI breaker.
>> Attached as 0015*
>>
>
> I assume this can be a security issue, right?
>
Yes
>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=b6133ea5860a6c549065be5eaca57244ac8ccc92
>> Removes a compilation warning. Very trivial :)
>> Attached as 0030*
>>
>
> I assume this one is not very important, right? On the other hand it can not really disturb anything.
>
Right.
>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=9baf6095c98f930e02769b09addbd4b5f18772d5
>> Simplify call __dev_change_net_namespace() by remove parameters.
>> Related to OpenVZ bug #1044, prerequisite to the next patch.
>> Attached as 0040*
>>
>>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=35f41f111afc1a9f024153ac43d8d829a894fb2b
>> Adjust VE before call netdev_unregister_kobject/netdev_register_kobject
>> Fix for OpenVZ bug #1044 (http://bugzilla.openvz.org/1044)
>> Attached as 0041*
>>
>
> Looks like an important thing to fix, yes.
>
>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=ce67d5b4cc85fa0c6a6d226d436276ab307ae041
>> iptables: setup init iptables mask before net initialization
>> Trivial fix for IPv6 iptables in container. Not an ABI breaker.
>> Attached as 0042*
>>
>
> IPv6 is not really working in the current version. However this is an improvement to the current state.
> Not sure it should be included. I have added to my test build but I think I need advice from Dann here.
>
So we can either disable IPv6 in config or fix it. It's up to you/Dann
to decide. I'd go with fixing.
Speaking of IPv6, we also have a bunch of patches for ipv6 conntracks in
containers which I haven't sent since it looks more like a new
functionality rather than a bugfix.
>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=fffc6ffba65ec0b12aeb89f2e4a448785298aa75
>> net: set ve context when init/exit method is called
>> Attached as 0043*
>>
>
> Security issue?
>
No. Deadlocks/leaks on VE stop.
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=8a951e3f434541143a639dd529a504d343d28cc7
>> tun: mark tun/tap devices with NETIF_F_VIRTUAL flag
>> Fix for OpenVZ bug #1145 (http://bugzilla.openvz.org/1145)
>> Attached as 0062*
>>
>
> Ok.
>
>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=5c591aeb2a194a9554b0cf0bd3959d8c18fa5129
>> bridge: don't leak master device on brctl addif
>> Fix for OpenVZ bug #1145 (http://bugzilla.openvz.org/1145)
>> Attached as 0063*
>>
>
> Same bug as above. Ok.
>
>
>> http://git.openvz.org/?p=linux-2.6.26-openvz;a=commitdiff;h=c578262d8816d27ab5530696d7b5f1e102e3b977
>> net: NETIF_F_VIRTUAL intersects with NETIF_F_LRO
>> Fix for OpenVZ bug #1145 (http://bugzilla.openvz.org/1145)
>> Attached as 0064*
>>
>
> Same bug as above. Ok.
>
> Best regards,
>
> // Ola
>
>
More information about the Debian
mailing list