[Devel] [PATCH RHEL7 COMMIT] vzprivnet: Revert "vzprivnet: rt cache drop on vzprivnet update"
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Oct 31 08:56:43 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.36.1.vz7.19.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.36.1.vz7.19.4
------>
commit 811e34ab16e283f7f3694908f767a41692eb56d5
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date: Mon Oct 31 19:56:40 2016 +0400
vzprivnet: Revert "vzprivnet: rt cache drop on vzprivnet update"
Patchset description:
do not rely on missing rtcache in vzprivnet_hook
vzprivnet filter relies on dst.privnet_mark is per saddr+daddr pair.
But rt_hash_table was removed in ms kernel v3.6, commit 89aef8921bfb
("ipv4: Delete routing cache."). And now different saddr+daddr pairs
can have same routing dst_entry, and thus same pmark variable, and
vzprivnet filter fails to filter these pairs(blocks both or allows
both depending on which connection was first, the one we need to
block or allow).
These is the try to return plain vzprivnet_hook which was without
caching, so we would always do explicit vzprivnet_classify. If after
these change the network would not become very slow (not much than
~10% slower) we seem to be able to leave with it.
note: We do the same in vzprivnet6_hook, except that private networks
are in radix tree instead of rbtree as for vzprivnet_hook.
https://jira.sw.ru/browse/PSBM-53646
Pavel Tikhomirov (4):
Revert "vzprivnet: rt cache drop on vzprivnet update"
Revert "vzprivnet: Flush rt cache each time rules change"
vzprivnet: remove dst.privnet_mark usage as it is no more rtcached
Revert "VZPRIVNET: cache filtering result on dst"
============================================================
This patch description:
This reverts commit 47c285fdf54a7cd5d460702c65ffdb3a88128566.
https://jira.sw.ru/browse/PSBM-53646
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
net/ipv4/netfilter/ip_vzprivnet.c | 16 ++++------------
1 file changed, 4 insertions(+), 12 deletions(-)
diff --git a/net/ipv4/netfilter/ip_vzprivnet.c b/net/ipv4/netfilter/ip_vzprivnet.c
index 6e2bbe2..b590b4e 100644
--- a/net/ipv4/netfilter/ip_vzprivnet.c
+++ b/net/ipv4/netfilter/ip_vzprivnet.c
@@ -489,7 +489,6 @@ static int parse_param(const char *param, int *add, u32 *net,
static ssize_t vzpriv_write(struct file * file, const char __user *buf,
size_t count, loff_t *ppos)
{
- struct net *net;
char *s, *page;
int err;
int offset;
@@ -505,6 +504,8 @@ static ssize_t vzpriv_write(struct file * file, const char __user *buf,
if (err)
goto err;
+ rt_cache_flush(&init_net);
+
s = page;
s[count] = 0;
@@ -528,11 +529,6 @@ static ssize_t vzpriv_write(struct file * file, const char __user *buf,
s = nextline(s);
}
out:
- rtnl_lock();
- for_each_net(net)
- rt_cache_flush(net);
- rtnl_unlock();
-
offset = s - page;
if (offset > 0)
err = offset;
@@ -828,7 +824,6 @@ static int parse_sparse(const char *param, int *add,
static ssize_t sparse_write(struct file * file, const char __user *buf,
size_t count, loff_t *ppos)
{
- struct net *net;
char *s, *page;
int err;
int offset;
@@ -844,6 +839,8 @@ static ssize_t sparse_write(struct file * file, const char __user *buf,
if (err)
goto err;
+ rt_cache_flush(&init_net);
+
s = page;
s[count] = 0;
@@ -868,11 +865,6 @@ static ssize_t sparse_write(struct file * file, const char __user *buf,
s = nextline(s);
}
out:
- rtnl_lock();
- for_each_net(net)
- rt_cache_flush(net);
- rtnl_unlock();
-
offset = s - page;
if (offset > 0)
err = offset;
More information about the Devel
mailing list