ipvs: Fix inappropriate output of procfs

Message ID	20171015115406.GA11429@nuc02.localdomain
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> Date: Sun, 15 Oct 2017 20:54:10 +0900 From: KUWAZAWA Takuya <albatross0@gmail.com> To: Wensong Zhang <wensong@linux-vs.org>, Simon Horman <horms@verge.net.au>, Julian Anastasov <ja@ssi.bg> Cc: Pablo Neira Ayuso <pablo@netfilter.org>, Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>, Florian Westphal <fw@strlen.de>, "David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org, lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org Subject: [PATCH] ipvs: Fix inappropriate output of procfs Message-ID: <20171015115406.GA11429@nuc02.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	ipvs: Fix inappropriate output of procfs \| expand ipvs: Fix inappropriate output of procfs

Message ID

20171015115406.GA11429@nuc02.localdomain

State

Accepted

Delegated to:

Pablo Neira

Headers

Date: Sun, 15 Oct 2017 20:54:10 +0900
From: KUWAZAWA Takuya <albatross0@gmail.com>
To: Wensong Zhang <wensong@linux-vs.org>,
	Simon Horman <horms@verge.net.au>, Julian Anastasov <ja@ssi.bg>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>,
	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
	Florian Westphal <fw@strlen.de>,
	"David S. Miller" <davem@davemloft.net>, netdev@vger.kernel.org,
	lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org,
	coreteam@netfilter.org, linux-kernel@vger.kernel.org
Subject: [PATCH] ipvs: Fix inappropriate output of procfs
Message-ID: <20171015115406.GA11429@nuc02.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

ipvs: Fix inappropriate output of procfs | expand

Commit Message

KUWAZAWA Takuya Oct. 15, 2017, 11:54 a.m. UTC

Information about ipvs in different network namespace can be seen via procfs.

How to reproduce:

  # ip netns add ns01
  # ip netns add ns02
  # ip netns exec ns01 ip a add dev lo 127.0.0.1/8
  # ip netns exec ns02 ip a add dev lo 127.0.0.1/8
  # ip netns exec ns01 ipvsadm -A -t 10.1.1.1:80
  # ip netns exec ns02 ipvsadm -A -t 10.1.1.2:80

The ipvsadm displays information about its own network namespace only.

  # ip netns exec ns01 ipvsadm -Ln
  IP Virtual Server version 1.2.1 (size=4096)
  Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
  TCP  10.1.1.1:80 wlc

  # ip netns exec ns02 ipvsadm -Ln
  IP Virtual Server version 1.2.1 (size=4096)
  Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
  TCP  10.1.1.2:80 wlc

But I can see information about other network namespace via procfs.

  # ip netns exec ns01 cat /proc/net/ip_vs
  IP Virtual Server version 1.2.1 (size=4096)
  Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port Forward Weight ActiveConn InActConn
  TCP  0A010101:0050 wlc
  TCP  0A010102:0050 wlc

  # ip netns exec ns02 cat /proc/net/ip_vs
  IP Virtual Server version 1.2.1 (size=4096)
  Prot LocalAddress:Port Scheduler Flags
    -> RemoteAddress:Port Forward Weight ActiveConn InActConn
  TCP  0A010102:0050 wlc

Signed-off-by: KUWAZAWA Takuya <albatross0@gmail.com>
---
 net/netfilter/ipvs/ip_vs_ctl.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Julian Anastasov Oct. 15, 2017, 2:11 p.m. UTC | #1

Hello,

On Sun, 15 Oct 2017, KUWAZAWA Takuya wrote:

> Information about ipvs in different network namespace can be seen via procfs.
> 
> How to reproduce:
> 
>   # ip netns add ns01
>   # ip netns add ns02
>   # ip netns exec ns01 ip a add dev lo 127.0.0.1/8
>   # ip netns exec ns02 ip a add dev lo 127.0.0.1/8
>   # ip netns exec ns01 ipvsadm -A -t 10.1.1.1:80
>   # ip netns exec ns02 ipvsadm -A -t 10.1.1.2:80
> 
> The ipvsadm displays information about its own network namespace only.
> 
>   # ip netns exec ns01 ipvsadm -Ln
>   IP Virtual Server version 1.2.1 (size=4096)
>   Prot LocalAddress:Port Scheduler Flags
>     -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
>   TCP  10.1.1.1:80 wlc
> 
>   # ip netns exec ns02 ipvsadm -Ln
>   IP Virtual Server version 1.2.1 (size=4096)
>   Prot LocalAddress:Port Scheduler Flags
>     -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
>   TCP  10.1.1.2:80 wlc
> 
> But I can see information about other network namespace via procfs.
> 
>   # ip netns exec ns01 cat /proc/net/ip_vs
>   IP Virtual Server version 1.2.1 (size=4096)
>   Prot LocalAddress:Port Scheduler Flags
>     -> RemoteAddress:Port Forward Weight ActiveConn InActConn
>   TCP  0A010101:0050 wlc
>   TCP  0A010102:0050 wlc
> 
>   # ip netns exec ns02 cat /proc/net/ip_vs
>   IP Virtual Server version 1.2.1 (size=4096)
>   Prot LocalAddress:Port Scheduler Flags
>     -> RemoteAddress:Port Forward Weight ActiveConn InActConn
>   TCP  0A010102:0050 wlc
> 
> Signed-off-by: KUWAZAWA Takuya <albatross0@gmail.com>

	Looks good to me

Acked-by: Julian Anastasov <ja@ssi.bg>

	Simon, please apply to ipvs tree.

> ---
>  net/netfilter/ipvs/ip_vs_ctl.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index 4f940d7..b3245f9 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -2034,12 +2034,16 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
>  		seq_puts(seq,
>  			 "  -> RemoteAddress:Port Forward Weight ActiveConn InActConn\n");
>  	} else {
> +		struct net *net = seq_file_net(seq);
> +		struct netns_ipvs *ipvs = net_ipvs(net);
>  		const struct ip_vs_service *svc = v;
>  		const struct ip_vs_iter *iter = seq->private;
>  		const struct ip_vs_dest *dest;
>  		struct ip_vs_scheduler *sched = rcu_dereference(svc->scheduler);
>  		char *sched_name = sched ? sched->name : "none";
>  
> +		if (svc->ipvs != ipvs)
> +			return 0;
>  		if (iter->table == ip_vs_svc_table) {
>  #ifdef CONFIG_IP_VS_IPV6
>  			if (svc->af == AF_INET6)
> -- 
> 1.8.3.1

Regards

--
Julian Anastasov <ja@ssi.bg>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Pablo Neira Ayuso Nov. 6, 2017, 2:26 p.m. UTC | #2

On Sun, Oct 15, 2017 at 05:11:28PM +0300, Julian Anastasov wrote:
> On Sun, 15 Oct 2017, KUWAZAWA Takuya wrote:
> 
> > Information about ipvs in different network namespace can be seen via procfs.
> > 
> > How to reproduce:
> > 
> >   # ip netns add ns01
> >   # ip netns add ns02
> >   # ip netns exec ns01 ip a add dev lo 127.0.0.1/8
> >   # ip netns exec ns02 ip a add dev lo 127.0.0.1/8
> >   # ip netns exec ns01 ipvsadm -A -t 10.1.1.1:80
> >   # ip netns exec ns02 ipvsadm -A -t 10.1.1.2:80
> > 
> > The ipvsadm displays information about its own network namespace only.
> > 
> >   # ip netns exec ns01 ipvsadm -Ln
> >   IP Virtual Server version 1.2.1 (size=4096)
> >   Prot LocalAddress:Port Scheduler Flags
> >     -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> >   TCP  10.1.1.1:80 wlc
> > 
> >   # ip netns exec ns02 ipvsadm -Ln
> >   IP Virtual Server version 1.2.1 (size=4096)
> >   Prot LocalAddress:Port Scheduler Flags
> >     -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
> >   TCP  10.1.1.2:80 wlc
> > 
> > But I can see information about other network namespace via procfs.
> > 
> >   # ip netns exec ns01 cat /proc/net/ip_vs
> >   IP Virtual Server version 1.2.1 (size=4096)
> >   Prot LocalAddress:Port Scheduler Flags
> >     -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> >   TCP  0A010101:0050 wlc
> >   TCP  0A010102:0050 wlc
> > 
> >   # ip netns exec ns02 cat /proc/net/ip_vs
> >   IP Virtual Server version 1.2.1 (size=4096)
> >   Prot LocalAddress:Port Scheduler Flags
> >     -> RemoteAddress:Port Forward Weight ActiveConn InActConn
> >   TCP  0A010102:0050 wlc
> > 
> > Signed-off-by: KUWAZAWA Takuya <albatross0@gmail.com>
> 
> 	Looks good to me
> 
> Acked-by: Julian Anastasov <ja@ssi.bg>

Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index 4f940d7..b3245f9 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -2034,12 +2034,16 @@  static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
 		seq_puts(seq,
 			 "  -> RemoteAddress:Port Forward Weight ActiveConn InActConn\n");
 	} else {
+		struct net *net = seq_file_net(seq);
+		struct netns_ipvs *ipvs = net_ipvs(net);
 		const struct ip_vs_service *svc = v;
 		const struct ip_vs_iter *iter = seq->private;
 		const struct ip_vs_dest *dest;
 		struct ip_vs_scheduler *sched = rcu_dereference(svc->scheduler);
 		char *sched_name = sched ? sched->name : "none";
 
+		if (svc->ipvs != ipvs)
+			return 0;
 		if (iter->table == ip_vs_svc_table) {
 #ifdef CONFIG_IP_VS_IPV6
 			if (svc->af == AF_INET6)

ipvs: Fix inappropriate output of procfs

Commit Message

Comments

Patch