[LEDE-DEV] Add ip_vs kernel netfilter modules to enable load balancing capabilities

Author: Mauro Mozzarelli <mauro@ezplanet.org>
Date:   Sun Feb 19 11:33:23 2017 +0000

     IPVS (IP Virtual Server) implements transport-layer load balancing 
inside the Linux kernel, so called Layer-4 switching. IPVS running on a 
host acts as a load balancer at the front of a cluster of real servers, 
it can direct requests for TCP/UDP based services to the real servers, 
and makes services of the real servers to appear as a virtual service on 
a single IP address.

     This patch adds kmod-nf-ipvs kernel modules option to LEDE kernel 
netfilter

     Signed-off-by: Mauro Mozzarelli <mauro at ezplanet.org>

+endef

  define KernelPackage/ipt-nat
    TITLE:=Basic NAT targets

Hi,

comments inline

On 19/02/2017 13:01, Mauro Mozzarelli wrote:
> Author: Mauro Mozzarelli <mauro@ezplanet.org>
> Date:   Sun Feb 19 11:33:23 2017 +0000
> 
>     IPVS (IP Virtual Server) implements transport-layer load balancing

^ stray tab

> inside the Linux kernel, so called Layer-4 switching. IPVS running on a
> host acts as a load balancer at the front of a cluster of real servers,
> it can direct requests for TCP/UDP based services to the real servers,
> and makes services of the real servers to appear as a virtual service on
> a single IP address.
> 
>     This patch adds kmod-nf-ipvs kernel modules option to LEDE kernel

^ stray tab

> netfilter
> 
>     Signed-off-by: Mauro Mozzarelli <mauro at ezplanet.org>
> 


^ stray tab and obfuscated mail addr

> diff --git a/package/kernel/linux/modules/netfilter.mk
> b/package/kernel/linux/modules/netfilter.mk
> index 6162dbc..7c51d9f 100644
> --- a/package/kernel/linux/modules/netfilter.mk
> +++ b/package/kernel/linux/modules/netfilter.mk
> @@ -271,6 +271,117 @@ define KernelPackage/ipt-ipset
>  endef
>  $(eval $(call KernelPackage,ipt-ipset))
> 
> +IPVS_K3_MODULES:= \
> +    ip_vs \
> +    ip_vs_lc \
> +    ip_vs_wlc \
> +    ip_vs_rr \
> +    ip_vs_wrr \
> +    ip_vs_lblc \
> +    ip_vs_lblcr \
> +    ip_vs_dh \
> +    ip_vs_sh \
> +    ip_vs_fo \
> +    ip_vs_nq \
> +    ip_vs_sed \
> +    ip_vs_ftp
> +
> +define KernelPackage/nf-ipvs
> +  SUBMENU:=Netfilter Extensions
> +  TITLE:=IP Virtual Server modules Kernel 3
> +  DEPENDS:=+kmod-lib-crc32c @(LINUX_3_18)
> +  KCONFIG:= \
> +    CONFIG_IP_VS \
> +    CONFIG_IP_VS_IPV6=y \
> +    CONFIG_IP_VS_DEBUG=n \
> +    CONFIG_IP_VS_PROTO_TCP=y \
> +    CONFIG_IP_VS_PROTO_UDP=y \
> +    CONFIG_IP_VS_PROTO_AH_ESP=y \
> +    CONFIG_IP_VS_PROTO_ESP=y \
> +    CONFIG_IP_VS_PROTO_AH=y \
> +    CONFIG_IP_VS_PROTO_SCTP=y \
> +    CONFIG_IP_VS_TAB_BITS=12 \
> +    CONFIG_IP_VS_RR \
> +    CONFIG_IP_VS_WRR \
> +    CONFIG_IP_VS_LC \
> +    CONFIG_IP_VS_WLC \
> +    CONFIG_IP_VS_FO \
> +    CONFIG_IP_VS_OVF \
> +    CONFIG_IP_VS_LBLC \
> +    CONFIG_IP_VS_LBLCR \
> +    CONFIG_IP_VS_DH \
> +    CONFIG_IP_VS_SH \
> +    CONFIG_IP_VS_SED \
> +    CONFIG_IP_VS_NQ \
> +    CONFIG_IP_VS_SH_TAB_BITS=8 \
> +    CONFIG_IP_VS_NFCT=n \
> +    CONFIG_IP_VS_FTP=m \
> +    CONFIG_NETFILTER_XT_MATCH_IPVS=n
> +
> +  FILES:=$(foreach
> mod,$(IPVS_K3_MODULES),$(LINUX_DIR)/net/netfilter/ipvs/$(mod).ko)

^ line wrapping, there are various more of these below.
additionally you sent this in some obscure way leading to patchwork
mangling it -> https://patchwork.ozlabs.org/patch/729538/

please fix and resend a properly formatted patch so that we can review it.

	John

> +  $(call AddDepends/ipt,+kmod-ipt-conntrack)
> +endef
> +$(eval $(call KernelPackage,nf-ipvs))
> +
> +define KernelPackage/nf-ipvs/description
> + IPVS (IP Virtual Server) implements transport-layer load balancing
> inside the Linux kernel
> + so called Layer-4 switching.
> +endef
> +
> +IPVS_K4_MODULES:= \
> +    ip_vs \
> +    ip_vs_lc \
> +    ip_vs_wlc \
> +    ip_vs_rr \
> +    ip_vs_wrr \
> +    ip_vs_lblc \
> +    ip_vs_lblcr \
> +    ip_vs_dh \
> +    ip_vs_sh \
> +    ip_vs_fo \
> +    ip_vs_nq \
> +    ip_vs_sed
> +
> +define KernelPackage/nf-ipvs
> +  SUBMENU:=Netfilter Extensions
> +  TITLE:=IP Virtual Server modules
> +  DEPENDS:=+kmod-lib-crc32c @!(LINUX_3_18)
> +  KCONFIG:= \
> +    CONFIG_IP_VS \
> +    CONFIG_IP_VS_IPV6=y \
> +    CONFIG_IP_VS_DEBUG=n \
> +    CONFIG_IP_VS_PROTO_TCP=y \
> +    CONFIG_IP_VS_PROTO_UDP=y \
> +    CONFIG_IP_VS_PROTO_AH_ESP=y \
> +    CONFIG_IP_VS_PROTO_ESP=y \
> +    CONFIG_IP_VS_PROTO_AH=y \
> +    CONFIG_IP_VS_PROTO_SCTP=y \
> +    CONFIG_IP_VS_TAB_BITS=12 \
> +    CONFIG_IP_VS_RR \
> +    CONFIG_IP_VS_WRR \
> +    CONFIG_IP_VS_LC \
> +    CONFIG_IP_VS_WLC \
> +    CONFIG_IP_VS_FO \
> +    CONFIG_IP_VS_OVF \
> +    CONFIG_IP_VS_LBLC \
> +    CONFIG_IP_VS_LBLCR \
> +    CONFIG_IP_VS_DH \
> +    CONFIG_IP_VS_SH \
> +    CONFIG_IP_VS_SED \
> +    CONFIG_IP_VS_NQ \
> +    CONFIG_IP_VS_SH_TAB_BITS=8 \
> +    CONFIG_IP_VS_NFCT=n \
> +    CONFIG_NETFILTER_XT_MATCH_IPVS=n
> +
> +  FILES:=$(foreach
> mod,$(IPVS_K4_MODULES),$(LINUX_DIR)/net/netfilter/ipvs/$(mod).ko)
> +  $(call AddDepends/ipt,+kmod-ipt-conntrack)
> +endef
> +$(eval $(call KernelPackage,nf-ipvs))
> +
> +define KernelPackage/nf-ipvs/description
> + IPVS (IP Virtual Server) implements transport-layer load balancing
> inside the Linux kernel
> + so called Layer-4 switching.
> +endef
> 
>  define KernelPackage/ipt-nat
>    TITLE:=Basic NAT targets
> 
> 
> _______________________________________________
> Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

On 19 February 2017 at 13:01, Mauro Mozzarelli <openwrt@ezplanet.net> wrote:
> Author: Mauro Mozzarelli <mauro@ezplanet.org>
> Date:   Sun Feb 19 11:33:23 2017 +0000
>
>     IPVS (IP Virtual Server) implements transport-layer load balancing
> inside the Linux kernel, so called Layer-4 switching. IPVS running on a host
> acts as a load balancer at the front of a cluster of real servers, it can
> direct requests for TCP/UDP based services to the real servers, and makes
> services of the real servers to appear as a virtual service on a single IP
> address.
>
>     This patch adds kmod-nf-ipvs kernel modules option to LEDE kernel
> netfilter
>
>     Signed-off-by: Mauro Mozzarelli <mauro at ezplanet.org>
>
> diff --git a/package/kernel/linux/modules/netfilter.mk
> b/package/kernel/linux/modules/netfilter.mk
> index 6162dbc..7c51d9f 100644
> --- a/package/kernel/linux/modules/netfilter.mk
> +++ b/package/kernel/linux/modules/netfilter.mk
> @@ -271,6 +271,117 @@ define KernelPackage/ipt-ipset
>  endef
>  $(eval $(call KernelPackage,ipt-ipset))
>
> +IPVS_K3_MODULES:= \
> +    ip_vs \
> +    ip_vs_lc \
> +    ip_vs_wlc \
> +    ip_vs_rr \
> +    ip_vs_wrr \
> +    ip_vs_lblc \
> +    ip_vs_lblcr \
> +    ip_vs_dh \
> +    ip_vs_sh \
> +    ip_vs_fo \
> +    ip_vs_nq \
> +    ip_vs_sed \
> +    ip_vs_ftp

(snip)

> +IPVS_K4_MODULES:= \
> +    ip_vs \
> +    ip_vs_lc \
> +    ip_vs_wlc \
> +    ip_vs_rr \
> +    ip_vs_wrr \
> +    ip_vs_lblc \
> +    ip_vs_lblcr \
> +    ip_vs_dh \
> +    ip_vs_sh \
> +    ip_vs_fo \
> +    ip_vs_nq \
> +    ip_vs_sed

These seem mostly the same, the only difference is ip_vs_ftp in 3.18.
You can annotate the FILES with kernel versions, e.g.
ip_vs_ftp.ko@lt4.0" would mean "copy this file only if kernel version
is less than 4.0". That way you should be able to just have one
KernelPackage definition.


Regards
Jonas

Hello John,

Thank you for reviewing the patch. I extracted it with "git show" which 
added the tabs, but I can always edit the patch file manually and remove 
them if it helps.

Please could you clarify what is the problem with line wrapping? It is 
there for better readability, would you like everything to be in one line?

Also I am not sure I understand your reference to "patchwork mangling".

To create the patch file I do the following (to a freshly cloned LEDE 
trunk repository):

1. git checkout -b myproject
2. Apply changes
3. git add path to changed files
4. git commit and edit comments (I add my comments without tabs)
5. git show to extract patch file (git adds the tabs here)

Please could you let me know if there is a best practice to create patch 
files?

Best regards,

Mauro


On 20/02/17 08:31, John Crispin wrote:
> Hi,
>
> comments inline
>
> On 19/02/2017 13:01, Mauro Mozzarelli wrote:
>> Author: Mauro Mozzarelli <mauro@ezplanet.org>
>> Date:   Sun Feb 19 11:33:23 2017 +0000
>>
>>      IPVS (IP Virtual Server) implements transport-layer load balancing
> ^ stray tab
>
>> inside the Linux kernel, so called Layer-4 switching. IPVS running on a
>> host acts as a load balancer at the front of a cluster of real servers,
>> it can direct requests for TCP/UDP based services to the real servers,
>> and makes services of the real servers to appear as a virtual service on
>> a single IP address.
>>
>>      This patch adds kmod-nf-ipvs kernel modules option to LEDE kernel
> ^ stray tab
>
>> netfilter
>>
>>      Signed-off-by: Mauro Mozzarelli <mauro at ezplanet.org>
>>
>
> ^ stray tab and obfuscated mail addr
>
>> diff --git a/package/kernel/linux/modules/netfilter.mk
>> b/package/kernel/linux/modules/netfilter.mk
>> index 6162dbc..7c51d9f 100644
>> --- a/package/kernel/linux/modules/netfilter.mk
>> +++ b/package/kernel/linux/modules/netfilter.mk
>> @@ -271,6 +271,117 @@ define KernelPackage/ipt-ipset
>>   endef
>>   $(eval $(call KernelPackage,ipt-ipset))
>>
>> +IPVS_K3_MODULES:= \
>> +    ip_vs \
>> +    ip_vs_lc \
>> +    ip_vs_wlc \
>> +    ip_vs_rr \
>> +    ip_vs_wrr \
>> +    ip_vs_lblc \
>> +    ip_vs_lblcr \
>> +    ip_vs_dh \
>> +    ip_vs_sh \
>> +    ip_vs_fo \
>> +    ip_vs_nq \
>> +    ip_vs_sed \
>> +    ip_vs_ftp
>> +
>> +define KernelPackage/nf-ipvs
>> +  SUBMENU:=Netfilter Extensions
>> +  TITLE:=IP Virtual Server modules Kernel 3
>> +  DEPENDS:=+kmod-lib-crc32c @(LINUX_3_18)
>> +  KCONFIG:= \
>> +    CONFIG_IP_VS \
>> +    CONFIG_IP_VS_IPV6=y \
>> +    CONFIG_IP_VS_DEBUG=n \
>> +    CONFIG_IP_VS_PROTO_TCP=y \
>> +    CONFIG_IP_VS_PROTO_UDP=y \
>> +    CONFIG_IP_VS_PROTO_AH_ESP=y \
>> +    CONFIG_IP_VS_PROTO_ESP=y \
>> +    CONFIG_IP_VS_PROTO_AH=y \
>> +    CONFIG_IP_VS_PROTO_SCTP=y \
>> +    CONFIG_IP_VS_TAB_BITS=12 \
>> +    CONFIG_IP_VS_RR \
>> +    CONFIG_IP_VS_WRR \
>> +    CONFIG_IP_VS_LC \
>> +    CONFIG_IP_VS_WLC \
>> +    CONFIG_IP_VS_FO \
>> +    CONFIG_IP_VS_OVF \
>> +    CONFIG_IP_VS_LBLC \
>> +    CONFIG_IP_VS_LBLCR \
>> +    CONFIG_IP_VS_DH \
>> +    CONFIG_IP_VS_SH \
>> +    CONFIG_IP_VS_SED \
>> +    CONFIG_IP_VS_NQ \
>> +    CONFIG_IP_VS_SH_TAB_BITS=8 \
>> +    CONFIG_IP_VS_NFCT=n \
>> +    CONFIG_IP_VS_FTP=m \
>> +    CONFIG_NETFILTER_XT_MATCH_IPVS=n
>> +
>> +  FILES:=$(foreach
>> mod,$(IPVS_K3_MODULES),$(LINUX_DIR)/net/netfilter/ipvs/$(mod).ko)
> ^ line wrapping, there are various more of these below.
> additionally you sent this in some obscure way leading to patchwork
> mangling it -> https://patchwork.ozlabs.org/patch/729538/
>
> please fix and resend a properly formatted patch so that we can review it.
>
> 	John
>
>> +  $(call AddDepends/ipt,+kmod-ipt-conntrack)
>> +endef
>> +$(eval $(call KernelPackage,nf-ipvs))
>> +
>> +define KernelPackage/nf-ipvs/description
>> + IPVS (IP Virtual Server) implements transport-layer load balancing
>> inside the Linux kernel
>> + so called Layer-4 switching.
>> +endef
>> +
>> +IPVS_K4_MODULES:= \
>> +    ip_vs \
>> +    ip_vs_lc \
>> +    ip_vs_wlc \
>> +    ip_vs_rr \
>> +    ip_vs_wrr \
>> +    ip_vs_lblc \
>> +    ip_vs_lblcr \
>> +    ip_vs_dh \
>> +    ip_vs_sh \
>> +    ip_vs_fo \
>> +    ip_vs_nq \
>> +    ip_vs_sed
>> +
>> +define KernelPackage/nf-ipvs
>> +  SUBMENU:=Netfilter Extensions
>> +  TITLE:=IP Virtual Server modules
>> +  DEPENDS:=+kmod-lib-crc32c @!(LINUX_3_18)
>> +  KCONFIG:= \
>> +    CONFIG_IP_VS \
>> +    CONFIG_IP_VS_IPV6=y \
>> +    CONFIG_IP_VS_DEBUG=n \
>> +    CONFIG_IP_VS_PROTO_TCP=y \
>> +    CONFIG_IP_VS_PROTO_UDP=y \
>> +    CONFIG_IP_VS_PROTO_AH_ESP=y \
>> +    CONFIG_IP_VS_PROTO_ESP=y \
>> +    CONFIG_IP_VS_PROTO_AH=y \
>> +    CONFIG_IP_VS_PROTO_SCTP=y \
>> +    CONFIG_IP_VS_TAB_BITS=12 \
>> +    CONFIG_IP_VS_RR \
>> +    CONFIG_IP_VS_WRR \
>> +    CONFIG_IP_VS_LC \
>> +    CONFIG_IP_VS_WLC \
>> +    CONFIG_IP_VS_FO \
>> +    CONFIG_IP_VS_OVF \
>> +    CONFIG_IP_VS_LBLC \
>> +    CONFIG_IP_VS_LBLCR \
>> +    CONFIG_IP_VS_DH \
>> +    CONFIG_IP_VS_SH \
>> +    CONFIG_IP_VS_SED \
>> +    CONFIG_IP_VS_NQ \
>> +    CONFIG_IP_VS_SH_TAB_BITS=8 \
>> +    CONFIG_IP_VS_NFCT=n \
>> +    CONFIG_NETFILTER_XT_MATCH_IPVS=n
>> +
>> +  FILES:=$(foreach
>> mod,$(IPVS_K4_MODULES),$(LINUX_DIR)/net/netfilter/ipvs/$(mod).ko)
>> +  $(call AddDepends/ipt,+kmod-ipt-conntrack)
>> +endef
>> +$(eval $(call KernelPackage,nf-ipvs))
>> +
>> +define KernelPackage/nf-ipvs/description
>> + IPVS (IP Virtual Server) implements transport-layer load balancing
>> inside the Linux kernel
>> + so called Layer-4 switching.
>> +endef
>>
>>   define KernelPackage/ipt-nat
>>     TITLE:=Basic NAT targets
>>
>>
>> _______________________________________________
>> Lede-dev mailing list
>> Lede-dev@lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
> _______________________________________________
> Lede-dev mailing list
> Lede-dev@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/lede-dev

On 2017-02-20 20:08, Mauro Mozzarelli wrote:
> Hello John,
> 
> Thank you for reviewing the patch. I extracted it with "git show" which 
> added the tabs, but I can always edit the patch file manually and remove 
> them if it helps.
> 
> Please could you clarify what is the problem with line wrapping? It is 
> there for better readability, would you like everything to be in one line?
> 
> Also I am not sure I understand your reference to "patchwork mangling".
> 
> To create the patch file I do the following (to a freshly cloned LEDE 
> trunk repository):
> 
> 1. git checkout -b myproject
> 2. Apply changes
> 3. git add path to changed files
> 4. git commit and edit comments (I add my comments without tabs)
> 5. git show to extract patch file (git adds the tabs here)
> 
> Please could you let me know if there is a best practice to create patch 
> files?
Please use git send-email to send them directly. If you really need to
generate them manually, use git format-patch.

- Felix

On 20 February 2017 at 10:47, Jonas Gorski <jonas.gorski@gmail.com> wrote:
> On 19 February 2017 at 13:01, Mauro Mozzarelli <openwrt@ezplanet.net> wrote:
>> Author: Mauro Mozzarelli <mauro@ezplanet.org>
>> Date:   Sun Feb 19 11:33:23 2017 +0000
>>
>>     IPVS (IP Virtual Server) implements transport-layer load balancing
>> inside the Linux kernel, so called Layer-4 switching. IPVS running on a host
>> acts as a load balancer at the front of a cluster of real servers, it can
>> direct requests for TCP/UDP based services to the real servers, and makes
>> services of the real servers to appear as a virtual service on a single IP
>> address.
>>
>>     This patch adds kmod-nf-ipvs kernel modules option to LEDE kernel
>> netfilter
>>
>>     Signed-off-by: Mauro Mozzarelli <mauro at ezplanet.org>
>>
>> diff --git a/package/kernel/linux/modules/netfilter.mk
>> b/package/kernel/linux/modules/netfilter.mk
>> index 6162dbc..7c51d9f 100644
>> --- a/package/kernel/linux/modules/netfilter.mk
>> +++ b/package/kernel/linux/modules/netfilter.mk
>> @@ -271,6 +271,117 @@ define KernelPackage/ipt-ipset
>>  endef
>>  $(eval $(call KernelPackage,ipt-ipset))
>>
>> +IPVS_K3_MODULES:= \
>> +    ip_vs \
>> +    ip_vs_lc \
>> +    ip_vs_wlc \
>> +    ip_vs_rr \
>> +    ip_vs_wrr \
>> +    ip_vs_lblc \
>> +    ip_vs_lblcr \
>> +    ip_vs_dh \
>> +    ip_vs_sh \
>> +    ip_vs_fo \
>> +    ip_vs_nq \
>> +    ip_vs_sed \
>> +    ip_vs_ftp
>
> (snip)
>
>> +IPVS_K4_MODULES:= \
>> +    ip_vs \
>> +    ip_vs_lc \
>> +    ip_vs_wlc \
>> +    ip_vs_rr \
>> +    ip_vs_wrr \
>> +    ip_vs_lblc \
>> +    ip_vs_lblcr \
>> +    ip_vs_dh \
>> +    ip_vs_sh \
>> +    ip_vs_fo \
>> +    ip_vs_nq \
>> +    ip_vs_sed
>
> These seem mostly the same, the only difference is ip_vs_ftp in 3.18.
> You can annotate the FILES with kernel versions, e.g.
> ip_vs_ftp.ko@lt4.0" would mean "copy this file only if kernel version
> is less than 4.0". That way you should be able to just have one
> KernelPackage definition.

Actually looking at the linux sources, ip_vs_ftp is still present in
4.10, so I don't see why you need to do the distinction at all. Does
it not build?


Regards
Jonas