ChangeLog of Virtual Server patch for Linux 2.2

Virtual Server patch for Linux 2.2.19 - Version 1.0.8 - May 14, 2001

Changes:
	* Fixed an old bug in the ip_vs_unbind_masq. Its
	atomic_dec_and_test may have race with __ip_vs_del_dest. Changed
	atomic_dec_and_test to atomic_dec in the ip_vs_unbind_dest,
	because the destination will be either in a service's destination
	list or in the destination trash and there is no need to release
	it here. Thank Julian for pointing it out.

	* Added svc->refcnt counter for service reference. The service
	cannot be released if it is referred by other destinations. Then,
	the big service lock in statistics (introduced in 1.0.7) was
	removed. It should improve performance a little bit.

	* Wenzhuo fixed the typo of failure function in ipvsadm.sh, and
	changed "modprobe ip_masq_ftp" in ipvsadm man page.


Virtual Server patch for Linux 2.2.19 - Version 1.0.7 - April 19, 2001

Changes:
	* Julian changed persistent connection template for fwmark-based
	service from  to , so that different
	fwmark-based services that share the same VIP can work correctly.

	* Julian changed the lookup order in the ip_vs_lookup_service. The
	original one is to lookup fwmark virtual service table only when
	the fwmark value of packet isn't zero, and the lookup normal
	virtual service table only when a packet isn't marked. The new one
	is to lookup fwmark virtual service table when packet is marked,
	if not found, then lookup normal virtual service table. This
	change can make packets of other firewall marking go through the
	normal virtual service.

	* Removed the original simple statistic(/proc/net/ip_masq/vs_stat)
	and ported a more sophisticated statistics from ipvs 0.2.9 for
	kernel 2.4.  The new statistics info can be accessed at
	/proc/net/ip_masq/vs_stats.


Virtual Server patch for Linux 2.2.19 - Version 1.0.6 - March 27, 2001

Changes:
	* Alexander Atanasov fixed the lblcr scheduler that when when all
	servers in the desination set are of weight 0 or are unavailable,
	falls back to wlc method, instead of return NULL.

	* Ratz added the missed ip_vs_lblcr_init() call, so that the lblcr
	scheduler can be built in the kernel.

	* Made the patch against Linux 2.2.19.

	* Changed to use fixed record (divisor of 512) to output ipvs
	procinfo file, so that each record won't be truncated at least.

	* ipvsadm updates
	revisited the SYNOPSIS of ipvsadm command, this one should be more
	correct, thank Joe and Horms for telling me there is some
	inconsistency.
	changed "-M [netmask]" to "-M netmask".
	Horms fixed that ipvsadm cannot read /etc/sysconfig/ipvsadm
	correctly on Red Hat 7. It is caused by scanf under the glibc that
	ships with Red Hat 7 not returning EOF as the man page documents
	it will once input stops. Added some code in the config_stream.c
	so that it can detect ab EOF.
	Horms tidys up ipvsadm-restore, ipvsadm-save and ipvsadm.sh a
	little too.
	fixed some warnings while compiling config_stream.c and
	  dynamic_array.c.
	added ipvsadm-save and ipvsadm-restore man pages.
	added the "-n" option into ipvsadm-save.


Virtual Server patch for Linux 2.2.18 - Version 1.0.5 - February 8, 2001

Changes:
	* Fixed the IP_MASQ_DEBUG using uninitialized port pointer bug in
	the ip_fw_demasq_icmp, the bug was there for a long time. It would
	lead to serious problem if the IP_MASQ_DEBUG option is up in
	kernel compilation.

	* Julian fixed that dest (instead of least destination) must be
	checked for availability after nextstage in the ip_vs_dest_set_min.


Virtual Server patch for Linux 2.2.18 - Version 1.0.4 - February 2, 2001

Changes:
	* Julian fixed a bug in the LBLCR scheduler by adding the missing
	(dest->weight>0) condition in the ip_vs_dest_set_max.

	* Alexander Atanasov  has done many testings on the
	LBLC and LBLCR scheduler, added selecting another server if the
	assigned dest->weight<=0 in the LBLC scheduler, added the checking
	on the ip_vs_dest_set_min and ip_vs_dest_set_max return in the
	LBLCR, otherwise the system would crash.

	* Make sure that ip_vs_dest_set_min returns server that is
	available.

	* Alex and Julian added the more ICMP handling code at ip_forward
	for fwmark-based service, if the incoming ICMP packet is related
	to IPVS connections, forward it to the right server.


Virtual Server patch for Linux 2.2.18 - Version 1.0.3 - December 30, 2000

Changes:
	* Changed the output format of svc->timeout from "%d" to "%u",
	in order to keep it consistent with the type of svc->timeout.

	* Upgrade the ipvsadm from version 1.13 to 1.14
	Fixed the persistent timeout parsing bug instroduced in the
	ipvsadm-1.13. (changed "%ud" back to "%u")

	Horms added the -v option to display the version of ipvsadm.

	Horms updated the debian files.

	Updated the %files section in the ipvsadm.spec.in file so that
	the srpm can be built in different environments.

Virtual Server patch for Linux 2.2.18 - Version 1.0.2 - December 17, 2000

Changes:
	* Make the patch against the kernel 2.2.18

	* Upgrage the ipvsadm from version 1.12 to 1.13

	Phil Copeland added some casts to stop gcc grumbling in new popt
	function call, and fixed the problem where ipvasdm.8 isn't wrapped
	because rpm tries to compress the man page and then forgets to
	tell itself the new name.

	Horms made that ipvsadm can be built as a debian package.

	Some minor changes to ipvsadm.c

Virtual Server patch for Linux 2.2.17 - Version 1.0.2 - December 3, 2000

Changes:
	* Ported the LBLC with replication scheduler from IPVS for
	kernel 2.4 back to IPVS for kernel 2.2.

	* Added description of the lblcr scheduler in ipvsadm man page

	* Joseph Mack added the LVS-mini-HOWTO document

Virtual Server patch for Linux 2.2.17 - Version 1.0.1 - November 23, 2000

Changes:
	* Fixed the wrong rover usage in expiration of lblc, thank Julian
	Fixed the wrong traverse in lblc flush and expiration functions.

	* Added the /proc/sys/net/ipv4/vs/lblc_expiration to set the
	time of lblc mapping.

	* Added the CONFIG_IP_VS_DEBUG in the config menu, and clarified
	debug levels. See doc/debug-levels.txt for more information.
	Thanks Julian for suggestion.

	* Added the description of "-e" option in ipvsadm man page.

Virtual Server patch for Linux 2.2.17 - Version 1.0.0 - November 16, 2000

Changes:
	* Martin Hamilton fixed the terrible locking bugs in ip_vs_lblc.c
	    *lock(tbl->lock) ==> *lock(&tbl->lock)

	* Fixed the uninitilized tbl->lock bug in ip_vs_lblc_init_svc

	* Added full expiration check for ip_vs_lblc entries
	When the ip_vs_lblc table is not full in a half hour (no partial
	expiration check is done), do a full expiration check, which
	will collect stale entries that hasn't been touched for more
	than two hours.

	* Horms corrected some cosmetic things in ipvsadm

Virtual Server patch for Linux 2.2.17 - Version 1.0.0beta1 - November 2, 2000

Changes:
	* Added the Locality-Based Least Connection scheduler
	It aims for locality and load balancing for cache cluster

	* ipvsadm was upgraded to version 1.12.
	Horms added some scripts for ipvsadm, fixed grammatical errors
	and add more description in ipvsadm man page.

----------------------------------------------------------------------

Virtual Server patch for Linux 2.2.17 - Version 0.9.16 - September 5, 2000

Changes:
	* Julian fixed the bug in the WRR scheduler, server with weight
	zero is selected when all server weights (>= 2 servers) are zero.
	Thank Ratz for reporting the bug.

	* Added the comestic things for debugging.
	When the debugging is enabled, you can change difference debugging
	level through /proc/sys/net/ipv4/vs/debug_level. And, the debugging
	information is now easy to read.

Virtual Server patch for Linux 2.2.16 - Version 0.9.15 - June 28, 2000

Changes:
	* Changed the template of persistent fwmark-based services
	from the  to the
	, so that the connections
	for different persistent TCP and UDP services from the same
	client can be directed to the same real server.

	* Added a simple display of the connection hash table size and its
	memory usage when IPVS is initialized.

Virtual Server patch for Linux 2.2.16 - Version 0.9.14 - June 17, 2000

Changes:
	* Added the mtu checking in the ip_vs_dr_xmit(). It can work
	when the external MTU is larger than the internal MTU.

	* Hooked the ip_fw_unmasq_masq to restore the original IP header
	of mangled packets before sending out ICMP messages.

	The above changes were made by Julian and Wensong.

	* Splitted the long process_options in the ipvsadm.c, set two
	versions of parse_options (popt and getopt_long). The code looks
	a little bit nicer.

Virtual Server patch for Linux 2.2.15 - Version 0.9.13 - May 25, 2000

Changes:
	* Changed that the key of real server hash table is generated
	from , instead of , and changed the
	check in __ip_vs_lookup_real_service(). It should work correctly
	for fwmark service.

	* Added the missing "INIT_LIST_HEAD(&dest->d_list);" in
	ip_vs_rs_unhash().

	* Changed that ip_vs_wrr_init_svc() returns -ENOMEM instead of
	ENOMEM if no memory is available, just in order to keep good
	format of return value.

	* Added the ftp service and port zero service counters, which can
	speed up service lookup.

	* Restrict real server ports covered from the ftp service.
	The port number of ftp data connections on real servers can only
	be 20 or >= PROT_SOCK(1024).

	* Split some duplicate code into __ip_vs_del_service()

	The above changes were made by Julian and Wensong.

Virtual Server patch for Linux 2.2.14 - Version 0.9.12 - May 2, 2000

Changes:
	* The condition matching order in __ip_vs_in_get & __ip_vs_out_get
	was optimized, it should speed up the entry lookup when the row is
	long. Thank Julian!

	* Fixed the silly bug that I forgot adding an sysctl ID for the
	/proc/sys/net/ipv4/vs/am_droprate.

	* Julian fixed the wrong return (EINVAL) to the correct one
	(-EINVAL), when the option length is less than the sizeof the
	ip_masq_ctl entry.

Virtual Server patch for Linux 2.2.14 - Version 0.9.11 - April 17, 2000

Changes:
	* Fixed icmp handling bug introduced in adding the fwmark feature

	* Made the dest lookup correctly in trash for both normal service
	and fwmark service.

	* Changed that the ICMP_DEST_UNREACH packet is sent to clients
	only if its entry doesn't exist and it is not RST or not of TCP,
	the ICMP_DEST_UNREACH packet is sent to real servers only if its
	entry doesn't exist and it is not RST or not of TCP.

	* Horms tidy up some description and grammar of ipvsadm man page.

	The above changes were made by Julian, Horms and Wensong together

Virtual Server patch for Linux 2.2.14 - Version 0.9.10 - April 9, 2000

Changes:
	* Julian added the droprate and secure_tcp defense strategies.

	* The dropentry defense strategy was revisited.

	* The fwmark service lookup was added by Horms, Julian and Wensong
	Use a firewall-marking to denote a virtual service instead of a
	triplet .  The marking of packets with a
	firewall-mark is done by firewalling code. This feature can be
	used to build a virtual service assoicated to different IP
	addresses or port numbers, but sharing the same real servers, such
	as multiple-homed LVS.

Virtual Server patch for Linux 2.2.14 - Version 0.9.9 - March 16, 2000

Changes:
	* Fixed the OUTPUT state transition table
	It entered from RS to ES while receiving SYN packet, which is
	not right and will cause that randrom drop won't be effective
	for VS/NAT.

	* Added random drop of UDP entries too before out of memory
	Thank Julian for his cute comments.

Virtual Server patch for Linux 2.2.14 - Version 0.9.8 - March 13, 2000

Changes:
	* Added random drop of syn entries before running out of memory
	When available memory is less than 1024 pages, randomly scan
	1/16 of table to drop entries that are in SYN_RECV state. To
	activate this random drop functionality,
	      echo 1 > /proc/sys/net/ipv4/ip_vs_randomdrop
	it will be hard for distributed syn flooding attack tools to
	make the LVS box run out of memory.

	* Fixed a negative counter bug because of wrong invalid template
	The invalid template like 
	is changed to .

Virtual Server patch for Linux 2.2.14 - Version 0.9.7 - January 19, 2000

Changes:
	* Just resolve a patch rejection on Configure.help for 2.2.14

Virtual Server patch for Linux 2.2 - Version 0.9.7 - December 22, 1999

Changes:
	* Fixed the huge timeout entry bug when destinations are unavailable
	When the destination server of a packet is found unavailable,
	the packet is droped silently but the entry is forgotten to be
	added back to the slow timer table. It would generate the
	entries of huge timeout. Thank Julian for the bug.

	* Changed two IP_VS_ERR calls to IP_VS_DBG
	Since the ipvsadm would report the error information when
	deleting a nonexist destionation or adding an existing service,
	there is no need to report error message in kernel. Thank Julian
	again for the change.

	* Added the sysctl_ip_always_defrag counting in ip_masq_new_vs
	This is for the coming kernel patch 2.2.14, where the wrong
	sysctl_ip_always_defrag handling is fixed.

Virtual Server patch for Linux 2.2 - Version 0.9.6 - December 7, 1999

Changes:
	* Invalidate a persistent template when its dest is unavailable
	We define templates like 
	(persistence for a single service) or 
	(persistence for all services) are valid, and templates like
	 are invalid.
	When new connection arrives and the destination of its template
	is not available, invalidate the template, then create a new
	template with new destination, and new connection is served.

	* Fixed the wrong debugging information in ip_vs_forward

Virtual Server patch for Linux 2.2 - Version 0.9.5 - November 28, 1999

Changes:
	* Fixed the undefined variable bug in the IP_VS_DBG
	Due to my carelessness, an undefined variable was left in the
	IP_VS_DBG statement of the ip_vs_dr_xmit function. Thank
	Roberto Nibali for reporting.

	* Changed ICMP_PROT_UNREACH to ICMP_PORT_UNREACH in ip_vs_leave
	When virtual service is available but no destination is available,
	The ICMP_PORT_UNREACH icmp packet is sent to notify the client
	that the service is not available. Since IPVS is in IP layer,
	the TCP socket has been created, the TCP RST packet cannot be sent
	for TCP services, instead that ICMP_PORT_UNREACH is sent, no
	matter it talks TCP/UDP. Thank Julian.

	* Added port zero support for persistent services
	For some applications, there are more than one service, once a
	client is assigned to a real server for the first service, requests
	for other services from the same clients must be sent to the same
	server. Port zero is added for this kind of persistent services.

	* Fixed the bug that virtual ftp service blocks other services
	When virtual ftp service is presented and packets destined for
	other services not listed in ipvs table arrives, wrong masq
	entries will be created and those services are blocked.

	* Fixed the (null) print for unknown services in ipvsadm
	Thank Julian for reporting.


Virtual Server patch for Linux 2.2 - Version 0.9.4 - November 10, 1999

Changes:
	* Julian fixed the fatal return bug of ip_vs_leave()
	Since some code of last version ipvs is changed, ip_vs_leave
	should return -2 instead of -3 if no virtual service is
	found.

	* Added the IPSKB_REDIRECTED flag
	The skb is set with the IPSKB_REDIRECTED and IPSKB_MASQUERADED
	flag, so that the system can detect infinite loop of TUNNELED/
	DROUTED packets in the ip_local_deliver caused by misconfiguration.
	For example, user might configure the following:
	    ipvsadm -a -t VIP:http -r  -i
	    ifconfig   up
	then packets for VIP:http is tunneled to its own interface, which
	will causes infinite loop.

	* Fixed the bug that freed skb may be used to masq_set_state
	In the original ip_fw_demasquerade function, masq_set_state was
	called after ip_vs_forward, and ip_vs_forward may free the skb,
	so masq_set_state may operate the already freed skb. The current
	solution is just to simply do masq_set_state before ip_vs_forward.
	No matter whether the packet is forwarded successfully or not,
	the masq state will be updated. Although it brokes the original
	sematics, it won't lead to serious errors. We look forward to
	fixing it under the Rusty's netfilter framework both for correctness
	and modularization. :-)

	Many thanks must go to Julian for his very cute comments to the
	ipvs 0.9.3 code. He also raised a question, could we simply use
	ip_route_output to skip IPv4 forwarding and firewall to tunnel/
	droute packets for a little bit performance, or should we be
	back to ip_route_input for correctness? I am still thinking about
	it.


Virtual Server patch for Linux 2.2 - Version 0.9.3 - November 7, 1999

Changes:
	* Adapted the patch for kernel 2.2.13
	Since the ntohl and like were changed to unsigned int(because the
	unsigned long int is 64-bit these days), some code in VS patch
	is modified for this change, and the compiling warnings and
	unnecessary casting can be avoided.

	* Changed the masq timeout type and the maximum persistent timeout
	The type of masq timeout was changed from 'unsigned' to 'unsigned
	long', in order to keep it the same as the type of timer_struct
	expires, then masq timeout will be 64-bit on 64-bit platforms. The
	maximum persistent timeout was changed from one year to one month,
	because this is enough. Thank Julian for the suggestions.

	* Added ICMP handling for IPVS
	The incoming ICMP packets for virtual services will be forwarded
	to the right real servers, and outgoing ICMP packets from virtual
	services will be altered and send out correctly. This is important
	for error and control notification between clients and servers,
	such as the MTU discovery. Sorry for adding this stuff so late,
	because I used to stupidly think that it is not easy to add ICMP
	handling for IPVS. After spending a couple of hours reading the
	textbooks and the masq code, I found that it was quite easy to add
	this stuff. Sorry!

	* Changed the tunnel/dr/local forwarding without doing masq_skb_cow
	Some orders in the ip_fw_demasquerade and ip_fw_demasq_icmp functions,
	so that the masq skbuff copy-on-write can be avoided in the tunnel/
	dr/local forwarding methods. This improves performance for the
	tunnel/dr/local forwarding methods.

	* Use vmalloc to allocate big hash table.
	The big IPVS hash table of 256K entries or more can be allocated
	now.


Virtual Server patch for Linux 2.2 - Version 0.9.2 - October 17, 1999

Changes:
	* Added support for netmasks with persistence
	The client source address is masked with this netmask for the purpose
	of accessing the templates. Added a new port to the service structure
	and changed ipvsadm to support this. Defaults to a 255.255.255.255,
	which emulates the old behaviour. (Lars Marowsky-Bree )

	* Fixed the bug that server status checking doesn't work for LVS/NAT,
	and changed some comestics things for debugging. Thank Julian for
	the fix.


Virtual Server patch for Linux 2.2 - Version 0.9.1 - October 6, 1999

Changes:
	* Fixed the counting bug in ip_vs_unbind_masq again
	Don't touch counters for templates.

	* Removed extra read_unlock in __ip_vs_lookup_service

	* Changed not to restart template timers if dest is unavailable
	If the client actively send packets when the destination is
	unavailable, the masq template can expire.

	* Added the destination trash
	The destination trash is used to hold the destinations that
	are removed from the service table but are still referenced
	by some masq entries. The reason to add the destination trash
	is when the dest is temporary down (either by administrator
	or by monitor program), the dest can be picked back from the
	trash, the remaining connections to the dest can continue,
	and the counting information of the dest is also useful for
	scheduling.

	* Added the ip_vs_leave function
	It is called by ip_fw_demasquerade when the matched service
	is avaiable but no destination is available for a new
	connection, to drop the packet. This should be a good behavior.

	* Changed drasticly removing the masq to silently dropping
	packets and keeping the masq in expire, when its destination
	is not available. It is a good behavior, when the destination
	is temporary down.

	The above fixes and changes won't be possible without
	Julian Anastasov's fixes and suggestions. Thank Julian!

	* Added the handling of weight=0 in every scheduler
	The destination with weight=0 is "quiesced" and will not
	receive any new connection, but will still serve the
	existing connections. This feature is useful to cool down
	the overloaded servers or to get some servers out of
	service for maintenance.

	* Added the update_service function in every scheduler
	When the destination list of a service is modified, the
	update_service function is called to reset the scheduling
	pointer, so that the scheduling pointer won't point to the
	freed destination.

	* Changed some IP_VS_ERR to IP_VS_DBG in the ip_vs_tunnel_xmit

	* Added different timeout support for persistent service
	Users can specify different timeout values for their
	different persistent services.

	* Fixed the bug that persistent service cannot be edited

	* Changed the output of ip_vs_procinfo for the new version
	of ipvsadm.


Virtual Server patch for Linux 2.2 - Version 0.9.0 - September 24, 1999

Changes:
*   Added the hash table for virtual services
    It will greatly speedup the lookup of services.

*   Added new persistent service handling
    The template is looked up only if the service that the packet is
    destined to is persistent, so it is more efficient. For all the
    persistent services except FTP, we create a masq template like
    . So, the persistent services
    won't disturb each other, and it fixes the wrong accounting bug for
    different persistent services.
    FTP is a very complicated network protocol, and it uses control
    connection and data connections. For active FTP, FTP server initilizes
    data connection to the client, its source port is often 20. For passive
    FTP, FTP server tells the clients the port that it passively listens
    to,  and the client issues the data connection. In the tunneling or
    direct routing mode, the load balancer is on the client-to-server half
    of connection, the port number is unknown to the load balancer. So, a
    template masq like  is created for
    persistent FTP service.

*   Changed the destination lists to the d-linked lists

*   Changed the scheduler list to the d-linked list

*   Added back the least connection scheduling module.

----------------------------------------------------------------------

Virtual Server patch for Linux 2.2 - Version 0.8.3 - September 8, 1999

Changes:
*   Fixed the missing unlock bug in ip_vs_schedule.
    If no virtual service is found in ip_vs_schedule, this missing
    unlock bug will make system crash.

*   Fixed the uncounting bug in creating masqs by template.
    Missing to counter connections when creating masqs by template.

*   Don't touch counters in ip_vs_unbind_masq for templates
    Thanks must go to Julian Anastasov for the three fixes above.

*   Changed some condition orders for a bit performance

*   Changed some cosmetic things for debugging

Virtual Server patch for Linux 2.2 - Version 0.8.2 - September 5, 1999

Changes:
*   Fixed the the IP_MASQ_F_VS_INACTIVE cleared bug after editing dest.
    Thank Julian Anastasov for the fix.

*   Added the separate inactive connection counter for each dest
    The WLC sheduler can use this counter directly for scheduling.
    And, the masq template won't be counted in inactive connections.
    Thank Julian Anastasov for the suggestion.

*   Changed all the schedulers modules to return server dest directly,
    and ip_vs_schedule creates new masq entry itself.

Virtual Server patch for Linux 2.2 - Version 0.8.1 - September 2, 1999

Changes:
*   Uncomment a few statement to make virtual FTP via NAT really work.
    Virtual FTP service via NAT really work well no matter it is in
    active or passive mode. But, remember to "insmod ip_masq_ftp"
    before using FTP service through VS-NAT.

*   Remove some commented out block. The code looks nice. :)


Virtual Server patch for Linux 2.2 - Version 0.8 - September 1, 1999

Changes:
*   Added the persistent port feature.
    Users can specify whether the virtual service port is persistent or
    not. It is more flexible. The original PCC scheduling is removed.

*   Added the dest server status checking.
    The server status is checked before forwording a packet. If the
    server is not available(down or put out of service), the packet
    will be dropped and the client will be notified immediately.
    The server status is also checked while generating a masq entry
    based on the masq template. If not available, the new entry won't
    be created.

*   Added some code in ip_masq_ftp.c to handle virtual FTP service for
    VS-NAT. The passive handling code in ip_masq_ftp.c never works.

*   Fixed stepping to mSR after SYN in INPUT_ONLY table.
    Thank Julian Anastasov for doing it. It make much much harder that
    a LinuxDirector is synflooded to run out of memory.

*   Fixed huge masq expire bug for after bad checksum.
    Thank Julian Anastasov for fixing it.

*   Added the IP_MASQ_F_VS_INACTIVE flag and fixed the connection counter
    Thank Julian Anastasov for the suggestion and fix example.

*   Fixed the incorrect lookup in hash table.
    The ms=NULL statement was forgot if no entry is found, this makes
    the incorrect lookup, which may lead to huge masq expire.
    Stupid mistake, but the result is serious.

*   Fixed the incorrect slow timer vector layout
    Correct layout and more efficient to use memory.

*   Fixed the bug of slow timer being added twice for masq template

----------------------------------------------------------------------

Virtual Server patch for Linux 2.2 - Version 0.7 - July 9, 1999

Changes:
*   Added a separate masq hash table for IPVS.

*   Added slow timers to expire masq entries.
    Slow timers are checked in one second by default. Most overhead
    of cascading timers is avoided.

    With this new hash table and slow timers, the system can hold
    huge number of masq entries, but make sure that you have
    enough free memory. One masq entry costs 128 bytes memory
    effectively (Thank Alan Cox), if your box holds 1 million masq
    entries (it means that your box can receive 2000 connections per
    second if masq expire time is 500 seconds in average.), make sure
    that you have 128M free memory. And, thank Alan for suggesting
    the early random drop algorithm for masq entries that prevents
    the system from running out of memory, I will design and implement
    this feature in the near future.

*   Fixed the unlocking bug in the ip_vs_del_dest().
    Thank Ted Pavlic  for reporting it.

----------------------------------------------------------------------

Virtual Server patch for Linux 2.2 - Version 0.6 - July 1, 1999

Changes:
*   Fixed the overflow bug in the ip_vs_procinfo().
    Thank Ted Pavlic  for reporting it.

*   Added the functionality to change weight and forwarding
    (dispatching) method of existing real server.
    This is useful for load-informed scheduling.

*   Added the functionality to change scheduler of virtual service
    on the fly.

*   Reorganized some code and changed names of some functions.
    This make the code more readable.

----------------------------------------------------------------------

Virtual Server patch for Linux 2.2 - Version 0.5 - June 22, 1999

Changes:
*   Fixed the bug that LocalNode doesn't work in vs-0.4-2.2.9.
    Thank Changwon Kim  for
    reporting the bug and pointing me the checksum update
    problem in the code.

*   some code of VS in the ip_fw_demasquerade was reorganized
    so that the packets for VS-Tunneling, VS-DRouting and LocalNode
    skip the checksum update. This make the code right and efficient


----------------------------------------------------------------------

Virtual Server patch for Linux 2.2 - Version 0.4 - June 1, 1999

Most of the code was rewritten. The locking and refcnt was changed
The violation of "no floats in kernel mode" rule in the weighted
least-connection scheduling was fixed. This patch is more efficient,
and should be more stable.


----------------------------------------------------------------------

Virtual Server patch for Linux 2.2 - Version 0.1~0.3 - May 1999

Peter Kese  ported the VS patch to kernel 2.2,
rewrote the code and loadable scheduling modules.

==========================================================================

ChangeLog of Virtual Server patch for Linux 2.0
----------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.9 - May 1, 1999

Differences with virtual server patch version 0.8:

*  Add Virtual Server via Direct Routing
   This approach was first implemented in IBM's NetDispatcher. All real
   servers have their loopback alias interface configured with the virtual
   IP address, the load balancer and the real servers must have one of
   their interfaces physically linked by a HUB/Switch. When the packets
   destined for the virtual IP address arrives, the load balnacer directly
   route them to the real servers, the real servers processing the requests
   and return the reply packets directly to the clients. Compared to the
   virtual server via IP tunneling approach, this approach doesn't have
   tunneling overhead(In fact, this overhead is minimal in most situations),
   but requires that one of the load balancer's interfaces and the real
   servers' interfaces must be in physical segment.

*  Add more satistics information
   The active connection counter and the total connection counter of
   each real server were added for all the scheduling algorithms.

*  Add resetting(zeroing) counters
   The total connection counters of all real servers can be reset to zero.

*  Change some statements in the masq_expire function and the
   ip_fw_demasquerade function, so that ip_masq_free_ports won't become
   abnormal number after the masquerading entries for virtual server
   are released.

*  Fix the bug of "double unlock on device queue"
   Remove the unnecessary function call of skb_device_unlock(skb) in the
   ip_pfvs_encapsule function, which sometimes cause "kernel: double
   unlock on device queue" waring in the virtual server via tunneling.

*  Many functions of virtual server patch was splitted into the
   linux/net/ipv4/ip_masq_pfvs.c.

*  Upgrade ippfvsadm 1.0.2 to ippfvsadm 1.0.3
   Zeroing counters is supported in the new version. The ippfvsadm 1.0.3
   can be used for all kernel with different virtual server options
   without rebuilding the program.

--------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.8 - March 6, 1999

Differences with virtual server patch version 0.7:

*  Add virtual FTP server support
   The original ippfvs via IP tunneling could not be used to
   build a virtual FTP server, because the real servers could
   not establish data connections to clients. The code was
   added to parse the port number in the ftp control data
   and create the corresponding masquerading entry for the
   coming data connection.
   Although the original ippfvs via NAT could be used to build
   a virtual server, the data connection was established in
   this way.
     Real Server port:20  ----> ippfvs: allocate a free masq port
	----->  the client port
   It is not elegent but time-consuming. Now it was changed
   as follows:
     Real Server port:20  ----> ippfvs port: 20
	----> the client port

*  Change the port checking order in the ip_fw_demasquerade()
   If the size of masquerade hash table is well chosen, checking
   a masquerading entry in the hash table will just require one
   hit. It is much efficient than checking port for  virtual
   services, and there are at least 3 incoming packets for each
   connection, which require port checking. So, it is efficient
   to check the masquerading hash table first and then check
   port for virtual services.

*  Remove a useless statement in the ip_masq_new_pfvs()
   The useless statement in the ip_masq_new_pfvs function is
	ip_masq_free_ports[masq_proto_num(proto)]++;
   which may disturb system.

*  Change the header printing of the ip_pfvs_procinfo()

--------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.7 - Febuary 10, 1999

Differences with virtual server patch version 0.6:

*  Fix a bug in detect the finish of connection for tunneling
   or NATing to the local node.
   Since the server reply the client directly in tunneling or
   NATing to the local node, the load balancer (LinuxDirector)
   can only detect a FIN segment. It is mistake that the masq
   entry is removed only if both-side FIN segments are detected,
   and then the masq entry expires in 15 minutes. For the
   situation above, the code was changed to set the masq entry
   expire in TCP_FIN_TIMEOUT (2min) when an incoming FIN segment
   is detecting.
*  Add the patch version printing in the ip_pfvs_procinfo()
   It would be easy for users and hackers to know which
   virtual server patch version they are running. Thank
   Peter Kese  for the suggestion.

--------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.6 - Febuary 2, 1999

Differences with virtual server patch version 0.5:

*  Add the local node feature in virtual server.
   If the local node feature is enabled, the load balancer can
   not only redirect the packets of the specified port to the
   other servers (remote nodes) to process it, but also can process
   the packets locally (local node). Which node is chosen depends on
   the scheduling algorithms.
   This local node feature can be used to build a virtual server of
   a few nodes, for example, 2, 3 or more sites, in which it is a
   resource waste if the load balancer is only used to redirect
   packets. It is wise to direct some packets to the local node to
   process. This feature can also be used to build distributed
   identical servers, in which one is too busy to handle requests
   locally, then it can seamlessly forward requests to other servers
   to process them.
   This feature can be applied to both virtual server via NAT and
   virtual server via IP tunneling.
   Thank Peter Kese  for idea of "Two node Virtual
   Server" and his single line patch for virtual server via IP
   tunneling.
*  Remove a useless function call ip_send_check in the virtual
   server via IP tunneling code.

--------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.5 - November 25, 1998

Differences with virtual server patch version 0.4:

*  Add the feature of virtual server via IP tunneling.
   If the ippfvs is enabled using IP tunneling, the load balancer
   chooses a real server from a cluster based on a scheduling algorithm,
   encapsules the packet and forwards it to the chosen server. All real
   servers are configured with "ifconfig tunl0  up".
   When the chosen server receives the encapsuled packet, it decapsules
   the packet, processes the request and returns the reply packets
   directly to the client without passing the load balancer. This can
   greatly increase the scalability of virtual server.
*  Fix a bug in the ip_portfw_del() for the weighted RR scheduling.
   The bug in version 0.4 is when the weighted round-robin scheduling
   is used, deleting the last rule for a virtual server will report
   "setsockopt failed: Invalid argument" warning, in fact the last
   rule is deleted but the gen_scheduling_seq() works on a null list
   and causes that warning.
*  Add and modify some description for virtual server options in
   the Linux kernel configuration help texts.

--------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.4 - November 12, 1998

Differences with virtual server patch version 0.3:

*  Fix a memory access error bug.
   The set_serverpointer_null() function is added to scan all the existing
   ip masquerading records for its server pointer which points to the
   server specified and set it null. It is useful when administrators
   delete a real server or all real servers, those pointers pointing to
   the server must be set null.  Otherwise, decreasing the connection
   counter of the server may cause memory access error when the connection
   terminates or timeout.

--------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.3 - November 10, 1998

Differences with virtual server patch version 0.2:

*  Change the simple round-robin scheduling to the weighted round-robin
   scheduling. Simple is a special instance of the weighted round-robin
   scheduling when the weights of the servers are the same.
*  The scheduling algorithm, originally called the weighted round-robin
   scheduling in version 0.2, actually is the weighted least-connection
   scheduling. So the concept is clarified here.
*  Add the least-connection scheduling algorithm. Although it is a
   special instance of the weighted least-connection scheduling algorithm,
   it is used to avoid dividing the weight in looking up servers when
   the weights of the servers are the same, so the overhead of scheduling
   can be minimized in this case.
*  Change the type of the server load variables, curr_load and least_load,
   from integer to float in the weighted least-connection scheduling.
   It can make a better load-balancing when the weights specified are high.
*  Merge the original two patches into one. Users have to specify which
   scheduling algorithm is used, the weighted round-robin scheduling,
   the least-connection scheduling, or the weighted least-connection
   scheduling, before rebuild the kernel.
*  Change the ip_pfvs_proc function to make the output of the port
   forwarding & virtual server table more beautiful.

--------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.2 - May 28, 1998

Differences with virtual server patch version 0.1:

*  Add the weighted round-robin scheduling patch.

--------------------------------------------------------------------

Virtual Server Patch for Linux - Version 0.1 - May 26, 1998

*  Implement the infrastructure of virtual server.
*  Implement the simple round-robin scheduling algorithm.

--------------------------------------------------------------------