1/* 2 * IP Virtual Server 3 * data structure and functionality definitions 4 */ 5 6#ifndef _NET_IP_VS_H 7#define _NET_IP_VS_H 8 9#include <linux/ip_vs.h> /* definitions shared with userland */ 10 11#include <asm/types.h> /* for __uXX types */ 12 13#include <linux/sysctl.h> /* for ctl_path */ 14#include <linux/list.h> /* for struct list_head */ 15#include <linux/spinlock.h> /* for struct rwlock_t */ 16#include <linux/atomic.h> /* for struct atomic_t */ 17#include <linux/compiler.h> 18#include <linux/timer.h> 19#include <linux/bug.h> 20 21#include <net/checksum.h> 22#include <linux/netfilter.h> /* for union nf_inet_addr */ 23#include <linux/ip.h> 24#include <linux/ipv6.h> /* for struct ipv6hdr */ 25#include <net/ipv6.h> 26#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 27#include <net/netfilter/nf_conntrack.h> 28#endif 29#include <net/net_namespace.h> /* Netw namespace */ 30 31/* 32 * Generic access of ipvs struct 33 */ 34static inline struct netns_ipvs *net_ipvs(struct net* net) 35{ 36 return net->ipvs; 37} 38/* 39 * Get net ptr from skb in traffic cases 40 * use skb_sknet when call is from userland (ioctl or netlink) 41 */ 42static inline struct net *skb_net(const struct sk_buff *skb) 43{ 44#ifdef CONFIG_NET_NS 45#ifdef CONFIG_IP_VS_DEBUG 46 /* 47 * This is used for debug only. 48 * Start with the most likely hit 49 * End with BUG 50 */ 51 if (likely(skb->dev && skb->dev->nd_net)) 52 return dev_net(skb->dev); 53 if (skb_dst(skb) && skb_dst(skb)->dev) 54 return dev_net(skb_dst(skb)->dev); 55 WARN(skb->sk, "Maybe skb_sknet should be used in %s() at line:%d\n", 56 __func__, __LINE__); 57 if (likely(skb->sk && skb->sk->sk_net)) 58 return sock_net(skb->sk); 59 pr_err("There is no net ptr to find in the skb in %s() line:%d\n", 60 __func__, __LINE__); 61 BUG(); 62#else 63 return dev_net(skb->dev ? : skb_dst(skb)->dev); 64#endif 65#else 66 return &init_net; 67#endif 68} 69 70static inline struct net *skb_sknet(const struct sk_buff *skb) 71{ 72#ifdef CONFIG_NET_NS 73#ifdef CONFIG_IP_VS_DEBUG 74 /* Start with the most likely hit */ 75 if (likely(skb->sk && skb->sk->sk_net)) 76 return sock_net(skb->sk); 77 WARN(skb->dev, "Maybe skb_net should be used instead in %s() line:%d\n", 78 __func__, __LINE__); 79 if (likely(skb->dev && skb->dev->nd_net)) 80 return dev_net(skb->dev); 81 pr_err("There is no net ptr to find in the skb in %s() line:%d\n", 82 __func__, __LINE__); 83 BUG(); 84#else 85 return sock_net(skb->sk); 86#endif 87#else 88 return &init_net; 89#endif 90} 91/* 92 * This one needed for single_open_net since net is stored directly in 93 * private not as a struct i.e. seq_file_net can't be used. 94 */ 95static inline struct net *seq_file_single_net(struct seq_file *seq) 96{ 97#ifdef CONFIG_NET_NS 98 return (struct net *)seq->private; 99#else 100 return &init_net; 101#endif 102} 103 104/* Connections' size value needed by ip_vs_ctl.c */ 105extern int ip_vs_conn_tab_size; 106 107 108struct ip_vs_iphdr { 109 int len; 110 __u8 protocol; 111 union nf_inet_addr saddr; 112 union nf_inet_addr daddr; 113}; 114 115static inline void 116ip_vs_fill_iphdr(int af, const void *nh, struct ip_vs_iphdr *iphdr) 117{ 118#ifdef CONFIG_IP_VS_IPV6 119 if (af == AF_INET6) { 120 const struct ipv6hdr *iph = nh; 121 iphdr->len = sizeof(struct ipv6hdr); 122 iphdr->protocol = iph->nexthdr; 123 iphdr->saddr.in6 = iph->saddr; 124 iphdr->daddr.in6 = iph->daddr; 125 } else 126#endif 127 { 128 const struct iphdr *iph = nh; 129 iphdr->len = iph->ihl * 4; 130 iphdr->protocol = iph->protocol; 131 iphdr->saddr.ip = iph->saddr; 132 iphdr->daddr.ip = iph->daddr; 133 } 134} 135 136static inline void ip_vs_addr_copy(int af, union nf_inet_addr *dst, 137 const union nf_inet_addr *src) 138{ 139#ifdef CONFIG_IP_VS_IPV6 140 if (af == AF_INET6) 141 dst->in6 = src->in6; 142 else 143#endif 144 dst->ip = src->ip; 145} 146 147static inline int ip_vs_addr_equal(int af, const union nf_inet_addr *a, 148 const union nf_inet_addr *b) 149{ 150#ifdef CONFIG_IP_VS_IPV6 151 if (af == AF_INET6) 152 return ipv6_addr_equal(&a->in6, &b->in6); 153#endif 154 return a->ip == b->ip; 155} 156 157#ifdef CONFIG_IP_VS_DEBUG 158#include <linux/net.h> 159 160extern int ip_vs_get_debug_level(void); 161 162static inline const char *ip_vs_dbg_addr(int af, char *buf, size_t buf_len, 163 const union nf_inet_addr *addr, 164 int *idx) 165{ 166 int len; 167#ifdef CONFIG_IP_VS_IPV6 168 if (af == AF_INET6) 169 len = snprintf(&buf[*idx], buf_len - *idx, "[%pI6]", 170 &addr->in6) + 1; 171 else 172#endif 173 len = snprintf(&buf[*idx], buf_len - *idx, "%pI4", 174 &addr->ip) + 1; 175 176 *idx += len; 177 BUG_ON(*idx > buf_len + 1); 178 return &buf[*idx - len]; 179} 180 181#define IP_VS_DBG_BUF(level, msg, ...) \ 182 do { \ 183 char ip_vs_dbg_buf[160]; \ 184 int ip_vs_dbg_idx = 0; \ 185 if (level <= ip_vs_get_debug_level()) \ 186 printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \ 187 } while (0) 188#define IP_VS_ERR_BUF(msg...) \ 189 do { \ 190 char ip_vs_dbg_buf[160]; \ 191 int ip_vs_dbg_idx = 0; \ 192 pr_err(msg); \ 193 } while (0) 194 195/* Only use from within IP_VS_DBG_BUF() or IP_VS_ERR_BUF macros */ 196#define IP_VS_DBG_ADDR(af, addr) \ 197 ip_vs_dbg_addr(af, ip_vs_dbg_buf, \ 198 sizeof(ip_vs_dbg_buf), addr, \ 199 &ip_vs_dbg_idx) 200 201#define IP_VS_DBG(level, msg, ...) \ 202 do { \ 203 if (level <= ip_vs_get_debug_level()) \ 204 printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \ 205 } while (0) 206#define IP_VS_DBG_RL(msg, ...) \ 207 do { \ 208 if (net_ratelimit()) \ 209 printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \ 210 } while (0) 211#define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg) \ 212 do { \ 213 if (level <= ip_vs_get_debug_level()) \ 214 pp->debug_packet(af, pp, skb, ofs, msg); \ 215 } while (0) 216#define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg) \ 217 do { \ 218 if (level <= ip_vs_get_debug_level() && \ 219 net_ratelimit()) \ 220 pp->debug_packet(af, pp, skb, ofs, msg); \ 221 } while (0) 222#else /* NO DEBUGGING at ALL */ 223#define IP_VS_DBG_BUF(level, msg...) do {} while (0) 224#define IP_VS_ERR_BUF(msg...) do {} while (0) 225#define IP_VS_DBG(level, msg...) do {} while (0) 226#define IP_VS_DBG_RL(msg...) do {} while (0) 227#define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg) do {} while (0) 228#define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg) do {} while (0) 229#endif 230 231#define IP_VS_BUG() BUG() 232#define IP_VS_ERR_RL(msg, ...) \ 233 do { \ 234 if (net_ratelimit()) \ 235 pr_err(msg, ##__VA_ARGS__); \ 236 } while (0) 237 238#ifdef CONFIG_IP_VS_DEBUG 239#define EnterFunction(level) \ 240 do { \ 241 if (level <= ip_vs_get_debug_level()) \ 242 printk(KERN_DEBUG \ 243 pr_fmt("Enter: %s, %s line %i\n"), \ 244 __func__, __FILE__, __LINE__); \ 245 } while (0) 246#define LeaveFunction(level) \ 247 do { \ 248 if (level <= ip_vs_get_debug_level()) \ 249 printk(KERN_DEBUG \ 250 pr_fmt("Leave: %s, %s line %i\n"), \ 251 __func__, __FILE__, __LINE__); \ 252 } while (0) 253#else 254#define EnterFunction(level) do {} while (0) 255#define LeaveFunction(level) do {} while (0) 256#endif 257 258#define IP_VS_WAIT_WHILE(expr) while (expr) { cpu_relax(); } 259 260 261/* 262 * The port number of FTP service (in network order). 263 */ 264#define FTPPORT cpu_to_be16(21) 265#define FTPDATA cpu_to_be16(20) 266 267/* 268 * TCP State Values 269 */ 270enum { 271 IP_VS_TCP_S_NONE = 0, 272 IP_VS_TCP_S_ESTABLISHED, 273 IP_VS_TCP_S_SYN_SENT, 274 IP_VS_TCP_S_SYN_RECV, 275 IP_VS_TCP_S_FIN_WAIT, 276 IP_VS_TCP_S_TIME_WAIT, 277 IP_VS_TCP_S_CLOSE, 278 IP_VS_TCP_S_CLOSE_WAIT, 279 IP_VS_TCP_S_LAST_ACK, 280 IP_VS_TCP_S_LISTEN, 281 IP_VS_TCP_S_SYNACK, 282 IP_VS_TCP_S_LAST 283}; 284 285/* 286 * UDP State Values 287 */ 288enum { 289 IP_VS_UDP_S_NORMAL, 290 IP_VS_UDP_S_LAST, 291}; 292 293/* 294 * ICMP State Values 295 */ 296enum { 297 IP_VS_ICMP_S_NORMAL, 298 IP_VS_ICMP_S_LAST, 299}; 300 301/* 302 * SCTP State Values 303 */ 304enum ip_vs_sctp_states { 305 IP_VS_SCTP_S_NONE, 306 IP_VS_SCTP_S_INIT_CLI, 307 IP_VS_SCTP_S_INIT_SER, 308 IP_VS_SCTP_S_INIT_ACK_CLI, 309 IP_VS_SCTP_S_INIT_ACK_SER, 310 IP_VS_SCTP_S_ECHO_CLI, 311 IP_VS_SCTP_S_ECHO_SER, 312 IP_VS_SCTP_S_ESTABLISHED, 313 IP_VS_SCTP_S_SHUT_CLI, 314 IP_VS_SCTP_S_SHUT_SER, 315 IP_VS_SCTP_S_SHUT_ACK_CLI, 316 IP_VS_SCTP_S_SHUT_ACK_SER, 317 IP_VS_SCTP_S_CLOSED, 318 IP_VS_SCTP_S_LAST 319}; 320 321/* 322 * Delta sequence info structure 323 * Each ip_vs_conn has 2 (output AND input seq. changes). 324 * Only used in the VS/NAT. 325 */ 326struct ip_vs_seq { 327 __u32 init_seq; /* Add delta from this seq */ 328 __u32 delta; /* Delta in sequence numbers */ 329 __u32 previous_delta; /* Delta in sequence numbers 330 before last resized pkt */ 331}; 332 333/* 334 * counters per cpu 335 */ 336struct ip_vs_counters { 337 __u32 conns; /* connections scheduled */ 338 __u32 inpkts; /* incoming packets */ 339 __u32 outpkts; /* outgoing packets */ 340 __u64 inbytes; /* incoming bytes */ 341 __u64 outbytes; /* outgoing bytes */ 342}; 343/* 344 * Stats per cpu 345 */ 346struct ip_vs_cpu_stats { 347 struct ip_vs_counters ustats; 348 struct u64_stats_sync syncp; 349}; 350 351/* 352 * IPVS statistics objects 353 */ 354struct ip_vs_estimator { 355 struct list_head list; 356 357 u64 last_inbytes; 358 u64 last_outbytes; 359 u32 last_conns; 360 u32 last_inpkts; 361 u32 last_outpkts; 362 363 u32 cps; 364 u32 inpps; 365 u32 outpps; 366 u32 inbps; 367 u32 outbps; 368}; 369 370struct ip_vs_stats { 371 struct ip_vs_stats_user ustats; /* statistics */ 372 struct ip_vs_estimator est; /* estimator */ 373 struct ip_vs_cpu_stats *cpustats; /* per cpu counters */ 374 spinlock_t lock; /* spin lock */ 375 struct ip_vs_stats_user ustats0; /* reset values */ 376}; 377 378struct dst_entry; 379struct iphdr; 380struct ip_vs_conn; 381struct ip_vs_app; 382struct sk_buff; 383struct ip_vs_proto_data; 384 385struct ip_vs_protocol { 386 struct ip_vs_protocol *next; 387 char *name; 388 u16 protocol; 389 u16 num_states; 390 int dont_defrag; 391 392 void (*init)(struct ip_vs_protocol *pp); 393 394 void (*exit)(struct ip_vs_protocol *pp); 395 396 int (*init_netns)(struct net *net, struct ip_vs_proto_data *pd); 397 398 void (*exit_netns)(struct net *net, struct ip_vs_proto_data *pd); 399 400 int (*conn_schedule)(int af, struct sk_buff *skb, 401 struct ip_vs_proto_data *pd, 402 int *verdict, struct ip_vs_conn **cpp); 403 404 struct ip_vs_conn * 405 (*conn_in_get)(int af, 406 const struct sk_buff *skb, 407 const struct ip_vs_iphdr *iph, 408 unsigned int proto_off, 409 int inverse); 410 411 struct ip_vs_conn * 412 (*conn_out_get)(int af, 413 const struct sk_buff *skb, 414 const struct ip_vs_iphdr *iph, 415 unsigned int proto_off, 416 int inverse); 417 418 int (*snat_handler)(struct sk_buff *skb, 419 struct ip_vs_protocol *pp, struct ip_vs_conn *cp); 420 421 int (*dnat_handler)(struct sk_buff *skb, 422 struct ip_vs_protocol *pp, struct ip_vs_conn *cp); 423 424 int (*csum_check)(int af, struct sk_buff *skb, 425 struct ip_vs_protocol *pp); 426 427 const char *(*state_name)(int state); 428 429 void (*state_transition)(struct ip_vs_conn *cp, int direction, 430 const struct sk_buff *skb, 431 struct ip_vs_proto_data *pd); 432 433 int (*register_app)(struct net *net, struct ip_vs_app *inc); 434 435 void (*unregister_app)(struct net *net, struct ip_vs_app *inc); 436 437 int (*app_conn_bind)(struct ip_vs_conn *cp); 438 439 void (*debug_packet)(int af, struct ip_vs_protocol *pp, 440 const struct sk_buff *skb, 441 int offset, 442 const char *msg); 443 444 void (*timeout_change)(struct ip_vs_proto_data *pd, int flags); 445}; 446 447/* 448 * protocol data per netns 449 */ 450struct ip_vs_proto_data { 451 struct ip_vs_proto_data *next; 452 struct ip_vs_protocol *pp; 453 int *timeout_table; /* protocol timeout table */ 454 atomic_t appcnt; /* counter of proto app incs. */ 455 struct tcp_states_t *tcp_state_table; 456}; 457 458extern struct ip_vs_protocol *ip_vs_proto_get(unsigned short proto); 459extern struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net, 460 unsigned short proto); 461 462struct ip_vs_conn_param { 463 struct net *net; 464 const union nf_inet_addr *caddr; 465 const union nf_inet_addr *vaddr; 466 __be16 cport; 467 __be16 vport; 468 __u16 protocol; 469 u16 af; 470 471 const struct ip_vs_pe *pe; 472 char *pe_data; 473 __u8 pe_data_len; 474}; 475 476/* 477 * IP_VS structure allocated for each dynamically scheduled connection 478 */ 479struct ip_vs_conn { 480 struct hlist_node c_list; /* hashed list heads */ 481#ifdef CONFIG_NET_NS 482 struct net *net; /* Name space */ 483#endif 484 /* Protocol, addresses and port numbers */ 485 u16 af; /* address family */ 486 __be16 cport; 487 __be16 vport; 488 __be16 dport; 489 __u32 fwmark; /* Fire wall mark from skb */ 490 union nf_inet_addr caddr; /* client address */ 491 union nf_inet_addr vaddr; /* virtual address */ 492 union nf_inet_addr daddr; /* destination address */ 493 volatile __u32 flags; /* status flags */ 494 __u16 protocol; /* Which protocol (TCP/UDP) */ 495 496 /* counter and timer */ 497 atomic_t refcnt; /* reference count */ 498 struct timer_list timer; /* Expiration timer */ 499 volatile unsigned long timeout; /* timeout */ 500 501 /* Flags and state transition */ 502 spinlock_t lock; /* lock for state transition */ 503 volatile __u16 state; /* state info */ 504 volatile __u16 old_state; /* old state, to be used for 505 * state transition triggerd 506 * synchronization 507 */ 508 509 /* Control members */ 510 struct ip_vs_conn *control; /* Master control connection */ 511 atomic_t n_control; /* Number of controlled ones */ 512 struct ip_vs_dest *dest; /* real server */ 513 atomic_t in_pkts; /* incoming packet counter */ 514 515 /* packet transmitter for different forwarding methods. If it 516 mangles the packet, it must return NF_DROP or better NF_STOLEN, 517 otherwise this must be changed to a sk_buff **. 518 NF_ACCEPT can be returned when destination is local. 519 */ 520 int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp, 521 struct ip_vs_protocol *pp); 522 523 /* Note: we can group the following members into a structure, 524 in order to save more space, and the following members are 525 only used in VS/NAT anyway */ 526 struct ip_vs_app *app; /* bound ip_vs_app object */ 527 void *app_data; /* Application private data */ 528 struct ip_vs_seq in_seq; /* incoming seq. struct */ 529 struct ip_vs_seq out_seq; /* outgoing seq. struct */ 530 531 const struct ip_vs_pe *pe; 532 char *pe_data; 533 __u8 pe_data_len; 534}; 535 536/* 537 * To save some memory in conn table when name space is disabled. 538 */ 539static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp) 540{ 541#ifdef CONFIG_NET_NS 542 return cp->net; 543#else 544 return &init_net; 545#endif 546} 547static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net) 548{ 549#ifdef CONFIG_NET_NS 550 cp->net = net; 551#endif 552} 553 554static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp, 555 struct net *net) 556{ 557#ifdef CONFIG_NET_NS 558 return cp->net == net; 559#else 560 return 1; 561#endif 562} 563 564/* 565 * Extended internal versions of struct ip_vs_service_user and 566 * ip_vs_dest_user for IPv6 support. 567 * 568 * We need these to conveniently pass around service and destination 569 * options, but unfortunately, we also need to keep the old definitions to 570 * maintain userspace backwards compatibility for the setsockopt interface. 571 */ 572struct ip_vs_service_user_kern { 573 /* virtual service addresses */ 574 u16 af; 575 u16 protocol; 576 union nf_inet_addr addr; /* virtual ip address */ 577 u16 port; 578 u32 fwmark; /* firwall mark of service */ 579 580 /* virtual service options */ 581 char *sched_name; 582 char *pe_name; 583 unsigned flags; /* virtual service flags */ 584 unsigned timeout; /* persistent timeout in sec */ 585 u32 netmask; /* persistent netmask */ 586}; 587 588 589struct ip_vs_dest_user_kern { 590 /* destination server address */ 591 union nf_inet_addr addr; 592 u16 port; 593 594 /* real server options */ 595 unsigned conn_flags; /* connection flags */ 596 int weight; /* destination weight */ 597 598 /* thresholds for active connections */ 599 u32 u_threshold; /* upper threshold */ 600 u32 l_threshold; /* lower threshold */ 601}; 602 603 604/* 605 * The information about the virtual service offered to the net 606 * and the forwarding entries 607 */ 608struct ip_vs_service { 609 struct list_head s_list; /* for normal service table */ 610 struct list_head f_list; /* for fwmark-based service table */ 611 atomic_t refcnt; /* reference counter */ 612 atomic_t usecnt; /* use counter */ 613 614 u16 af; /* address family */ 615 __u16 protocol; /* which protocol (TCP/UDP) */ 616 union nf_inet_addr addr; /* IP address for virtual service */ 617 __be16 port; /* port number for the service */ 618 __u32 fwmark; /* firewall mark of the service */ 619 unsigned flags; /* service status flags */ 620 unsigned timeout; /* persistent timeout in ticks */ 621 __be32 netmask; /* grouping granularity */ 622 struct net *net; 623 624 struct list_head destinations; /* real server d-linked list */ 625 __u32 num_dests; /* number of servers */ 626 struct ip_vs_stats stats; /* statistics for the service */ 627 struct ip_vs_app *inc; /* bind conns to this app inc */ 628 629 /* for scheduling */ 630 struct ip_vs_scheduler *scheduler; /* bound scheduler object */ 631 rwlock_t sched_lock; /* lock sched_data */ 632 void *sched_data; /* scheduler application data */ 633 634 /* alternate persistence engine */ 635 struct ip_vs_pe *pe; 636}; 637 638 639/* 640 * The real server destination forwarding entry 641 * with ip address, port number, and so on. 642 */ 643struct ip_vs_dest { 644 struct list_head n_list; /* for the dests in the service */ 645 struct list_head d_list; /* for table with all the dests */ 646 647 u16 af; /* address family */ 648 __be16 port; /* port number of the server */ 649 union nf_inet_addr addr; /* IP address of the server */ 650 volatile unsigned flags; /* dest status flags */ 651 atomic_t conn_flags; /* flags to copy to conn */ 652 atomic_t weight; /* server weight */ 653 654 atomic_t refcnt; /* reference counter */ 655 struct ip_vs_stats stats; /* statistics */ 656 657 /* connection counters and thresholds */ 658 atomic_t activeconns; /* active connections */ 659 atomic_t inactconns; /* inactive connections */ 660 atomic_t persistconns; /* persistent connections */ 661 __u32 u_threshold; /* upper threshold */ 662 __u32 l_threshold; /* lower threshold */ 663 664 /* for destination cache */ 665 spinlock_t dst_lock; /* lock of dst_cache */ 666 struct dst_entry *dst_cache; /* destination cache entry */ 667 u32 dst_rtos; /* RT_TOS(tos) for dst */ 668 u32 dst_cookie; 669 union nf_inet_addr dst_saddr; 670 671 /* for virtual service */ 672 struct ip_vs_service *svc; /* service it belongs to */ 673 __u16 protocol; /* which protocol (TCP/UDP) */ 674 __be16 vport; /* virtual port number */ 675 union nf_inet_addr vaddr; /* virtual IP address */ 676 __u32 vfwmark; /* firewall mark of service */ 677}; 678 679 680/* 681 * The scheduler object 682 */ 683struct ip_vs_scheduler { 684 struct list_head n_list; /* d-linked list head */ 685 char *name; /* scheduler name */ 686 atomic_t refcnt; /* reference counter */ 687 struct module *module; /* THIS_MODULE/NULL */ 688 689 /* scheduler initializing service */ 690 int (*init_service)(struct ip_vs_service *svc); 691 /* scheduling service finish */ 692 int (*done_service)(struct ip_vs_service *svc); 693 /* scheduler updating service */ 694 int (*update_service)(struct ip_vs_service *svc); 695 696 /* selecting a server from the given service */ 697 struct ip_vs_dest* (*schedule)(struct ip_vs_service *svc, 698 const struct sk_buff *skb); 699}; 700 701/* The persistence engine object */ 702struct ip_vs_pe { 703 struct list_head n_list; /* d-linked list head */ 704 char *name; /* scheduler name */ 705 atomic_t refcnt; /* reference counter */ 706 struct module *module; /* THIS_MODULE/NULL */ 707 708 /* get the connection template, if any */ 709 int (*fill_param)(struct ip_vs_conn_param *p, struct sk_buff *skb); 710 bool (*ct_match)(const struct ip_vs_conn_param *p, 711 struct ip_vs_conn *ct); 712 u32 (*hashkey_raw)(const struct ip_vs_conn_param *p, u32 initval, 713 bool inverse); 714 int (*show_pe_data)(const struct ip_vs_conn *cp, char *buf); 715}; 716 717/* 718 * The application module object (a.k.a. app incarnation) 719 */ 720struct ip_vs_app { 721 struct list_head a_list; /* member in app list */ 722 int type; /* IP_VS_APP_TYPE_xxx */ 723 char *name; /* application module name */ 724 __u16 protocol; 725 struct module *module; /* THIS_MODULE/NULL */ 726 struct list_head incs_list; /* list of incarnations */ 727 728 /* members for application incarnations */ 729 struct list_head p_list; /* member in proto app list */ 730 struct ip_vs_app *app; /* its real application */ 731 __be16 port; /* port number in net order */ 732 atomic_t usecnt; /* usage counter */ 733 734 /* 735 * output hook: Process packet in inout direction, diff set for TCP. 736 * Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok, 737 * 2=Mangled but checksum was not updated 738 */ 739 int (*pkt_out)(struct ip_vs_app *, struct ip_vs_conn *, 740 struct sk_buff *, int *diff); 741 742 /* 743 * input hook: Process packet in outin direction, diff set for TCP. 744 * Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok, 745 * 2=Mangled but checksum was not updated 746 */ 747 int (*pkt_in)(struct ip_vs_app *, struct ip_vs_conn *, 748 struct sk_buff *, int *diff); 749 750 /* ip_vs_app initializer */ 751 int (*init_conn)(struct ip_vs_app *, struct ip_vs_conn *); 752 753 /* ip_vs_app finish */ 754 int (*done_conn)(struct ip_vs_app *, struct ip_vs_conn *); 755 756 757 /* not used now */ 758 int (*bind_conn)(struct ip_vs_app *, struct ip_vs_conn *, 759 struct ip_vs_protocol *); 760 761 void (*unbind_conn)(struct ip_vs_app *, struct ip_vs_conn *); 762 763 int * timeout_table; 764 int * timeouts; 765 int timeouts_size; 766 767 int (*conn_schedule)(struct sk_buff *skb, struct ip_vs_app *app, 768 int *verdict, struct ip_vs_conn **cpp); 769 770 struct ip_vs_conn * 771 (*conn_in_get)(const struct sk_buff *skb, struct ip_vs_app *app, 772 const struct iphdr *iph, unsigned int proto_off, 773 int inverse); 774 775 struct ip_vs_conn * 776 (*conn_out_get)(const struct sk_buff *skb, struct ip_vs_app *app, 777 const struct iphdr *iph, unsigned int proto_off, 778 int inverse); 779 780 int (*state_transition)(struct ip_vs_conn *cp, int direction, 781 const struct sk_buff *skb, 782 struct ip_vs_app *app); 783 784 void (*timeout_change)(struct ip_vs_app *app, int flags); 785}; 786 787/* IPVS in network namespace */ 788struct netns_ipvs { 789 int gen; /* Generation */ 790 int enable; /* enable like nf_hooks do */ 791 /* 792 * Hash table: for real service lookups 793 */ 794 #define IP_VS_RTAB_BITS 4 795 #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS) 796 #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1) 797 798 struct list_head rs_table[IP_VS_RTAB_SIZE]; 799 /* ip_vs_app */ 800 struct list_head app_list; 801 /* ip_vs_ftp */ 802 struct ip_vs_app *ftp_app; 803 /* ip_vs_proto */ 804 #define IP_VS_PROTO_TAB_SIZE 32 /* must be power of 2 */ 805 struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE]; 806 /* ip_vs_proto_tcp */ 807#ifdef CONFIG_IP_VS_PROTO_TCP 808 #define TCP_APP_TAB_BITS 4 809 #define TCP_APP_TAB_SIZE (1 << TCP_APP_TAB_BITS) 810 #define TCP_APP_TAB_MASK (TCP_APP_TAB_SIZE - 1) 811 struct list_head tcp_apps[TCP_APP_TAB_SIZE]; 812 spinlock_t tcp_app_lock; 813#endif 814 /* ip_vs_proto_udp */ 815#ifdef CONFIG_IP_VS_PROTO_UDP 816 #define UDP_APP_TAB_BITS 4 817 #define UDP_APP_TAB_SIZE (1 << UDP_APP_TAB_BITS) 818 #define UDP_APP_TAB_MASK (UDP_APP_TAB_SIZE - 1) 819 struct list_head udp_apps[UDP_APP_TAB_SIZE]; 820 spinlock_t udp_app_lock; 821#endif 822 /* ip_vs_proto_sctp */ 823#ifdef CONFIG_IP_VS_PROTO_SCTP 824 #define SCTP_APP_TAB_BITS 4 825 #define SCTP_APP_TAB_SIZE (1 << SCTP_APP_TAB_BITS) 826 #define SCTP_APP_TAB_MASK (SCTP_APP_TAB_SIZE - 1) 827 /* Hash table for SCTP application incarnations */ 828 struct list_head sctp_apps[SCTP_APP_TAB_SIZE]; 829 spinlock_t sctp_app_lock; 830#endif 831 /* ip_vs_conn */ 832 atomic_t conn_count; /* connection counter */ 833 834 /* ip_vs_ctl */ 835 struct ip_vs_stats tot_stats; /* Statistics & est. */ 836 837 int num_services; /* no of virtual services */ 838 839 rwlock_t rs_lock; /* real services table */ 840 /* Trash for destinations */ 841 struct list_head dest_trash; 842 /* Service counters */ 843 atomic_t ftpsvc_counter; 844 atomic_t nullsvc_counter; 845 846#ifdef CONFIG_SYSCTL 847 /* 1/rate drop and drop-entry variables */ 848 struct delayed_work defense_work; /* Work handler */ 849 int drop_rate; 850 int drop_counter; 851 atomic_t dropentry; 852 /* locks in ctl.c */ 853 spinlock_t dropentry_lock; /* drop entry handling */ 854 spinlock_t droppacket_lock; /* drop packet handling */ 855 spinlock_t securetcp_lock; /* state and timeout tables */ 856 857 /* sys-ctl struct */ 858 struct ctl_table_header *sysctl_hdr; 859 struct ctl_table *sysctl_tbl; 860#endif 861 862 /* sysctl variables */ 863 int sysctl_amemthresh; 864 int sysctl_am_droprate; 865 int sysctl_drop_entry; 866 int sysctl_drop_packet; 867 int sysctl_secure_tcp; 868#ifdef CONFIG_IP_VS_NFCT 869 int sysctl_conntrack; 870#endif 871 int sysctl_snat_reroute; 872 int sysctl_sync_ver; 873 int sysctl_cache_bypass; 874 int sysctl_expire_nodest_conn; 875 int sysctl_expire_quiescent_template; 876 int sysctl_sync_threshold[2]; 877 int sysctl_nat_icmp_send; 878 879 /* ip_vs_lblc */ 880 int sysctl_lblc_expiration; 881 struct ctl_table_header *lblc_ctl_header; 882 struct ctl_table *lblc_ctl_table; 883 /* ip_vs_lblcr */ 884 int sysctl_lblcr_expiration; 885 struct ctl_table_header *lblcr_ctl_header; 886 struct ctl_table *lblcr_ctl_table; 887 /* ip_vs_est */ 888 struct list_head est_list; /* estimator list */ 889 spinlock_t est_lock; 890 struct timer_list est_timer; /* Estimation timer */ 891 /* ip_vs_sync */ 892 struct list_head sync_queue; 893 spinlock_t sync_lock; 894 struct ip_vs_sync_buff *sync_buff; 895 spinlock_t sync_buff_lock; 896 struct sockaddr_in sync_mcast_addr; 897 struct task_struct *master_thread; 898 struct task_struct *backup_thread; 899 int send_mesg_maxlen; 900 int recv_mesg_maxlen; 901 volatile int sync_state; 902 volatile int master_syncid; 903 volatile int backup_syncid; 904 struct mutex sync_mutex; 905 /* multicast interface name */ 906 char master_mcast_ifn[IP_VS_IFNAME_MAXLEN]; 907 char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN]; 908 /* net name space ptr */ 909 struct net *net; /* Needed by timer routines */ 910}; 911 912#define DEFAULT_SYNC_THRESHOLD 3 913#define DEFAULT_SYNC_PERIOD 50 914#define DEFAULT_SYNC_VER 1 915 916#ifdef CONFIG_SYSCTL 917 918static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs) 919{ 920 return ipvs->sysctl_sync_threshold[0]; 921} 922 923static inline int sysctl_sync_period(struct netns_ipvs *ipvs) 924{ 925 return ipvs->sysctl_sync_threshold[1]; 926} 927 928static inline int sysctl_sync_ver(struct netns_ipvs *ipvs) 929{ 930 return ipvs->sysctl_sync_ver; 931} 932 933#else 934 935static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs) 936{ 937 return DEFAULT_SYNC_THRESHOLD; 938} 939 940static inline int sysctl_sync_period(struct netns_ipvs *ipvs) 941{ 942 return DEFAULT_SYNC_PERIOD; 943} 944 945static inline int sysctl_sync_ver(struct netns_ipvs *ipvs) 946{ 947 return DEFAULT_SYNC_VER; 948} 949 950#endif 951 952/* 953 * IPVS core functions 954 * (from ip_vs_core.c) 955 */ 956extern const char *ip_vs_proto_name(unsigned proto); 957extern void ip_vs_init_hash_table(struct list_head *table, int rows); 958#define IP_VS_INIT_HASH_TABLE(t) ip_vs_init_hash_table((t), ARRAY_SIZE((t))) 959 960#define IP_VS_APP_TYPE_FTP 1 961 962/* 963 * ip_vs_conn handling functions 964 * (from ip_vs_conn.c) 965 */ 966 967enum { 968 IP_VS_DIR_INPUT = 0, 969 IP_VS_DIR_OUTPUT, 970 IP_VS_DIR_INPUT_ONLY, 971 IP_VS_DIR_LAST, 972}; 973 974static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol, 975 const union nf_inet_addr *caddr, 976 __be16 cport, 977 const union nf_inet_addr *vaddr, 978 __be16 vport, 979 struct ip_vs_conn_param *p) 980{ 981 p->net = net; 982 p->af = af; 983 p->protocol = protocol; 984 p->caddr = caddr; 985 p->cport = cport; 986 p->vaddr = vaddr; 987 p->vport = vport; 988 p->pe = NULL; 989 p->pe_data = NULL; 990} 991 992struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p); 993struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p); 994 995struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb, 996 const struct ip_vs_iphdr *iph, 997 unsigned int proto_off, 998 int inverse); 999 1000struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p); 1001 1002struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb, 1003 const struct ip_vs_iphdr *iph, 1004 unsigned int proto_off, 1005 int inverse); 1006 1007/* put back the conn without restarting its timer */ 1008static inline void __ip_vs_conn_put(struct ip_vs_conn *cp) 1009{ 1010 atomic_dec(&cp->refcnt); 1011} 1012extern void ip_vs_conn_put(struct ip_vs_conn *cp); 1013extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport); 1014 1015struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p, 1016 const union nf_inet_addr *daddr, 1017 __be16 dport, unsigned flags, 1018 struct ip_vs_dest *dest, __u32 fwmark); 1019extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp); 1020 1021extern const char * ip_vs_state_name(__u16 proto, int state); 1022 1023extern void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp); 1024extern int ip_vs_check_template(struct ip_vs_conn *ct); 1025extern void ip_vs_random_dropentry(struct net *net); 1026extern int ip_vs_conn_init(void); 1027extern void ip_vs_conn_cleanup(void); 1028 1029static inline void ip_vs_control_del(struct ip_vs_conn *cp) 1030{ 1031 struct ip_vs_conn *ctl_cp = cp->control; 1032 if (!ctl_cp) { 1033 IP_VS_ERR_BUF("request control DEL for uncontrolled: " 1034 "%s:%d to %s:%d\n", 1035 IP_VS_DBG_ADDR(cp->af, &cp->caddr), 1036 ntohs(cp->cport), 1037 IP_VS_DBG_ADDR(cp->af, &cp->vaddr), 1038 ntohs(cp->vport)); 1039 1040 return; 1041 } 1042 1043 IP_VS_DBG_BUF(7, "DELeting control for: " 1044 "cp.dst=%s:%d ctl_cp.dst=%s:%d\n", 1045 IP_VS_DBG_ADDR(cp->af, &cp->caddr), 1046 ntohs(cp->cport), 1047 IP_VS_DBG_ADDR(cp->af, &ctl_cp->caddr), 1048 ntohs(ctl_cp->cport)); 1049 1050 cp->control = NULL; 1051 if (atomic_read(&ctl_cp->n_control) == 0) { 1052 IP_VS_ERR_BUF("BUG control DEL with n=0 : " 1053 "%s:%d to %s:%d\n", 1054 IP_VS_DBG_ADDR(cp->af, &cp->caddr), 1055 ntohs(cp->cport), 1056 IP_VS_DBG_ADDR(cp->af, &cp->vaddr), 1057 ntohs(cp->vport)); 1058 1059 return; 1060 } 1061 atomic_dec(&ctl_cp->n_control); 1062} 1063 1064static inline void 1065ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp) 1066{ 1067 if (cp->control) { 1068 IP_VS_ERR_BUF("request control ADD for already controlled: " 1069 "%s:%d to %s:%d\n", 1070 IP_VS_DBG_ADDR(cp->af, &cp->caddr), 1071 ntohs(cp->cport), 1072 IP_VS_DBG_ADDR(cp->af, &cp->vaddr), 1073 ntohs(cp->vport)); 1074 1075 ip_vs_control_del(cp); 1076 } 1077 1078 IP_VS_DBG_BUF(7, "ADDing control for: " 1079 "cp.dst=%s:%d ctl_cp.dst=%s:%d\n", 1080 IP_VS_DBG_ADDR(cp->af, &cp->caddr), 1081 ntohs(cp->cport), 1082 IP_VS_DBG_ADDR(cp->af, &ctl_cp->caddr), 1083 ntohs(ctl_cp->cport)); 1084 1085 cp->control = ctl_cp; 1086 atomic_inc(&ctl_cp->n_control); 1087} 1088 1089/* 1090 * IPVS netns init & cleanup functions 1091 */ 1092extern int ip_vs_estimator_net_init(struct net *net); 1093extern int ip_vs_control_net_init(struct net *net); 1094extern int ip_vs_protocol_net_init(struct net *net); 1095extern int ip_vs_app_net_init(struct net *net); 1096extern int ip_vs_conn_net_init(struct net *net); 1097extern int ip_vs_sync_net_init(struct net *net); 1098extern void ip_vs_conn_net_cleanup(struct net *net); 1099extern void ip_vs_app_net_cleanup(struct net *net); 1100extern void ip_vs_protocol_net_cleanup(struct net *net); 1101extern void ip_vs_control_net_cleanup(struct net *net); 1102extern void ip_vs_estimator_net_cleanup(struct net *net); 1103extern void ip_vs_sync_net_cleanup(struct net *net); 1104extern void ip_vs_service_net_cleanup(struct net *net); 1105 1106/* 1107 * IPVS application functions 1108 * (from ip_vs_app.c) 1109 */ 1110#define IP_VS_APP_MAX_PORTS 8 1111extern int register_ip_vs_app(struct net *net, struct ip_vs_app *app); 1112extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app); 1113extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1114extern void ip_vs_unbind_app(struct ip_vs_conn *cp); 1115extern int register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app, 1116 __u16 proto, __u16 port); 1117extern int ip_vs_app_inc_get(struct ip_vs_app *inc); 1118extern void ip_vs_app_inc_put(struct ip_vs_app *inc); 1119 1120extern int ip_vs_app_pkt_out(struct ip_vs_conn *, struct sk_buff *skb); 1121extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff *skb); 1122 1123void ip_vs_bind_pe(struct ip_vs_service *svc, struct ip_vs_pe *pe); 1124void ip_vs_unbind_pe(struct ip_vs_service *svc); 1125int register_ip_vs_pe(struct ip_vs_pe *pe); 1126int unregister_ip_vs_pe(struct ip_vs_pe *pe); 1127struct ip_vs_pe *ip_vs_pe_getbyname(const char *name); 1128struct ip_vs_pe *__ip_vs_pe_getbyname(const char *pe_name); 1129 1130/* 1131 * Use a #define to avoid all of module.h just for these trivial ops 1132 */ 1133#define ip_vs_pe_get(pe) \ 1134 if (pe && pe->module) \ 1135 __module_get(pe->module); 1136 1137#define ip_vs_pe_put(pe) \ 1138 if (pe && pe->module) \ 1139 module_put(pe->module); 1140 1141/* 1142 * IPVS protocol functions (from ip_vs_proto.c) 1143 */ 1144extern int ip_vs_protocol_init(void); 1145extern void ip_vs_protocol_cleanup(void); 1146extern void ip_vs_protocol_timeout_change(struct netns_ipvs *ipvs, int flags); 1147extern int *ip_vs_create_timeout_table(int *table, int size); 1148extern int 1149ip_vs_set_state_timeout(int *table, int num, const char *const *names, 1150 const char *name, int to); 1151extern void 1152ip_vs_tcpudp_debug_packet(int af, struct ip_vs_protocol *pp, 1153 const struct sk_buff *skb, 1154 int offset, const char *msg); 1155 1156extern struct ip_vs_protocol ip_vs_protocol_tcp; 1157extern struct ip_vs_protocol ip_vs_protocol_udp; 1158extern struct ip_vs_protocol ip_vs_protocol_icmp; 1159extern struct ip_vs_protocol ip_vs_protocol_esp; 1160extern struct ip_vs_protocol ip_vs_protocol_ah; 1161extern struct ip_vs_protocol ip_vs_protocol_sctp; 1162 1163/* 1164 * Registering/unregistering scheduler functions 1165 * (from ip_vs_sched.c) 1166 */ 1167extern int register_ip_vs_scheduler(struct ip_vs_scheduler *scheduler); 1168extern int unregister_ip_vs_scheduler(struct ip_vs_scheduler *scheduler); 1169extern int ip_vs_bind_scheduler(struct ip_vs_service *svc, 1170 struct ip_vs_scheduler *scheduler); 1171extern int ip_vs_unbind_scheduler(struct ip_vs_service *svc); 1172extern struct ip_vs_scheduler *ip_vs_scheduler_get(const char *sched_name); 1173extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler); 1174extern struct ip_vs_conn * 1175ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb, 1176 struct ip_vs_proto_data *pd, int *ignored); 1177extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, 1178 struct ip_vs_proto_data *pd); 1179 1180extern void ip_vs_scheduler_err(struct ip_vs_service *svc, const char *msg); 1181 1182 1183/* 1184 * IPVS control data and functions (from ip_vs_ctl.c) 1185 */ 1186extern struct ip_vs_stats ip_vs_stats; 1187extern const struct ctl_path net_vs_ctl_path[]; 1188extern int sysctl_ip_vs_sync_ver; 1189 1190extern void ip_vs_sync_switch_mode(struct net *net, int mode); 1191extern struct ip_vs_service * 1192ip_vs_service_get(struct net *net, int af, __u32 fwmark, __u16 protocol, 1193 const union nf_inet_addr *vaddr, __be16 vport); 1194 1195static inline void ip_vs_service_put(struct ip_vs_service *svc) 1196{ 1197 atomic_dec(&svc->usecnt); 1198} 1199 1200extern struct ip_vs_dest * 1201ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol, 1202 const union nf_inet_addr *daddr, __be16 dport); 1203 1204extern int ip_vs_use_count_inc(void); 1205extern void ip_vs_use_count_dec(void); 1206extern int ip_vs_register_nl_ioctl(void); 1207extern void ip_vs_unregister_nl_ioctl(void); 1208extern int ip_vs_control_init(void); 1209extern void ip_vs_control_cleanup(void); 1210extern struct ip_vs_dest * 1211ip_vs_find_dest(struct net *net, int af, const union nf_inet_addr *daddr, 1212 __be16 dport, const union nf_inet_addr *vaddr, __be16 vport, 1213 __u16 protocol, __u32 fwmark, __u32 flags); 1214extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp); 1215 1216 1217/* 1218 * IPVS sync daemon data and function prototypes 1219 * (from ip_vs_sync.c) 1220 */ 1221extern int start_sync_thread(struct net *net, int state, char *mcast_ifn, 1222 __u8 syncid); 1223extern int stop_sync_thread(struct net *net, int state); 1224extern void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp); 1225 1226 1227/* 1228 * IPVS rate estimator prototypes (from ip_vs_est.c) 1229 */ 1230extern void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats); 1231extern void ip_vs_stop_estimator(struct net *net, struct ip_vs_stats *stats); 1232extern void ip_vs_zero_estimator(struct ip_vs_stats *stats); 1233extern void ip_vs_read_estimator(struct ip_vs_stats_user *dst, 1234 struct ip_vs_stats *stats); 1235 1236/* 1237 * Various IPVS packet transmitters (from ip_vs_xmit.c) 1238 */ 1239extern int ip_vs_null_xmit 1240(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1241extern int ip_vs_bypass_xmit 1242(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1243extern int ip_vs_nat_xmit 1244(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1245extern int ip_vs_tunnel_xmit 1246(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1247extern int ip_vs_dr_xmit 1248(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1249extern int ip_vs_icmp_xmit 1250(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp, 1251 int offset, unsigned int hooknum); 1252extern void ip_vs_dst_reset(struct ip_vs_dest *dest); 1253 1254#ifdef CONFIG_IP_VS_IPV6 1255extern int ip_vs_bypass_xmit_v6 1256(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1257extern int ip_vs_nat_xmit_v6 1258(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1259extern int ip_vs_tunnel_xmit_v6 1260(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1261extern int ip_vs_dr_xmit_v6 1262(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1263extern int ip_vs_icmp_xmit_v6 1264(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp, 1265 int offset, unsigned int hooknum); 1266#endif 1267 1268#ifdef CONFIG_SYSCTL 1269/* 1270 * This is a simple mechanism to ignore packets when 1271 * we are loaded. Just set ip_vs_drop_rate to 'n' and 1272 * we start to drop 1/rate of the packets 1273 */ 1274 1275static inline int ip_vs_todrop(struct netns_ipvs *ipvs) 1276{ 1277 if (!ipvs->drop_rate) 1278 return 0; 1279 if (--ipvs->drop_counter > 0) 1280 return 0; 1281 ipvs->drop_counter = ipvs->drop_rate; 1282 return 1; 1283} 1284#else 1285static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; } 1286#endif 1287 1288/* 1289 * ip_vs_fwd_tag returns the forwarding tag of the connection 1290 */ 1291#define IP_VS_FWD_METHOD(cp) (cp->flags & IP_VS_CONN_F_FWD_MASK) 1292 1293static inline char ip_vs_fwd_tag(struct ip_vs_conn *cp) 1294{ 1295 char fwd; 1296 1297 switch (IP_VS_FWD_METHOD(cp)) { 1298 case IP_VS_CONN_F_MASQ: 1299 fwd = 'M'; break; 1300 case IP_VS_CONN_F_LOCALNODE: 1301 fwd = 'L'; break; 1302 case IP_VS_CONN_F_TUNNEL: 1303 fwd = 'T'; break; 1304 case IP_VS_CONN_F_DROUTE: 1305 fwd = 'R'; break; 1306 case IP_VS_CONN_F_BYPASS: 1307 fwd = 'B'; break; 1308 default: 1309 fwd = '?'; break; 1310 } 1311 return fwd; 1312} 1313 1314extern void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp, 1315 struct ip_vs_conn *cp, int dir); 1316 1317#ifdef CONFIG_IP_VS_IPV6 1318extern void ip_vs_nat_icmp_v6(struct sk_buff *skb, struct ip_vs_protocol *pp, 1319 struct ip_vs_conn *cp, int dir); 1320#endif 1321 1322extern __sum16 ip_vs_checksum_complete(struct sk_buff *skb, int offset); 1323 1324static inline __wsum ip_vs_check_diff4(__be32 old, __be32 new, __wsum oldsum) 1325{ 1326 __be32 diff[2] = { ~old, new }; 1327 1328 return csum_partial(diff, sizeof(diff), oldsum); 1329} 1330 1331#ifdef CONFIG_IP_VS_IPV6 1332static inline __wsum ip_vs_check_diff16(const __be32 *old, const __be32 *new, 1333 __wsum oldsum) 1334{ 1335 __be32 diff[8] = { ~old[3], ~old[2], ~old[1], ~old[0], 1336 new[3], new[2], new[1], new[0] }; 1337 1338 return csum_partial(diff, sizeof(diff), oldsum); 1339} 1340#endif 1341 1342static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum) 1343{ 1344 __be16 diff[2] = { ~old, new }; 1345 1346 return csum_partial(diff, sizeof(diff), oldsum); 1347} 1348 1349/* 1350 * Forget current conntrack (unconfirmed) and attach notrack entry 1351 */ 1352static inline void ip_vs_notrack(struct sk_buff *skb) 1353{ 1354#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 1355 enum ip_conntrack_info ctinfo; 1356 struct nf_conn *ct = nf_ct_get(skb, &ctinfo); 1357 1358 if (!ct || !nf_ct_is_untracked(ct)) { 1359 nf_reset(skb); 1360 skb->nfct = &nf_ct_untracked_get()->ct_general; 1361 skb->nfctinfo = IP_CT_NEW; 1362 nf_conntrack_get(skb->nfct); 1363 } 1364#endif 1365} 1366 1367#ifdef CONFIG_IP_VS_NFCT 1368/* 1369 * Netfilter connection tracking 1370 * (from ip_vs_nfct.c) 1371 */ 1372static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs) 1373{ 1374#ifdef CONFIG_SYSCTL 1375 return ipvs->sysctl_conntrack; 1376#else 1377 return 0; 1378#endif 1379} 1380 1381extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, 1382 int outin); 1383extern int ip_vs_confirm_conntrack(struct sk_buff *skb); 1384extern void ip_vs_nfct_expect_related(struct sk_buff *skb, struct nf_conn *ct, 1385 struct ip_vs_conn *cp, u_int8_t proto, 1386 const __be16 port, int from_rs); 1387extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp); 1388 1389#else 1390 1391static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs) 1392{ 1393 return 0; 1394} 1395 1396static inline void ip_vs_update_conntrack(struct sk_buff *skb, 1397 struct ip_vs_conn *cp, int outin) 1398{ 1399} 1400 1401static inline int ip_vs_confirm_conntrack(struct sk_buff *skb) 1402{ 1403 return NF_ACCEPT; 1404} 1405 1406static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp) 1407{ 1408} 1409/* CONFIG_IP_VS_NFCT */ 1410#endif 1411 1412static inline unsigned int 1413ip_vs_dest_conn_overhead(struct ip_vs_dest *dest) 1414{ 1415 /* 1416 * We think the overhead of processing active connections is 256 1417 * times higher than that of inactive connections in average. (This 1418 * 256 times might not be accurate, we will change it later) We 1419 * use the following formula to estimate the overhead now: 1420 * dest->activeconns*256 + dest->inactconns 1421 */ 1422 return (atomic_read(&dest->activeconns) << 8) + 1423 atomic_read(&dest->inactconns); 1424} 1425 1426#endif /* _NET_IP_VS_H */ 1427