aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter/ipvs/ip_vs_ctl.c
diff options
context:
space:
mode:
authorHans Schillstrom <hans.schillstrom@ericsson.com>2011-01-03 08:44:58 -0500
committerSimon Horman <horms@verge.net.au>2011-01-12 20:30:28 -0500
commita0840e2e165a370ca24a59545e564e9881a55891 (patch)
treedeb10e3931be9410aebbb55e5fccbd42a5edd633 /net/netfilter/ipvs/ip_vs_ctl.c
parent6e67e586e7289c144d5a189d6e0fa7141d025746 (diff)
IPVS: netns, ip_vs_ctl local vars moved to ipvs struct.
Moving global vars to ipvs struct, except for svc table lock. Next patch for ctl will be drop-rate handling. *v3 __ip_vs_mutex remains global ip_vs_conntrack_enabled(struct netns_ipvs *ipvs) Signed-off-by: Hans Schillstrom <hans.schillstrom@ericsson.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au>
Diffstat (limited to 'net/netfilter/ipvs/ip_vs_ctl.c')
-rw-r--r--net/netfilter/ipvs/ip_vs_ctl.c291
1 files changed, 150 insertions, 141 deletions
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
index cbd58c60e1b..183ac18bded 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -58,42 +58,7 @@ static DEFINE_MUTEX(__ip_vs_mutex);
58/* lock for service table */ 58/* lock for service table */
59static DEFINE_RWLOCK(__ip_vs_svc_lock); 59static DEFINE_RWLOCK(__ip_vs_svc_lock);
60 60
61/* lock for table with the real services */
62static DEFINE_RWLOCK(__ip_vs_rs_lock);
63
64/* lock for state and timeout tables */
65static DEFINE_SPINLOCK(ip_vs_securetcp_lock);
66
67/* lock for drop entry handling */
68static DEFINE_SPINLOCK(__ip_vs_dropentry_lock);
69
70/* lock for drop packet handling */
71static DEFINE_SPINLOCK(__ip_vs_droppacket_lock);
72
73/* 1/rate drop and drop-entry variables */
74int ip_vs_drop_rate = 0;
75int ip_vs_drop_counter = 0;
76static atomic_t ip_vs_dropentry = ATOMIC_INIT(0);
77
78/* number of virtual services */
79static int ip_vs_num_services = 0;
80
81/* sysctl variables */ 61/* sysctl variables */
82static int sysctl_ip_vs_drop_entry = 0;
83static int sysctl_ip_vs_drop_packet = 0;
84static int sysctl_ip_vs_secure_tcp = 0;
85static int sysctl_ip_vs_amemthresh = 1024;
86static int sysctl_ip_vs_am_droprate = 10;
87int sysctl_ip_vs_cache_bypass = 0;
88int sysctl_ip_vs_expire_nodest_conn = 0;
89int sysctl_ip_vs_expire_quiescent_template = 0;
90int sysctl_ip_vs_sync_threshold[2] = { 3, 50 };
91int sysctl_ip_vs_nat_icmp_send = 0;
92#ifdef CONFIG_IP_VS_NFCT
93int sysctl_ip_vs_conntrack;
94#endif
95int sysctl_ip_vs_snat_reroute = 1;
96int sysctl_ip_vs_sync_ver = 1; /* Default version of sync proto */
97 62
98#ifdef CONFIG_IP_VS_DEBUG 63#ifdef CONFIG_IP_VS_DEBUG
99static int sysctl_ip_vs_debug_level = 0; 64static int sysctl_ip_vs_debug_level = 0;
@@ -142,73 +107,73 @@ static void update_defense_level(struct netns_ipvs *ipvs)
142 /* si_swapinfo(&i); */ 107 /* si_swapinfo(&i); */
143 /* availmem = availmem - (i.totalswap - i.freeswap); */ 108 /* availmem = availmem - (i.totalswap - i.freeswap); */
144 109
145 nomem = (availmem < sysctl_ip_vs_amemthresh); 110 nomem = (availmem < ipvs->sysctl_amemthresh);
146 111
147 local_bh_disable(); 112 local_bh_disable();
148 113
149 /* drop_entry */ 114 /* drop_entry */
150 spin_lock(&__ip_vs_dropentry_lock); 115 spin_lock(&ipvs->dropentry_lock);
151 switch (sysctl_ip_vs_drop_entry) { 116 switch (ipvs->sysctl_drop_entry) {
152 case 0: 117 case 0:
153 atomic_set(&ip_vs_dropentry, 0); 118 atomic_set(&ipvs->dropentry, 0);
154 break; 119 break;
155 case 1: 120 case 1:
156 if (nomem) { 121 if (nomem) {
157 atomic_set(&ip_vs_dropentry, 1); 122 atomic_set(&ipvs->dropentry, 1);
158 sysctl_ip_vs_drop_entry = 2; 123 ipvs->sysctl_drop_entry = 2;
159 } else { 124 } else {
160 atomic_set(&ip_vs_dropentry, 0); 125 atomic_set(&ipvs->dropentry, 0);
161 } 126 }
162 break; 127 break;
163 case 2: 128 case 2:
164 if (nomem) { 129 if (nomem) {
165 atomic_set(&ip_vs_dropentry, 1); 130 atomic_set(&ipvs->dropentry, 1);
166 } else { 131 } else {
167 atomic_set(&ip_vs_dropentry, 0); 132 atomic_set(&ipvs->dropentry, 0);
168 sysctl_ip_vs_drop_entry = 1; 133 ipvs->sysctl_drop_entry = 1;
169 }; 134 };
170 break; 135 break;
171 case 3: 136 case 3:
172 atomic_set(&ip_vs_dropentry, 1); 137 atomic_set(&ipvs->dropentry, 1);
173 break; 138 break;
174 } 139 }
175 spin_unlock(&__ip_vs_dropentry_lock); 140 spin_unlock(&ipvs->dropentry_lock);
176 141
177 /* drop_packet */ 142 /* drop_packet */
178 spin_lock(&__ip_vs_droppacket_lock); 143 spin_lock(&ipvs->droppacket_lock);
179 switch (sysctl_ip_vs_drop_packet) { 144 switch (ipvs->sysctl_drop_packet) {
180 case 0: 145 case 0:
181 ip_vs_drop_rate = 0; 146 ipvs->drop_rate = 0;
182 break; 147 break;
183 case 1: 148 case 1:
184 if (nomem) { 149 if (nomem) {
185 ip_vs_drop_rate = ip_vs_drop_counter 150 ipvs->drop_rate = ipvs->drop_counter
186 = sysctl_ip_vs_amemthresh / 151 = ipvs->sysctl_amemthresh /
187 (sysctl_ip_vs_amemthresh-availmem); 152 (ipvs->sysctl_amemthresh-availmem);
188 sysctl_ip_vs_drop_packet = 2; 153 ipvs->sysctl_drop_packet = 2;
189 } else { 154 } else {
190 ip_vs_drop_rate = 0; 155 ipvs->drop_rate = 0;
191 } 156 }
192 break; 157 break;
193 case 2: 158 case 2:
194 if (nomem) { 159 if (nomem) {
195 ip_vs_drop_rate = ip_vs_drop_counter 160 ipvs->drop_rate = ipvs->drop_counter
196 = sysctl_ip_vs_amemthresh / 161 = ipvs->sysctl_amemthresh /
197 (sysctl_ip_vs_amemthresh-availmem); 162 (ipvs->sysctl_amemthresh-availmem);
198 } else { 163 } else {
199 ip_vs_drop_rate = 0; 164 ipvs->drop_rate = 0;
200 sysctl_ip_vs_drop_packet = 1; 165 ipvs->sysctl_drop_packet = 1;
201 } 166 }
202 break; 167 break;
203 case 3: 168 case 3:
204 ip_vs_drop_rate = sysctl_ip_vs_am_droprate; 169 ipvs->drop_rate = ipvs->sysctl_am_droprate;
205 break; 170 break;
206 } 171 }
207 spin_unlock(&__ip_vs_droppacket_lock); 172 spin_unlock(&ipvs->droppacket_lock);
208 173
209 /* secure_tcp */ 174 /* secure_tcp */
210 spin_lock(&ip_vs_securetcp_lock); 175 spin_lock(&ipvs->securetcp_lock);
211 switch (sysctl_ip_vs_secure_tcp) { 176 switch (ipvs->sysctl_secure_tcp) {
212 case 0: 177 case 0:
213 if (old_secure_tcp >= 2) 178 if (old_secure_tcp >= 2)
214 to_change = 0; 179 to_change = 0;
@@ -217,7 +182,7 @@ static void update_defense_level(struct netns_ipvs *ipvs)
217 if (nomem) { 182 if (nomem) {
218 if (old_secure_tcp < 2) 183 if (old_secure_tcp < 2)
219 to_change = 1; 184 to_change = 1;
220 sysctl_ip_vs_secure_tcp = 2; 185 ipvs->sysctl_secure_tcp = 2;
221 } else { 186 } else {
222 if (old_secure_tcp >= 2) 187 if (old_secure_tcp >= 2)
223 to_change = 0; 188 to_change = 0;
@@ -230,7 +195,7 @@ static void update_defense_level(struct netns_ipvs *ipvs)
230 } else { 195 } else {
231 if (old_secure_tcp >= 2) 196 if (old_secure_tcp >= 2)
232 to_change = 0; 197 to_change = 0;
233 sysctl_ip_vs_secure_tcp = 1; 198 ipvs->sysctl_secure_tcp = 1;
234 } 199 }
235 break; 200 break;
236 case 3: 201 case 3:
@@ -238,11 +203,11 @@ static void update_defense_level(struct netns_ipvs *ipvs)
238 to_change = 1; 203 to_change = 1;
239 break; 204 break;
240 } 205 }
241 old_secure_tcp = sysctl_ip_vs_secure_tcp; 206 old_secure_tcp = ipvs->sysctl_secure_tcp;
242 if (to_change >= 0) 207 if (to_change >= 0)
243 ip_vs_protocol_timeout_change(ipvs, 208 ip_vs_protocol_timeout_change(ipvs,
244 sysctl_ip_vs_secure_tcp > 1); 209 ipvs->sysctl_secure_tcp > 1);
245 spin_unlock(&ip_vs_securetcp_lock); 210 spin_unlock(&ipvs->securetcp_lock);
246 211
247 local_bh_enable(); 212 local_bh_enable();
248} 213}
@@ -260,7 +225,7 @@ static void defense_work_handler(struct work_struct *work)
260 struct netns_ipvs *ipvs = net_ipvs(&init_net); 225 struct netns_ipvs *ipvs = net_ipvs(&init_net);
261 226
262 update_defense_level(ipvs); 227 update_defense_level(ipvs);
263 if (atomic_read(&ip_vs_dropentry)) 228 if (atomic_read(&ipvs->dropentry))
264 ip_vs_random_dropentry(); 229 ip_vs_random_dropentry();
265 230
266 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD); 231 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
@@ -602,7 +567,7 @@ ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol,
602 */ 567 */
603 hash = ip_vs_rs_hashkey(af, daddr, dport); 568 hash = ip_vs_rs_hashkey(af, daddr, dport);
604 569
605 read_lock(&__ip_vs_rs_lock); 570 read_lock(&ipvs->rs_lock);
606 list_for_each_entry(dest, &ipvs->rs_table[hash], d_list) { 571 list_for_each_entry(dest, &ipvs->rs_table[hash], d_list) {
607 if ((dest->af == af) 572 if ((dest->af == af)
608 && ip_vs_addr_equal(af, &dest->addr, daddr) 573 && ip_vs_addr_equal(af, &dest->addr, daddr)
@@ -610,11 +575,11 @@ ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol,
610 && ((dest->protocol == protocol) || 575 && ((dest->protocol == protocol) ||
611 dest->vfwmark)) { 576 dest->vfwmark)) {
612 /* HIT */ 577 /* HIT */
613 read_unlock(&__ip_vs_rs_lock); 578 read_unlock(&ipvs->rs_lock);
614 return dest; 579 return dest;
615 } 580 }
616 } 581 }
617 read_unlock(&__ip_vs_rs_lock); 582 read_unlock(&ipvs->rs_lock);
618 583
619 return NULL; 584 return NULL;
620} 585}
@@ -788,9 +753,9 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
788 * Put the real service in rs_table if not present. 753 * Put the real service in rs_table if not present.
789 * For now only for NAT! 754 * For now only for NAT!
790 */ 755 */
791 write_lock_bh(&__ip_vs_rs_lock); 756 write_lock_bh(&ipvs->rs_lock);
792 ip_vs_rs_hash(ipvs, dest); 757 ip_vs_rs_hash(ipvs, dest);
793 write_unlock_bh(&__ip_vs_rs_lock); 758 write_unlock_bh(&ipvs->rs_lock);
794 } 759 }
795 atomic_set(&dest->conn_flags, conn_flags); 760 atomic_set(&dest->conn_flags, conn_flags);
796 761
@@ -1022,14 +987,16 @@ ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1022 */ 987 */
1023static void __ip_vs_del_dest(struct net *net, struct ip_vs_dest *dest) 988static void __ip_vs_del_dest(struct net *net, struct ip_vs_dest *dest)
1024{ 989{
990 struct netns_ipvs *ipvs = net_ipvs(net);
991
1025 ip_vs_kill_estimator(net, &dest->stats); 992 ip_vs_kill_estimator(net, &dest->stats);
1026 993
1027 /* 994 /*
1028 * Remove it from the d-linked list with the real services. 995 * Remove it from the d-linked list with the real services.
1029 */ 996 */
1030 write_lock_bh(&__ip_vs_rs_lock); 997 write_lock_bh(&ipvs->rs_lock);
1031 ip_vs_rs_unhash(dest); 998 ip_vs_rs_unhash(dest);
1032 write_unlock_bh(&__ip_vs_rs_lock); 999 write_unlock_bh(&ipvs->rs_lock);
1033 1000
1034 /* 1001 /*
1035 * Decrease the refcnt of the dest, and free the dest 1002 * Decrease the refcnt of the dest, and free the dest
@@ -1092,7 +1059,6 @@ static int
1092ip_vs_del_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest) 1059ip_vs_del_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1093{ 1060{
1094 struct ip_vs_dest *dest; 1061 struct ip_vs_dest *dest;
1095 struct net *net = svc->net;
1096 __be16 dport = udest->port; 1062 __be16 dport = udest->port;
1097 1063
1098 EnterFunction(2); 1064 EnterFunction(2);
@@ -1121,7 +1087,7 @@ ip_vs_del_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1121 /* 1087 /*
1122 * Delete the destination 1088 * Delete the destination
1123 */ 1089 */
1124 __ip_vs_del_dest(net, dest); 1090 __ip_vs_del_dest(svc->net, dest);
1125 1091
1126 LeaveFunction(2); 1092 LeaveFunction(2);
1127 1093
@@ -1140,6 +1106,7 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u,
1140 struct ip_vs_scheduler *sched = NULL; 1106 struct ip_vs_scheduler *sched = NULL;
1141 struct ip_vs_pe *pe = NULL; 1107 struct ip_vs_pe *pe = NULL;
1142 struct ip_vs_service *svc = NULL; 1108 struct ip_vs_service *svc = NULL;
1109 struct netns_ipvs *ipvs = net_ipvs(net);
1143 1110
1144 /* increase the module use count */ 1111 /* increase the module use count */
1145 ip_vs_use_count_inc(); 1112 ip_vs_use_count_inc();
@@ -1219,7 +1186,7 @@ ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u,
1219 1186
1220 /* Count only IPv4 services for old get/setsockopt interface */ 1187 /* Count only IPv4 services for old get/setsockopt interface */
1221 if (svc->af == AF_INET) 1188 if (svc->af == AF_INET)
1222 ip_vs_num_services++; 1189 ipvs->num_services++;
1223 1190
1224 /* Hash the service into the service table */ 1191 /* Hash the service into the service table */
1225 write_lock_bh(&__ip_vs_svc_lock); 1192 write_lock_bh(&__ip_vs_svc_lock);
@@ -1359,12 +1326,13 @@ static void __ip_vs_del_service(struct ip_vs_service *svc)
1359 struct ip_vs_dest *dest, *nxt; 1326 struct ip_vs_dest *dest, *nxt;
1360 struct ip_vs_scheduler *old_sched; 1327 struct ip_vs_scheduler *old_sched;
1361 struct ip_vs_pe *old_pe; 1328 struct ip_vs_pe *old_pe;
1329 struct netns_ipvs *ipvs = net_ipvs(svc->net);
1362 1330
1363 pr_info("%s: enter\n", __func__); 1331 pr_info("%s: enter\n", __func__);
1364 1332
1365 /* Count only IPv4 services for old get/setsockopt interface */ 1333 /* Count only IPv4 services for old get/setsockopt interface */
1366 if (svc->af == AF_INET) 1334 if (svc->af == AF_INET)
1367 ip_vs_num_services--; 1335 ipvs->num_services--;
1368 1336
1369 ip_vs_kill_estimator(svc->net, &svc->stats); 1337 ip_vs_kill_estimator(svc->net, &svc->stats);
1370 1338
@@ -1589,42 +1557,31 @@ proc_do_sync_mode(ctl_table *table, int write,
1589 1557
1590/* 1558/*
1591 * IPVS sysctl table (under the /proc/sys/net/ipv4/vs/) 1559 * IPVS sysctl table (under the /proc/sys/net/ipv4/vs/)
1560 * Do not change order or insert new entries without
1561 * align with netns init in __ip_vs_control_init()
1592 */ 1562 */
1593 1563
1594static struct ctl_table vs_vars[] = { 1564static struct ctl_table vs_vars[] = {
1595 { 1565 {
1596 .procname = "amemthresh", 1566 .procname = "amemthresh",
1597 .data = &sysctl_ip_vs_amemthresh,
1598 .maxlen = sizeof(int),
1599 .mode = 0644,
1600 .proc_handler = proc_dointvec,
1601 },
1602#ifdef CONFIG_IP_VS_DEBUG
1603 {
1604 .procname = "debug_level",
1605 .data = &sysctl_ip_vs_debug_level,
1606 .maxlen = sizeof(int), 1567 .maxlen = sizeof(int),
1607 .mode = 0644, 1568 .mode = 0644,
1608 .proc_handler = proc_dointvec, 1569 .proc_handler = proc_dointvec,
1609 }, 1570 },
1610#endif
1611 { 1571 {
1612 .procname = "am_droprate", 1572 .procname = "am_droprate",
1613 .data = &sysctl_ip_vs_am_droprate,
1614 .maxlen = sizeof(int), 1573 .maxlen = sizeof(int),
1615 .mode = 0644, 1574 .mode = 0644,
1616 .proc_handler = proc_dointvec, 1575 .proc_handler = proc_dointvec,
1617 }, 1576 },
1618 { 1577 {
1619 .procname = "drop_entry", 1578 .procname = "drop_entry",
1620 .data = &sysctl_ip_vs_drop_entry,
1621 .maxlen = sizeof(int), 1579 .maxlen = sizeof(int),
1622 .mode = 0644, 1580 .mode = 0644,
1623 .proc_handler = proc_do_defense_mode, 1581 .proc_handler = proc_do_defense_mode,
1624 }, 1582 },
1625 { 1583 {
1626 .procname = "drop_packet", 1584 .procname = "drop_packet",
1627 .data = &sysctl_ip_vs_drop_packet,
1628 .maxlen = sizeof(int), 1585 .maxlen = sizeof(int),
1629 .mode = 0644, 1586 .mode = 0644,
1630 .proc_handler = proc_do_defense_mode, 1587 .proc_handler = proc_do_defense_mode,
@@ -1632,7 +1589,6 @@ static struct ctl_table vs_vars[] = {
1632#ifdef CONFIG_IP_VS_NFCT 1589#ifdef CONFIG_IP_VS_NFCT
1633 { 1590 {
1634 .procname = "conntrack", 1591 .procname = "conntrack",
1635 .data = &sysctl_ip_vs_conntrack,
1636 .maxlen = sizeof(int), 1592 .maxlen = sizeof(int),
1637 .mode = 0644, 1593 .mode = 0644,
1638 .proc_handler = &proc_dointvec, 1594 .proc_handler = &proc_dointvec,
@@ -1640,25 +1596,62 @@ static struct ctl_table vs_vars[] = {
1640#endif 1596#endif
1641 { 1597 {
1642 .procname = "secure_tcp", 1598 .procname = "secure_tcp",
1643 .data = &sysctl_ip_vs_secure_tcp,
1644 .maxlen = sizeof(int), 1599 .maxlen = sizeof(int),
1645 .mode = 0644, 1600 .mode = 0644,
1646 .proc_handler = proc_do_defense_mode, 1601 .proc_handler = proc_do_defense_mode,
1647 }, 1602 },
1648 { 1603 {
1649 .procname = "snat_reroute", 1604 .procname = "snat_reroute",
1650 .data = &sysctl_ip_vs_snat_reroute,
1651 .maxlen = sizeof(int), 1605 .maxlen = sizeof(int),
1652 .mode = 0644, 1606 .mode = 0644,
1653 .proc_handler = &proc_dointvec, 1607 .proc_handler = &proc_dointvec,
1654 }, 1608 },
1655 { 1609 {
1656 .procname = "sync_version", 1610 .procname = "sync_version",
1657 .data = &sysctl_ip_vs_sync_ver,
1658 .maxlen = sizeof(int), 1611 .maxlen = sizeof(int),
1659 .mode = 0644, 1612 .mode = 0644,
1660 .proc_handler = &proc_do_sync_mode, 1613 .proc_handler = &proc_do_sync_mode,
1661 }, 1614 },
1615 {
1616 .procname = "cache_bypass",
1617 .maxlen = sizeof(int),
1618 .mode = 0644,
1619 .proc_handler = proc_dointvec,
1620 },
1621 {
1622 .procname = "expire_nodest_conn",
1623 .maxlen = sizeof(int),
1624 .mode = 0644,
1625 .proc_handler = proc_dointvec,
1626 },
1627 {
1628 .procname = "expire_quiescent_template",
1629 .maxlen = sizeof(int),
1630 .mode = 0644,
1631 .proc_handler = proc_dointvec,
1632 },
1633 {
1634 .procname = "sync_threshold",
1635 .maxlen =
1636 sizeof(((struct netns_ipvs *)0)->sysctl_sync_threshold),
1637 .mode = 0644,
1638 .proc_handler = proc_do_sync_threshold,
1639 },
1640 {
1641 .procname = "nat_icmp_send",
1642 .maxlen = sizeof(int),
1643 .mode = 0644,
1644 .proc_handler = proc_dointvec,
1645 },
1646#ifdef CONFIG_IP_VS_DEBUG
1647 {
1648 .procname = "debug_level",
1649 .data = &sysctl_ip_vs_debug_level,
1650 .maxlen = sizeof(int),
1651 .mode = 0644,
1652 .proc_handler = proc_dointvec,
1653 },
1654#endif
1662#if 0 1655#if 0
1663 { 1656 {
1664 .procname = "timeout_established", 1657 .procname = "timeout_established",
@@ -1745,41 +1738,6 @@ static struct ctl_table vs_vars[] = {
1745 .proc_handler = proc_dointvec_jiffies, 1738 .proc_handler = proc_dointvec_jiffies,
1746 }, 1739 },
1747#endif 1740#endif
1748 {
1749 .procname = "cache_bypass",
1750 .data = &sysctl_ip_vs_cache_bypass,
1751 .maxlen = sizeof(int),
1752 .mode = 0644,
1753 .proc_handler = proc_dointvec,
1754 },
1755 {
1756 .procname = "expire_nodest_conn",
1757 .data = &sysctl_ip_vs_expire_nodest_conn,
1758 .maxlen = sizeof(int),
1759 .mode = 0644,
1760 .proc_handler = proc_dointvec,
1761 },
1762 {
1763 .procname = "expire_quiescent_template",
1764 .data = &sysctl_ip_vs_expire_quiescent_template,
1765 .maxlen = sizeof(int),
1766 .mode = 0644,
1767 .proc_handler = proc_dointvec,
1768 },
1769 {
1770 .procname = "sync_threshold",
1771 .data = &sysctl_ip_vs_sync_threshold,
1772 .maxlen = sizeof(sysctl_ip_vs_sync_threshold),
1773 .mode = 0644,
1774 .proc_handler = proc_do_sync_threshold,
1775 },
1776 {
1777 .procname = "nat_icmp_send",
1778 .data = &sysctl_ip_vs_nat_icmp_send,
1779 .maxlen = sizeof(int),
1780 .mode = 0644,
1781 .proc_handler = proc_dointvec,
1782 },
1783 { } 1741 { }
1784}; 1742};
1785 1743
@@ -1791,8 +1749,6 @@ const struct ctl_path net_vs_ctl_path[] = {
1791}; 1749};
1792EXPORT_SYMBOL_GPL(net_vs_ctl_path); 1750EXPORT_SYMBOL_GPL(net_vs_ctl_path);
1793 1751
1794static struct ctl_table_header * sysctl_header;
1795
1796#ifdef CONFIG_PROC_FS 1752#ifdef CONFIG_PROC_FS
1797 1753
1798struct ip_vs_iter { 1754struct ip_vs_iter {
@@ -2543,7 +2499,7 @@ do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2543 struct ip_vs_getinfo info; 2499 struct ip_vs_getinfo info;
2544 info.version = IP_VS_VERSION_CODE; 2500 info.version = IP_VS_VERSION_CODE;
2545 info.size = ip_vs_conn_tab_size; 2501 info.size = ip_vs_conn_tab_size;
2546 info.num_services = ip_vs_num_services; 2502 info.num_services = ipvs->num_services;
2547 if (copy_to_user(user, &info, sizeof(info)) != 0) 2503 if (copy_to_user(user, &info, sizeof(info)) != 0)
2548 ret = -EFAULT; 2504 ret = -EFAULT;
2549 } 2505 }
@@ -3014,7 +2970,7 @@ static int ip_vs_genl_dump_dests(struct sk_buff *skb,
3014 struct ip_vs_service *svc; 2970 struct ip_vs_service *svc;
3015 struct ip_vs_dest *dest; 2971 struct ip_vs_dest *dest;
3016 struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1]; 2972 struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1];
3017 struct net *net; 2973 struct net *net = skb_sknet(skb);
3018 2974
3019 mutex_lock(&__ip_vs_mutex); 2975 mutex_lock(&__ip_vs_mutex);
3020 2976
@@ -3023,7 +2979,7 @@ static int ip_vs_genl_dump_dests(struct sk_buff *skb,
3023 IPVS_CMD_ATTR_MAX, ip_vs_cmd_policy)) 2979 IPVS_CMD_ATTR_MAX, ip_vs_cmd_policy))
3024 goto out_err; 2980 goto out_err;
3025 2981
3026 net = skb_sknet(skb); 2982
3027 svc = ip_vs_genl_find_service(net, attrs[IPVS_CMD_ATTR_SERVICE]); 2983 svc = ip_vs_genl_find_service(net, attrs[IPVS_CMD_ATTR_SERVICE]);
3028 if (IS_ERR(svc) || svc == NULL) 2984 if (IS_ERR(svc) || svc == NULL)
3029 goto out_err; 2985 goto out_err;
@@ -3215,8 +3171,10 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3215 int ret = 0, cmd; 3171 int ret = 0, cmd;
3216 int need_full_svc = 0, need_full_dest = 0; 3172 int need_full_svc = 0, need_full_dest = 0;
3217 struct net *net; 3173 struct net *net;
3174 struct netns_ipvs *ipvs;
3218 3175
3219 net = skb_sknet(skb); 3176 net = skb_sknet(skb);
3177 ipvs = net_ipvs(net);
3220 cmd = info->genlhdr->cmd; 3178 cmd = info->genlhdr->cmd;
3221 3179
3222 mutex_lock(&__ip_vs_mutex); 3180 mutex_lock(&__ip_vs_mutex);
@@ -3326,8 +3284,10 @@ static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct genl_info *info)
3326 void *reply; 3284 void *reply;
3327 int ret, cmd, reply_cmd; 3285 int ret, cmd, reply_cmd;
3328 struct net *net; 3286 struct net *net;
3287 struct netns_ipvs *ipvs;
3329 3288
3330 net = skb_sknet(skb); 3289 net = skb_sknet(skb);
3290 ipvs = net_ipvs(net);
3331 cmd = info->genlhdr->cmd; 3291 cmd = info->genlhdr->cmd;
3332 3292
3333 if (cmd == IPVS_CMD_GET_SERVICE) 3293 if (cmd == IPVS_CMD_GET_SERVICE)
@@ -3530,9 +3490,21 @@ int __net_init __ip_vs_control_init(struct net *net)
3530{ 3490{
3531 int idx; 3491 int idx;
3532 struct netns_ipvs *ipvs = net_ipvs(net); 3492 struct netns_ipvs *ipvs = net_ipvs(net);
3493 struct ctl_table *tbl;
3533 3494
3534 if (!net_eq(net, &init_net)) /* netns not enabled yet */ 3495 if (!net_eq(net, &init_net)) /* netns not enabled yet */
3535 return -EPERM; 3496 return -EPERM;
3497
3498 atomic_set(&ipvs->dropentry, 0);
3499 spin_lock_init(&ipvs->dropentry_lock);
3500 spin_lock_init(&ipvs->droppacket_lock);
3501 spin_lock_init(&ipvs->securetcp_lock);
3502 ipvs->rs_lock = __RW_LOCK_UNLOCKED(ipvs->rs_lock);
3503
3504 /* Initialize rs_table */
3505 for (idx = 0; idx < IP_VS_RTAB_SIZE; idx++)
3506 INIT_LIST_HEAD(&ipvs->rs_table[idx]);
3507
3536 /* procfs stats */ 3508 /* procfs stats */
3537 ipvs->tot_stats = kzalloc(sizeof(struct ip_vs_stats), GFP_KERNEL); 3509 ipvs->tot_stats = kzalloc(sizeof(struct ip_vs_stats), GFP_KERNEL);
3538 if (ipvs->tot_stats == NULL) { 3510 if (ipvs->tot_stats == NULL) {
@@ -3553,14 +3525,51 @@ int __net_init __ip_vs_control_init(struct net *net)
3553 proc_net_fops_create(net, "ip_vs_stats", 0, &ip_vs_stats_fops); 3525 proc_net_fops_create(net, "ip_vs_stats", 0, &ip_vs_stats_fops);
3554 proc_net_fops_create(net, "ip_vs_stats_percpu", 0, 3526 proc_net_fops_create(net, "ip_vs_stats_percpu", 0,
3555 &ip_vs_stats_percpu_fops); 3527 &ip_vs_stats_percpu_fops);
3556 sysctl_header = register_net_sysctl_table(net, net_vs_ctl_path, 3528
3529 if (!net_eq(net, &init_net)) {
3530 tbl = kmemdup(vs_vars, sizeof(vs_vars), GFP_KERNEL);
3531 if (tbl == NULL)
3532 goto err_dup;
3533 } else
3534 tbl = vs_vars;
3535 /* Initialize sysctl defaults */
3536 idx = 0;
3537 ipvs->sysctl_amemthresh = 1024;
3538 tbl[idx++].data = &ipvs->sysctl_amemthresh;
3539 ipvs->sysctl_am_droprate = 10;
3540 tbl[idx++].data = &ipvs->sysctl_am_droprate;
3541 tbl[idx++].data = &ipvs->sysctl_drop_entry;
3542 tbl[idx++].data = &ipvs->sysctl_drop_packet;
3543#ifdef CONFIG_IP_VS_NFCT
3544 tbl[idx++].data = &ipvs->sysctl_conntrack;
3545#endif
3546 tbl[idx++].data = &ipvs->sysctl_secure_tcp;
3547 ipvs->sysctl_snat_reroute = 1;
3548 tbl[idx++].data = &ipvs->sysctl_snat_reroute;
3549 ipvs->sysctl_sync_ver = 1;
3550 tbl[idx++].data = &ipvs->sysctl_sync_ver;
3551 tbl[idx++].data = &ipvs->sysctl_cache_bypass;
3552 tbl[idx++].data = &ipvs->sysctl_expire_nodest_conn;
3553 tbl[idx++].data = &ipvs->sysctl_expire_quiescent_template;
3554 ipvs->sysctl_sync_threshold[0] = 3;
3555 ipvs->sysctl_sync_threshold[1] = 50;
3556 tbl[idx].data = &ipvs->sysctl_sync_threshold;
3557 tbl[idx++].maxlen = sizeof(ipvs->sysctl_sync_threshold);
3558 tbl[idx++].data = &ipvs->sysctl_nat_icmp_send;
3559
3560
3561 ipvs->sysctl_hdr = register_net_sysctl_table(net, net_vs_ctl_path,
3557 vs_vars); 3562 vs_vars);
3558 if (sysctl_header == NULL) 3563 if (ipvs->sysctl_hdr == NULL)
3559 goto err_reg; 3564 goto err_reg;
3560 ip_vs_new_estimator(net, ipvs->tot_stats); 3565 ip_vs_new_estimator(net, ipvs->tot_stats);
3566 ipvs->sysctl_tbl = tbl;
3561 return 0; 3567 return 0;
3562 3568
3563err_reg: 3569err_reg:
3570 if (!net_eq(net, &init_net))
3571 kfree(tbl);
3572err_dup:
3564 free_percpu(ipvs->cpustats); 3573 free_percpu(ipvs->cpustats);
3565err_alloc: 3574err_alloc:
3566 kfree(ipvs->tot_stats); 3575 kfree(ipvs->tot_stats);
@@ -3575,7 +3584,7 @@ static void __net_exit __ip_vs_control_cleanup(struct net *net)
3575 return; 3584 return;
3576 3585
3577 ip_vs_kill_estimator(net, ipvs->tot_stats); 3586 ip_vs_kill_estimator(net, ipvs->tot_stats);
3578 unregister_net_sysctl_table(sysctl_header); 3587 unregister_net_sysctl_table(ipvs->sysctl_hdr);
3579 proc_net_remove(net, "ip_vs_stats_percpu"); 3588 proc_net_remove(net, "ip_vs_stats_percpu");
3580 proc_net_remove(net, "ip_vs_stats"); 3589 proc_net_remove(net, "ip_vs_stats");
3581 proc_net_remove(net, "ip_vs"); 3590 proc_net_remove(net, "ip_vs");
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-21 04:22:19 -0400