diff options
author | Julius Volz <juliusv@google.com> | 2008-09-02 09:55:40 -0400 |
---|---|---|
committer | Simon Horman <horms@verge.net.au> | 2008-09-04 21:17:06 -0400 |
commit | 51ef348b14183789e4cb3444d05ce83b1b69d8fb (patch) | |
tree | e14e54ce262073b63a3343c764b8174b1041b577 | |
parent | b14198f6c1bea1687d20723db35d8effecd9d899 (diff) |
IPVS: Add 'af' args to protocol handler functions
Add 'af' arguments to conn_schedule(), conn_in_get(), conn_out_get() and
csum_check() function pointers in struct ip_vs_protocol. Extend the
respective functions for TCP, UDP, AH and ESP and adjust the callers.
The changes in the callers need to be somewhat extensive, since they now
need to pass a filled out struct ip_vs_iphdr * to the modified functions
instead of a struct iphdr *.
Signed-off-by: Julius Volz <juliusv@google.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
-rw-r--r-- | include/net/ip_vs.h | 15 | ||||
-rw-r--r-- | net/ipv4/ipvs/ip_vs_core.c | 64 | ||||
-rw-r--r-- | net/ipv4/ipvs/ip_vs_proto_ah_esp.c | 56 | ||||
-rw-r--r-- | net/ipv4/ipvs/ip_vs_proto_tcp.c | 79 | ||||
-rw-r--r-- | net/ipv4/ipvs/ip_vs_proto_udp.c | 81 |
5 files changed, 171 insertions, 124 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 3d3b699dc022..68f004f9bcc2 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h | |||
@@ -296,21 +296,23 @@ struct ip_vs_protocol { | |||
296 | 296 | ||
297 | void (*exit)(struct ip_vs_protocol *pp); | 297 | void (*exit)(struct ip_vs_protocol *pp); |
298 | 298 | ||
299 | int (*conn_schedule)(struct sk_buff *skb, | 299 | int (*conn_schedule)(int af, struct sk_buff *skb, |
300 | struct ip_vs_protocol *pp, | 300 | struct ip_vs_protocol *pp, |
301 | int *verdict, struct ip_vs_conn **cpp); | 301 | int *verdict, struct ip_vs_conn **cpp); |
302 | 302 | ||
303 | struct ip_vs_conn * | 303 | struct ip_vs_conn * |
304 | (*conn_in_get)(const struct sk_buff *skb, | 304 | (*conn_in_get)(int af, |
305 | const struct sk_buff *skb, | ||
305 | struct ip_vs_protocol *pp, | 306 | struct ip_vs_protocol *pp, |
306 | const struct iphdr *iph, | 307 | const struct ip_vs_iphdr *iph, |
307 | unsigned int proto_off, | 308 | unsigned int proto_off, |
308 | int inverse); | 309 | int inverse); |
309 | 310 | ||
310 | struct ip_vs_conn * | 311 | struct ip_vs_conn * |
311 | (*conn_out_get)(const struct sk_buff *skb, | 312 | (*conn_out_get)(int af, |
313 | const struct sk_buff *skb, | ||
312 | struct ip_vs_protocol *pp, | 314 | struct ip_vs_protocol *pp, |
313 | const struct iphdr *iph, | 315 | const struct ip_vs_iphdr *iph, |
314 | unsigned int proto_off, | 316 | unsigned int proto_off, |
315 | int inverse); | 317 | int inverse); |
316 | 318 | ||
@@ -320,7 +322,8 @@ struct ip_vs_protocol { | |||
320 | int (*dnat_handler)(struct sk_buff *skb, | 322 | int (*dnat_handler)(struct sk_buff *skb, |
321 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp); | 323 | struct ip_vs_protocol *pp, struct ip_vs_conn *cp); |
322 | 324 | ||
323 | int (*csum_check)(struct sk_buff *skb, struct ip_vs_protocol *pp); | 325 | int (*csum_check)(int af, struct sk_buff *skb, |
326 | struct ip_vs_protocol *pp); | ||
324 | 327 | ||
325 | const char *(*state_name)(int state); | 328 | const char *(*state_name)(int state); |
326 | 329 | ||
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 4a54f33b60d4..34aaa1480d90 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c | |||
@@ -572,6 +572,7 @@ static int ip_vs_out_icmp(struct sk_buff *skb, int *related) | |||
572 | struct iphdr *iph; | 572 | struct iphdr *iph; |
573 | struct icmphdr _icmph, *ic; | 573 | struct icmphdr _icmph, *ic; |
574 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ | 574 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ |
575 | struct ip_vs_iphdr ciph; | ||
575 | struct ip_vs_conn *cp; | 576 | struct ip_vs_conn *cp; |
576 | struct ip_vs_protocol *pp; | 577 | struct ip_vs_protocol *pp; |
577 | unsigned int offset, ihl, verdict; | 578 | unsigned int offset, ihl, verdict; |
@@ -627,8 +628,9 @@ static int ip_vs_out_icmp(struct sk_buff *skb, int *related) | |||
627 | 628 | ||
628 | offset += cih->ihl * 4; | 629 | offset += cih->ihl * 4; |
629 | 630 | ||
631 | ip_vs_fill_iphdr(AF_INET, cih, &ciph); | ||
630 | /* The embedded headers contain source and dest in reverse order */ | 632 | /* The embedded headers contain source and dest in reverse order */ |
631 | cp = pp->conn_out_get(skb, pp, cih, offset, 1); | 633 | cp = pp->conn_out_get(AF_INET, skb, pp, &ciph, offset, 1); |
632 | if (!cp) | 634 | if (!cp) |
633 | return NF_ACCEPT; | 635 | return NF_ACCEPT; |
634 | 636 | ||
@@ -686,43 +688,41 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, | |||
686 | const struct net_device *in, const struct net_device *out, | 688 | const struct net_device *in, const struct net_device *out, |
687 | int (*okfn)(struct sk_buff *)) | 689 | int (*okfn)(struct sk_buff *)) |
688 | { | 690 | { |
689 | struct iphdr *iph; | 691 | struct ip_vs_iphdr iph; |
690 | struct ip_vs_protocol *pp; | 692 | struct ip_vs_protocol *pp; |
691 | struct ip_vs_conn *cp; | 693 | struct ip_vs_conn *cp; |
692 | int ihl; | ||
693 | 694 | ||
694 | EnterFunction(11); | 695 | EnterFunction(11); |
695 | 696 | ||
696 | if (skb->ipvs_property) | 697 | if (skb->ipvs_property) |
697 | return NF_ACCEPT; | 698 | return NF_ACCEPT; |
698 | 699 | ||
699 | iph = ip_hdr(skb); | 700 | ip_vs_fill_iphdr(AF_INET, skb_network_header(skb), &iph); |
700 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { | 701 | if (unlikely(iph.protocol == IPPROTO_ICMP)) { |
701 | int related, verdict = ip_vs_out_icmp(skb, &related); | 702 | int related, verdict = ip_vs_out_icmp(skb, &related); |
702 | 703 | ||
703 | if (related) | 704 | if (related) |
704 | return verdict; | 705 | return verdict; |
705 | iph = ip_hdr(skb); | 706 | ip_vs_fill_iphdr(AF_INET, skb_network_header(skb), &iph); |
706 | } | 707 | } |
707 | 708 | ||
708 | pp = ip_vs_proto_get(iph->protocol); | 709 | pp = ip_vs_proto_get(iph.protocol); |
709 | if (unlikely(!pp)) | 710 | if (unlikely(!pp)) |
710 | return NF_ACCEPT; | 711 | return NF_ACCEPT; |
711 | 712 | ||
712 | /* reassemble IP fragments */ | 713 | /* reassemble IP fragments */ |
713 | if (unlikely(iph->frag_off & htons(IP_MF|IP_OFFSET) && | 714 | if (unlikely(ip_hdr(skb)->frag_off & htons(IP_MF|IP_OFFSET) && |
714 | !pp->dont_defrag)) { | 715 | !pp->dont_defrag)) { |
715 | if (ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT)) | 716 | if (ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT)) |
716 | return NF_STOLEN; | 717 | return NF_STOLEN; |
717 | iph = ip_hdr(skb); | ||
718 | } | ||
719 | 718 | ||
720 | ihl = iph->ihl << 2; | 719 | ip_vs_fill_iphdr(AF_INET, skb_network_header(skb), &iph); |
720 | } | ||
721 | 721 | ||
722 | /* | 722 | /* |
723 | * Check if the packet belongs to an existing entry | 723 | * Check if the packet belongs to an existing entry |
724 | */ | 724 | */ |
725 | cp = pp->conn_out_get(skb, pp, iph, ihl, 0); | 725 | cp = pp->conn_out_get(AF_INET, skb, pp, &iph, iph.len, 0); |
726 | 726 | ||
727 | if (unlikely(!cp)) { | 727 | if (unlikely(!cp)) { |
728 | if (sysctl_ip_vs_nat_icmp_send && | 728 | if (sysctl_ip_vs_nat_icmp_send && |
@@ -730,18 +730,18 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, | |||
730 | pp->protocol == IPPROTO_UDP)) { | 730 | pp->protocol == IPPROTO_UDP)) { |
731 | __be16 _ports[2], *pptr; | 731 | __be16 _ports[2], *pptr; |
732 | 732 | ||
733 | pptr = skb_header_pointer(skb, ihl, | 733 | pptr = skb_header_pointer(skb, iph.len, |
734 | sizeof(_ports), _ports); | 734 | sizeof(_ports), _ports); |
735 | if (pptr == NULL) | 735 | if (pptr == NULL) |
736 | return NF_ACCEPT; /* Not for me */ | 736 | return NF_ACCEPT; /* Not for me */ |
737 | if (ip_vs_lookup_real_service(iph->protocol, | 737 | if (ip_vs_lookup_real_service(iph.protocol, |
738 | iph->saddr, pptr[0])) { | 738 | iph.saddr.ip, pptr[0])) { |
739 | /* | 739 | /* |
740 | * Notify the real server: there is no | 740 | * Notify the real server: there is no |
741 | * existing entry if it is not RST | 741 | * existing entry if it is not RST |
742 | * packet or not TCP packet. | 742 | * packet or not TCP packet. |
743 | */ | 743 | */ |
744 | if (iph->protocol != IPPROTO_TCP | 744 | if (iph.protocol != IPPROTO_TCP |
745 | || !is_tcp_reset(skb)) { | 745 | || !is_tcp_reset(skb)) { |
746 | icmp_send(skb,ICMP_DEST_UNREACH, | 746 | icmp_send(skb,ICMP_DEST_UNREACH, |
747 | ICMP_PORT_UNREACH, 0); | 747 | ICMP_PORT_UNREACH, 0); |
@@ -756,7 +756,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff *skb, | |||
756 | 756 | ||
757 | IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet"); | 757 | IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet"); |
758 | 758 | ||
759 | if (!skb_make_writable(skb, ihl)) | 759 | if (!skb_make_writable(skb, iph.len)) |
760 | goto drop; | 760 | goto drop; |
761 | 761 | ||
762 | /* mangle the packet */ | 762 | /* mangle the packet */ |
@@ -804,6 +804,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
804 | struct iphdr *iph; | 804 | struct iphdr *iph; |
805 | struct icmphdr _icmph, *ic; | 805 | struct icmphdr _icmph, *ic; |
806 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ | 806 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ |
807 | struct ip_vs_iphdr ciph; | ||
807 | struct ip_vs_conn *cp; | 808 | struct ip_vs_conn *cp; |
808 | struct ip_vs_protocol *pp; | 809 | struct ip_vs_protocol *pp; |
809 | unsigned int offset, ihl, verdict; | 810 | unsigned int offset, ihl, verdict; |
@@ -860,8 +861,9 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) | |||
860 | 861 | ||
861 | offset += cih->ihl * 4; | 862 | offset += cih->ihl * 4; |
862 | 863 | ||
864 | ip_vs_fill_iphdr(AF_INET, cih, &ciph); | ||
863 | /* The embedded headers contain source and dest in reverse order */ | 865 | /* The embedded headers contain source and dest in reverse order */ |
864 | cp = pp->conn_in_get(skb, pp, cih, offset, 1); | 866 | cp = pp->conn_in_get(AF_INET, skb, pp, &ciph, offset, 1); |
865 | if (!cp) | 867 | if (!cp) |
866 | return NF_ACCEPT; | 868 | return NF_ACCEPT; |
867 | 869 | ||
@@ -897,11 +899,12 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, | |||
897 | const struct net_device *in, const struct net_device *out, | 899 | const struct net_device *in, const struct net_device *out, |
898 | int (*okfn)(struct sk_buff *)) | 900 | int (*okfn)(struct sk_buff *)) |
899 | { | 901 | { |
900 | struct iphdr *iph; | 902 | struct ip_vs_iphdr iph; |
901 | struct ip_vs_protocol *pp; | 903 | struct ip_vs_protocol *pp; |
902 | struct ip_vs_conn *cp; | 904 | struct ip_vs_conn *cp; |
903 | int ret, restart; | 905 | int ret, restart; |
904 | int ihl; | 906 | |
907 | ip_vs_fill_iphdr(AF_INET, skb_network_header(skb), &iph); | ||
905 | 908 | ||
906 | /* | 909 | /* |
907 | * Big tappo: only PACKET_HOST (neither loopback nor mcasts) | 910 | * Big tappo: only PACKET_HOST (neither loopback nor mcasts) |
@@ -909,38 +912,35 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, | |||
909 | */ | 912 | */ |
910 | if (unlikely(skb->pkt_type != PACKET_HOST | 913 | if (unlikely(skb->pkt_type != PACKET_HOST |
911 | || skb->dev->flags & IFF_LOOPBACK || skb->sk)) { | 914 | || skb->dev->flags & IFF_LOOPBACK || skb->sk)) { |
912 | IP_VS_DBG(12, "packet type=%d proto=%d daddr=%d.%d.%d.%d ignored\n", | 915 | IP_VS_DBG_BUF(12, "packet type=%d proto=%d daddr=%s ignored\n", |
913 | skb->pkt_type, | 916 | skb->pkt_type, |
914 | ip_hdr(skb)->protocol, | 917 | iph.protocol, |
915 | NIPQUAD(ip_hdr(skb)->daddr)); | 918 | IP_VS_DBG_ADDR(AF_INET, &iph.daddr)); |
916 | return NF_ACCEPT; | 919 | return NF_ACCEPT; |
917 | } | 920 | } |
918 | 921 | ||
919 | iph = ip_hdr(skb); | 922 | if (unlikely(iph.protocol == IPPROTO_ICMP)) { |
920 | if (unlikely(iph->protocol == IPPROTO_ICMP)) { | ||
921 | int related, verdict = ip_vs_in_icmp(skb, &related, hooknum); | 923 | int related, verdict = ip_vs_in_icmp(skb, &related, hooknum); |
922 | 924 | ||
923 | if (related) | 925 | if (related) |
924 | return verdict; | 926 | return verdict; |
925 | iph = ip_hdr(skb); | 927 | ip_vs_fill_iphdr(AF_INET, skb_network_header(skb), &iph); |
926 | } | 928 | } |
927 | 929 | ||
928 | /* Protocol supported? */ | 930 | /* Protocol supported? */ |
929 | pp = ip_vs_proto_get(iph->protocol); | 931 | pp = ip_vs_proto_get(iph.protocol); |
930 | if (unlikely(!pp)) | 932 | if (unlikely(!pp)) |
931 | return NF_ACCEPT; | 933 | return NF_ACCEPT; |
932 | 934 | ||
933 | ihl = iph->ihl << 2; | ||
934 | |||
935 | /* | 935 | /* |
936 | * Check if the packet belongs to an existing connection entry | 936 | * Check if the packet belongs to an existing connection entry |
937 | */ | 937 | */ |
938 | cp = pp->conn_in_get(skb, pp, iph, ihl, 0); | 938 | cp = pp->conn_in_get(AF_INET, skb, pp, &iph, iph.len, 0); |
939 | 939 | ||
940 | if (unlikely(!cp)) { | 940 | if (unlikely(!cp)) { |
941 | int v; | 941 | int v; |
942 | 942 | ||
943 | if (!pp->conn_schedule(skb, pp, &v, &cp)) | 943 | if (!pp->conn_schedule(AF_INET, skb, pp, &v, &cp)) |
944 | return v; | 944 | return v; |
945 | } | 945 | } |
946 | 946 | ||
diff --git a/net/ipv4/ipvs/ip_vs_proto_ah_esp.c b/net/ipv4/ipvs/ip_vs_proto_ah_esp.c index 3f9ebd7639ae..2a361a991745 100644 --- a/net/ipv4/ipvs/ip_vs_proto_ah_esp.c +++ b/net/ipv4/ipvs/ip_vs_proto_ah_esp.c | |||
@@ -39,25 +39,23 @@ struct isakmp_hdr { | |||
39 | 39 | ||
40 | 40 | ||
41 | static struct ip_vs_conn * | 41 | static struct ip_vs_conn * |
42 | ah_esp_conn_in_get(const struct sk_buff *skb, | 42 | ah_esp_conn_in_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp, |
43 | struct ip_vs_protocol *pp, | 43 | const struct ip_vs_iphdr *iph, unsigned int proto_off, |
44 | const struct iphdr *iph, | ||
45 | unsigned int proto_off, | ||
46 | int inverse) | 44 | int inverse) |
47 | { | 45 | { |
48 | struct ip_vs_conn *cp; | 46 | struct ip_vs_conn *cp; |
49 | 47 | ||
50 | if (likely(!inverse)) { | 48 | if (likely(!inverse)) { |
51 | cp = ip_vs_conn_in_get(IPPROTO_UDP, | 49 | cp = ip_vs_conn_in_get(IPPROTO_UDP, |
52 | iph->saddr, | 50 | iph->saddr.ip, |
53 | htons(PORT_ISAKMP), | 51 | htons(PORT_ISAKMP), |
54 | iph->daddr, | 52 | iph->daddr.ip, |
55 | htons(PORT_ISAKMP)); | 53 | htons(PORT_ISAKMP)); |
56 | } else { | 54 | } else { |
57 | cp = ip_vs_conn_in_get(IPPROTO_UDP, | 55 | cp = ip_vs_conn_in_get(IPPROTO_UDP, |
58 | iph->daddr, | 56 | iph->daddr.ip, |
59 | htons(PORT_ISAKMP), | 57 | htons(PORT_ISAKMP), |
60 | iph->saddr, | 58 | iph->saddr.ip, |
61 | htons(PORT_ISAKMP)); | 59 | htons(PORT_ISAKMP)); |
62 | } | 60 | } |
63 | 61 | ||
@@ -66,12 +64,12 @@ ah_esp_conn_in_get(const struct sk_buff *skb, | |||
66 | * We are not sure if the packet is from our | 64 | * We are not sure if the packet is from our |
67 | * service, so our conn_schedule hook should return NF_ACCEPT | 65 | * service, so our conn_schedule hook should return NF_ACCEPT |
68 | */ | 66 | */ |
69 | IP_VS_DBG(12, "Unknown ISAKMP entry for outin packet " | 67 | IP_VS_DBG_BUF(12, "Unknown ISAKMP entry for outin packet " |
70 | "%s%s %u.%u.%u.%u->%u.%u.%u.%u\n", | 68 | "%s%s %s->%s\n", |
71 | inverse ? "ICMP+" : "", | 69 | inverse ? "ICMP+" : "", |
72 | pp->name, | 70 | pp->name, |
73 | NIPQUAD(iph->saddr), | 71 | IP_VS_DBG_ADDR(af, &iph->saddr), |
74 | NIPQUAD(iph->daddr)); | 72 | IP_VS_DBG_ADDR(af, &iph->daddr)); |
75 | } | 73 | } |
76 | 74 | ||
77 | return cp; | 75 | return cp; |
@@ -79,32 +77,35 @@ ah_esp_conn_in_get(const struct sk_buff *skb, | |||
79 | 77 | ||
80 | 78 | ||
81 | static struct ip_vs_conn * | 79 | static struct ip_vs_conn * |
82 | ah_esp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | 80 | ah_esp_conn_out_get(int af, const struct sk_buff *skb, |
83 | const struct iphdr *iph, unsigned int proto_off, int inverse) | 81 | struct ip_vs_protocol *pp, |
82 | const struct ip_vs_iphdr *iph, | ||
83 | unsigned int proto_off, | ||
84 | int inverse) | ||
84 | { | 85 | { |
85 | struct ip_vs_conn *cp; | 86 | struct ip_vs_conn *cp; |
86 | 87 | ||
87 | if (likely(!inverse)) { | 88 | if (likely(!inverse)) { |
88 | cp = ip_vs_conn_out_get(IPPROTO_UDP, | 89 | cp = ip_vs_conn_out_get(IPPROTO_UDP, |
89 | iph->saddr, | 90 | iph->saddr.ip, |
90 | htons(PORT_ISAKMP), | 91 | htons(PORT_ISAKMP), |
91 | iph->daddr, | 92 | iph->daddr.ip, |
92 | htons(PORT_ISAKMP)); | 93 | htons(PORT_ISAKMP)); |
93 | } else { | 94 | } else { |
94 | cp = ip_vs_conn_out_get(IPPROTO_UDP, | 95 | cp = ip_vs_conn_out_get(IPPROTO_UDP, |
95 | iph->daddr, | 96 | iph->daddr.ip, |
96 | htons(PORT_ISAKMP), | 97 | htons(PORT_ISAKMP), |
97 | iph->saddr, | 98 | iph->saddr.ip, |
98 | htons(PORT_ISAKMP)); | 99 | htons(PORT_ISAKMP)); |
99 | } | 100 | } |
100 | 101 | ||
101 | if (!cp) { | 102 | if (!cp) { |
102 | IP_VS_DBG(12, "Unknown ISAKMP entry for inout packet " | 103 | IP_VS_DBG_BUF(12, "Unknown ISAKMP entry for inout packet " |
103 | "%s%s %u.%u.%u.%u->%u.%u.%u.%u\n", | 104 | "%s%s %s->%s\n", |
104 | inverse ? "ICMP+" : "", | 105 | inverse ? "ICMP+" : "", |
105 | pp->name, | 106 | pp->name, |
106 | NIPQUAD(iph->saddr), | 107 | IP_VS_DBG_ADDR(af, &iph->saddr), |
107 | NIPQUAD(iph->daddr)); | 108 | IP_VS_DBG_ADDR(af, &iph->daddr)); |
108 | } | 109 | } |
109 | 110 | ||
110 | return cp; | 111 | return cp; |
@@ -112,8 +113,7 @@ ah_esp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
112 | 113 | ||
113 | 114 | ||
114 | static int | 115 | static int |
115 | ah_esp_conn_schedule(struct sk_buff *skb, | 116 | ah_esp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_protocol *pp, |
116 | struct ip_vs_protocol *pp, | ||
117 | int *verdict, struct ip_vs_conn **cpp) | 117 | int *verdict, struct ip_vs_conn **cpp) |
118 | { | 118 | { |
119 | /* | 119 | /* |
diff --git a/net/ipv4/ipvs/ip_vs_proto_tcp.c b/net/ipv4/ipvs/ip_vs_proto_tcp.c index fe93c9e6ff63..9211afa8f303 100644 --- a/net/ipv4/ipvs/ip_vs_proto_tcp.c +++ b/net/ipv4/ipvs/ip_vs_proto_tcp.c | |||
@@ -25,8 +25,9 @@ | |||
25 | 25 | ||
26 | 26 | ||
27 | static struct ip_vs_conn * | 27 | static struct ip_vs_conn * |
28 | tcp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | 28 | tcp_conn_in_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp, |
29 | const struct iphdr *iph, unsigned int proto_off, int inverse) | 29 | const struct ip_vs_iphdr *iph, unsigned int proto_off, |
30 | int inverse) | ||
30 | { | 31 | { |
31 | __be16 _ports[2], *pptr; | 32 | __be16 _ports[2], *pptr; |
32 | 33 | ||
@@ -36,18 +37,19 @@ tcp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
36 | 37 | ||
37 | if (likely(!inverse)) { | 38 | if (likely(!inverse)) { |
38 | return ip_vs_conn_in_get(iph->protocol, | 39 | return ip_vs_conn_in_get(iph->protocol, |
39 | iph->saddr, pptr[0], | 40 | iph->saddr.ip, pptr[0], |
40 | iph->daddr, pptr[1]); | 41 | iph->daddr.ip, pptr[1]); |
41 | } else { | 42 | } else { |
42 | return ip_vs_conn_in_get(iph->protocol, | 43 | return ip_vs_conn_in_get(iph->protocol, |
43 | iph->daddr, pptr[1], | 44 | iph->daddr.ip, pptr[1], |
44 | iph->saddr, pptr[0]); | 45 | iph->saddr.ip, pptr[0]); |
45 | } | 46 | } |
46 | } | 47 | } |
47 | 48 | ||
48 | static struct ip_vs_conn * | 49 | static struct ip_vs_conn * |
49 | tcp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | 50 | tcp_conn_out_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp, |
50 | const struct iphdr *iph, unsigned int proto_off, int inverse) | 51 | const struct ip_vs_iphdr *iph, unsigned int proto_off, |
52 | int inverse) | ||
51 | { | 53 | { |
52 | __be16 _ports[2], *pptr; | 54 | __be16 _ports[2], *pptr; |
53 | 55 | ||
@@ -57,26 +59,25 @@ tcp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
57 | 59 | ||
58 | if (likely(!inverse)) { | 60 | if (likely(!inverse)) { |
59 | return ip_vs_conn_out_get(iph->protocol, | 61 | return ip_vs_conn_out_get(iph->protocol, |
60 | iph->saddr, pptr[0], | 62 | iph->saddr.ip, pptr[0], |
61 | iph->daddr, pptr[1]); | 63 | iph->daddr.ip, pptr[1]); |
62 | } else { | 64 | } else { |
63 | return ip_vs_conn_out_get(iph->protocol, | 65 | return ip_vs_conn_out_get(iph->protocol, |
64 | iph->daddr, pptr[1], | 66 | iph->daddr.ip, pptr[1], |
65 | iph->saddr, pptr[0]); | 67 | iph->saddr.ip, pptr[0]); |
66 | } | 68 | } |
67 | } | 69 | } |
68 | 70 | ||
69 | 71 | ||
70 | static int | 72 | static int |
71 | tcp_conn_schedule(struct sk_buff *skb, | 73 | tcp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_protocol *pp, |
72 | struct ip_vs_protocol *pp, | ||
73 | int *verdict, struct ip_vs_conn **cpp) | 74 | int *verdict, struct ip_vs_conn **cpp) |
74 | { | 75 | { |
75 | struct ip_vs_service *svc; | 76 | struct ip_vs_service *svc; |
76 | struct tcphdr _tcph, *th; | 77 | struct tcphdr _tcph, *th; |
77 | struct ip_vs_iphdr iph; | 78 | struct ip_vs_iphdr iph; |
78 | 79 | ||
79 | ip_vs_fill_iphdr(AF_INET, skb_network_header(skb), &iph); | 80 | ip_vs_fill_iphdr(af, skb_network_header(skb), &iph); |
80 | 81 | ||
81 | th = skb_header_pointer(skb, iph.len, sizeof(_tcph), &_tcph); | 82 | th = skb_header_pointer(skb, iph.len, sizeof(_tcph), &_tcph); |
82 | if (th == NULL) { | 83 | if (th == NULL) { |
@@ -85,8 +86,8 @@ tcp_conn_schedule(struct sk_buff *skb, | |||
85 | } | 86 | } |
86 | 87 | ||
87 | if (th->syn && | 88 | if (th->syn && |
88 | (svc = ip_vs_service_get(AF_INET, skb->mark, iph.protocol, | 89 | (svc = ip_vs_service_get(af, skb->mark, iph.protocol, &iph.daddr, |
89 | &iph.daddr, th->dest))) { | 90 | th->dest))) { |
90 | if (ip_vs_todrop()) { | 91 | if (ip_vs_todrop()) { |
91 | /* | 92 | /* |
92 | * It seems that we are very loaded. | 93 | * It seems that we are very loaded. |
@@ -136,7 +137,7 @@ tcp_snat_handler(struct sk_buff *skb, | |||
136 | 137 | ||
137 | if (unlikely(cp->app != NULL)) { | 138 | if (unlikely(cp->app != NULL)) { |
138 | /* Some checks before mangling */ | 139 | /* Some checks before mangling */ |
139 | if (pp->csum_check && !pp->csum_check(skb, pp)) | 140 | if (pp->csum_check && !pp->csum_check(AF_INET, skb, pp)) |
140 | return 0; | 141 | return 0; |
141 | 142 | ||
142 | /* Call application helper if needed */ | 143 | /* Call application helper if needed */ |
@@ -182,7 +183,7 @@ tcp_dnat_handler(struct sk_buff *skb, | |||
182 | 183 | ||
183 | if (unlikely(cp->app != NULL)) { | 184 | if (unlikely(cp->app != NULL)) { |
184 | /* Some checks before mangling */ | 185 | /* Some checks before mangling */ |
185 | if (pp->csum_check && !pp->csum_check(skb, pp)) | 186 | if (pp->csum_check && !pp->csum_check(AF_INET, skb, pp)) |
186 | return 0; | 187 | return 0; |
187 | 188 | ||
188 | /* | 189 | /* |
@@ -219,21 +220,43 @@ tcp_dnat_handler(struct sk_buff *skb, | |||
219 | 220 | ||
220 | 221 | ||
221 | static int | 222 | static int |
222 | tcp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) | 223 | tcp_csum_check(int af, struct sk_buff *skb, struct ip_vs_protocol *pp) |
223 | { | 224 | { |
224 | const unsigned int tcphoff = ip_hdrlen(skb); | 225 | unsigned int tcphoff; |
226 | |||
227 | #ifdef CONFIG_IP_VS_IPV6 | ||
228 | if (af == AF_INET6) | ||
229 | tcphoff = sizeof(struct ipv6hdr); | ||
230 | else | ||
231 | #endif | ||
232 | tcphoff = ip_hdrlen(skb); | ||
225 | 233 | ||
226 | switch (skb->ip_summed) { | 234 | switch (skb->ip_summed) { |
227 | case CHECKSUM_NONE: | 235 | case CHECKSUM_NONE: |
228 | skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); | 236 | skb->csum = skb_checksum(skb, tcphoff, skb->len - tcphoff, 0); |
229 | case CHECKSUM_COMPLETE: | 237 | case CHECKSUM_COMPLETE: |
230 | if (csum_tcpudp_magic(ip_hdr(skb)->saddr, ip_hdr(skb)->daddr, | 238 | #ifdef CONFIG_IP_VS_IPV6 |
231 | skb->len - tcphoff, | 239 | if (af == AF_INET6) { |
232 | ip_hdr(skb)->protocol, skb->csum)) { | 240 | if (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, |
233 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, | 241 | &ipv6_hdr(skb)->daddr, |
234 | "Failed checksum for"); | 242 | skb->len - tcphoff, |
235 | return 0; | 243 | ipv6_hdr(skb)->nexthdr, |
236 | } | 244 | skb->csum)) { |
245 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, | ||
246 | "Failed checksum for"); | ||
247 | return 0; | ||
248 | } | ||
249 | } else | ||
250 | #endif | ||
251 | if (csum_tcpudp_magic(ip_hdr(skb)->saddr, | ||
252 | ip_hdr(skb)->daddr, | ||
253 | skb->len - tcphoff, | ||
254 | ip_hdr(skb)->protocol, | ||
255 | skb->csum)) { | ||
256 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, | ||
257 | "Failed checksum for"); | ||
258 | return 0; | ||
259 | } | ||
237 | break; | 260 | break; |
238 | default: | 261 | default: |
239 | /* No need to checksum. */ | 262 | /* No need to checksum. */ |
diff --git a/net/ipv4/ipvs/ip_vs_proto_udp.c b/net/ipv4/ipvs/ip_vs_proto_udp.c index d208ed6eb9fc..d3a1b1f2d10d 100644 --- a/net/ipv4/ipvs/ip_vs_proto_udp.c +++ b/net/ipv4/ipvs/ip_vs_proto_udp.c | |||
@@ -24,8 +24,9 @@ | |||
24 | #include <net/ip.h> | 24 | #include <net/ip.h> |
25 | 25 | ||
26 | static struct ip_vs_conn * | 26 | static struct ip_vs_conn * |
27 | udp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | 27 | udp_conn_in_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp, |
28 | const struct iphdr *iph, unsigned int proto_off, int inverse) | 28 | const struct ip_vs_iphdr *iph, unsigned int proto_off, |
29 | int inverse) | ||
29 | { | 30 | { |
30 | struct ip_vs_conn *cp; | 31 | struct ip_vs_conn *cp; |
31 | __be16 _ports[2], *pptr; | 32 | __be16 _ports[2], *pptr; |
@@ -36,12 +37,12 @@ udp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
36 | 37 | ||
37 | if (likely(!inverse)) { | 38 | if (likely(!inverse)) { |
38 | cp = ip_vs_conn_in_get(iph->protocol, | 39 | cp = ip_vs_conn_in_get(iph->protocol, |
39 | iph->saddr, pptr[0], | 40 | iph->saddr.ip, pptr[0], |
40 | iph->daddr, pptr[1]); | 41 | iph->daddr.ip, pptr[1]); |
41 | } else { | 42 | } else { |
42 | cp = ip_vs_conn_in_get(iph->protocol, | 43 | cp = ip_vs_conn_in_get(iph->protocol, |
43 | iph->daddr, pptr[1], | 44 | iph->daddr.ip, pptr[1], |
44 | iph->saddr, pptr[0]); | 45 | iph->saddr.ip, pptr[0]); |
45 | } | 46 | } |
46 | 47 | ||
47 | return cp; | 48 | return cp; |
@@ -49,25 +50,25 @@ udp_conn_in_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
49 | 50 | ||
50 | 51 | ||
51 | static struct ip_vs_conn * | 52 | static struct ip_vs_conn * |
52 | udp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | 53 | udp_conn_out_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp, |
53 | const struct iphdr *iph, unsigned int proto_off, int inverse) | 54 | const struct ip_vs_iphdr *iph, unsigned int proto_off, |
55 | int inverse) | ||
54 | { | 56 | { |
55 | struct ip_vs_conn *cp; | 57 | struct ip_vs_conn *cp; |
56 | __be16 _ports[2], *pptr; | 58 | __be16 _ports[2], *pptr; |
57 | 59 | ||
58 | pptr = skb_header_pointer(skb, ip_hdrlen(skb), | 60 | pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports); |
59 | sizeof(_ports), _ports); | ||
60 | if (pptr == NULL) | 61 | if (pptr == NULL) |
61 | return NULL; | 62 | return NULL; |
62 | 63 | ||
63 | if (likely(!inverse)) { | 64 | if (likely(!inverse)) { |
64 | cp = ip_vs_conn_out_get(iph->protocol, | 65 | cp = ip_vs_conn_out_get(iph->protocol, |
65 | iph->saddr, pptr[0], | 66 | iph->saddr.ip, pptr[0], |
66 | iph->daddr, pptr[1]); | 67 | iph->daddr.ip, pptr[1]); |
67 | } else { | 68 | } else { |
68 | cp = ip_vs_conn_out_get(iph->protocol, | 69 | cp = ip_vs_conn_out_get(iph->protocol, |
69 | iph->daddr, pptr[1], | 70 | iph->daddr.ip, pptr[1], |
70 | iph->saddr, pptr[0]); | 71 | iph->saddr.ip, pptr[0]); |
71 | } | 72 | } |
72 | 73 | ||
73 | return cp; | 74 | return cp; |
@@ -75,14 +76,14 @@ udp_conn_out_get(const struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
75 | 76 | ||
76 | 77 | ||
77 | static int | 78 | static int |
78 | udp_conn_schedule(struct sk_buff *skb, struct ip_vs_protocol *pp, | 79 | udp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_protocol *pp, |
79 | int *verdict, struct ip_vs_conn **cpp) | 80 | int *verdict, struct ip_vs_conn **cpp) |
80 | { | 81 | { |
81 | struct ip_vs_service *svc; | 82 | struct ip_vs_service *svc; |
82 | struct udphdr _udph, *uh; | 83 | struct udphdr _udph, *uh; |
83 | struct ip_vs_iphdr iph; | 84 | struct ip_vs_iphdr iph; |
84 | 85 | ||
85 | ip_vs_fill_iphdr(AF_INET, skb_network_header(skb), &iph); | 86 | ip_vs_fill_iphdr(af, skb_network_header(skb), &iph); |
86 | 87 | ||
87 | uh = skb_header_pointer(skb, iph.len, sizeof(_udph), &_udph); | 88 | uh = skb_header_pointer(skb, iph.len, sizeof(_udph), &_udph); |
88 | if (uh == NULL) { | 89 | if (uh == NULL) { |
@@ -90,7 +91,7 @@ udp_conn_schedule(struct sk_buff *skb, struct ip_vs_protocol *pp, | |||
90 | return 0; | 91 | return 0; |
91 | } | 92 | } |
92 | 93 | ||
93 | svc = ip_vs_service_get(AF_INET, skb->mark, iph.protocol, | 94 | svc = ip_vs_service_get(af, skb->mark, iph.protocol, |
94 | &iph.daddr, uh->dest); | 95 | &iph.daddr, uh->dest); |
95 | if (svc) { | 96 | if (svc) { |
96 | if (ip_vs_todrop()) { | 97 | if (ip_vs_todrop()) { |
@@ -143,7 +144,7 @@ udp_snat_handler(struct sk_buff *skb, | |||
143 | 144 | ||
144 | if (unlikely(cp->app != NULL)) { | 145 | if (unlikely(cp->app != NULL)) { |
145 | /* Some checks before mangling */ | 146 | /* Some checks before mangling */ |
146 | if (pp->csum_check && !pp->csum_check(skb, pp)) | 147 | if (pp->csum_check && !pp->csum_check(AF_INET, skb, pp)) |
147 | return 0; | 148 | return 0; |
148 | 149 | ||
149 | /* | 150 | /* |
@@ -195,7 +196,7 @@ udp_dnat_handler(struct sk_buff *skb, | |||
195 | 196 | ||
196 | if (unlikely(cp->app != NULL)) { | 197 | if (unlikely(cp->app != NULL)) { |
197 | /* Some checks before mangling */ | 198 | /* Some checks before mangling */ |
198 | if (pp->csum_check && !pp->csum_check(skb, pp)) | 199 | if (pp->csum_check && !pp->csum_check(AF_INET, skb, pp)) |
199 | return 0; | 200 | return 0; |
200 | 201 | ||
201 | /* | 202 | /* |
@@ -234,10 +235,17 @@ udp_dnat_handler(struct sk_buff *skb, | |||
234 | 235 | ||
235 | 236 | ||
236 | static int | 237 | static int |
237 | udp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) | 238 | udp_csum_check(int af, struct sk_buff *skb, struct ip_vs_protocol *pp) |
238 | { | 239 | { |
239 | struct udphdr _udph, *uh; | 240 | struct udphdr _udph, *uh; |
240 | const unsigned int udphoff = ip_hdrlen(skb); | 241 | unsigned int udphoff; |
242 | |||
243 | #ifdef CONFIG_IP_VS_IPV6 | ||
244 | if (af == AF_INET6) | ||
245 | udphoff = sizeof(struct ipv6hdr); | ||
246 | else | ||
247 | #endif | ||
248 | udphoff = ip_hdrlen(skb); | ||
241 | 249 | ||
242 | uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph); | 250 | uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph); |
243 | if (uh == NULL) | 251 | if (uh == NULL) |
@@ -249,15 +257,28 @@ udp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp) | |||
249 | skb->csum = skb_checksum(skb, udphoff, | 257 | skb->csum = skb_checksum(skb, udphoff, |
250 | skb->len - udphoff, 0); | 258 | skb->len - udphoff, 0); |
251 | case CHECKSUM_COMPLETE: | 259 | case CHECKSUM_COMPLETE: |
252 | if (csum_tcpudp_magic(ip_hdr(skb)->saddr, | 260 | #ifdef CONFIG_IP_VS_IPV6 |
253 | ip_hdr(skb)->daddr, | 261 | if (af == AF_INET6) { |
254 | skb->len - udphoff, | 262 | if (csum_ipv6_magic(&ipv6_hdr(skb)->saddr, |
255 | ip_hdr(skb)->protocol, | 263 | &ipv6_hdr(skb)->daddr, |
256 | skb->csum)) { | 264 | skb->len - udphoff, |
257 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, | 265 | ipv6_hdr(skb)->nexthdr, |
258 | "Failed checksum for"); | 266 | skb->csum)) { |
259 | return 0; | 267 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, |
260 | } | 268 | "Failed checksum for"); |
269 | return 0; | ||
270 | } | ||
271 | } else | ||
272 | #endif | ||
273 | if (csum_tcpudp_magic(ip_hdr(skb)->saddr, | ||
274 | ip_hdr(skb)->daddr, | ||
275 | skb->len - udphoff, | ||
276 | ip_hdr(skb)->protocol, | ||
277 | skb->csum)) { | ||
278 | IP_VS_DBG_RL_PKT(0, pp, skb, 0, | ||
279 | "Failed checksum for"); | ||
280 | return 0; | ||
281 | } | ||
261 | break; | 282 | break; |
262 | default: | 283 | default: |
263 | /* No need to checksum. */ | 284 | /* No need to checksum. */ |