Merge 'Linux v3.0' into Litmus

Some notes:
* Litmus^RT scheduling class is the topmost scheduling class
  (above stop_sched_class).
* scheduler_ipi() function (e.g., in smp_reschedule_interrupt())
  may increase IPI latencies.
* Added path into schedule() to quickly re-evaluate scheduling
  decision without becoming preemptive again. This used to be
  a standard path before the removal of BKL.

Conflicts:
	Makefile
	arch/arm/kernel/calls.S
	arch/arm/kernel/smp.c
	arch/x86/include/asm/unistd_32.h
	arch/x86/kernel/smp.c
	arch/x86/kernel/syscall_table_32.S
	include/linux/hrtimer.h
	kernel/printk.c
	kernel/sched.c
	kernel/sched_fair.c

1 files changed, 561 insertions, 92 deletions

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index f976885f686f..481f856c650f 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -8,9 +8,6 @@
 
 #include <linux/ip_vs.h>                /* definitions shared with userland */
 
-/* old ipvsadm versions still include this file directly */
-#ifdef __KERNEL__
-
 #include <asm/types.h>                  /* for __uXX types */
 
 #include <linux/sysctl.h>               /* for ctl_path */
@@ -25,7 +22,83 @@
 #include <linux/ip.h>
 #include <linux/ipv6.h>                 /* for struct ipv6hdr */
 #include <net/ipv6.h>                   /* for ipv6_addr_copy */
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+#include <net/netfilter/nf_conntrack.h>
+#endif
+#include <net/net_namespace.h>          /* Netw namespace */
 
+/*
+ * Generic access of ipvs struct
+ */
+static inline struct netns_ipvs *net_ipvs(struct net* net)
+{
+        return net->ipvs;
+}
+/*
+ * Get net ptr from skb in traffic cases
+ * use skb_sknet when call is from userland (ioctl or netlink)
+ */
+static inline struct net *skb_net(const struct sk_buff *skb)
+{
+#ifdef CONFIG_NET_NS
+#ifdef CONFIG_IP_VS_DEBUG
+        /*
+         * This is used for debug only.
+         * Start with the most likely hit
+         * End with BUG
+         */
+        if (likely(skb->dev && skb->dev->nd_net))
+                return dev_net(skb->dev);
+        if (skb_dst(skb) && skb_dst(skb)->dev)
+                return dev_net(skb_dst(skb)->dev);
+        WARN(skb->sk, "Maybe skb_sknet should be used in %s() at line:%d\n",
+                      __func__, __LINE__);
+        if (likely(skb->sk && skb->sk->sk_net))
+                return sock_net(skb->sk);
+        pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
+                __func__, __LINE__);
+        BUG();
+#else
+        return dev_net(skb->dev ? : skb_dst(skb)->dev);
+#endif
+#else
+        return &init_net;
+#endif
+}
+
+static inline struct net *skb_sknet(const struct sk_buff *skb)
+{
+#ifdef CONFIG_NET_NS
+#ifdef CONFIG_IP_VS_DEBUG
+        /* Start with the most likely hit */
+        if (likely(skb->sk && skb->sk->sk_net))
+                return sock_net(skb->sk);
+        WARN(skb->dev, "Maybe skb_net should be used instead in %s() line:%d\n",
+                       __func__, __LINE__);
+        if (likely(skb->dev && skb->dev->nd_net))
+                return dev_net(skb->dev);
+        pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
+                __func__, __LINE__);
+        BUG();
+#else
+        return sock_net(skb->sk);
+#endif
+#else
+        return &init_net;
+#endif
+}
+/*
+ * This one needed for single_open_net since net is stored directly in
+ * private not as a struct i.e. seq_file_net can't be used.
+ */
+static inline struct net *seq_file_single_net(struct seq_file *seq)
+{
+#ifdef CONFIG_NET_NS
+        return (struct net *)seq->private;
+#else
+        return &init_net;
+#endif
+}
 
 /* Connections' size value needed by ip_vs_ctl.c */
 extern int ip_vs_conn_tab_size;
@@ -134,24 +207,24 @@ static inline const char *ip_vs_dbg_addr(int af, char *buf, size_t buf_len,
                 if (net_ratelimit())                                    \
                         printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__);  \
         } while (0)
-#define IP_VS_DBG_PKT(level, pp, skb, ofs, msg)                         \
+#define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg)                     \
         do {                                                            \
                 if (level <= ip_vs_get_debug_level())                   \
-                        pp->debug_packet(pp, skb, ofs, msg);            \
+                        pp->debug_packet(af, pp, skb, ofs, msg);        \
         } while (0)
-#define IP_VS_DBG_RL_PKT(level, pp, skb, ofs, msg)                      \
+#define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg)                  \
         do {                                                            \
                 if (level <= ip_vs_get_debug_level() &&                 \
                     net_ratelimit())                                    \
-                        pp->debug_packet(pp, skb, ofs, msg);            \
+                        pp->debug_packet(af, pp, skb, ofs, msg);        \
         } while (0)
 #else   /* NO DEBUGGING at ALL */
 #define IP_VS_DBG_BUF(level, msg...)  do {} while (0)
 #define IP_VS_ERR_BUF(msg...)  do {} while (0)
 #define IP_VS_DBG(level, msg...)  do {} while (0)
 #define IP_VS_DBG_RL(msg...)  do {} while (0)
-#define IP_VS_DBG_PKT(level, pp, skb, ofs, msg)         do {} while (0)
-#define IP_VS_DBG_RL_PKT(level, pp, skb, ofs, msg)      do {} while (0)
+#define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg)     do {} while (0)
+#define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg)  do {} while (0)
 #endif
 
 #define IP_VS_BUG() BUG()
@@ -256,6 +329,23 @@ struct ip_vs_seq {
                                                    before last resized pkt */
 };
 
+/*
+ * counters per cpu
+ */
+struct ip_vs_counters {
+        __u32           conns;          /* connections scheduled */
+        __u32           inpkts;         /* incoming packets */
+        __u32           outpkts;        /* outgoing packets */
+        __u64           inbytes;        /* incoming bytes */
+        __u64           outbytes;       /* outgoing bytes */
+};
+/*
+ * Stats per cpu
+ */
+struct ip_vs_cpu_stats {
+        struct ip_vs_counters   ustats;
+        struct u64_stats_sync   syncp;
+};
 
 /*
  *      IPVS statistics objects
@@ -277,10 +367,11 @@ struct ip_vs_estimator {
 };
 
 struct ip_vs_stats {
-        struct ip_vs_stats_user ustats;         /* statistics */
+        struct ip_vs_stats_user ustats;         /* statistics */
         struct ip_vs_estimator  est;            /* estimator */
-
-        spinlock_t              lock;           /* spin lock */
+        struct ip_vs_cpu_stats  *cpustats;      /* per cpu counters */
+        spinlock_t              lock;           /* spin lock */
+        struct ip_vs_stats_user ustats0;        /* reset values */
 };
 
 struct dst_entry;
@@ -288,6 +379,7 @@ struct iphdr;
 struct ip_vs_conn;
 struct ip_vs_app;
 struct sk_buff;
+struct ip_vs_proto_data;
 
 struct ip_vs_protocol {
         struct ip_vs_protocol   *next;
@@ -295,21 +387,22 @@ struct ip_vs_protocol {
         u16                     protocol;
         u16                     num_states;
         int                     dont_defrag;
-        atomic_t                appcnt;         /* counter of proto app incs */
-        int                     *timeout_table; /* protocol timeout table */
 
         void (*init)(struct ip_vs_protocol *pp);
 
         void (*exit)(struct ip_vs_protocol *pp);
 
+        void (*init_netns)(struct net *net, struct ip_vs_proto_data *pd);
+
+        void (*exit_netns)(struct net *net, struct ip_vs_proto_data *pd);
+
         int (*conn_schedule)(int af, struct sk_buff *skb,
-                             struct ip_vs_protocol *pp,
+                             struct ip_vs_proto_data *pd,
                              int *verdict, struct ip_vs_conn **cpp);
 
         struct ip_vs_conn *
         (*conn_in_get)(int af,
                        const struct sk_buff *skb,
-                       struct ip_vs_protocol *pp,
                        const struct ip_vs_iphdr *iph,
                        unsigned int proto_off,
                        int inverse);
@@ -317,7 +410,6 @@ struct ip_vs_protocol {
         struct ip_vs_conn *
         (*conn_out_get)(int af,
                         const struct sk_buff *skb,
-                        struct ip_vs_protocol *pp,
                         const struct ip_vs_iphdr *iph,
                         unsigned int proto_off,
                         int inverse);
@@ -335,40 +427,69 @@ struct ip_vs_protocol {
 
         int (*state_transition)(struct ip_vs_conn *cp, int direction,
                                 const struct sk_buff *skb,
-                                struct ip_vs_protocol *pp);
+                                struct ip_vs_proto_data *pd);
 
-        int (*register_app)(struct ip_vs_app *inc);
+        int (*register_app)(struct net *net, struct ip_vs_app *inc);
 
-        void (*unregister_app)(struct ip_vs_app *inc);
+        void (*unregister_app)(struct net *net, struct ip_vs_app *inc);
 
         int (*app_conn_bind)(struct ip_vs_conn *cp);
 
-        void (*debug_packet)(struct ip_vs_protocol *pp,
+        void (*debug_packet)(int af, struct ip_vs_protocol *pp,
                              const struct sk_buff *skb,
                              int offset,
                              const char *msg);
 
-        void (*timeout_change)(struct ip_vs_protocol *pp, int flags);
+        void (*timeout_change)(struct ip_vs_proto_data *pd, int flags);
+};
 
-        int (*set_state_timeout)(struct ip_vs_protocol *pp, char *sname, int to);
+/*
+ * protocol data per netns
+ */
+struct ip_vs_proto_data {
+        struct ip_vs_proto_data *next;
+        struct ip_vs_protocol   *pp;
+        int                     *timeout_table; /* protocol timeout table */
+        atomic_t                appcnt;         /* counter of proto app incs. */
+        struct tcp_states_t     *tcp_state_table;
 };
 
-extern struct ip_vs_protocol * ip_vs_proto_get(unsigned short proto);
+extern struct ip_vs_protocol   *ip_vs_proto_get(unsigned short proto);
+extern struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net,
+                                                     unsigned short proto);
+
+struct ip_vs_conn_param {
+        struct net                      *net;
+        const union nf_inet_addr        *caddr;
+        const union nf_inet_addr        *vaddr;
+        __be16                          cport;
+        __be16                          vport;
+        __u16                           protocol;
+        u16                             af;
+
+        const struct ip_vs_pe           *pe;
+        char                            *pe_data;
+        __u8                            pe_data_len;
+};
 
 /*
  *      IP_VS structure allocated for each dynamically scheduled connection
  */
 struct ip_vs_conn {
-        struct list_head        c_list;         /* hashed list heads */
-
+        struct hlist_node       c_list;         /* hashed list heads */
+#ifdef CONFIG_NET_NS
+        struct net              *net;           /* Name space */
+#endif
         /* Protocol, addresses and port numbers */
-        u16                      af;            /* address family */
-        union nf_inet_addr       caddr;          /* client address */
-        union nf_inet_addr       vaddr;          /* virtual address */
-        union nf_inet_addr       daddr;          /* destination address */
-        __be16                   cport;
-        __be16                   vport;
-        __be16                   dport;
+        u16                     af;             /* address family */
+        __be16                  cport;
+        __be16                  vport;
+        __be16                  dport;
+        __u32                   fwmark;         /* Fire wall mark from skb */
+        union nf_inet_addr      caddr;          /* client address */
+        union nf_inet_addr      vaddr;          /* virtual address */
+        union nf_inet_addr      daddr;          /* destination address */
+        volatile __u32          flags;          /* status flags */
         __u16                   protocol;       /* Which protocol (TCP/UDP) */
 
         /* counter and timer */
@@ -378,7 +499,6 @@ struct ip_vs_conn {
 
         /* Flags and state transition */
         spinlock_t              lock;           /* lock for state transition */
-        volatile __u16          flags;          /* status flags */
         volatile __u16          state;          /* state info */
         volatile __u16          old_state;      /* old state, to be used for
                                                  * state transition triggerd
@@ -394,6 +514,7 @@ struct ip_vs_conn {
         /* packet transmitter for different forwarding methods.  If it
            mangles the packet, it must return NF_DROP or better NF_STOLEN,
            otherwise this must be changed to a sk_buff **.
+           NF_ACCEPT can be returned when destination is local.
          */
         int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp,
                            struct ip_vs_protocol *pp);
@@ -405,8 +526,39 @@ struct ip_vs_conn {
         void                    *app_data;      /* Application private data */
         struct ip_vs_seq        in_seq;         /* incoming seq. struct */
         struct ip_vs_seq        out_seq;        /* outgoing seq. struct */
+
+        const struct ip_vs_pe   *pe;
+        char                    *pe_data;
+        __u8                    pe_data_len;
 };
 
+/*
+ *  To save some memory in conn table when name space is disabled.
+ */
+static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp)
+{
+#ifdef CONFIG_NET_NS
+        return cp->net;
+#else
+        return &init_net;
+#endif
+}
+static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net)
+{
+#ifdef CONFIG_NET_NS
+        cp->net = net;
+#endif
+}
+
+static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp,
+                                    struct net *net)
+{
+#ifdef CONFIG_NET_NS
+        return cp->net == net;
+#else
+        return 1;
+#endif
+}
 
 /*
  *      Extended internal versions of struct ip_vs_service_user and
@@ -426,6 +578,7 @@ struct ip_vs_service_user_kern {
 
         /* virtual service options */
         char                    *sched_name;
+        char                    *pe_name;
         unsigned                flags;          /* virtual service flags */
         unsigned                timeout;        /* persistent timeout in sec */
         u32                     netmask;        /* persistent netmask */
@@ -465,6 +618,7 @@ struct ip_vs_service {
         unsigned                flags;    /* service status flags */
         unsigned                timeout;  /* persistent timeout in ticks */
         __be32                  netmask;  /* grouping granularity */
+        struct net              *net;
 
         struct list_head        destinations;  /* real server d-linked list */
         __u32                   num_dests;     /* number of servers */
@@ -475,6 +629,9 @@ struct ip_vs_service {
         struct ip_vs_scheduler  *scheduler;    /* bound scheduler object */
         rwlock_t                sched_lock;    /* lock sched_data */
         void                    *sched_data;   /* scheduler application data */
+
+        /* alternate persistence engine */
+        struct ip_vs_pe         *pe;
 };
 
 
@@ -487,8 +644,8 @@ struct ip_vs_dest {
         struct list_head        d_list;   /* for table with all the dests */
 
         u16                     af;             /* address family */
-        union nf_inet_addr      addr;           /* IP address of the server */
         __be16                  port;           /* port number of the server */
+        union nf_inet_addr      addr;           /* IP address of the server */
         volatile unsigned       flags;          /* dest status flags */
         atomic_t                conn_flags;     /* flags to copy to conn */
         atomic_t                weight;         /* server weight */
@@ -507,12 +664,14 @@ struct ip_vs_dest {
         spinlock_t              dst_lock;       /* lock of dst_cache */
         struct dst_entry        *dst_cache;     /* destination cache entry */
         u32                     dst_rtos;       /* RT_TOS(tos) for dst */
+        u32                     dst_cookie;
+        union nf_inet_addr      dst_saddr;
 
         /* for virtual service */
         struct ip_vs_service    *svc;           /* service it belongs to */
         __u16                   protocol;       /* which protocol (TCP/UDP) */
-        union nf_inet_addr      vaddr;          /* virtual IP address */
         __be16                  vport;          /* virtual port number */
+        union nf_inet_addr      vaddr;          /* virtual IP address */
         __u32                   vfwmark;        /* firewall mark of service */
 };
 
@@ -538,6 +697,21 @@ struct ip_vs_scheduler {
                                        const struct sk_buff *skb);
 };
 
+/* The persistence engine object */
+struct ip_vs_pe {
+        struct list_head        n_list;         /* d-linked list head */
+        char                    *name;          /* scheduler name */
+        atomic_t                refcnt;         /* reference counter */
+        struct module           *module;        /* THIS_MODULE/NULL */
+
+        /* get the connection template, if any */
+        int (*fill_param)(struct ip_vs_conn_param *p, struct sk_buff *skb);
+        bool (*ct_match)(const struct ip_vs_conn_param *p,
+                         struct ip_vs_conn *ct);
+        u32 (*hashkey_raw)(const struct ip_vs_conn_param *p, u32 initval,
+                           bool inverse);
+        int (*show_pe_data)(const struct ip_vs_conn *cp, char *buf);
+};
 
 /*
  *      The application module object (a.k.a. app incarnation)
@@ -556,11 +730,19 @@ struct ip_vs_app {
         __be16                  port;           /* port number in net order */
         atomic_t                usecnt;         /* usage counter */
 
-        /* output hook: return false if can't linearize. diff set for TCP.  */
+        /*
+         * output hook: Process packet in inout direction, diff set for TCP.
+         * Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok,
+         *         2=Mangled but checksum was not updated
+         */
         int (*pkt_out)(struct ip_vs_app *, struct ip_vs_conn *,
                        struct sk_buff *, int *diff);
 
-        /* input hook: return false if can't linearize. diff set for TCP. */
+        /*
+         * input hook: Process packet in outin direction, diff set for TCP.
+         * Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok,
+         *         2=Mangled but checksum was not updated
+         */
         int (*pkt_in)(struct ip_vs_app *, struct ip_vs_conn *,
                       struct sk_buff *, int *diff);
 
@@ -601,6 +783,171 @@ struct ip_vs_app {
         void (*timeout_change)(struct ip_vs_app *app, int flags);
 };
 
+/* IPVS in network namespace */
+struct netns_ipvs {
+        int                     gen;            /* Generation */
+        int                     enable;         /* enable like nf_hooks do */
+        /*
+         *      Hash table: for real service lookups
+         */
+        #define IP_VS_RTAB_BITS 4
+        #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
+        #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
+
+        struct list_head        rs_table[IP_VS_RTAB_SIZE];
+        /* ip_vs_app */
+        struct list_head        app_list;
+        /* ip_vs_ftp */
+        struct ip_vs_app        *ftp_app;
+        /* ip_vs_proto */
+        #define IP_VS_PROTO_TAB_SIZE    32      /* must be power of 2 */
+        struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
+        /* ip_vs_proto_tcp */
+#ifdef CONFIG_IP_VS_PROTO_TCP
+        #define TCP_APP_TAB_BITS        4
+        #define TCP_APP_TAB_SIZE        (1 << TCP_APP_TAB_BITS)
+        #define TCP_APP_TAB_MASK        (TCP_APP_TAB_SIZE - 1)
+        struct list_head        tcp_apps[TCP_APP_TAB_SIZE];
+        spinlock_t              tcp_app_lock;
+#endif
+        /* ip_vs_proto_udp */
+#ifdef CONFIG_IP_VS_PROTO_UDP
+        #define UDP_APP_TAB_BITS        4
+        #define UDP_APP_TAB_SIZE        (1 << UDP_APP_TAB_BITS)
+        #define UDP_APP_TAB_MASK        (UDP_APP_TAB_SIZE - 1)
+        struct list_head        udp_apps[UDP_APP_TAB_SIZE];
+        spinlock_t              udp_app_lock;
+#endif
+        /* ip_vs_proto_sctp */
+#ifdef CONFIG_IP_VS_PROTO_SCTP
+        #define SCTP_APP_TAB_BITS       4
+        #define SCTP_APP_TAB_SIZE       (1 << SCTP_APP_TAB_BITS)
+        #define SCTP_APP_TAB_MASK       (SCTP_APP_TAB_SIZE - 1)
+        /* Hash table for SCTP application incarnations  */
+        struct list_head        sctp_apps[SCTP_APP_TAB_SIZE];
+        spinlock_t              sctp_app_lock;
+#endif
+        /* ip_vs_conn */
+        atomic_t                conn_count;      /*  connection counter */
+
+        /* ip_vs_ctl */
+        struct ip_vs_stats              tot_stats;  /* Statistics & est. */
+
+        int                     num_services;    /* no of virtual services */
+
+        rwlock_t                rs_lock;         /* real services table */
+        /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
+        struct lock_class_key   ctl_key;        /* ctl_mutex debuging */
+        /* Trash for destinations */
+        struct list_head        dest_trash;
+        /* Service counters */
+        atomic_t                ftpsvc_counter;
+        atomic_t                nullsvc_counter;
+
+#ifdef CONFIG_SYSCTL
+        /* 1/rate drop and drop-entry variables */
+        struct delayed_work     defense_work;   /* Work handler */
+        int                     drop_rate;
+        int                     drop_counter;
+        atomic_t                dropentry;
+        /* locks in ctl.c */
+        spinlock_t              dropentry_lock;  /* drop entry handling */
+        spinlock_t              droppacket_lock; /* drop packet handling */
+        spinlock_t              securetcp_lock;  /* state and timeout tables */
+
+        /* sys-ctl struct */
+        struct ctl_table_header *sysctl_hdr;
+        struct ctl_table        *sysctl_tbl;
+#endif
+
+        /* sysctl variables */
+        int                     sysctl_amemthresh;
+        int                     sysctl_am_droprate;
+        int                     sysctl_drop_entry;
+        int                     sysctl_drop_packet;
+        int                     sysctl_secure_tcp;
+#ifdef CONFIG_IP_VS_NFCT
+        int                     sysctl_conntrack;
+#endif
+        int                     sysctl_snat_reroute;
+        int                     sysctl_sync_ver;
+        int                     sysctl_cache_bypass;
+        int                     sysctl_expire_nodest_conn;
+        int                     sysctl_expire_quiescent_template;
+        int                     sysctl_sync_threshold[2];
+        int                     sysctl_nat_icmp_send;
+
+        /* ip_vs_lblc */
+        int                     sysctl_lblc_expiration;
+        struct ctl_table_header *lblc_ctl_header;
+        struct ctl_table        *lblc_ctl_table;
+        /* ip_vs_lblcr */
+        int                     sysctl_lblcr_expiration;
+        struct ctl_table_header *lblcr_ctl_header;
+        struct ctl_table        *lblcr_ctl_table;
+        /* ip_vs_est */
+        struct list_head        est_list;       /* estimator list */
+        spinlock_t              est_lock;
+        struct timer_list       est_timer;      /* Estimation timer */
+        /* ip_vs_sync */
+        struct list_head        sync_queue;
+        spinlock_t              sync_lock;
+        struct ip_vs_sync_buff  *sync_buff;
+        spinlock_t              sync_buff_lock;
+        struct sockaddr_in      sync_mcast_addr;
+        struct task_struct      *master_thread;
+        struct task_struct      *backup_thread;
+        int                     send_mesg_maxlen;
+        int                     recv_mesg_maxlen;
+        volatile int            sync_state;
+        volatile int            master_syncid;
+        volatile int            backup_syncid;
+        /* multicast interface name */
+        char                    master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
+        char                    backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
+        /* net name space ptr */
+        struct net              *net;            /* Needed by timer routines */
+};
+
+#define DEFAULT_SYNC_THRESHOLD  3
+#define DEFAULT_SYNC_PERIOD     50
+#define DEFAULT_SYNC_VER        1
+
+#ifdef CONFIG_SYSCTL
+
+static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
+{
+        return ipvs->sysctl_sync_threshold[0];
+}
+
+static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
+{
+        return ipvs->sysctl_sync_threshold[1];
+}
+
+static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
+{
+        return ipvs->sysctl_sync_ver;
+}
+
+#else
+
+static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
+{
+        return DEFAULT_SYNC_THRESHOLD;
+}
+
+static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
+{
+        return DEFAULT_SYNC_PERIOD;
+}
+
+static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
+{
+        return DEFAULT_SYNC_VER;
+}
+
+#endif
 
 /*
  *      IPVS core functions
@@ -624,26 +971,35 @@ enum {
         IP_VS_DIR_LAST,
 };
 
-extern struct ip_vs_conn *ip_vs_conn_in_get
-(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
- const union nf_inet_addr *d_addr, __be16 d_port);
+static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol,
+                                         const union nf_inet_addr *caddr,
+                                         __be16 cport,
+                                         const union nf_inet_addr *vaddr,
+                                         __be16 vport,
+                                         struct ip_vs_conn_param *p)
+{
+        p->net = net;
+        p->af = af;
+        p->protocol = protocol;
+        p->caddr = caddr;
+        p->cport = cport;
+        p->vaddr = vaddr;
+        p->vport = vport;
+        p->pe = NULL;
+        p->pe_data = NULL;
+}
 
-extern struct ip_vs_conn *ip_vs_ct_in_get
-(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
- const union nf_inet_addr *d_addr, __be16 d_port);
+struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p);
+struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p);
 
 struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
-                                            struct ip_vs_protocol *pp,
                                             const struct ip_vs_iphdr *iph,
                                             unsigned int proto_off,
                                             int inverse);
 
-extern struct ip_vs_conn *ip_vs_conn_out_get
-(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
- const union nf_inet_addr *d_addr, __be16 d_port);
+struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);
 
 struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
-                                             struct ip_vs_protocol *pp,
                                              const struct ip_vs_iphdr *iph,
                                              unsigned int proto_off,
                                              int inverse);
@@ -656,18 +1012,17 @@ static inline void __ip_vs_conn_put(struct ip_vs_conn *cp)
 extern void ip_vs_conn_put(struct ip_vs_conn *cp);
 extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);
 
-extern struct ip_vs_conn *
-ip_vs_conn_new(int af, int proto, const union nf_inet_addr *caddr, __be16 cport,
-               const union nf_inet_addr *vaddr, __be16 vport,
-               const union nf_inet_addr *daddr, __be16 dport, unsigned flags,
-               struct ip_vs_dest *dest);
+struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p,
+                                  const union nf_inet_addr *daddr,
+                                  __be16 dport, unsigned flags,
+                                  struct ip_vs_dest *dest, __u32 fwmark);
 extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);
 
 extern const char * ip_vs_state_name(__u16 proto, int state);
 
-extern void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp);
+extern void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp);
 extern int ip_vs_check_template(struct ip_vs_conn *ct);
-extern void ip_vs_random_dropentry(void);
+extern void ip_vs_random_dropentry(struct net *net);
 extern int ip_vs_conn_init(void);
 extern void ip_vs_conn_cleanup(void);
 
@@ -731,18 +1086,34 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp)
         atomic_inc(&ctl_cp->n_control);
 }
 
+/*
+ * IPVS netns init & cleanup functions
+ */
+extern int __ip_vs_estimator_init(struct net *net);
+extern int __ip_vs_control_init(struct net *net);
+extern int __ip_vs_protocol_init(struct net *net);
+extern int __ip_vs_app_init(struct net *net);
+extern int __ip_vs_conn_init(struct net *net);
+extern int __ip_vs_sync_init(struct net *net);
+extern void __ip_vs_conn_cleanup(struct net *net);
+extern void __ip_vs_app_cleanup(struct net *net);
+extern void __ip_vs_protocol_cleanup(struct net *net);
+extern void __ip_vs_control_cleanup(struct net *net);
+extern void __ip_vs_estimator_cleanup(struct net *net);
+extern void __ip_vs_sync_cleanup(struct net *net);
+extern void __ip_vs_service_cleanup(struct net *net);
 
 /*
  *      IPVS application functions
  *      (from ip_vs_app.c)
  */
 #define IP_VS_APP_MAX_PORTS  8
-extern int register_ip_vs_app(struct ip_vs_app *app);
-extern void unregister_ip_vs_app(struct ip_vs_app *app);
+extern int register_ip_vs_app(struct net *net, struct ip_vs_app *app);
+extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
 extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 extern void ip_vs_unbind_app(struct ip_vs_conn *cp);
-extern int
-register_ip_vs_app_inc(struct ip_vs_app *app, __u16 proto, __u16 port);
+extern int register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app,
+                                  __u16 proto, __u16 port);
 extern int ip_vs_app_inc_get(struct ip_vs_app *inc);
 extern void ip_vs_app_inc_put(struct ip_vs_app *inc);
 
@@ -751,19 +1122,38 @@ extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff *skb);
 extern int ip_vs_app_init(void);
 extern void ip_vs_app_cleanup(void);
 
+void ip_vs_bind_pe(struct ip_vs_service *svc, struct ip_vs_pe *pe);
+void ip_vs_unbind_pe(struct ip_vs_service *svc);
+int register_ip_vs_pe(struct ip_vs_pe *pe);
+int unregister_ip_vs_pe(struct ip_vs_pe *pe);
+struct ip_vs_pe *ip_vs_pe_getbyname(const char *name);
+struct ip_vs_pe *__ip_vs_pe_getbyname(const char *pe_name);
+
+static inline void ip_vs_pe_get(const struct ip_vs_pe *pe)
+{
+        if (pe && pe->module)
+                __module_get(pe->module);
+}
+
+static inline void ip_vs_pe_put(const struct ip_vs_pe *pe)
+{
+        if (pe && pe->module)
+                module_put(pe->module);
+}
 
 /*
  *      IPVS protocol functions (from ip_vs_proto.c)
  */
 extern int ip_vs_protocol_init(void);
 extern void ip_vs_protocol_cleanup(void);
-extern void ip_vs_protocol_timeout_change(int flags);
+extern void ip_vs_protocol_timeout_change(struct netns_ipvs *ipvs, int flags);
 extern int *ip_vs_create_timeout_table(int *table, int size);
 extern int
 ip_vs_set_state_timeout(int *table, int num, const char *const *names,
                         const char *name, int to);
 extern void
-ip_vs_tcpudp_debug_packet(struct ip_vs_protocol *pp, const struct sk_buff *skb,
+ip_vs_tcpudp_debug_packet(int af, struct ip_vs_protocol *pp,
+                          const struct sk_buff *skb,
                           int offset, const char *msg);
 
 extern struct ip_vs_protocol ip_vs_protocol_tcp;
@@ -785,24 +1175,24 @@ extern int ip_vs_unbind_scheduler(struct ip_vs_service *svc);
 extern struct ip_vs_scheduler *ip_vs_scheduler_get(const char *sched_name);
 extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);
 extern struct ip_vs_conn *
-ip_vs_schedule(struct ip_vs_service *svc, const struct sk_buff *skb);
+ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,
+               struct ip_vs_proto_data *pd, int *ignored);
 extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
-                        struct ip_vs_protocol *pp);
+                        struct ip_vs_proto_data *pd);
+
+extern void ip_vs_scheduler_err(struct ip_vs_service *svc, const char *msg);
 
 
 /*
  *      IPVS control data and functions (from ip_vs_ctl.c)
  */
-extern int sysctl_ip_vs_cache_bypass;
-extern int sysctl_ip_vs_expire_nodest_conn;
-extern int sysctl_ip_vs_expire_quiescent_template;
-extern int sysctl_ip_vs_sync_threshold[2];
-extern int sysctl_ip_vs_nat_icmp_send;
 extern struct ip_vs_stats ip_vs_stats;
 extern const struct ctl_path net_vs_ctl_path[];
+extern int sysctl_ip_vs_sync_ver;
 
+extern void ip_vs_sync_switch_mode(struct net *net, int mode);
 extern struct ip_vs_service *
-ip_vs_service_get(int af, __u32 fwmark, __u16 protocol,
+ip_vs_service_get(struct net *net, int af, __u32 fwmark, __u16 protocol,
                   const union nf_inet_addr *vaddr, __be16 vport);
 
 static inline void ip_vs_service_put(struct ip_vs_service *svc)
@@ -811,7 +1201,7 @@ static inline void ip_vs_service_put(struct ip_vs_service *svc)
 }
 
 extern struct ip_vs_dest *
-ip_vs_lookup_real_service(int af, __u16 protocol,
+ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol,
                           const union nf_inet_addr *daddr, __be16 dport);
 
 extern int ip_vs_use_count_inc(void);
@@ -819,8 +1209,9 @@ extern void ip_vs_use_count_dec(void);
 extern int ip_vs_control_init(void);
 extern void ip_vs_control_cleanup(void);
 extern struct ip_vs_dest *
-ip_vs_find_dest(int af, const union nf_inet_addr *daddr, __be16 dport,
-                const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol);
+ip_vs_find_dest(struct net *net, int af, const union nf_inet_addr *daddr,
+                __be16 dport, const union nf_inet_addr *vaddr, __be16 vport,
+                __u16 protocol, __u32 fwmark);
 extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);
 
 
@@ -828,14 +1219,12 @@ extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);
  *      IPVS sync daemon data and function prototypes
  *      (from ip_vs_sync.c)
  */
-extern volatile int ip_vs_sync_state;
-extern volatile int ip_vs_master_syncid;
-extern volatile int ip_vs_backup_syncid;
-extern char ip_vs_master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
-extern char ip_vs_backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
-extern int start_sync_thread(int state, char *mcast_ifn, __u8 syncid);
-extern int stop_sync_thread(int state);
-extern void ip_vs_sync_conn(struct ip_vs_conn *cp);
+extern int start_sync_thread(struct net *net, int state, char *mcast_ifn,
+                             __u8 syncid);
+extern int stop_sync_thread(struct net *net, int state);
+extern void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp);
+extern int ip_vs_sync_init(void);
+extern void ip_vs_sync_cleanup(void);
 
 
 /*
@@ -843,9 +1232,11 @@ extern void ip_vs_sync_conn(struct ip_vs_conn *cp);
  */
 extern int ip_vs_estimator_init(void);
 extern void ip_vs_estimator_cleanup(void);
-extern void ip_vs_new_estimator(struct ip_vs_stats *stats);
-extern void ip_vs_kill_estimator(struct ip_vs_stats *stats);
+extern void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats);
+extern void ip_vs_stop_estimator(struct net *net, struct ip_vs_stats *stats);
 extern void ip_vs_zero_estimator(struct ip_vs_stats *stats);
+extern void ip_vs_read_estimator(struct ip_vs_stats_user *dst,
+                                 struct ip_vs_stats *stats);
 
 /*
  *      Various IPVS packet transmitters (from ip_vs_xmit.c)
@@ -861,7 +1252,8 @@ extern int ip_vs_tunnel_xmit
 extern int ip_vs_dr_xmit
 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 extern int ip_vs_icmp_xmit
-(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp, int offset);
+(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp,
+ int offset, unsigned int hooknum);
 extern void ip_vs_dst_reset(struct ip_vs_dest *dest);
 
 #ifdef CONFIG_IP_VS_IPV6
@@ -875,24 +1267,28 @@ extern int ip_vs_dr_xmit_v6
 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 extern int ip_vs_icmp_xmit_v6
 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp,
- int offset);
+ int offset, unsigned int hooknum);
 #endif
 
+#ifdef CONFIG_SYSCTL
 /*
  *      This is a simple mechanism to ignore packets when
  *      we are loaded. Just set ip_vs_drop_rate to 'n' and
  *      we start to drop 1/rate of the packets
  */
-extern int ip_vs_drop_rate;
-extern int ip_vs_drop_counter;
 
-static __inline__ int ip_vs_todrop(void)
+static inline int ip_vs_todrop(struct netns_ipvs *ipvs)
 {
-        if (!ip_vs_drop_rate) return 0;
-        if (--ip_vs_drop_counter > 0) return 0;
-        ip_vs_drop_counter = ip_vs_drop_rate;
+        if (!ipvs->drop_rate)
+                return 0;
+        if (--ipvs->drop_counter > 0)
+                return 0;
+        ipvs->drop_counter = ipvs->drop_rate;
         return 1;
 }
+#else
+static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; }
+#endif
 
 /*
  *      ip_vs_fwd_tag returns the forwarding tag of the connection
@@ -955,9 +1351,82 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum)
         return csum_partial(diff, sizeof(diff), oldsum);
 }
 
+/*
+ * Forget current conntrack (unconfirmed) and attach notrack entry
+ */
+static inline void ip_vs_notrack(struct sk_buff *skb)
+{
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+        enum ip_conntrack_info ctinfo;
+        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
+
+        if (!ct || !nf_ct_is_untracked(ct)) {
+                nf_reset(skb);
+                skb->nfct = &nf_ct_untracked_get()->ct_general;
+                skb->nfctinfo = IP_CT_NEW;
+                nf_conntrack_get(skb->nfct);
+        }
+#endif
+}
+
+#ifdef CONFIG_IP_VS_NFCT
+/*
+ *      Netfilter connection tracking
+ *      (from ip_vs_nfct.c)
+ */
+static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
+{
+#ifdef CONFIG_SYSCTL
+        return ipvs->sysctl_conntrack;
+#else
+        return 0;
+#endif
+}
+
 extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
                                    int outin);
+extern int ip_vs_confirm_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp);
+extern void ip_vs_nfct_expect_related(struct sk_buff *skb, struct nf_conn *ct,
+                                      struct ip_vs_conn *cp, u_int8_t proto,
+                                      const __be16 port, int from_rs);
+extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp);
+
+#else
+
+static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
+{
+        return 0;
+}
 
-#endif /* __KERNEL__ */
+static inline void ip_vs_update_conntrack(struct sk_buff *skb,
+                                          struct ip_vs_conn *cp, int outin)
+{
+}
+
+static inline int ip_vs_confirm_conntrack(struct sk_buff *skb,
+                                          struct ip_vs_conn *cp)
+{
+        return NF_ACCEPT;
+}
+
+static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
+{
+}
+/* CONFIG_IP_VS_NFCT */
+#endif
+
+static inline unsigned int
+ip_vs_dest_conn_overhead(struct ip_vs_dest *dest)
+{
+        /*
+         * We think the overhead of processing active connections is 256
+         * times higher than that of inactive connections in average. (This
+         * 256 times might not be accurate, we will change it later) We
+         * use the following formula to estimate the overhead now:
+         *                dest->activeconns*256 + dest->inactconns
+         */
+        return (atomic_read(&dest->activeconns) << 8) +
+                atomic_read(&dest->inactconns);
+}
 
 #endif  /* _NET_IP_VS_H */