diff options
| author | David S. Miller <davem@davemloft.net> | 2013-06-30 20:35:13 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2013-06-30 20:35:13 -0400 |
| commit | 4e144d3a807d6d2aa03d2cb234d88ef1a140e8c3 (patch) | |
| tree | 7780ce6a8c84068820f8bbcc5116db6430db3d3b /include/net | |
| parent | 008aebde9be37e7e1248332b1983976e354327ea (diff) | |
| parent | 496e4ae7dc944faa1721bfda7e9d834d5611a874 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
The following batch contains Netfilter/IPVS updates for net-next,
they are:
* Enforce policy to several nfnetlink subsystem, from Daniel
Borkmann.
* Use xt_socket to match the third packet (to perform simplistic
socket-based stateful filtering), from Eric Dumazet.
* Avoid large timeout for picked up from the middle TCP flows,
from Florian Westphal.
* Exclude IPVS from struct net if IPVS is disabled and removal
of unnecessary included header file, from JunweiZhang.
* Release SCTP connection immediately under load, to mimic current
TCP behaviour, from Julian Anastasov.
* Replace and enhance SCTP state machine, from Julian Anastasov.
* Add tweak to reduce sync traffic in the presence of persistence,
also from Julian Anastasov.
* Add tweak for the IPVS SH scheduler not to reject connections
directed to a server, choose a new one instead, from Alexander
Frolkin.
* Add support for sloppy TCP and SCTP modes, that creates state
information on any packet, not only initial handshake packets,
from Alexander Frolkin.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/ip_vs.h | 84 | ||||
| -rw-r--r-- | include/net/net_namespace.h | 2 |
2 files changed, 50 insertions, 36 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 4405886980c7..f0d70f066f3d 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h | |||
| @@ -197,31 +197,6 @@ ip_vs_fill_iph_skb(int af, const struct sk_buff *skb, struct ip_vs_iphdr *iphdr) | |||
| 197 | } | 197 | } |
| 198 | } | 198 | } |
| 199 | 199 | ||
| 200 | /* This function is a faster version of ip_vs_fill_iph_skb(). | ||
| 201 | * Where we only populate {s,d}addr (and avoid calling ipv6_find_hdr()). | ||
| 202 | * This is used by the some of the ip_vs_*_schedule() functions. | ||
| 203 | * (Mostly done to avoid ABI breakage of external schedulers) | ||
| 204 | */ | ||
| 205 | static inline void | ||
| 206 | ip_vs_fill_iph_addr_only(int af, const struct sk_buff *skb, | ||
| 207 | struct ip_vs_iphdr *iphdr) | ||
| 208 | { | ||
| 209 | #ifdef CONFIG_IP_VS_IPV6 | ||
| 210 | if (af == AF_INET6) { | ||
| 211 | const struct ipv6hdr *iph = | ||
| 212 | (struct ipv6hdr *)skb_network_header(skb); | ||
| 213 | iphdr->saddr.in6 = iph->saddr; | ||
| 214 | iphdr->daddr.in6 = iph->daddr; | ||
| 215 | } else | ||
| 216 | #endif | ||
| 217 | { | ||
| 218 | const struct iphdr *iph = | ||
| 219 | (struct iphdr *)skb_network_header(skb); | ||
| 220 | iphdr->saddr.ip = iph->saddr; | ||
| 221 | iphdr->daddr.ip = iph->daddr; | ||
| 222 | } | ||
| 223 | } | ||
| 224 | |||
| 225 | static inline void ip_vs_addr_copy(int af, union nf_inet_addr *dst, | 200 | static inline void ip_vs_addr_copy(int af, union nf_inet_addr *dst, |
| 226 | const union nf_inet_addr *src) | 201 | const union nf_inet_addr *src) |
| 227 | { | 202 | { |
| @@ -405,17 +380,18 @@ enum { | |||
| 405 | */ | 380 | */ |
| 406 | enum ip_vs_sctp_states { | 381 | enum ip_vs_sctp_states { |
| 407 | IP_VS_SCTP_S_NONE, | 382 | IP_VS_SCTP_S_NONE, |
| 408 | IP_VS_SCTP_S_INIT_CLI, | 383 | IP_VS_SCTP_S_INIT1, |
| 409 | IP_VS_SCTP_S_INIT_SER, | 384 | IP_VS_SCTP_S_INIT, |
| 410 | IP_VS_SCTP_S_INIT_ACK_CLI, | 385 | IP_VS_SCTP_S_COOKIE_SENT, |
| 411 | IP_VS_SCTP_S_INIT_ACK_SER, | 386 | IP_VS_SCTP_S_COOKIE_REPLIED, |
| 412 | IP_VS_SCTP_S_ECHO_CLI, | 387 | IP_VS_SCTP_S_COOKIE_WAIT, |
| 413 | IP_VS_SCTP_S_ECHO_SER, | 388 | IP_VS_SCTP_S_COOKIE, |
| 389 | IP_VS_SCTP_S_COOKIE_ECHOED, | ||
| 414 | IP_VS_SCTP_S_ESTABLISHED, | 390 | IP_VS_SCTP_S_ESTABLISHED, |
| 415 | IP_VS_SCTP_S_SHUT_CLI, | 391 | IP_VS_SCTP_S_SHUTDOWN_SENT, |
| 416 | IP_VS_SCTP_S_SHUT_SER, | 392 | IP_VS_SCTP_S_SHUTDOWN_RECEIVED, |
| 417 | IP_VS_SCTP_S_SHUT_ACK_CLI, | 393 | IP_VS_SCTP_S_SHUTDOWN_ACK_SENT, |
| 418 | IP_VS_SCTP_S_SHUT_ACK_SER, | 394 | IP_VS_SCTP_S_REJECTED, |
| 419 | IP_VS_SCTP_S_CLOSED, | 395 | IP_VS_SCTP_S_CLOSED, |
| 420 | IP_VS_SCTP_S_LAST | 396 | IP_VS_SCTP_S_LAST |
| 421 | }; | 397 | }; |
| @@ -814,7 +790,8 @@ struct ip_vs_scheduler { | |||
| 814 | 790 | ||
| 815 | /* selecting a server from the given service */ | 791 | /* selecting a server from the given service */ |
| 816 | struct ip_vs_dest* (*schedule)(struct ip_vs_service *svc, | 792 | struct ip_vs_dest* (*schedule)(struct ip_vs_service *svc, |
| 817 | const struct sk_buff *skb); | 793 | const struct sk_buff *skb, |
| 794 | struct ip_vs_iphdr *iph); | ||
| 818 | }; | 795 | }; |
| 819 | 796 | ||
| 820 | /* The persistence engine object */ | 797 | /* The persistence engine object */ |
| @@ -998,10 +975,13 @@ struct netns_ipvs { | |||
| 998 | int sysctl_snat_reroute; | 975 | int sysctl_snat_reroute; |
| 999 | int sysctl_sync_ver; | 976 | int sysctl_sync_ver; |
| 1000 | int sysctl_sync_ports; | 977 | int sysctl_sync_ports; |
| 978 | int sysctl_sync_persist_mode; | ||
| 1001 | unsigned long sysctl_sync_qlen_max; | 979 | unsigned long sysctl_sync_qlen_max; |
| 1002 | int sysctl_sync_sock_size; | 980 | int sysctl_sync_sock_size; |
| 1003 | int sysctl_cache_bypass; | 981 | int sysctl_cache_bypass; |
| 1004 | int sysctl_expire_nodest_conn; | 982 | int sysctl_expire_nodest_conn; |
| 983 | int sysctl_sloppy_tcp; | ||
| 984 | int sysctl_sloppy_sctp; | ||
| 1005 | int sysctl_expire_quiescent_template; | 985 | int sysctl_expire_quiescent_template; |
| 1006 | int sysctl_sync_threshold[2]; | 986 | int sysctl_sync_threshold[2]; |
| 1007 | unsigned int sysctl_sync_refresh_period; | 987 | unsigned int sysctl_sync_refresh_period; |
| @@ -1044,6 +1024,8 @@ struct netns_ipvs { | |||
| 1044 | #define DEFAULT_SYNC_THRESHOLD 3 | 1024 | #define DEFAULT_SYNC_THRESHOLD 3 |
| 1045 | #define DEFAULT_SYNC_PERIOD 50 | 1025 | #define DEFAULT_SYNC_PERIOD 50 |
| 1046 | #define DEFAULT_SYNC_VER 1 | 1026 | #define DEFAULT_SYNC_VER 1 |
| 1027 | #define DEFAULT_SLOPPY_TCP 0 | ||
| 1028 | #define DEFAULT_SLOPPY_SCTP 0 | ||
| 1047 | #define DEFAULT_SYNC_REFRESH_PERIOD (0U * HZ) | 1029 | #define DEFAULT_SYNC_REFRESH_PERIOD (0U * HZ) |
| 1048 | #define DEFAULT_SYNC_RETRIES 0 | 1030 | #define DEFAULT_SYNC_RETRIES 0 |
| 1049 | #define IPVS_SYNC_WAKEUP_RATE 8 | 1031 | #define IPVS_SYNC_WAKEUP_RATE 8 |
| @@ -1080,11 +1062,26 @@ static inline int sysctl_sync_ver(struct netns_ipvs *ipvs) | |||
| 1080 | return ipvs->sysctl_sync_ver; | 1062 | return ipvs->sysctl_sync_ver; |
| 1081 | } | 1063 | } |
| 1082 | 1064 | ||
| 1065 | static inline int sysctl_sloppy_tcp(struct netns_ipvs *ipvs) | ||
| 1066 | { | ||
| 1067 | return ipvs->sysctl_sloppy_tcp; | ||
| 1068 | } | ||
| 1069 | |||
| 1070 | static inline int sysctl_sloppy_sctp(struct netns_ipvs *ipvs) | ||
| 1071 | { | ||
| 1072 | return ipvs->sysctl_sloppy_sctp; | ||
| 1073 | } | ||
| 1074 | |||
| 1083 | static inline int sysctl_sync_ports(struct netns_ipvs *ipvs) | 1075 | static inline int sysctl_sync_ports(struct netns_ipvs *ipvs) |
| 1084 | { | 1076 | { |
| 1085 | return ACCESS_ONCE(ipvs->sysctl_sync_ports); | 1077 | return ACCESS_ONCE(ipvs->sysctl_sync_ports); |
| 1086 | } | 1078 | } |
| 1087 | 1079 | ||
| 1080 | static inline int sysctl_sync_persist_mode(struct netns_ipvs *ipvs) | ||
| 1081 | { | ||
| 1082 | return ipvs->sysctl_sync_persist_mode; | ||
| 1083 | } | ||
| 1084 | |||
| 1088 | static inline unsigned long sysctl_sync_qlen_max(struct netns_ipvs *ipvs) | 1085 | static inline unsigned long sysctl_sync_qlen_max(struct netns_ipvs *ipvs) |
| 1089 | { | 1086 | { |
| 1090 | return ipvs->sysctl_sync_qlen_max; | 1087 | return ipvs->sysctl_sync_qlen_max; |
| @@ -1133,11 +1130,26 @@ static inline int sysctl_sync_ver(struct netns_ipvs *ipvs) | |||
| 1133 | return DEFAULT_SYNC_VER; | 1130 | return DEFAULT_SYNC_VER; |
| 1134 | } | 1131 | } |
| 1135 | 1132 | ||
| 1133 | static inline int sysctl_sloppy_tcp(struct netns_ipvs *ipvs) | ||
| 1134 | { | ||
| 1135 | return DEFAULT_SLOPPY_TCP; | ||
| 1136 | } | ||
| 1137 | |||
| 1138 | static inline int sysctl_sloppy_sctp(struct netns_ipvs *ipvs) | ||
| 1139 | { | ||
| 1140 | return DEFAULT_SLOPPY_SCTP; | ||
| 1141 | } | ||
| 1142 | |||
| 1136 | static inline int sysctl_sync_ports(struct netns_ipvs *ipvs) | 1143 | static inline int sysctl_sync_ports(struct netns_ipvs *ipvs) |
| 1137 | { | 1144 | { |
| 1138 | return 1; | 1145 | return 1; |
| 1139 | } | 1146 | } |
| 1140 | 1147 | ||
| 1148 | static inline int sysctl_sync_persist_mode(struct netns_ipvs *ipvs) | ||
| 1149 | { | ||
| 1150 | return 0; | ||
| 1151 | } | ||
| 1152 | |||
| 1141 | static inline unsigned long sysctl_sync_qlen_max(struct netns_ipvs *ipvs) | 1153 | static inline unsigned long sysctl_sync_qlen_max(struct netns_ipvs *ipvs) |
| 1142 | { | 1154 | { |
| 1143 | return IPVS_SYNC_QLEN_MAX; | 1155 | return IPVS_SYNC_QLEN_MAX; |
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 495bc57f292c..84e37b1ca9e1 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h | |||
| @@ -115,7 +115,9 @@ struct net { | |||
| 115 | #ifdef CONFIG_XFRM | 115 | #ifdef CONFIG_XFRM |
| 116 | struct netns_xfrm xfrm; | 116 | struct netns_xfrm xfrm; |
| 117 | #endif | 117 | #endif |
| 118 | #if IS_ENABLED(CONFIG_IP_VS) | ||
| 118 | struct netns_ipvs *ipvs; | 119 | struct netns_ipvs *ipvs; |
| 120 | #endif | ||
| 119 | struct sock *diag_nlsk; | 121 | struct sock *diag_nlsk; |
| 120 | atomic_t rt_genid; | 122 | atomic_t rt_genid; |
| 121 | atomic_t fnhe_genid; | 123 | atomic_t fnhe_genid; |