aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/net/ip_vs.h53
-rw-r--r--include/net/netns/ip_vs.h2
-rw-r--r--net/netfilter/ipvs/ip_vs_conn.c112
-rw-r--r--net/netfilter/ipvs/ip_vs_core.c15
-rw-r--r--net/netfilter/ipvs/ip_vs_ftp.c14
-rw-r--r--net/netfilter/ipvs/ip_vs_nfct.c6
-rw-r--r--net/netfilter/ipvs/ip_vs_proto_ah_esp.c15
-rw-r--r--net/netfilter/ipvs/ip_vs_proto_sctp.c2
-rw-r--r--net/netfilter/ipvs/ip_vs_proto_tcp.c2
-rw-r--r--net/netfilter/ipvs/ip_vs_proto_udp.c2
-rw-r--r--net/netfilter/ipvs/ip_vs_sync.c13
11 files changed, 153 insertions, 83 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 605d5db81a39..f82c0ffdee74 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -477,6 +477,7 @@ extern struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net,
477 unsigned short proto); 477 unsigned short proto);
478 478
479struct ip_vs_conn_param { 479struct ip_vs_conn_param {
480 struct net *net;
480 const union nf_inet_addr *caddr; 481 const union nf_inet_addr *caddr;
481 const union nf_inet_addr *vaddr; 482 const union nf_inet_addr *vaddr;
482 __be16 cport; 483 __be16 cport;
@@ -494,17 +495,19 @@ struct ip_vs_conn_param {
494 */ 495 */
495struct ip_vs_conn { 496struct ip_vs_conn {
496 struct list_head c_list; /* hashed list heads */ 497 struct list_head c_list; /* hashed list heads */
497 498#ifdef CONFIG_NET_NS
499 struct net *net; /* Name space */
500#endif
498 /* Protocol, addresses and port numbers */ 501 /* Protocol, addresses and port numbers */
499 u16 af; /* address family */ 502 u16 af; /* address family */
500 union nf_inet_addr caddr; /* client address */ 503 __be16 cport;
501 union nf_inet_addr vaddr; /* virtual address */ 504 __be16 vport;
502 union nf_inet_addr daddr; /* destination address */ 505 __be16 dport;
503 volatile __u32 flags; /* status flags */ 506 __u32 fwmark; /* Fire wall mark from skb */
504 __u32 fwmark; /* Fire wall mark from skb */ 507 union nf_inet_addr caddr; /* client address */
505 __be16 cport; 508 union nf_inet_addr vaddr; /* virtual address */
506 __be16 vport; 509 union nf_inet_addr daddr; /* destination address */
507 __be16 dport; 510 volatile __u32 flags; /* status flags */
508 __u16 protocol; /* Which protocol (TCP/UDP) */ 511 __u16 protocol; /* Which protocol (TCP/UDP) */
509 512
510 /* counter and timer */ 513 /* counter and timer */
@@ -547,6 +550,33 @@ struct ip_vs_conn {
547 __u8 pe_data_len; 550 __u8 pe_data_len;
548}; 551};
549 552
553/*
554 * To save some memory in conn table when name space is disabled.
555 */
556static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp)
557{
558#ifdef CONFIG_NET_NS
559 return cp->net;
560#else
561 return &init_net;
562#endif
563}
564static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net)
565{
566#ifdef CONFIG_NET_NS
567 cp->net = net;
568#endif
569}
570
571static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp,
572 struct net *net)
573{
574#ifdef CONFIG_NET_NS
575 return cp->net == net;
576#else
577 return 1;
578#endif
579}
550 580
551/* 581/*
552 * Extended internal versions of struct ip_vs_service_user and 582 * Extended internal versions of struct ip_vs_service_user and
@@ -796,13 +826,14 @@ enum {
796 IP_VS_DIR_LAST, 826 IP_VS_DIR_LAST,
797}; 827};
798 828
799static inline void ip_vs_conn_fill_param(int af, int protocol, 829static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol,
800 const union nf_inet_addr *caddr, 830 const union nf_inet_addr *caddr,
801 __be16 cport, 831 __be16 cport,
802 const union nf_inet_addr *vaddr, 832 const union nf_inet_addr *vaddr,
803 __be16 vport, 833 __be16 vport,
804 struct ip_vs_conn_param *p) 834 struct ip_vs_conn_param *p)
805{ 835{
836 p->net = net;
806 p->af = af; 837 p->af = af;
807 p->protocol = protocol; 838 p->protocol = protocol;
808 p->caddr = caddr; 839 p->caddr = caddr;
diff --git a/include/net/netns/ip_vs.h b/include/net/netns/ip_vs.h
index bd1dad872178..1acfb334e69b 100644
--- a/include/net/netns/ip_vs.h
+++ b/include/net/netns/ip_vs.h
@@ -66,6 +66,8 @@ struct netns_ipvs {
66 struct ip_vs_cpu_stats __percpu *cpustats; /* Stats per cpu */ 66 struct ip_vs_cpu_stats __percpu *cpustats; /* Stats per cpu */
67 seqcount_t *ustats_seq; /* u64 read retry */ 67 seqcount_t *ustats_seq; /* u64 read retry */
68 68
69 /* ip_vs_conn */
70 atomic_t conn_count; /* connection counter */
69 /* ip_vs_lblc */ 71 /* ip_vs_lblc */
70 int sysctl_lblc_expiration; 72 int sysctl_lblc_expiration;
71 struct ctl_table_header *lblc_ctl_header; 73 struct ctl_table_header *lblc_ctl_header;
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index b2024c942345..0d5e4feabc1b 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -64,9 +64,6 @@ static struct list_head *ip_vs_conn_tab __read_mostly;
64/* SLAB cache for IPVS connections */ 64/* SLAB cache for IPVS connections */
65static struct kmem_cache *ip_vs_conn_cachep __read_mostly; 65static struct kmem_cache *ip_vs_conn_cachep __read_mostly;
66 66
67/* counter for current IPVS connections */
68static atomic_t ip_vs_conn_count = ATOMIC_INIT(0);
69
70/* counter for no client port connections */ 67/* counter for no client port connections */
71static atomic_t ip_vs_conn_no_cport_cnt = ATOMIC_INIT(0); 68static atomic_t ip_vs_conn_no_cport_cnt = ATOMIC_INIT(0);
72 69
@@ -76,7 +73,7 @@ static unsigned int ip_vs_conn_rnd __read_mostly;
76/* 73/*
77 * Fine locking granularity for big connection hash table 74 * Fine locking granularity for big connection hash table
78 */ 75 */
79#define CT_LOCKARRAY_BITS 4 76#define CT_LOCKARRAY_BITS 5
80#define CT_LOCKARRAY_SIZE (1<<CT_LOCKARRAY_BITS) 77#define CT_LOCKARRAY_SIZE (1<<CT_LOCKARRAY_BITS)
81#define CT_LOCKARRAY_MASK (CT_LOCKARRAY_SIZE-1) 78#define CT_LOCKARRAY_MASK (CT_LOCKARRAY_SIZE-1)
82 79
@@ -133,19 +130,19 @@ static inline void ct_write_unlock_bh(unsigned key)
133/* 130/*
134 * Returns hash value for IPVS connection entry 131 * Returns hash value for IPVS connection entry
135 */ 132 */
136static unsigned int ip_vs_conn_hashkey(int af, unsigned proto, 133static unsigned int ip_vs_conn_hashkey(struct net *net, int af, unsigned proto,
137 const union nf_inet_addr *addr, 134 const union nf_inet_addr *addr,
138 __be16 port) 135 __be16 port)
139{ 136{
140#ifdef CONFIG_IP_VS_IPV6 137#ifdef CONFIG_IP_VS_IPV6
141 if (af == AF_INET6) 138 if (af == AF_INET6)
142 return jhash_3words(jhash(addr, 16, ip_vs_conn_rnd), 139 return (jhash_3words(jhash(addr, 16, ip_vs_conn_rnd),
143 (__force u32)port, proto, ip_vs_conn_rnd) 140 (__force u32)port, proto, ip_vs_conn_rnd) ^
144 & ip_vs_conn_tab_mask; 141 ((size_t)net>>8)) & ip_vs_conn_tab_mask;
145#endif 142#endif
146 return jhash_3words((__force u32)addr->ip, (__force u32)port, proto, 143 return (jhash_3words((__force u32)addr->ip, (__force u32)port, proto,
147 ip_vs_conn_rnd) 144 ip_vs_conn_rnd) ^
148 & ip_vs_conn_tab_mask; 145 ((size_t)net>>8)) & ip_vs_conn_tab_mask;
149} 146}
150 147
151static unsigned int ip_vs_conn_hashkey_param(const struct ip_vs_conn_param *p, 148static unsigned int ip_vs_conn_hashkey_param(const struct ip_vs_conn_param *p,
@@ -166,15 +163,15 @@ static unsigned int ip_vs_conn_hashkey_param(const struct ip_vs_conn_param *p,
166 port = p->vport; 163 port = p->vport;
167 } 164 }
168 165
169 return ip_vs_conn_hashkey(p->af, p->protocol, addr, port); 166 return ip_vs_conn_hashkey(p->net, p->af, p->protocol, addr, port);
170} 167}
171 168
172static unsigned int ip_vs_conn_hashkey_conn(const struct ip_vs_conn *cp) 169static unsigned int ip_vs_conn_hashkey_conn(const struct ip_vs_conn *cp)
173{ 170{
174 struct ip_vs_conn_param p; 171 struct ip_vs_conn_param p;
175 172
176 ip_vs_conn_fill_param(cp->af, cp->protocol, &cp->caddr, cp->cport, 173 ip_vs_conn_fill_param(ip_vs_conn_net(cp), cp->af, cp->protocol,
177 NULL, 0, &p); 174 &cp->caddr, cp->cport, NULL, 0, &p);
178 175
179 if (cp->pe) { 176 if (cp->pe) {
180 p.pe = cp->pe; 177 p.pe = cp->pe;
@@ -186,7 +183,7 @@ static unsigned int ip_vs_conn_hashkey_conn(const struct ip_vs_conn *cp)
186} 183}
187 184
188/* 185/*
189 * Hashes ip_vs_conn in ip_vs_conn_tab by proto,addr,port. 186 * Hashes ip_vs_conn in ip_vs_conn_tab by netns,proto,addr,port.
190 * returns bool success. 187 * returns bool success.
191 */ 188 */
192static inline int ip_vs_conn_hash(struct ip_vs_conn *cp) 189static inline int ip_vs_conn_hash(struct ip_vs_conn *cp)
@@ -269,11 +266,12 @@ __ip_vs_conn_in_get(const struct ip_vs_conn_param *p)
269 266
270 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { 267 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
271 if (cp->af == p->af && 268 if (cp->af == p->af &&
269 p->cport == cp->cport && p->vport == cp->vport &&
272 ip_vs_addr_equal(p->af, p->caddr, &cp->caddr) && 270 ip_vs_addr_equal(p->af, p->caddr, &cp->caddr) &&
273 ip_vs_addr_equal(p->af, p->vaddr, &cp->vaddr) && 271 ip_vs_addr_equal(p->af, p->vaddr, &cp->vaddr) &&
274 p->cport == cp->cport && p->vport == cp->vport &&
275 ((!p->cport) ^ (!(cp->flags & IP_VS_CONN_F_NO_CPORT))) && 272 ((!p->cport) ^ (!(cp->flags & IP_VS_CONN_F_NO_CPORT))) &&
276 p->protocol == cp->protocol) { 273 p->protocol == cp->protocol &&
274 ip_vs_conn_net_eq(cp, p->net)) {
277 /* HIT */ 275 /* HIT */
278 atomic_inc(&cp->refcnt); 276 atomic_inc(&cp->refcnt);
279 ct_read_unlock(hash); 277 ct_read_unlock(hash);
@@ -313,17 +311,18 @@ ip_vs_conn_fill_param_proto(int af, const struct sk_buff *skb,
313 struct ip_vs_conn_param *p) 311 struct ip_vs_conn_param *p)
314{ 312{
315 __be16 _ports[2], *pptr; 313 __be16 _ports[2], *pptr;
314 struct net *net = skb_net(skb);
316 315
317 pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports); 316 pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports);
318 if (pptr == NULL) 317 if (pptr == NULL)
319 return 1; 318 return 1;
320 319
321 if (likely(!inverse)) 320 if (likely(!inverse))
322 ip_vs_conn_fill_param(af, iph->protocol, &iph->saddr, pptr[0], 321 ip_vs_conn_fill_param(net, af, iph->protocol, &iph->saddr,
323 &iph->daddr, pptr[1], p); 322 pptr[0], &iph->daddr, pptr[1], p);
324 else 323 else
325 ip_vs_conn_fill_param(af, iph->protocol, &iph->daddr, pptr[1], 324 ip_vs_conn_fill_param(net, af, iph->protocol, &iph->daddr,
326 &iph->saddr, pptr[0], p); 325 pptr[1], &iph->saddr, pptr[0], p);
327 return 0; 326 return 0;
328} 327}
329 328
@@ -352,6 +351,8 @@ struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p)
352 ct_read_lock(hash); 351 ct_read_lock(hash);
353 352
354 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { 353 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
354 if (!ip_vs_conn_net_eq(cp, p->net))
355 continue;
355 if (p->pe_data && p->pe->ct_match) { 356 if (p->pe_data && p->pe->ct_match) {
356 if (p->pe == cp->pe && p->pe->ct_match(p, cp)) 357 if (p->pe == cp->pe && p->pe->ct_match(p, cp))
357 goto out; 358 goto out;
@@ -403,10 +404,11 @@ struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p)
403 404
404 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) { 405 list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {
405 if (cp->af == p->af && 406 if (cp->af == p->af &&
407 p->vport == cp->cport && p->cport == cp->dport &&
406 ip_vs_addr_equal(p->af, p->vaddr, &cp->caddr) && 408 ip_vs_addr_equal(p->af, p->vaddr, &cp->caddr) &&
407 ip_vs_addr_equal(p->af, p->caddr, &cp->daddr) && 409 ip_vs_addr_equal(p->af, p->caddr, &cp->daddr) &&
408 p->vport == cp->cport && p->cport == cp->dport && 410 p->protocol == cp->protocol &&
409 p->protocol == cp->protocol) { 411 ip_vs_conn_net_eq(cp, p->net)) {
410 /* HIT */ 412 /* HIT */
411 atomic_inc(&cp->refcnt); 413 atomic_inc(&cp->refcnt);
412 ret = cp; 414 ret = cp;
@@ -609,8 +611,8 @@ struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp)
609 struct ip_vs_dest *dest; 611 struct ip_vs_dest *dest;
610 612
611 if ((cp) && (!cp->dest)) { 613 if ((cp) && (!cp->dest)) {
612 dest = ip_vs_find_dest(&init_net, cp->af, &cp->daddr, cp->dport, 614 dest = ip_vs_find_dest(ip_vs_conn_net(cp), cp->af, &cp->daddr,
613 &cp->vaddr, cp->vport, 615 cp->dport, &cp->vaddr, cp->vport,
614 cp->protocol, cp->fwmark); 616 cp->protocol, cp->fwmark);
615 ip_vs_bind_dest(cp, dest); 617 ip_vs_bind_dest(cp, dest);
616 return dest; 618 return dest;
@@ -728,6 +730,7 @@ int ip_vs_check_template(struct ip_vs_conn *ct)
728static void ip_vs_conn_expire(unsigned long data) 730static void ip_vs_conn_expire(unsigned long data)
729{ 731{
730 struct ip_vs_conn *cp = (struct ip_vs_conn *)data; 732 struct ip_vs_conn *cp = (struct ip_vs_conn *)data;
733 struct netns_ipvs *ipvs = net_ipvs(ip_vs_conn_net(cp));
731 734
732 cp->timeout = 60*HZ; 735 cp->timeout = 60*HZ;
733 736
@@ -770,7 +773,7 @@ static void ip_vs_conn_expire(unsigned long data)
770 ip_vs_unbind_dest(cp); 773 ip_vs_unbind_dest(cp);
771 if (cp->flags & IP_VS_CONN_F_NO_CPORT) 774 if (cp->flags & IP_VS_CONN_F_NO_CPORT)
772 atomic_dec(&ip_vs_conn_no_cport_cnt); 775 atomic_dec(&ip_vs_conn_no_cport_cnt);
773 atomic_dec(&ip_vs_conn_count); 776 atomic_dec(&ipvs->conn_count);
774 777
775 kmem_cache_free(ip_vs_conn_cachep, cp); 778 kmem_cache_free(ip_vs_conn_cachep, cp);
776 return; 779 return;
@@ -804,7 +807,9 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
804 struct ip_vs_dest *dest, __u32 fwmark) 807 struct ip_vs_dest *dest, __u32 fwmark)
805{ 808{
806 struct ip_vs_conn *cp; 809 struct ip_vs_conn *cp;
807 struct ip_vs_proto_data *pd = ip_vs_proto_data_get(&init_net, p->protocol); 810 struct netns_ipvs *ipvs = net_ipvs(p->net);
811 struct ip_vs_proto_data *pd = ip_vs_proto_data_get(p->net,
812 p->protocol);
808 813
809 cp = kmem_cache_zalloc(ip_vs_conn_cachep, GFP_ATOMIC); 814 cp = kmem_cache_zalloc(ip_vs_conn_cachep, GFP_ATOMIC);
810 if (cp == NULL) { 815 if (cp == NULL) {
@@ -814,6 +819,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
814 819
815 INIT_LIST_HEAD(&cp->c_list); 820 INIT_LIST_HEAD(&cp->c_list);
816 setup_timer(&cp->timer, ip_vs_conn_expire, (unsigned long)cp); 821 setup_timer(&cp->timer, ip_vs_conn_expire, (unsigned long)cp);
822 ip_vs_conn_net_set(cp, p->net);
817 cp->af = p->af; 823 cp->af = p->af;
818 cp->protocol = p->protocol; 824 cp->protocol = p->protocol;
819 ip_vs_addr_copy(p->af, &cp->caddr, p->caddr); 825 ip_vs_addr_copy(p->af, &cp->caddr, p->caddr);
@@ -844,7 +850,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
844 atomic_set(&cp->n_control, 0); 850 atomic_set(&cp->n_control, 0);
845 atomic_set(&cp->in_pkts, 0); 851 atomic_set(&cp->in_pkts, 0);
846 852
847 atomic_inc(&ip_vs_conn_count); 853 atomic_inc(&ipvs->conn_count);
848 if (flags & IP_VS_CONN_F_NO_CPORT) 854 if (flags & IP_VS_CONN_F_NO_CPORT)
849 atomic_inc(&ip_vs_conn_no_cport_cnt); 855 atomic_inc(&ip_vs_conn_no_cport_cnt);
850 856
@@ -886,17 +892,22 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
886 * /proc/net/ip_vs_conn entries 892 * /proc/net/ip_vs_conn entries
887 */ 893 */
888#ifdef CONFIG_PROC_FS 894#ifdef CONFIG_PROC_FS
895struct ip_vs_iter_state {
896 struct seq_net_private p;
897 struct list_head *l;
898};
889 899
890static void *ip_vs_conn_array(struct seq_file *seq, loff_t pos) 900static void *ip_vs_conn_array(struct seq_file *seq, loff_t pos)
891{ 901{
892 int idx; 902 int idx;
893 struct ip_vs_conn *cp; 903 struct ip_vs_conn *cp;
904 struct ip_vs_iter_state *iter = seq->private;
894 905
895 for (idx = 0; idx < ip_vs_conn_tab_size; idx++) { 906 for (idx = 0; idx < ip_vs_conn_tab_size; idx++) {
896 ct_read_lock_bh(idx); 907 ct_read_lock_bh(idx);
897 list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) { 908 list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {
898 if (pos-- == 0) { 909 if (pos-- == 0) {
899 seq->private = &ip_vs_conn_tab[idx]; 910 iter->l = &ip_vs_conn_tab[idx];
900 return cp; 911 return cp;
901 } 912 }
902 } 913 }
@@ -908,14 +919,17 @@ static void *ip_vs_conn_array(struct seq_file *seq, loff_t pos)
908 919
909static void *ip_vs_conn_seq_start(struct seq_file *seq, loff_t *pos) 920static void *ip_vs_conn_seq_start(struct seq_file *seq, loff_t *pos)
910{ 921{
911 seq->private = NULL; 922 struct ip_vs_iter_state *iter = seq->private;
923
924 iter->l = NULL;
912 return *pos ? ip_vs_conn_array(seq, *pos - 1) :SEQ_START_TOKEN; 925 return *pos ? ip_vs_conn_array(seq, *pos - 1) :SEQ_START_TOKEN;
913} 926}
914 927
915static void *ip_vs_conn_seq_next(struct seq_file *seq, void *v, loff_t *pos) 928static void *ip_vs_conn_seq_next(struct seq_file *seq, void *v, loff_t *pos)
916{ 929{
917 struct ip_vs_conn *cp = v; 930 struct ip_vs_conn *cp = v;
918 struct list_head *e, *l = seq->private; 931 struct ip_vs_iter_state *iter = seq->private;
932 struct list_head *e, *l = iter->l;
919 int idx; 933 int idx;
920 934
921 ++*pos; 935 ++*pos;
@@ -932,18 +946,19 @@ static void *ip_vs_conn_seq_next(struct seq_file *seq, void *v, loff_t *pos)
932 while (++idx < ip_vs_conn_tab_size) { 946 while (++idx < ip_vs_conn_tab_size) {
933 ct_read_lock_bh(idx); 947 ct_read_lock_bh(idx);
934 list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) { 948 list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {
935 seq->private = &ip_vs_conn_tab[idx]; 949 iter->l = &ip_vs_conn_tab[idx];
936 return cp; 950 return cp;
937 } 951 }
938 ct_read_unlock_bh(idx); 952 ct_read_unlock_bh(idx);
939 } 953 }
940 seq->private = NULL; 954 iter->l = NULL;
941 return NULL; 955 return NULL;
942} 956}
943 957
944static void ip_vs_conn_seq_stop(struct seq_file *seq, void *v) 958static void ip_vs_conn_seq_stop(struct seq_file *seq, void *v)
945{ 959{
946 struct list_head *l = seq->private; 960 struct ip_vs_iter_state *iter = seq->private;
961 struct list_head *l = iter->l;
947 962
948 if (l) 963 if (l)
949 ct_read_unlock_bh(l - ip_vs_conn_tab); 964 ct_read_unlock_bh(l - ip_vs_conn_tab);
@@ -957,9 +972,12 @@ static int ip_vs_conn_seq_show(struct seq_file *seq, void *v)
957 "Pro FromIP FPrt ToIP TPrt DestIP DPrt State Expires PEName PEData\n"); 972 "Pro FromIP FPrt ToIP TPrt DestIP DPrt State Expires PEName PEData\n");
958 else { 973 else {
959 const struct ip_vs_conn *cp = v; 974 const struct ip_vs_conn *cp = v;
975 struct net *net = seq_file_net(seq);
960 char pe_data[IP_VS_PENAME_MAXLEN + IP_VS_PEDATA_MAXLEN + 3]; 976 char pe_data[IP_VS_PENAME_MAXLEN + IP_VS_PEDATA_MAXLEN + 3];
961 size_t len = 0; 977 size_t len = 0;
962 978
979 if (!ip_vs_conn_net_eq(cp, net))
980 return 0;
963 if (cp->pe_data) { 981 if (cp->pe_data) {
964 pe_data[0] = ' '; 982 pe_data[0] = ' ';
965 len = strlen(cp->pe->name); 983 len = strlen(cp->pe->name);
@@ -1004,7 +1022,8 @@ static const struct seq_operations ip_vs_conn_seq_ops = {
1004 1022
1005static int ip_vs_conn_open(struct inode *inode, struct file *file) 1023static int ip_vs_conn_open(struct inode *inode, struct file *file)
1006{ 1024{
1007 return seq_open(file, &ip_vs_conn_seq_ops); 1025 return seq_open_net(inode, file, &ip_vs_conn_seq_ops,
1026 sizeof(struct ip_vs_iter_state));
1008} 1027}
1009 1028
1010static const struct file_operations ip_vs_conn_fops = { 1029static const struct file_operations ip_vs_conn_fops = {
@@ -1031,6 +1050,10 @@ static int ip_vs_conn_sync_seq_show(struct seq_file *seq, void *v)
1031 "Pro FromIP FPrt ToIP TPrt DestIP DPrt State Origin Expires\n"); 1050 "Pro FromIP FPrt ToIP TPrt DestIP DPrt State Origin Expires\n");
1032 else { 1051 else {
1033 const struct ip_vs_conn *cp = v; 1052 const struct ip_vs_conn *cp = v;
1053 struct net *net = seq_file_net(seq);
1054
1055 if (!ip_vs_conn_net_eq(cp, net))
1056 return 0;
1034 1057
1035#ifdef CONFIG_IP_VS_IPV6 1058#ifdef CONFIG_IP_VS_IPV6
1036 if (cp->af == AF_INET6) 1059 if (cp->af == AF_INET6)
@@ -1067,7 +1090,8 @@ static const struct seq_operations ip_vs_conn_sync_seq_ops = {
1067 1090
1068static int ip_vs_conn_sync_open(struct inode *inode, struct file *file) 1091static int ip_vs_conn_sync_open(struct inode *inode, struct file *file)
1069{ 1092{
1070 return seq_open(file, &ip_vs_conn_sync_seq_ops); 1093 return seq_open_net(inode, file, &ip_vs_conn_sync_seq_ops,
1094 sizeof(struct ip_vs_iter_state));
1071} 1095}
1072 1096
1073static const struct file_operations ip_vs_conn_sync_fops = { 1097static const struct file_operations ip_vs_conn_sync_fops = {
@@ -1168,10 +1192,11 @@ void ip_vs_random_dropentry(void)
1168/* 1192/*
1169 * Flush all the connection entries in the ip_vs_conn_tab 1193 * Flush all the connection entries in the ip_vs_conn_tab
1170 */ 1194 */
1171static void ip_vs_conn_flush(void) 1195static void ip_vs_conn_flush(struct net *net)
1172{ 1196{
1173 int idx; 1197 int idx;
1174 struct ip_vs_conn *cp; 1198 struct ip_vs_conn *cp;
1199 struct netns_ipvs *ipvs = net_ipvs(net);
1175 1200
1176 flush_again: 1201 flush_again:
1177 for (idx = 0; idx < ip_vs_conn_tab_size; idx++) { 1202 for (idx = 0; idx < ip_vs_conn_tab_size; idx++) {
@@ -1181,7 +1206,8 @@ static void ip_vs_conn_flush(void)
1181 ct_write_lock_bh(idx); 1206 ct_write_lock_bh(idx);
1182 1207
1183 list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) { 1208 list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {
1184 1209 if (!ip_vs_conn_net_eq(cp, net))
1210 continue;
1185 IP_VS_DBG(4, "del connection\n"); 1211 IP_VS_DBG(4, "del connection\n");
1186 ip_vs_conn_expire_now(cp); 1212 ip_vs_conn_expire_now(cp);
1187 if (cp->control) { 1213 if (cp->control) {
@@ -1194,7 +1220,7 @@ static void ip_vs_conn_flush(void)
1194 1220
1195 /* the counter may be not NULL, because maybe some conn entries 1221 /* the counter may be not NULL, because maybe some conn entries
1196 are run by slow timer handler or unhashed but still referred */ 1222 are run by slow timer handler or unhashed but still referred */
1197 if (atomic_read(&ip_vs_conn_count) != 0) { 1223 if (atomic_read(&ipvs->conn_count) != 0) {
1198 schedule(); 1224 schedule();
1199 goto flush_again; 1225 goto flush_again;
1200 } 1226 }
@@ -1204,8 +1230,11 @@ static void ip_vs_conn_flush(void)
1204 */ 1230 */
1205int __net_init __ip_vs_conn_init(struct net *net) 1231int __net_init __ip_vs_conn_init(struct net *net)
1206{ 1232{
1233 struct netns_ipvs *ipvs = net_ipvs(net);
1234
1207 if (!net_eq(net, &init_net)) /* netns not enabled yet */ 1235 if (!net_eq(net, &init_net)) /* netns not enabled yet */
1208 return -EPERM; 1236 return -EPERM;
1237 atomic_set(&ipvs->conn_count, 0);
1209 1238
1210 proc_net_fops_create(net, "ip_vs_conn", 0, &ip_vs_conn_fops); 1239 proc_net_fops_create(net, "ip_vs_conn", 0, &ip_vs_conn_fops);
1211 proc_net_fops_create(net, "ip_vs_conn_sync", 0, &ip_vs_conn_sync_fops); 1240 proc_net_fops_create(net, "ip_vs_conn_sync", 0, &ip_vs_conn_sync_fops);
@@ -1217,6 +1246,8 @@ static void __net_exit __ip_vs_conn_cleanup(struct net *net)
1217 if (!net_eq(net, &init_net)) /* netns not enabled yet */ 1246 if (!net_eq(net, &init_net)) /* netns not enabled yet */
1218 return; 1247 return;
1219 1248
1249 /* flush all the connection entries first */
1250 ip_vs_conn_flush(net);
1220 proc_net_remove(net, "ip_vs_conn"); 1251 proc_net_remove(net, "ip_vs_conn");
1221 proc_net_remove(net, "ip_vs_conn_sync"); 1252 proc_net_remove(net, "ip_vs_conn_sync");
1222} 1253}
@@ -1277,9 +1308,6 @@ int __init ip_vs_conn_init(void)
1277void ip_vs_conn_cleanup(void) 1308void ip_vs_conn_cleanup(void)
1278{ 1309{
1279 unregister_pernet_subsys(&ipvs_conn_ops); 1310 unregister_pernet_subsys(&ipvs_conn_ops);
1280 /* flush all the connection entries first */
1281 ip_vs_conn_flush();
1282
1283 /* Release the empty cache */ 1311 /* Release the empty cache */
1284 kmem_cache_destroy(ip_vs_conn_cachep); 1312 kmem_cache_destroy(ip_vs_conn_cachep);
1285 vfree(ip_vs_conn_tab); 1313 vfree(ip_vs_conn_tab);
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index 7e6a2a046bf5..7205b49c56c1 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -205,7 +205,8 @@ ip_vs_conn_fill_param_persist(const struct ip_vs_service *svc,
205 const union nf_inet_addr *vaddr, __be16 vport, 205 const union nf_inet_addr *vaddr, __be16 vport,
206 struct ip_vs_conn_param *p) 206 struct ip_vs_conn_param *p)
207{ 207{
208 ip_vs_conn_fill_param(svc->af, protocol, caddr, cport, vaddr, vport, p); 208 ip_vs_conn_fill_param(svc->net, svc->af, protocol, caddr, cport, vaddr,
209 vport, p);
209 p->pe = svc->pe; 210 p->pe = svc->pe;
210 if (p->pe && p->pe->fill_param) 211 if (p->pe && p->pe->fill_param)
211 return p->pe->fill_param(p, skb); 212 return p->pe->fill_param(p, skb);
@@ -348,8 +349,8 @@ ip_vs_sched_persist(struct ip_vs_service *svc,
348 /* 349 /*
349 * Create a new connection according to the template 350 * Create a new connection according to the template
350 */ 351 */
351 ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, src_port, 352 ip_vs_conn_fill_param(svc->net, svc->af, iph.protocol, &iph.saddr,
352 &iph.daddr, dst_port, &param); 353 src_port, &iph.daddr, dst_port, &param);
353 354
354 cp = ip_vs_conn_new(&param, &dest->addr, dport, flags, dest, skb->mark); 355 cp = ip_vs_conn_new(&param, &dest->addr, dport, flags, dest, skb->mark);
355 if (cp == NULL) { 356 if (cp == NULL) {
@@ -464,8 +465,10 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,
464 */ 465 */
465 { 466 {
466 struct ip_vs_conn_param p; 467 struct ip_vs_conn_param p;
467 ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, 468
468 pptr[0], &iph.daddr, pptr[1], &p); 469 ip_vs_conn_fill_param(svc->net, svc->af, iph.protocol,
470 &iph.saddr, pptr[0], &iph.daddr, pptr[1],
471 &p);
469 cp = ip_vs_conn_new(&p, &dest->addr, 472 cp = ip_vs_conn_new(&p, &dest->addr,
470 dest->port ? dest->port : pptr[1], 473 dest->port ? dest->port : pptr[1],
471 flags, dest, skb->mark); 474 flags, dest, skb->mark);
@@ -532,7 +535,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
532 IP_VS_DBG(6, "%s(): create a cache_bypass entry\n", __func__); 535 IP_VS_DBG(6, "%s(): create a cache_bypass entry\n", __func__);
533 { 536 {
534 struct ip_vs_conn_param p; 537 struct ip_vs_conn_param p;
535 ip_vs_conn_fill_param(svc->af, iph.protocol, 538 ip_vs_conn_fill_param(svc->net, svc->af, iph.protocol,
536 &iph.saddr, pptr[0], 539 &iph.saddr, pptr[0],
537 &iph.daddr, pptr[1], &p); 540 &iph.daddr, pptr[1], &p);
538 cp = ip_vs_conn_new(&p, &daddr, 0, 541 cp = ip_vs_conn_new(&p, &daddr, 0,
diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c
index 77b0036dcb73..6a04f9ab9d0d 100644
--- a/net/netfilter/ipvs/ip_vs_ftp.c
+++ b/net/netfilter/ipvs/ip_vs_ftp.c
@@ -198,13 +198,15 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
198 */ 198 */
199 { 199 {
200 struct ip_vs_conn_param p; 200 struct ip_vs_conn_param p;
201 ip_vs_conn_fill_param(AF_INET, iph->protocol, 201 ip_vs_conn_fill_param(ip_vs_conn_net(cp), AF_INET,
202 &from, port, &cp->caddr, 0, &p); 202 iph->protocol, &from, port,
203 &cp->caddr, 0, &p);
203 n_cp = ip_vs_conn_out_get(&p); 204 n_cp = ip_vs_conn_out_get(&p);
204 } 205 }
205 if (!n_cp) { 206 if (!n_cp) {
206 struct ip_vs_conn_param p; 207 struct ip_vs_conn_param p;
207 ip_vs_conn_fill_param(AF_INET, IPPROTO_TCP, &cp->caddr, 208 ip_vs_conn_fill_param(ip_vs_conn_net(cp),
209 AF_INET, IPPROTO_TCP, &cp->caddr,
208 0, &cp->vaddr, port, &p); 210 0, &cp->vaddr, port, &p);
209 n_cp = ip_vs_conn_new(&p, &from, port, 211 n_cp = ip_vs_conn_new(&p, &from, port,
210 IP_VS_CONN_F_NO_CPORT | 212 IP_VS_CONN_F_NO_CPORT |
@@ -361,9 +363,9 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp,
361 363
362 { 364 {
363 struct ip_vs_conn_param p; 365 struct ip_vs_conn_param p;
364 ip_vs_conn_fill_param(AF_INET, iph->protocol, &to, port, 366 ip_vs_conn_fill_param(ip_vs_conn_net(cp), AF_INET,
365 &cp->vaddr, htons(ntohs(cp->vport)-1), 367 iph->protocol, &to, port, &cp->vaddr,
366 &p); 368 htons(ntohs(cp->vport)-1), &p);
367 n_cp = ip_vs_conn_in_get(&p); 369 n_cp = ip_vs_conn_in_get(&p);
368 if (!n_cp) { 370 if (!n_cp) {
369 n_cp = ip_vs_conn_new(&p, &cp->daddr, 371 n_cp = ip_vs_conn_new(&p, &cp->daddr,
diff --git a/net/netfilter/ipvs/ip_vs_nfct.c b/net/netfilter/ipvs/ip_vs_nfct.c
index 4680647cd450..f454c80df0a7 100644
--- a/net/netfilter/ipvs/ip_vs_nfct.c
+++ b/net/netfilter/ipvs/ip_vs_nfct.c
@@ -141,6 +141,7 @@ static void ip_vs_nfct_expect_callback(struct nf_conn *ct,
141 struct nf_conntrack_tuple *orig, new_reply; 141 struct nf_conntrack_tuple *orig, new_reply;
142 struct ip_vs_conn *cp; 142 struct ip_vs_conn *cp;
143 struct ip_vs_conn_param p; 143 struct ip_vs_conn_param p;
144 struct net *net = nf_ct_net(ct);
144 145
145 if (exp->tuple.src.l3num != PF_INET) 146 if (exp->tuple.src.l3num != PF_INET)
146 return; 147 return;
@@ -155,7 +156,7 @@ static void ip_vs_nfct_expect_callback(struct nf_conn *ct,
155 156
156 /* RS->CLIENT */ 157 /* RS->CLIENT */
157 orig = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; 158 orig = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;
158 ip_vs_conn_fill_param(exp->tuple.src.l3num, orig->dst.protonum, 159 ip_vs_conn_fill_param(net, exp->tuple.src.l3num, orig->dst.protonum,
159 &orig->src.u3, orig->src.u.tcp.port, 160 &orig->src.u3, orig->src.u.tcp.port,
160 &orig->dst.u3, orig->dst.u.tcp.port, &p); 161 &orig->dst.u3, orig->dst.u.tcp.port, &p);
161 cp = ip_vs_conn_out_get(&p); 162 cp = ip_vs_conn_out_get(&p);
@@ -268,7 +269,8 @@ void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
268 " for conn " FMT_CONN "\n", 269 " for conn " FMT_CONN "\n",
269 __func__, ARG_TUPLE(&tuple), ARG_CONN(cp)); 270 __func__, ARG_TUPLE(&tuple), ARG_CONN(cp));
270 271
271 h = nf_conntrack_find_get(&init_net, NF_CT_DEFAULT_ZONE, &tuple); 272 h = nf_conntrack_find_get(ip_vs_conn_net(cp), NF_CT_DEFAULT_ZONE,
273 &tuple);
272 if (h) { 274 if (h) {
273 ct = nf_ct_tuplehash_to_ctrack(h); 275 ct = nf_ct_tuplehash_to_ctrack(h);
274 /* Show what happens instead of calling nf_ct_kill() */ 276 /* Show what happens instead of calling nf_ct_kill() */
diff --git a/net/netfilter/ipvs/ip_vs_proto_ah_esp.c b/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
index 28039cbfcff4..5b8eb8b12c3e 100644
--- a/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_ah_esp.c
@@ -41,15 +41,16 @@ struct isakmp_hdr {
41#define PORT_ISAKMP 500 41#define PORT_ISAKMP 500
42 42
43static void 43static void
44ah_esp_conn_fill_param_proto(int af, const struct ip_vs_iphdr *iph, 44ah_esp_conn_fill_param_proto(struct net *net, int af,
45 int inverse, struct ip_vs_conn_param *p) 45 const struct ip_vs_iphdr *iph, int inverse,
46 struct ip_vs_conn_param *p)
46{ 47{
47 if (likely(!inverse)) 48 if (likely(!inverse))
48 ip_vs_conn_fill_param(af, IPPROTO_UDP, 49 ip_vs_conn_fill_param(net, af, IPPROTO_UDP,
49 &iph->saddr, htons(PORT_ISAKMP), 50 &iph->saddr, htons(PORT_ISAKMP),
50 &iph->daddr, htons(PORT_ISAKMP), p); 51 &iph->daddr, htons(PORT_ISAKMP), p);
51 else 52 else
52 ip_vs_conn_fill_param(af, IPPROTO_UDP, 53 ip_vs_conn_fill_param(net, af, IPPROTO_UDP,
53 &iph->daddr, htons(PORT_ISAKMP), 54 &iph->daddr, htons(PORT_ISAKMP),
54 &iph->saddr, htons(PORT_ISAKMP), p); 55 &iph->saddr, htons(PORT_ISAKMP), p);
55} 56}
@@ -61,8 +62,9 @@ ah_esp_conn_in_get(int af, const struct sk_buff *skb,
61{ 62{
62 struct ip_vs_conn *cp; 63 struct ip_vs_conn *cp;
63 struct ip_vs_conn_param p; 64 struct ip_vs_conn_param p;
65 struct net *net = skb_net(skb);
64 66
65 ah_esp_conn_fill_param_proto(af, iph, inverse, &p); 67 ah_esp_conn_fill_param_proto(net, af, iph, inverse, &p);
66 cp = ip_vs_conn_in_get(&p); 68 cp = ip_vs_conn_in_get(&p);
67 if (!cp) { 69 if (!cp) {
68 /* 70 /*
@@ -89,8 +91,9 @@ ah_esp_conn_out_get(int af, const struct sk_buff *skb,
89{ 91{
90 struct ip_vs_conn *cp; 92 struct ip_vs_conn *cp;
91 struct ip_vs_conn_param p; 93 struct ip_vs_conn_param p;
94 struct net *net = skb_net(skb);
92 95
93 ah_esp_conn_fill_param_proto(af, iph, inverse, &p); 96 ah_esp_conn_fill_param_proto(net, af, iph, inverse, &p);
94 cp = ip_vs_conn_out_get(&p); 97 cp = ip_vs_conn_out_get(&p);
95 if (!cp) { 98 if (!cp) {
96 IP_VS_DBG_BUF(12, "Unknown ISAKMP entry for inout packet " 99 IP_VS_DBG_BUF(12, "Unknown ISAKMP entry for inout packet "
diff --git a/net/netfilter/ipvs/ip_vs_proto_sctp.c b/net/netfilter/ipvs/ip_vs_proto_sctp.c
index 569e77bf08c4..550365a690c7 100644
--- a/net/netfilter/ipvs/ip_vs_proto_sctp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_sctp.c
@@ -1055,7 +1055,7 @@ static void sctp_unregister_app(struct net *net, struct ip_vs_app *inc)
1055 1055
1056static int sctp_app_conn_bind(struct ip_vs_conn *cp) 1056static int sctp_app_conn_bind(struct ip_vs_conn *cp)
1057{ 1057{
1058 struct netns_ipvs *ipvs = net_ipvs(&init_net); 1058 struct netns_ipvs *ipvs = net_ipvs(ip_vs_conn_net(cp));
1059 int hash; 1059 int hash;
1060 struct ip_vs_app *inc; 1060 struct ip_vs_app *inc;
1061 int result = 0; 1061 int result = 0;
diff --git a/net/netfilter/ipvs/ip_vs_proto_tcp.c b/net/netfilter/ipvs/ip_vs_proto_tcp.c
index 757aaaf083bb..d8b3f9f15826 100644
--- a/net/netfilter/ipvs/ip_vs_proto_tcp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_tcp.c
@@ -620,7 +620,7 @@ tcp_unregister_app(struct net *net, struct ip_vs_app *inc)
620static int 620static int
621tcp_app_conn_bind(struct ip_vs_conn *cp) 621tcp_app_conn_bind(struct ip_vs_conn *cp)
622{ 622{
623 struct netns_ipvs *ipvs = net_ipvs(&init_net); 623 struct netns_ipvs *ipvs = net_ipvs(ip_vs_conn_net(cp));
624 int hash; 624 int hash;
625 struct ip_vs_app *inc; 625 struct ip_vs_app *inc;
626 int result = 0; 626 int result = 0;
diff --git a/net/netfilter/ipvs/ip_vs_proto_udp.c b/net/netfilter/ipvs/ip_vs_proto_udp.c
index 1dc394100fa8..581157bbded5 100644
--- a/net/netfilter/ipvs/ip_vs_proto_udp.c
+++ b/net/netfilter/ipvs/ip_vs_proto_udp.c
@@ -396,7 +396,7 @@ udp_unregister_app(struct net *net, struct ip_vs_app *inc)
396 396
397static int udp_app_conn_bind(struct ip_vs_conn *cp) 397static int udp_app_conn_bind(struct ip_vs_conn *cp)
398{ 398{
399 struct netns_ipvs *ipvs = net_ipvs(&init_net); 399 struct netns_ipvs *ipvs = net_ipvs(ip_vs_conn_net(cp));
400 int hash; 400 int hash;
401 struct ip_vs_app *inc; 401 struct ip_vs_app *inc;
402 int result = 0; 402 int result = 0;
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index c29e73d686fb..f85e47daecc3 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -660,21 +660,21 @@ control:
660 * fill_param used by version 1 660 * fill_param used by version 1
661 */ 661 */
662static inline int 662static inline int
663ip_vs_conn_fill_param_sync(int af, union ip_vs_sync_conn *sc, 663ip_vs_conn_fill_param_sync(struct net *net, int af, union ip_vs_sync_conn *sc,
664 struct ip_vs_conn_param *p, 664 struct ip_vs_conn_param *p,
665 __u8 *pe_data, unsigned int pe_data_len, 665 __u8 *pe_data, unsigned int pe_data_len,
666 __u8 *pe_name, unsigned int pe_name_len) 666 __u8 *pe_name, unsigned int pe_name_len)
667{ 667{
668#ifdef CONFIG_IP_VS_IPV6 668#ifdef CONFIG_IP_VS_IPV6
669 if (af == AF_INET6) 669 if (af == AF_INET6)
670 ip_vs_conn_fill_param(af, sc->v6.protocol, 670 ip_vs_conn_fill_param(net, af, sc->v6.protocol,
671 (const union nf_inet_addr *)&sc->v6.caddr, 671 (const union nf_inet_addr *)&sc->v6.caddr,
672 sc->v6.cport, 672 sc->v6.cport,
673 (const union nf_inet_addr *)&sc->v6.vaddr, 673 (const union nf_inet_addr *)&sc->v6.vaddr,
674 sc->v6.vport, p); 674 sc->v6.vport, p);
675 else 675 else
676#endif 676#endif
677 ip_vs_conn_fill_param(af, sc->v4.protocol, 677 ip_vs_conn_fill_param(net, af, sc->v4.protocol,
678 (const union nf_inet_addr *)&sc->v4.caddr, 678 (const union nf_inet_addr *)&sc->v4.caddr,
679 sc->v4.cport, 679 sc->v4.cport,
680 (const union nf_inet_addr *)&sc->v4.vaddr, 680 (const union nf_inet_addr *)&sc->v4.vaddr,
@@ -881,7 +881,7 @@ static void ip_vs_process_message_v0(struct net *net, const char *buffer,
881 } 881 }
882 } 882 }
883 883
884 ip_vs_conn_fill_param(AF_INET, s->protocol, 884 ip_vs_conn_fill_param(net, AF_INET, s->protocol,
885 (const union nf_inet_addr *)&s->caddr, 885 (const union nf_inet_addr *)&s->caddr,
886 s->cport, 886 s->cport,
887 (const union nf_inet_addr *)&s->vaddr, 887 (const union nf_inet_addr *)&s->vaddr,
@@ -1043,9 +1043,8 @@ static inline int ip_vs_proc_sync_conn(struct net *net, __u8 *p, __u8 *msg_end)
1043 state = 0; 1043 state = 0;
1044 } 1044 }
1045 } 1045 }
1046 if (ip_vs_conn_fill_param_sync(af, s, &param, 1046 if (ip_vs_conn_fill_param_sync(net, af, s, &param, pe_data,
1047 pe_data, pe_data_len, 1047 pe_data_len, pe_name, pe_name_len)) {
1048 pe_name, pe_name_len)) {
1049 retc = 50; 1048 retc = 50;
1050 goto out; 1049 goto out;
1051 } 1050 }
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-12 05:14:13 -0500