1 files changed, 210 insertions, 68 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index d858264217ba..b23bea62f708 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -28,6 +28,80 @@
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 #include <net/netfilter/nf_conntrack.h>
 #endif
+#include <net/net_namespace.h>          /* Netw namespace */
+/*
+ * Generic access of ipvs struct
+ */
+static inline struct netns_ipvs *net_ipvs(struct net* net)
+{
+        return net->ipvs;
+}
+/*
+ * Get net ptr from skb in traffic cases
+ * use skb_sknet when call is from userland (ioctl or netlink)
+ */
+static inline struct net *skb_net(const struct sk_buff *skb)
+{
+#ifdef CONFIG_NET_NS
+#ifdef CONFIG_IP_VS_DEBUG
+        /*
+         * This is used for debug only.
+         * Start with the most likely hit
+         * End with BUG
+         */
+        if (likely(skb->dev && skb->dev->nd_net))
+                return dev_net(skb->dev);
+        if (skb_dst(skb)->dev)
+                return dev_net(skb_dst(skb)->dev);
+        WARN(skb->sk, "Maybe skb_sknet should be used in %s() at line:%d\n",
+                      __func__, __LINE__);
+        if (likely(skb->sk && skb->sk->sk_net))
+                return sock_net(skb->sk);
+        pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
+                __func__, __LINE__);
+        BUG();
+#else
+        return dev_net(skb->dev ? : skb_dst(skb)->dev);
+#endif
+#else
+        return &init_net;
+#endif
+}
+static inline struct net *skb_sknet(const struct sk_buff *skb)
+{
+#ifdef CONFIG_NET_NS
+#ifdef CONFIG_IP_VS_DEBUG
+        /* Start with the most likely hit */
+        if (likely(skb->sk && skb->sk->sk_net))
+                return sock_net(skb->sk);
+        WARN(skb->dev, "Maybe skb_net should be used instead in %s() line:%d\n",
+                       __func__, __LINE__);
+        if (likely(skb->dev && skb->dev->nd_net))
+                return dev_net(skb->dev);
+        pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
+                __func__, __LINE__);
+        BUG();
+#else
+        return sock_net(skb->sk);
+#endif
+#else
+        return &init_net;
+#endif
+}
+/*
+ * This one needed for single_open_net since net is stored directly in
+ * private not as a struct i.e. seq_file_net cant be used.
+ */
+static inline struct net *seq_file_single_net(struct seq_file *seq)
+{
+#ifdef CONFIG_NET_NS
+        return (struct net *)seq->private;
+#else
+        return &init_net;
+#endif
+}
 /* Connections' size value needed by ip_vs_ctl.c */
 extern int ip_vs_conn_tab_size;
@@ -258,6 +332,23 @@ struct ip_vs_seq {
                                                   before last resized pkt */
 };
+/*
+ * counters per cpu
+ */
+struct ip_vs_counters {
+        __u32           conns;          /* connections scheduled */
+        __u32           inpkts;         /* incoming packets */
+        __u32           outpkts;        /* outgoing packets */
+        __u64           inbytes;        /* incoming bytes */
+        __u64           outbytes;       /* outgoing bytes */
+};
+/*
+ * Stats per cpu
+ */
+struct ip_vs_cpu_stats {
+        struct ip_vs_counters   ustats;
+        struct u64_stats_sync   syncp;
+};
 /*
 *      IPVS statistics objects
@@ -279,17 +370,34 @@ struct ip_vs_estimator {
 };
 struct ip_vs_stats {
-        struct ip_vs_stats_user ustats;         /* statistics */
+        struct ip_vs_stats_user ustats;         /* statistics */
        struct ip_vs_estimator  est;            /* estimator */
+        struct ip_vs_cpu_stats  *cpustats;      /* per cpu counters */
-        spinlock_t              lock;           /* spin lock */
+        spinlock_t              lock;           /* spin lock */
 };
+/*
+ * Helper Macros for per cpu
+ * ipvs->tot_stats->ustats.count
+ */
+#define IPVS_STAT_INC(ipvs, count)      \
+        __this_cpu_inc((ipvs)->ustats->count)
+#define IPVS_STAT_ADD(ipvs, count, value) \
+        do {\
+                write_seqcount_begin(per_cpu_ptr((ipvs)->ustats_seq, \
+                                     raw_smp_processor_id())); \
+                __this_cpu_add((ipvs)->ustats->count, value); \
+                write_seqcount_end(per_cpu_ptr((ipvs)->ustats_seq, \
+                                   raw_smp_processor_id())); \
+        } while (0)
 struct dst_entry;
 struct iphdr;
 struct ip_vs_conn;
 struct ip_vs_app;
 struct sk_buff;
+struct ip_vs_proto_data;
 struct ip_vs_protocol {
        struct ip_vs_protocol   *next;
@@ -297,21 +405,22 @@ struct ip_vs_protocol {
        u16                     protocol;
        u16                     num_states;
        int                     dont_defrag;
-        atomic_t                appcnt;         /* counter of proto app incs */
-        int                     *timeout_table; /* protocol timeout table */
        void (*init)(struct ip_vs_protocol *pp);
        void (*exit)(struct ip_vs_protocol *pp);
+        void (*init_netns)(struct net *net, struct ip_vs_proto_data *pd);
+        void (*exit_netns)(struct net *net, struct ip_vs_proto_data *pd);
        int (*conn_schedule)(int af, struct sk_buff *skb,
-                             struct ip_vs_protocol *pp,
+                             struct ip_vs_proto_data *pd,
                             int *verdict, struct ip_vs_conn **cpp);
        struct ip_vs_conn *
        (*conn_in_get)(int af,
                       const struct sk_buff *skb,
-                       struct ip_vs_protocol *pp,
                       const struct ip_vs_iphdr *iph,
                       unsigned int proto_off,
                       int inverse);
@@ -319,7 +428,6 @@ struct ip_vs_protocol {
        struct ip_vs_conn *
        (*conn_out_get)(int af,
                        const struct sk_buff *skb,
-                        struct ip_vs_protocol *pp,
                        const struct ip_vs_iphdr *iph,
                        unsigned int proto_off,
                        int inverse);
@@ -337,11 +445,11 @@ struct ip_vs_protocol {
        int (*state_transition)(struct ip_vs_conn *cp, int direction,
                                const struct sk_buff *skb,
-                                struct ip_vs_protocol *pp);
+                                struct ip_vs_proto_data *pd);
-        int (*register_app)(struct ip_vs_app *inc);
+        int (*register_app)(struct net *net, struct ip_vs_app *inc);
-        void (*unregister_app)(struct ip_vs_app *inc);
+        void (*unregister_app)(struct net *net, struct ip_vs_app *inc);
        int (*app_conn_bind)(struct ip_vs_conn *cp);
@@ -350,14 +458,26 @@ struct ip_vs_protocol {
                             int offset,
                             const char *msg);
-        void (*timeout_change)(struct ip_vs_protocol *pp, int flags);
+        void (*timeout_change)(struct ip_vs_proto_data *pd, int flags);
+};
-        int (*set_state_timeout)(struct ip_vs_protocol *pp, char *sname, int to);
+/*
+ * protocol data per netns
+ */
+struct ip_vs_proto_data {
+        struct ip_vs_proto_data *next;
+        struct ip_vs_protocol   *pp;
+        int                     *timeout_table; /* protocol timeout table */
+        atomic_t                appcnt;         /* counter of proto app incs. */
+        struct tcp_states_t     *tcp_state_table;
 };
-extern struct ip_vs_protocol * ip_vs_proto_get(unsigned short proto);
+extern struct ip_vs_protocol   *ip_vs_proto_get(unsigned short proto);
+extern struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net,
+                                                     unsigned short proto);
 struct ip_vs_conn_param {
+        struct net                      *net;
        const union nf_inet_addr        *caddr;
        const union nf_inet_addr        *vaddr;
        __be16                          cport;
@@ -375,17 +495,19 @@ struct ip_vs_conn_param {
 */
 struct ip_vs_conn {
        struct list_head        c_list;         /* hashed list heads */
+#ifdef CONFIG_NET_NS
+        struct net              *net;           /* Name space */
+#endif
        /* Protocol, addresses and port numbers */
-        u16                      af;            /* address family */
+        u16                     af;             /* address family */
-        union nf_inet_addr       caddr;          /* client address */
+        __be16                  cport;
-        union nf_inet_addr       vaddr;          /* virtual address */
+        __be16                  vport;
-        union nf_inet_addr       daddr;          /* destination address */
+        __be16                  dport;
-        volatile __u32           flags;          /* status flags */
+        __u32                   fwmark;         /* Fire wall mark from skb */
-        __u32                    fwmark;         /* Fire wall mark from skb */
+        union nf_inet_addr      caddr;          /* client address */
-        __be16                   cport;
+        union nf_inet_addr      vaddr;          /* virtual address */
-        __be16                   vport;
+        union nf_inet_addr      daddr;          /* destination address */
-        __be16                   dport;
+        volatile __u32          flags;          /* status flags */
        __u16                   protocol;       /* Which protocol (TCP/UDP) */
        /* counter and timer */
@@ -428,6 +550,33 @@ struct ip_vs_conn {
        __u8                    pe_data_len;
 };
+/*
+ *  To save some memory in conn table when name space is disabled.
+ */
+static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp)
+{
+#ifdef CONFIG_NET_NS
+        return cp->net;
+#else
+        return &init_net;
+#endif
+}
+static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net)
+{
+#ifdef CONFIG_NET_NS
+        cp->net = net;
+#endif
+}
+static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp,
+                                    struct net *net)
+{
+#ifdef CONFIG_NET_NS
+        return cp->net == net;
+#else
+        return 1;
+#endif
+}
 /*
 *      Extended internal versions of struct ip_vs_service_user and
@@ -487,6 +636,7 @@ struct ip_vs_service {
        unsigned                flags;    /* service status flags */
        unsigned                timeout;  /* persistent timeout in ticks */
        __be32                  netmask;  /* grouping granularity */
+        struct net              *net;
        struct list_head        destinations;  /* real server d-linked list */
        __u32                   num_dests;     /* number of servers */
@@ -512,8 +662,8 @@ struct ip_vs_dest {
        struct list_head        d_list;   /* for table with all the dests */
        u16                     af;             /* address family */
-        union nf_inet_addr      addr;           /* IP address of the server */
        __be16                  port;           /* port number of the server */
+        union nf_inet_addr      addr;           /* IP address of the server */
        volatile unsigned       flags;          /* dest status flags */
        atomic_t                conn_flags;     /* flags to copy to conn */
        atomic_t                weight;         /* server weight */
@@ -540,8 +690,8 @@ struct ip_vs_dest {
        /* for virtual service */
        struct ip_vs_service    *svc;           /* service it belongs to */
        __u16                   protocol;       /* which protocol (TCP/UDP) */
-        union nf_inet_addr      vaddr;          /* virtual IP address */
        __be16                  vport;          /* virtual port number */
+        union nf_inet_addr      vaddr;          /* virtual IP address */
        __u32                   vfwmark;        /* firewall mark of service */
 };
@@ -676,13 +826,14 @@ enum {
        IP_VS_DIR_LAST,
 };
-static inline void ip_vs_conn_fill_param(int af, int protocol,
+static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol,
                                         const union nf_inet_addr *caddr,
                                         __be16 cport,
                                         const union nf_inet_addr *vaddr,
                                         __be16 vport,
                                         struct ip_vs_conn_param *p)
 {
+        p->net = net;
        p->af = af;
        p->protocol = protocol;
        p->caddr = caddr;
@@ -697,7 +848,6 @@ struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p);
 struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p);
 struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
-                                            struct ip_vs_protocol *pp,
                                            const struct ip_vs_iphdr *iph,
                                            unsigned int proto_off,
                                            int inverse);
@@ -705,7 +855,6 @@ struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
 struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);
 struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
-                                             struct ip_vs_protocol *pp,
                                             const struct ip_vs_iphdr *iph,
                                             unsigned int proto_off,
                                             int inverse);
@@ -726,9 +875,9 @@ extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);
 extern const char * ip_vs_state_name(__u16 proto, int state);
-extern void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp);
+extern void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp);
 extern int ip_vs_check_template(struct ip_vs_conn *ct);
-extern void ip_vs_random_dropentry(void);
+extern void ip_vs_random_dropentry(struct net *net);
 extern int ip_vs_conn_init(void);
 extern void ip_vs_conn_cleanup(void);
@@ -798,12 +947,12 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp)
 *      (from ip_vs_app.c)
 */
 #define IP_VS_APP_MAX_PORTS  8
-extern int register_ip_vs_app(struct ip_vs_app *app);
+extern int register_ip_vs_app(struct net *net, struct ip_vs_app *app);
-extern void unregister_ip_vs_app(struct ip_vs_app *app);
+extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
 extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 extern void ip_vs_unbind_app(struct ip_vs_conn *cp);
-extern int
+extern int register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app,
-register_ip_vs_app_inc(struct ip_vs_app *app, __u16 proto, __u16 port);
+                                  __u16 proto, __u16 port);
 extern int ip_vs_app_inc_get(struct ip_vs_app *inc);
 extern void ip_vs_app_inc_put(struct ip_vs_app *inc);
@@ -836,7 +985,7 @@ static inline void ip_vs_pe_put(const struct ip_vs_pe *pe)
 */
 extern int ip_vs_protocol_init(void);
 extern void ip_vs_protocol_cleanup(void);
-extern void ip_vs_protocol_timeout_change(int flags);
+extern void ip_vs_protocol_timeout_change(struct netns_ipvs *ipvs, int flags);
 extern int *ip_vs_create_timeout_table(int *table, int size);
 extern int
 ip_vs_set_state_timeout(int *table, int num, const char *const *names,
@@ -866,28 +1015,21 @@ extern struct ip_vs_scheduler *ip_vs_scheduler_get(const char *sched_name);
 extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);
 extern struct ip_vs_conn *
 ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,
-               struct ip_vs_protocol *pp, int *ignored);
+               struct ip_vs_proto_data *pd, int *ignored);
 extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
-                        struct ip_vs_protocol *pp);
+                        struct ip_vs_proto_data *pd);
 /*
 *      IPVS control data and functions (from ip_vs_ctl.c)
 */
-extern int sysctl_ip_vs_cache_bypass;
-extern int sysctl_ip_vs_expire_nodest_conn;
-extern int sysctl_ip_vs_expire_quiescent_template;
-extern int sysctl_ip_vs_sync_threshold[2];
-extern int sysctl_ip_vs_nat_icmp_send;
-extern int sysctl_ip_vs_conntrack;
-extern int sysctl_ip_vs_snat_reroute;
 extern struct ip_vs_stats ip_vs_stats;
 extern const struct ctl_path net_vs_ctl_path[];
 extern int sysctl_ip_vs_sync_ver;
-extern void ip_vs_sync_switch_mode(int mode);
+extern void ip_vs_sync_switch_mode(struct net *net, int mode);
 extern struct ip_vs_service *
-ip_vs_service_get(int af, __u32 fwmark, __u16 protocol,
+ip_vs_service_get(struct net *net, int af, __u32 fwmark, __u16 protocol,
                  const union nf_inet_addr *vaddr, __be16 vport);
 static inline void ip_vs_service_put(struct ip_vs_service *svc)
@@ -896,7 +1038,7 @@ static inline void ip_vs_service_put(struct ip_vs_service *svc)
 }
 extern struct ip_vs_dest *
-ip_vs_lookup_real_service(int af, __u16 protocol,
+ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol,
                          const union nf_inet_addr *daddr, __be16 dport);
 extern int ip_vs_use_count_inc(void);
@@ -904,9 +1046,9 @@ extern void ip_vs_use_count_dec(void);
 extern int ip_vs_control_init(void);
 extern void ip_vs_control_cleanup(void);
 extern struct ip_vs_dest *
-ip_vs_find_dest(int af, const union nf_inet_addr *daddr, __be16 dport,
+ip_vs_find_dest(struct net *net, int af, const union nf_inet_addr *daddr,
-                const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol,
+                __be16 dport, const union nf_inet_addr *vaddr, __be16 vport,
-                __u32 fwmark);
+                __u16 protocol, __u32 fwmark);
 extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);
@@ -914,14 +1056,12 @@ extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);
 *      IPVS sync daemon data and function prototypes
 *      (from ip_vs_sync.c)
 */
-extern volatile int ip_vs_sync_state;
+extern int start_sync_thread(struct net *net, int state, char *mcast_ifn,
-extern volatile int ip_vs_master_syncid;
+                             __u8 syncid);
-extern volatile int ip_vs_backup_syncid;
+extern int stop_sync_thread(struct net *net, int state);
-extern char ip_vs_master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
+extern void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp);
-extern char ip_vs_backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
+extern int ip_vs_sync_init(void);
-extern int start_sync_thread(int state, char *mcast_ifn, __u8 syncid);
+extern void ip_vs_sync_cleanup(void);
-extern int stop_sync_thread(int state);
-extern void ip_vs_sync_conn(struct ip_vs_conn *cp);
 /*
@@ -929,8 +1069,8 @@ extern void ip_vs_sync_conn(struct ip_vs_conn *cp);
 */
 extern int ip_vs_estimator_init(void);
 extern void ip_vs_estimator_cleanup(void);
-extern void ip_vs_new_estimator(struct ip_vs_stats *stats);
+extern void ip_vs_new_estimator(struct net *net, struct ip_vs_stats *stats);
-extern void ip_vs_kill_estimator(struct ip_vs_stats *stats);
+extern void ip_vs_kill_estimator(struct net *net, struct ip_vs_stats *stats);
 extern void ip_vs_zero_estimator(struct ip_vs_stats *stats);
 /*
@@ -972,11 +1112,13 @@ extern int ip_vs_icmp_xmit_v6
 extern int ip_vs_drop_rate;
 extern int ip_vs_drop_counter;
-static __inline__ int ip_vs_todrop(void)
+static inline int ip_vs_todrop(struct netns_ipvs *ipvs)
 {
-        if (!ip_vs_drop_rate) return 0;
+        if (!ipvs->drop_rate)
-        if (--ip_vs_drop_counter > 0) return 0;
+                return 0;
-        ip_vs_drop_counter = ip_vs_drop_rate;
+        if (--ipvs->drop_counter > 0)
+                return 0;
+        ipvs->drop_counter = ipvs->drop_rate;
        return 1;
 }
@@ -1064,9 +1206,9 @@ static inline void ip_vs_notrack(struct sk_buff *skb)
 *      Netfilter connection tracking
 *      (from ip_vs_nfct.c)
 */
-static inline int ip_vs_conntrack_enabled(void)
+static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
 {
-        return sysctl_ip_vs_conntrack;
+        return ipvs->sysctl_conntrack;
 }
 extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
@@ -1079,7 +1221,7 @@ extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp);
 #else
-static inline int ip_vs_conntrack_enabled(void)
+static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
 {
        return 0;
 }