1 files changed, 156 insertions, 27 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index a4747a0f7303..b7bbd6c28cfa 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -25,7 +25,9 @@
 #include <linux/ip.h>
 #include <linux/ipv6.h>                 /* for struct ipv6hdr */
 #include <net/ipv6.h>                   /* for ipv6_addr_copy */
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+#include <net/netfilter/nf_conntrack.h>
+#endif
 /* Connections' size value needed by ip_vs_ctl.c */
 extern int ip_vs_conn_tab_size;
@@ -134,24 +136,24 @@ static inline const char *ip_vs_dbg_addr(int af, char *buf, size_t buf_len,
                if (net_ratelimit())                                    \
                        printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__);  \
        } while (0)
-#define IP_VS_DBG_PKT(level, pp, skb, ofs, msg)                         \
+#define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg)                     \
        do {                                                            \
                if (level <= ip_vs_get_debug_level())                   \
-                        pp->debug_packet(pp, skb, ofs, msg);            \
+                        pp->debug_packet(af, pp, skb, ofs, msg);        \
        } while (0)
-#define IP_VS_DBG_RL_PKT(level, pp, skb, ofs, msg)                      \
+#define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg)                  \
        do {                                                            \
                if (level <= ip_vs_get_debug_level() &&                 \
                    net_ratelimit())                                    \
-                        pp->debug_packet(pp, skb, ofs, msg);            \
+                        pp->debug_packet(af, pp, skb, ofs, msg);        \
        } while (0)
 #else   /* NO DEBUGGING at ALL */
 #define IP_VS_DBG_BUF(level, msg...)  do {} while (0)
 #define IP_VS_ERR_BUF(msg...)  do {} while (0)
 #define IP_VS_DBG(level, msg...)  do {} while (0)
 #define IP_VS_DBG_RL(msg...)  do {} while (0)
-#define IP_VS_DBG_PKT(level, pp, skb, ofs, msg)         do {} while (0)
+#define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg)     do {} while (0)
-#define IP_VS_DBG_RL_PKT(level, pp, skb, ofs, msg)      do {} while (0)
+#define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg)  do {} while (0)
 #endif
 #define IP_VS_BUG() BUG()
@@ -343,7 +345,7 @@ struct ip_vs_protocol {
        int (*app_conn_bind)(struct ip_vs_conn *cp);
-        void (*debug_packet)(struct ip_vs_protocol *pp,
+        void (*debug_packet)(int af, struct ip_vs_protocol *pp,
                             const struct sk_buff *skb,
                             int offset,
                             const char *msg);
@@ -355,6 +357,19 @@ struct ip_vs_protocol {
 extern struct ip_vs_protocol * ip_vs_proto_get(unsigned short proto);
+struct ip_vs_conn_param {
+        const union nf_inet_addr        *caddr;
+        const union nf_inet_addr        *vaddr;
+        __be16                          cport;
+        __be16                          vport;
+        __u16                           protocol;
+        u16                             af;
+        const struct ip_vs_pe           *pe;
+        char                            *pe_data;
+        __u8                            pe_data_len;
+};
 /*
 *      IP_VS structure allocated for each dynamically scheduled connection
 */
@@ -366,6 +381,7 @@ struct ip_vs_conn {
        union nf_inet_addr       caddr;          /* client address */
        union nf_inet_addr       vaddr;          /* virtual address */
        union nf_inet_addr       daddr;          /* destination address */
+        volatile __u32           flags;          /* status flags */
        __be16                   cport;
        __be16                   vport;
        __be16                   dport;
@@ -378,7 +394,6 @@ struct ip_vs_conn {
        /* Flags and state transition */
        spinlock_t              lock;           /* lock for state transition */
-        volatile __u16          flags;          /* status flags */
        volatile __u16          state;          /* state info */
        volatile __u16          old_state;      /* old state, to be used for
                                                 * state transition triggerd
@@ -394,6 +409,7 @@ struct ip_vs_conn {
        /* packet transmitter for different forwarding methods.  If it
           mangles the packet, it must return NF_DROP or better NF_STOLEN,
           otherwise this must be changed to a sk_buff **.
+           NF_ACCEPT can be returned when destination is local.
         */
        int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp,
                           struct ip_vs_protocol *pp);
@@ -405,6 +421,9 @@ struct ip_vs_conn {
        void                    *app_data;      /* Application private data */
        struct ip_vs_seq        in_seq;         /* incoming seq. struct */
        struct ip_vs_seq        out_seq;        /* outgoing seq. struct */
+        char                    *pe_data;
+        __u8                    pe_data_len;
 };
@@ -426,6 +445,7 @@ struct ip_vs_service_user_kern {
        /* virtual service options */
        char                    *sched_name;
+        char                    *pe_name;
        unsigned                flags;          /* virtual service flags */
        unsigned                timeout;        /* persistent timeout in sec */
        u32                     netmask;        /* persistent netmask */
@@ -475,6 +495,9 @@ struct ip_vs_service {
        struct ip_vs_scheduler  *scheduler;    /* bound scheduler object */
        rwlock_t                sched_lock;    /* lock sched_data */
        void                    *sched_data;   /* scheduler application data */
+        /* alternate persistence engine */
+        struct ip_vs_pe         *pe;
 };
@@ -507,6 +530,10 @@ struct ip_vs_dest {
        spinlock_t              dst_lock;       /* lock of dst_cache */
        struct dst_entry        *dst_cache;     /* destination cache entry */
        u32                     dst_rtos;       /* RT_TOS(tos) for dst */
+        u32                     dst_cookie;
+#ifdef CONFIG_IP_VS_IPV6
+        struct in6_addr         dst_saddr;
+#endif
        /* for virtual service */
        struct ip_vs_service    *svc;           /* service it belongs to */
@@ -538,6 +565,21 @@ struct ip_vs_scheduler {
                                       const struct sk_buff *skb);
 };
+/* The persistence engine object */
+struct ip_vs_pe {
+        struct list_head        n_list;         /* d-linked list head */
+        char                    *name;          /* scheduler name */
+        atomic_t                refcnt;         /* reference counter */
+        struct module           *module;        /* THIS_MODULE/NULL */
+        /* get the connection template, if any */
+        int (*fill_param)(struct ip_vs_conn_param *p, struct sk_buff *skb);
+        bool (*ct_match)(const struct ip_vs_conn_param *p,
+                         struct ip_vs_conn *ct);
+        u32 (*hashkey_raw)(const struct ip_vs_conn_param *p, u32 initval,
+                           bool inverse);
+        int (*show_pe_data)(const struct ip_vs_conn *cp, char *buf);
+};
 /*
 *      The application module object (a.k.a. app incarnation)
@@ -556,11 +598,19 @@ struct ip_vs_app {
        __be16                  port;           /* port number in net order */
        atomic_t                usecnt;         /* usage counter */
-        /* output hook: return false if can't linearize. diff set for TCP.  */
+        /*
+         * output hook: Process packet in inout direction, diff set for TCP.
+         * Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok,
+         *         2=Mangled but checksum was not updated
+         */
        int (*pkt_out)(struct ip_vs_app *, struct ip_vs_conn *,
                       struct sk_buff *, int *diff);
-        /* input hook: return false if can't linearize. diff set for TCP. */
+        /*
+         * input hook: Process packet in outin direction, diff set for TCP.
+         * Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok,
+         *         2=Mangled but checksum was not updated
+         */
        int (*pkt_in)(struct ip_vs_app *, struct ip_vs_conn *,
                      struct sk_buff *, int *diff);
@@ -624,13 +674,25 @@ enum {
        IP_VS_DIR_LAST,
 };
-extern struct ip_vs_conn *ip_vs_conn_in_get
+static inline void ip_vs_conn_fill_param(int af, int protocol,
-(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
+                                         const union nf_inet_addr *caddr,
- const union nf_inet_addr *d_addr, __be16 d_port);
+                                         __be16 cport,
+                                         const union nf_inet_addr *vaddr,
+                                         __be16 vport,
+                                         struct ip_vs_conn_param *p)
+{
+        p->af = af;
+        p->protocol = protocol;
+        p->caddr = caddr;
+        p->cport = cport;
+        p->vaddr = vaddr;
+        p->vport = vport;
+        p->pe = NULL;
+        p->pe_data = NULL;
+}
-extern struct ip_vs_conn *ip_vs_ct_in_get
+struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p);
-(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
+struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p);
- const union nf_inet_addr *d_addr, __be16 d_port);
 struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
                                            struct ip_vs_protocol *pp,
@@ -638,9 +700,7 @@ struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
                                            unsigned int proto_off,
                                            int inverse);
-extern struct ip_vs_conn *ip_vs_conn_out_get
+struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);
-(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
- const union nf_inet_addr *d_addr, __be16 d_port);
 struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
                                             struct ip_vs_protocol *pp,
@@ -656,11 +716,10 @@ static inline void __ip_vs_conn_put(struct ip_vs_conn *cp)
 extern void ip_vs_conn_put(struct ip_vs_conn *cp);
 extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);
-extern struct ip_vs_conn *
+struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p,
-ip_vs_conn_new(int af, int proto, const union nf_inet_addr *caddr, __be16 cport,
+                                  const union nf_inet_addr *daddr,
-               const union nf_inet_addr *vaddr, __be16 vport,
+                                  __be16 dport, unsigned flags,
-               const union nf_inet_addr *daddr, __be16 dport, unsigned flags,
+                                  struct ip_vs_dest *dest);
-               struct ip_vs_dest *dest);
 extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);
 extern const char * ip_vs_state_name(__u16 proto, int state);
@@ -751,6 +810,12 @@ extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff *skb);
 extern int ip_vs_app_init(void);
 extern void ip_vs_app_cleanup(void);
+void ip_vs_bind_pe(struct ip_vs_service *svc, struct ip_vs_pe *pe);
+void ip_vs_unbind_pe(struct ip_vs_service *svc);
+int register_ip_vs_pe(struct ip_vs_pe *pe);
+int unregister_ip_vs_pe(struct ip_vs_pe *pe);
+extern struct ip_vs_pe *ip_vs_pe_get(const char *name);
+extern void ip_vs_pe_put(struct ip_vs_pe *pe);
 /*
 *      IPVS protocol functions (from ip_vs_proto.c)
@@ -763,7 +828,8 @@ extern int
 ip_vs_set_state_timeout(int *table, int num, const char *const *names,
                        const char *name, int to);
 extern void
-ip_vs_tcpudp_debug_packet(struct ip_vs_protocol *pp, const struct sk_buff *skb,
+ip_vs_tcpudp_debug_packet(int af, struct ip_vs_protocol *pp,
+                          const struct sk_buff *skb,
                          int offset, const char *msg);
 extern struct ip_vs_protocol ip_vs_protocol_tcp;
@@ -785,7 +851,8 @@ extern int ip_vs_unbind_scheduler(struct ip_vs_service *svc);
 extern struct ip_vs_scheduler *ip_vs_scheduler_get(const char *sched_name);
 extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);
 extern struct ip_vs_conn *
-ip_vs_schedule(struct ip_vs_service *svc, const struct sk_buff *skb);
+ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,
+               struct ip_vs_protocol *pp, int *ignored);
 extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
                        struct ip_vs_protocol *pp);
@@ -798,6 +865,8 @@ extern int sysctl_ip_vs_expire_nodest_conn;
 extern int sysctl_ip_vs_expire_quiescent_template;
 extern int sysctl_ip_vs_sync_threshold[2];
 extern int sysctl_ip_vs_nat_icmp_send;
+extern int sysctl_ip_vs_conntrack;
+extern int sysctl_ip_vs_snat_reroute;
 extern struct ip_vs_stats ip_vs_stats;
 extern const struct ctl_path net_vs_ctl_path[];
@@ -955,6 +1024,66 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum)
        return csum_partial(diff, sizeof(diff), oldsum);
 }
+/*
+ * Forget current conntrack (unconfirmed) and attach notrack entry
+ */
+static inline void ip_vs_notrack(struct sk_buff *skb)
+{
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+        enum ip_conntrack_info ctinfo;
+        struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo);
+        if (!ct || !nf_ct_is_untracked(ct)) {
+                nf_reset(skb);
+                skb->nfct = &nf_ct_untracked_get()->ct_general;
+                skb->nfctinfo = IP_CT_NEW;
+                nf_conntrack_get(skb->nfct);
+        }
+#endif
+}
+#ifdef CONFIG_IP_VS_NFCT
+/*
+ *      Netfilter connection tracking
+ *      (from ip_vs_nfct.c)
+ */
+static inline int ip_vs_conntrack_enabled(void)
+{
+        return sysctl_ip_vs_conntrack;
+}
+extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
+                                   int outin);
+extern int ip_vs_confirm_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp);
+extern void ip_vs_nfct_expect_related(struct sk_buff *skb, struct nf_conn *ct,
+                                      struct ip_vs_conn *cp, u_int8_t proto,
+                                      const __be16 port, int from_rs);
+extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp);
+#else
+static inline int ip_vs_conntrack_enabled(void)
+{
+        return 0;
+}
+static inline void ip_vs_update_conntrack(struct sk_buff *skb,
+                                          struct ip_vs_conn *cp, int outin)
+{
+}
+static inline int ip_vs_confirm_conntrack(struct sk_buff *skb,
+                                          struct ip_vs_conn *cp)
+{
+        return NF_ACCEPT;
+}
+static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
+{
+}
+/* CONFIG_IP_VS_NFCT */
+#endif
 #endif /* __KERNEL__ */
 #endif  /* _NET_IP_VS_H */

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index a4747a0f7303..b7bbd6c28cfa 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h
@@ -25,7 +25,9 @@
25	#include <linux/ip.h>	25	#include <linux/ip.h>
26	#include <linux/ipv6.h> /* for struct ipv6hdr */	26	#include <linux/ipv6.h> /* for struct ipv6hdr */
27	#include <net/ipv6.h> /* for ipv6_addr_copy */	27	#include <net/ipv6.h> /* for ipv6_addr_copy */
28		28	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
		29	#include <net/netfilter/nf_conntrack.h>
		30	#endif
29		31
30	/* Connections' size value needed by ip_vs_ctl.c */	32	/* Connections' size value needed by ip_vs_ctl.c */
31	extern int ip_vs_conn_tab_size;	33	extern int ip_vs_conn_tab_size;
@@ -134,24 +136,24 @@ static inline const char ip_vs_dbg_addr(int af, char buf, size_t buf_len,
134	if (net_ratelimit()) \	136	if (net_ratelimit()) \
135	printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \	137	printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \
136	} while (0)	138	} while (0)
137	#define IP_VS_DBG_PKT(level, pp, skb, ofs, msg) \	139	#define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg) \
138	do { \	140	do { \
139	if (level <= ip_vs_get_debug_level()) \	141	if (level <= ip_vs_get_debug_level()) \
140	pp->debug_packet(pp, skb, ofs, msg); \	142	pp->debug_packet(af, pp, skb, ofs, msg); \
141	} while (0)	143	} while (0)
142	#define IP_VS_DBG_RL_PKT(level, pp, skb, ofs, msg) \	144	#define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg) \
143	do { \	145	do { \
144	if (level <= ip_vs_get_debug_level() && \	146	if (level <= ip_vs_get_debug_level() && \
145	net_ratelimit()) \	147	net_ratelimit()) \
146	pp->debug_packet(pp, skb, ofs, msg); \	148	pp->debug_packet(af, pp, skb, ofs, msg); \
147	} while (0)	149	} while (0)
148	#else /* NO DEBUGGING at ALL */	150	#else /* NO DEBUGGING at ALL */
149	#define IP_VS_DBG_BUF(level, msg...) do {} while (0)	151	#define IP_VS_DBG_BUF(level, msg...) do {} while (0)
150	#define IP_VS_ERR_BUF(msg...) do {} while (0)	152	#define IP_VS_ERR_BUF(msg...) do {} while (0)
151	#define IP_VS_DBG(level, msg...) do {} while (0)	153	#define IP_VS_DBG(level, msg...) do {} while (0)
152	#define IP_VS_DBG_RL(msg...) do {} while (0)	154	#define IP_VS_DBG_RL(msg...) do {} while (0)
153	#define IP_VS_DBG_PKT(level, pp, skb, ofs, msg) do {} while (0)	155	#define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg) do {} while (0)
154	#define IP_VS_DBG_RL_PKT(level, pp, skb, ofs, msg) do {} while (0)	156	#define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg) do {} while (0)
155	#endif	157	#endif
156		158
157	#define IP_VS_BUG() BUG()	159	#define IP_VS_BUG() BUG()
@@ -343,7 +345,7 @@ struct ip_vs_protocol {
343		345
344	int (app_conn_bind)(struct ip_vs_conn cp);	346	int (app_conn_bind)(struct ip_vs_conn cp);
345		347
346	void (debug_packet)(struct ip_vs_protocol pp,	348	void (debug_packet)(int af, struct ip_vs_protocol pp,
347	const struct sk_buff *skb,	349	const struct sk_buff *skb,
348	int offset,	350	int offset,
349	const char *msg);	351	const char *msg);
@@ -355,6 +357,19 @@ struct ip_vs_protocol {
355		357
356	extern struct ip_vs_protocol * ip_vs_proto_get(unsigned short proto);	358	extern struct ip_vs_protocol * ip_vs_proto_get(unsigned short proto);
357		359
		360	struct ip_vs_conn_param {
		361	const union nf_inet_addr *caddr;
		362	const union nf_inet_addr *vaddr;
		363	__be16 cport;
		364	__be16 vport;
		365	__u16 protocol;
		366	u16 af;
		367
		368	const struct ip_vs_pe *pe;
		369	char *pe_data;
		370	__u8 pe_data_len;
		371	};
		372
358	/*	373	/*
359	* IP_VS structure allocated for each dynamically scheduled connection	374	* IP_VS structure allocated for each dynamically scheduled connection
360	*/	375	*/
@@ -366,6 +381,7 @@ struct ip_vs_conn {
366	union nf_inet_addr caddr; /* client address */	381	union nf_inet_addr caddr; /* client address */
367	union nf_inet_addr vaddr; /* virtual address */	382	union nf_inet_addr vaddr; /* virtual address */
368	union nf_inet_addr daddr; /* destination address */	383	union nf_inet_addr daddr; /* destination address */
		384	volatile __u32 flags; /* status flags */
369	__be16 cport;	385	__be16 cport;
370	__be16 vport;	386	__be16 vport;
371	__be16 dport;	387	__be16 dport;
@@ -378,7 +394,6 @@ struct ip_vs_conn {
378		394
379	/* Flags and state transition */	395	/* Flags and state transition */
380	spinlock_t lock; /* lock for state transition */	396	spinlock_t lock; /* lock for state transition */
381	volatile __u16 flags; /* status flags */
382	volatile __u16 state; /* state info */	397	volatile __u16 state; /* state info */
383	volatile __u16 old_state; /* old state, to be used for	398	volatile __u16 old_state; /* old state, to be used for
384	* state transition triggerd	399	* state transition triggerd
@@ -394,6 +409,7 @@ struct ip_vs_conn {
394	/* packet transmitter for different forwarding methods. If it	409	/* packet transmitter for different forwarding methods. If it
395	mangles the packet, it must return NF_DROP or better NF_STOLEN,	410	mangles the packet, it must return NF_DROP or better NF_STOLEN,
396	otherwise this must be changed to a sk_buff **.	411	otherwise this must be changed to a sk_buff **.
		412	NF_ACCEPT can be returned when destination is local.
397	*/	413	*/
398	int (packet_xmit)(struct sk_buff skb, struct ip_vs_conn *cp,	414	int (packet_xmit)(struct sk_buff skb, struct ip_vs_conn *cp,
399	struct ip_vs_protocol *pp);	415	struct ip_vs_protocol *pp);
@@ -405,6 +421,9 @@ struct ip_vs_conn {
405	void app_data; / Application private data */	421	void app_data; / Application private data */
406	struct ip_vs_seq in_seq; /* incoming seq. struct */	422	struct ip_vs_seq in_seq; /* incoming seq. struct */
407	struct ip_vs_seq out_seq; /* outgoing seq. struct */	423	struct ip_vs_seq out_seq; /* outgoing seq. struct */
		424
		425	char *pe_data;
		426	__u8 pe_data_len;
408	};	427	};
409		428
410		429
@@ -426,6 +445,7 @@ struct ip_vs_service_user_kern {
426		445
427	/* virtual service options */	446	/* virtual service options */
428	char *sched_name;	447	char *sched_name;
		448	char *pe_name;
429	unsigned flags; /* virtual service flags */	449	unsigned flags; /* virtual service flags */
430	unsigned timeout; /* persistent timeout in sec */	450	unsigned timeout; /* persistent timeout in sec */
431	u32 netmask; /* persistent netmask */	451	u32 netmask; /* persistent netmask */
@@ -475,6 +495,9 @@ struct ip_vs_service {
475	struct ip_vs_scheduler scheduler; / bound scheduler object */	495	struct ip_vs_scheduler scheduler; / bound scheduler object */
476	rwlock_t sched_lock; /* lock sched_data */	496	rwlock_t sched_lock; /* lock sched_data */
477	void sched_data; / scheduler application data */	497	void sched_data; / scheduler application data */
		498
		499	/* alternate persistence engine */
		500	struct ip_vs_pe *pe;
478	};	501	};
479		502
480		503
@@ -507,6 +530,10 @@ struct ip_vs_dest {
507	spinlock_t dst_lock; /* lock of dst_cache */	530	spinlock_t dst_lock; /* lock of dst_cache */
508	struct dst_entry dst_cache; / destination cache entry */	531	struct dst_entry dst_cache; / destination cache entry */
509	u32 dst_rtos; /* RT_TOS(tos) for dst */	532	u32 dst_rtos; /* RT_TOS(tos) for dst */
		533	u32 dst_cookie;
		534	#ifdef CONFIG_IP_VS_IPV6
		535	struct in6_addr dst_saddr;
		536	#endif
510		537
511	/* for virtual service */	538	/* for virtual service */
512	struct ip_vs_service svc; / service it belongs to */	539	struct ip_vs_service svc; / service it belongs to */
@@ -538,6 +565,21 @@ struct ip_vs_scheduler {
538	const struct sk_buff *skb);	565	const struct sk_buff *skb);
539	};	566	};
540		567
		568	/* The persistence engine object */
		569	struct ip_vs_pe {
		570	struct list_head n_list; /* d-linked list head */
		571	char name; / scheduler name */
		572	atomic_t refcnt; /* reference counter */
		573	struct module module; / THIS_MODULE/NULL */
		574
		575	/* get the connection template, if any */
		576	int (fill_param)(struct ip_vs_conn_param p, struct sk_buff *skb);
		577	bool (ct_match)(const struct ip_vs_conn_param p,
		578	struct ip_vs_conn *ct);
		579	u32 (hashkey_raw)(const struct ip_vs_conn_param p, u32 initval,
		580	bool inverse);
		581	int (show_pe_data)(const struct ip_vs_conn cp, char *buf);
		582	};
541		583
542	/*	584	/*
543	* The application module object (a.k.a. app incarnation)	585	* The application module object (a.k.a. app incarnation)
@@ -556,11 +598,19 @@ struct ip_vs_app {
556	__be16 port; /* port number in net order */	598	__be16 port; /* port number in net order */
557	atomic_t usecnt; /* usage counter */	599	atomic_t usecnt; /* usage counter */
558		600
559	/* output hook: return false if can't linearize. diff set for TCP. */	601	/*
		602	* output hook: Process packet in inout direction, diff set for TCP.
		603	* Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok,
		604	* 2=Mangled but checksum was not updated
		605	*/
560	int (pkt_out)(struct ip_vs_app , struct ip_vs_conn *,	606	int (pkt_out)(struct ip_vs_app , struct ip_vs_conn *,
561	struct sk_buff , int diff);	607	struct sk_buff , int diff);
562		608
563	/* input hook: return false if can't linearize. diff set for TCP. */	609	/*
		610	* input hook: Process packet in outin direction, diff set for TCP.
		611	* Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok,
		612	* 2=Mangled but checksum was not updated
		613	*/
564	int (pkt_in)(struct ip_vs_app , struct ip_vs_conn *,	614	int (pkt_in)(struct ip_vs_app , struct ip_vs_conn *,
565	struct sk_buff , int diff);	615	struct sk_buff , int diff);
566		616
@@ -624,13 +674,25 @@ enum {
624	IP_VS_DIR_LAST,	674	IP_VS_DIR_LAST,
625	};	675	};
626		676
627	extern struct ip_vs_conn *ip_vs_conn_in_get	677	static inline void ip_vs_conn_fill_param(int af, int protocol,
628	(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,	678	const union nf_inet_addr *caddr,
629	const union nf_inet_addr *d_addr, __be16 d_port);	679	__be16 cport,
		680	const union nf_inet_addr *vaddr,
		681	__be16 vport,
		682	struct ip_vs_conn_param *p)
		683	{
		684	p->af = af;
		685	p->protocol = protocol;
		686	p->caddr = caddr;
		687	p->cport = cport;
		688	p->vaddr = vaddr;
		689	p->vport = vport;
		690	p->pe = NULL;
		691	p->pe_data = NULL;
		692	}
630		693
631	extern struct ip_vs_conn *ip_vs_ct_in_get	694	struct ip_vs_conn ip_vs_conn_in_get(const struct ip_vs_conn_param p);
632	(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,	695	struct ip_vs_conn ip_vs_ct_in_get(const struct ip_vs_conn_param p);
633	const union nf_inet_addr *d_addr, __be16 d_port);
634		696
635	struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,	697	struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
636	struct ip_vs_protocol *pp,	698	struct ip_vs_protocol *pp,
@@ -638,9 +700,7 @@ struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
638	unsigned int proto_off,	700	unsigned int proto_off,
639	int inverse);	701	int inverse);
640		702
641	extern struct ip_vs_conn *ip_vs_conn_out_get	703	struct ip_vs_conn ip_vs_conn_out_get(const struct ip_vs_conn_param p);
642	(int af, int protocol, const union nf_inet_addr *s_addr, __be16 s_port,
643	const union nf_inet_addr *d_addr, __be16 d_port);
644		704
645	struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,	705	struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
646	struct ip_vs_protocol *pp,	706	struct ip_vs_protocol *pp,
@@ -656,11 +716,10 @@ static inline void __ip_vs_conn_put(struct ip_vs_conn *cp)
656	extern void ip_vs_conn_put(struct ip_vs_conn *cp);	716	extern void ip_vs_conn_put(struct ip_vs_conn *cp);
657	extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);	717	extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);
658		718
659	extern struct ip_vs_conn *	719	struct ip_vs_conn ip_vs_conn_new(const struct ip_vs_conn_param p,
660	ip_vs_conn_new(int af, int proto, const union nf_inet_addr *caddr, __be16 cport,	720	const union nf_inet_addr *daddr,
661	const union nf_inet_addr *vaddr, __be16 vport,	721	__be16 dport, unsigned flags,
662	const union nf_inet_addr *daddr, __be16 dport, unsigned flags,	722	struct ip_vs_dest *dest);
663	struct ip_vs_dest *dest);
664	extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);	723	extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);
665		724
666	extern const char * ip_vs_state_name(__u16 proto, int state);	725	extern const char * ip_vs_state_name(__u16 proto, int state);
@@ -751,6 +810,12 @@ extern int ip_vs_app_pkt_in(struct ip_vs_conn , struct sk_buff skb);
751	extern int ip_vs_app_init(void);	810	extern int ip_vs_app_init(void);
752	extern void ip_vs_app_cleanup(void);	811	extern void ip_vs_app_cleanup(void);
753		812
		813	void ip_vs_bind_pe(struct ip_vs_service svc, struct ip_vs_pe pe);
		814	void ip_vs_unbind_pe(struct ip_vs_service *svc);
		815	int register_ip_vs_pe(struct ip_vs_pe *pe);
		816	int unregister_ip_vs_pe(struct ip_vs_pe *pe);
		817	extern struct ip_vs_pe ip_vs_pe_get(const char name);
		818	extern void ip_vs_pe_put(struct ip_vs_pe *pe);
754		819
755	/*	820	/*
756	* IPVS protocol functions (from ip_vs_proto.c)	821	* IPVS protocol functions (from ip_vs_proto.c)
@@ -763,7 +828,8 @@ extern int
763	ip_vs_set_state_timeout(int table, int num, const char const *names,	828	ip_vs_set_state_timeout(int table, int num, const char const *names,
764	const char *name, int to);	829	const char *name, int to);
765	extern void	830	extern void
766	ip_vs_tcpudp_debug_packet(struct ip_vs_protocol pp, const struct sk_buff skb,	831	ip_vs_tcpudp_debug_packet(int af, struct ip_vs_protocol *pp,
		832	const struct sk_buff *skb,
767	int offset, const char *msg);	833	int offset, const char *msg);
768		834
769	extern struct ip_vs_protocol ip_vs_protocol_tcp;	835	extern struct ip_vs_protocol ip_vs_protocol_tcp;
@@ -785,7 +851,8 @@ extern int ip_vs_unbind_scheduler(struct ip_vs_service *svc);
785	extern struct ip_vs_scheduler ip_vs_scheduler_get(const char sched_name);	851	extern struct ip_vs_scheduler ip_vs_scheduler_get(const char sched_name);
786	extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);	852	extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);
787	extern struct ip_vs_conn *	853	extern struct ip_vs_conn *
788	ip_vs_schedule(struct ip_vs_service svc, const struct sk_buff skb);	854	ip_vs_schedule(struct ip_vs_service svc, struct sk_buff skb,
		855	struct ip_vs_protocol pp, int ignored);
789	extern int ip_vs_leave(struct ip_vs_service svc, struct sk_buff skb,	856	extern int ip_vs_leave(struct ip_vs_service svc, struct sk_buff skb,
790	struct ip_vs_protocol *pp);	857	struct ip_vs_protocol *pp);
791		858
@@ -798,6 +865,8 @@ extern int sysctl_ip_vs_expire_nodest_conn;
798	extern int sysctl_ip_vs_expire_quiescent_template;	865	extern int sysctl_ip_vs_expire_quiescent_template;
799	extern int sysctl_ip_vs_sync_threshold[2];	866	extern int sysctl_ip_vs_sync_threshold[2];
800	extern int sysctl_ip_vs_nat_icmp_send;	867	extern int sysctl_ip_vs_nat_icmp_send;
		868	extern int sysctl_ip_vs_conntrack;
		869	extern int sysctl_ip_vs_snat_reroute;
801	extern struct ip_vs_stats ip_vs_stats;	870	extern struct ip_vs_stats ip_vs_stats;
802	extern const struct ctl_path net_vs_ctl_path[];	871	extern const struct ctl_path net_vs_ctl_path[];
803		872
@@ -955,6 +1024,66 @@ static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum)
955	return csum_partial(diff, sizeof(diff), oldsum);	1024	return csum_partial(diff, sizeof(diff), oldsum);
956	}	1025	}
957		1026
		1027	/*
		1028	* Forget current conntrack (unconfirmed) and attach notrack entry
		1029	*/
		1030	static inline void ip_vs_notrack(struct sk_buff *skb)
		1031	{
		1032	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
		1033	enum ip_conntrack_info ctinfo;
		1034	struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo);
		1035
		1036	if (!ct \|\| !nf_ct_is_untracked(ct)) {
		1037	nf_reset(skb);
		1038	skb->nfct = &nf_ct_untracked_get()->ct_general;
		1039	skb->nfctinfo = IP_CT_NEW;
		1040	nf_conntrack_get(skb->nfct);
		1041	}
		1042	#endif
		1043	}
		1044
		1045	#ifdef CONFIG_IP_VS_NFCT
		1046	/*
		1047	* Netfilter connection tracking
		1048	* (from ip_vs_nfct.c)
		1049	*/
		1050	static inline int ip_vs_conntrack_enabled(void)
		1051	{
		1052	return sysctl_ip_vs_conntrack;
		1053	}
		1054
		1055	extern void ip_vs_update_conntrack(struct sk_buff skb, struct ip_vs_conn cp,
		1056	int outin);
		1057	extern int ip_vs_confirm_conntrack(struct sk_buff skb, struct ip_vs_conn cp);
		1058	extern void ip_vs_nfct_expect_related(struct sk_buff skb, struct nf_conn ct,
		1059	struct ip_vs_conn *cp, u_int8_t proto,
		1060	const __be16 port, int from_rs);
		1061	extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp);
		1062
		1063	#else
		1064
		1065	static inline int ip_vs_conntrack_enabled(void)
		1066	{
		1067	return 0;
		1068	}
		1069
		1070	static inline void ip_vs_update_conntrack(struct sk_buff *skb,
		1071	struct ip_vs_conn *cp, int outin)
		1072	{
		1073	}
		1074
		1075	static inline int ip_vs_confirm_conntrack(struct sk_buff *skb,
		1076	struct ip_vs_conn *cp)
		1077	{
		1078	return NF_ACCEPT;
		1079	}
		1080
		1081	static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
		1082	{
		1083	}
		1084	/* CONFIG_IP_VS_NFCT */
		1085	#endif
		1086
958	#endif /* __KERNEL__ */	1087	#endif /* __KERNEL__ */
959		1088
960	#endif /* _NET_IP_VS_H */	1089	#endif /* _NET_IP_VS_H */