1 files changed, 179 insertions, 19 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index e74da41ebd1b..272f59336b73 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -374,24 +374,9 @@ struct ip_vs_stats {
        struct ip_vs_estimator  est;            /* estimator */
        struct ip_vs_cpu_stats  *cpustats;      /* per cpu counters */
        spinlock_t              lock;           /* spin lock */
+        struct ip_vs_stats_user ustats0;        /* reset values */
 };
-/*
- * Helper Macros for per cpu
- * ipvs->tot_stats->ustats.count
- */
-#define IPVS_STAT_INC(ipvs, count)      \
-        __this_cpu_inc((ipvs)->ustats->count)
-#define IPVS_STAT_ADD(ipvs, count, value) \
-        do {\
-                write_seqcount_begin(per_cpu_ptr((ipvs)->ustats_seq, \
-                                     raw_smp_processor_id())); \
-                __this_cpu_add((ipvs)->ustats->count, value); \
-                write_seqcount_end(per_cpu_ptr((ipvs)->ustats_seq, \
-                                   raw_smp_processor_id())); \
-        } while (0)
 struct dst_entry;
 struct iphdr;
 struct ip_vs_conn;
@@ -803,6 +788,171 @@ struct ip_vs_app {
        void (*timeout_change)(struct ip_vs_app *app, int flags);
 };
+/* IPVS in network namespace */
+struct netns_ipvs {
+        int                     gen;            /* Generation */
+        /*
+         *      Hash table: for real service lookups
+         */
+        #define IP_VS_RTAB_BITS 4
+        #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
+        #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
+        struct list_head        rs_table[IP_VS_RTAB_SIZE];
+        /* ip_vs_app */
+        struct list_head        app_list;
+        struct mutex            app_mutex;
+        struct lock_class_key   app_key;        /* mutex debuging */
+        /* ip_vs_proto */
+        #define IP_VS_PROTO_TAB_SIZE    32      /* must be power of 2 */
+        struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
+        /* ip_vs_proto_tcp */
+#ifdef CONFIG_IP_VS_PROTO_TCP
+        #define TCP_APP_TAB_BITS        4
+        #define TCP_APP_TAB_SIZE        (1 << TCP_APP_TAB_BITS)
+        #define TCP_APP_TAB_MASK        (TCP_APP_TAB_SIZE - 1)
+        struct list_head        tcp_apps[TCP_APP_TAB_SIZE];
+        spinlock_t              tcp_app_lock;
+#endif
+        /* ip_vs_proto_udp */
+#ifdef CONFIG_IP_VS_PROTO_UDP
+        #define UDP_APP_TAB_BITS        4
+        #define UDP_APP_TAB_SIZE        (1 << UDP_APP_TAB_BITS)
+        #define UDP_APP_TAB_MASK        (UDP_APP_TAB_SIZE - 1)
+        struct list_head        udp_apps[UDP_APP_TAB_SIZE];
+        spinlock_t              udp_app_lock;
+#endif
+        /* ip_vs_proto_sctp */
+#ifdef CONFIG_IP_VS_PROTO_SCTP
+        #define SCTP_APP_TAB_BITS       4
+        #define SCTP_APP_TAB_SIZE       (1 << SCTP_APP_TAB_BITS)
+        #define SCTP_APP_TAB_MASK       (SCTP_APP_TAB_SIZE - 1)
+        /* Hash table for SCTP application incarnations  */
+        struct list_head        sctp_apps[SCTP_APP_TAB_SIZE];
+        spinlock_t              sctp_app_lock;
+#endif
+        /* ip_vs_conn */
+        atomic_t                conn_count;      /*  connection counter */
+        /* ip_vs_ctl */
+        struct ip_vs_stats              tot_stats;  /* Statistics & est. */
+        int                     num_services;    /* no of virtual services */
+        rwlock_t                rs_lock;         /* real services table */
+        /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
+        struct lock_class_key   ctl_key;        /* ctl_mutex debuging */
+        /* Trash for destinations */
+        struct list_head        dest_trash;
+        /* Service counters */
+        atomic_t                ftpsvc_counter;
+        atomic_t                nullsvc_counter;
+#ifdef CONFIG_SYSCTL
+        /* 1/rate drop and drop-entry variables */
+        struct delayed_work     defense_work;   /* Work handler */
+        int                     drop_rate;
+        int                     drop_counter;
+        atomic_t                dropentry;
+        /* locks in ctl.c */
+        spinlock_t              dropentry_lock;  /* drop entry handling */
+        spinlock_t              droppacket_lock; /* drop packet handling */
+        spinlock_t              securetcp_lock;  /* state and timeout tables */
+        /* sys-ctl struct */
+        struct ctl_table_header *sysctl_hdr;
+        struct ctl_table        *sysctl_tbl;
+#endif
+        /* sysctl variables */
+        int                     sysctl_amemthresh;
+        int                     sysctl_am_droprate;
+        int                     sysctl_drop_entry;
+        int                     sysctl_drop_packet;
+        int                     sysctl_secure_tcp;
+#ifdef CONFIG_IP_VS_NFCT
+        int                     sysctl_conntrack;
+#endif
+        int                     sysctl_snat_reroute;
+        int                     sysctl_sync_ver;
+        int                     sysctl_cache_bypass;
+        int                     sysctl_expire_nodest_conn;
+        int                     sysctl_expire_quiescent_template;
+        int                     sysctl_sync_threshold[2];
+        int                     sysctl_nat_icmp_send;
+        /* ip_vs_lblc */
+        int                     sysctl_lblc_expiration;
+        struct ctl_table_header *lblc_ctl_header;
+        struct ctl_table        *lblc_ctl_table;
+        /* ip_vs_lblcr */
+        int                     sysctl_lblcr_expiration;
+        struct ctl_table_header *lblcr_ctl_header;
+        struct ctl_table        *lblcr_ctl_table;
+        /* ip_vs_est */
+        struct list_head        est_list;       /* estimator list */
+        spinlock_t              est_lock;
+        struct timer_list       est_timer;      /* Estimation timer */
+        /* ip_vs_sync */
+        struct list_head        sync_queue;
+        spinlock_t              sync_lock;
+        struct ip_vs_sync_buff  *sync_buff;
+        spinlock_t              sync_buff_lock;
+        struct sockaddr_in      sync_mcast_addr;
+        struct task_struct      *master_thread;
+        struct task_struct      *backup_thread;
+        int                     send_mesg_maxlen;
+        int                     recv_mesg_maxlen;
+        volatile int            sync_state;
+        volatile int            master_syncid;
+        volatile int            backup_syncid;
+        /* multicast interface name */
+        char                    master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
+        char                    backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
+        /* net name space ptr */
+        struct net              *net;            /* Needed by timer routines */
+};
+#define DEFAULT_SYNC_THRESHOLD  3
+#define DEFAULT_SYNC_PERIOD     50
+#define DEFAULT_SYNC_VER        1
+#ifdef CONFIG_SYSCTL
+static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
+{
+        return ipvs->sysctl_sync_threshold[0];
+}
+static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
+{
+        return ipvs->sysctl_sync_threshold[1];
+}
+static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
+{
+        return ipvs->sysctl_sync_ver;
+}
+#else
+static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
+{
+        return DEFAULT_SYNC_THRESHOLD;
+}
+static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
+{
+        return DEFAULT_SYNC_PERIOD;
+}
+static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
+{
+        return DEFAULT_SYNC_VER;
+}
+#endif
 /*
 *      IPVS core functions
@@ -1071,9 +1221,11 @@ extern void ip_vs_sync_cleanup(void);
 */
 extern int ip_vs_estimator_init(void);
 extern void ip_vs_estimator_cleanup(void);
-extern void ip_vs_new_estimator(struct net *net, struct ip_vs_stats *stats);
+extern void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats);
-extern void ip_vs_kill_estimator(struct net *net, struct ip_vs_stats *stats);
+extern void ip_vs_stop_estimator(struct net *net, struct ip_vs_stats *stats);
 extern void ip_vs_zero_estimator(struct ip_vs_stats *stats);
+extern void ip_vs_read_estimator(struct ip_vs_stats_user *dst,
+                                 struct ip_vs_stats *stats);
 /*
 *      Various IPVS packet transmitters (from ip_vs_xmit.c)
@@ -1106,6 +1258,7 @@ extern int ip_vs_icmp_xmit_v6
 int offset);
 #endif
+#ifdef CONFIG_SYSCTL
 /*
 *      This is a simple mechanism to ignore packets when
 *      we are loaded. Just set ip_vs_drop_rate to 'n' and
@@ -1121,6 +1274,9 @@ static inline int ip_vs_todrop(struct netns_ipvs *ipvs)
        ipvs->drop_counter = ipvs->drop_rate;
        return 1;
 }
+#else
+static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; }
+#endif
 /*
 *      ip_vs_fwd_tag returns the forwarding tag of the connection
@@ -1190,7 +1346,7 @@ static inline void ip_vs_notrack(struct sk_buff *skb)
 {
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        enum ip_conntrack_info ctinfo;
-        struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo);
+        struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
        if (!ct || !nf_ct_is_untracked(ct)) {
                nf_reset(skb);
@@ -1208,7 +1364,11 @@ static inline void ip_vs_notrack(struct sk_buff *skb)
 */
 static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
 {
+#ifdef CONFIG_SYSCTL
        return ipvs->sysctl_conntrack;
+#else
+        return 0;
+#endif
 }
 extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,

diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index e74da41ebd1b..272f59336b73 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h
@@ -374,24 +374,9 @@ struct ip_vs_stats {
374	struct ip_vs_estimator est; /* estimator */	374	struct ip_vs_estimator est; /* estimator */
375	struct ip_vs_cpu_stats cpustats; / per cpu counters */	375	struct ip_vs_cpu_stats cpustats; / per cpu counters */
376	spinlock_t lock; /* spin lock */	376	spinlock_t lock; /* spin lock */
		377	struct ip_vs_stats_user ustats0; /* reset values */
377	};	378	};
378		379
379	/*
380	* Helper Macros for per cpu
381	* ipvs->tot_stats->ustats.count
382	*/
383	#define IPVS_STAT_INC(ipvs, count) \
384	__this_cpu_inc((ipvs)->ustats->count)
385
386	#define IPVS_STAT_ADD(ipvs, count, value) \
387	do {\
388	write_seqcount_begin(per_cpu_ptr((ipvs)->ustats_seq, \
389	raw_smp_processor_id())); \
390	__this_cpu_add((ipvs)->ustats->count, value); \
391	write_seqcount_end(per_cpu_ptr((ipvs)->ustats_seq, \
392	raw_smp_processor_id())); \
393	} while (0)
394
395	struct dst_entry;	380	struct dst_entry;
396	struct iphdr;	381	struct iphdr;
397	struct ip_vs_conn;	382	struct ip_vs_conn;
@@ -803,6 +788,171 @@ struct ip_vs_app {
803	void (timeout_change)(struct ip_vs_app app, int flags);	788	void (timeout_change)(struct ip_vs_app app, int flags);
804	};	789	};
805		790
		791	/* IPVS in network namespace */
		792	struct netns_ipvs {
		793	int gen; /* Generation */
		794	/*
		795	* Hash table: for real service lookups
		796	*/
		797	#define IP_VS_RTAB_BITS 4
		798	#define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
		799	#define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
		800
		801	struct list_head rs_table[IP_VS_RTAB_SIZE];
		802	/* ip_vs_app */
		803	struct list_head app_list;
		804	struct mutex app_mutex;
		805	struct lock_class_key app_key; /* mutex debuging */
		806
		807	/* ip_vs_proto */
		808	#define IP_VS_PROTO_TAB_SIZE 32 /* must be power of 2 */
		809	struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
		810	/* ip_vs_proto_tcp */
		811	#ifdef CONFIG_IP_VS_PROTO_TCP
		812	#define TCP_APP_TAB_BITS 4
		813	#define TCP_APP_TAB_SIZE (1 << TCP_APP_TAB_BITS)
		814	#define TCP_APP_TAB_MASK (TCP_APP_TAB_SIZE - 1)
		815	struct list_head tcp_apps[TCP_APP_TAB_SIZE];
		816	spinlock_t tcp_app_lock;
		817	#endif
		818	/* ip_vs_proto_udp */
		819	#ifdef CONFIG_IP_VS_PROTO_UDP
		820	#define UDP_APP_TAB_BITS 4
		821	#define UDP_APP_TAB_SIZE (1 << UDP_APP_TAB_BITS)
		822	#define UDP_APP_TAB_MASK (UDP_APP_TAB_SIZE - 1)
		823	struct list_head udp_apps[UDP_APP_TAB_SIZE];
		824	spinlock_t udp_app_lock;
		825	#endif
		826	/* ip_vs_proto_sctp */
		827	#ifdef CONFIG_IP_VS_PROTO_SCTP
		828	#define SCTP_APP_TAB_BITS 4
		829	#define SCTP_APP_TAB_SIZE (1 << SCTP_APP_TAB_BITS)
		830	#define SCTP_APP_TAB_MASK (SCTP_APP_TAB_SIZE - 1)
		831	/* Hash table for SCTP application incarnations */
		832	struct list_head sctp_apps[SCTP_APP_TAB_SIZE];
		833	spinlock_t sctp_app_lock;
		834	#endif
		835	/* ip_vs_conn */
		836	atomic_t conn_count; /* connection counter */
		837
		838	/* ip_vs_ctl */
		839	struct ip_vs_stats tot_stats; /* Statistics & est. */
		840
		841	int num_services; /* no of virtual services */
		842
		843	rwlock_t rs_lock; /* real services table */
		844	/* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
		845	struct lock_class_key ctl_key; /* ctl_mutex debuging */
		846	/* Trash for destinations */
		847	struct list_head dest_trash;
		848	/* Service counters */
		849	atomic_t ftpsvc_counter;
		850	atomic_t nullsvc_counter;
		851
		852	#ifdef CONFIG_SYSCTL
		853	/* 1/rate drop and drop-entry variables */
		854	struct delayed_work defense_work; /* Work handler */
		855	int drop_rate;
		856	int drop_counter;
		857	atomic_t dropentry;
		858	/* locks in ctl.c */
		859	spinlock_t dropentry_lock; /* drop entry handling */
		860	spinlock_t droppacket_lock; /* drop packet handling */
		861	spinlock_t securetcp_lock; /* state and timeout tables */
		862
		863	/* sys-ctl struct */
		864	struct ctl_table_header *sysctl_hdr;
		865	struct ctl_table *sysctl_tbl;
		866	#endif
		867
		868	/* sysctl variables */
		869	int sysctl_amemthresh;
		870	int sysctl_am_droprate;
		871	int sysctl_drop_entry;
		872	int sysctl_drop_packet;
		873	int sysctl_secure_tcp;
		874	#ifdef CONFIG_IP_VS_NFCT
		875	int sysctl_conntrack;
		876	#endif
		877	int sysctl_snat_reroute;
		878	int sysctl_sync_ver;
		879	int sysctl_cache_bypass;
		880	int sysctl_expire_nodest_conn;
		881	int sysctl_expire_quiescent_template;
		882	int sysctl_sync_threshold[2];
		883	int sysctl_nat_icmp_send;
		884
		885	/* ip_vs_lblc */
		886	int sysctl_lblc_expiration;
		887	struct ctl_table_header *lblc_ctl_header;
		888	struct ctl_table *lblc_ctl_table;
		889	/* ip_vs_lblcr */
		890	int sysctl_lblcr_expiration;
		891	struct ctl_table_header *lblcr_ctl_header;
		892	struct ctl_table *lblcr_ctl_table;
		893	/* ip_vs_est */
		894	struct list_head est_list; /* estimator list */
		895	spinlock_t est_lock;
		896	struct timer_list est_timer; /* Estimation timer */
		897	/* ip_vs_sync */
		898	struct list_head sync_queue;
		899	spinlock_t sync_lock;
		900	struct ip_vs_sync_buff *sync_buff;
		901	spinlock_t sync_buff_lock;
		902	struct sockaddr_in sync_mcast_addr;
		903	struct task_struct *master_thread;
		904	struct task_struct *backup_thread;
		905	int send_mesg_maxlen;
		906	int recv_mesg_maxlen;
		907	volatile int sync_state;
		908	volatile int master_syncid;
		909	volatile int backup_syncid;
		910	/* multicast interface name */
		911	char master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
		912	char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
		913	/* net name space ptr */
		914	struct net net; / Needed by timer routines */
		915	};
		916
		917	#define DEFAULT_SYNC_THRESHOLD 3
		918	#define DEFAULT_SYNC_PERIOD 50
		919	#define DEFAULT_SYNC_VER 1
		920
		921	#ifdef CONFIG_SYSCTL
		922
		923	static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
		924	{
		925	return ipvs->sysctl_sync_threshold[0];
		926	}
		927
		928	static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
		929	{
		930	return ipvs->sysctl_sync_threshold[1];
		931	}
		932
		933	static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
		934	{
		935	return ipvs->sysctl_sync_ver;
		936	}
		937
		938	#else
		939
		940	static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
		941	{
		942	return DEFAULT_SYNC_THRESHOLD;
		943	}
		944
		945	static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
		946	{
		947	return DEFAULT_SYNC_PERIOD;
		948	}
		949
		950	static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
		951	{
		952	return DEFAULT_SYNC_VER;
		953	}
		954
		955	#endif
806		956
807	/*	957	/*
808	* IPVS core functions	958	* IPVS core functions
@@ -1071,9 +1221,11 @@ extern void ip_vs_sync_cleanup(void);
1071	*/	1221	*/
1072	extern int ip_vs_estimator_init(void);	1222	extern int ip_vs_estimator_init(void);
1073	extern void ip_vs_estimator_cleanup(void);	1223	extern void ip_vs_estimator_cleanup(void);
1074	extern void ip_vs_new_estimator(struct net net, struct ip_vs_stats stats);	1224	extern void ip_vs_start_estimator(struct net net, struct ip_vs_stats stats);
1075	extern void ip_vs_kill_estimator(struct net net, struct ip_vs_stats stats);	1225	extern void ip_vs_stop_estimator(struct net net, struct ip_vs_stats stats);
1076	extern void ip_vs_zero_estimator(struct ip_vs_stats *stats);	1226	extern void ip_vs_zero_estimator(struct ip_vs_stats *stats);
		1227	extern void ip_vs_read_estimator(struct ip_vs_stats_user *dst,
		1228	struct ip_vs_stats *stats);
1077		1229
1078	/*	1230	/*
1079	* Various IPVS packet transmitters (from ip_vs_xmit.c)	1231	* Various IPVS packet transmitters (from ip_vs_xmit.c)
@@ -1106,6 +1258,7 @@ extern int ip_vs_icmp_xmit_v6
1106	int offset);	1258	int offset);
1107	#endif	1259	#endif
1108		1260
		1261	#ifdef CONFIG_SYSCTL
1109	/*	1262	/*
1110	* This is a simple mechanism to ignore packets when	1263	* This is a simple mechanism to ignore packets when
1111	* we are loaded. Just set ip_vs_drop_rate to 'n' and	1264	* we are loaded. Just set ip_vs_drop_rate to 'n' and
@@ -1121,6 +1274,9 @@ static inline int ip_vs_todrop(struct netns_ipvs *ipvs)
1121	ipvs->drop_counter = ipvs->drop_rate;	1274	ipvs->drop_counter = ipvs->drop_rate;
1122	return 1;	1275	return 1;
1123	}	1276	}
		1277	#else
		1278	static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; }
		1279	#endif
1124		1280
1125	/*	1281	/*
1126	* ip_vs_fwd_tag returns the forwarding tag of the connection	1282	* ip_vs_fwd_tag returns the forwarding tag of the connection
@@ -1190,7 +1346,7 @@ static inline void ip_vs_notrack(struct sk_buff *skb)
1190	{	1346	{
1191	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)	1347	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
1192	enum ip_conntrack_info ctinfo;	1348	enum ip_conntrack_info ctinfo;
1193	struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo);	1349	struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1194		1350
1195	if (!ct \|\| !nf_ct_is_untracked(ct)) {	1351	if (!ct \|\| !nf_ct_is_untracked(ct)) {
1196	nf_reset(skb);	1352	nf_reset(skb);
@@ -1208,7 +1364,11 @@ static inline void ip_vs_notrack(struct sk_buff *skb)
1208	*/	1364	*/
1209	static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)	1365	static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
1210	{	1366	{
		1367	#ifdef CONFIG_SYSCTL
1211	return ipvs->sysctl_conntrack;	1368	return ipvs->sysctl_conntrack;
		1369	#else
		1370	return 0;
		1371	#endif
1212	}	1372	}
1213		1373
1214	extern void ip_vs_update_conntrack(struct sk_buff skb, struct ip_vs_conn cp,	1374	extern void ip_vs_update_conntrack(struct sk_buff skb, struct ip_vs_conn cp,