aboutsummaryrefslogtreecommitdiffstats
path: root/include/net/ip_vs.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/net/ip_vs.h')
-rw-r--r--include/net/ip_vs.h477
1 files changed, 405 insertions, 72 deletions
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index b7bbd6c28cfa..272f59336b73 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -28,6 +28,80 @@
28#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 28#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
29#include <net/netfilter/nf_conntrack.h> 29#include <net/netfilter/nf_conntrack.h>
30#endif 30#endif
31#include <net/net_namespace.h> /* Netw namespace */
32
33/*
34 * Generic access of ipvs struct
35 */
36static inline struct netns_ipvs *net_ipvs(struct net* net)
37{
38 return net->ipvs;
39}
40/*
41 * Get net ptr from skb in traffic cases
42 * use skb_sknet when call is from userland (ioctl or netlink)
43 */
44static inline struct net *skb_net(const struct sk_buff *skb)
45{
46#ifdef CONFIG_NET_NS
47#ifdef CONFIG_IP_VS_DEBUG
48 /*
49 * This is used for debug only.
50 * Start with the most likely hit
51 * End with BUG
52 */
53 if (likely(skb->dev && skb->dev->nd_net))
54 return dev_net(skb->dev);
55 if (skb_dst(skb)->dev)
56 return dev_net(skb_dst(skb)->dev);
57 WARN(skb->sk, "Maybe skb_sknet should be used in %s() at line:%d\n",
58 __func__, __LINE__);
59 if (likely(skb->sk && skb->sk->sk_net))
60 return sock_net(skb->sk);
61 pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
62 __func__, __LINE__);
63 BUG();
64#else
65 return dev_net(skb->dev ? : skb_dst(skb)->dev);
66#endif
67#else
68 return &init_net;
69#endif
70}
71
72static inline struct net *skb_sknet(const struct sk_buff *skb)
73{
74#ifdef CONFIG_NET_NS
75#ifdef CONFIG_IP_VS_DEBUG
76 /* Start with the most likely hit */
77 if (likely(skb->sk && skb->sk->sk_net))
78 return sock_net(skb->sk);
79 WARN(skb->dev, "Maybe skb_net should be used instead in %s() line:%d\n",
80 __func__, __LINE__);
81 if (likely(skb->dev && skb->dev->nd_net))
82 return dev_net(skb->dev);
83 pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
84 __func__, __LINE__);
85 BUG();
86#else
87 return sock_net(skb->sk);
88#endif
89#else
90 return &init_net;
91#endif
92}
93/*
94 * This one needed for single_open_net since net is stored directly in
95 * private not as a struct i.e. seq_file_net cant be used.
96 */
97static inline struct net *seq_file_single_net(struct seq_file *seq)
98{
99#ifdef CONFIG_NET_NS
100 return (struct net *)seq->private;
101#else
102 return &init_net;
103#endif
104}
31 105
32/* Connections' size value needed by ip_vs_ctl.c */ 106/* Connections' size value needed by ip_vs_ctl.c */
33extern int ip_vs_conn_tab_size; 107extern int ip_vs_conn_tab_size;
@@ -258,6 +332,23 @@ struct ip_vs_seq {
258 before last resized pkt */ 332 before last resized pkt */
259}; 333};
260 334
335/*
336 * counters per cpu
337 */
338struct ip_vs_counters {
339 __u32 conns; /* connections scheduled */
340 __u32 inpkts; /* incoming packets */
341 __u32 outpkts; /* outgoing packets */
342 __u64 inbytes; /* incoming bytes */
343 __u64 outbytes; /* outgoing bytes */
344};
345/*
346 * Stats per cpu
347 */
348struct ip_vs_cpu_stats {
349 struct ip_vs_counters ustats;
350 struct u64_stats_sync syncp;
351};
261 352
262/* 353/*
263 * IPVS statistics objects 354 * IPVS statistics objects
@@ -279,10 +370,11 @@ struct ip_vs_estimator {
279}; 370};
280 371
281struct ip_vs_stats { 372struct ip_vs_stats {
282 struct ip_vs_stats_user ustats; /* statistics */ 373 struct ip_vs_stats_user ustats; /* statistics */
283 struct ip_vs_estimator est; /* estimator */ 374 struct ip_vs_estimator est; /* estimator */
284 375 struct ip_vs_cpu_stats *cpustats; /* per cpu counters */
285 spinlock_t lock; /* spin lock */ 376 spinlock_t lock; /* spin lock */
377 struct ip_vs_stats_user ustats0; /* reset values */
286}; 378};
287 379
288struct dst_entry; 380struct dst_entry;
@@ -290,6 +382,7 @@ struct iphdr;
290struct ip_vs_conn; 382struct ip_vs_conn;
291struct ip_vs_app; 383struct ip_vs_app;
292struct sk_buff; 384struct sk_buff;
385struct ip_vs_proto_data;
293 386
294struct ip_vs_protocol { 387struct ip_vs_protocol {
295 struct ip_vs_protocol *next; 388 struct ip_vs_protocol *next;
@@ -297,21 +390,22 @@ struct ip_vs_protocol {
297 u16 protocol; 390 u16 protocol;
298 u16 num_states; 391 u16 num_states;
299 int dont_defrag; 392 int dont_defrag;
300 atomic_t appcnt; /* counter of proto app incs */
301 int *timeout_table; /* protocol timeout table */
302 393
303 void (*init)(struct ip_vs_protocol *pp); 394 void (*init)(struct ip_vs_protocol *pp);
304 395
305 void (*exit)(struct ip_vs_protocol *pp); 396 void (*exit)(struct ip_vs_protocol *pp);
306 397
398 void (*init_netns)(struct net *net, struct ip_vs_proto_data *pd);
399
400 void (*exit_netns)(struct net *net, struct ip_vs_proto_data *pd);
401
307 int (*conn_schedule)(int af, struct sk_buff *skb, 402 int (*conn_schedule)(int af, struct sk_buff *skb,
308 struct ip_vs_protocol *pp, 403 struct ip_vs_proto_data *pd,
309 int *verdict, struct ip_vs_conn **cpp); 404 int *verdict, struct ip_vs_conn **cpp);
310 405
311 struct ip_vs_conn * 406 struct ip_vs_conn *
312 (*conn_in_get)(int af, 407 (*conn_in_get)(int af,
313 const struct sk_buff *skb, 408 const struct sk_buff *skb,
314 struct ip_vs_protocol *pp,
315 const struct ip_vs_iphdr *iph, 409 const struct ip_vs_iphdr *iph,
316 unsigned int proto_off, 410 unsigned int proto_off,
317 int inverse); 411 int inverse);
@@ -319,7 +413,6 @@ struct ip_vs_protocol {
319 struct ip_vs_conn * 413 struct ip_vs_conn *
320 (*conn_out_get)(int af, 414 (*conn_out_get)(int af,
321 const struct sk_buff *skb, 415 const struct sk_buff *skb,
322 struct ip_vs_protocol *pp,
323 const struct ip_vs_iphdr *iph, 416 const struct ip_vs_iphdr *iph,
324 unsigned int proto_off, 417 unsigned int proto_off,
325 int inverse); 418 int inverse);
@@ -337,11 +430,11 @@ struct ip_vs_protocol {
337 430
338 int (*state_transition)(struct ip_vs_conn *cp, int direction, 431 int (*state_transition)(struct ip_vs_conn *cp, int direction,
339 const struct sk_buff *skb, 432 const struct sk_buff *skb,
340 struct ip_vs_protocol *pp); 433 struct ip_vs_proto_data *pd);
341 434
342 int (*register_app)(struct ip_vs_app *inc); 435 int (*register_app)(struct net *net, struct ip_vs_app *inc);
343 436
344 void (*unregister_app)(struct ip_vs_app *inc); 437 void (*unregister_app)(struct net *net, struct ip_vs_app *inc);
345 438
346 int (*app_conn_bind)(struct ip_vs_conn *cp); 439 int (*app_conn_bind)(struct ip_vs_conn *cp);
347 440
@@ -350,14 +443,26 @@ struct ip_vs_protocol {
350 int offset, 443 int offset,
351 const char *msg); 444 const char *msg);
352 445
353 void (*timeout_change)(struct ip_vs_protocol *pp, int flags); 446 void (*timeout_change)(struct ip_vs_proto_data *pd, int flags);
447};
354 448
355 int (*set_state_timeout)(struct ip_vs_protocol *pp, char *sname, int to); 449/*
450 * protocol data per netns
451 */
452struct ip_vs_proto_data {
453 struct ip_vs_proto_data *next;
454 struct ip_vs_protocol *pp;
455 int *timeout_table; /* protocol timeout table */
456 atomic_t appcnt; /* counter of proto app incs. */
457 struct tcp_states_t *tcp_state_table;
356}; 458};
357 459
358extern struct ip_vs_protocol * ip_vs_proto_get(unsigned short proto); 460extern struct ip_vs_protocol *ip_vs_proto_get(unsigned short proto);
461extern struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net,
462 unsigned short proto);
359 463
360struct ip_vs_conn_param { 464struct ip_vs_conn_param {
465 struct net *net;
361 const union nf_inet_addr *caddr; 466 const union nf_inet_addr *caddr;
362 const union nf_inet_addr *vaddr; 467 const union nf_inet_addr *vaddr;
363 __be16 cport; 468 __be16 cport;
@@ -374,17 +479,20 @@ struct ip_vs_conn_param {
374 * IP_VS structure allocated for each dynamically scheduled connection 479 * IP_VS structure allocated for each dynamically scheduled connection
375 */ 480 */
376struct ip_vs_conn { 481struct ip_vs_conn {
377 struct list_head c_list; /* hashed list heads */ 482 struct hlist_node c_list; /* hashed list heads */
378 483#ifdef CONFIG_NET_NS
484 struct net *net; /* Name space */
485#endif
379 /* Protocol, addresses and port numbers */ 486 /* Protocol, addresses and port numbers */
380 u16 af; /* address family */ 487 u16 af; /* address family */
381 union nf_inet_addr caddr; /* client address */ 488 __be16 cport;
382 union nf_inet_addr vaddr; /* virtual address */ 489 __be16 vport;
383 union nf_inet_addr daddr; /* destination address */ 490 __be16 dport;
384 volatile __u32 flags; /* status flags */ 491 __u32 fwmark; /* Fire wall mark from skb */
385 __be16 cport; 492 union nf_inet_addr caddr; /* client address */
386 __be16 vport; 493 union nf_inet_addr vaddr; /* virtual address */
387 __be16 dport; 494 union nf_inet_addr daddr; /* destination address */
495 volatile __u32 flags; /* status flags */
388 __u16 protocol; /* Which protocol (TCP/UDP) */ 496 __u16 protocol; /* Which protocol (TCP/UDP) */
389 497
390 /* counter and timer */ 498 /* counter and timer */
@@ -422,10 +530,38 @@ struct ip_vs_conn {
422 struct ip_vs_seq in_seq; /* incoming seq. struct */ 530 struct ip_vs_seq in_seq; /* incoming seq. struct */
423 struct ip_vs_seq out_seq; /* outgoing seq. struct */ 531 struct ip_vs_seq out_seq; /* outgoing seq. struct */
424 532
533 const struct ip_vs_pe *pe;
425 char *pe_data; 534 char *pe_data;
426 __u8 pe_data_len; 535 __u8 pe_data_len;
427}; 536};
428 537
538/*
539 * To save some memory in conn table when name space is disabled.
540 */
541static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp)
542{
543#ifdef CONFIG_NET_NS
544 return cp->net;
545#else
546 return &init_net;
547#endif
548}
549static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net)
550{
551#ifdef CONFIG_NET_NS
552 cp->net = net;
553#endif
554}
555
556static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp,
557 struct net *net)
558{
559#ifdef CONFIG_NET_NS
560 return cp->net == net;
561#else
562 return 1;
563#endif
564}
429 565
430/* 566/*
431 * Extended internal versions of struct ip_vs_service_user and 567 * Extended internal versions of struct ip_vs_service_user and
@@ -485,6 +621,7 @@ struct ip_vs_service {
485 unsigned flags; /* service status flags */ 621 unsigned flags; /* service status flags */
486 unsigned timeout; /* persistent timeout in ticks */ 622 unsigned timeout; /* persistent timeout in ticks */
487 __be32 netmask; /* grouping granularity */ 623 __be32 netmask; /* grouping granularity */
624 struct net *net;
488 625
489 struct list_head destinations; /* real server d-linked list */ 626 struct list_head destinations; /* real server d-linked list */
490 __u32 num_dests; /* number of servers */ 627 __u32 num_dests; /* number of servers */
@@ -510,8 +647,8 @@ struct ip_vs_dest {
510 struct list_head d_list; /* for table with all the dests */ 647 struct list_head d_list; /* for table with all the dests */
511 648
512 u16 af; /* address family */ 649 u16 af; /* address family */
513 union nf_inet_addr addr; /* IP address of the server */
514 __be16 port; /* port number of the server */ 650 __be16 port; /* port number of the server */
651 union nf_inet_addr addr; /* IP address of the server */
515 volatile unsigned flags; /* dest status flags */ 652 volatile unsigned flags; /* dest status flags */
516 atomic_t conn_flags; /* flags to copy to conn */ 653 atomic_t conn_flags; /* flags to copy to conn */
517 atomic_t weight; /* server weight */ 654 atomic_t weight; /* server weight */
@@ -538,8 +675,8 @@ struct ip_vs_dest {
538 /* for virtual service */ 675 /* for virtual service */
539 struct ip_vs_service *svc; /* service it belongs to */ 676 struct ip_vs_service *svc; /* service it belongs to */
540 __u16 protocol; /* which protocol (TCP/UDP) */ 677 __u16 protocol; /* which protocol (TCP/UDP) */
541 union nf_inet_addr vaddr; /* virtual IP address */
542 __be16 vport; /* virtual port number */ 678 __be16 vport; /* virtual port number */
679 union nf_inet_addr vaddr; /* virtual IP address */
543 __u32 vfwmark; /* firewall mark of service */ 680 __u32 vfwmark; /* firewall mark of service */
544}; 681};
545 682
@@ -651,6 +788,171 @@ struct ip_vs_app {
651 void (*timeout_change)(struct ip_vs_app *app, int flags); 788 void (*timeout_change)(struct ip_vs_app *app, int flags);
652}; 789};
653 790
791/* IPVS in network namespace */
792struct netns_ipvs {
793 int gen; /* Generation */
794 /*
795 * Hash table: for real service lookups
796 */
797 #define IP_VS_RTAB_BITS 4
798 #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
799 #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
800
801 struct list_head rs_table[IP_VS_RTAB_SIZE];
802 /* ip_vs_app */
803 struct list_head app_list;
804 struct mutex app_mutex;
805 struct lock_class_key app_key; /* mutex debuging */
806
807 /* ip_vs_proto */
808 #define IP_VS_PROTO_TAB_SIZE 32 /* must be power of 2 */
809 struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
810 /* ip_vs_proto_tcp */
811#ifdef CONFIG_IP_VS_PROTO_TCP
812 #define TCP_APP_TAB_BITS 4
813 #define TCP_APP_TAB_SIZE (1 << TCP_APP_TAB_BITS)
814 #define TCP_APP_TAB_MASK (TCP_APP_TAB_SIZE - 1)
815 struct list_head tcp_apps[TCP_APP_TAB_SIZE];
816 spinlock_t tcp_app_lock;
817#endif
818 /* ip_vs_proto_udp */
819#ifdef CONFIG_IP_VS_PROTO_UDP
820 #define UDP_APP_TAB_BITS 4
821 #define UDP_APP_TAB_SIZE (1 << UDP_APP_TAB_BITS)
822 #define UDP_APP_TAB_MASK (UDP_APP_TAB_SIZE - 1)
823 struct list_head udp_apps[UDP_APP_TAB_SIZE];
824 spinlock_t udp_app_lock;
825#endif
826 /* ip_vs_proto_sctp */
827#ifdef CONFIG_IP_VS_PROTO_SCTP
828 #define SCTP_APP_TAB_BITS 4
829 #define SCTP_APP_TAB_SIZE (1 << SCTP_APP_TAB_BITS)
830 #define SCTP_APP_TAB_MASK (SCTP_APP_TAB_SIZE - 1)
831 /* Hash table for SCTP application incarnations */
832 struct list_head sctp_apps[SCTP_APP_TAB_SIZE];
833 spinlock_t sctp_app_lock;
834#endif
835 /* ip_vs_conn */
836 atomic_t conn_count; /* connection counter */
837
838 /* ip_vs_ctl */
839 struct ip_vs_stats tot_stats; /* Statistics & est. */
840
841 int num_services; /* no of virtual services */
842
843 rwlock_t rs_lock; /* real services table */
844 /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
845 struct lock_class_key ctl_key; /* ctl_mutex debuging */
846 /* Trash for destinations */
847 struct list_head dest_trash;
848 /* Service counters */
849 atomic_t ftpsvc_counter;
850 atomic_t nullsvc_counter;
851
852#ifdef CONFIG_SYSCTL
853 /* 1/rate drop and drop-entry variables */
854 struct delayed_work defense_work; /* Work handler */
855 int drop_rate;
856 int drop_counter;
857 atomic_t dropentry;
858 /* locks in ctl.c */
859 spinlock_t dropentry_lock; /* drop entry handling */
860 spinlock_t droppacket_lock; /* drop packet handling */
861 spinlock_t securetcp_lock; /* state and timeout tables */
862
863 /* sys-ctl struct */
864 struct ctl_table_header *sysctl_hdr;
865 struct ctl_table *sysctl_tbl;
866#endif
867
868 /* sysctl variables */
869 int sysctl_amemthresh;
870 int sysctl_am_droprate;
871 int sysctl_drop_entry;
872 int sysctl_drop_packet;
873 int sysctl_secure_tcp;
874#ifdef CONFIG_IP_VS_NFCT
875 int sysctl_conntrack;
876#endif
877 int sysctl_snat_reroute;
878 int sysctl_sync_ver;
879 int sysctl_cache_bypass;
880 int sysctl_expire_nodest_conn;
881 int sysctl_expire_quiescent_template;
882 int sysctl_sync_threshold[2];
883 int sysctl_nat_icmp_send;
884
885 /* ip_vs_lblc */
886 int sysctl_lblc_expiration;
887 struct ctl_table_header *lblc_ctl_header;
888 struct ctl_table *lblc_ctl_table;
889 /* ip_vs_lblcr */
890 int sysctl_lblcr_expiration;
891 struct ctl_table_header *lblcr_ctl_header;
892 struct ctl_table *lblcr_ctl_table;
893 /* ip_vs_est */
894 struct list_head est_list; /* estimator list */
895 spinlock_t est_lock;
896 struct timer_list est_timer; /* Estimation timer */
897 /* ip_vs_sync */
898 struct list_head sync_queue;
899 spinlock_t sync_lock;
900 struct ip_vs_sync_buff *sync_buff;
901 spinlock_t sync_buff_lock;
902 struct sockaddr_in sync_mcast_addr;
903 struct task_struct *master_thread;
904 struct task_struct *backup_thread;
905 int send_mesg_maxlen;
906 int recv_mesg_maxlen;
907 volatile int sync_state;
908 volatile int master_syncid;
909 volatile int backup_syncid;
910 /* multicast interface name */
911 char master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
912 char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
913 /* net name space ptr */
914 struct net *net; /* Needed by timer routines */
915};
916
917#define DEFAULT_SYNC_THRESHOLD 3
918#define DEFAULT_SYNC_PERIOD 50
919#define DEFAULT_SYNC_VER 1
920
921#ifdef CONFIG_SYSCTL
922
923static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
924{
925 return ipvs->sysctl_sync_threshold[0];
926}
927
928static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
929{
930 return ipvs->sysctl_sync_threshold[1];
931}
932
933static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
934{
935 return ipvs->sysctl_sync_ver;
936}
937
938#else
939
940static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
941{
942 return DEFAULT_SYNC_THRESHOLD;
943}
944
945static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
946{
947 return DEFAULT_SYNC_PERIOD;
948}
949
950static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
951{
952 return DEFAULT_SYNC_VER;
953}
954
955#endif
654 956
655/* 957/*
656 * IPVS core functions 958 * IPVS core functions
@@ -674,13 +976,14 @@ enum {
674 IP_VS_DIR_LAST, 976 IP_VS_DIR_LAST,
675}; 977};
676 978
677static inline void ip_vs_conn_fill_param(int af, int protocol, 979static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol,
678 const union nf_inet_addr *caddr, 980 const union nf_inet_addr *caddr,
679 __be16 cport, 981 __be16 cport,
680 const union nf_inet_addr *vaddr, 982 const union nf_inet_addr *vaddr,
681 __be16 vport, 983 __be16 vport,
682 struct ip_vs_conn_param *p) 984 struct ip_vs_conn_param *p)
683{ 985{
986 p->net = net;
684 p->af = af; 987 p->af = af;
685 p->protocol = protocol; 988 p->protocol = protocol;
686 p->caddr = caddr; 989 p->caddr = caddr;
@@ -695,7 +998,6 @@ struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p);
695struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p); 998struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p);
696 999
697struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb, 1000struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
698 struct ip_vs_protocol *pp,
699 const struct ip_vs_iphdr *iph, 1001 const struct ip_vs_iphdr *iph,
700 unsigned int proto_off, 1002 unsigned int proto_off,
701 int inverse); 1003 int inverse);
@@ -703,7 +1005,6 @@ struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
703struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p); 1005struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);
704 1006
705struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb, 1007struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
706 struct ip_vs_protocol *pp,
707 const struct ip_vs_iphdr *iph, 1008 const struct ip_vs_iphdr *iph,
708 unsigned int proto_off, 1009 unsigned int proto_off,
709 int inverse); 1010 int inverse);
@@ -719,14 +1020,14 @@ extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);
719struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p, 1020struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p,
720 const union nf_inet_addr *daddr, 1021 const union nf_inet_addr *daddr,
721 __be16 dport, unsigned flags, 1022 __be16 dport, unsigned flags,
722 struct ip_vs_dest *dest); 1023 struct ip_vs_dest *dest, __u32 fwmark);
723extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp); 1024extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);
724 1025
725extern const char * ip_vs_state_name(__u16 proto, int state); 1026extern const char * ip_vs_state_name(__u16 proto, int state);
726 1027
727extern void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp); 1028extern void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp);
728extern int ip_vs_check_template(struct ip_vs_conn *ct); 1029extern int ip_vs_check_template(struct ip_vs_conn *ct);
729extern void ip_vs_random_dropentry(void); 1030extern void ip_vs_random_dropentry(struct net *net);
730extern int ip_vs_conn_init(void); 1031extern int ip_vs_conn_init(void);
731extern void ip_vs_conn_cleanup(void); 1032extern void ip_vs_conn_cleanup(void);
732 1033
@@ -796,12 +1097,12 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp)
796 * (from ip_vs_app.c) 1097 * (from ip_vs_app.c)
797 */ 1098 */
798#define IP_VS_APP_MAX_PORTS 8 1099#define IP_VS_APP_MAX_PORTS 8
799extern int register_ip_vs_app(struct ip_vs_app *app); 1100extern int register_ip_vs_app(struct net *net, struct ip_vs_app *app);
800extern void unregister_ip_vs_app(struct ip_vs_app *app); 1101extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
801extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 1102extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
802extern void ip_vs_unbind_app(struct ip_vs_conn *cp); 1103extern void ip_vs_unbind_app(struct ip_vs_conn *cp);
803extern int 1104extern int register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app,
804register_ip_vs_app_inc(struct ip_vs_app *app, __u16 proto, __u16 port); 1105 __u16 proto, __u16 port);
805extern int ip_vs_app_inc_get(struct ip_vs_app *inc); 1106extern int ip_vs_app_inc_get(struct ip_vs_app *inc);
806extern void ip_vs_app_inc_put(struct ip_vs_app *inc); 1107extern void ip_vs_app_inc_put(struct ip_vs_app *inc);
807 1108
@@ -814,15 +1115,27 @@ void ip_vs_bind_pe(struct ip_vs_service *svc, struct ip_vs_pe *pe);
814void ip_vs_unbind_pe(struct ip_vs_service *svc); 1115void ip_vs_unbind_pe(struct ip_vs_service *svc);
815int register_ip_vs_pe(struct ip_vs_pe *pe); 1116int register_ip_vs_pe(struct ip_vs_pe *pe);
816int unregister_ip_vs_pe(struct ip_vs_pe *pe); 1117int unregister_ip_vs_pe(struct ip_vs_pe *pe);
817extern struct ip_vs_pe *ip_vs_pe_get(const char *name); 1118struct ip_vs_pe *ip_vs_pe_getbyname(const char *name);
818extern void ip_vs_pe_put(struct ip_vs_pe *pe); 1119struct ip_vs_pe *__ip_vs_pe_getbyname(const char *pe_name);
1120
1121static inline void ip_vs_pe_get(const struct ip_vs_pe *pe)
1122{
1123 if (pe && pe->module)
1124 __module_get(pe->module);
1125}
1126
1127static inline void ip_vs_pe_put(const struct ip_vs_pe *pe)
1128{
1129 if (pe && pe->module)
1130 module_put(pe->module);
1131}
819 1132
820/* 1133/*
821 * IPVS protocol functions (from ip_vs_proto.c) 1134 * IPVS protocol functions (from ip_vs_proto.c)
822 */ 1135 */
823extern int ip_vs_protocol_init(void); 1136extern int ip_vs_protocol_init(void);
824extern void ip_vs_protocol_cleanup(void); 1137extern void ip_vs_protocol_cleanup(void);
825extern void ip_vs_protocol_timeout_change(int flags); 1138extern void ip_vs_protocol_timeout_change(struct netns_ipvs *ipvs, int flags);
826extern int *ip_vs_create_timeout_table(int *table, int size); 1139extern int *ip_vs_create_timeout_table(int *table, int size);
827extern int 1140extern int
828ip_vs_set_state_timeout(int *table, int num, const char *const *names, 1141ip_vs_set_state_timeout(int *table, int num, const char *const *names,
@@ -852,26 +1165,23 @@ extern struct ip_vs_scheduler *ip_vs_scheduler_get(const char *sched_name);
852extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler); 1165extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);
853extern struct ip_vs_conn * 1166extern struct ip_vs_conn *
854ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb, 1167ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,
855 struct ip_vs_protocol *pp, int *ignored); 1168 struct ip_vs_proto_data *pd, int *ignored);
856extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, 1169extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
857 struct ip_vs_protocol *pp); 1170 struct ip_vs_proto_data *pd);
1171
1172extern void ip_vs_scheduler_err(struct ip_vs_service *svc, const char *msg);
858 1173
859 1174
860/* 1175/*
861 * IPVS control data and functions (from ip_vs_ctl.c) 1176 * IPVS control data and functions (from ip_vs_ctl.c)
862 */ 1177 */
863extern int sysctl_ip_vs_cache_bypass;
864extern int sysctl_ip_vs_expire_nodest_conn;
865extern int sysctl_ip_vs_expire_quiescent_template;
866extern int sysctl_ip_vs_sync_threshold[2];
867extern int sysctl_ip_vs_nat_icmp_send;
868extern int sysctl_ip_vs_conntrack;
869extern int sysctl_ip_vs_snat_reroute;
870extern struct ip_vs_stats ip_vs_stats; 1178extern struct ip_vs_stats ip_vs_stats;
871extern const struct ctl_path net_vs_ctl_path[]; 1179extern const struct ctl_path net_vs_ctl_path[];
1180extern int sysctl_ip_vs_sync_ver;
872 1181
1182extern void ip_vs_sync_switch_mode(struct net *net, int mode);
873extern struct ip_vs_service * 1183extern struct ip_vs_service *
874ip_vs_service_get(int af, __u32 fwmark, __u16 protocol, 1184ip_vs_service_get(struct net *net, int af, __u32 fwmark, __u16 protocol,
875 const union nf_inet_addr *vaddr, __be16 vport); 1185 const union nf_inet_addr *vaddr, __be16 vport);
876 1186
877static inline void ip_vs_service_put(struct ip_vs_service *svc) 1187static inline void ip_vs_service_put(struct ip_vs_service *svc)
@@ -880,7 +1190,7 @@ static inline void ip_vs_service_put(struct ip_vs_service *svc)
880} 1190}
881 1191
882extern struct ip_vs_dest * 1192extern struct ip_vs_dest *
883ip_vs_lookup_real_service(int af, __u16 protocol, 1193ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol,
884 const union nf_inet_addr *daddr, __be16 dport); 1194 const union nf_inet_addr *daddr, __be16 dport);
885 1195
886extern int ip_vs_use_count_inc(void); 1196extern int ip_vs_use_count_inc(void);
@@ -888,8 +1198,9 @@ extern void ip_vs_use_count_dec(void);
888extern int ip_vs_control_init(void); 1198extern int ip_vs_control_init(void);
889extern void ip_vs_control_cleanup(void); 1199extern void ip_vs_control_cleanup(void);
890extern struct ip_vs_dest * 1200extern struct ip_vs_dest *
891ip_vs_find_dest(int af, const union nf_inet_addr *daddr, __be16 dport, 1201ip_vs_find_dest(struct net *net, int af, const union nf_inet_addr *daddr,
892 const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol); 1202 __be16 dport, const union nf_inet_addr *vaddr, __be16 vport,
1203 __u16 protocol, __u32 fwmark);
893extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp); 1204extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);
894 1205
895 1206
@@ -897,14 +1208,12 @@ extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);
897 * IPVS sync daemon data and function prototypes 1208 * IPVS sync daemon data and function prototypes
898 * (from ip_vs_sync.c) 1209 * (from ip_vs_sync.c)
899 */ 1210 */
900extern volatile int ip_vs_sync_state; 1211extern int start_sync_thread(struct net *net, int state, char *mcast_ifn,
901extern volatile int ip_vs_master_syncid; 1212 __u8 syncid);
902extern volatile int ip_vs_backup_syncid; 1213extern int stop_sync_thread(struct net *net, int state);
903extern char ip_vs_master_mcast_ifn[IP_VS_IFNAME_MAXLEN]; 1214extern void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp);
904extern char ip_vs_backup_mcast_ifn[IP_VS_IFNAME_MAXLEN]; 1215extern int ip_vs_sync_init(void);
905extern int start_sync_thread(int state, char *mcast_ifn, __u8 syncid); 1216extern void ip_vs_sync_cleanup(void);
906extern int stop_sync_thread(int state);
907extern void ip_vs_sync_conn(struct ip_vs_conn *cp);
908 1217
909 1218
910/* 1219/*
@@ -912,9 +1221,11 @@ extern void ip_vs_sync_conn(struct ip_vs_conn *cp);
912 */ 1221 */
913extern int ip_vs_estimator_init(void); 1222extern int ip_vs_estimator_init(void);
914extern void ip_vs_estimator_cleanup(void); 1223extern void ip_vs_estimator_cleanup(void);
915extern void ip_vs_new_estimator(struct ip_vs_stats *stats); 1224extern void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats);
916extern void ip_vs_kill_estimator(struct ip_vs_stats *stats); 1225extern void ip_vs_stop_estimator(struct net *net, struct ip_vs_stats *stats);
917extern void ip_vs_zero_estimator(struct ip_vs_stats *stats); 1226extern void ip_vs_zero_estimator(struct ip_vs_stats *stats);
1227extern void ip_vs_read_estimator(struct ip_vs_stats_user *dst,
1228 struct ip_vs_stats *stats);
918 1229
919/* 1230/*
920 * Various IPVS packet transmitters (from ip_vs_xmit.c) 1231 * Various IPVS packet transmitters (from ip_vs_xmit.c)
@@ -947,21 +1258,25 @@ extern int ip_vs_icmp_xmit_v6
947 int offset); 1258 int offset);
948#endif 1259#endif
949 1260
1261#ifdef CONFIG_SYSCTL
950/* 1262/*
951 * This is a simple mechanism to ignore packets when 1263 * This is a simple mechanism to ignore packets when
952 * we are loaded. Just set ip_vs_drop_rate to 'n' and 1264 * we are loaded. Just set ip_vs_drop_rate to 'n' and
953 * we start to drop 1/rate of the packets 1265 * we start to drop 1/rate of the packets
954 */ 1266 */
955extern int ip_vs_drop_rate;
956extern int ip_vs_drop_counter;
957 1267
958static __inline__ int ip_vs_todrop(void) 1268static inline int ip_vs_todrop(struct netns_ipvs *ipvs)
959{ 1269{
960 if (!ip_vs_drop_rate) return 0; 1270 if (!ipvs->drop_rate)
961 if (--ip_vs_drop_counter > 0) return 0; 1271 return 0;
962 ip_vs_drop_counter = ip_vs_drop_rate; 1272 if (--ipvs->drop_counter > 0)
1273 return 0;
1274 ipvs->drop_counter = ipvs->drop_rate;
963 return 1; 1275 return 1;
964} 1276}
1277#else
1278static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; }
1279#endif
965 1280
966/* 1281/*
967 * ip_vs_fwd_tag returns the forwarding tag of the connection 1282 * ip_vs_fwd_tag returns the forwarding tag of the connection
@@ -1031,7 +1346,7 @@ static inline void ip_vs_notrack(struct sk_buff *skb)
1031{ 1346{
1032#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) 1347#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
1033 enum ip_conntrack_info ctinfo; 1348 enum ip_conntrack_info ctinfo;
1034 struct nf_conn *ct = ct = nf_ct_get(skb, &ctinfo); 1349 struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1035 1350
1036 if (!ct || !nf_ct_is_untracked(ct)) { 1351 if (!ct || !nf_ct_is_untracked(ct)) {
1037 nf_reset(skb); 1352 nf_reset(skb);
@@ -1047,9 +1362,13 @@ static inline void ip_vs_notrack(struct sk_buff *skb)
1047 * Netfilter connection tracking 1362 * Netfilter connection tracking
1048 * (from ip_vs_nfct.c) 1363 * (from ip_vs_nfct.c)
1049 */ 1364 */
1050static inline int ip_vs_conntrack_enabled(void) 1365static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
1051{ 1366{
1052 return sysctl_ip_vs_conntrack; 1367#ifdef CONFIG_SYSCTL
1368 return ipvs->sysctl_conntrack;
1369#else
1370 return 0;
1371#endif
1053} 1372}
1054 1373
1055extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp, 1374extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
@@ -1062,7 +1381,7 @@ extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp);
1062 1381
1063#else 1382#else
1064 1383
1065static inline int ip_vs_conntrack_enabled(void) 1384static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
1066{ 1385{
1067 return 0; 1386 return 0;
1068} 1387}
@@ -1084,6 +1403,20 @@ static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
1084/* CONFIG_IP_VS_NFCT */ 1403/* CONFIG_IP_VS_NFCT */
1085#endif 1404#endif
1086 1405
1406static inline unsigned int
1407ip_vs_dest_conn_overhead(struct ip_vs_dest *dest)
1408{
1409 /*
1410 * We think the overhead of processing active connections is 256
1411 * times higher than that of inactive connections in average. (This
1412 * 256 times might not be accurate, we will change it later) We
1413 * use the following formula to estimate the overhead now:
1414 * dest->activeconns*256 + dest->inactconns
1415 */
1416 return (atomic_read(&dest->activeconns) << 8) +
1417 atomic_read(&dest->inactconns);
1418}
1419
1087#endif /* __KERNEL__ */ 1420#endif /* __KERNEL__ */
1088 1421
1089#endif /* _NET_IP_VS_H */ 1422#endif /* _NET_IP_VS_H */
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-23 16:58:21 -0500