aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/ipvs
Commit message (Collapse)AuthorAge
* ipvs: Remove stray file left over from ipvs moveSven Wegener2008-10-08
| | | | | | | | Commit cb7f6a7b716e801097b564dec3ccb58d330aef56 ("IPVS: Move IPVS to net/netfilter/ipvs") has left a stray file in the old location of ipvs. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* IPVS: Move IPVS to net/netfilter/ipvsJulius Volz2008-10-06
| | | | | | | | | | | | Since IPVS now has partial IPv6 support, this patch moves IPVS from net/ipv4/ipvs to net/netfilter/ipvs. It's a result of: $ git mv net/ipv4/ipvs net/netfilter and adapting the relevant Kconfigs/Makefiles to the new path. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Fix unused label warningSven Wegener2008-09-21
| | | | | Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Restrict sync message to 255 connectionsSven Wegener2008-09-21
| | | | | | | | | | | | | | | The nr_conns variable in the sync message header is only eight bits wide and will overflow on interfaces with a large MTU. As a result the backup won't parse all connections contained in the sync buffer. On regular ethernet with an MTU of 1500 this isn't a problem, because we can't overflow the value, but consider jumbo frames being used on a cross-over connection between both directors. We now restrict the size of the sync buffer, so that we never put more than 255 connections into a single sync buffer. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: Simon Horman <horms@verge.net.au>
* net: Use hton[sl]() instead of __constant_hton[sl]() where applicableArnaldo Carvalho de Melo2008-09-21
| | | | | Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipvs: change some __constant_htons() to htons()Brian Haley2008-09-16
| | | | | | | | | | | Change __contant_htons() to htons() in the IPVS code when not in an initializer. -Brian Signed-off-by: Brian Haley <brian.haley@hp.com> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: add __aquire/__release annotations to ↵Simon Horman2008-09-16
| | | | | | | | | | | | | | | | ip_vs_info_seq_start/ip_vs_info_seq_stop This teaches sparse that the following are not problems: make C=1 CHECK net/ipv4/ipvs/ip_vs_ctl.c net/ipv4/ipvs/ip_vs_ctl.c:1793:14: warning: context imbalance in 'ip_vs_info_seq_start' - wrong count at exit net/ipv4/ipvs/ip_vs_ctl.c:1842:13: warning: context imbalance in 'ip_vs_info_seq_stop' - unexpected unlock Acked-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: supply a valid 0 address to ip_vs_conn_new()Simon Horman2008-09-16
| | | | | | | | | | | | | | | | ip_vs_conn_new expects a union nf_inet_addr as the type for its address parameters, not a plain integer. This problem was detected by sparse. make C=1 CHECK net/ipv4/ipvs/ip_vs_core.c net/ipv4/ipvs/ip_vs_core.c:469:9: warning: Using plain integer as NULL pointer Acked-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: only unlock in ip_vs_edit_service() if already lockedSimon Horman2008-09-16
| | | | | | | | | | | | | | | | Jumping to out unlocks __ip_vs_svc_lock, but that lock is not taken until after code that may jump to out. This problem was detected by sparse. make C=1 CHECK net/ipv4/ipvs/ip_vs_ctl.c net/ipv4/ipvs/ip_vs_ctl.c:1332:2: warning: context imbalance in 'ip_vs_edit_service' - unexpected unlock Acked-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* net: ip_vs_proto_{tcp,udp} build fixStephen Rothwell2008-09-13
| | | | | Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
* ipvs: Embed user stats structure into kernel stats structureSven Wegener2008-09-08
| | | | | | | | | | Instead of duplicating the fields, integrate a user stats structure into the kernel stats structure. This is more robust when the members are changed, because they are now automatically kept in sync. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Reviewed-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Restrict connection table size via KconfigSven Wegener2008-09-08
| | | | | | | | | | Instead of checking the value in include/net/ip_vs.h, we can just restrict the range in our Kconfig file. This will prevent values outside of the range early. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Reviewed-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Remove incorrect ip_route_me_harder(), fix IPv6Julius Volz2008-09-08
| | | | | | | | | Remove an incorrect ip_route_me_harder() that was probably a result of merging my IPv6 patches with the local client patches. With this, IPv6+NAT are working again. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: handle PARTIAL_CHECKSUMSimon Horman2008-09-08
| | | | | | | | | | | Now that LVS can load balance locally generated traffic, packets may come from the loopback device and thus may have a partial checksum. The existing code allows for the case where there is no checksum at all for TCP, however Herbert Xu has confirmed that this is not legal. Signed-off-by: Simon Horman <horms@verge.net.au> Acked-by: Julius Volz <juliusv@google.com>
* IPVS: use ipv6_addr_copy()Simon Horman2008-09-07
| | | | | | | | | | | It is standard to use ipv6_addr_copy() to fill in the in6 element of a union nf_inet_addr snet. Thanks to Julius Volz for pointing this out. Cc: Brian Haley <brian.haley@hp.com> Signed-off-by: Simon Horman <horms@verge.net.au> Acked-by: Julius Volz <juliusv@google.com>
* IPVS: fix bogus indentationSimon Horman2008-09-07
| | | | | | | | Sorry, this was my error. Thanks to Julius Volz for pointing it out. Signed-off-by: Simon Horman <horms@verge.net.au> Acked-by: Julius Volz <juliusv@google.com>
* ipvs: Reject ipv6 link-local addresses for destinationsSven Wegener2008-09-07
| | | | | | | | | | We can't use non-local link-local addresses for destinations, without knowing the interface on which we can reach the address. Reject them for now. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Mark tcp/udp v4 and v6 debug functions staticSven Wegener2008-09-07
| | | | | | | | They are only used in this file, so they should be static Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Return negative error values from ip_vs_edit_service()Sven Wegener2008-09-07
| | | | | | | | Like the other code in this function does. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Use pointer to address from sync messageSven Wegener2008-09-07
| | | | | | | | We want a pointer to it, not the value casted to a pointer. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Acked-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: load balance ipv6 connections from a local processSimon Horman2008-09-04
| | | | | | | | | | | | | | This allows IPVS to load balance IPv6 connections made by a local process. For example a proxy server running locally. External client --> pound:443 -> Local:443 --> IPVS:80 --> RealServer This is an extenstion to the IPv4 work done in this area by Siim Põder and Malcolm Turnbull. Cc: Siim Põder <siim@p6drad-teel.net> Cc: Malcolm Turnbull <malcolm@loadbalancer.org> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: load balance IPv4 connections from a local processMalcolm Turnbull2008-09-04
| | | | | | | | | | | This allows IPVS to load balance connections made by a local process. For example a proxy server running locally. External client --> pound:443 -> Local:443 --> IPVS:80 --> RealServer Signed-off-by: Siim Põder <siim@p6drad-teel.net> Signed-off-by: Malcolm Turnbull <malcolm@loadbalancer.org> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Allow adding IPv6 services from userspaceJulius Volz2008-09-04
| | | | | | | | | | Allow adding IPv6 services through the genetlink interface and add checks to see if the chosen scheduler is supported with IPv6 and whether the supplied prefix length is sane. Make sure the service count exported via the sockopt interface only counts IPv4 services. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Activate IPv6 Netfilter hooksJulius Volz2008-09-04
| | | | | | | | Register the previously defined or adapted netfilter hook functions for IPv6 as PF_INET6 hooks. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Adjust various debug outputs to use new macrosJulius Volz2008-09-04
| | | | | | | | Adjust various debug outputs to use the new *_BUF macro variants for correct output of v4/v6 addresses. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add function to determine if IPv6 address is localVince Busam2008-09-04
| | | | | | | | | Add __ip_vs_addr_is_local_v6() to find out if an IPv6 address belongs to a local interface. Use this function to decide whether to set the IP_VS_CONN_F_LOCALNODE flag for IPv6 destinations. Signed-off-by: Vince Busam <vbusam@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Turn off FTP application helper for IPv6Julius Volz2008-09-04
| | | | | | | | Immediately return from FTP application helper and do nothing when dealing with IPv6 packets. IPv6 is not supported by this helper yet. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IVPS: Disable sync daemon for IPv6 connectionsJulius Volz2008-09-04
| | | | | | | Disable the sync daemon for IPv6 connections, works only with IPv4 for now. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Convert procfs files for IPv6 entry outputVince Busam2008-09-04
| | | | | | | Correctly output IPv6 connection/service/dest entries in procfs files. Signed-off-by: Vince Busam <vbusam@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Convert real server lookup functionsJulius Volz2008-09-04
| | | | | | | | Convert functions for looking up destinations (real servers) to support IPv6 services/dests. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add/adjust Netfilter hook functions and helpers for v6Julius Volz2008-09-04
| | | | | | | | | | Add Netfilter hook functions or modify existing ones, if possible, to process IPv6 packets. Some support functions are also added/modified for this. ip_vs_nat_icmp_v6() was already added in the patch that added the v6 xmit functions, as it is called from one of them. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Extend scheduling functions for IPv6 supportJulius Volz2008-09-04
| | | | | | | | Convert ip_vs_schedule() and ip_vs_sched_persist() to support scheduling of IPv6 connections. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add and bind IPv6 xmit functionsJulius Volz2008-09-04
| | | | | | | | Add xmit functions for IPv6. Also add the already needed __ip_vs_get_out_rt_v6() to ip_vs_core.c. Bind the new xmit functions to v6 connections. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add IPv6 support to xmit() support functionsJulius Volz2008-09-04
| | | | | | | | Add IPv6 support to IP_VS_XMIT() and to the xmit routing cache, introducing a new function __ip_vs_get_out_rt_v6(). Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Extend functions for getting/creating connectionsJulius Volz2008-09-04
| | | | | | | | Extend functions for getting/creating connections and connection templates for IPv6 support and fix the callers. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Extend protocol DNAT/SNAT and state handlersJulius Volz2008-09-04
| | | | | | | | Extend protocol DNAT/SNAT and state handlers to work with IPv6. Also change/introduce new checksumming helper functions for this. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add protocol debug functions for IPv6Julius Volz2008-09-04
| | | | | | | | Add protocol (TCP, UDP, AH, ESP) debug functions for IPv6 packet debug output. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add 'af' args to protocol handler functionsJulius Volz2008-09-04
| | | | | | | | | | | | | Add 'af' arguments to conn_schedule(), conn_in_get(), conn_out_get() and csum_check() function pointers in struct ip_vs_protocol. Extend the respective functions for TCP, UDP, AH and ESP and adjust the callers. The changes in the callers need to be somewhat extensive, since they now need to pass a filled out struct ip_vs_iphdr * to the modified functions instead of a struct iphdr *. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add IPv6 support flag to schedulersJulius Volz2008-09-04
| | | | | | | | | | | Add 'supports_ipv6' flag to struct ip_vs_scheduler to indicate whether a scheduler supports IPv6. Set the flag to 1 in schedulers that work with IPv6, 0 otherwise. This flag is checked in a later patch while trying to add a service with a specific scheduler. Adjust debug in v6-supporting schedulers to work with both address families. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add v6 support to ip_vs_service_get()Julius Volz2008-09-04
| | | | | | | | Add support for selecting services based on their address family to ip_vs_service_get() and adjust the callers. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Convert __ip_vs_svc_get() and __ip_vs_fwm_get()Julius Volz2008-09-04
| | | | | | | | | Add support for getting services based on their address family to __ip_vs_service_get(), __ip_vs_fwm_get() and the helper hash function ip_vs_svc_hashkey(). Adjust the callers. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add internal versions of sockopt interface structsJulius Volz2008-09-04
| | | | | | | | | | Add extended internal versions of struct ip_vs_service_user and struct ip_vs_dest_user (the originals can't be modified as they are part of the old sockopt interface). Adjust ip_vs_ctl.c to work with the new data structures and add some minor AF-awareness. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Change IPVS data structures to support IPv6 addressesJulius Volz2008-09-04
| | | | | | | | | Introduce new 'af' fields into IPVS data structures for specifying an entry's address family. Convert IP addresses to be of type union nf_inet_addr. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Add CONFIG_IP_VS_IPV6 option for IPv6 supportJulius Volz2008-09-04
| | | | | | | | | Add boolean config option CONFIG_IP_VS_IPV6 for enabling experimental IPv6 support in IPVS. Only visible if IPv6 support is set to 'y' or both IPv6 and IPVS are modules. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Rename ip_vs_proto_ah.c to ip_vs_proto_ah_esp.cJulius Volz2008-08-26
| | | | | | | | After integrating ESP into ip_vs_proto_ah, rename it (and the references to it) to ip_vs_proto_ah_esp.c and delete the old ip_vs_proto_esp.c. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* IPVS: Integrate ESP protocol into ip_vs_proto_ah.cJulius Volz2008-08-26
| | | | | | | | | | | | | | Rename all ah_* functions to ah_esp_* (and adjust comments). Move ESP protocol definition into ip_vs_proto_ah.c and remove all usage of ip_vs_proto_esp.c. Make the compilation of ip_vs_proto_ah.c dependent on a new config variable, IP_VS_PROTO_AH_ESP, which is selected either by IP_VS_PROTO_ESP or IP_VS_PROTO_AH. Only compile the selected protocols' structures within this file. Signed-off-by: Julius Volz <juliusv@google.com> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Fix race conditions in lblcr schedulerSven Wegener2008-08-19
| | | | | | | | | | | | We can't access the cache entry outside of our critical read-locked region, because someone may free that entry. Also getting an entry under read lock, then locking for write and trying to delete that entry looks fishy, but should be no problem here, because we're only comparing a pointer. Also there is no need for our own rwlock, there is already one in the service structure for use in the schedulers. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Fix race conditions in lblc schedulerSven Wegener2008-08-19
| | | | | | | | | | | | | We can't access the cache entry outside of our critical read-locked region, because someone may free that entry. And we also need to check in the critical region wether the destination is still available, i.e. it's not in the trash. If we drop our reference counter, the destination can be purged from the trash at any time. Our caller only guarantees that no destination is moved to the trash, while we are scheduling. Also there is no need for our own rwlock, there is already one in the service structure for use in the schedulers. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: rename __ip_vs_wlc_schedule in lblc and lblcr schedulersSimon Horman2008-08-14
| | | | | | | | | | | For the sake of clarity, rename __ip_vs_wlc_schedule() in lblc.c to __ip_vs_lblc_schedule() and the version in lblcr.c to __ip_vs_lblc_schedule(). I guess the original name stuck from a copy and paste. Cc: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: Simon Horman <horms@verge.net.au>
* ipvs: Create init functions for estimator codeSven Wegener2008-08-14
| | | | | | | | | | | | | | Commit 8ab19ea36c5c5340ff598e4d15fc084eb65671dc ("ipvs: Fix possible deadlock in estimator code") fixed a deadlock condition, but that condition can only happen during unload of IPVS, because during normal operation there is at least our global stats structure in the estimator list. The mod_timer() and del_timer_sync() calls are actually initialization and cleanup code in disguise. Let's make it explicit and move them to their own init and cleanup function. Signed-off-by: Sven Wegener <sven.wegener@stealer.net> Signed-off-by: Simon Horman <horms@verge.net.au>