Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ip_vs.h
Go to the documentation of this file.
1 /*
2  * IP Virtual Server
3  * data structure and functionality definitions
4  */
5 
6 #ifndef _NET_IP_VS_H
7 #define _NET_IP_VS_H
8 
9 #include <linux/ip_vs.h> /* definitions shared with userland */
10 
11 #include <asm/types.h> /* for __uXX types */
12 
13 #include <linux/list.h> /* for struct list_head */
14 #include <linux/spinlock.h> /* for struct rwlock_t */
15 #include <linux/atomic.h> /* for struct atomic_t */
16 #include <linux/compiler.h>
17 #include <linux/timer.h>
18 #include <linux/bug.h>
19 
20 #include <net/checksum.h>
21 #include <linux/netfilter.h> /* for union nf_inet_addr */
22 #include <linux/ip.h>
23 #include <linux/ipv6.h> /* for struct ipv6hdr */
24 #include <net/ipv6.h>
25 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
26 #include <net/netfilter/nf_conntrack.h>
27 #endif
28 #include <net/net_namespace.h> /* Netw namespace */
29 
30 /*
31  * Generic access of ipvs struct
32  */
33 static inline struct netns_ipvs *net_ipvs(struct net* net)
34 {
35  return net->ipvs;
36 }
37 /*
38  * Get net ptr from skb in traffic cases
39  * use skb_sknet when call is from userland (ioctl or netlink)
40  */
41 static inline struct net *skb_net(const struct sk_buff *skb)
42 {
43 #ifdef CONFIG_NET_NS
44 #ifdef CONFIG_IP_VS_DEBUG
45  /*
46  * This is used for debug only.
47  * Start with the most likely hit
48  * End with BUG
49  */
50  if (likely(skb->dev && skb->dev->nd_net))
51  return dev_net(skb->dev);
52  if (skb_dst(skb) && skb_dst(skb)->dev)
53  return dev_net(skb_dst(skb)->dev);
54  WARN(skb->sk, "Maybe skb_sknet should be used in %s() at line:%d\n",
55  __func__, __LINE__);
56  if (likely(skb->sk && skb->sk->sk_net))
57  return sock_net(skb->sk);
58  pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
59  __func__, __LINE__);
60  BUG();
61 #else
62  return dev_net(skb->dev ? : skb_dst(skb)->dev);
63 #endif
64 #else
65  return &init_net;
66 #endif
67 }
68 
69 static inline struct net *skb_sknet(const struct sk_buff *skb)
70 {
71 #ifdef CONFIG_NET_NS
72 #ifdef CONFIG_IP_VS_DEBUG
73  /* Start with the most likely hit */
74  if (likely(skb->sk && skb->sk->sk_net))
75  return sock_net(skb->sk);
76  WARN(skb->dev, "Maybe skb_net should be used instead in %s() line:%d\n",
77  __func__, __LINE__);
78  if (likely(skb->dev && skb->dev->nd_net))
79  return dev_net(skb->dev);
80  pr_err("There is no net ptr to find in the skb in %s() line:%d\n",
81  __func__, __LINE__);
82  BUG();
83 #else
84  return sock_net(skb->sk);
85 #endif
86 #else
87  return &init_net;
88 #endif
89 }
90 /*
91  * This one needed for single_open_net since net is stored directly in
92  * private not as a struct i.e. seq_file_net can't be used.
93  */
94 static inline struct net *seq_file_single_net(struct seq_file *seq)
95 {
96 #ifdef CONFIG_NET_NS
97  return (struct net *)seq->private;
98 #else
99  return &init_net;
100 #endif
101 }
102 
103 /* Connections' size value needed by ip_vs_ctl.c */
104 extern int ip_vs_conn_tab_size;
105 
106 
107 struct ip_vs_iphdr {
108  int len;
109  __u8 protocol;
110  union nf_inet_addr saddr;
111  union nf_inet_addr daddr;
112 };
113 
114 static inline void
115 ip_vs_fill_iphdr(int af, const void *nh, struct ip_vs_iphdr *iphdr)
116 {
117 #ifdef CONFIG_IP_VS_IPV6
118  if (af == AF_INET6) {
119  const struct ipv6hdr *iph = nh;
120  iphdr->len = sizeof(struct ipv6hdr);
121  iphdr->protocol = iph->nexthdr;
122  iphdr->saddr.in6 = iph->saddr;
123  iphdr->daddr.in6 = iph->daddr;
124  } else
125 #endif
126  {
127  const struct iphdr *iph = nh;
128  iphdr->len = iph->ihl * 4;
129  iphdr->protocol = iph->protocol;
130  iphdr->saddr.ip = iph->saddr;
131  iphdr->daddr.ip = iph->daddr;
132  }
133 }
134 
135 static inline void ip_vs_addr_copy(int af, union nf_inet_addr *dst,
136  const union nf_inet_addr *src)
137 {
138 #ifdef CONFIG_IP_VS_IPV6
139  if (af == AF_INET6)
140  dst->in6 = src->in6;
141  else
142 #endif
143  dst->ip = src->ip;
144 }
145 
146 static inline int ip_vs_addr_equal(int af, const union nf_inet_addr *a,
147  const union nf_inet_addr *b)
148 {
149 #ifdef CONFIG_IP_VS_IPV6
150  if (af == AF_INET6)
151  return ipv6_addr_equal(&a->in6, &b->in6);
152 #endif
153  return a->ip == b->ip;
154 }
155 
156 #ifdef CONFIG_IP_VS_DEBUG
157 #include <linux/net.h>
158 
159 extern int ip_vs_get_debug_level(void);
160 
161 static inline const char *ip_vs_dbg_addr(int af, char *buf, size_t buf_len,
162  const union nf_inet_addr *addr,
163  int *idx)
164 {
165  int len;
166 #ifdef CONFIG_IP_VS_IPV6
167  if (af == AF_INET6)
168  len = snprintf(&buf[*idx], buf_len - *idx, "[%pI6]",
169  &addr->in6) + 1;
170  else
171 #endif
172  len = snprintf(&buf[*idx], buf_len - *idx, "%pI4",
173  &addr->ip) + 1;
174 
175  *idx += len;
176  BUG_ON(*idx > buf_len + 1);
177  return &buf[*idx - len];
178 }
179 
180 #define IP_VS_DBG_BUF(level, msg, ...) \
181  do { \
182  char ip_vs_dbg_buf[160]; \
183  int ip_vs_dbg_idx = 0; \
184  if (level <= ip_vs_get_debug_level()) \
185  printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \
186  } while (0)
187 #define IP_VS_ERR_BUF(msg...) \
188  do { \
189  char ip_vs_dbg_buf[160]; \
190  int ip_vs_dbg_idx = 0; \
191  pr_err(msg); \
192  } while (0)
193 
194 /* Only use from within IP_VS_DBG_BUF() or IP_VS_ERR_BUF macros */
195 #define IP_VS_DBG_ADDR(af, addr) \
196  ip_vs_dbg_addr(af, ip_vs_dbg_buf, \
197  sizeof(ip_vs_dbg_buf), addr, \
198  &ip_vs_dbg_idx)
199 
200 #define IP_VS_DBG(level, msg, ...) \
201  do { \
202  if (level <= ip_vs_get_debug_level()) \
203  printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \
204  } while (0)
205 #define IP_VS_DBG_RL(msg, ...) \
206  do { \
207  if (net_ratelimit()) \
208  printk(KERN_DEBUG pr_fmt(msg), ##__VA_ARGS__); \
209  } while (0)
210 #define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg) \
211  do { \
212  if (level <= ip_vs_get_debug_level()) \
213  pp->debug_packet(af, pp, skb, ofs, msg); \
214  } while (0)
215 #define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg) \
216  do { \
217  if (level <= ip_vs_get_debug_level() && \
218  net_ratelimit()) \
219  pp->debug_packet(af, pp, skb, ofs, msg); \
220  } while (0)
221 #else /* NO DEBUGGING at ALL */
222 #define IP_VS_DBG_BUF(level, msg...) do {} while (0)
223 #define IP_VS_ERR_BUF(msg...) do {} while (0)
224 #define IP_VS_DBG(level, msg...) do {} while (0)
225 #define IP_VS_DBG_RL(msg...) do {} while (0)
226 #define IP_VS_DBG_PKT(level, af, pp, skb, ofs, msg) do {} while (0)
227 #define IP_VS_DBG_RL_PKT(level, af, pp, skb, ofs, msg) do {} while (0)
228 #endif
229 
230 #define IP_VS_BUG() BUG()
231 #define IP_VS_ERR_RL(msg, ...) \
232  do { \
233  if (net_ratelimit()) \
234  pr_err(msg, ##__VA_ARGS__); \
235  } while (0)
236 
237 #ifdef CONFIG_IP_VS_DEBUG
238 #define EnterFunction(level) \
239  do { \
240  if (level <= ip_vs_get_debug_level()) \
241  printk(KERN_DEBUG \
242  pr_fmt("Enter: %s, %s line %i\n"), \
243  __func__, __FILE__, __LINE__); \
244  } while (0)
245 #define LeaveFunction(level) \
246  do { \
247  if (level <= ip_vs_get_debug_level()) \
248  printk(KERN_DEBUG \
249  pr_fmt("Leave: %s, %s line %i\n"), \
250  __func__, __FILE__, __LINE__); \
251  } while (0)
252 #else
253 #define EnterFunction(level) do {} while (0)
254 #define LeaveFunction(level) do {} while (0)
255 #endif
256 
257 #define IP_VS_WAIT_WHILE(expr) while (expr) { cpu_relax(); }
258 
259 
260 /*
261  * The port number of FTP service (in network order).
262  */
263 #define FTPPORT cpu_to_be16(21)
264 #define FTPDATA cpu_to_be16(20)
265 
266 /*
267  * TCP State Values
268  */
269 enum {
270  IP_VS_TCP_S_NONE = 0,
271  IP_VS_TCP_S_ESTABLISHED,
272  IP_VS_TCP_S_SYN_SENT,
273  IP_VS_TCP_S_SYN_RECV,
274  IP_VS_TCP_S_FIN_WAIT,
275  IP_VS_TCP_S_TIME_WAIT,
276  IP_VS_TCP_S_CLOSE,
277  IP_VS_TCP_S_CLOSE_WAIT,
278  IP_VS_TCP_S_LAST_ACK,
279  IP_VS_TCP_S_LISTEN,
280  IP_VS_TCP_S_SYNACK,
281  IP_VS_TCP_S_LAST
282 };
283 
284 /*
285  * UDP State Values
286  */
287 enum {
288  IP_VS_UDP_S_NORMAL,
289  IP_VS_UDP_S_LAST,
290 };
291 
292 /*
293  * ICMP State Values
294  */
295 enum {
296  IP_VS_ICMP_S_NORMAL,
297  IP_VS_ICMP_S_LAST,
298 };
299 
300 /*
301  * SCTP State Values
302  */
303 enum ip_vs_sctp_states {
304  IP_VS_SCTP_S_NONE,
305  IP_VS_SCTP_S_INIT_CLI,
306  IP_VS_SCTP_S_INIT_SER,
307  IP_VS_SCTP_S_INIT_ACK_CLI,
308  IP_VS_SCTP_S_INIT_ACK_SER,
309  IP_VS_SCTP_S_ECHO_CLI,
310  IP_VS_SCTP_S_ECHO_SER,
311  IP_VS_SCTP_S_ESTABLISHED,
312  IP_VS_SCTP_S_SHUT_CLI,
313  IP_VS_SCTP_S_SHUT_SER,
314  IP_VS_SCTP_S_SHUT_ACK_CLI,
315  IP_VS_SCTP_S_SHUT_ACK_SER,
316  IP_VS_SCTP_S_CLOSED,
317  IP_VS_SCTP_S_LAST
318 };
319 
320 /*
321  * Delta sequence info structure
322  * Each ip_vs_conn has 2 (output AND input seq. changes).
323  * Only used in the VS/NAT.
324  */
325 struct ip_vs_seq {
326  __u32 init_seq; /* Add delta from this seq */
327  __u32 delta; /* Delta in sequence numbers */
328  __u32 previous_delta; /* Delta in sequence numbers
329  before last resized pkt */
330 };
331 
332 /*
333  * counters per cpu
334  */
335 struct ip_vs_counters {
336  __u32 conns; /* connections scheduled */
337  __u32 inpkts; /* incoming packets */
338  __u32 outpkts; /* outgoing packets */
339  __u64 inbytes; /* incoming bytes */
340  __u64 outbytes; /* outgoing bytes */
341 };
342 /*
343  * Stats per cpu
344  */
345 struct ip_vs_cpu_stats {
346  struct ip_vs_counters ustats;
347  struct u64_stats_sync syncp;
348 };
349 
350 /*
351  * IPVS statistics objects
352  */
353 struct ip_vs_estimator {
354  struct list_head list;
355 
356  u64 last_inbytes;
357  u64 last_outbytes;
358  u32 last_conns;
359  u32 last_inpkts;
360  u32 last_outpkts;
361 
362  u32 cps;
363  u32 inpps;
364  u32 outpps;
365  u32 inbps;
366  u32 outbps;
367 };
368 
369 struct ip_vs_stats {
370  struct ip_vs_stats_user ustats; /* statistics */
371  struct ip_vs_estimator est; /* estimator */
372  struct ip_vs_cpu_stats *cpustats; /* per cpu counters */
373  spinlock_t lock; /* spin lock */
374  struct ip_vs_stats_user ustats0; /* reset values */
375 };
376 
377 struct dst_entry;
378 struct iphdr;
379 struct ip_vs_conn;
380 struct ip_vs_app;
381 struct sk_buff;
382 struct ip_vs_proto_data;
383 
384 struct ip_vs_protocol {
385  struct ip_vs_protocol *next;
386  char *name;
387  u16 protocol;
388  u16 num_states;
389  int dont_defrag;
390 
391  void (*init)(struct ip_vs_protocol *pp);
392 
393  void (*exit)(struct ip_vs_protocol *pp);
394 
395  int (*init_netns)(struct net *net, struct ip_vs_proto_data *pd);
396 
397  void (*exit_netns)(struct net *net, struct ip_vs_proto_data *pd);
398 
399  int (*conn_schedule)(int af, struct sk_buff *skb,
400  struct ip_vs_proto_data *pd,
401  int *verdict, struct ip_vs_conn **cpp);
402 
403  struct ip_vs_conn *
404  (*conn_in_get)(int af,
405  const struct sk_buff *skb,
406  const struct ip_vs_iphdr *iph,
407  unsigned int proto_off,
408  int inverse);
409 
410  struct ip_vs_conn *
411  (*conn_out_get)(int af,
412  const struct sk_buff *skb,
413  const struct ip_vs_iphdr *iph,
414  unsigned int proto_off,
415  int inverse);
416 
417  int (*snat_handler)(struct sk_buff *skb,
418  struct ip_vs_protocol *pp, struct ip_vs_conn *cp);
419 
420  int (*dnat_handler)(struct sk_buff *skb,
421  struct ip_vs_protocol *pp, struct ip_vs_conn *cp);
422 
423  int (*csum_check)(int af, struct sk_buff *skb,
424  struct ip_vs_protocol *pp);
425 
426  const char *(*state_name)(int state);
427 
428  void (*state_transition)(struct ip_vs_conn *cp, int direction,
429  const struct sk_buff *skb,
430  struct ip_vs_proto_data *pd);
431 
432  int (*register_app)(struct net *net, struct ip_vs_app *inc);
433 
434  void (*unregister_app)(struct net *net, struct ip_vs_app *inc);
435 
436  int (*app_conn_bind)(struct ip_vs_conn *cp);
437 
438  void (*debug_packet)(int af, struct ip_vs_protocol *pp,
439  const struct sk_buff *skb,
440  int offset,
441  const char *msg);
442 
443  void (*timeout_change)(struct ip_vs_proto_data *pd, int flags);
444 };
445 
446 /*
447  * protocol data per netns
448  */
449 struct ip_vs_proto_data {
450  struct ip_vs_proto_data *next;
451  struct ip_vs_protocol *pp;
452  int *timeout_table; /* protocol timeout table */
453  atomic_t appcnt; /* counter of proto app incs. */
454  struct tcp_states_t *tcp_state_table;
455 };
456 
457 extern struct ip_vs_protocol *ip_vs_proto_get(unsigned short proto);
458 extern struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net,
459  unsigned short proto);
460 
461 struct ip_vs_conn_param {
462  struct net *net;
463  const union nf_inet_addr *caddr;
464  const union nf_inet_addr *vaddr;
465  __be16 cport;
466  __be16 vport;
467  __u16 protocol;
468  u16 af;
469 
470  const struct ip_vs_pe *pe;
471  char *pe_data;
472  __u8 pe_data_len;
473 };
474 
475 /*
476  * IP_VS structure allocated for each dynamically scheduled connection
477  */
478 struct ip_vs_conn {
479  struct hlist_node c_list; /* hashed list heads */
480 #ifdef CONFIG_NET_NS
481  struct net *net; /* Name space */
482 #endif
483  /* Protocol, addresses and port numbers */
484  u16 af; /* address family */
485  __be16 cport;
486  __be16 vport;
487  __be16 dport;
488  __u32 fwmark; /* Fire wall mark from skb */
489  union nf_inet_addr caddr; /* client address */
490  union nf_inet_addr vaddr; /* virtual address */
491  union nf_inet_addr daddr; /* destination address */
492  volatile __u32 flags; /* status flags */
493  __u16 protocol; /* Which protocol (TCP/UDP) */
494 
495  /* counter and timer */
496  atomic_t refcnt; /* reference count */
497  struct timer_list timer; /* Expiration timer */
498  volatile unsigned long timeout; /* timeout */
499 
500  /* Flags and state transition */
501  spinlock_t lock; /* lock for state transition */
502  volatile __u16 state; /* state info */
503  volatile __u16 old_state; /* old state, to be used for
504  * state transition triggerd
505  * synchronization
506  */
507  unsigned long sync_endtime; /* jiffies + sent_retries */
508 
509  /* Control members */
510  struct ip_vs_conn *control; /* Master control connection */
511  atomic_t n_control; /* Number of controlled ones */
512  struct ip_vs_dest *dest; /* real server */
513  atomic_t in_pkts; /* incoming packet counter */
514 
515  /* packet transmitter for different forwarding methods. If it
516  mangles the packet, it must return NF_DROP or better NF_STOLEN,
517  otherwise this must be changed to a sk_buff **.
518  NF_ACCEPT can be returned when destination is local.
519  */
520  int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp,
521  struct ip_vs_protocol *pp);
522 
523  /* Note: we can group the following members into a structure,
524  in order to save more space, and the following members are
525  only used in VS/NAT anyway */
526  struct ip_vs_app *app; /* bound ip_vs_app object */
527  void *app_data; /* Application private data */
528  struct ip_vs_seq in_seq; /* incoming seq. struct */
529  struct ip_vs_seq out_seq; /* outgoing seq. struct */
530 
531  const struct ip_vs_pe *pe;
532  char *pe_data;
533  __u8 pe_data_len;
534 };
535 
536 /*
537  * To save some memory in conn table when name space is disabled.
538  */
539 static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp)
540 {
541 #ifdef CONFIG_NET_NS
542  return cp->net;
543 #else
544  return &init_net;
545 #endif
546 }
547 static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net)
548 {
549 #ifdef CONFIG_NET_NS
550  cp->net = net;
551 #endif
552 }
553 
554 static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp,
555  struct net *net)
556 {
557 #ifdef CONFIG_NET_NS
558  return cp->net == net;
559 #else
560  return 1;
561 #endif
562 }
563 
564 /*
565  * Extended internal versions of struct ip_vs_service_user and
566  * ip_vs_dest_user for IPv6 support.
567  *
568  * We need these to conveniently pass around service and destination
569  * options, but unfortunately, we also need to keep the old definitions to
570  * maintain userspace backwards compatibility for the setsockopt interface.
571  */
572 struct ip_vs_service_user_kern {
573  /* virtual service addresses */
574  u16 af;
575  u16 protocol;
576  union nf_inet_addr addr; /* virtual ip address */
577  u16 port;
578  u32 fwmark; /* firwall mark of service */
579 
580  /* virtual service options */
581  char *sched_name;
582  char *pe_name;
583  unsigned int flags; /* virtual service flags */
584  unsigned int timeout; /* persistent timeout in sec */
585  u32 netmask; /* persistent netmask */
586 };
587 
588 
589 struct ip_vs_dest_user_kern {
590  /* destination server address */
591  union nf_inet_addr addr;
592  u16 port;
593 
594  /* real server options */
595  unsigned int conn_flags; /* connection flags */
596  int weight; /* destination weight */
597 
598  /* thresholds for active connections */
599  u32 u_threshold; /* upper threshold */
600  u32 l_threshold; /* lower threshold */
601 };
602 
603 
604 /*
605  * The information about the virtual service offered to the net
606  * and the forwarding entries
607  */
608 struct ip_vs_service {
609  struct list_head s_list; /* for normal service table */
610  struct list_head f_list; /* for fwmark-based service table */
611  atomic_t refcnt; /* reference counter */
612  atomic_t usecnt; /* use counter */
613 
614  u16 af; /* address family */
615  __u16 protocol; /* which protocol (TCP/UDP) */
616  union nf_inet_addr addr; /* IP address for virtual service */
617  __be16 port; /* port number for the service */
618  __u32 fwmark; /* firewall mark of the service */
619  unsigned int flags; /* service status flags */
620  unsigned int timeout; /* persistent timeout in ticks */
621  __be32 netmask; /* grouping granularity */
622  struct net *net;
623 
624  struct list_head destinations; /* real server d-linked list */
625  __u32 num_dests; /* number of servers */
626  struct ip_vs_stats stats; /* statistics for the service */
627  struct ip_vs_app *inc; /* bind conns to this app inc */
628 
629  /* for scheduling */
630  struct ip_vs_scheduler *scheduler; /* bound scheduler object */
631  rwlock_t sched_lock; /* lock sched_data */
632  void *sched_data; /* scheduler application data */
633 
634  /* alternate persistence engine */
635  struct ip_vs_pe *pe;
636 };
637 
638 
639 /*
640  * The real server destination forwarding entry
641  * with ip address, port number, and so on.
642  */
643 struct ip_vs_dest {
644  struct list_head n_list; /* for the dests in the service */
645  struct list_head d_list; /* for table with all the dests */
646 
647  u16 af; /* address family */
648  __be16 port; /* port number of the server */
649  union nf_inet_addr addr; /* IP address of the server */
650  volatile unsigned int flags; /* dest status flags */
651  atomic_t conn_flags; /* flags to copy to conn */
652  atomic_t weight; /* server weight */
653 
654  atomic_t refcnt; /* reference counter */
655  struct ip_vs_stats stats; /* statistics */
656 
657  /* connection counters and thresholds */
658  atomic_t activeconns; /* active connections */
659  atomic_t inactconns; /* inactive connections */
660  atomic_t persistconns; /* persistent connections */
661  __u32 u_threshold; /* upper threshold */
662  __u32 l_threshold; /* lower threshold */
663 
664  /* for destination cache */
665  spinlock_t dst_lock; /* lock of dst_cache */
666  struct dst_entry *dst_cache; /* destination cache entry */
667  u32 dst_rtos; /* RT_TOS(tos) for dst */
668  u32 dst_cookie;
669  union nf_inet_addr dst_saddr;
670 
671  /* for virtual service */
672  struct ip_vs_service *svc; /* service it belongs to */
673  __u16 protocol; /* which protocol (TCP/UDP) */
674  __be16 vport; /* virtual port number */
675  union nf_inet_addr vaddr; /* virtual IP address */
676  __u32 vfwmark; /* firewall mark of service */
677 };
678 
679 
680 /*
681  * The scheduler object
682  */
683 struct ip_vs_scheduler {
684  struct list_head n_list; /* d-linked list head */
685  char *name; /* scheduler name */
686  atomic_t refcnt; /* reference counter */
687  struct module *module; /* THIS_MODULE/NULL */
688 
689  /* scheduler initializing service */
690  int (*init_service)(struct ip_vs_service *svc);
691  /* scheduling service finish */
692  int (*done_service)(struct ip_vs_service *svc);
693  /* scheduler updating service */
694  int (*update_service)(struct ip_vs_service *svc);
695 
696  /* selecting a server from the given service */
697  struct ip_vs_dest* (*schedule)(struct ip_vs_service *svc,
698  const struct sk_buff *skb);
699 };
700 
701 /* The persistence engine object */
702 struct ip_vs_pe {
703  struct list_head n_list; /* d-linked list head */
704  char *name; /* scheduler name */
705  atomic_t refcnt; /* reference counter */
706  struct module *module; /* THIS_MODULE/NULL */
707 
708  /* get the connection template, if any */
709  int (*fill_param)(struct ip_vs_conn_param *p, struct sk_buff *skb);
710  bool (*ct_match)(const struct ip_vs_conn_param *p,
711  struct ip_vs_conn *ct);
712  u32 (*hashkey_raw)(const struct ip_vs_conn_param *p, u32 initval,
713  bool inverse);
714  int (*show_pe_data)(const struct ip_vs_conn *cp, char *buf);
715 };
716 
717 /*
718  * The application module object (a.k.a. app incarnation)
719  */
720 struct ip_vs_app {
721  struct list_head a_list; /* member in app list */
722  int type; /* IP_VS_APP_TYPE_xxx */
723  char *name; /* application module name */
724  __u16 protocol;
725  struct module *module; /* THIS_MODULE/NULL */
726  struct list_head incs_list; /* list of incarnations */
727 
728  /* members for application incarnations */
729  struct list_head p_list; /* member in proto app list */
730  struct ip_vs_app *app; /* its real application */
731  __be16 port; /* port number in net order */
732  atomic_t usecnt; /* usage counter */
733 
734  /*
735  * output hook: Process packet in inout direction, diff set for TCP.
736  * Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok,
737  * 2=Mangled but checksum was not updated
738  */
739  int (*pkt_out)(struct ip_vs_app *, struct ip_vs_conn *,
740  struct sk_buff *, int *diff);
741 
742  /*
743  * input hook: Process packet in outin direction, diff set for TCP.
744  * Return: 0=Error, 1=Payload Not Mangled/Mangled but checksum is ok,
745  * 2=Mangled but checksum was not updated
746  */
747  int (*pkt_in)(struct ip_vs_app *, struct ip_vs_conn *,
748  struct sk_buff *, int *diff);
749 
750  /* ip_vs_app initializer */
751  int (*init_conn)(struct ip_vs_app *, struct ip_vs_conn *);
752 
753  /* ip_vs_app finish */
754  int (*done_conn)(struct ip_vs_app *, struct ip_vs_conn *);
755 
756 
757  /* not used now */
758  int (*bind_conn)(struct ip_vs_app *, struct ip_vs_conn *,
759  struct ip_vs_protocol *);
760 
761  void (*unbind_conn)(struct ip_vs_app *, struct ip_vs_conn *);
762 
763  int * timeout_table;
764  int * timeouts;
765  int timeouts_size;
766 
767  int (*conn_schedule)(struct sk_buff *skb, struct ip_vs_app *app,
768  int *verdict, struct ip_vs_conn **cpp);
769 
770  struct ip_vs_conn *
771  (*conn_in_get)(const struct sk_buff *skb, struct ip_vs_app *app,
772  const struct iphdr *iph, unsigned int proto_off,
773  int inverse);
774 
775  struct ip_vs_conn *
776  (*conn_out_get)(const struct sk_buff *skb, struct ip_vs_app *app,
777  const struct iphdr *iph, unsigned int proto_off,
778  int inverse);
779 
780  int (*state_transition)(struct ip_vs_conn *cp, int direction,
781  const struct sk_buff *skb,
782  struct ip_vs_app *app);
783 
784  void (*timeout_change)(struct ip_vs_app *app, int flags);
785 };
786 
787 struct ipvs_master_sync_state {
788  struct list_head sync_queue;
789  struct ip_vs_sync_buff *sync_buff;
790  int sync_queue_len;
791  unsigned int sync_queue_delay;
792  struct task_struct *master_thread;
793  struct delayed_work master_wakeup_work;
794  struct netns_ipvs *ipvs;
795 };
796 
797 /* IPVS in network namespace */
798 struct netns_ipvs {
799  int gen; /* Generation */
800  int enable; /* enable like nf_hooks do */
801  /*
802  * Hash table: for real service lookups
803  */
804  #define IP_VS_RTAB_BITS 4
805  #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
806  #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
807 
808  struct list_head rs_table[IP_VS_RTAB_SIZE];
809  /* ip_vs_app */
810  struct list_head app_list;
811  /* ip_vs_proto */
812  #define IP_VS_PROTO_TAB_SIZE 32 /* must be power of 2 */
813  struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
814  /* ip_vs_proto_tcp */
815 #ifdef CONFIG_IP_VS_PROTO_TCP
816  #define TCP_APP_TAB_BITS 4
817  #define TCP_APP_TAB_SIZE (1 << TCP_APP_TAB_BITS)
818  #define TCP_APP_TAB_MASK (TCP_APP_TAB_SIZE - 1)
819  struct list_head tcp_apps[TCP_APP_TAB_SIZE];
820  spinlock_t tcp_app_lock;
821 #endif
822  /* ip_vs_proto_udp */
823 #ifdef CONFIG_IP_VS_PROTO_UDP
824  #define UDP_APP_TAB_BITS 4
825  #define UDP_APP_TAB_SIZE (1 << UDP_APP_TAB_BITS)
826  #define UDP_APP_TAB_MASK (UDP_APP_TAB_SIZE - 1)
827  struct list_head udp_apps[UDP_APP_TAB_SIZE];
828  spinlock_t udp_app_lock;
829 #endif
830  /* ip_vs_proto_sctp */
831 #ifdef CONFIG_IP_VS_PROTO_SCTP
832  #define SCTP_APP_TAB_BITS 4
833  #define SCTP_APP_TAB_SIZE (1 << SCTP_APP_TAB_BITS)
834  #define SCTP_APP_TAB_MASK (SCTP_APP_TAB_SIZE - 1)
835  /* Hash table for SCTP application incarnations */
836  struct list_head sctp_apps[SCTP_APP_TAB_SIZE];
837  spinlock_t sctp_app_lock;
838 #endif
839  /* ip_vs_conn */
840  atomic_t conn_count; /* connection counter */
841 
842  /* ip_vs_ctl */
843  struct ip_vs_stats tot_stats; /* Statistics & est. */
844 
845  int num_services; /* no of virtual services */
846 
847  rwlock_t rs_lock; /* real services table */
848  /* Trash for destinations */
849  struct list_head dest_trash;
850  /* Service counters */
851  atomic_t ftpsvc_counter;
852  atomic_t nullsvc_counter;
853 
854 #ifdef CONFIG_SYSCTL
855  /* 1/rate drop and drop-entry variables */
856  struct delayed_work defense_work; /* Work handler */
857  int drop_rate;
858  int drop_counter;
859  atomic_t dropentry;
860  /* locks in ctl.c */
861  spinlock_t dropentry_lock; /* drop entry handling */
862  spinlock_t droppacket_lock; /* drop packet handling */
863  spinlock_t securetcp_lock; /* state and timeout tables */
864 
865  /* sys-ctl struct */
866  struct ctl_table_header *sysctl_hdr;
867  struct ctl_table *sysctl_tbl;
868 #endif
869 
870  /* sysctl variables */
871  int sysctl_amemthresh;
872  int sysctl_am_droprate;
873  int sysctl_drop_entry;
874  int sysctl_drop_packet;
875  int sysctl_secure_tcp;
876 #ifdef CONFIG_IP_VS_NFCT
877  int sysctl_conntrack;
878 #endif
879  int sysctl_snat_reroute;
880  int sysctl_sync_ver;
881  int sysctl_sync_ports;
882  int sysctl_sync_qlen_max;
883  int sysctl_sync_sock_size;
884  int sysctl_cache_bypass;
885  int sysctl_expire_nodest_conn;
886  int sysctl_expire_quiescent_template;
887  int sysctl_sync_threshold[2];
888  unsigned int sysctl_sync_refresh_period;
889  int sysctl_sync_retries;
890  int sysctl_nat_icmp_send;
891  int sysctl_pmtu_disc;
892 
893  /* ip_vs_lblc */
894  int sysctl_lblc_expiration;
895  struct ctl_table_header *lblc_ctl_header;
896  struct ctl_table *lblc_ctl_table;
897  /* ip_vs_lblcr */
898  int sysctl_lblcr_expiration;
899  struct ctl_table_header *lblcr_ctl_header;
900  struct ctl_table *lblcr_ctl_table;
901  /* ip_vs_est */
902  struct list_head est_list; /* estimator list */
903  spinlock_t est_lock;
904  struct timer_list est_timer; /* Estimation timer */
905  /* ip_vs_sync */
906  spinlock_t sync_lock;
907  struct ipvs_master_sync_state *ms;
908  spinlock_t sync_buff_lock;
909  struct task_struct **backup_threads;
910  int threads_mask;
911  int send_mesg_maxlen;
912  int recv_mesg_maxlen;
913  volatile int sync_state;
914  volatile int master_syncid;
915  volatile int backup_syncid;
916  struct mutex sync_mutex;
917  /* multicast interface name */
918  char master_mcast_ifn[IP_VS_IFNAME_MAXLEN];
919  char backup_mcast_ifn[IP_VS_IFNAME_MAXLEN];
920  /* net name space ptr */
921  struct net *net; /* Needed by timer routines */
922 };
923 
924 #define DEFAULT_SYNC_THRESHOLD 3
925 #define DEFAULT_SYNC_PERIOD 50
926 #define DEFAULT_SYNC_VER 1
927 #define DEFAULT_SYNC_REFRESH_PERIOD (0U * HZ)
928 #define DEFAULT_SYNC_RETRIES 0
929 #define IPVS_SYNC_WAKEUP_RATE 8
930 #define IPVS_SYNC_QLEN_MAX (IPVS_SYNC_WAKEUP_RATE * 4)
931 #define IPVS_SYNC_SEND_DELAY (HZ / 50)
932 #define IPVS_SYNC_CHECK_PERIOD HZ
933 #define IPVS_SYNC_FLUSH_TIME (HZ * 2)
934 #define IPVS_SYNC_PORTS_MAX (1 << 6)
935 
936 #ifdef CONFIG_SYSCTL
937 
938 static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
939 {
940  return ipvs->sysctl_sync_threshold[0];
941 }
942 
943 static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
944 {
945  return ACCESS_ONCE(ipvs->sysctl_sync_threshold[1]);
946 }
947 
948 static inline unsigned int sysctl_sync_refresh_period(struct netns_ipvs *ipvs)
949 {
950  return ACCESS_ONCE(ipvs->sysctl_sync_refresh_period);
951 }
952 
953 static inline int sysctl_sync_retries(struct netns_ipvs *ipvs)
954 {
955  return ipvs->sysctl_sync_retries;
956 }
957 
958 static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
959 {
960  return ipvs->sysctl_sync_ver;
961 }
962 
963 static inline int sysctl_sync_ports(struct netns_ipvs *ipvs)
964 {
965  return ACCESS_ONCE(ipvs->sysctl_sync_ports);
966 }
967 
968 static inline int sysctl_sync_qlen_max(struct netns_ipvs *ipvs)
969 {
970  return ipvs->sysctl_sync_qlen_max;
971 }
972 
973 static inline int sysctl_sync_sock_size(struct netns_ipvs *ipvs)
974 {
975  return ipvs->sysctl_sync_sock_size;
976 }
977 
978 static inline int sysctl_pmtu_disc(struct netns_ipvs *ipvs)
979 {
980  return ipvs->sysctl_pmtu_disc;
981 }
982 
983 #else
984 
985 static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
986 {
987  return DEFAULT_SYNC_THRESHOLD;
988 }
989 
990 static inline int sysctl_sync_period(struct netns_ipvs *ipvs)
991 {
992  return DEFAULT_SYNC_PERIOD;
993 }
994 
995 static inline unsigned int sysctl_sync_refresh_period(struct netns_ipvs *ipvs)
996 {
997  return DEFAULT_SYNC_REFRESH_PERIOD;
998 }
999 
1000 static inline int sysctl_sync_retries(struct netns_ipvs *ipvs)
1001 {
1002  return DEFAULT_SYNC_RETRIES & 3;
1003 }
1004 
1005 static inline int sysctl_sync_ver(struct netns_ipvs *ipvs)
1006 {
1007  return DEFAULT_SYNC_VER;
1008 }
1009 
1010 static inline int sysctl_sync_ports(struct netns_ipvs *ipvs)
1011 {
1012  return 1;
1013 }
1014 
1015 static inline int sysctl_sync_qlen_max(struct netns_ipvs *ipvs)
1016 {
1017  return IPVS_SYNC_QLEN_MAX;
1018 }
1019 
1020 static inline int sysctl_sync_sock_size(struct netns_ipvs *ipvs)
1021 {
1022  return 0;
1023 }
1024 
1025 static inline int sysctl_pmtu_disc(struct netns_ipvs *ipvs)
1026 {
1027  return 1;
1028 }
1029 
1030 #endif
1031 
1032 /*
1033  * IPVS core functions
1034  * (from ip_vs_core.c)
1035  */
1036 extern const char *ip_vs_proto_name(unsigned int proto);
1037 extern void ip_vs_init_hash_table(struct list_head *table, int rows);
1038 #define IP_VS_INIT_HASH_TABLE(t) ip_vs_init_hash_table((t), ARRAY_SIZE((t)))
1039 
1040 #define IP_VS_APP_TYPE_FTP 1
1041 
1042 /*
1043  * ip_vs_conn handling functions
1044  * (from ip_vs_conn.c)
1045  */
1046 
1047 enum {
1048  IP_VS_DIR_INPUT = 0,
1049  IP_VS_DIR_OUTPUT,
1050  IP_VS_DIR_INPUT_ONLY,
1051  IP_VS_DIR_LAST,
1052 };
1053 
1054 static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol,
1055  const union nf_inet_addr *caddr,
1056  __be16 cport,
1057  const union nf_inet_addr *vaddr,
1058  __be16 vport,
1059  struct ip_vs_conn_param *p)
1060 {
1061  p->net = net;
1062  p->af = af;
1063  p->protocol = protocol;
1064  p->caddr = caddr;
1065  p->cport = cport;
1066  p->vaddr = vaddr;
1067  p->vport = vport;
1068  p->pe = NULL;
1069  p->pe_data = NULL;
1070 }
1071 
1072 struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p);
1073 struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p);
1074 
1075 struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,
1076  const struct ip_vs_iphdr *iph,
1077  unsigned int proto_off,
1078  int inverse);
1079 
1080 struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);
1081 
1082 struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,
1083  const struct ip_vs_iphdr *iph,
1084  unsigned int proto_off,
1085  int inverse);
1086 
1087 /* put back the conn without restarting its timer */
1088 static inline void __ip_vs_conn_put(struct ip_vs_conn *cp)
1089 {
1090  atomic_dec(&cp->refcnt);
1091 }
1092 extern void ip_vs_conn_put(struct ip_vs_conn *cp);
1093 extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);
1094 
1095 struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p,
1096  const union nf_inet_addr *daddr,
1097  __be16 dport, unsigned int flags,
1098  struct ip_vs_dest *dest, __u32 fwmark);
1099 extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);
1100 
1101 extern const char * ip_vs_state_name(__u16 proto, int state);
1102 
1103 extern void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp);
1104 extern int ip_vs_check_template(struct ip_vs_conn *ct);
1105 extern void ip_vs_random_dropentry(struct net *net);
1106 extern int ip_vs_conn_init(void);
1107 extern void ip_vs_conn_cleanup(void);
1108 
1109 static inline void ip_vs_control_del(struct ip_vs_conn *cp)
1110 {
1111  struct ip_vs_conn *ctl_cp = cp->control;
1112  if (!ctl_cp) {
1113  IP_VS_ERR_BUF("request control DEL for uncontrolled: "
1114  "%s:%d to %s:%d\n",
1115  IP_VS_DBG_ADDR(cp->af, &cp->caddr),
1116  ntohs(cp->cport),
1117  IP_VS_DBG_ADDR(cp->af, &cp->vaddr),
1118  ntohs(cp->vport));
1119 
1120  return;
1121  }
1122 
1123  IP_VS_DBG_BUF(7, "DELeting control for: "
1124  "cp.dst=%s:%d ctl_cp.dst=%s:%d\n",
1125  IP_VS_DBG_ADDR(cp->af, &cp->caddr),
1126  ntohs(cp->cport),
1127  IP_VS_DBG_ADDR(cp->af, &ctl_cp->caddr),
1128  ntohs(ctl_cp->cport));
1129 
1130  cp->control = NULL;
1131  if (atomic_read(&ctl_cp->n_control) == 0) {
1132  IP_VS_ERR_BUF("BUG control DEL with n=0 : "
1133  "%s:%d to %s:%d\n",
1134  IP_VS_DBG_ADDR(cp->af, &cp->caddr),
1135  ntohs(cp->cport),
1136  IP_VS_DBG_ADDR(cp->af, &cp->vaddr),
1137  ntohs(cp->vport));
1138 
1139  return;
1140  }
1141  atomic_dec(&ctl_cp->n_control);
1142 }
1143 
1144 static inline void
1145 ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp)
1146 {
1147  if (cp->control) {
1148  IP_VS_ERR_BUF("request control ADD for already controlled: "
1149  "%s:%d to %s:%d\n",
1150  IP_VS_DBG_ADDR(cp->af, &cp->caddr),
1151  ntohs(cp->cport),
1152  IP_VS_DBG_ADDR(cp->af, &cp->vaddr),
1153  ntohs(cp->vport));
1154 
1155  ip_vs_control_del(cp);
1156  }
1157 
1158  IP_VS_DBG_BUF(7, "ADDing control for: "
1159  "cp.dst=%s:%d ctl_cp.dst=%s:%d\n",
1160  IP_VS_DBG_ADDR(cp->af, &cp->caddr),
1161  ntohs(cp->cport),
1162  IP_VS_DBG_ADDR(cp->af, &ctl_cp->caddr),
1163  ntohs(ctl_cp->cport));
1164 
1165  cp->control = ctl_cp;
1166  atomic_inc(&ctl_cp->n_control);
1167 }
1168 
1169 /*
1170  * IPVS netns init & cleanup functions
1171  */
1172 extern int ip_vs_estimator_net_init(struct net *net);
1173 extern int ip_vs_control_net_init(struct net *net);
1174 extern int ip_vs_protocol_net_init(struct net *net);
1175 extern int ip_vs_app_net_init(struct net *net);
1176 extern int ip_vs_conn_net_init(struct net *net);
1177 extern int ip_vs_sync_net_init(struct net *net);
1178 extern void ip_vs_conn_net_cleanup(struct net *net);
1179 extern void ip_vs_app_net_cleanup(struct net *net);
1180 extern void ip_vs_protocol_net_cleanup(struct net *net);
1181 extern void ip_vs_control_net_cleanup(struct net *net);
1182 extern void ip_vs_estimator_net_cleanup(struct net *net);
1183 extern void ip_vs_sync_net_cleanup(struct net *net);
1184 extern void ip_vs_service_net_cleanup(struct net *net);
1185 
1186 /*
1187  * IPVS application functions
1188  * (from ip_vs_app.c)
1189  */
1190 #define IP_VS_APP_MAX_PORTS 8
1191 extern struct ip_vs_app *register_ip_vs_app(struct net *net,
1192  struct ip_vs_app *app);
1193 extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
1194 extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1195 extern void ip_vs_unbind_app(struct ip_vs_conn *cp);
1196 extern int register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app,
1197  __u16 proto, __u16 port);
1198 extern int ip_vs_app_inc_get(struct ip_vs_app *inc);
1199 extern void ip_vs_app_inc_put(struct ip_vs_app *inc);
1200 
1201 extern int ip_vs_app_pkt_out(struct ip_vs_conn *, struct sk_buff *skb);
1202 extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff *skb);
1203 
1204 void ip_vs_bind_pe(struct ip_vs_service *svc, struct ip_vs_pe *pe);
1205 void ip_vs_unbind_pe(struct ip_vs_service *svc);
1206 int register_ip_vs_pe(struct ip_vs_pe *pe);
1207 int unregister_ip_vs_pe(struct ip_vs_pe *pe);
1208 struct ip_vs_pe *ip_vs_pe_getbyname(const char *name);
1209 struct ip_vs_pe *__ip_vs_pe_getbyname(const char *pe_name);
1210 
1211 /*
1212  * Use a #define to avoid all of module.h just for these trivial ops
1213  */
1214 #define ip_vs_pe_get(pe) \
1215  if (pe && pe->module) \
1216  __module_get(pe->module);
1217 
1218 #define ip_vs_pe_put(pe) \
1219  if (pe && pe->module) \
1220  module_put(pe->module);
1221 
1222 /*
1223  * IPVS protocol functions (from ip_vs_proto.c)
1224  */
1225 extern int ip_vs_protocol_init(void);
1226 extern void ip_vs_protocol_cleanup(void);
1227 extern void ip_vs_protocol_timeout_change(struct netns_ipvs *ipvs, int flags);
1228 extern int *ip_vs_create_timeout_table(int *table, int size);
1229 extern int
1230 ip_vs_set_state_timeout(int *table, int num, const char *const *names,
1231  const char *name, int to);
1232 extern void
1233 ip_vs_tcpudp_debug_packet(int af, struct ip_vs_protocol *pp,
1234  const struct sk_buff *skb,
1235  int offset, const char *msg);
1236 
1237 extern struct ip_vs_protocol ip_vs_protocol_tcp;
1238 extern struct ip_vs_protocol ip_vs_protocol_udp;
1239 extern struct ip_vs_protocol ip_vs_protocol_icmp;
1240 extern struct ip_vs_protocol ip_vs_protocol_esp;
1241 extern struct ip_vs_protocol ip_vs_protocol_ah;
1242 extern struct ip_vs_protocol ip_vs_protocol_sctp;
1243 
1244 /*
1245  * Registering/unregistering scheduler functions
1246  * (from ip_vs_sched.c)
1247  */
1248 extern int register_ip_vs_scheduler(struct ip_vs_scheduler *scheduler);
1249 extern int unregister_ip_vs_scheduler(struct ip_vs_scheduler *scheduler);
1250 extern int ip_vs_bind_scheduler(struct ip_vs_service *svc,
1251  struct ip_vs_scheduler *scheduler);
1252 extern int ip_vs_unbind_scheduler(struct ip_vs_service *svc);
1253 extern struct ip_vs_scheduler *ip_vs_scheduler_get(const char *sched_name);
1254 extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);
1255 extern struct ip_vs_conn *
1256 ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,
1257  struct ip_vs_proto_data *pd, int *ignored);
1258 extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
1259  struct ip_vs_proto_data *pd);
1260 
1261 extern void ip_vs_scheduler_err(struct ip_vs_service *svc, const char *msg);
1262 
1263 
1264 /*
1265  * IPVS control data and functions (from ip_vs_ctl.c)
1266  */
1267 extern struct ip_vs_stats ip_vs_stats;
1268 extern int sysctl_ip_vs_sync_ver;
1269 
1270 extern struct ip_vs_service *
1271 ip_vs_service_get(struct net *net, int af, __u32 fwmark, __u16 protocol,
1272  const union nf_inet_addr *vaddr, __be16 vport);
1273 
1274 static inline void ip_vs_service_put(struct ip_vs_service *svc)
1275 {
1276  atomic_dec(&svc->usecnt);
1277 }
1278 
1279 extern struct ip_vs_dest *
1280 ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol,
1281  const union nf_inet_addr *daddr, __be16 dport);
1282 
1283 extern int ip_vs_use_count_inc(void);
1284 extern void ip_vs_use_count_dec(void);
1285 extern int ip_vs_register_nl_ioctl(void);
1286 extern void ip_vs_unregister_nl_ioctl(void);
1287 extern int ip_vs_control_init(void);
1288 extern void ip_vs_control_cleanup(void);
1289 extern struct ip_vs_dest *
1290 ip_vs_find_dest(struct net *net, int af, const union nf_inet_addr *daddr,
1291  __be16 dport, const union nf_inet_addr *vaddr, __be16 vport,
1292  __u16 protocol, __u32 fwmark, __u32 flags);
1293 extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);
1294 
1295 
1296 /*
1297  * IPVS sync daemon data and function prototypes
1298  * (from ip_vs_sync.c)
1299  */
1300 extern int start_sync_thread(struct net *net, int state, char *mcast_ifn,
1301  __u8 syncid);
1302 extern int stop_sync_thread(struct net *net, int state);
1303 extern void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp, int pkts);
1304 
1305 
1306 /*
1307  * IPVS rate estimator prototypes (from ip_vs_est.c)
1308  */
1309 extern void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats);
1310 extern void ip_vs_stop_estimator(struct net *net, struct ip_vs_stats *stats);
1311 extern void ip_vs_zero_estimator(struct ip_vs_stats *stats);
1312 extern void ip_vs_read_estimator(struct ip_vs_stats_user *dst,
1313  struct ip_vs_stats *stats);
1314 
1315 /*
1316  * Various IPVS packet transmitters (from ip_vs_xmit.c)
1317  */
1318 extern int ip_vs_null_xmit
1319 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1320 extern int ip_vs_bypass_xmit
1321 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1322 extern int ip_vs_nat_xmit
1323 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1324 extern int ip_vs_tunnel_xmit
1325 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1326 extern int ip_vs_dr_xmit
1327 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1328 extern int ip_vs_icmp_xmit
1329 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp,
1330  int offset, unsigned int hooknum);
1331 extern void ip_vs_dst_reset(struct ip_vs_dest *dest);
1332 
1333 #ifdef CONFIG_IP_VS_IPV6
1334 extern int ip_vs_bypass_xmit_v6
1335 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1336 extern int ip_vs_nat_xmit_v6
1337 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1338 extern int ip_vs_tunnel_xmit_v6
1339 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1340 extern int ip_vs_dr_xmit_v6
1341 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
1342 extern int ip_vs_icmp_xmit_v6
1343 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp,
1344  int offset, unsigned int hooknum);
1345 #endif
1346 
1347 #ifdef CONFIG_SYSCTL
1348 /*
1349  * This is a simple mechanism to ignore packets when
1350  * we are loaded. Just set ip_vs_drop_rate to 'n' and
1351  * we start to drop 1/rate of the packets
1352  */
1353 
1354 static inline int ip_vs_todrop(struct netns_ipvs *ipvs)
1355 {
1356  if (!ipvs->drop_rate)
1357  return 0;
1358  if (--ipvs->drop_counter > 0)
1359  return 0;
1360  ipvs->drop_counter = ipvs->drop_rate;
1361  return 1;
1362 }
1363 #else
1364 static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; }
1365 #endif
1366 
1367 /*
1368  * ip_vs_fwd_tag returns the forwarding tag of the connection
1369  */
1370 #define IP_VS_FWD_METHOD(cp) (cp->flags & IP_VS_CONN_F_FWD_MASK)
1371 
1372 static inline char ip_vs_fwd_tag(struct ip_vs_conn *cp)
1373 {
1374  char fwd;
1375 
1376  switch (IP_VS_FWD_METHOD(cp)) {
1377  case IP_VS_CONN_F_MASQ:
1378  fwd = 'M'; break;
1379  case IP_VS_CONN_F_LOCALNODE:
1380  fwd = 'L'; break;
1381  case IP_VS_CONN_F_TUNNEL:
1382  fwd = 'T'; break;
1383  case IP_VS_CONN_F_DROUTE:
1384  fwd = 'R'; break;
1385  case IP_VS_CONN_F_BYPASS:
1386  fwd = 'B'; break;
1387  default:
1388  fwd = '?'; break;
1389  }
1390  return fwd;
1391 }
1392 
1393 extern void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp,
1394  struct ip_vs_conn *cp, int dir);
1395 
1396 #ifdef CONFIG_IP_VS_IPV6
1397 extern void ip_vs_nat_icmp_v6(struct sk_buff *skb, struct ip_vs_protocol *pp,
1398  struct ip_vs_conn *cp, int dir);
1399 #endif
1400 
1401 extern __sum16 ip_vs_checksum_complete(struct sk_buff *skb, int offset);
1402 
1403 static inline __wsum ip_vs_check_diff4(__be32 old, __be32 new, __wsum oldsum)
1404 {
1405  __be32 diff[2] = { ~old, new };
1406 
1407  return csum_partial(diff, sizeof(diff), oldsum);
1408 }
1409 
1410 #ifdef CONFIG_IP_VS_IPV6
1411 static inline __wsum ip_vs_check_diff16(const __be32 *old, const __be32 *new,
1412  __wsum oldsum)
1413 {
1414  __be32 diff[8] = { ~old[3], ~old[2], ~old[1], ~old[0],
1415  new[3], new[2], new[1], new[0] };
1416 
1417  return csum_partial(diff, sizeof(diff), oldsum);
1418 }
1419 #endif
1420 
1421 static inline __wsum ip_vs_check_diff2(__be16 old, __be16 new, __wsum oldsum)
1422 {
1423  __be16 diff[2] = { ~old, new };
1424 
1425  return csum_partial(diff, sizeof(diff), oldsum);
1426 }
1427 
1428 /*
1429  * Forget current conntrack (unconfirmed) and attach notrack entry
1430  */
1431 static inline void ip_vs_notrack(struct sk_buff *skb)
1432 {
1433 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
1434  enum ip_conntrack_info ctinfo;
1435  struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
1436 
1437  if (!ct || !nf_ct_is_untracked(ct)) {
1438  nf_conntrack_put(skb->nfct);
1439  skb->nfct = &nf_ct_untracked_get()->ct_general;
1440  skb->nfctinfo = IP_CT_NEW;
1441  nf_conntrack_get(skb->nfct);
1442  }
1443 #endif
1444 }
1445 
1446 #ifdef CONFIG_IP_VS_NFCT
1447 /*
1448  * Netfilter connection tracking
1449  * (from ip_vs_nfct.c)
1450  */
1451 static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
1452 {
1453 #ifdef CONFIG_SYSCTL
1454  return ipvs->sysctl_conntrack;
1455 #else
1456  return 0;
1457 #endif
1458 }
1459 
1460 extern void ip_vs_update_conntrack(struct sk_buff *skb, struct ip_vs_conn *cp,
1461  int outin);
1462 extern int ip_vs_confirm_conntrack(struct sk_buff *skb);
1463 extern void ip_vs_nfct_expect_related(struct sk_buff *skb, struct nf_conn *ct,
1464  struct ip_vs_conn *cp, u_int8_t proto,
1465  const __be16 port, int from_rs);
1466 extern void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp);
1467 
1468 #else
1469 
1470 static inline int ip_vs_conntrack_enabled(struct netns_ipvs *ipvs)
1471 {
1472  return 0;
1473 }
1474 
1475 static inline void ip_vs_update_conntrack(struct sk_buff *skb,
1476  struct ip_vs_conn *cp, int outin)
1477 {
1478 }
1479 
1480 static inline int ip_vs_confirm_conntrack(struct sk_buff *skb)
1481 {
1482  return NF_ACCEPT;
1483 }
1484 
1485 static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp)
1486 {
1487 }
1488 /* CONFIG_IP_VS_NFCT */
1489 #endif
1490 
1491 static inline unsigned int
1492 ip_vs_dest_conn_overhead(struct ip_vs_dest *dest)
1493 {
1494  /*
1495  * We think the overhead of processing active connections is 256
1496  * times higher than that of inactive connections in average. (This
1497  * 256 times might not be accurate, we will change it later) We
1498  * use the following formula to estimate the overhead now:
1499  * dest->activeconns*256 + dest->inactconns
1500  */
1501  return (atomic_read(&dest->activeconns) << 8) +
1502  atomic_read(&dest->inactconns);
1503 }
1504 
1505 #endif /* _NET_IP_VS_H */
Generated on Thu Jan 10 2013 14:53:07 for Linux Kernel by   doxygen 1.8.2