2 * IPVS An implementation of the IP virtual server support for the
3 * LINUX operating system. IPVS is now implemented as a module
4 * over the NetFilter framework. IPVS can be used to build a
5 * high-performance and highly available server based on a
8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
9 * Peter Kese <peter.kese@ijs.si>
10 * Julian Anastasov <ja@ssi.bg>
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
21 #define KMSG_COMPONENT "IPVS"
22 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
24 #include <linux/module.h>
25 #include <linux/init.h>
26 #include <linux/types.h>
27 #include <linux/capability.h>
29 #include <linux/sysctl.h>
30 #include <linux/proc_fs.h>
31 #include <linux/workqueue.h>
32 #include <linux/swap.h>
33 #include <linux/seq_file.h>
35 #include <linux/netfilter.h>
36 #include <linux/netfilter_ipv4.h>
37 #include <linux/mutex.h>
39 #include <net/net_namespace.h>
41 #ifdef CONFIG_IP_VS_IPV6
43 #include <net/ip6_route.h>
45 #include <net/route.h>
47 #include <net/genetlink.h>
49 #include <asm/uaccess.h>
51 #include <net/ip_vs.h>
53 /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
54 static DEFINE_MUTEX(__ip_vs_mutex);
56 /* lock for service table */
57 static DEFINE_RWLOCK(__ip_vs_svc_lock);
59 /* lock for table with the real services */
60 static DEFINE_RWLOCK(__ip_vs_rs_lock);
62 /* lock for state and timeout tables */
63 static DEFINE_RWLOCK(__ip_vs_securetcp_lock);
65 /* lock for drop entry handling */
66 static DEFINE_SPINLOCK(__ip_vs_dropentry_lock);
68 /* lock for drop packet handling */
69 static DEFINE_SPINLOCK(__ip_vs_droppacket_lock);
71 /* 1/rate drop and drop-entry variables */
72 int ip_vs_drop_rate = 0;
73 int ip_vs_drop_counter = 0;
74 static atomic_t ip_vs_dropentry = ATOMIC_INIT(0);
76 /* number of virtual services */
77 static int ip_vs_num_services = 0;
79 /* sysctl variables */
80 static int sysctl_ip_vs_drop_entry = 0;
81 static int sysctl_ip_vs_drop_packet = 0;
82 static int sysctl_ip_vs_secure_tcp = 0;
83 static int sysctl_ip_vs_amemthresh = 1024;
84 static int sysctl_ip_vs_am_droprate = 10;
85 int sysctl_ip_vs_cache_bypass = 0;
86 int sysctl_ip_vs_expire_nodest_conn = 0;
87 int sysctl_ip_vs_expire_quiescent_template = 0;
88 int sysctl_ip_vs_sync_threshold[2] = { 3, 50 };
89 int sysctl_ip_vs_nat_icmp_send = 0;
92 #ifdef CONFIG_IP_VS_DEBUG
93 static int sysctl_ip_vs_debug_level = 0;
95 int ip_vs_get_debug_level(void)
97 return sysctl_ip_vs_debug_level;
101 #ifdef CONFIG_IP_VS_IPV6
102 /* Taken from rt6_fill_node() in net/ipv6/route.c, is there a better way? */
103 static int __ip_vs_addr_is_local_v6(const struct in6_addr *addr)
111 .saddr = { .s6_addr32 = {0, 0, 0, 0} }, } },
114 rt = (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
115 if (rt && rt->rt6i_dev && (rt->rt6i_dev->flags & IFF_LOOPBACK))
122 * update_defense_level is called from keventd and from sysctl,
123 * so it needs to protect itself from softirqs
125 static void update_defense_level(void)
128 static int old_secure_tcp = 0;
133 /* we only count free and buffered memory (in pages) */
135 availmem = i.freeram + i.bufferram;
136 /* however in linux 2.5 the i.bufferram is total page cache size,
138 /* si_swapinfo(&i); */
139 /* availmem = availmem - (i.totalswap - i.freeswap); */
141 nomem = (availmem < sysctl_ip_vs_amemthresh);
146 spin_lock(&__ip_vs_dropentry_lock);
147 switch (sysctl_ip_vs_drop_entry) {
149 atomic_set(&ip_vs_dropentry, 0);
153 atomic_set(&ip_vs_dropentry, 1);
154 sysctl_ip_vs_drop_entry = 2;
156 atomic_set(&ip_vs_dropentry, 0);
161 atomic_set(&ip_vs_dropentry, 1);
163 atomic_set(&ip_vs_dropentry, 0);
164 sysctl_ip_vs_drop_entry = 1;
168 atomic_set(&ip_vs_dropentry, 1);
171 spin_unlock(&__ip_vs_dropentry_lock);
174 spin_lock(&__ip_vs_droppacket_lock);
175 switch (sysctl_ip_vs_drop_packet) {
181 ip_vs_drop_rate = ip_vs_drop_counter
182 = sysctl_ip_vs_amemthresh /
183 (sysctl_ip_vs_amemthresh-availmem);
184 sysctl_ip_vs_drop_packet = 2;
191 ip_vs_drop_rate = ip_vs_drop_counter
192 = sysctl_ip_vs_amemthresh /
193 (sysctl_ip_vs_amemthresh-availmem);
196 sysctl_ip_vs_drop_packet = 1;
200 ip_vs_drop_rate = sysctl_ip_vs_am_droprate;
203 spin_unlock(&__ip_vs_droppacket_lock);
206 write_lock(&__ip_vs_securetcp_lock);
207 switch (sysctl_ip_vs_secure_tcp) {
209 if (old_secure_tcp >= 2)
214 if (old_secure_tcp < 2)
216 sysctl_ip_vs_secure_tcp = 2;
218 if (old_secure_tcp >= 2)
224 if (old_secure_tcp < 2)
227 if (old_secure_tcp >= 2)
229 sysctl_ip_vs_secure_tcp = 1;
233 if (old_secure_tcp < 2)
237 old_secure_tcp = sysctl_ip_vs_secure_tcp;
239 ip_vs_protocol_timeout_change(sysctl_ip_vs_secure_tcp>1);
240 write_unlock(&__ip_vs_securetcp_lock);
247 * Timer for checking the defense
249 #define DEFENSE_TIMER_PERIOD 1*HZ
250 static void defense_work_handler(struct work_struct *work);
251 static DECLARE_DELAYED_WORK(defense_work, defense_work_handler);
253 static void defense_work_handler(struct work_struct *work)
255 update_defense_level();
256 if (atomic_read(&ip_vs_dropentry))
257 ip_vs_random_dropentry();
259 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
263 ip_vs_use_count_inc(void)
265 return try_module_get(THIS_MODULE);
269 ip_vs_use_count_dec(void)
271 module_put(THIS_MODULE);
276 * Hash table: for virtual service lookups
278 #define IP_VS_SVC_TAB_BITS 8
279 #define IP_VS_SVC_TAB_SIZE (1 << IP_VS_SVC_TAB_BITS)
280 #define IP_VS_SVC_TAB_MASK (IP_VS_SVC_TAB_SIZE - 1)
282 /* the service table hashed by <protocol, addr, port> */
283 static struct list_head ip_vs_svc_table[IP_VS_SVC_TAB_SIZE];
284 /* the service table hashed by fwmark */
285 static struct list_head ip_vs_svc_fwm_table[IP_VS_SVC_TAB_SIZE];
288 * Hash table: for real service lookups
290 #define IP_VS_RTAB_BITS 4
291 #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
292 #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
294 static struct list_head ip_vs_rtable[IP_VS_RTAB_SIZE];
297 * Trash for destinations
299 static LIST_HEAD(ip_vs_dest_trash);
302 * FTP & NULL virtual service counters
304 static atomic_t ip_vs_ftpsvc_counter = ATOMIC_INIT(0);
305 static atomic_t ip_vs_nullsvc_counter = ATOMIC_INIT(0);
309 * Returns hash value for virtual service
311 static __inline__ unsigned
312 ip_vs_svc_hashkey(int af, unsigned proto, const union nf_inet_addr *addr,
315 register unsigned porth = ntohs(port);
316 __be32 addr_fold = addr->ip;
318 #ifdef CONFIG_IP_VS_IPV6
320 addr_fold = addr->ip6[0]^addr->ip6[1]^
321 addr->ip6[2]^addr->ip6[3];
324 return (proto^ntohl(addr_fold)^(porth>>IP_VS_SVC_TAB_BITS)^porth)
325 & IP_VS_SVC_TAB_MASK;
329 * Returns hash value of fwmark for virtual service lookup
331 static __inline__ unsigned ip_vs_svc_fwm_hashkey(__u32 fwmark)
333 return fwmark & IP_VS_SVC_TAB_MASK;
337 * Hashes a service in the ip_vs_svc_table by <proto,addr,port>
338 * or in the ip_vs_svc_fwm_table by fwmark.
339 * Should be called with locked tables.
341 static int ip_vs_svc_hash(struct ip_vs_service *svc)
345 if (svc->flags & IP_VS_SVC_F_HASHED) {
346 pr_err("%s(): request for already hashed, called from %pF\n",
347 __func__, __builtin_return_address(0));
351 if (svc->fwmark == 0) {
353 * Hash it by <protocol,addr,port> in ip_vs_svc_table
355 hash = ip_vs_svc_hashkey(svc->af, svc->protocol, &svc->addr,
357 list_add(&svc->s_list, &ip_vs_svc_table[hash]);
360 * Hash it by fwmark in ip_vs_svc_fwm_table
362 hash = ip_vs_svc_fwm_hashkey(svc->fwmark);
363 list_add(&svc->f_list, &ip_vs_svc_fwm_table[hash]);
366 svc->flags |= IP_VS_SVC_F_HASHED;
367 /* increase its refcnt because it is referenced by the svc table */
368 atomic_inc(&svc->refcnt);
374 * Unhashes a service from ip_vs_svc_table/ip_vs_svc_fwm_table.
375 * Should be called with locked tables.
377 static int ip_vs_svc_unhash(struct ip_vs_service *svc)
379 if (!(svc->flags & IP_VS_SVC_F_HASHED)) {
380 pr_err("%s(): request for unhash flagged, called from %pF\n",
381 __func__, __builtin_return_address(0));
385 if (svc->fwmark == 0) {
386 /* Remove it from the ip_vs_svc_table table */
387 list_del(&svc->s_list);
389 /* Remove it from the ip_vs_svc_fwm_table table */
390 list_del(&svc->f_list);
393 svc->flags &= ~IP_VS_SVC_F_HASHED;
394 atomic_dec(&svc->refcnt);
400 * Get service by {proto,addr,port} in the service table.
402 static inline struct ip_vs_service *
403 __ip_vs_service_get(int af, __u16 protocol, const union nf_inet_addr *vaddr,
407 struct ip_vs_service *svc;
409 /* Check for "full" addressed entries */
410 hash = ip_vs_svc_hashkey(af, protocol, vaddr, vport);
412 list_for_each_entry(svc, &ip_vs_svc_table[hash], s_list){
414 && ip_vs_addr_equal(af, &svc->addr, vaddr)
415 && (svc->port == vport)
416 && (svc->protocol == protocol)) {
418 atomic_inc(&svc->usecnt);
428 * Get service by {fwmark} in the service table.
430 static inline struct ip_vs_service *
431 __ip_vs_svc_fwm_get(int af, __u32 fwmark)
434 struct ip_vs_service *svc;
436 /* Check for fwmark addressed entries */
437 hash = ip_vs_svc_fwm_hashkey(fwmark);
439 list_for_each_entry(svc, &ip_vs_svc_fwm_table[hash], f_list) {
440 if (svc->fwmark == fwmark && svc->af == af) {
442 atomic_inc(&svc->usecnt);
450 struct ip_vs_service *
451 ip_vs_service_get(int af, __u32 fwmark, __u16 protocol,
452 const union nf_inet_addr *vaddr, __be16 vport)
454 struct ip_vs_service *svc;
456 read_lock(&__ip_vs_svc_lock);
459 * Check the table hashed by fwmark first
461 if (fwmark && (svc = __ip_vs_svc_fwm_get(af, fwmark)))
465 * Check the table hashed by <protocol,addr,port>
466 * for "full" addressed entries
468 svc = __ip_vs_service_get(af, protocol, vaddr, vport);
471 && protocol == IPPROTO_TCP
472 && atomic_read(&ip_vs_ftpsvc_counter)
473 && (vport == FTPDATA || ntohs(vport) >= PROT_SOCK)) {
475 * Check if ftp service entry exists, the packet
476 * might belong to FTP data connections.
478 svc = __ip_vs_service_get(af, protocol, vaddr, FTPPORT);
482 && atomic_read(&ip_vs_nullsvc_counter)) {
484 * Check if the catch-all port (port zero) exists
486 svc = __ip_vs_service_get(af, protocol, vaddr, 0);
490 read_unlock(&__ip_vs_svc_lock);
492 IP_VS_DBG_BUF(9, "lookup service: fwm %u %s %s:%u %s\n",
493 fwmark, ip_vs_proto_name(protocol),
494 IP_VS_DBG_ADDR(af, vaddr), ntohs(vport),
495 svc ? "hit" : "not hit");
502 __ip_vs_bind_svc(struct ip_vs_dest *dest, struct ip_vs_service *svc)
504 atomic_inc(&svc->refcnt);
509 __ip_vs_unbind_svc(struct ip_vs_dest *dest)
511 struct ip_vs_service *svc = dest->svc;
514 if (atomic_dec_and_test(&svc->refcnt))
520 * Returns hash value for real service
522 static inline unsigned ip_vs_rs_hashkey(int af,
523 const union nf_inet_addr *addr,
526 register unsigned porth = ntohs(port);
527 __be32 addr_fold = addr->ip;
529 #ifdef CONFIG_IP_VS_IPV6
531 addr_fold = addr->ip6[0]^addr->ip6[1]^
532 addr->ip6[2]^addr->ip6[3];
535 return (ntohl(addr_fold)^(porth>>IP_VS_RTAB_BITS)^porth)
540 * Hashes ip_vs_dest in ip_vs_rtable by <proto,addr,port>.
541 * should be called with locked tables.
543 static int ip_vs_rs_hash(struct ip_vs_dest *dest)
547 if (!list_empty(&dest->d_list)) {
552 * Hash by proto,addr,port,
553 * which are the parameters of the real service.
555 hash = ip_vs_rs_hashkey(dest->af, &dest->addr, dest->port);
557 list_add(&dest->d_list, &ip_vs_rtable[hash]);
563 * UNhashes ip_vs_dest from ip_vs_rtable.
564 * should be called with locked tables.
566 static int ip_vs_rs_unhash(struct ip_vs_dest *dest)
569 * Remove it from the ip_vs_rtable table.
571 if (!list_empty(&dest->d_list)) {
572 list_del(&dest->d_list);
573 INIT_LIST_HEAD(&dest->d_list);
580 * Lookup real service by <proto,addr,port> in the real service table.
583 ip_vs_lookup_real_service(int af, __u16 protocol,
584 const union nf_inet_addr *daddr,
588 struct ip_vs_dest *dest;
591 * Check for "full" addressed entries
592 * Return the first found entry
594 hash = ip_vs_rs_hashkey(af, daddr, dport);
596 read_lock(&__ip_vs_rs_lock);
597 list_for_each_entry(dest, &ip_vs_rtable[hash], d_list) {
599 && ip_vs_addr_equal(af, &dest->addr, daddr)
600 && (dest->port == dport)
601 && ((dest->protocol == protocol) ||
604 read_unlock(&__ip_vs_rs_lock);
608 read_unlock(&__ip_vs_rs_lock);
614 * Lookup destination by {addr,port} in the given service
616 static struct ip_vs_dest *
617 ip_vs_lookup_dest(struct ip_vs_service *svc, const union nf_inet_addr *daddr,
620 struct ip_vs_dest *dest;
623 * Find the destination for the given service
625 list_for_each_entry(dest, &svc->destinations, n_list) {
626 if ((dest->af == svc->af)
627 && ip_vs_addr_equal(svc->af, &dest->addr, daddr)
628 && (dest->port == dport)) {
638 * Find destination by {daddr,dport,vaddr,protocol}
639 * Cretaed to be used in ip_vs_process_message() in
640 * the backup synchronization daemon. It finds the
641 * destination to be bound to the received connection
644 * ip_vs_lookup_real_service() looked promissing, but
645 * seems not working as expected.
647 struct ip_vs_dest *ip_vs_find_dest(int af, const union nf_inet_addr *daddr,
649 const union nf_inet_addr *vaddr,
650 __be16 vport, __u16 protocol)
652 struct ip_vs_dest *dest;
653 struct ip_vs_service *svc;
655 svc = ip_vs_service_get(af, 0, protocol, vaddr, vport);
658 dest = ip_vs_lookup_dest(svc, daddr, dport);
660 atomic_inc(&dest->refcnt);
661 ip_vs_service_put(svc);
666 * Lookup dest by {svc,addr,port} in the destination trash.
667 * The destination trash is used to hold the destinations that are removed
668 * from the service table but are still referenced by some conn entries.
669 * The reason to add the destination trash is when the dest is temporary
670 * down (either by administrator or by monitor program), the dest can be
671 * picked back from the trash, the remaining connections to the dest can
672 * continue, and the counting information of the dest is also useful for
675 static struct ip_vs_dest *
676 ip_vs_trash_get_dest(struct ip_vs_service *svc, const union nf_inet_addr *daddr,
679 struct ip_vs_dest *dest, *nxt;
682 * Find the destination in trash
684 list_for_each_entry_safe(dest, nxt, &ip_vs_dest_trash, n_list) {
685 IP_VS_DBG_BUF(3, "Destination %u/%s:%u still in trash, "
688 IP_VS_DBG_ADDR(svc->af, &dest->addr),
690 atomic_read(&dest->refcnt));
691 if (dest->af == svc->af &&
692 ip_vs_addr_equal(svc->af, &dest->addr, daddr) &&
693 dest->port == dport &&
694 dest->vfwmark == svc->fwmark &&
695 dest->protocol == svc->protocol &&
697 (ip_vs_addr_equal(svc->af, &dest->vaddr, &svc->addr) &&
698 dest->vport == svc->port))) {
704 * Try to purge the destination from trash if not referenced
706 if (atomic_read(&dest->refcnt) == 1) {
707 IP_VS_DBG_BUF(3, "Removing destination %u/%s:%u "
710 IP_VS_DBG_ADDR(svc->af, &dest->addr),
712 list_del(&dest->n_list);
713 ip_vs_dst_reset(dest);
714 __ip_vs_unbind_svc(dest);
724 * Clean up all the destinations in the trash
725 * Called by the ip_vs_control_cleanup()
727 * When the ip_vs_control_clearup is activated by ipvs module exit,
728 * the service tables must have been flushed and all the connections
729 * are expired, and the refcnt of each destination in the trash must
730 * be 1, so we simply release them here.
732 static void ip_vs_trash_cleanup(void)
734 struct ip_vs_dest *dest, *nxt;
736 list_for_each_entry_safe(dest, nxt, &ip_vs_dest_trash, n_list) {
737 list_del(&dest->n_list);
738 ip_vs_dst_reset(dest);
739 __ip_vs_unbind_svc(dest);
746 ip_vs_zero_stats(struct ip_vs_stats *stats)
748 spin_lock_bh(&stats->lock);
750 memset(&stats->ustats, 0, sizeof(stats->ustats));
751 ip_vs_zero_estimator(stats);
753 spin_unlock_bh(&stats->lock);
757 * Update a destination in the given service
760 __ip_vs_update_dest(struct ip_vs_service *svc,
761 struct ip_vs_dest *dest, struct ip_vs_dest_user_kern *udest)
765 /* set the weight and the flags */
766 atomic_set(&dest->weight, udest->weight);
767 conn_flags = udest->conn_flags | IP_VS_CONN_F_INACTIVE;
769 /* check if local node and update the flags */
770 #ifdef CONFIG_IP_VS_IPV6
771 if (svc->af == AF_INET6) {
772 if (__ip_vs_addr_is_local_v6(&udest->addr.in6)) {
773 conn_flags = (conn_flags & ~IP_VS_CONN_F_FWD_MASK)
774 | IP_VS_CONN_F_LOCALNODE;
778 if (inet_addr_type(&init_net, udest->addr.ip) == RTN_LOCAL) {
779 conn_flags = (conn_flags & ~IP_VS_CONN_F_FWD_MASK)
780 | IP_VS_CONN_F_LOCALNODE;
783 /* set the IP_VS_CONN_F_NOOUTPUT flag if not masquerading/NAT */
784 if ((conn_flags & IP_VS_CONN_F_FWD_MASK) != 0) {
785 conn_flags |= IP_VS_CONN_F_NOOUTPUT;
788 * Put the real service in ip_vs_rtable if not present.
789 * For now only for NAT!
791 write_lock_bh(&__ip_vs_rs_lock);
793 write_unlock_bh(&__ip_vs_rs_lock);
795 atomic_set(&dest->conn_flags, conn_flags);
797 /* bind the service */
799 __ip_vs_bind_svc(dest, svc);
801 if (dest->svc != svc) {
802 __ip_vs_unbind_svc(dest);
803 ip_vs_zero_stats(&dest->stats);
804 __ip_vs_bind_svc(dest, svc);
808 /* set the dest status flags */
809 dest->flags |= IP_VS_DEST_F_AVAILABLE;
811 if (udest->u_threshold == 0 || udest->u_threshold > dest->u_threshold)
812 dest->flags &= ~IP_VS_DEST_F_OVERLOAD;
813 dest->u_threshold = udest->u_threshold;
814 dest->l_threshold = udest->l_threshold;
819 * Create a destination for the given service
822 ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
823 struct ip_vs_dest **dest_p)
825 struct ip_vs_dest *dest;
830 #ifdef CONFIG_IP_VS_IPV6
831 if (svc->af == AF_INET6) {
832 atype = ipv6_addr_type(&udest->addr.in6);
833 if ((!(atype & IPV6_ADDR_UNICAST) ||
834 atype & IPV6_ADDR_LINKLOCAL) &&
835 !__ip_vs_addr_is_local_v6(&udest->addr.in6))
840 atype = inet_addr_type(&init_net, udest->addr.ip);
841 if (atype != RTN_LOCAL && atype != RTN_UNICAST)
845 dest = kzalloc(sizeof(struct ip_vs_dest), GFP_ATOMIC);
847 pr_err("%s(): no memory.\n", __func__);
852 dest->protocol = svc->protocol;
853 dest->vaddr = svc->addr;
854 dest->vport = svc->port;
855 dest->vfwmark = svc->fwmark;
856 ip_vs_addr_copy(svc->af, &dest->addr, &udest->addr);
857 dest->port = udest->port;
859 atomic_set(&dest->activeconns, 0);
860 atomic_set(&dest->inactconns, 0);
861 atomic_set(&dest->persistconns, 0);
862 atomic_set(&dest->refcnt, 0);
864 INIT_LIST_HEAD(&dest->d_list);
865 spin_lock_init(&dest->dst_lock);
866 spin_lock_init(&dest->stats.lock);
867 __ip_vs_update_dest(svc, dest, udest);
868 ip_vs_new_estimator(&dest->stats);
878 * Add a destination into an existing service
881 ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
883 struct ip_vs_dest *dest;
884 union nf_inet_addr daddr;
885 __be16 dport = udest->port;
890 if (udest->weight < 0) {
891 pr_err("%s(): server weight less than zero\n", __func__);
895 if (udest->l_threshold > udest->u_threshold) {
896 pr_err("%s(): lower threshold is higher than upper threshold\n",
901 ip_vs_addr_copy(svc->af, &daddr, &udest->addr);
904 * Check if the dest already exists in the list
906 dest = ip_vs_lookup_dest(svc, &daddr, dport);
909 IP_VS_DBG(1, "%s(): dest already exists\n", __func__);
914 * Check if the dest already exists in the trash and
915 * is from the same service
917 dest = ip_vs_trash_get_dest(svc, &daddr, dport);
920 IP_VS_DBG_BUF(3, "Get destination %s:%u from trash, "
921 "dest->refcnt=%d, service %u/%s:%u\n",
922 IP_VS_DBG_ADDR(svc->af, &daddr), ntohs(dport),
923 atomic_read(&dest->refcnt),
925 IP_VS_DBG_ADDR(svc->af, &dest->vaddr),
928 __ip_vs_update_dest(svc, dest, udest);
931 * Get the destination from the trash
933 list_del(&dest->n_list);
935 ip_vs_new_estimator(&dest->stats);
937 write_lock_bh(&__ip_vs_svc_lock);
940 * Wait until all other svc users go away.
942 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
944 list_add(&dest->n_list, &svc->destinations);
947 /* call the update_service function of its scheduler */
948 if (svc->scheduler->update_service)
949 svc->scheduler->update_service(svc);
951 write_unlock_bh(&__ip_vs_svc_lock);
956 * Allocate and initialize the dest structure
958 ret = ip_vs_new_dest(svc, udest, &dest);
964 * Add the dest entry into the list
966 atomic_inc(&dest->refcnt);
968 write_lock_bh(&__ip_vs_svc_lock);
971 * Wait until all other svc users go away.
973 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
975 list_add(&dest->n_list, &svc->destinations);
978 /* call the update_service function of its scheduler */
979 if (svc->scheduler->update_service)
980 svc->scheduler->update_service(svc);
982 write_unlock_bh(&__ip_vs_svc_lock);
991 * Edit a destination in the given service
994 ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
996 struct ip_vs_dest *dest;
997 union nf_inet_addr daddr;
998 __be16 dport = udest->port;
1002 if (udest->weight < 0) {
1003 pr_err("%s(): server weight less than zero\n", __func__);
1007 if (udest->l_threshold > udest->u_threshold) {
1008 pr_err("%s(): lower threshold is higher than upper threshold\n",
1013 ip_vs_addr_copy(svc->af, &daddr, &udest->addr);
1016 * Lookup the destination list
1018 dest = ip_vs_lookup_dest(svc, &daddr, dport);
1021 IP_VS_DBG(1, "%s(): dest doesn't exist\n", __func__);
1025 __ip_vs_update_dest(svc, dest, udest);
1027 write_lock_bh(&__ip_vs_svc_lock);
1029 /* Wait until all other svc users go away */
1030 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1032 /* call the update_service, because server weight may be changed */
1033 if (svc->scheduler->update_service)
1034 svc->scheduler->update_service(svc);
1036 write_unlock_bh(&__ip_vs_svc_lock);
1045 * Delete a destination (must be already unlinked from the service)
1047 static void __ip_vs_del_dest(struct ip_vs_dest *dest)
1049 ip_vs_kill_estimator(&dest->stats);
1052 * Remove it from the d-linked list with the real services.
1054 write_lock_bh(&__ip_vs_rs_lock);
1055 ip_vs_rs_unhash(dest);
1056 write_unlock_bh(&__ip_vs_rs_lock);
1059 * Decrease the refcnt of the dest, and free the dest
1060 * if nobody refers to it (refcnt=0). Otherwise, throw
1061 * the destination into the trash.
1063 if (atomic_dec_and_test(&dest->refcnt)) {
1064 ip_vs_dst_reset(dest);
1065 /* simply decrease svc->refcnt here, let the caller check
1066 and release the service if nobody refers to it.
1067 Only user context can release destination and service,
1068 and only one user context can update virtual service at a
1069 time, so the operation here is OK */
1070 atomic_dec(&dest->svc->refcnt);
1073 IP_VS_DBG_BUF(3, "Moving dest %s:%u into trash, "
1074 "dest->refcnt=%d\n",
1075 IP_VS_DBG_ADDR(dest->af, &dest->addr),
1077 atomic_read(&dest->refcnt));
1078 list_add(&dest->n_list, &ip_vs_dest_trash);
1079 atomic_inc(&dest->refcnt);
1085 * Unlink a destination from the given service
1087 static void __ip_vs_unlink_dest(struct ip_vs_service *svc,
1088 struct ip_vs_dest *dest,
1091 dest->flags &= ~IP_VS_DEST_F_AVAILABLE;
1094 * Remove it from the d-linked destination list.
1096 list_del(&dest->n_list);
1100 * Call the update_service function of its scheduler
1102 if (svcupd && svc->scheduler->update_service)
1103 svc->scheduler->update_service(svc);
1108 * Delete a destination server in the given service
1111 ip_vs_del_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1113 struct ip_vs_dest *dest;
1114 __be16 dport = udest->port;
1118 dest = ip_vs_lookup_dest(svc, &udest->addr, dport);
1121 IP_VS_DBG(1, "%s(): destination not found!\n", __func__);
1125 write_lock_bh(&__ip_vs_svc_lock);
1128 * Wait until all other svc users go away.
1130 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1133 * Unlink dest from the service
1135 __ip_vs_unlink_dest(svc, dest, 1);
1137 write_unlock_bh(&__ip_vs_svc_lock);
1140 * Delete the destination
1142 __ip_vs_del_dest(dest);
1151 * Add a service into the service hash table
1154 ip_vs_add_service(struct ip_vs_service_user_kern *u,
1155 struct ip_vs_service **svc_p)
1158 struct ip_vs_scheduler *sched = NULL;
1159 struct ip_vs_service *svc = NULL;
1161 /* increase the module use count */
1162 ip_vs_use_count_inc();
1164 /* Lookup the scheduler by 'u->sched_name' */
1165 sched = ip_vs_scheduler_get(u->sched_name);
1166 if (sched == NULL) {
1167 pr_info("Scheduler module ip_vs_%s not found\n", u->sched_name);
1172 #ifdef CONFIG_IP_VS_IPV6
1173 if (u->af == AF_INET6 && (u->netmask < 1 || u->netmask > 128)) {
1179 svc = kzalloc(sizeof(struct ip_vs_service), GFP_ATOMIC);
1181 IP_VS_DBG(1, "%s(): no memory\n", __func__);
1186 /* I'm the first user of the service */
1187 atomic_set(&svc->usecnt, 1);
1188 atomic_set(&svc->refcnt, 0);
1191 svc->protocol = u->protocol;
1192 ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
1193 svc->port = u->port;
1194 svc->fwmark = u->fwmark;
1195 svc->flags = u->flags;
1196 svc->timeout = u->timeout * HZ;
1197 svc->netmask = u->netmask;
1199 INIT_LIST_HEAD(&svc->destinations);
1200 rwlock_init(&svc->sched_lock);
1201 spin_lock_init(&svc->stats.lock);
1203 /* Bind the scheduler */
1204 ret = ip_vs_bind_scheduler(svc, sched);
1209 /* Update the virtual service counters */
1210 if (svc->port == FTPPORT)
1211 atomic_inc(&ip_vs_ftpsvc_counter);
1212 else if (svc->port == 0)
1213 atomic_inc(&ip_vs_nullsvc_counter);
1215 ip_vs_new_estimator(&svc->stats);
1217 /* Count only IPv4 services for old get/setsockopt interface */
1218 if (svc->af == AF_INET)
1219 ip_vs_num_services++;
1221 /* Hash the service into the service table */
1222 write_lock_bh(&__ip_vs_svc_lock);
1223 ip_vs_svc_hash(svc);
1224 write_unlock_bh(&__ip_vs_svc_lock);
1232 ip_vs_unbind_scheduler(svc);
1235 ip_vs_app_inc_put(svc->inc);
1240 ip_vs_scheduler_put(sched);
1243 /* decrease the module use count */
1244 ip_vs_use_count_dec();
1251 * Edit a service and bind it with a new scheduler
1254 ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u)
1256 struct ip_vs_scheduler *sched, *old_sched;
1260 * Lookup the scheduler, by 'u->sched_name'
1262 sched = ip_vs_scheduler_get(u->sched_name);
1263 if (sched == NULL) {
1264 pr_info("Scheduler module ip_vs_%s not found\n", u->sched_name);
1269 #ifdef CONFIG_IP_VS_IPV6
1270 if (u->af == AF_INET6 && (u->netmask < 1 || u->netmask > 128)) {
1276 write_lock_bh(&__ip_vs_svc_lock);
1279 * Wait until all other svc users go away.
1281 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1284 * Set the flags and timeout value
1286 svc->flags = u->flags | IP_VS_SVC_F_HASHED;
1287 svc->timeout = u->timeout * HZ;
1288 svc->netmask = u->netmask;
1290 old_sched = svc->scheduler;
1291 if (sched != old_sched) {
1293 * Unbind the old scheduler
1295 if ((ret = ip_vs_unbind_scheduler(svc))) {
1301 * Bind the new scheduler
1303 if ((ret = ip_vs_bind_scheduler(svc, sched))) {
1305 * If ip_vs_bind_scheduler fails, restore the old
1307 * The main reason of failure is out of memory.
1309 * The question is if the old scheduler can be
1310 * restored all the time. TODO: if it cannot be
1311 * restored some time, we must delete the service,
1312 * otherwise the system may crash.
1314 ip_vs_bind_scheduler(svc, old_sched);
1321 write_unlock_bh(&__ip_vs_svc_lock);
1322 #ifdef CONFIG_IP_VS_IPV6
1327 ip_vs_scheduler_put(old_sched);
1334 * Delete a service from the service list
1335 * - The service must be unlinked, unlocked and not referenced!
1336 * - We are called under _bh lock
1338 static void __ip_vs_del_service(struct ip_vs_service *svc)
1340 struct ip_vs_dest *dest, *nxt;
1341 struct ip_vs_scheduler *old_sched;
1343 /* Count only IPv4 services for old get/setsockopt interface */
1344 if (svc->af == AF_INET)
1345 ip_vs_num_services--;
1347 ip_vs_kill_estimator(&svc->stats);
1349 /* Unbind scheduler */
1350 old_sched = svc->scheduler;
1351 ip_vs_unbind_scheduler(svc);
1353 ip_vs_scheduler_put(old_sched);
1355 /* Unbind app inc */
1357 ip_vs_app_inc_put(svc->inc);
1362 * Unlink the whole destination list
1364 list_for_each_entry_safe(dest, nxt, &svc->destinations, n_list) {
1365 __ip_vs_unlink_dest(svc, dest, 0);
1366 __ip_vs_del_dest(dest);
1370 * Update the virtual service counters
1372 if (svc->port == FTPPORT)
1373 atomic_dec(&ip_vs_ftpsvc_counter);
1374 else if (svc->port == 0)
1375 atomic_dec(&ip_vs_nullsvc_counter);
1378 * Free the service if nobody refers to it
1380 if (atomic_read(&svc->refcnt) == 0)
1383 /* decrease the module use count */
1384 ip_vs_use_count_dec();
1388 * Delete a service from the service list
1390 static int ip_vs_del_service(struct ip_vs_service *svc)
1396 * Unhash it from the service table
1398 write_lock_bh(&__ip_vs_svc_lock);
1400 ip_vs_svc_unhash(svc);
1403 * Wait until all the svc users go away.
1405 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1407 __ip_vs_del_service(svc);
1409 write_unlock_bh(&__ip_vs_svc_lock);
1416 * Flush all the virtual services
1418 static int ip_vs_flush(void)
1421 struct ip_vs_service *svc, *nxt;
1424 * Flush the service table hashed by <protocol,addr,port>
1426 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1427 list_for_each_entry_safe(svc, nxt, &ip_vs_svc_table[idx], s_list) {
1428 write_lock_bh(&__ip_vs_svc_lock);
1429 ip_vs_svc_unhash(svc);
1431 * Wait until all the svc users go away.
1433 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 0);
1434 __ip_vs_del_service(svc);
1435 write_unlock_bh(&__ip_vs_svc_lock);
1440 * Flush the service table hashed by fwmark
1442 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1443 list_for_each_entry_safe(svc, nxt,
1444 &ip_vs_svc_fwm_table[idx], f_list) {
1445 write_lock_bh(&__ip_vs_svc_lock);
1446 ip_vs_svc_unhash(svc);
1448 * Wait until all the svc users go away.
1450 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 0);
1451 __ip_vs_del_service(svc);
1452 write_unlock_bh(&__ip_vs_svc_lock);
1461 * Zero counters in a service or all services
1463 static int ip_vs_zero_service(struct ip_vs_service *svc)
1465 struct ip_vs_dest *dest;
1467 write_lock_bh(&__ip_vs_svc_lock);
1468 list_for_each_entry(dest, &svc->destinations, n_list) {
1469 ip_vs_zero_stats(&dest->stats);
1471 ip_vs_zero_stats(&svc->stats);
1472 write_unlock_bh(&__ip_vs_svc_lock);
1476 static int ip_vs_zero_all(void)
1479 struct ip_vs_service *svc;
1481 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1482 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1483 ip_vs_zero_service(svc);
1487 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1488 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1489 ip_vs_zero_service(svc);
1493 ip_vs_zero_stats(&ip_vs_stats);
1499 proc_do_defense_mode(ctl_table *table, int write,
1500 void __user *buffer, size_t *lenp, loff_t *ppos)
1502 int *valp = table->data;
1506 rc = proc_dointvec(table, write, buffer, lenp, ppos);
1507 if (write && (*valp != val)) {
1508 if ((*valp < 0) || (*valp > 3)) {
1509 /* Restore the correct value */
1512 update_defense_level();
1520 proc_do_sync_threshold(ctl_table *table, int write,
1521 void __user *buffer, size_t *lenp, loff_t *ppos)
1523 int *valp = table->data;
1527 /* backup the value first */
1528 memcpy(val, valp, sizeof(val));
1530 rc = proc_dointvec(table, write, buffer, lenp, ppos);
1531 if (write && (valp[0] < 0 || valp[1] < 0 || valp[0] >= valp[1])) {
1532 /* Restore the correct value */
1533 memcpy(valp, val, sizeof(val));
1540 * IPVS sysctl table (under the /proc/sys/net/ipv4/vs/)
1543 static struct ctl_table vs_vars[] = {
1545 .procname = "amemthresh",
1546 .data = &sysctl_ip_vs_amemthresh,
1547 .maxlen = sizeof(int),
1549 .proc_handler = proc_dointvec,
1551 #ifdef CONFIG_IP_VS_DEBUG
1553 .procname = "debug_level",
1554 .data = &sysctl_ip_vs_debug_level,
1555 .maxlen = sizeof(int),
1557 .proc_handler = proc_dointvec,
1561 .procname = "am_droprate",
1562 .data = &sysctl_ip_vs_am_droprate,
1563 .maxlen = sizeof(int),
1565 .proc_handler = proc_dointvec,
1568 .procname = "drop_entry",
1569 .data = &sysctl_ip_vs_drop_entry,
1570 .maxlen = sizeof(int),
1572 .proc_handler = proc_do_defense_mode,
1575 .procname = "drop_packet",
1576 .data = &sysctl_ip_vs_drop_packet,
1577 .maxlen = sizeof(int),
1579 .proc_handler = proc_do_defense_mode,
1582 .procname = "secure_tcp",
1583 .data = &sysctl_ip_vs_secure_tcp,
1584 .maxlen = sizeof(int),
1586 .proc_handler = proc_do_defense_mode,
1590 .procname = "timeout_established",
1591 .data = &vs_timeout_table_dos.timeout[IP_VS_S_ESTABLISHED],
1592 .maxlen = sizeof(int),
1594 .proc_handler = proc_dointvec_jiffies,
1597 .procname = "timeout_synsent",
1598 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYN_SENT],
1599 .maxlen = sizeof(int),
1601 .proc_handler = proc_dointvec_jiffies,
1604 .procname = "timeout_synrecv",
1605 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYN_RECV],
1606 .maxlen = sizeof(int),
1608 .proc_handler = proc_dointvec_jiffies,
1611 .procname = "timeout_finwait",
1612 .data = &vs_timeout_table_dos.timeout[IP_VS_S_FIN_WAIT],
1613 .maxlen = sizeof(int),
1615 .proc_handler = proc_dointvec_jiffies,
1618 .procname = "timeout_timewait",
1619 .data = &vs_timeout_table_dos.timeout[IP_VS_S_TIME_WAIT],
1620 .maxlen = sizeof(int),
1622 .proc_handler = proc_dointvec_jiffies,
1625 .procname = "timeout_close",
1626 .data = &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE],
1627 .maxlen = sizeof(int),
1629 .proc_handler = proc_dointvec_jiffies,
1632 .procname = "timeout_closewait",
1633 .data = &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE_WAIT],
1634 .maxlen = sizeof(int),
1636 .proc_handler = proc_dointvec_jiffies,
1639 .procname = "timeout_lastack",
1640 .data = &vs_timeout_table_dos.timeout[IP_VS_S_LAST_ACK],
1641 .maxlen = sizeof(int),
1643 .proc_handler = proc_dointvec_jiffies,
1646 .procname = "timeout_listen",
1647 .data = &vs_timeout_table_dos.timeout[IP_VS_S_LISTEN],
1648 .maxlen = sizeof(int),
1650 .proc_handler = proc_dointvec_jiffies,
1653 .procname = "timeout_synack",
1654 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYNACK],
1655 .maxlen = sizeof(int),
1657 .proc_handler = proc_dointvec_jiffies,
1660 .procname = "timeout_udp",
1661 .data = &vs_timeout_table_dos.timeout[IP_VS_S_UDP],
1662 .maxlen = sizeof(int),
1664 .proc_handler = proc_dointvec_jiffies,
1667 .procname = "timeout_icmp",
1668 .data = &vs_timeout_table_dos.timeout[IP_VS_S_ICMP],
1669 .maxlen = sizeof(int),
1671 .proc_handler = proc_dointvec_jiffies,
1675 .procname = "cache_bypass",
1676 .data = &sysctl_ip_vs_cache_bypass,
1677 .maxlen = sizeof(int),
1679 .proc_handler = proc_dointvec,
1682 .procname = "expire_nodest_conn",
1683 .data = &sysctl_ip_vs_expire_nodest_conn,
1684 .maxlen = sizeof(int),
1686 .proc_handler = proc_dointvec,
1689 .procname = "expire_quiescent_template",
1690 .data = &sysctl_ip_vs_expire_quiescent_template,
1691 .maxlen = sizeof(int),
1693 .proc_handler = proc_dointvec,
1696 .procname = "sync_threshold",
1697 .data = &sysctl_ip_vs_sync_threshold,
1698 .maxlen = sizeof(sysctl_ip_vs_sync_threshold),
1700 .proc_handler = proc_do_sync_threshold,
1703 .procname = "nat_icmp_send",
1704 .data = &sysctl_ip_vs_nat_icmp_send,
1705 .maxlen = sizeof(int),
1707 .proc_handler = proc_dointvec,
1712 const struct ctl_path net_vs_ctl_path[] = {
1713 { .procname = "net", },
1714 { .procname = "ipv4", },
1715 { .procname = "vs", },
1718 EXPORT_SYMBOL_GPL(net_vs_ctl_path);
1720 static struct ctl_table_header * sysctl_header;
1722 #ifdef CONFIG_PROC_FS
1725 struct list_head *table;
1730 * Write the contents of the VS rule table to a PROCfs file.
1731 * (It is kept just for backward compatibility)
1733 static inline const char *ip_vs_fwd_name(unsigned flags)
1735 switch (flags & IP_VS_CONN_F_FWD_MASK) {
1736 case IP_VS_CONN_F_LOCALNODE:
1738 case IP_VS_CONN_F_TUNNEL:
1740 case IP_VS_CONN_F_DROUTE:
1748 /* Get the Nth entry in the two lists */
1749 static struct ip_vs_service *ip_vs_info_array(struct seq_file *seq, loff_t pos)
1751 struct ip_vs_iter *iter = seq->private;
1753 struct ip_vs_service *svc;
1755 /* look in hash by protocol */
1756 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1757 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1759 iter->table = ip_vs_svc_table;
1766 /* keep looking in fwmark */
1767 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1768 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1770 iter->table = ip_vs_svc_fwm_table;
1780 static void *ip_vs_info_seq_start(struct seq_file *seq, loff_t *pos)
1781 __acquires(__ip_vs_svc_lock)
1784 read_lock_bh(&__ip_vs_svc_lock);
1785 return *pos ? ip_vs_info_array(seq, *pos - 1) : SEQ_START_TOKEN;
1789 static void *ip_vs_info_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1791 struct list_head *e;
1792 struct ip_vs_iter *iter;
1793 struct ip_vs_service *svc;
1796 if (v == SEQ_START_TOKEN)
1797 return ip_vs_info_array(seq,0);
1800 iter = seq->private;
1802 if (iter->table == ip_vs_svc_table) {
1803 /* next service in table hashed by protocol */
1804 if ((e = svc->s_list.next) != &ip_vs_svc_table[iter->bucket])
1805 return list_entry(e, struct ip_vs_service, s_list);
1808 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1809 list_for_each_entry(svc,&ip_vs_svc_table[iter->bucket],
1815 iter->table = ip_vs_svc_fwm_table;
1820 /* next service in hashed by fwmark */
1821 if ((e = svc->f_list.next) != &ip_vs_svc_fwm_table[iter->bucket])
1822 return list_entry(e, struct ip_vs_service, f_list);
1825 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1826 list_for_each_entry(svc, &ip_vs_svc_fwm_table[iter->bucket],
1834 static void ip_vs_info_seq_stop(struct seq_file *seq, void *v)
1835 __releases(__ip_vs_svc_lock)
1837 read_unlock_bh(&__ip_vs_svc_lock);
1841 static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
1843 if (v == SEQ_START_TOKEN) {
1845 "IP Virtual Server version %d.%d.%d (size=%d)\n",
1846 NVERSION(IP_VS_VERSION_CODE), ip_vs_conn_tab_size);
1848 "Prot LocalAddress:Port Scheduler Flags\n");
1850 " -> RemoteAddress:Port Forward Weight ActiveConn InActConn\n");
1852 const struct ip_vs_service *svc = v;
1853 const struct ip_vs_iter *iter = seq->private;
1854 const struct ip_vs_dest *dest;
1856 if (iter->table == ip_vs_svc_table) {
1857 #ifdef CONFIG_IP_VS_IPV6
1858 if (svc->af == AF_INET6)
1859 seq_printf(seq, "%s [%pI6]:%04X %s ",
1860 ip_vs_proto_name(svc->protocol),
1863 svc->scheduler->name);
1866 seq_printf(seq, "%s %08X:%04X %s ",
1867 ip_vs_proto_name(svc->protocol),
1868 ntohl(svc->addr.ip),
1870 svc->scheduler->name);
1872 seq_printf(seq, "FWM %08X %s ",
1873 svc->fwmark, svc->scheduler->name);
1876 if (svc->flags & IP_VS_SVC_F_PERSISTENT)
1877 seq_printf(seq, "persistent %d %08X\n",
1879 ntohl(svc->netmask));
1881 seq_putc(seq, '\n');
1883 list_for_each_entry(dest, &svc->destinations, n_list) {
1884 #ifdef CONFIG_IP_VS_IPV6
1885 if (dest->af == AF_INET6)
1888 " %-7s %-6d %-10d %-10d\n",
1891 ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
1892 atomic_read(&dest->weight),
1893 atomic_read(&dest->activeconns),
1894 atomic_read(&dest->inactconns));
1899 "%-7s %-6d %-10d %-10d\n",
1900 ntohl(dest->addr.ip),
1902 ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
1903 atomic_read(&dest->weight),
1904 atomic_read(&dest->activeconns),
1905 atomic_read(&dest->inactconns));
1912 static const struct seq_operations ip_vs_info_seq_ops = {
1913 .start = ip_vs_info_seq_start,
1914 .next = ip_vs_info_seq_next,
1915 .stop = ip_vs_info_seq_stop,
1916 .show = ip_vs_info_seq_show,
1919 static int ip_vs_info_open(struct inode *inode, struct file *file)
1921 return seq_open_private(file, &ip_vs_info_seq_ops,
1922 sizeof(struct ip_vs_iter));
1925 static const struct file_operations ip_vs_info_fops = {
1926 .owner = THIS_MODULE,
1927 .open = ip_vs_info_open,
1929 .llseek = seq_lseek,
1930 .release = seq_release_private,
1935 struct ip_vs_stats ip_vs_stats = {
1936 .lock = __SPIN_LOCK_UNLOCKED(ip_vs_stats.lock),
1939 #ifdef CONFIG_PROC_FS
1940 static int ip_vs_stats_show(struct seq_file *seq, void *v)
1943 /* 01234567 01234567 01234567 0123456701234567 0123456701234567 */
1945 " Total Incoming Outgoing Incoming Outgoing\n");
1947 " Conns Packets Packets Bytes Bytes\n");
1949 spin_lock_bh(&ip_vs_stats.lock);
1950 seq_printf(seq, "%8X %8X %8X %16LX %16LX\n\n", ip_vs_stats.ustats.conns,
1951 ip_vs_stats.ustats.inpkts, ip_vs_stats.ustats.outpkts,
1952 (unsigned long long) ip_vs_stats.ustats.inbytes,
1953 (unsigned long long) ip_vs_stats.ustats.outbytes);
1955 /* 01234567 01234567 01234567 0123456701234567 0123456701234567 */
1957 " Conns/s Pkts/s Pkts/s Bytes/s Bytes/s\n");
1958 seq_printf(seq,"%8X %8X %8X %16X %16X\n",
1959 ip_vs_stats.ustats.cps,
1960 ip_vs_stats.ustats.inpps,
1961 ip_vs_stats.ustats.outpps,
1962 ip_vs_stats.ustats.inbps,
1963 ip_vs_stats.ustats.outbps);
1964 spin_unlock_bh(&ip_vs_stats.lock);
1969 static int ip_vs_stats_seq_open(struct inode *inode, struct file *file)
1971 return single_open(file, ip_vs_stats_show, NULL);
1974 static const struct file_operations ip_vs_stats_fops = {
1975 .owner = THIS_MODULE,
1976 .open = ip_vs_stats_seq_open,
1978 .llseek = seq_lseek,
1979 .release = single_release,
1985 * Set timeout values for tcp tcpfin udp in the timeout_table.
1987 static int ip_vs_set_timeout(struct ip_vs_timeout_user *u)
1989 IP_VS_DBG(2, "Setting timeout tcp:%d tcpfin:%d udp:%d\n",
1994 #ifdef CONFIG_IP_VS_PROTO_TCP
1995 if (u->tcp_timeout) {
1996 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_ESTABLISHED]
1997 = u->tcp_timeout * HZ;
2000 if (u->tcp_fin_timeout) {
2001 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_FIN_WAIT]
2002 = u->tcp_fin_timeout * HZ;
2006 #ifdef CONFIG_IP_VS_PROTO_UDP
2007 if (u->udp_timeout) {
2008 ip_vs_protocol_udp.timeout_table[IP_VS_UDP_S_NORMAL]
2009 = u->udp_timeout * HZ;
2016 #define SET_CMDID(cmd) (cmd - IP_VS_BASE_CTL)
2017 #define SERVICE_ARG_LEN (sizeof(struct ip_vs_service_user))
2018 #define SVCDEST_ARG_LEN (sizeof(struct ip_vs_service_user) + \
2019 sizeof(struct ip_vs_dest_user))
2020 #define TIMEOUT_ARG_LEN (sizeof(struct ip_vs_timeout_user))
2021 #define DAEMON_ARG_LEN (sizeof(struct ip_vs_daemon_user))
2022 #define MAX_ARG_LEN SVCDEST_ARG_LEN
2024 static const unsigned char set_arglen[SET_CMDID(IP_VS_SO_SET_MAX)+1] = {
2025 [SET_CMDID(IP_VS_SO_SET_ADD)] = SERVICE_ARG_LEN,
2026 [SET_CMDID(IP_VS_SO_SET_EDIT)] = SERVICE_ARG_LEN,
2027 [SET_CMDID(IP_VS_SO_SET_DEL)] = SERVICE_ARG_LEN,
2028 [SET_CMDID(IP_VS_SO_SET_FLUSH)] = 0,
2029 [SET_CMDID(IP_VS_SO_SET_ADDDEST)] = SVCDEST_ARG_LEN,
2030 [SET_CMDID(IP_VS_SO_SET_DELDEST)] = SVCDEST_ARG_LEN,
2031 [SET_CMDID(IP_VS_SO_SET_EDITDEST)] = SVCDEST_ARG_LEN,
2032 [SET_CMDID(IP_VS_SO_SET_TIMEOUT)] = TIMEOUT_ARG_LEN,
2033 [SET_CMDID(IP_VS_SO_SET_STARTDAEMON)] = DAEMON_ARG_LEN,
2034 [SET_CMDID(IP_VS_SO_SET_STOPDAEMON)] = DAEMON_ARG_LEN,
2035 [SET_CMDID(IP_VS_SO_SET_ZERO)] = SERVICE_ARG_LEN,
2038 static void ip_vs_copy_usvc_compat(struct ip_vs_service_user_kern *usvc,
2039 struct ip_vs_service_user *usvc_compat)
2042 usvc->protocol = usvc_compat->protocol;
2043 usvc->addr.ip = usvc_compat->addr;
2044 usvc->port = usvc_compat->port;
2045 usvc->fwmark = usvc_compat->fwmark;
2047 /* Deep copy of sched_name is not needed here */
2048 usvc->sched_name = usvc_compat->sched_name;
2050 usvc->flags = usvc_compat->flags;
2051 usvc->timeout = usvc_compat->timeout;
2052 usvc->netmask = usvc_compat->netmask;
2055 static void ip_vs_copy_udest_compat(struct ip_vs_dest_user_kern *udest,
2056 struct ip_vs_dest_user *udest_compat)
2058 udest->addr.ip = udest_compat->addr;
2059 udest->port = udest_compat->port;
2060 udest->conn_flags = udest_compat->conn_flags;
2061 udest->weight = udest_compat->weight;
2062 udest->u_threshold = udest_compat->u_threshold;
2063 udest->l_threshold = udest_compat->l_threshold;
2067 do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2070 unsigned char arg[MAX_ARG_LEN];
2071 struct ip_vs_service_user *usvc_compat;
2072 struct ip_vs_service_user_kern usvc;
2073 struct ip_vs_service *svc;
2074 struct ip_vs_dest_user *udest_compat;
2075 struct ip_vs_dest_user_kern udest;
2077 if (!capable(CAP_NET_ADMIN))
2080 if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX)
2082 if (len < 0 || len > MAX_ARG_LEN)
2084 if (len != set_arglen[SET_CMDID(cmd)]) {
2085 pr_err("set_ctl: len %u != %u\n",
2086 len, set_arglen[SET_CMDID(cmd)]);
2090 if (copy_from_user(arg, user, len) != 0)
2093 /* increase the module use count */
2094 ip_vs_use_count_inc();
2096 if (mutex_lock_interruptible(&__ip_vs_mutex)) {
2101 if (cmd == IP_VS_SO_SET_FLUSH) {
2102 /* Flush the virtual service */
2103 ret = ip_vs_flush();
2105 } else if (cmd == IP_VS_SO_SET_TIMEOUT) {
2106 /* Set timeout values for (tcp tcpfin udp) */
2107 ret = ip_vs_set_timeout((struct ip_vs_timeout_user *)arg);
2109 } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
2110 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2111 ret = start_sync_thread(dm->state, dm->mcast_ifn, dm->syncid);
2113 } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
2114 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2115 ret = stop_sync_thread(dm->state);
2119 usvc_compat = (struct ip_vs_service_user *)arg;
2120 udest_compat = (struct ip_vs_dest_user *)(usvc_compat + 1);
2122 /* We only use the new structs internally, so copy userspace compat
2123 * structs to extended internal versions */
2124 ip_vs_copy_usvc_compat(&usvc, usvc_compat);
2125 ip_vs_copy_udest_compat(&udest, udest_compat);
2127 if (cmd == IP_VS_SO_SET_ZERO) {
2128 /* if no service address is set, zero counters in all */
2129 if (!usvc.fwmark && !usvc.addr.ip && !usvc.port) {
2130 ret = ip_vs_zero_all();
2135 /* Check for valid protocol: TCP or UDP or SCTP, even for fwmark!=0 */
2136 if (usvc.protocol != IPPROTO_TCP && usvc.protocol != IPPROTO_UDP &&
2137 usvc.protocol != IPPROTO_SCTP) {
2138 pr_err("set_ctl: invalid protocol: %d %pI4:%d %s\n",
2139 usvc.protocol, &usvc.addr.ip,
2140 ntohs(usvc.port), usvc.sched_name);
2145 /* Lookup the exact service by <protocol, addr, port> or fwmark */
2146 if (usvc.fwmark == 0)
2147 svc = __ip_vs_service_get(usvc.af, usvc.protocol,
2148 &usvc.addr, usvc.port);
2150 svc = __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
2152 if (cmd != IP_VS_SO_SET_ADD
2153 && (svc == NULL || svc->protocol != usvc.protocol)) {
2159 case IP_VS_SO_SET_ADD:
2163 ret = ip_vs_add_service(&usvc, &svc);
2165 case IP_VS_SO_SET_EDIT:
2166 ret = ip_vs_edit_service(svc, &usvc);
2168 case IP_VS_SO_SET_DEL:
2169 ret = ip_vs_del_service(svc);
2173 case IP_VS_SO_SET_ZERO:
2174 ret = ip_vs_zero_service(svc);
2176 case IP_VS_SO_SET_ADDDEST:
2177 ret = ip_vs_add_dest(svc, &udest);
2179 case IP_VS_SO_SET_EDITDEST:
2180 ret = ip_vs_edit_dest(svc, &udest);
2182 case IP_VS_SO_SET_DELDEST:
2183 ret = ip_vs_del_dest(svc, &udest);
2190 ip_vs_service_put(svc);
2193 mutex_unlock(&__ip_vs_mutex);
2195 /* decrease the module use count */
2196 ip_vs_use_count_dec();
2203 ip_vs_copy_stats(struct ip_vs_stats_user *dst, struct ip_vs_stats *src)
2205 spin_lock_bh(&src->lock);
2206 memcpy(dst, &src->ustats, sizeof(*dst));
2207 spin_unlock_bh(&src->lock);
2211 ip_vs_copy_service(struct ip_vs_service_entry *dst, struct ip_vs_service *src)
2213 dst->protocol = src->protocol;
2214 dst->addr = src->addr.ip;
2215 dst->port = src->port;
2216 dst->fwmark = src->fwmark;
2217 strlcpy(dst->sched_name, src->scheduler->name, sizeof(dst->sched_name));
2218 dst->flags = src->flags;
2219 dst->timeout = src->timeout / HZ;
2220 dst->netmask = src->netmask;
2221 dst->num_dests = src->num_dests;
2222 ip_vs_copy_stats(&dst->stats, &src->stats);
2226 __ip_vs_get_service_entries(const struct ip_vs_get_services *get,
2227 struct ip_vs_get_services __user *uptr)
2230 struct ip_vs_service *svc;
2231 struct ip_vs_service_entry entry;
2234 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2235 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
2236 /* Only expose IPv4 entries to old interface */
2237 if (svc->af != AF_INET)
2240 if (count >= get->num_services)
2242 memset(&entry, 0, sizeof(entry));
2243 ip_vs_copy_service(&entry, svc);
2244 if (copy_to_user(&uptr->entrytable[count],
2245 &entry, sizeof(entry))) {
2253 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2254 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
2255 /* Only expose IPv4 entries to old interface */
2256 if (svc->af != AF_INET)
2259 if (count >= get->num_services)
2261 memset(&entry, 0, sizeof(entry));
2262 ip_vs_copy_service(&entry, svc);
2263 if (copy_to_user(&uptr->entrytable[count],
2264 &entry, sizeof(entry))) {
2276 __ip_vs_get_dest_entries(const struct ip_vs_get_dests *get,
2277 struct ip_vs_get_dests __user *uptr)
2279 struct ip_vs_service *svc;
2280 union nf_inet_addr addr = { .ip = get->addr };
2284 svc = __ip_vs_svc_fwm_get(AF_INET, get->fwmark);
2286 svc = __ip_vs_service_get(AF_INET, get->protocol, &addr,
2291 struct ip_vs_dest *dest;
2292 struct ip_vs_dest_entry entry;
2294 list_for_each_entry(dest, &svc->destinations, n_list) {
2295 if (count >= get->num_dests)
2298 entry.addr = dest->addr.ip;
2299 entry.port = dest->port;
2300 entry.conn_flags = atomic_read(&dest->conn_flags);
2301 entry.weight = atomic_read(&dest->weight);
2302 entry.u_threshold = dest->u_threshold;
2303 entry.l_threshold = dest->l_threshold;
2304 entry.activeconns = atomic_read(&dest->activeconns);
2305 entry.inactconns = atomic_read(&dest->inactconns);
2306 entry.persistconns = atomic_read(&dest->persistconns);
2307 ip_vs_copy_stats(&entry.stats, &dest->stats);
2308 if (copy_to_user(&uptr->entrytable[count],
2309 &entry, sizeof(entry))) {
2315 ip_vs_service_put(svc);
2322 __ip_vs_get_timeouts(struct ip_vs_timeout_user *u)
2324 #ifdef CONFIG_IP_VS_PROTO_TCP
2326 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_ESTABLISHED] / HZ;
2327 u->tcp_fin_timeout =
2328 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_FIN_WAIT] / HZ;
2330 #ifdef CONFIG_IP_VS_PROTO_UDP
2332 ip_vs_protocol_udp.timeout_table[IP_VS_UDP_S_NORMAL] / HZ;
2337 #define GET_CMDID(cmd) (cmd - IP_VS_BASE_CTL)
2338 #define GET_INFO_ARG_LEN (sizeof(struct ip_vs_getinfo))
2339 #define GET_SERVICES_ARG_LEN (sizeof(struct ip_vs_get_services))
2340 #define GET_SERVICE_ARG_LEN (sizeof(struct ip_vs_service_entry))
2341 #define GET_DESTS_ARG_LEN (sizeof(struct ip_vs_get_dests))
2342 #define GET_TIMEOUT_ARG_LEN (sizeof(struct ip_vs_timeout_user))
2343 #define GET_DAEMON_ARG_LEN (sizeof(struct ip_vs_daemon_user) * 2)
2345 static const unsigned char get_arglen[GET_CMDID(IP_VS_SO_GET_MAX)+1] = {
2346 [GET_CMDID(IP_VS_SO_GET_VERSION)] = 64,
2347 [GET_CMDID(IP_VS_SO_GET_INFO)] = GET_INFO_ARG_LEN,
2348 [GET_CMDID(IP_VS_SO_GET_SERVICES)] = GET_SERVICES_ARG_LEN,
2349 [GET_CMDID(IP_VS_SO_GET_SERVICE)] = GET_SERVICE_ARG_LEN,
2350 [GET_CMDID(IP_VS_SO_GET_DESTS)] = GET_DESTS_ARG_LEN,
2351 [GET_CMDID(IP_VS_SO_GET_TIMEOUT)] = GET_TIMEOUT_ARG_LEN,
2352 [GET_CMDID(IP_VS_SO_GET_DAEMON)] = GET_DAEMON_ARG_LEN,
2356 do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2358 unsigned char arg[128];
2360 unsigned int copylen;
2362 if (!capable(CAP_NET_ADMIN))
2365 if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX)
2368 if (*len < get_arglen[GET_CMDID(cmd)]) {
2369 pr_err("get_ctl: len %u < %u\n",
2370 *len, get_arglen[GET_CMDID(cmd)]);
2374 copylen = get_arglen[GET_CMDID(cmd)];
2378 if (copy_from_user(arg, user, copylen) != 0)
2381 if (mutex_lock_interruptible(&__ip_vs_mutex))
2382 return -ERESTARTSYS;
2385 case IP_VS_SO_GET_VERSION:
2389 sprintf(buf, "IP Virtual Server version %d.%d.%d (size=%d)",
2390 NVERSION(IP_VS_VERSION_CODE), ip_vs_conn_tab_size);
2391 if (copy_to_user(user, buf, strlen(buf)+1) != 0) {
2395 *len = strlen(buf)+1;
2399 case IP_VS_SO_GET_INFO:
2401 struct ip_vs_getinfo info;
2402 info.version = IP_VS_VERSION_CODE;
2403 info.size = ip_vs_conn_tab_size;
2404 info.num_services = ip_vs_num_services;
2405 if (copy_to_user(user, &info, sizeof(info)) != 0)
2410 case IP_VS_SO_GET_SERVICES:
2412 struct ip_vs_get_services *get;
2415 get = (struct ip_vs_get_services *)arg;
2416 size = sizeof(*get) +
2417 sizeof(struct ip_vs_service_entry) * get->num_services;
2419 pr_err("length: %u != %u\n", *len, size);
2423 ret = __ip_vs_get_service_entries(get, user);
2427 case IP_VS_SO_GET_SERVICE:
2429 struct ip_vs_service_entry *entry;
2430 struct ip_vs_service *svc;
2431 union nf_inet_addr addr;
2433 entry = (struct ip_vs_service_entry *)arg;
2434 addr.ip = entry->addr;
2436 svc = __ip_vs_svc_fwm_get(AF_INET, entry->fwmark);
2438 svc = __ip_vs_service_get(AF_INET, entry->protocol,
2439 &addr, entry->port);
2441 ip_vs_copy_service(entry, svc);
2442 if (copy_to_user(user, entry, sizeof(*entry)) != 0)
2444 ip_vs_service_put(svc);
2450 case IP_VS_SO_GET_DESTS:
2452 struct ip_vs_get_dests *get;
2455 get = (struct ip_vs_get_dests *)arg;
2456 size = sizeof(*get) +
2457 sizeof(struct ip_vs_dest_entry) * get->num_dests;
2459 pr_err("length: %u != %u\n", *len, size);
2463 ret = __ip_vs_get_dest_entries(get, user);
2467 case IP_VS_SO_GET_TIMEOUT:
2469 struct ip_vs_timeout_user t;
2471 __ip_vs_get_timeouts(&t);
2472 if (copy_to_user(user, &t, sizeof(t)) != 0)
2477 case IP_VS_SO_GET_DAEMON:
2479 struct ip_vs_daemon_user d[2];
2481 memset(&d, 0, sizeof(d));
2482 if (ip_vs_sync_state & IP_VS_STATE_MASTER) {
2483 d[0].state = IP_VS_STATE_MASTER;
2484 strlcpy(d[0].mcast_ifn, ip_vs_master_mcast_ifn, sizeof(d[0].mcast_ifn));
2485 d[0].syncid = ip_vs_master_syncid;
2487 if (ip_vs_sync_state & IP_VS_STATE_BACKUP) {
2488 d[1].state = IP_VS_STATE_BACKUP;
2489 strlcpy(d[1].mcast_ifn, ip_vs_backup_mcast_ifn, sizeof(d[1].mcast_ifn));
2490 d[1].syncid = ip_vs_backup_syncid;
2492 if (copy_to_user(user, &d, sizeof(d)) != 0)
2502 mutex_unlock(&__ip_vs_mutex);
2507 static struct nf_sockopt_ops ip_vs_sockopts = {
2509 .set_optmin = IP_VS_BASE_CTL,
2510 .set_optmax = IP_VS_SO_SET_MAX+1,
2511 .set = do_ip_vs_set_ctl,
2512 .get_optmin = IP_VS_BASE_CTL,
2513 .get_optmax = IP_VS_SO_GET_MAX+1,
2514 .get = do_ip_vs_get_ctl,
2515 .owner = THIS_MODULE,
2519 * Generic Netlink interface
2522 /* IPVS genetlink family */
2523 static struct genl_family ip_vs_genl_family = {
2524 .id = GENL_ID_GENERATE,
2526 .name = IPVS_GENL_NAME,
2527 .version = IPVS_GENL_VERSION,
2528 .maxattr = IPVS_CMD_MAX,
2531 /* Policy used for first-level command attributes */
2532 static const struct nla_policy ip_vs_cmd_policy[IPVS_CMD_ATTR_MAX + 1] = {
2533 [IPVS_CMD_ATTR_SERVICE] = { .type = NLA_NESTED },
2534 [IPVS_CMD_ATTR_DEST] = { .type = NLA_NESTED },
2535 [IPVS_CMD_ATTR_DAEMON] = { .type = NLA_NESTED },
2536 [IPVS_CMD_ATTR_TIMEOUT_TCP] = { .type = NLA_U32 },
2537 [IPVS_CMD_ATTR_TIMEOUT_TCP_FIN] = { .type = NLA_U32 },
2538 [IPVS_CMD_ATTR_TIMEOUT_UDP] = { .type = NLA_U32 },
2541 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DAEMON */
2542 static const struct nla_policy ip_vs_daemon_policy[IPVS_DAEMON_ATTR_MAX + 1] = {
2543 [IPVS_DAEMON_ATTR_STATE] = { .type = NLA_U32 },
2544 [IPVS_DAEMON_ATTR_MCAST_IFN] = { .type = NLA_NUL_STRING,
2545 .len = IP_VS_IFNAME_MAXLEN },
2546 [IPVS_DAEMON_ATTR_SYNC_ID] = { .type = NLA_U32 },
2549 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_SERVICE */
2550 static const struct nla_policy ip_vs_svc_policy[IPVS_SVC_ATTR_MAX + 1] = {
2551 [IPVS_SVC_ATTR_AF] = { .type = NLA_U16 },
2552 [IPVS_SVC_ATTR_PROTOCOL] = { .type = NLA_U16 },
2553 [IPVS_SVC_ATTR_ADDR] = { .type = NLA_BINARY,
2554 .len = sizeof(union nf_inet_addr) },
2555 [IPVS_SVC_ATTR_PORT] = { .type = NLA_U16 },
2556 [IPVS_SVC_ATTR_FWMARK] = { .type = NLA_U32 },
2557 [IPVS_SVC_ATTR_SCHED_NAME] = { .type = NLA_NUL_STRING,
2558 .len = IP_VS_SCHEDNAME_MAXLEN },
2559 [IPVS_SVC_ATTR_FLAGS] = { .type = NLA_BINARY,
2560 .len = sizeof(struct ip_vs_flags) },
2561 [IPVS_SVC_ATTR_TIMEOUT] = { .type = NLA_U32 },
2562 [IPVS_SVC_ATTR_NETMASK] = { .type = NLA_U32 },
2563 [IPVS_SVC_ATTR_STATS] = { .type = NLA_NESTED },
2566 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DEST */
2567 static const struct nla_policy ip_vs_dest_policy[IPVS_DEST_ATTR_MAX + 1] = {
2568 [IPVS_DEST_ATTR_ADDR] = { .type = NLA_BINARY,
2569 .len = sizeof(union nf_inet_addr) },
2570 [IPVS_DEST_ATTR_PORT] = { .type = NLA_U16 },
2571 [IPVS_DEST_ATTR_FWD_METHOD] = { .type = NLA_U32 },
2572 [IPVS_DEST_ATTR_WEIGHT] = { .type = NLA_U32 },
2573 [IPVS_DEST_ATTR_U_THRESH] = { .type = NLA_U32 },
2574 [IPVS_DEST_ATTR_L_THRESH] = { .type = NLA_U32 },
2575 [IPVS_DEST_ATTR_ACTIVE_CONNS] = { .type = NLA_U32 },
2576 [IPVS_DEST_ATTR_INACT_CONNS] = { .type = NLA_U32 },
2577 [IPVS_DEST_ATTR_PERSIST_CONNS] = { .type = NLA_U32 },
2578 [IPVS_DEST_ATTR_STATS] = { .type = NLA_NESTED },
2581 static int ip_vs_genl_fill_stats(struct sk_buff *skb, int container_type,
2582 struct ip_vs_stats *stats)
2584 struct nlattr *nl_stats = nla_nest_start(skb, container_type);
2588 spin_lock_bh(&stats->lock);
2590 NLA_PUT_U32(skb, IPVS_STATS_ATTR_CONNS, stats->ustats.conns);
2591 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INPKTS, stats->ustats.inpkts);
2592 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTPKTS, stats->ustats.outpkts);
2593 NLA_PUT_U64(skb, IPVS_STATS_ATTR_INBYTES, stats->ustats.inbytes);
2594 NLA_PUT_U64(skb, IPVS_STATS_ATTR_OUTBYTES, stats->ustats.outbytes);
2595 NLA_PUT_U32(skb, IPVS_STATS_ATTR_CPS, stats->ustats.cps);
2596 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INPPS, stats->ustats.inpps);
2597 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTPPS, stats->ustats.outpps);
2598 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INBPS, stats->ustats.inbps);
2599 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTBPS, stats->ustats.outbps);
2601 spin_unlock_bh(&stats->lock);
2603 nla_nest_end(skb, nl_stats);
2608 spin_unlock_bh(&stats->lock);
2609 nla_nest_cancel(skb, nl_stats);
2613 static int ip_vs_genl_fill_service(struct sk_buff *skb,
2614 struct ip_vs_service *svc)
2616 struct nlattr *nl_service;
2617 struct ip_vs_flags flags = { .flags = svc->flags,
2620 nl_service = nla_nest_start(skb, IPVS_CMD_ATTR_SERVICE);
2624 NLA_PUT_U16(skb, IPVS_SVC_ATTR_AF, svc->af);
2627 NLA_PUT_U32(skb, IPVS_SVC_ATTR_FWMARK, svc->fwmark);
2629 NLA_PUT_U16(skb, IPVS_SVC_ATTR_PROTOCOL, svc->protocol);
2630 NLA_PUT(skb, IPVS_SVC_ATTR_ADDR, sizeof(svc->addr), &svc->addr);
2631 NLA_PUT_U16(skb, IPVS_SVC_ATTR_PORT, svc->port);
2634 NLA_PUT_STRING(skb, IPVS_SVC_ATTR_SCHED_NAME, svc->scheduler->name);
2635 NLA_PUT(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags);
2636 NLA_PUT_U32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ);
2637 NLA_PUT_U32(skb, IPVS_SVC_ATTR_NETMASK, svc->netmask);
2639 if (ip_vs_genl_fill_stats(skb, IPVS_SVC_ATTR_STATS, &svc->stats))
2640 goto nla_put_failure;
2642 nla_nest_end(skb, nl_service);
2647 nla_nest_cancel(skb, nl_service);
2651 static int ip_vs_genl_dump_service(struct sk_buff *skb,
2652 struct ip_vs_service *svc,
2653 struct netlink_callback *cb)
2657 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2658 &ip_vs_genl_family, NLM_F_MULTI,
2659 IPVS_CMD_NEW_SERVICE);
2663 if (ip_vs_genl_fill_service(skb, svc) < 0)
2664 goto nla_put_failure;
2666 return genlmsg_end(skb, hdr);
2669 genlmsg_cancel(skb, hdr);
2673 static int ip_vs_genl_dump_services(struct sk_buff *skb,
2674 struct netlink_callback *cb)
2677 int start = cb->args[0];
2678 struct ip_vs_service *svc;
2680 mutex_lock(&__ip_vs_mutex);
2681 for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
2682 list_for_each_entry(svc, &ip_vs_svc_table[i], s_list) {
2685 if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
2687 goto nla_put_failure;
2692 for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
2693 list_for_each_entry(svc, &ip_vs_svc_fwm_table[i], f_list) {
2696 if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
2698 goto nla_put_failure;
2704 mutex_unlock(&__ip_vs_mutex);
2710 static int ip_vs_genl_parse_service(struct ip_vs_service_user_kern *usvc,
2711 struct nlattr *nla, int full_entry)
2713 struct nlattr *attrs[IPVS_SVC_ATTR_MAX + 1];
2714 struct nlattr *nla_af, *nla_port, *nla_fwmark, *nla_protocol, *nla_addr;
2716 /* Parse mandatory identifying service fields first */
2718 nla_parse_nested(attrs, IPVS_SVC_ATTR_MAX, nla, ip_vs_svc_policy))
2721 nla_af = attrs[IPVS_SVC_ATTR_AF];
2722 nla_protocol = attrs[IPVS_SVC_ATTR_PROTOCOL];
2723 nla_addr = attrs[IPVS_SVC_ATTR_ADDR];
2724 nla_port = attrs[IPVS_SVC_ATTR_PORT];
2725 nla_fwmark = attrs[IPVS_SVC_ATTR_FWMARK];
2727 if (!(nla_af && (nla_fwmark || (nla_port && nla_protocol && nla_addr))))
2730 memset(usvc, 0, sizeof(*usvc));
2732 usvc->af = nla_get_u16(nla_af);
2733 #ifdef CONFIG_IP_VS_IPV6
2734 if (usvc->af != AF_INET && usvc->af != AF_INET6)
2736 if (usvc->af != AF_INET)
2738 return -EAFNOSUPPORT;
2741 usvc->protocol = IPPROTO_TCP;
2742 usvc->fwmark = nla_get_u32(nla_fwmark);
2744 usvc->protocol = nla_get_u16(nla_protocol);
2745 nla_memcpy(&usvc->addr, nla_addr, sizeof(usvc->addr));
2746 usvc->port = nla_get_u16(nla_port);
2750 /* If a full entry was requested, check for the additional fields */
2752 struct nlattr *nla_sched, *nla_flags, *nla_timeout,
2754 struct ip_vs_flags flags;
2755 struct ip_vs_service *svc;
2757 nla_sched = attrs[IPVS_SVC_ATTR_SCHED_NAME];
2758 nla_flags = attrs[IPVS_SVC_ATTR_FLAGS];
2759 nla_timeout = attrs[IPVS_SVC_ATTR_TIMEOUT];
2760 nla_netmask = attrs[IPVS_SVC_ATTR_NETMASK];
2762 if (!(nla_sched && nla_flags && nla_timeout && nla_netmask))
2765 nla_memcpy(&flags, nla_flags, sizeof(flags));
2767 /* prefill flags from service if it already exists */
2769 svc = __ip_vs_svc_fwm_get(usvc->af, usvc->fwmark);
2771 svc = __ip_vs_service_get(usvc->af, usvc->protocol,
2772 &usvc->addr, usvc->port);
2774 usvc->flags = svc->flags;
2775 ip_vs_service_put(svc);
2779 /* set new flags from userland */
2780 usvc->flags = (usvc->flags & ~flags.mask) |
2781 (flags.flags & flags.mask);
2782 usvc->sched_name = nla_data(nla_sched);
2783 usvc->timeout = nla_get_u32(nla_timeout);
2784 usvc->netmask = nla_get_u32(nla_netmask);
2790 static struct ip_vs_service *ip_vs_genl_find_service(struct nlattr *nla)
2792 struct ip_vs_service_user_kern usvc;
2795 ret = ip_vs_genl_parse_service(&usvc, nla, 0);
2797 return ERR_PTR(ret);
2800 return __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
2802 return __ip_vs_service_get(usvc.af, usvc.protocol,
2803 &usvc.addr, usvc.port);
2806 static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
2808 struct nlattr *nl_dest;
2810 nl_dest = nla_nest_start(skb, IPVS_CMD_ATTR_DEST);
2814 NLA_PUT(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr);
2815 NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port);
2817 NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD,
2818 atomic_read(&dest->conn_flags) & IP_VS_CONN_F_FWD_MASK);
2819 NLA_PUT_U32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight));
2820 NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold);
2821 NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold);
2822 NLA_PUT_U32(skb, IPVS_DEST_ATTR_ACTIVE_CONNS,
2823 atomic_read(&dest->activeconns));
2824 NLA_PUT_U32(skb, IPVS_DEST_ATTR_INACT_CONNS,
2825 atomic_read(&dest->inactconns));
2826 NLA_PUT_U32(skb, IPVS_DEST_ATTR_PERSIST_CONNS,
2827 atomic_read(&dest->persistconns));
2829 if (ip_vs_genl_fill_stats(skb, IPVS_DEST_ATTR_STATS, &dest->stats))
2830 goto nla_put_failure;
2832 nla_nest_end(skb, nl_dest);
2837 nla_nest_cancel(skb, nl_dest);
2841 static int ip_vs_genl_dump_dest(struct sk_buff *skb, struct ip_vs_dest *dest,
2842 struct netlink_callback *cb)
2846 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2847 &ip_vs_genl_family, NLM_F_MULTI,
2852 if (ip_vs_genl_fill_dest(skb, dest) < 0)
2853 goto nla_put_failure;
2855 return genlmsg_end(skb, hdr);
2858 genlmsg_cancel(skb, hdr);
2862 static int ip_vs_genl_dump_dests(struct sk_buff *skb,
2863 struct netlink_callback *cb)
2866 int start = cb->args[0];
2867 struct ip_vs_service *svc;
2868 struct ip_vs_dest *dest;
2869 struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1];
2871 mutex_lock(&__ip_vs_mutex);
2873 /* Try to find the service for which to dump destinations */
2874 if (nlmsg_parse(cb->nlh, GENL_HDRLEN, attrs,
2875 IPVS_CMD_ATTR_MAX, ip_vs_cmd_policy))
2878 svc = ip_vs_genl_find_service(attrs[IPVS_CMD_ATTR_SERVICE]);
2879 if (IS_ERR(svc) || svc == NULL)
2882 /* Dump the destinations */
2883 list_for_each_entry(dest, &svc->destinations, n_list) {
2886 if (ip_vs_genl_dump_dest(skb, dest, cb) < 0) {
2888 goto nla_put_failure;
2894 ip_vs_service_put(svc);
2897 mutex_unlock(&__ip_vs_mutex);
2902 static int ip_vs_genl_parse_dest(struct ip_vs_dest_user_kern *udest,
2903 struct nlattr *nla, int full_entry)
2905 struct nlattr *attrs[IPVS_DEST_ATTR_MAX + 1];
2906 struct nlattr *nla_addr, *nla_port;
2908 /* Parse mandatory identifying destination fields first */
2910 nla_parse_nested(attrs, IPVS_DEST_ATTR_MAX, nla, ip_vs_dest_policy))
2913 nla_addr = attrs[IPVS_DEST_ATTR_ADDR];
2914 nla_port = attrs[IPVS_DEST_ATTR_PORT];
2916 if (!(nla_addr && nla_port))
2919 memset(udest, 0, sizeof(*udest));
2921 nla_memcpy(&udest->addr, nla_addr, sizeof(udest->addr));
2922 udest->port = nla_get_u16(nla_port);
2924 /* If a full entry was requested, check for the additional fields */
2926 struct nlattr *nla_fwd, *nla_weight, *nla_u_thresh,
2929 nla_fwd = attrs[IPVS_DEST_ATTR_FWD_METHOD];
2930 nla_weight = attrs[IPVS_DEST_ATTR_WEIGHT];
2931 nla_u_thresh = attrs[IPVS_DEST_ATTR_U_THRESH];
2932 nla_l_thresh = attrs[IPVS_DEST_ATTR_L_THRESH];
2934 if (!(nla_fwd && nla_weight && nla_u_thresh && nla_l_thresh))
2937 udest->conn_flags = nla_get_u32(nla_fwd)
2938 & IP_VS_CONN_F_FWD_MASK;
2939 udest->weight = nla_get_u32(nla_weight);
2940 udest->u_threshold = nla_get_u32(nla_u_thresh);
2941 udest->l_threshold = nla_get_u32(nla_l_thresh);
2947 static int ip_vs_genl_fill_daemon(struct sk_buff *skb, __be32 state,
2948 const char *mcast_ifn, __be32 syncid)
2950 struct nlattr *nl_daemon;
2952 nl_daemon = nla_nest_start(skb, IPVS_CMD_ATTR_DAEMON);
2956 NLA_PUT_U32(skb, IPVS_DAEMON_ATTR_STATE, state);
2957 NLA_PUT_STRING(skb, IPVS_DAEMON_ATTR_MCAST_IFN, mcast_ifn);
2958 NLA_PUT_U32(skb, IPVS_DAEMON_ATTR_SYNC_ID, syncid);
2960 nla_nest_end(skb, nl_daemon);
2965 nla_nest_cancel(skb, nl_daemon);
2969 static int ip_vs_genl_dump_daemon(struct sk_buff *skb, __be32 state,
2970 const char *mcast_ifn, __be32 syncid,
2971 struct netlink_callback *cb)
2974 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2975 &ip_vs_genl_family, NLM_F_MULTI,
2976 IPVS_CMD_NEW_DAEMON);
2980 if (ip_vs_genl_fill_daemon(skb, state, mcast_ifn, syncid))
2981 goto nla_put_failure;
2983 return genlmsg_end(skb, hdr);
2986 genlmsg_cancel(skb, hdr);
2990 static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
2991 struct netlink_callback *cb)
2993 mutex_lock(&__ip_vs_mutex);
2994 if ((ip_vs_sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
2995 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
2996 ip_vs_master_mcast_ifn,
2997 ip_vs_master_syncid, cb) < 0)
2998 goto nla_put_failure;
3003 if ((ip_vs_sync_state & IP_VS_STATE_BACKUP) && !cb->args[1]) {
3004 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_BACKUP,
3005 ip_vs_backup_mcast_ifn,
3006 ip_vs_backup_syncid, cb) < 0)
3007 goto nla_put_failure;
3013 mutex_unlock(&__ip_vs_mutex);
3018 static int ip_vs_genl_new_daemon(struct nlattr **attrs)
3020 if (!(attrs[IPVS_DAEMON_ATTR_STATE] &&
3021 attrs[IPVS_DAEMON_ATTR_MCAST_IFN] &&
3022 attrs[IPVS_DAEMON_ATTR_SYNC_ID]))
3025 return start_sync_thread(nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]),
3026 nla_data(attrs[IPVS_DAEMON_ATTR_MCAST_IFN]),
3027 nla_get_u32(attrs[IPVS_DAEMON_ATTR_SYNC_ID]));
3030 static int ip_vs_genl_del_daemon(struct nlattr **attrs)
3032 if (!attrs[IPVS_DAEMON_ATTR_STATE])
3035 return stop_sync_thread(nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
3038 static int ip_vs_genl_set_config(struct nlattr **attrs)
3040 struct ip_vs_timeout_user t;
3042 __ip_vs_get_timeouts(&t);
3044 if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP])
3045 t.tcp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP]);
3047 if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN])
3049 nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN]);
3051 if (attrs[IPVS_CMD_ATTR_TIMEOUT_UDP])
3052 t.udp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_UDP]);
3054 return ip_vs_set_timeout(&t);
3057 static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3059 struct ip_vs_service *svc = NULL;
3060 struct ip_vs_service_user_kern usvc;
3061 struct ip_vs_dest_user_kern udest;
3063 int need_full_svc = 0, need_full_dest = 0;
3065 cmd = info->genlhdr->cmd;
3067 mutex_lock(&__ip_vs_mutex);
3069 if (cmd == IPVS_CMD_FLUSH) {
3070 ret = ip_vs_flush();
3072 } else if (cmd == IPVS_CMD_SET_CONFIG) {
3073 ret = ip_vs_genl_set_config(info->attrs);
3075 } else if (cmd == IPVS_CMD_NEW_DAEMON ||
3076 cmd == IPVS_CMD_DEL_DAEMON) {
3078 struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
3080 if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
3081 nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
3082 info->attrs[IPVS_CMD_ATTR_DAEMON],
3083 ip_vs_daemon_policy)) {
3088 if (cmd == IPVS_CMD_NEW_DAEMON)
3089 ret = ip_vs_genl_new_daemon(daemon_attrs);
3091 ret = ip_vs_genl_del_daemon(daemon_attrs);
3093 } else if (cmd == IPVS_CMD_ZERO &&
3094 !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
3095 ret = ip_vs_zero_all();
3099 /* All following commands require a service argument, so check if we
3100 * received a valid one. We need a full service specification when
3101 * adding / editing a service. Only identifying members otherwise. */
3102 if (cmd == IPVS_CMD_NEW_SERVICE || cmd == IPVS_CMD_SET_SERVICE)
3105 ret = ip_vs_genl_parse_service(&usvc,
3106 info->attrs[IPVS_CMD_ATTR_SERVICE],
3111 /* Lookup the exact service by <protocol, addr, port> or fwmark */
3112 if (usvc.fwmark == 0)
3113 svc = __ip_vs_service_get(usvc.af, usvc.protocol,
3114 &usvc.addr, usvc.port);
3116 svc = __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
3118 /* Unless we're adding a new service, the service must already exist */
3119 if ((cmd != IPVS_CMD_NEW_SERVICE) && (svc == NULL)) {
3124 /* Destination commands require a valid destination argument. For
3125 * adding / editing a destination, we need a full destination
3127 if (cmd == IPVS_CMD_NEW_DEST || cmd == IPVS_CMD_SET_DEST ||
3128 cmd == IPVS_CMD_DEL_DEST) {
3129 if (cmd != IPVS_CMD_DEL_DEST)
3132 ret = ip_vs_genl_parse_dest(&udest,
3133 info->attrs[IPVS_CMD_ATTR_DEST],
3140 case IPVS_CMD_NEW_SERVICE:
3142 ret = ip_vs_add_service(&usvc, &svc);
3146 case IPVS_CMD_SET_SERVICE:
3147 ret = ip_vs_edit_service(svc, &usvc);
3149 case IPVS_CMD_DEL_SERVICE:
3150 ret = ip_vs_del_service(svc);
3152 case IPVS_CMD_NEW_DEST:
3153 ret = ip_vs_add_dest(svc, &udest);
3155 case IPVS_CMD_SET_DEST:
3156 ret = ip_vs_edit_dest(svc, &udest);
3158 case IPVS_CMD_DEL_DEST:
3159 ret = ip_vs_del_dest(svc, &udest);
3162 ret = ip_vs_zero_service(svc);
3170 ip_vs_service_put(svc);
3171 mutex_unlock(&__ip_vs_mutex);
3176 static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct genl_info *info)
3178 struct sk_buff *msg;
3180 int ret, cmd, reply_cmd;
3182 cmd = info->genlhdr->cmd;
3184 if (cmd == IPVS_CMD_GET_SERVICE)
3185 reply_cmd = IPVS_CMD_NEW_SERVICE;
3186 else if (cmd == IPVS_CMD_GET_INFO)
3187 reply_cmd = IPVS_CMD_SET_INFO;
3188 else if (cmd == IPVS_CMD_GET_CONFIG)
3189 reply_cmd = IPVS_CMD_SET_CONFIG;
3191 pr_err("unknown Generic Netlink command\n");
3195 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3199 mutex_lock(&__ip_vs_mutex);
3201 reply = genlmsg_put_reply(msg, info, &ip_vs_genl_family, 0, reply_cmd);
3203 goto nla_put_failure;
3206 case IPVS_CMD_GET_SERVICE:
3208 struct ip_vs_service *svc;
3210 svc = ip_vs_genl_find_service(info->attrs[IPVS_CMD_ATTR_SERVICE]);
3215 ret = ip_vs_genl_fill_service(msg, svc);
3216 ip_vs_service_put(svc);
3218 goto nla_put_failure;
3227 case IPVS_CMD_GET_CONFIG:
3229 struct ip_vs_timeout_user t;
3231 __ip_vs_get_timeouts(&t);
3232 #ifdef CONFIG_IP_VS_PROTO_TCP
3233 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP, t.tcp_timeout);
3234 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP_FIN,
3237 #ifdef CONFIG_IP_VS_PROTO_UDP
3238 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_UDP, t.udp_timeout);
3244 case IPVS_CMD_GET_INFO:
3245 NLA_PUT_U32(msg, IPVS_INFO_ATTR_VERSION, IP_VS_VERSION_CODE);
3246 NLA_PUT_U32(msg, IPVS_INFO_ATTR_CONN_TAB_SIZE,
3247 ip_vs_conn_tab_size);
3251 genlmsg_end(msg, reply);
3252 ret = genlmsg_reply(msg, info);
3256 pr_err("not enough space in Netlink message\n");
3262 mutex_unlock(&__ip_vs_mutex);
3268 static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
3270 .cmd = IPVS_CMD_NEW_SERVICE,
3271 .flags = GENL_ADMIN_PERM,
3272 .policy = ip_vs_cmd_policy,
3273 .doit = ip_vs_genl_set_cmd,
3276 .cmd = IPVS_CMD_SET_SERVICE,
3277 .flags = GENL_ADMIN_PERM,
3278 .policy = ip_vs_cmd_policy,
3279 .doit = ip_vs_genl_set_cmd,
3282 .cmd = IPVS_CMD_DEL_SERVICE,
3283 .flags = GENL_ADMIN_PERM,
3284 .policy = ip_vs_cmd_policy,
3285 .doit = ip_vs_genl_set_cmd,
3288 .cmd = IPVS_CMD_GET_SERVICE,
3289 .flags = GENL_ADMIN_PERM,
3290 .doit = ip_vs_genl_get_cmd,
3291 .dumpit = ip_vs_genl_dump_services,
3292 .policy = ip_vs_cmd_policy,
3295 .cmd = IPVS_CMD_NEW_DEST,
3296 .flags = GENL_ADMIN_PERM,
3297 .policy = ip_vs_cmd_policy,
3298 .doit = ip_vs_genl_set_cmd,
3301 .cmd = IPVS_CMD_SET_DEST,
3302 .flags = GENL_ADMIN_PERM,
3303 .policy = ip_vs_cmd_policy,
3304 .doit = ip_vs_genl_set_cmd,
3307 .cmd = IPVS_CMD_DEL_DEST,
3308 .flags = GENL_ADMIN_PERM,
3309 .policy = ip_vs_cmd_policy,
3310 .doit = ip_vs_genl_set_cmd,
3313 .cmd = IPVS_CMD_GET_DEST,
3314 .flags = GENL_ADMIN_PERM,
3315 .policy = ip_vs_cmd_policy,
3316 .dumpit = ip_vs_genl_dump_dests,
3319 .cmd = IPVS_CMD_NEW_DAEMON,
3320 .flags = GENL_ADMIN_PERM,
3321 .policy = ip_vs_cmd_policy,
3322 .doit = ip_vs_genl_set_cmd,
3325 .cmd = IPVS_CMD_DEL_DAEMON,
3326 .flags = GENL_ADMIN_PERM,
3327 .policy = ip_vs_cmd_policy,
3328 .doit = ip_vs_genl_set_cmd,
3331 .cmd = IPVS_CMD_GET_DAEMON,
3332 .flags = GENL_ADMIN_PERM,
3333 .dumpit = ip_vs_genl_dump_daemons,
3336 .cmd = IPVS_CMD_SET_CONFIG,
3337 .flags = GENL_ADMIN_PERM,
3338 .policy = ip_vs_cmd_policy,
3339 .doit = ip_vs_genl_set_cmd,
3342 .cmd = IPVS_CMD_GET_CONFIG,
3343 .flags = GENL_ADMIN_PERM,
3344 .doit = ip_vs_genl_get_cmd,
3347 .cmd = IPVS_CMD_GET_INFO,
3348 .flags = GENL_ADMIN_PERM,
3349 .doit = ip_vs_genl_get_cmd,
3352 .cmd = IPVS_CMD_ZERO,
3353 .flags = GENL_ADMIN_PERM,
3354 .policy = ip_vs_cmd_policy,
3355 .doit = ip_vs_genl_set_cmd,
3358 .cmd = IPVS_CMD_FLUSH,
3359 .flags = GENL_ADMIN_PERM,
3360 .doit = ip_vs_genl_set_cmd,
3364 static int __init ip_vs_genl_register(void)
3366 return genl_register_family_with_ops(&ip_vs_genl_family,
3367 ip_vs_genl_ops, ARRAY_SIZE(ip_vs_genl_ops));
3370 static void ip_vs_genl_unregister(void)
3372 genl_unregister_family(&ip_vs_genl_family);
3375 /* End of Generic Netlink interface definitions */
3378 int __init ip_vs_control_init(void)
3385 ret = nf_register_sockopt(&ip_vs_sockopts);
3387 pr_err("cannot register sockopt.\n");
3391 ret = ip_vs_genl_register();
3393 pr_err("cannot register Generic Netlink interface.\n");
3394 nf_unregister_sockopt(&ip_vs_sockopts);
3398 proc_net_fops_create(&init_net, "ip_vs", 0, &ip_vs_info_fops);
3399 proc_net_fops_create(&init_net, "ip_vs_stats",0, &ip_vs_stats_fops);
3401 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars);
3403 /* Initialize ip_vs_svc_table, ip_vs_svc_fwm_table, ip_vs_rtable */
3404 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
3405 INIT_LIST_HEAD(&ip_vs_svc_table[idx]);
3406 INIT_LIST_HEAD(&ip_vs_svc_fwm_table[idx]);
3408 for(idx = 0; idx < IP_VS_RTAB_SIZE; idx++) {
3409 INIT_LIST_HEAD(&ip_vs_rtable[idx]);
3412 ip_vs_new_estimator(&ip_vs_stats);
3414 /* Hook the defense timer */
3415 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
3422 void ip_vs_control_cleanup(void)
3425 ip_vs_trash_cleanup();
3426 cancel_rearming_delayed_work(&defense_work);
3427 cancel_work_sync(&defense_work.work);
3428 ip_vs_kill_estimator(&ip_vs_stats);
3429 unregister_sysctl_table(sysctl_header);
3430 proc_net_remove(&init_net, "ip_vs_stats");
3431 proc_net_remove(&init_net, "ip_vs");
3432 ip_vs_genl_unregister();
3433 nf_unregister_sockopt(&ip_vs_sockopts);
projects / linux-flexiantxendom0-natty.git / blob