2 * IPVS An implementation of the IP virtual server support for the
3 * LINUX operating system. IPVS is now implemented as a module
4 * over the NetFilter framework. IPVS can be used to build a
5 * high-performance and highly available server based on a
8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
9 * Peter Kese <peter.kese@ijs.si>
10 * Julian Anastasov <ja@ssi.bg>
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
21 #define KMSG_COMPONENT "IPVS"
22 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
24 #include <linux/module.h>
25 #include <linux/init.h>
26 #include <linux/types.h>
27 #include <linux/capability.h>
29 #include <linux/sysctl.h>
30 #include <linux/proc_fs.h>
31 #include <linux/workqueue.h>
32 #include <linux/swap.h>
33 #include <linux/seq_file.h>
34 #include <linux/slab.h>
36 #include <linux/netfilter.h>
37 #include <linux/netfilter_ipv4.h>
38 #include <linux/mutex.h>
40 #include <net/net_namespace.h>
42 #ifdef CONFIG_IP_VS_IPV6
44 #include <net/ip6_route.h>
46 #include <net/route.h>
48 #include <net/genetlink.h>
50 #include <asm/uaccess.h>
52 #include <net/ip_vs.h>
54 /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
55 static DEFINE_MUTEX(__ip_vs_mutex);
57 /* lock for service table */
58 static DEFINE_RWLOCK(__ip_vs_svc_lock);
60 /* lock for table with the real services */
61 static DEFINE_RWLOCK(__ip_vs_rs_lock);
63 /* lock for state and timeout tables */
64 static DEFINE_SPINLOCK(ip_vs_securetcp_lock);
66 /* lock for drop entry handling */
67 static DEFINE_SPINLOCK(__ip_vs_dropentry_lock);
69 /* lock for drop packet handling */
70 static DEFINE_SPINLOCK(__ip_vs_droppacket_lock);
72 /* 1/rate drop and drop-entry variables */
73 int ip_vs_drop_rate = 0;
74 int ip_vs_drop_counter = 0;
75 static atomic_t ip_vs_dropentry = ATOMIC_INIT(0);
77 /* number of virtual services */
78 static int ip_vs_num_services = 0;
80 /* sysctl variables */
81 static int sysctl_ip_vs_drop_entry = 0;
82 static int sysctl_ip_vs_drop_packet = 0;
83 static int sysctl_ip_vs_secure_tcp = 0;
84 static int sysctl_ip_vs_amemthresh = 1024;
85 static int sysctl_ip_vs_am_droprate = 10;
86 int sysctl_ip_vs_cache_bypass = 0;
87 int sysctl_ip_vs_expire_nodest_conn = 0;
88 int sysctl_ip_vs_expire_quiescent_template = 0;
89 int sysctl_ip_vs_sync_threshold[2] = { 3, 50 };
90 int sysctl_ip_vs_nat_icmp_send = 0;
91 #ifdef CONFIG_IP_VS_NFCT
92 int sysctl_ip_vs_conntrack;
96 #ifdef CONFIG_IP_VS_DEBUG
97 static int sysctl_ip_vs_debug_level = 0;
99 int ip_vs_get_debug_level(void)
101 return sysctl_ip_vs_debug_level;
105 #ifdef CONFIG_IP_VS_IPV6
106 /* Taken from rt6_fill_node() in net/ipv6/route.c, is there a better way? */
107 static int __ip_vs_addr_is_local_v6(const struct in6_addr *addr)
115 .saddr = { .s6_addr32 = {0, 0, 0, 0} }, } },
118 rt = (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
119 if (rt && rt->rt6i_dev && (rt->rt6i_dev->flags & IFF_LOOPBACK))
126 * update_defense_level is called from keventd and from sysctl,
127 * so it needs to protect itself from softirqs
129 static void update_defense_level(void)
132 static int old_secure_tcp = 0;
137 /* we only count free and buffered memory (in pages) */
139 availmem = i.freeram + i.bufferram;
140 /* however in linux 2.5 the i.bufferram is total page cache size,
142 /* si_swapinfo(&i); */
143 /* availmem = availmem - (i.totalswap - i.freeswap); */
145 nomem = (availmem < sysctl_ip_vs_amemthresh);
150 spin_lock(&__ip_vs_dropentry_lock);
151 switch (sysctl_ip_vs_drop_entry) {
153 atomic_set(&ip_vs_dropentry, 0);
157 atomic_set(&ip_vs_dropentry, 1);
158 sysctl_ip_vs_drop_entry = 2;
160 atomic_set(&ip_vs_dropentry, 0);
165 atomic_set(&ip_vs_dropentry, 1);
167 atomic_set(&ip_vs_dropentry, 0);
168 sysctl_ip_vs_drop_entry = 1;
172 atomic_set(&ip_vs_dropentry, 1);
175 spin_unlock(&__ip_vs_dropentry_lock);
178 spin_lock(&__ip_vs_droppacket_lock);
179 switch (sysctl_ip_vs_drop_packet) {
185 ip_vs_drop_rate = ip_vs_drop_counter
186 = sysctl_ip_vs_amemthresh /
187 (sysctl_ip_vs_amemthresh-availmem);
188 sysctl_ip_vs_drop_packet = 2;
195 ip_vs_drop_rate = ip_vs_drop_counter
196 = sysctl_ip_vs_amemthresh /
197 (sysctl_ip_vs_amemthresh-availmem);
200 sysctl_ip_vs_drop_packet = 1;
204 ip_vs_drop_rate = sysctl_ip_vs_am_droprate;
207 spin_unlock(&__ip_vs_droppacket_lock);
210 spin_lock(&ip_vs_securetcp_lock);
211 switch (sysctl_ip_vs_secure_tcp) {
213 if (old_secure_tcp >= 2)
218 if (old_secure_tcp < 2)
220 sysctl_ip_vs_secure_tcp = 2;
222 if (old_secure_tcp >= 2)
228 if (old_secure_tcp < 2)
231 if (old_secure_tcp >= 2)
233 sysctl_ip_vs_secure_tcp = 1;
237 if (old_secure_tcp < 2)
241 old_secure_tcp = sysctl_ip_vs_secure_tcp;
243 ip_vs_protocol_timeout_change(sysctl_ip_vs_secure_tcp>1);
244 spin_unlock(&ip_vs_securetcp_lock);
251 * Timer for checking the defense
253 #define DEFENSE_TIMER_PERIOD 1*HZ
254 static void defense_work_handler(struct work_struct *work);
255 static DECLARE_DELAYED_WORK(defense_work, defense_work_handler);
257 static void defense_work_handler(struct work_struct *work)
259 update_defense_level();
260 if (atomic_read(&ip_vs_dropentry))
261 ip_vs_random_dropentry();
263 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
267 ip_vs_use_count_inc(void)
269 return try_module_get(THIS_MODULE);
273 ip_vs_use_count_dec(void)
275 module_put(THIS_MODULE);
280 * Hash table: for virtual service lookups
282 #define IP_VS_SVC_TAB_BITS 8
283 #define IP_VS_SVC_TAB_SIZE (1 << IP_VS_SVC_TAB_BITS)
284 #define IP_VS_SVC_TAB_MASK (IP_VS_SVC_TAB_SIZE - 1)
286 /* the service table hashed by <protocol, addr, port> */
287 static struct list_head ip_vs_svc_table[IP_VS_SVC_TAB_SIZE];
288 /* the service table hashed by fwmark */
289 static struct list_head ip_vs_svc_fwm_table[IP_VS_SVC_TAB_SIZE];
292 * Hash table: for real service lookups
294 #define IP_VS_RTAB_BITS 4
295 #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
296 #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
298 static struct list_head ip_vs_rtable[IP_VS_RTAB_SIZE];
301 * Trash for destinations
303 static LIST_HEAD(ip_vs_dest_trash);
306 * FTP & NULL virtual service counters
308 static atomic_t ip_vs_ftpsvc_counter = ATOMIC_INIT(0);
309 static atomic_t ip_vs_nullsvc_counter = ATOMIC_INIT(0);
313 * Returns hash value for virtual service
315 static __inline__ unsigned
316 ip_vs_svc_hashkey(int af, unsigned proto, const union nf_inet_addr *addr,
319 register unsigned porth = ntohs(port);
320 __be32 addr_fold = addr->ip;
322 #ifdef CONFIG_IP_VS_IPV6
324 addr_fold = addr->ip6[0]^addr->ip6[1]^
325 addr->ip6[2]^addr->ip6[3];
328 return (proto^ntohl(addr_fold)^(porth>>IP_VS_SVC_TAB_BITS)^porth)
329 & IP_VS_SVC_TAB_MASK;
333 * Returns hash value of fwmark for virtual service lookup
335 static __inline__ unsigned ip_vs_svc_fwm_hashkey(__u32 fwmark)
337 return fwmark & IP_VS_SVC_TAB_MASK;
341 * Hashes a service in the ip_vs_svc_table by <proto,addr,port>
342 * or in the ip_vs_svc_fwm_table by fwmark.
343 * Should be called with locked tables.
345 static int ip_vs_svc_hash(struct ip_vs_service *svc)
349 if (svc->flags & IP_VS_SVC_F_HASHED) {
350 pr_err("%s(): request for already hashed, called from %pF\n",
351 __func__, __builtin_return_address(0));
355 if (svc->fwmark == 0) {
357 * Hash it by <protocol,addr,port> in ip_vs_svc_table
359 hash = ip_vs_svc_hashkey(svc->af, svc->protocol, &svc->addr,
361 list_add(&svc->s_list, &ip_vs_svc_table[hash]);
364 * Hash it by fwmark in ip_vs_svc_fwm_table
366 hash = ip_vs_svc_fwm_hashkey(svc->fwmark);
367 list_add(&svc->f_list, &ip_vs_svc_fwm_table[hash]);
370 svc->flags |= IP_VS_SVC_F_HASHED;
371 /* increase its refcnt because it is referenced by the svc table */
372 atomic_inc(&svc->refcnt);
378 * Unhashes a service from ip_vs_svc_table/ip_vs_svc_fwm_table.
379 * Should be called with locked tables.
381 static int ip_vs_svc_unhash(struct ip_vs_service *svc)
383 if (!(svc->flags & IP_VS_SVC_F_HASHED)) {
384 pr_err("%s(): request for unhash flagged, called from %pF\n",
385 __func__, __builtin_return_address(0));
389 if (svc->fwmark == 0) {
390 /* Remove it from the ip_vs_svc_table table */
391 list_del(&svc->s_list);
393 /* Remove it from the ip_vs_svc_fwm_table table */
394 list_del(&svc->f_list);
397 svc->flags &= ~IP_VS_SVC_F_HASHED;
398 atomic_dec(&svc->refcnt);
404 * Get service by {proto,addr,port} in the service table.
406 static inline struct ip_vs_service *
407 __ip_vs_service_get(int af, __u16 protocol, const union nf_inet_addr *vaddr,
411 struct ip_vs_service *svc;
413 /* Check for "full" addressed entries */
414 hash = ip_vs_svc_hashkey(af, protocol, vaddr, vport);
416 list_for_each_entry(svc, &ip_vs_svc_table[hash], s_list){
418 && ip_vs_addr_equal(af, &svc->addr, vaddr)
419 && (svc->port == vport)
420 && (svc->protocol == protocol)) {
422 atomic_inc(&svc->usecnt);
432 * Get service by {fwmark} in the service table.
434 static inline struct ip_vs_service *
435 __ip_vs_svc_fwm_get(int af, __u32 fwmark)
438 struct ip_vs_service *svc;
440 /* Check for fwmark addressed entries */
441 hash = ip_vs_svc_fwm_hashkey(fwmark);
443 list_for_each_entry(svc, &ip_vs_svc_fwm_table[hash], f_list) {
444 if (svc->fwmark == fwmark && svc->af == af) {
446 atomic_inc(&svc->usecnt);
454 struct ip_vs_service *
455 ip_vs_service_get(int af, __u32 fwmark, __u16 protocol,
456 const union nf_inet_addr *vaddr, __be16 vport)
458 struct ip_vs_service *svc;
460 read_lock(&__ip_vs_svc_lock);
463 * Check the table hashed by fwmark first
465 if (fwmark && (svc = __ip_vs_svc_fwm_get(af, fwmark)))
469 * Check the table hashed by <protocol,addr,port>
470 * for "full" addressed entries
472 svc = __ip_vs_service_get(af, protocol, vaddr, vport);
475 && protocol == IPPROTO_TCP
476 && atomic_read(&ip_vs_ftpsvc_counter)
477 && (vport == FTPDATA || ntohs(vport) >= PROT_SOCK)) {
479 * Check if ftp service entry exists, the packet
480 * might belong to FTP data connections.
482 svc = __ip_vs_service_get(af, protocol, vaddr, FTPPORT);
486 && atomic_read(&ip_vs_nullsvc_counter)) {
488 * Check if the catch-all port (port zero) exists
490 svc = __ip_vs_service_get(af, protocol, vaddr, 0);
494 read_unlock(&__ip_vs_svc_lock);
496 IP_VS_DBG_BUF(9, "lookup service: fwm %u %s %s:%u %s\n",
497 fwmark, ip_vs_proto_name(protocol),
498 IP_VS_DBG_ADDR(af, vaddr), ntohs(vport),
499 svc ? "hit" : "not hit");
506 __ip_vs_bind_svc(struct ip_vs_dest *dest, struct ip_vs_service *svc)
508 atomic_inc(&svc->refcnt);
513 __ip_vs_unbind_svc(struct ip_vs_dest *dest)
515 struct ip_vs_service *svc = dest->svc;
518 if (atomic_dec_and_test(&svc->refcnt))
524 * Returns hash value for real service
526 static inline unsigned ip_vs_rs_hashkey(int af,
527 const union nf_inet_addr *addr,
530 register unsigned porth = ntohs(port);
531 __be32 addr_fold = addr->ip;
533 #ifdef CONFIG_IP_VS_IPV6
535 addr_fold = addr->ip6[0]^addr->ip6[1]^
536 addr->ip6[2]^addr->ip6[3];
539 return (ntohl(addr_fold)^(porth>>IP_VS_RTAB_BITS)^porth)
544 * Hashes ip_vs_dest in ip_vs_rtable by <proto,addr,port>.
545 * should be called with locked tables.
547 static int ip_vs_rs_hash(struct ip_vs_dest *dest)
551 if (!list_empty(&dest->d_list)) {
556 * Hash by proto,addr,port,
557 * which are the parameters of the real service.
559 hash = ip_vs_rs_hashkey(dest->af, &dest->addr, dest->port);
561 list_add(&dest->d_list, &ip_vs_rtable[hash]);
567 * UNhashes ip_vs_dest from ip_vs_rtable.
568 * should be called with locked tables.
570 static int ip_vs_rs_unhash(struct ip_vs_dest *dest)
573 * Remove it from the ip_vs_rtable table.
575 if (!list_empty(&dest->d_list)) {
576 list_del(&dest->d_list);
577 INIT_LIST_HEAD(&dest->d_list);
584 * Lookup real service by <proto,addr,port> in the real service table.
587 ip_vs_lookup_real_service(int af, __u16 protocol,
588 const union nf_inet_addr *daddr,
592 struct ip_vs_dest *dest;
595 * Check for "full" addressed entries
596 * Return the first found entry
598 hash = ip_vs_rs_hashkey(af, daddr, dport);
600 read_lock(&__ip_vs_rs_lock);
601 list_for_each_entry(dest, &ip_vs_rtable[hash], d_list) {
603 && ip_vs_addr_equal(af, &dest->addr, daddr)
604 && (dest->port == dport)
605 && ((dest->protocol == protocol) ||
608 read_unlock(&__ip_vs_rs_lock);
612 read_unlock(&__ip_vs_rs_lock);
618 * Lookup destination by {addr,port} in the given service
620 static struct ip_vs_dest *
621 ip_vs_lookup_dest(struct ip_vs_service *svc, const union nf_inet_addr *daddr,
624 struct ip_vs_dest *dest;
627 * Find the destination for the given service
629 list_for_each_entry(dest, &svc->destinations, n_list) {
630 if ((dest->af == svc->af)
631 && ip_vs_addr_equal(svc->af, &dest->addr, daddr)
632 && (dest->port == dport)) {
642 * Find destination by {daddr,dport,vaddr,protocol}
643 * Cretaed to be used in ip_vs_process_message() in
644 * the backup synchronization daemon. It finds the
645 * destination to be bound to the received connection
648 * ip_vs_lookup_real_service() looked promissing, but
649 * seems not working as expected.
651 struct ip_vs_dest *ip_vs_find_dest(int af, const union nf_inet_addr *daddr,
653 const union nf_inet_addr *vaddr,
654 __be16 vport, __u16 protocol)
656 struct ip_vs_dest *dest;
657 struct ip_vs_service *svc;
659 svc = ip_vs_service_get(af, 0, protocol, vaddr, vport);
662 dest = ip_vs_lookup_dest(svc, daddr, dport);
664 atomic_inc(&dest->refcnt);
665 ip_vs_service_put(svc);
670 * Lookup dest by {svc,addr,port} in the destination trash.
671 * The destination trash is used to hold the destinations that are removed
672 * from the service table but are still referenced by some conn entries.
673 * The reason to add the destination trash is when the dest is temporary
674 * down (either by administrator or by monitor program), the dest can be
675 * picked back from the trash, the remaining connections to the dest can
676 * continue, and the counting information of the dest is also useful for
679 static struct ip_vs_dest *
680 ip_vs_trash_get_dest(struct ip_vs_service *svc, const union nf_inet_addr *daddr,
683 struct ip_vs_dest *dest, *nxt;
686 * Find the destination in trash
688 list_for_each_entry_safe(dest, nxt, &ip_vs_dest_trash, n_list) {
689 IP_VS_DBG_BUF(3, "Destination %u/%s:%u still in trash, "
692 IP_VS_DBG_ADDR(svc->af, &dest->addr),
694 atomic_read(&dest->refcnt));
695 if (dest->af == svc->af &&
696 ip_vs_addr_equal(svc->af, &dest->addr, daddr) &&
697 dest->port == dport &&
698 dest->vfwmark == svc->fwmark &&
699 dest->protocol == svc->protocol &&
701 (ip_vs_addr_equal(svc->af, &dest->vaddr, &svc->addr) &&
702 dest->vport == svc->port))) {
708 * Try to purge the destination from trash if not referenced
710 if (atomic_read(&dest->refcnt) == 1) {
711 IP_VS_DBG_BUF(3, "Removing destination %u/%s:%u "
714 IP_VS_DBG_ADDR(svc->af, &dest->addr),
716 list_del(&dest->n_list);
717 ip_vs_dst_reset(dest);
718 __ip_vs_unbind_svc(dest);
728 * Clean up all the destinations in the trash
729 * Called by the ip_vs_control_cleanup()
731 * When the ip_vs_control_clearup is activated by ipvs module exit,
732 * the service tables must have been flushed and all the connections
733 * are expired, and the refcnt of each destination in the trash must
734 * be 1, so we simply release them here.
736 static void ip_vs_trash_cleanup(void)
738 struct ip_vs_dest *dest, *nxt;
740 list_for_each_entry_safe(dest, nxt, &ip_vs_dest_trash, n_list) {
741 list_del(&dest->n_list);
742 ip_vs_dst_reset(dest);
743 __ip_vs_unbind_svc(dest);
750 ip_vs_zero_stats(struct ip_vs_stats *stats)
752 spin_lock_bh(&stats->lock);
754 memset(&stats->ustats, 0, sizeof(stats->ustats));
755 ip_vs_zero_estimator(stats);
757 spin_unlock_bh(&stats->lock);
761 * Update a destination in the given service
764 __ip_vs_update_dest(struct ip_vs_service *svc,
765 struct ip_vs_dest *dest, struct ip_vs_dest_user_kern *udest)
769 /* set the weight and the flags */
770 atomic_set(&dest->weight, udest->weight);
771 conn_flags = udest->conn_flags & IP_VS_CONN_F_DEST_MASK;
772 conn_flags |= IP_VS_CONN_F_INACTIVE;
774 /* check if local node and update the flags */
775 #ifdef CONFIG_IP_VS_IPV6
776 if (svc->af == AF_INET6) {
777 if (__ip_vs_addr_is_local_v6(&udest->addr.in6)) {
778 conn_flags = (conn_flags & ~IP_VS_CONN_F_FWD_MASK)
779 | IP_VS_CONN_F_LOCALNODE;
783 if (inet_addr_type(&init_net, udest->addr.ip) == RTN_LOCAL) {
784 conn_flags = (conn_flags & ~IP_VS_CONN_F_FWD_MASK)
785 | IP_VS_CONN_F_LOCALNODE;
788 /* set the IP_VS_CONN_F_NOOUTPUT flag if not masquerading/NAT */
789 if ((conn_flags & IP_VS_CONN_F_FWD_MASK) != IP_VS_CONN_F_MASQ) {
790 conn_flags |= IP_VS_CONN_F_NOOUTPUT;
793 * Put the real service in ip_vs_rtable if not present.
794 * For now only for NAT!
796 write_lock_bh(&__ip_vs_rs_lock);
798 write_unlock_bh(&__ip_vs_rs_lock);
800 atomic_set(&dest->conn_flags, conn_flags);
802 /* bind the service */
804 __ip_vs_bind_svc(dest, svc);
806 if (dest->svc != svc) {
807 __ip_vs_unbind_svc(dest);
808 ip_vs_zero_stats(&dest->stats);
809 __ip_vs_bind_svc(dest, svc);
813 /* set the dest status flags */
814 dest->flags |= IP_VS_DEST_F_AVAILABLE;
816 if (udest->u_threshold == 0 || udest->u_threshold > dest->u_threshold)
817 dest->flags &= ~IP_VS_DEST_F_OVERLOAD;
818 dest->u_threshold = udest->u_threshold;
819 dest->l_threshold = udest->l_threshold;
824 * Create a destination for the given service
827 ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
828 struct ip_vs_dest **dest_p)
830 struct ip_vs_dest *dest;
835 #ifdef CONFIG_IP_VS_IPV6
836 if (svc->af == AF_INET6) {
837 atype = ipv6_addr_type(&udest->addr.in6);
838 if ((!(atype & IPV6_ADDR_UNICAST) ||
839 atype & IPV6_ADDR_LINKLOCAL) &&
840 !__ip_vs_addr_is_local_v6(&udest->addr.in6))
845 atype = inet_addr_type(&init_net, udest->addr.ip);
846 if (atype != RTN_LOCAL && atype != RTN_UNICAST)
850 dest = kzalloc(sizeof(struct ip_vs_dest), GFP_KERNEL);
852 pr_err("%s(): no memory.\n", __func__);
857 dest->protocol = svc->protocol;
858 dest->vaddr = svc->addr;
859 dest->vport = svc->port;
860 dest->vfwmark = svc->fwmark;
861 ip_vs_addr_copy(svc->af, &dest->addr, &udest->addr);
862 dest->port = udest->port;
864 atomic_set(&dest->activeconns, 0);
865 atomic_set(&dest->inactconns, 0);
866 atomic_set(&dest->persistconns, 0);
867 atomic_set(&dest->refcnt, 0);
869 INIT_LIST_HEAD(&dest->d_list);
870 spin_lock_init(&dest->dst_lock);
871 spin_lock_init(&dest->stats.lock);
872 __ip_vs_update_dest(svc, dest, udest);
873 ip_vs_new_estimator(&dest->stats);
883 * Add a destination into an existing service
886 ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
888 struct ip_vs_dest *dest;
889 union nf_inet_addr daddr;
890 __be16 dport = udest->port;
895 if (udest->weight < 0) {
896 pr_err("%s(): server weight less than zero\n", __func__);
900 if (udest->l_threshold > udest->u_threshold) {
901 pr_err("%s(): lower threshold is higher than upper threshold\n",
906 ip_vs_addr_copy(svc->af, &daddr, &udest->addr);
909 * Check if the dest already exists in the list
911 dest = ip_vs_lookup_dest(svc, &daddr, dport);
914 IP_VS_DBG(1, "%s(): dest already exists\n", __func__);
919 * Check if the dest already exists in the trash and
920 * is from the same service
922 dest = ip_vs_trash_get_dest(svc, &daddr, dport);
925 IP_VS_DBG_BUF(3, "Get destination %s:%u from trash, "
926 "dest->refcnt=%d, service %u/%s:%u\n",
927 IP_VS_DBG_ADDR(svc->af, &daddr), ntohs(dport),
928 atomic_read(&dest->refcnt),
930 IP_VS_DBG_ADDR(svc->af, &dest->vaddr),
933 __ip_vs_update_dest(svc, dest, udest);
936 * Get the destination from the trash
938 list_del(&dest->n_list);
940 ip_vs_new_estimator(&dest->stats);
942 write_lock_bh(&__ip_vs_svc_lock);
945 * Wait until all other svc users go away.
947 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
949 list_add(&dest->n_list, &svc->destinations);
952 /* call the update_service function of its scheduler */
953 if (svc->scheduler->update_service)
954 svc->scheduler->update_service(svc);
956 write_unlock_bh(&__ip_vs_svc_lock);
961 * Allocate and initialize the dest structure
963 ret = ip_vs_new_dest(svc, udest, &dest);
969 * Add the dest entry into the list
971 atomic_inc(&dest->refcnt);
973 write_lock_bh(&__ip_vs_svc_lock);
976 * Wait until all other svc users go away.
978 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
980 list_add(&dest->n_list, &svc->destinations);
983 /* call the update_service function of its scheduler */
984 if (svc->scheduler->update_service)
985 svc->scheduler->update_service(svc);
987 write_unlock_bh(&__ip_vs_svc_lock);
996 * Edit a destination in the given service
999 ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1001 struct ip_vs_dest *dest;
1002 union nf_inet_addr daddr;
1003 __be16 dport = udest->port;
1007 if (udest->weight < 0) {
1008 pr_err("%s(): server weight less than zero\n", __func__);
1012 if (udest->l_threshold > udest->u_threshold) {
1013 pr_err("%s(): lower threshold is higher than upper threshold\n",
1018 ip_vs_addr_copy(svc->af, &daddr, &udest->addr);
1021 * Lookup the destination list
1023 dest = ip_vs_lookup_dest(svc, &daddr, dport);
1026 IP_VS_DBG(1, "%s(): dest doesn't exist\n", __func__);
1030 __ip_vs_update_dest(svc, dest, udest);
1032 write_lock_bh(&__ip_vs_svc_lock);
1034 /* Wait until all other svc users go away */
1035 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1037 /* call the update_service, because server weight may be changed */
1038 if (svc->scheduler->update_service)
1039 svc->scheduler->update_service(svc);
1041 write_unlock_bh(&__ip_vs_svc_lock);
1050 * Delete a destination (must be already unlinked from the service)
1052 static void __ip_vs_del_dest(struct ip_vs_dest *dest)
1054 ip_vs_kill_estimator(&dest->stats);
1057 * Remove it from the d-linked list with the real services.
1059 write_lock_bh(&__ip_vs_rs_lock);
1060 ip_vs_rs_unhash(dest);
1061 write_unlock_bh(&__ip_vs_rs_lock);
1064 * Decrease the refcnt of the dest, and free the dest
1065 * if nobody refers to it (refcnt=0). Otherwise, throw
1066 * the destination into the trash.
1068 if (atomic_dec_and_test(&dest->refcnt)) {
1069 ip_vs_dst_reset(dest);
1070 /* simply decrease svc->refcnt here, let the caller check
1071 and release the service if nobody refers to it.
1072 Only user context can release destination and service,
1073 and only one user context can update virtual service at a
1074 time, so the operation here is OK */
1075 atomic_dec(&dest->svc->refcnt);
1078 IP_VS_DBG_BUF(3, "Moving dest %s:%u into trash, "
1079 "dest->refcnt=%d\n",
1080 IP_VS_DBG_ADDR(dest->af, &dest->addr),
1082 atomic_read(&dest->refcnt));
1083 list_add(&dest->n_list, &ip_vs_dest_trash);
1084 atomic_inc(&dest->refcnt);
1090 * Unlink a destination from the given service
1092 static void __ip_vs_unlink_dest(struct ip_vs_service *svc,
1093 struct ip_vs_dest *dest,
1096 dest->flags &= ~IP_VS_DEST_F_AVAILABLE;
1099 * Remove it from the d-linked destination list.
1101 list_del(&dest->n_list);
1105 * Call the update_service function of its scheduler
1107 if (svcupd && svc->scheduler->update_service)
1108 svc->scheduler->update_service(svc);
1113 * Delete a destination server in the given service
1116 ip_vs_del_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1118 struct ip_vs_dest *dest;
1119 __be16 dport = udest->port;
1123 dest = ip_vs_lookup_dest(svc, &udest->addr, dport);
1126 IP_VS_DBG(1, "%s(): destination not found!\n", __func__);
1130 write_lock_bh(&__ip_vs_svc_lock);
1133 * Wait until all other svc users go away.
1135 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1138 * Unlink dest from the service
1140 __ip_vs_unlink_dest(svc, dest, 1);
1142 write_unlock_bh(&__ip_vs_svc_lock);
1145 * Delete the destination
1147 __ip_vs_del_dest(dest);
1156 * Add a service into the service hash table
1159 ip_vs_add_service(struct ip_vs_service_user_kern *u,
1160 struct ip_vs_service **svc_p)
1163 struct ip_vs_scheduler *sched = NULL;
1164 struct ip_vs_service *svc = NULL;
1166 /* increase the module use count */
1167 ip_vs_use_count_inc();
1169 /* Lookup the scheduler by 'u->sched_name' */
1170 sched = ip_vs_scheduler_get(u->sched_name);
1171 if (sched == NULL) {
1172 pr_info("Scheduler module ip_vs_%s not found\n", u->sched_name);
1177 #ifdef CONFIG_IP_VS_IPV6
1178 if (u->af == AF_INET6 && (u->netmask < 1 || u->netmask > 128)) {
1184 svc = kzalloc(sizeof(struct ip_vs_service), GFP_KERNEL);
1186 IP_VS_DBG(1, "%s(): no memory\n", __func__);
1191 /* I'm the first user of the service */
1192 atomic_set(&svc->usecnt, 1);
1193 atomic_set(&svc->refcnt, 0);
1196 svc->protocol = u->protocol;
1197 ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
1198 svc->port = u->port;
1199 svc->fwmark = u->fwmark;
1200 svc->flags = u->flags;
1201 svc->timeout = u->timeout * HZ;
1202 svc->netmask = u->netmask;
1204 INIT_LIST_HEAD(&svc->destinations);
1205 rwlock_init(&svc->sched_lock);
1206 spin_lock_init(&svc->stats.lock);
1208 /* Bind the scheduler */
1209 ret = ip_vs_bind_scheduler(svc, sched);
1214 /* Update the virtual service counters */
1215 if (svc->port == FTPPORT)
1216 atomic_inc(&ip_vs_ftpsvc_counter);
1217 else if (svc->port == 0)
1218 atomic_inc(&ip_vs_nullsvc_counter);
1220 ip_vs_new_estimator(&svc->stats);
1222 /* Count only IPv4 services for old get/setsockopt interface */
1223 if (svc->af == AF_INET)
1224 ip_vs_num_services++;
1226 /* Hash the service into the service table */
1227 write_lock_bh(&__ip_vs_svc_lock);
1228 ip_vs_svc_hash(svc);
1229 write_unlock_bh(&__ip_vs_svc_lock);
1237 ip_vs_unbind_scheduler(svc);
1240 ip_vs_app_inc_put(svc->inc);
1245 ip_vs_scheduler_put(sched);
1248 /* decrease the module use count */
1249 ip_vs_use_count_dec();
1256 * Edit a service and bind it with a new scheduler
1259 ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u)
1261 struct ip_vs_scheduler *sched, *old_sched;
1265 * Lookup the scheduler, by 'u->sched_name'
1267 sched = ip_vs_scheduler_get(u->sched_name);
1268 if (sched == NULL) {
1269 pr_info("Scheduler module ip_vs_%s not found\n", u->sched_name);
1274 #ifdef CONFIG_IP_VS_IPV6
1275 if (u->af == AF_INET6 && (u->netmask < 1 || u->netmask > 128)) {
1281 write_lock_bh(&__ip_vs_svc_lock);
1284 * Wait until all other svc users go away.
1286 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1289 * Set the flags and timeout value
1291 svc->flags = u->flags | IP_VS_SVC_F_HASHED;
1292 svc->timeout = u->timeout * HZ;
1293 svc->netmask = u->netmask;
1295 old_sched = svc->scheduler;
1296 if (sched != old_sched) {
1298 * Unbind the old scheduler
1300 if ((ret = ip_vs_unbind_scheduler(svc))) {
1306 * Bind the new scheduler
1308 if ((ret = ip_vs_bind_scheduler(svc, sched))) {
1310 * If ip_vs_bind_scheduler fails, restore the old
1312 * The main reason of failure is out of memory.
1314 * The question is if the old scheduler can be
1315 * restored all the time. TODO: if it cannot be
1316 * restored some time, we must delete the service,
1317 * otherwise the system may crash.
1319 ip_vs_bind_scheduler(svc, old_sched);
1326 write_unlock_bh(&__ip_vs_svc_lock);
1327 #ifdef CONFIG_IP_VS_IPV6
1332 ip_vs_scheduler_put(old_sched);
1339 * Delete a service from the service list
1340 * - The service must be unlinked, unlocked and not referenced!
1341 * - We are called under _bh lock
1343 static void __ip_vs_del_service(struct ip_vs_service *svc)
1345 struct ip_vs_dest *dest, *nxt;
1346 struct ip_vs_scheduler *old_sched;
1348 /* Count only IPv4 services for old get/setsockopt interface */
1349 if (svc->af == AF_INET)
1350 ip_vs_num_services--;
1352 ip_vs_kill_estimator(&svc->stats);
1354 /* Unbind scheduler */
1355 old_sched = svc->scheduler;
1356 ip_vs_unbind_scheduler(svc);
1358 ip_vs_scheduler_put(old_sched);
1360 /* Unbind app inc */
1362 ip_vs_app_inc_put(svc->inc);
1367 * Unlink the whole destination list
1369 list_for_each_entry_safe(dest, nxt, &svc->destinations, n_list) {
1370 __ip_vs_unlink_dest(svc, dest, 0);
1371 __ip_vs_del_dest(dest);
1375 * Update the virtual service counters
1377 if (svc->port == FTPPORT)
1378 atomic_dec(&ip_vs_ftpsvc_counter);
1379 else if (svc->port == 0)
1380 atomic_dec(&ip_vs_nullsvc_counter);
1383 * Free the service if nobody refers to it
1385 if (atomic_read(&svc->refcnt) == 0)
1388 /* decrease the module use count */
1389 ip_vs_use_count_dec();
1393 * Delete a service from the service list
1395 static int ip_vs_del_service(struct ip_vs_service *svc)
1401 * Unhash it from the service table
1403 write_lock_bh(&__ip_vs_svc_lock);
1405 ip_vs_svc_unhash(svc);
1408 * Wait until all the svc users go away.
1410 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1412 __ip_vs_del_service(svc);
1414 write_unlock_bh(&__ip_vs_svc_lock);
1421 * Flush all the virtual services
1423 static int ip_vs_flush(void)
1426 struct ip_vs_service *svc, *nxt;
1429 * Flush the service table hashed by <protocol,addr,port>
1431 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1432 list_for_each_entry_safe(svc, nxt, &ip_vs_svc_table[idx], s_list) {
1433 write_lock_bh(&__ip_vs_svc_lock);
1434 ip_vs_svc_unhash(svc);
1436 * Wait until all the svc users go away.
1438 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 0);
1439 __ip_vs_del_service(svc);
1440 write_unlock_bh(&__ip_vs_svc_lock);
1445 * Flush the service table hashed by fwmark
1447 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1448 list_for_each_entry_safe(svc, nxt,
1449 &ip_vs_svc_fwm_table[idx], f_list) {
1450 write_lock_bh(&__ip_vs_svc_lock);
1451 ip_vs_svc_unhash(svc);
1453 * Wait until all the svc users go away.
1455 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 0);
1456 __ip_vs_del_service(svc);
1457 write_unlock_bh(&__ip_vs_svc_lock);
1466 * Zero counters in a service or all services
1468 static int ip_vs_zero_service(struct ip_vs_service *svc)
1470 struct ip_vs_dest *dest;
1472 write_lock_bh(&__ip_vs_svc_lock);
1473 list_for_each_entry(dest, &svc->destinations, n_list) {
1474 ip_vs_zero_stats(&dest->stats);
1476 ip_vs_zero_stats(&svc->stats);
1477 write_unlock_bh(&__ip_vs_svc_lock);
1481 static int ip_vs_zero_all(void)
1484 struct ip_vs_service *svc;
1486 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1487 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1488 ip_vs_zero_service(svc);
1492 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1493 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1494 ip_vs_zero_service(svc);
1498 ip_vs_zero_stats(&ip_vs_stats);
1504 proc_do_defense_mode(ctl_table *table, int write,
1505 void __user *buffer, size_t *lenp, loff_t *ppos)
1507 int *valp = table->data;
1511 rc = proc_dointvec(table, write, buffer, lenp, ppos);
1512 if (write && (*valp != val)) {
1513 if ((*valp < 0) || (*valp > 3)) {
1514 /* Restore the correct value */
1517 update_defense_level();
1525 proc_do_sync_threshold(ctl_table *table, int write,
1526 void __user *buffer, size_t *lenp, loff_t *ppos)
1528 int *valp = table->data;
1532 /* backup the value first */
1533 memcpy(val, valp, sizeof(val));
1535 rc = proc_dointvec(table, write, buffer, lenp, ppos);
1536 if (write && (valp[0] < 0 || valp[1] < 0 || valp[0] >= valp[1])) {
1537 /* Restore the correct value */
1538 memcpy(valp, val, sizeof(val));
1545 * IPVS sysctl table (under the /proc/sys/net/ipv4/vs/)
1548 static struct ctl_table vs_vars[] = {
1550 .procname = "amemthresh",
1551 .data = &sysctl_ip_vs_amemthresh,
1552 .maxlen = sizeof(int),
1554 .proc_handler = proc_dointvec,
1556 #ifdef CONFIG_IP_VS_DEBUG
1558 .procname = "debug_level",
1559 .data = &sysctl_ip_vs_debug_level,
1560 .maxlen = sizeof(int),
1562 .proc_handler = proc_dointvec,
1566 .procname = "am_droprate",
1567 .data = &sysctl_ip_vs_am_droprate,
1568 .maxlen = sizeof(int),
1570 .proc_handler = proc_dointvec,
1573 .procname = "drop_entry",
1574 .data = &sysctl_ip_vs_drop_entry,
1575 .maxlen = sizeof(int),
1577 .proc_handler = proc_do_defense_mode,
1580 .procname = "drop_packet",
1581 .data = &sysctl_ip_vs_drop_packet,
1582 .maxlen = sizeof(int),
1584 .proc_handler = proc_do_defense_mode,
1586 #ifdef CONFIG_IP_VS_NFCT
1588 .procname = "conntrack",
1589 .data = &sysctl_ip_vs_conntrack,
1590 .maxlen = sizeof(int),
1592 .proc_handler = &proc_dointvec,
1596 .procname = "secure_tcp",
1597 .data = &sysctl_ip_vs_secure_tcp,
1598 .maxlen = sizeof(int),
1600 .proc_handler = proc_do_defense_mode,
1604 .procname = "timeout_established",
1605 .data = &vs_timeout_table_dos.timeout[IP_VS_S_ESTABLISHED],
1606 .maxlen = sizeof(int),
1608 .proc_handler = proc_dointvec_jiffies,
1611 .procname = "timeout_synsent",
1612 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYN_SENT],
1613 .maxlen = sizeof(int),
1615 .proc_handler = proc_dointvec_jiffies,
1618 .procname = "timeout_synrecv",
1619 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYN_RECV],
1620 .maxlen = sizeof(int),
1622 .proc_handler = proc_dointvec_jiffies,
1625 .procname = "timeout_finwait",
1626 .data = &vs_timeout_table_dos.timeout[IP_VS_S_FIN_WAIT],
1627 .maxlen = sizeof(int),
1629 .proc_handler = proc_dointvec_jiffies,
1632 .procname = "timeout_timewait",
1633 .data = &vs_timeout_table_dos.timeout[IP_VS_S_TIME_WAIT],
1634 .maxlen = sizeof(int),
1636 .proc_handler = proc_dointvec_jiffies,
1639 .procname = "timeout_close",
1640 .data = &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE],
1641 .maxlen = sizeof(int),
1643 .proc_handler = proc_dointvec_jiffies,
1646 .procname = "timeout_closewait",
1647 .data = &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE_WAIT],
1648 .maxlen = sizeof(int),
1650 .proc_handler = proc_dointvec_jiffies,
1653 .procname = "timeout_lastack",
1654 .data = &vs_timeout_table_dos.timeout[IP_VS_S_LAST_ACK],
1655 .maxlen = sizeof(int),
1657 .proc_handler = proc_dointvec_jiffies,
1660 .procname = "timeout_listen",
1661 .data = &vs_timeout_table_dos.timeout[IP_VS_S_LISTEN],
1662 .maxlen = sizeof(int),
1664 .proc_handler = proc_dointvec_jiffies,
1667 .procname = "timeout_synack",
1668 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYNACK],
1669 .maxlen = sizeof(int),
1671 .proc_handler = proc_dointvec_jiffies,
1674 .procname = "timeout_udp",
1675 .data = &vs_timeout_table_dos.timeout[IP_VS_S_UDP],
1676 .maxlen = sizeof(int),
1678 .proc_handler = proc_dointvec_jiffies,
1681 .procname = "timeout_icmp",
1682 .data = &vs_timeout_table_dos.timeout[IP_VS_S_ICMP],
1683 .maxlen = sizeof(int),
1685 .proc_handler = proc_dointvec_jiffies,
1689 .procname = "cache_bypass",
1690 .data = &sysctl_ip_vs_cache_bypass,
1691 .maxlen = sizeof(int),
1693 .proc_handler = proc_dointvec,
1696 .procname = "expire_nodest_conn",
1697 .data = &sysctl_ip_vs_expire_nodest_conn,
1698 .maxlen = sizeof(int),
1700 .proc_handler = proc_dointvec,
1703 .procname = "expire_quiescent_template",
1704 .data = &sysctl_ip_vs_expire_quiescent_template,
1705 .maxlen = sizeof(int),
1707 .proc_handler = proc_dointvec,
1710 .procname = "sync_threshold",
1711 .data = &sysctl_ip_vs_sync_threshold,
1712 .maxlen = sizeof(sysctl_ip_vs_sync_threshold),
1714 .proc_handler = proc_do_sync_threshold,
1717 .procname = "nat_icmp_send",
1718 .data = &sysctl_ip_vs_nat_icmp_send,
1719 .maxlen = sizeof(int),
1721 .proc_handler = proc_dointvec,
1726 const struct ctl_path net_vs_ctl_path[] = {
1727 { .procname = "net", },
1728 { .procname = "ipv4", },
1729 { .procname = "vs", },
1732 EXPORT_SYMBOL_GPL(net_vs_ctl_path);
1734 static struct ctl_table_header * sysctl_header;
1736 #ifdef CONFIG_PROC_FS
1739 struct list_head *table;
1744 * Write the contents of the VS rule table to a PROCfs file.
1745 * (It is kept just for backward compatibility)
1747 static inline const char *ip_vs_fwd_name(unsigned flags)
1749 switch (flags & IP_VS_CONN_F_FWD_MASK) {
1750 case IP_VS_CONN_F_LOCALNODE:
1752 case IP_VS_CONN_F_TUNNEL:
1754 case IP_VS_CONN_F_DROUTE:
1762 /* Get the Nth entry in the two lists */
1763 static struct ip_vs_service *ip_vs_info_array(struct seq_file *seq, loff_t pos)
1765 struct ip_vs_iter *iter = seq->private;
1767 struct ip_vs_service *svc;
1769 /* look in hash by protocol */
1770 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1771 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1773 iter->table = ip_vs_svc_table;
1780 /* keep looking in fwmark */
1781 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1782 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1784 iter->table = ip_vs_svc_fwm_table;
1794 static void *ip_vs_info_seq_start(struct seq_file *seq, loff_t *pos)
1795 __acquires(__ip_vs_svc_lock)
1798 read_lock_bh(&__ip_vs_svc_lock);
1799 return *pos ? ip_vs_info_array(seq, *pos - 1) : SEQ_START_TOKEN;
1803 static void *ip_vs_info_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1805 struct list_head *e;
1806 struct ip_vs_iter *iter;
1807 struct ip_vs_service *svc;
1810 if (v == SEQ_START_TOKEN)
1811 return ip_vs_info_array(seq,0);
1814 iter = seq->private;
1816 if (iter->table == ip_vs_svc_table) {
1817 /* next service in table hashed by protocol */
1818 if ((e = svc->s_list.next) != &ip_vs_svc_table[iter->bucket])
1819 return list_entry(e, struct ip_vs_service, s_list);
1822 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1823 list_for_each_entry(svc,&ip_vs_svc_table[iter->bucket],
1829 iter->table = ip_vs_svc_fwm_table;
1834 /* next service in hashed by fwmark */
1835 if ((e = svc->f_list.next) != &ip_vs_svc_fwm_table[iter->bucket])
1836 return list_entry(e, struct ip_vs_service, f_list);
1839 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1840 list_for_each_entry(svc, &ip_vs_svc_fwm_table[iter->bucket],
1848 static void ip_vs_info_seq_stop(struct seq_file *seq, void *v)
1849 __releases(__ip_vs_svc_lock)
1851 read_unlock_bh(&__ip_vs_svc_lock);
1855 static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
1857 if (v == SEQ_START_TOKEN) {
1859 "IP Virtual Server version %d.%d.%d (size=%d)\n",
1860 NVERSION(IP_VS_VERSION_CODE), ip_vs_conn_tab_size);
1862 "Prot LocalAddress:Port Scheduler Flags\n");
1864 " -> RemoteAddress:Port Forward Weight ActiveConn InActConn\n");
1866 const struct ip_vs_service *svc = v;
1867 const struct ip_vs_iter *iter = seq->private;
1868 const struct ip_vs_dest *dest;
1870 if (iter->table == ip_vs_svc_table) {
1871 #ifdef CONFIG_IP_VS_IPV6
1872 if (svc->af == AF_INET6)
1873 seq_printf(seq, "%s [%pI6]:%04X %s ",
1874 ip_vs_proto_name(svc->protocol),
1877 svc->scheduler->name);
1880 seq_printf(seq, "%s %08X:%04X %s %s ",
1881 ip_vs_proto_name(svc->protocol),
1882 ntohl(svc->addr.ip),
1884 svc->scheduler->name,
1885 (svc->flags & IP_VS_SVC_F_ONEPACKET)?"ops ":"");
1887 seq_printf(seq, "FWM %08X %s %s",
1888 svc->fwmark, svc->scheduler->name,
1889 (svc->flags & IP_VS_SVC_F_ONEPACKET)?"ops ":"");
1892 if (svc->flags & IP_VS_SVC_F_PERSISTENT)
1893 seq_printf(seq, "persistent %d %08X\n",
1895 ntohl(svc->netmask));
1897 seq_putc(seq, '\n');
1899 list_for_each_entry(dest, &svc->destinations, n_list) {
1900 #ifdef CONFIG_IP_VS_IPV6
1901 if (dest->af == AF_INET6)
1904 " %-7s %-6d %-10d %-10d\n",
1907 ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
1908 atomic_read(&dest->weight),
1909 atomic_read(&dest->activeconns),
1910 atomic_read(&dest->inactconns));
1915 "%-7s %-6d %-10d %-10d\n",
1916 ntohl(dest->addr.ip),
1918 ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
1919 atomic_read(&dest->weight),
1920 atomic_read(&dest->activeconns),
1921 atomic_read(&dest->inactconns));
1928 static const struct seq_operations ip_vs_info_seq_ops = {
1929 .start = ip_vs_info_seq_start,
1930 .next = ip_vs_info_seq_next,
1931 .stop = ip_vs_info_seq_stop,
1932 .show = ip_vs_info_seq_show,
1935 static int ip_vs_info_open(struct inode *inode, struct file *file)
1937 return seq_open_private(file, &ip_vs_info_seq_ops,
1938 sizeof(struct ip_vs_iter));
1941 static const struct file_operations ip_vs_info_fops = {
1942 .owner = THIS_MODULE,
1943 .open = ip_vs_info_open,
1945 .llseek = seq_lseek,
1946 .release = seq_release_private,
1951 struct ip_vs_stats ip_vs_stats = {
1952 .lock = __SPIN_LOCK_UNLOCKED(ip_vs_stats.lock),
1955 #ifdef CONFIG_PROC_FS
1956 static int ip_vs_stats_show(struct seq_file *seq, void *v)
1959 /* 01234567 01234567 01234567 0123456701234567 0123456701234567 */
1961 " Total Incoming Outgoing Incoming Outgoing\n");
1963 " Conns Packets Packets Bytes Bytes\n");
1965 spin_lock_bh(&ip_vs_stats.lock);
1966 seq_printf(seq, "%8X %8X %8X %16LX %16LX\n\n", ip_vs_stats.ustats.conns,
1967 ip_vs_stats.ustats.inpkts, ip_vs_stats.ustats.outpkts,
1968 (unsigned long long) ip_vs_stats.ustats.inbytes,
1969 (unsigned long long) ip_vs_stats.ustats.outbytes);
1971 /* 01234567 01234567 01234567 0123456701234567 0123456701234567 */
1973 " Conns/s Pkts/s Pkts/s Bytes/s Bytes/s\n");
1974 seq_printf(seq,"%8X %8X %8X %16X %16X\n",
1975 ip_vs_stats.ustats.cps,
1976 ip_vs_stats.ustats.inpps,
1977 ip_vs_stats.ustats.outpps,
1978 ip_vs_stats.ustats.inbps,
1979 ip_vs_stats.ustats.outbps);
1980 spin_unlock_bh(&ip_vs_stats.lock);
1985 static int ip_vs_stats_seq_open(struct inode *inode, struct file *file)
1987 return single_open(file, ip_vs_stats_show, NULL);
1990 static const struct file_operations ip_vs_stats_fops = {
1991 .owner = THIS_MODULE,
1992 .open = ip_vs_stats_seq_open,
1994 .llseek = seq_lseek,
1995 .release = single_release,
2001 * Set timeout values for tcp tcpfin udp in the timeout_table.
2003 static int ip_vs_set_timeout(struct ip_vs_timeout_user *u)
2005 IP_VS_DBG(2, "Setting timeout tcp:%d tcpfin:%d udp:%d\n",
2010 #ifdef CONFIG_IP_VS_PROTO_TCP
2011 if (u->tcp_timeout) {
2012 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_ESTABLISHED]
2013 = u->tcp_timeout * HZ;
2016 if (u->tcp_fin_timeout) {
2017 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_FIN_WAIT]
2018 = u->tcp_fin_timeout * HZ;
2022 #ifdef CONFIG_IP_VS_PROTO_UDP
2023 if (u->udp_timeout) {
2024 ip_vs_protocol_udp.timeout_table[IP_VS_UDP_S_NORMAL]
2025 = u->udp_timeout * HZ;
2032 #define SET_CMDID(cmd) (cmd - IP_VS_BASE_CTL)
2033 #define SERVICE_ARG_LEN (sizeof(struct ip_vs_service_user))
2034 #define SVCDEST_ARG_LEN (sizeof(struct ip_vs_service_user) + \
2035 sizeof(struct ip_vs_dest_user))
2036 #define TIMEOUT_ARG_LEN (sizeof(struct ip_vs_timeout_user))
2037 #define DAEMON_ARG_LEN (sizeof(struct ip_vs_daemon_user))
2038 #define MAX_ARG_LEN SVCDEST_ARG_LEN
2040 static const unsigned char set_arglen[SET_CMDID(IP_VS_SO_SET_MAX)+1] = {
2041 [SET_CMDID(IP_VS_SO_SET_ADD)] = SERVICE_ARG_LEN,
2042 [SET_CMDID(IP_VS_SO_SET_EDIT)] = SERVICE_ARG_LEN,
2043 [SET_CMDID(IP_VS_SO_SET_DEL)] = SERVICE_ARG_LEN,
2044 [SET_CMDID(IP_VS_SO_SET_FLUSH)] = 0,
2045 [SET_CMDID(IP_VS_SO_SET_ADDDEST)] = SVCDEST_ARG_LEN,
2046 [SET_CMDID(IP_VS_SO_SET_DELDEST)] = SVCDEST_ARG_LEN,
2047 [SET_CMDID(IP_VS_SO_SET_EDITDEST)] = SVCDEST_ARG_LEN,
2048 [SET_CMDID(IP_VS_SO_SET_TIMEOUT)] = TIMEOUT_ARG_LEN,
2049 [SET_CMDID(IP_VS_SO_SET_STARTDAEMON)] = DAEMON_ARG_LEN,
2050 [SET_CMDID(IP_VS_SO_SET_STOPDAEMON)] = DAEMON_ARG_LEN,
2051 [SET_CMDID(IP_VS_SO_SET_ZERO)] = SERVICE_ARG_LEN,
2054 static void ip_vs_copy_usvc_compat(struct ip_vs_service_user_kern *usvc,
2055 struct ip_vs_service_user *usvc_compat)
2058 usvc->protocol = usvc_compat->protocol;
2059 usvc->addr.ip = usvc_compat->addr;
2060 usvc->port = usvc_compat->port;
2061 usvc->fwmark = usvc_compat->fwmark;
2063 /* Deep copy of sched_name is not needed here */
2064 usvc->sched_name = usvc_compat->sched_name;
2066 usvc->flags = usvc_compat->flags;
2067 usvc->timeout = usvc_compat->timeout;
2068 usvc->netmask = usvc_compat->netmask;
2071 static void ip_vs_copy_udest_compat(struct ip_vs_dest_user_kern *udest,
2072 struct ip_vs_dest_user *udest_compat)
2074 udest->addr.ip = udest_compat->addr;
2075 udest->port = udest_compat->port;
2076 udest->conn_flags = udest_compat->conn_flags;
2077 udest->weight = udest_compat->weight;
2078 udest->u_threshold = udest_compat->u_threshold;
2079 udest->l_threshold = udest_compat->l_threshold;
2083 do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2086 unsigned char arg[MAX_ARG_LEN];
2087 struct ip_vs_service_user *usvc_compat;
2088 struct ip_vs_service_user_kern usvc;
2089 struct ip_vs_service *svc;
2090 struct ip_vs_dest_user *udest_compat;
2091 struct ip_vs_dest_user_kern udest;
2093 if (!capable(CAP_NET_ADMIN))
2096 if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX)
2098 if (len < 0 || len > MAX_ARG_LEN)
2100 if (len != set_arglen[SET_CMDID(cmd)]) {
2101 pr_err("set_ctl: len %u != %u\n",
2102 len, set_arglen[SET_CMDID(cmd)]);
2106 if (copy_from_user(arg, user, len) != 0)
2109 /* increase the module use count */
2110 ip_vs_use_count_inc();
2112 if (mutex_lock_interruptible(&__ip_vs_mutex)) {
2117 if (cmd == IP_VS_SO_SET_FLUSH) {
2118 /* Flush the virtual service */
2119 ret = ip_vs_flush();
2121 } else if (cmd == IP_VS_SO_SET_TIMEOUT) {
2122 /* Set timeout values for (tcp tcpfin udp) */
2123 ret = ip_vs_set_timeout((struct ip_vs_timeout_user *)arg);
2125 } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
2126 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2127 ret = start_sync_thread(dm->state, dm->mcast_ifn, dm->syncid);
2129 } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
2130 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2131 ret = stop_sync_thread(dm->state);
2135 usvc_compat = (struct ip_vs_service_user *)arg;
2136 udest_compat = (struct ip_vs_dest_user *)(usvc_compat + 1);
2138 /* We only use the new structs internally, so copy userspace compat
2139 * structs to extended internal versions */
2140 ip_vs_copy_usvc_compat(&usvc, usvc_compat);
2141 ip_vs_copy_udest_compat(&udest, udest_compat);
2143 if (cmd == IP_VS_SO_SET_ZERO) {
2144 /* if no service address is set, zero counters in all */
2145 if (!usvc.fwmark && !usvc.addr.ip && !usvc.port) {
2146 ret = ip_vs_zero_all();
2151 /* Check for valid protocol: TCP or UDP or SCTP, even for fwmark!=0 */
2152 if (usvc.protocol != IPPROTO_TCP && usvc.protocol != IPPROTO_UDP &&
2153 usvc.protocol != IPPROTO_SCTP) {
2154 pr_err("set_ctl: invalid protocol: %d %pI4:%d %s\n",
2155 usvc.protocol, &usvc.addr.ip,
2156 ntohs(usvc.port), usvc.sched_name);
2161 /* Lookup the exact service by <protocol, addr, port> or fwmark */
2162 if (usvc.fwmark == 0)
2163 svc = __ip_vs_service_get(usvc.af, usvc.protocol,
2164 &usvc.addr, usvc.port);
2166 svc = __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
2168 if (cmd != IP_VS_SO_SET_ADD
2169 && (svc == NULL || svc->protocol != usvc.protocol)) {
2171 goto out_drop_service;
2175 case IP_VS_SO_SET_ADD:
2179 ret = ip_vs_add_service(&usvc, &svc);
2181 case IP_VS_SO_SET_EDIT:
2182 ret = ip_vs_edit_service(svc, &usvc);
2184 case IP_VS_SO_SET_DEL:
2185 ret = ip_vs_del_service(svc);
2189 case IP_VS_SO_SET_ZERO:
2190 ret = ip_vs_zero_service(svc);
2192 case IP_VS_SO_SET_ADDDEST:
2193 ret = ip_vs_add_dest(svc, &udest);
2195 case IP_VS_SO_SET_EDITDEST:
2196 ret = ip_vs_edit_dest(svc, &udest);
2198 case IP_VS_SO_SET_DELDEST:
2199 ret = ip_vs_del_dest(svc, &udest);
2207 ip_vs_service_put(svc);
2210 mutex_unlock(&__ip_vs_mutex);
2212 /* decrease the module use count */
2213 ip_vs_use_count_dec();
2220 ip_vs_copy_stats(struct ip_vs_stats_user *dst, struct ip_vs_stats *src)
2222 spin_lock_bh(&src->lock);
2223 memcpy(dst, &src->ustats, sizeof(*dst));
2224 spin_unlock_bh(&src->lock);
2228 ip_vs_copy_service(struct ip_vs_service_entry *dst, struct ip_vs_service *src)
2230 dst->protocol = src->protocol;
2231 dst->addr = src->addr.ip;
2232 dst->port = src->port;
2233 dst->fwmark = src->fwmark;
2234 strlcpy(dst->sched_name, src->scheduler->name, sizeof(dst->sched_name));
2235 dst->flags = src->flags;
2236 dst->timeout = src->timeout / HZ;
2237 dst->netmask = src->netmask;
2238 dst->num_dests = src->num_dests;
2239 ip_vs_copy_stats(&dst->stats, &src->stats);
2243 __ip_vs_get_service_entries(const struct ip_vs_get_services *get,
2244 struct ip_vs_get_services __user *uptr)
2247 struct ip_vs_service *svc;
2248 struct ip_vs_service_entry entry;
2251 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2252 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
2253 /* Only expose IPv4 entries to old interface */
2254 if (svc->af != AF_INET)
2257 if (count >= get->num_services)
2259 memset(&entry, 0, sizeof(entry));
2260 ip_vs_copy_service(&entry, svc);
2261 if (copy_to_user(&uptr->entrytable[count],
2262 &entry, sizeof(entry))) {
2270 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2271 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
2272 /* Only expose IPv4 entries to old interface */
2273 if (svc->af != AF_INET)
2276 if (count >= get->num_services)
2278 memset(&entry, 0, sizeof(entry));
2279 ip_vs_copy_service(&entry, svc);
2280 if (copy_to_user(&uptr->entrytable[count],
2281 &entry, sizeof(entry))) {
2293 __ip_vs_get_dest_entries(const struct ip_vs_get_dests *get,
2294 struct ip_vs_get_dests __user *uptr)
2296 struct ip_vs_service *svc;
2297 union nf_inet_addr addr = { .ip = get->addr };
2301 svc = __ip_vs_svc_fwm_get(AF_INET, get->fwmark);
2303 svc = __ip_vs_service_get(AF_INET, get->protocol, &addr,
2308 struct ip_vs_dest *dest;
2309 struct ip_vs_dest_entry entry;
2311 list_for_each_entry(dest, &svc->destinations, n_list) {
2312 if (count >= get->num_dests)
2315 entry.addr = dest->addr.ip;
2316 entry.port = dest->port;
2317 entry.conn_flags = atomic_read(&dest->conn_flags);
2318 entry.weight = atomic_read(&dest->weight);
2319 entry.u_threshold = dest->u_threshold;
2320 entry.l_threshold = dest->l_threshold;
2321 entry.activeconns = atomic_read(&dest->activeconns);
2322 entry.inactconns = atomic_read(&dest->inactconns);
2323 entry.persistconns = atomic_read(&dest->persistconns);
2324 ip_vs_copy_stats(&entry.stats, &dest->stats);
2325 if (copy_to_user(&uptr->entrytable[count],
2326 &entry, sizeof(entry))) {
2332 ip_vs_service_put(svc);
2339 __ip_vs_get_timeouts(struct ip_vs_timeout_user *u)
2341 #ifdef CONFIG_IP_VS_PROTO_TCP
2343 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_ESTABLISHED] / HZ;
2344 u->tcp_fin_timeout =
2345 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_FIN_WAIT] / HZ;
2347 #ifdef CONFIG_IP_VS_PROTO_UDP
2349 ip_vs_protocol_udp.timeout_table[IP_VS_UDP_S_NORMAL] / HZ;
2354 #define GET_CMDID(cmd) (cmd - IP_VS_BASE_CTL)
2355 #define GET_INFO_ARG_LEN (sizeof(struct ip_vs_getinfo))
2356 #define GET_SERVICES_ARG_LEN (sizeof(struct ip_vs_get_services))
2357 #define GET_SERVICE_ARG_LEN (sizeof(struct ip_vs_service_entry))
2358 #define GET_DESTS_ARG_LEN (sizeof(struct ip_vs_get_dests))
2359 #define GET_TIMEOUT_ARG_LEN (sizeof(struct ip_vs_timeout_user))
2360 #define GET_DAEMON_ARG_LEN (sizeof(struct ip_vs_daemon_user) * 2)
2362 static const unsigned char get_arglen[GET_CMDID(IP_VS_SO_GET_MAX)+1] = {
2363 [GET_CMDID(IP_VS_SO_GET_VERSION)] = 64,
2364 [GET_CMDID(IP_VS_SO_GET_INFO)] = GET_INFO_ARG_LEN,
2365 [GET_CMDID(IP_VS_SO_GET_SERVICES)] = GET_SERVICES_ARG_LEN,
2366 [GET_CMDID(IP_VS_SO_GET_SERVICE)] = GET_SERVICE_ARG_LEN,
2367 [GET_CMDID(IP_VS_SO_GET_DESTS)] = GET_DESTS_ARG_LEN,
2368 [GET_CMDID(IP_VS_SO_GET_TIMEOUT)] = GET_TIMEOUT_ARG_LEN,
2369 [GET_CMDID(IP_VS_SO_GET_DAEMON)] = GET_DAEMON_ARG_LEN,
2373 do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2375 unsigned char arg[128];
2377 unsigned int copylen;
2379 if (!capable(CAP_NET_ADMIN))
2382 if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX)
2385 if (*len < get_arglen[GET_CMDID(cmd)]) {
2386 pr_err("get_ctl: len %u < %u\n",
2387 *len, get_arglen[GET_CMDID(cmd)]);
2391 copylen = get_arglen[GET_CMDID(cmd)];
2395 if (copy_from_user(arg, user, copylen) != 0)
2398 if (mutex_lock_interruptible(&__ip_vs_mutex))
2399 return -ERESTARTSYS;
2402 case IP_VS_SO_GET_VERSION:
2406 sprintf(buf, "IP Virtual Server version %d.%d.%d (size=%d)",
2407 NVERSION(IP_VS_VERSION_CODE), ip_vs_conn_tab_size);
2408 if (copy_to_user(user, buf, strlen(buf)+1) != 0) {
2412 *len = strlen(buf)+1;
2416 case IP_VS_SO_GET_INFO:
2418 struct ip_vs_getinfo info;
2419 info.version = IP_VS_VERSION_CODE;
2420 info.size = ip_vs_conn_tab_size;
2421 info.num_services = ip_vs_num_services;
2422 if (copy_to_user(user, &info, sizeof(info)) != 0)
2427 case IP_VS_SO_GET_SERVICES:
2429 struct ip_vs_get_services *get;
2432 get = (struct ip_vs_get_services *)arg;
2433 size = sizeof(*get) +
2434 sizeof(struct ip_vs_service_entry) * get->num_services;
2436 pr_err("length: %u != %u\n", *len, size);
2440 ret = __ip_vs_get_service_entries(get, user);
2444 case IP_VS_SO_GET_SERVICE:
2446 struct ip_vs_service_entry *entry;
2447 struct ip_vs_service *svc;
2448 union nf_inet_addr addr;
2450 entry = (struct ip_vs_service_entry *)arg;
2451 addr.ip = entry->addr;
2453 svc = __ip_vs_svc_fwm_get(AF_INET, entry->fwmark);
2455 svc = __ip_vs_service_get(AF_INET, entry->protocol,
2456 &addr, entry->port);
2458 ip_vs_copy_service(entry, svc);
2459 if (copy_to_user(user, entry, sizeof(*entry)) != 0)
2461 ip_vs_service_put(svc);
2467 case IP_VS_SO_GET_DESTS:
2469 struct ip_vs_get_dests *get;
2472 get = (struct ip_vs_get_dests *)arg;
2473 size = sizeof(*get) +
2474 sizeof(struct ip_vs_dest_entry) * get->num_dests;
2476 pr_err("length: %u != %u\n", *len, size);
2480 ret = __ip_vs_get_dest_entries(get, user);
2484 case IP_VS_SO_GET_TIMEOUT:
2486 struct ip_vs_timeout_user t;
2488 __ip_vs_get_timeouts(&t);
2489 if (copy_to_user(user, &t, sizeof(t)) != 0)
2494 case IP_VS_SO_GET_DAEMON:
2496 struct ip_vs_daemon_user d[2];
2498 memset(&d, 0, sizeof(d));
2499 if (ip_vs_sync_state & IP_VS_STATE_MASTER) {
2500 d[0].state = IP_VS_STATE_MASTER;
2501 strlcpy(d[0].mcast_ifn, ip_vs_master_mcast_ifn, sizeof(d[0].mcast_ifn));
2502 d[0].syncid = ip_vs_master_syncid;
2504 if (ip_vs_sync_state & IP_VS_STATE_BACKUP) {
2505 d[1].state = IP_VS_STATE_BACKUP;
2506 strlcpy(d[1].mcast_ifn, ip_vs_backup_mcast_ifn, sizeof(d[1].mcast_ifn));
2507 d[1].syncid = ip_vs_backup_syncid;
2509 if (copy_to_user(user, &d, sizeof(d)) != 0)
2519 mutex_unlock(&__ip_vs_mutex);
2524 static struct nf_sockopt_ops ip_vs_sockopts = {
2526 .set_optmin = IP_VS_BASE_CTL,
2527 .set_optmax = IP_VS_SO_SET_MAX+1,
2528 .set = do_ip_vs_set_ctl,
2529 .get_optmin = IP_VS_BASE_CTL,
2530 .get_optmax = IP_VS_SO_GET_MAX+1,
2531 .get = do_ip_vs_get_ctl,
2532 .owner = THIS_MODULE,
2536 * Generic Netlink interface
2539 /* IPVS genetlink family */
2540 static struct genl_family ip_vs_genl_family = {
2541 .id = GENL_ID_GENERATE,
2543 .name = IPVS_GENL_NAME,
2544 .version = IPVS_GENL_VERSION,
2545 .maxattr = IPVS_CMD_MAX,
2548 /* Policy used for first-level command attributes */
2549 static const struct nla_policy ip_vs_cmd_policy[IPVS_CMD_ATTR_MAX + 1] = {
2550 [IPVS_CMD_ATTR_SERVICE] = { .type = NLA_NESTED },
2551 [IPVS_CMD_ATTR_DEST] = { .type = NLA_NESTED },
2552 [IPVS_CMD_ATTR_DAEMON] = { .type = NLA_NESTED },
2553 [IPVS_CMD_ATTR_TIMEOUT_TCP] = { .type = NLA_U32 },
2554 [IPVS_CMD_ATTR_TIMEOUT_TCP_FIN] = { .type = NLA_U32 },
2555 [IPVS_CMD_ATTR_TIMEOUT_UDP] = { .type = NLA_U32 },
2558 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DAEMON */
2559 static const struct nla_policy ip_vs_daemon_policy[IPVS_DAEMON_ATTR_MAX + 1] = {
2560 [IPVS_DAEMON_ATTR_STATE] = { .type = NLA_U32 },
2561 [IPVS_DAEMON_ATTR_MCAST_IFN] = { .type = NLA_NUL_STRING,
2562 .len = IP_VS_IFNAME_MAXLEN },
2563 [IPVS_DAEMON_ATTR_SYNC_ID] = { .type = NLA_U32 },
2566 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_SERVICE */
2567 static const struct nla_policy ip_vs_svc_policy[IPVS_SVC_ATTR_MAX + 1] = {
2568 [IPVS_SVC_ATTR_AF] = { .type = NLA_U16 },
2569 [IPVS_SVC_ATTR_PROTOCOL] = { .type = NLA_U16 },
2570 [IPVS_SVC_ATTR_ADDR] = { .type = NLA_BINARY,
2571 .len = sizeof(union nf_inet_addr) },
2572 [IPVS_SVC_ATTR_PORT] = { .type = NLA_U16 },
2573 [IPVS_SVC_ATTR_FWMARK] = { .type = NLA_U32 },
2574 [IPVS_SVC_ATTR_SCHED_NAME] = { .type = NLA_NUL_STRING,
2575 .len = IP_VS_SCHEDNAME_MAXLEN },
2576 [IPVS_SVC_ATTR_FLAGS] = { .type = NLA_BINARY,
2577 .len = sizeof(struct ip_vs_flags) },
2578 [IPVS_SVC_ATTR_TIMEOUT] = { .type = NLA_U32 },
2579 [IPVS_SVC_ATTR_NETMASK] = { .type = NLA_U32 },
2580 [IPVS_SVC_ATTR_STATS] = { .type = NLA_NESTED },
2583 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DEST */
2584 static const struct nla_policy ip_vs_dest_policy[IPVS_DEST_ATTR_MAX + 1] = {
2585 [IPVS_DEST_ATTR_ADDR] = { .type = NLA_BINARY,
2586 .len = sizeof(union nf_inet_addr) },
2587 [IPVS_DEST_ATTR_PORT] = { .type = NLA_U16 },
2588 [IPVS_DEST_ATTR_FWD_METHOD] = { .type = NLA_U32 },
2589 [IPVS_DEST_ATTR_WEIGHT] = { .type = NLA_U32 },
2590 [IPVS_DEST_ATTR_U_THRESH] = { .type = NLA_U32 },
2591 [IPVS_DEST_ATTR_L_THRESH] = { .type = NLA_U32 },
2592 [IPVS_DEST_ATTR_ACTIVE_CONNS] = { .type = NLA_U32 },
2593 [IPVS_DEST_ATTR_INACT_CONNS] = { .type = NLA_U32 },
2594 [IPVS_DEST_ATTR_PERSIST_CONNS] = { .type = NLA_U32 },
2595 [IPVS_DEST_ATTR_STATS] = { .type = NLA_NESTED },
2598 static int ip_vs_genl_fill_stats(struct sk_buff *skb, int container_type,
2599 struct ip_vs_stats *stats)
2601 struct nlattr *nl_stats = nla_nest_start(skb, container_type);
2605 spin_lock_bh(&stats->lock);
2607 NLA_PUT_U32(skb, IPVS_STATS_ATTR_CONNS, stats->ustats.conns);
2608 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INPKTS, stats->ustats.inpkts);
2609 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTPKTS, stats->ustats.outpkts);
2610 NLA_PUT_U64(skb, IPVS_STATS_ATTR_INBYTES, stats->ustats.inbytes);
2611 NLA_PUT_U64(skb, IPVS_STATS_ATTR_OUTBYTES, stats->ustats.outbytes);
2612 NLA_PUT_U32(skb, IPVS_STATS_ATTR_CPS, stats->ustats.cps);
2613 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INPPS, stats->ustats.inpps);
2614 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTPPS, stats->ustats.outpps);
2615 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INBPS, stats->ustats.inbps);
2616 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTBPS, stats->ustats.outbps);
2618 spin_unlock_bh(&stats->lock);
2620 nla_nest_end(skb, nl_stats);
2625 spin_unlock_bh(&stats->lock);
2626 nla_nest_cancel(skb, nl_stats);
2630 static int ip_vs_genl_fill_service(struct sk_buff *skb,
2631 struct ip_vs_service *svc)
2633 struct nlattr *nl_service;
2634 struct ip_vs_flags flags = { .flags = svc->flags,
2637 nl_service = nla_nest_start(skb, IPVS_CMD_ATTR_SERVICE);
2641 NLA_PUT_U16(skb, IPVS_SVC_ATTR_AF, svc->af);
2644 NLA_PUT_U32(skb, IPVS_SVC_ATTR_FWMARK, svc->fwmark);
2646 NLA_PUT_U16(skb, IPVS_SVC_ATTR_PROTOCOL, svc->protocol);
2647 NLA_PUT(skb, IPVS_SVC_ATTR_ADDR, sizeof(svc->addr), &svc->addr);
2648 NLA_PUT_U16(skb, IPVS_SVC_ATTR_PORT, svc->port);
2651 NLA_PUT_STRING(skb, IPVS_SVC_ATTR_SCHED_NAME, svc->scheduler->name);
2652 NLA_PUT(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags);
2653 NLA_PUT_U32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ);
2654 NLA_PUT_U32(skb, IPVS_SVC_ATTR_NETMASK, svc->netmask);
2656 if (ip_vs_genl_fill_stats(skb, IPVS_SVC_ATTR_STATS, &svc->stats))
2657 goto nla_put_failure;
2659 nla_nest_end(skb, nl_service);
2664 nla_nest_cancel(skb, nl_service);
2668 static int ip_vs_genl_dump_service(struct sk_buff *skb,
2669 struct ip_vs_service *svc,
2670 struct netlink_callback *cb)
2674 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2675 &ip_vs_genl_family, NLM_F_MULTI,
2676 IPVS_CMD_NEW_SERVICE);
2680 if (ip_vs_genl_fill_service(skb, svc) < 0)
2681 goto nla_put_failure;
2683 return genlmsg_end(skb, hdr);
2686 genlmsg_cancel(skb, hdr);
2690 static int ip_vs_genl_dump_services(struct sk_buff *skb,
2691 struct netlink_callback *cb)
2694 int start = cb->args[0];
2695 struct ip_vs_service *svc;
2697 mutex_lock(&__ip_vs_mutex);
2698 for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
2699 list_for_each_entry(svc, &ip_vs_svc_table[i], s_list) {
2702 if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
2704 goto nla_put_failure;
2709 for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
2710 list_for_each_entry(svc, &ip_vs_svc_fwm_table[i], f_list) {
2713 if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
2715 goto nla_put_failure;
2721 mutex_unlock(&__ip_vs_mutex);
2727 static int ip_vs_genl_parse_service(struct ip_vs_service_user_kern *usvc,
2728 struct nlattr *nla, int full_entry)
2730 struct nlattr *attrs[IPVS_SVC_ATTR_MAX + 1];
2731 struct nlattr *nla_af, *nla_port, *nla_fwmark, *nla_protocol, *nla_addr;
2733 /* Parse mandatory identifying service fields first */
2735 nla_parse_nested(attrs, IPVS_SVC_ATTR_MAX, nla, ip_vs_svc_policy))
2738 nla_af = attrs[IPVS_SVC_ATTR_AF];
2739 nla_protocol = attrs[IPVS_SVC_ATTR_PROTOCOL];
2740 nla_addr = attrs[IPVS_SVC_ATTR_ADDR];
2741 nla_port = attrs[IPVS_SVC_ATTR_PORT];
2742 nla_fwmark = attrs[IPVS_SVC_ATTR_FWMARK];
2744 if (!(nla_af && (nla_fwmark || (nla_port && nla_protocol && nla_addr))))
2747 memset(usvc, 0, sizeof(*usvc));
2749 usvc->af = nla_get_u16(nla_af);
2750 #ifdef CONFIG_IP_VS_IPV6
2751 if (usvc->af != AF_INET && usvc->af != AF_INET6)
2753 if (usvc->af != AF_INET)
2755 return -EAFNOSUPPORT;
2758 usvc->protocol = IPPROTO_TCP;
2759 usvc->fwmark = nla_get_u32(nla_fwmark);
2761 usvc->protocol = nla_get_u16(nla_protocol);
2762 nla_memcpy(&usvc->addr, nla_addr, sizeof(usvc->addr));
2763 usvc->port = nla_get_u16(nla_port);
2767 /* If a full entry was requested, check for the additional fields */
2769 struct nlattr *nla_sched, *nla_flags, *nla_timeout,
2771 struct ip_vs_flags flags;
2772 struct ip_vs_service *svc;
2774 nla_sched = attrs[IPVS_SVC_ATTR_SCHED_NAME];
2775 nla_flags = attrs[IPVS_SVC_ATTR_FLAGS];
2776 nla_timeout = attrs[IPVS_SVC_ATTR_TIMEOUT];
2777 nla_netmask = attrs[IPVS_SVC_ATTR_NETMASK];
2779 if (!(nla_sched && nla_flags && nla_timeout && nla_netmask))
2782 nla_memcpy(&flags, nla_flags, sizeof(flags));
2784 /* prefill flags from service if it already exists */
2786 svc = __ip_vs_svc_fwm_get(usvc->af, usvc->fwmark);
2788 svc = __ip_vs_service_get(usvc->af, usvc->protocol,
2789 &usvc->addr, usvc->port);
2791 usvc->flags = svc->flags;
2792 ip_vs_service_put(svc);
2796 /* set new flags from userland */
2797 usvc->flags = (usvc->flags & ~flags.mask) |
2798 (flags.flags & flags.mask);
2799 usvc->sched_name = nla_data(nla_sched);
2800 usvc->timeout = nla_get_u32(nla_timeout);
2801 usvc->netmask = nla_get_u32(nla_netmask);
2807 static struct ip_vs_service *ip_vs_genl_find_service(struct nlattr *nla)
2809 struct ip_vs_service_user_kern usvc;
2812 ret = ip_vs_genl_parse_service(&usvc, nla, 0);
2814 return ERR_PTR(ret);
2817 return __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
2819 return __ip_vs_service_get(usvc.af, usvc.protocol,
2820 &usvc.addr, usvc.port);
2823 static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
2825 struct nlattr *nl_dest;
2827 nl_dest = nla_nest_start(skb, IPVS_CMD_ATTR_DEST);
2831 NLA_PUT(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr);
2832 NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port);
2834 NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD,
2835 atomic_read(&dest->conn_flags) & IP_VS_CONN_F_FWD_MASK);
2836 NLA_PUT_U32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight));
2837 NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold);
2838 NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold);
2839 NLA_PUT_U32(skb, IPVS_DEST_ATTR_ACTIVE_CONNS,
2840 atomic_read(&dest->activeconns));
2841 NLA_PUT_U32(skb, IPVS_DEST_ATTR_INACT_CONNS,
2842 atomic_read(&dest->inactconns));
2843 NLA_PUT_U32(skb, IPVS_DEST_ATTR_PERSIST_CONNS,
2844 atomic_read(&dest->persistconns));
2846 if (ip_vs_genl_fill_stats(skb, IPVS_DEST_ATTR_STATS, &dest->stats))
2847 goto nla_put_failure;
2849 nla_nest_end(skb, nl_dest);
2854 nla_nest_cancel(skb, nl_dest);
2858 static int ip_vs_genl_dump_dest(struct sk_buff *skb, struct ip_vs_dest *dest,
2859 struct netlink_callback *cb)
2863 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2864 &ip_vs_genl_family, NLM_F_MULTI,
2869 if (ip_vs_genl_fill_dest(skb, dest) < 0)
2870 goto nla_put_failure;
2872 return genlmsg_end(skb, hdr);
2875 genlmsg_cancel(skb, hdr);
2879 static int ip_vs_genl_dump_dests(struct sk_buff *skb,
2880 struct netlink_callback *cb)
2883 int start = cb->args[0];
2884 struct ip_vs_service *svc;
2885 struct ip_vs_dest *dest;
2886 struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1];
2888 mutex_lock(&__ip_vs_mutex);
2890 /* Try to find the service for which to dump destinations */
2891 if (nlmsg_parse(cb->nlh, GENL_HDRLEN, attrs,
2892 IPVS_CMD_ATTR_MAX, ip_vs_cmd_policy))
2895 svc = ip_vs_genl_find_service(attrs[IPVS_CMD_ATTR_SERVICE]);
2896 if (IS_ERR(svc) || svc == NULL)
2899 /* Dump the destinations */
2900 list_for_each_entry(dest, &svc->destinations, n_list) {
2903 if (ip_vs_genl_dump_dest(skb, dest, cb) < 0) {
2905 goto nla_put_failure;
2911 ip_vs_service_put(svc);
2914 mutex_unlock(&__ip_vs_mutex);
2919 static int ip_vs_genl_parse_dest(struct ip_vs_dest_user_kern *udest,
2920 struct nlattr *nla, int full_entry)
2922 struct nlattr *attrs[IPVS_DEST_ATTR_MAX + 1];
2923 struct nlattr *nla_addr, *nla_port;
2925 /* Parse mandatory identifying destination fields first */
2927 nla_parse_nested(attrs, IPVS_DEST_ATTR_MAX, nla, ip_vs_dest_policy))
2930 nla_addr = attrs[IPVS_DEST_ATTR_ADDR];
2931 nla_port = attrs[IPVS_DEST_ATTR_PORT];
2933 if (!(nla_addr && nla_port))
2936 memset(udest, 0, sizeof(*udest));
2938 nla_memcpy(&udest->addr, nla_addr, sizeof(udest->addr));
2939 udest->port = nla_get_u16(nla_port);
2941 /* If a full entry was requested, check for the additional fields */
2943 struct nlattr *nla_fwd, *nla_weight, *nla_u_thresh,
2946 nla_fwd = attrs[IPVS_DEST_ATTR_FWD_METHOD];
2947 nla_weight = attrs[IPVS_DEST_ATTR_WEIGHT];
2948 nla_u_thresh = attrs[IPVS_DEST_ATTR_U_THRESH];
2949 nla_l_thresh = attrs[IPVS_DEST_ATTR_L_THRESH];
2951 if (!(nla_fwd && nla_weight && nla_u_thresh && nla_l_thresh))
2954 udest->conn_flags = nla_get_u32(nla_fwd)
2955 & IP_VS_CONN_F_FWD_MASK;
2956 udest->weight = nla_get_u32(nla_weight);
2957 udest->u_threshold = nla_get_u32(nla_u_thresh);
2958 udest->l_threshold = nla_get_u32(nla_l_thresh);
2964 static int ip_vs_genl_fill_daemon(struct sk_buff *skb, __be32 state,
2965 const char *mcast_ifn, __be32 syncid)
2967 struct nlattr *nl_daemon;
2969 nl_daemon = nla_nest_start(skb, IPVS_CMD_ATTR_DAEMON);
2973 NLA_PUT_U32(skb, IPVS_DAEMON_ATTR_STATE, state);
2974 NLA_PUT_STRING(skb, IPVS_DAEMON_ATTR_MCAST_IFN, mcast_ifn);
2975 NLA_PUT_U32(skb, IPVS_DAEMON_ATTR_SYNC_ID, syncid);
2977 nla_nest_end(skb, nl_daemon);
2982 nla_nest_cancel(skb, nl_daemon);
2986 static int ip_vs_genl_dump_daemon(struct sk_buff *skb, __be32 state,
2987 const char *mcast_ifn, __be32 syncid,
2988 struct netlink_callback *cb)
2991 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2992 &ip_vs_genl_family, NLM_F_MULTI,
2993 IPVS_CMD_NEW_DAEMON);
2997 if (ip_vs_genl_fill_daemon(skb, state, mcast_ifn, syncid))
2998 goto nla_put_failure;
3000 return genlmsg_end(skb, hdr);
3003 genlmsg_cancel(skb, hdr);
3007 static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
3008 struct netlink_callback *cb)
3010 mutex_lock(&__ip_vs_mutex);
3011 if ((ip_vs_sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
3012 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
3013 ip_vs_master_mcast_ifn,
3014 ip_vs_master_syncid, cb) < 0)
3015 goto nla_put_failure;
3020 if ((ip_vs_sync_state & IP_VS_STATE_BACKUP) && !cb->args[1]) {
3021 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_BACKUP,
3022 ip_vs_backup_mcast_ifn,
3023 ip_vs_backup_syncid, cb) < 0)
3024 goto nla_put_failure;
3030 mutex_unlock(&__ip_vs_mutex);
3035 static int ip_vs_genl_new_daemon(struct nlattr **attrs)
3037 if (!(attrs[IPVS_DAEMON_ATTR_STATE] &&
3038 attrs[IPVS_DAEMON_ATTR_MCAST_IFN] &&
3039 attrs[IPVS_DAEMON_ATTR_SYNC_ID]))
3042 return start_sync_thread(nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]),
3043 nla_data(attrs[IPVS_DAEMON_ATTR_MCAST_IFN]),
3044 nla_get_u32(attrs[IPVS_DAEMON_ATTR_SYNC_ID]));
3047 static int ip_vs_genl_del_daemon(struct nlattr **attrs)
3049 if (!attrs[IPVS_DAEMON_ATTR_STATE])
3052 return stop_sync_thread(nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
3055 static int ip_vs_genl_set_config(struct nlattr **attrs)
3057 struct ip_vs_timeout_user t;
3059 __ip_vs_get_timeouts(&t);
3061 if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP])
3062 t.tcp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP]);
3064 if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN])
3066 nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN]);
3068 if (attrs[IPVS_CMD_ATTR_TIMEOUT_UDP])
3069 t.udp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_UDP]);
3071 return ip_vs_set_timeout(&t);
3074 static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3076 struct ip_vs_service *svc = NULL;
3077 struct ip_vs_service_user_kern usvc;
3078 struct ip_vs_dest_user_kern udest;
3080 int need_full_svc = 0, need_full_dest = 0;
3082 cmd = info->genlhdr->cmd;
3084 mutex_lock(&__ip_vs_mutex);
3086 if (cmd == IPVS_CMD_FLUSH) {
3087 ret = ip_vs_flush();
3089 } else if (cmd == IPVS_CMD_SET_CONFIG) {
3090 ret = ip_vs_genl_set_config(info->attrs);
3092 } else if (cmd == IPVS_CMD_NEW_DAEMON ||
3093 cmd == IPVS_CMD_DEL_DAEMON) {
3095 struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
3097 if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
3098 nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
3099 info->attrs[IPVS_CMD_ATTR_DAEMON],
3100 ip_vs_daemon_policy)) {
3105 if (cmd == IPVS_CMD_NEW_DAEMON)
3106 ret = ip_vs_genl_new_daemon(daemon_attrs);
3108 ret = ip_vs_genl_del_daemon(daemon_attrs);
3110 } else if (cmd == IPVS_CMD_ZERO &&
3111 !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
3112 ret = ip_vs_zero_all();
3116 /* All following commands require a service argument, so check if we
3117 * received a valid one. We need a full service specification when
3118 * adding / editing a service. Only identifying members otherwise. */
3119 if (cmd == IPVS_CMD_NEW_SERVICE || cmd == IPVS_CMD_SET_SERVICE)
3122 ret = ip_vs_genl_parse_service(&usvc,
3123 info->attrs[IPVS_CMD_ATTR_SERVICE],
3128 /* Lookup the exact service by <protocol, addr, port> or fwmark */
3129 if (usvc.fwmark == 0)
3130 svc = __ip_vs_service_get(usvc.af, usvc.protocol,
3131 &usvc.addr, usvc.port);
3133 svc = __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
3135 /* Unless we're adding a new service, the service must already exist */
3136 if ((cmd != IPVS_CMD_NEW_SERVICE) && (svc == NULL)) {
3141 /* Destination commands require a valid destination argument. For
3142 * adding / editing a destination, we need a full destination
3144 if (cmd == IPVS_CMD_NEW_DEST || cmd == IPVS_CMD_SET_DEST ||
3145 cmd == IPVS_CMD_DEL_DEST) {
3146 if (cmd != IPVS_CMD_DEL_DEST)
3149 ret = ip_vs_genl_parse_dest(&udest,
3150 info->attrs[IPVS_CMD_ATTR_DEST],
3157 case IPVS_CMD_NEW_SERVICE:
3159 ret = ip_vs_add_service(&usvc, &svc);
3163 case IPVS_CMD_SET_SERVICE:
3164 ret = ip_vs_edit_service(svc, &usvc);
3166 case IPVS_CMD_DEL_SERVICE:
3167 ret = ip_vs_del_service(svc);
3169 case IPVS_CMD_NEW_DEST:
3170 ret = ip_vs_add_dest(svc, &udest);
3172 case IPVS_CMD_SET_DEST:
3173 ret = ip_vs_edit_dest(svc, &udest);
3175 case IPVS_CMD_DEL_DEST:
3176 ret = ip_vs_del_dest(svc, &udest);
3179 ret = ip_vs_zero_service(svc);
3187 ip_vs_service_put(svc);
3188 mutex_unlock(&__ip_vs_mutex);
3193 static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct genl_info *info)
3195 struct sk_buff *msg;
3197 int ret, cmd, reply_cmd;
3199 cmd = info->genlhdr->cmd;
3201 if (cmd == IPVS_CMD_GET_SERVICE)
3202 reply_cmd = IPVS_CMD_NEW_SERVICE;
3203 else if (cmd == IPVS_CMD_GET_INFO)
3204 reply_cmd = IPVS_CMD_SET_INFO;
3205 else if (cmd == IPVS_CMD_GET_CONFIG)
3206 reply_cmd = IPVS_CMD_SET_CONFIG;
3208 pr_err("unknown Generic Netlink command\n");
3212 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3216 mutex_lock(&__ip_vs_mutex);
3218 reply = genlmsg_put_reply(msg, info, &ip_vs_genl_family, 0, reply_cmd);
3220 goto nla_put_failure;
3223 case IPVS_CMD_GET_SERVICE:
3225 struct ip_vs_service *svc;
3227 svc = ip_vs_genl_find_service(info->attrs[IPVS_CMD_ATTR_SERVICE]);
3232 ret = ip_vs_genl_fill_service(msg, svc);
3233 ip_vs_service_put(svc);
3235 goto nla_put_failure;
3244 case IPVS_CMD_GET_CONFIG:
3246 struct ip_vs_timeout_user t;
3248 __ip_vs_get_timeouts(&t);
3249 #ifdef CONFIG_IP_VS_PROTO_TCP
3250 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP, t.tcp_timeout);
3251 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP_FIN,
3254 #ifdef CONFIG_IP_VS_PROTO_UDP
3255 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_UDP, t.udp_timeout);
3261 case IPVS_CMD_GET_INFO:
3262 NLA_PUT_U32(msg, IPVS_INFO_ATTR_VERSION, IP_VS_VERSION_CODE);
3263 NLA_PUT_U32(msg, IPVS_INFO_ATTR_CONN_TAB_SIZE,
3264 ip_vs_conn_tab_size);
3268 genlmsg_end(msg, reply);
3269 ret = genlmsg_reply(msg, info);
3273 pr_err("not enough space in Netlink message\n");
3279 mutex_unlock(&__ip_vs_mutex);
3285 static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
3287 .cmd = IPVS_CMD_NEW_SERVICE,
3288 .flags = GENL_ADMIN_PERM,
3289 .policy = ip_vs_cmd_policy,
3290 .doit = ip_vs_genl_set_cmd,
3293 .cmd = IPVS_CMD_SET_SERVICE,
3294 .flags = GENL_ADMIN_PERM,
3295 .policy = ip_vs_cmd_policy,
3296 .doit = ip_vs_genl_set_cmd,
3299 .cmd = IPVS_CMD_DEL_SERVICE,
3300 .flags = GENL_ADMIN_PERM,
3301 .policy = ip_vs_cmd_policy,
3302 .doit = ip_vs_genl_set_cmd,
3305 .cmd = IPVS_CMD_GET_SERVICE,
3306 .flags = GENL_ADMIN_PERM,
3307 .doit = ip_vs_genl_get_cmd,
3308 .dumpit = ip_vs_genl_dump_services,
3309 .policy = ip_vs_cmd_policy,
3312 .cmd = IPVS_CMD_NEW_DEST,
3313 .flags = GENL_ADMIN_PERM,
3314 .policy = ip_vs_cmd_policy,
3315 .doit = ip_vs_genl_set_cmd,
3318 .cmd = IPVS_CMD_SET_DEST,
3319 .flags = GENL_ADMIN_PERM,
3320 .policy = ip_vs_cmd_policy,
3321 .doit = ip_vs_genl_set_cmd,
3324 .cmd = IPVS_CMD_DEL_DEST,
3325 .flags = GENL_ADMIN_PERM,
3326 .policy = ip_vs_cmd_policy,
3327 .doit = ip_vs_genl_set_cmd,
3330 .cmd = IPVS_CMD_GET_DEST,
3331 .flags = GENL_ADMIN_PERM,
3332 .policy = ip_vs_cmd_policy,
3333 .dumpit = ip_vs_genl_dump_dests,
3336 .cmd = IPVS_CMD_NEW_DAEMON,
3337 .flags = GENL_ADMIN_PERM,
3338 .policy = ip_vs_cmd_policy,
3339 .doit = ip_vs_genl_set_cmd,
3342 .cmd = IPVS_CMD_DEL_DAEMON,
3343 .flags = GENL_ADMIN_PERM,
3344 .policy = ip_vs_cmd_policy,
3345 .doit = ip_vs_genl_set_cmd,
3348 .cmd = IPVS_CMD_GET_DAEMON,
3349 .flags = GENL_ADMIN_PERM,
3350 .dumpit = ip_vs_genl_dump_daemons,
3353 .cmd = IPVS_CMD_SET_CONFIG,
3354 .flags = GENL_ADMIN_PERM,
3355 .policy = ip_vs_cmd_policy,
3356 .doit = ip_vs_genl_set_cmd,
3359 .cmd = IPVS_CMD_GET_CONFIG,
3360 .flags = GENL_ADMIN_PERM,
3361 .doit = ip_vs_genl_get_cmd,
3364 .cmd = IPVS_CMD_GET_INFO,
3365 .flags = GENL_ADMIN_PERM,
3366 .doit = ip_vs_genl_get_cmd,
3369 .cmd = IPVS_CMD_ZERO,
3370 .flags = GENL_ADMIN_PERM,
3371 .policy = ip_vs_cmd_policy,
3372 .doit = ip_vs_genl_set_cmd,
3375 .cmd = IPVS_CMD_FLUSH,
3376 .flags = GENL_ADMIN_PERM,
3377 .doit = ip_vs_genl_set_cmd,
3381 static int __init ip_vs_genl_register(void)
3383 return genl_register_family_with_ops(&ip_vs_genl_family,
3384 ip_vs_genl_ops, ARRAY_SIZE(ip_vs_genl_ops));
3387 static void ip_vs_genl_unregister(void)
3389 genl_unregister_family(&ip_vs_genl_family);
3392 /* End of Generic Netlink interface definitions */
3395 int __init ip_vs_control_init(void)
3402 ret = nf_register_sockopt(&ip_vs_sockopts);
3404 pr_err("cannot register sockopt.\n");
3408 ret = ip_vs_genl_register();
3410 pr_err("cannot register Generic Netlink interface.\n");
3411 nf_unregister_sockopt(&ip_vs_sockopts);
3415 proc_net_fops_create(&init_net, "ip_vs", 0, &ip_vs_info_fops);
3416 proc_net_fops_create(&init_net, "ip_vs_stats",0, &ip_vs_stats_fops);
3418 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars);
3420 /* Initialize ip_vs_svc_table, ip_vs_svc_fwm_table, ip_vs_rtable */
3421 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
3422 INIT_LIST_HEAD(&ip_vs_svc_table[idx]);
3423 INIT_LIST_HEAD(&ip_vs_svc_fwm_table[idx]);
3425 for(idx = 0; idx < IP_VS_RTAB_SIZE; idx++) {
3426 INIT_LIST_HEAD(&ip_vs_rtable[idx]);
3429 ip_vs_new_estimator(&ip_vs_stats);
3431 /* Hook the defense timer */
3432 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
3439 void ip_vs_control_cleanup(void)
3442 ip_vs_trash_cleanup();
3443 cancel_rearming_delayed_work(&defense_work);
3444 cancel_work_sync(&defense_work.work);
3445 ip_vs_kill_estimator(&ip_vs_stats);
3446 unregister_sysctl_table(sysctl_header);
3447 proc_net_remove(&init_net, "ip_vs_stats");
3448 proc_net_remove(&init_net, "ip_vs");
3449 ip_vs_genl_unregister();
3450 nf_unregister_sockopt(&ip_vs_sockopts);