[net-next-2.6.git] / net / netfilter / ipvs / ip_vs_proto_udp.c

/*
 * ip_vs_proto_udp.c:	UDP load balancing support for IPVS
 *
 * Authors:     Wensong Zhang <wensong@linuxvirtualserver.org>
 *              Julian Anastasov <ja@ssi.bg>
 *
 *              This program is free software; you can redistribute it and/or
 *              modify it under the terms of the GNU General Public License
 *              as published by the Free Software Foundation; either version
 *              2 of the License, or (at your option) any later version.
 *
 * Changes:
 *
 */

#define KMSG_COMPONENT "IPVS"
#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt

#include <linux/in.h>
#include <linux/ip.h>
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <linux/udp.h>

#include <net/ip_vs.h>
#include <net/ip.h>
#include <net/ip6_checksum.h>

static int
udp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_protocol *pp,
		  int *verdict, struct ip_vs_conn **cpp)
{
	struct ip_vs_service *svc;
	struct udphdr _udph, *uh;
	struct ip_vs_iphdr iph;

	ip_vs_fill_iphdr(af, skb_network_header(skb), &iph);

	uh = skb_header_pointer(skb, iph.len, sizeof(_udph), &_udph);
	if (uh == NULL) {
		*verdict = NF_DROP;
		return 0;
	}

	svc = ip_vs_service_get(af, skb->mark, iph.protocol,
				&iph.daddr, uh->dest);
	if (svc) {
		int ignored;

		if (ip_vs_todrop()) {
			/*
			 * It seems that we are very loaded.
			 * We have to drop this packet :(
			 */
			ip_vs_service_put(svc);
			*verdict = NF_DROP;
			return 0;
		}

		/*
		 * Let the virtual server select a real server for the
		 * incoming connection, and create a connection entry.
		 */
		*cpp = ip_vs_schedule(svc, skb, pp, &ignored);
		if (!*cpp && !ignored) {
			*verdict = ip_vs_leave(svc, skb, pp);
			return 0;
		}
		ip_vs_service_put(svc);
	}
	return 1;
}


static inline void
udp_fast_csum_update(int af, struct udphdr *uhdr,
		     const union nf_inet_addr *oldip,
		     const union nf_inet_addr *newip,
		     __be16 oldport, __be16 newport)
{
#ifdef CONFIG_IP_VS_IPV6
	if (af == AF_INET6)
		uhdr->check =
			csum_fold(ip_vs_check_diff16(oldip->ip6, newip->ip6,
					 ip_vs_check_diff2(oldport, newport,
						~csum_unfold(uhdr->check))));
	else
#endif
		uhdr->check =
			csum_fold(ip_vs_check_diff4(oldip->ip, newip->ip,
					 ip_vs_check_diff2(oldport, newport,
						~csum_unfold(uhdr->check))));
	if (!uhdr->check)
		uhdr->check = CSUM_MANGLED_0;
}

static inline void
udp_partial_csum_update(int af, struct udphdr *uhdr,
		     const union nf_inet_addr *oldip,
		     const union nf_inet_addr *newip,
		     __be16 oldlen, __be16 newlen)
{
#ifdef CONFIG_IP_VS_IPV6
	if (af == AF_INET6)
		uhdr->check =
			~csum_fold(ip_vs_check_diff16(oldip->ip6, newip->ip6,
					 ip_vs_check_diff2(oldlen, newlen,
						csum_unfold(uhdr->check))));
	else
#endif
	uhdr->check =
		~csum_fold(ip_vs_check_diff4(oldip->ip, newip->ip,
				ip_vs_check_diff2(oldlen, newlen,
						csum_unfold(uhdr->check))));
}


static int
udp_snat_handler(struct sk_buff *skb,
		 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
{
	struct udphdr *udph;
	unsigned int udphoff;
	int oldlen;
	int payload_csum = 0;

#ifdef CONFIG_IP_VS_IPV6
	if (cp->af == AF_INET6)
		udphoff = sizeof(struct ipv6hdr);
	else
#endif
		udphoff = ip_hdrlen(skb);
	oldlen = skb->len - udphoff;

	/* csum_check requires unshared skb */
	if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
		return 0;

	if (unlikely(cp->app != NULL)) {
		int ret;

		/* Some checks before mangling */
		if (pp->csum_check && !pp->csum_check(cp->af, skb, pp))
			return 0;

		/*
		 *	Call application helper if needed
		 */
		if (!(ret = ip_vs_app_pkt_out(cp, skb)))
			return 0;
		/* ret=2: csum update is needed after payload mangling */
		if (ret == 1)
			oldlen = skb->len - udphoff;
		else
			payload_csum = 1;
	}

	udph = (void *)skb_network_header(skb) + udphoff;
	udph->source = cp->vport;

	/*
	 *	Adjust UDP checksums
	 */
	if (skb->ip_summed == CHECKSUM_PARTIAL) {
		udp_partial_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
					htons(oldlen),
					htons(skb->len - udphoff));
	} else if (!payload_csum && (udph->check != 0)) {
		/* Only port and addr are changed, do fast csum update */
		udp_fast_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
				     cp->dport, cp->vport);
		if (skb->ip_summed == CHECKSUM_COMPLETE)
			skb->ip_summed = (cp->app && pp->csum_check) ?
					 CHECKSUM_UNNECESSARY : CHECKSUM_NONE;
	} else {
		/* full checksum calculation */
		udph->check = 0;
		skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
#ifdef CONFIG_IP_VS_IPV6
		if (cp->af == AF_INET6)
			udph->check = csum_ipv6_magic(&cp->vaddr.in6,
						      &cp->caddr.in6,
						      skb->len - udphoff,
						      cp->protocol, skb->csum);
		else
#endif
			udph->check = csum_tcpudp_magic(cp->vaddr.ip,
							cp->caddr.ip,
							skb->len - udphoff,
							cp->protocol,
							skb->csum);
		if (udph->check == 0)
			udph->check = CSUM_MANGLED_0;
		skb->ip_summed = CHECKSUM_UNNECESSARY;
		IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
			  pp->name, udph->check,
			  (char*)&(udph->check) - (char*)udph);
	}
	return 1;
}


static int
udp_dnat_handler(struct sk_buff *skb,
		 struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
{
	struct udphdr *udph;
	unsigned int udphoff;
	int oldlen;
	int payload_csum = 0;

#ifdef CONFIG_IP_VS_IPV6
	if (cp->af == AF_INET6)
		udphoff = sizeof(struct ipv6hdr);
	else
#endif
		udphoff = ip_hdrlen(skb);
	oldlen = skb->len - udphoff;

	/* csum_check requires unshared skb */
	if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
		return 0;

	if (unlikely(cp->app != NULL)) {
		int ret;

		/* Some checks before mangling */
		if (pp->csum_check && !pp->csum_check(cp->af, skb, pp))
			return 0;

		/*
		 *	Attempt ip_vs_app call.
		 *	It will fix ip_vs_conn
		 */
		if (!(ret = ip_vs_app_pkt_in(cp, skb)))
			return 0;
		/* ret=2: csum update is needed after payload mangling */
		if (ret == 1)
			oldlen = skb->len - udphoff;
		else
			payload_csum = 1;
	}

	udph = (void *)skb_network_header(skb) + udphoff;
	udph->dest = cp->dport;

	/*
	 *	Adjust UDP checksums
	 */
	if (skb->ip_summed == CHECKSUM_PARTIAL) {
		udp_partial_csum_update(cp->af, udph, &cp->vaddr, &cp->daddr,
					htons(oldlen),
					htons(skb->len - udphoff));
	} else if (!payload_csum && (udph->check != 0)) {
		/* Only port and addr are changed, do fast csum update */
		udp_fast_csum_update(cp->af, udph, &cp->vaddr, &cp->daddr,
				     cp->vport, cp->dport);
		if (skb->ip_summed == CHECKSUM_COMPLETE)
			skb->ip_summed = (cp->app && pp->csum_check) ?
					 CHECKSUM_UNNECESSARY : CHECKSUM_NONE;
	} else {
		/* full checksum calculation */
		udph->check = 0;
		skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
#ifdef CONFIG_IP_VS_IPV6
		if (cp->af == AF_INET6)
			udph->check = csum_ipv6_magic(&cp->caddr.in6,
						      &cp->daddr.in6,
						      skb->len - udphoff,
						      cp->protocol, skb->csum);
		else
#endif
			udph->check = csum_tcpudp_magic(cp->caddr.ip,
							cp->daddr.ip,
							skb->len - udphoff,
							cp->protocol,
							skb->csum);
		if (udph->check == 0)
			udph->check = CSUM_MANGLED_0;
		skb->ip_summed = CHECKSUM_UNNECESSARY;
	}
	return 1;
}


static int
udp_csum_check(int af, struct sk_buff *skb, struct ip_vs_protocol *pp)
{
	struct udphdr _udph, *uh;
	unsigned int udphoff;

#ifdef CONFIG_IP_VS_IPV6
	if (af == AF_INET6)
		udphoff = sizeof(struct ipv6hdr);
	else
#endif
		udphoff = ip_hdrlen(skb);

	uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph);
	if (uh == NULL)
		return 0;

	if (uh->check != 0) {
		switch (skb->ip_summed) {
		case CHECKSUM_NONE:
			skb->csum = skb_checksum(skb, udphoff,
						 skb->len - udphoff, 0);
		case CHECKSUM_COMPLETE:
#ifdef CONFIG_IP_VS_IPV6
			if (af == AF_INET6) {
				if (csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
						    &ipv6_hdr(skb)->daddr,
						    skb->len - udphoff,
						    ipv6_hdr(skb)->nexthdr,
						    skb->csum)) {
					IP_VS_DBG_RL_PKT(0, af, pp, skb, 0,
							 "Failed checksum for");
					return 0;
				}
			} else
#endif
				if (csum_tcpudp_magic(ip_hdr(skb)->saddr,
						      ip_hdr(skb)->daddr,
						      skb->len - udphoff,
						      ip_hdr(skb)->protocol,
						      skb->csum)) {
					IP_VS_DBG_RL_PKT(0, af, pp, skb, 0,
							 "Failed checksum for");
					return 0;
				}
			break;
		default:
			/* No need to checksum. */
			break;
		}
	}
	return 1;
}


/*
 *	Note: the caller guarantees that only one of register_app,
 *	unregister_app or app_conn_bind is called each time.
 */

#define	UDP_APP_TAB_BITS	4
#define	UDP_APP_TAB_SIZE	(1 << UDP_APP_TAB_BITS)
#define	UDP_APP_TAB_MASK	(UDP_APP_TAB_SIZE - 1)

static struct list_head udp_apps[UDP_APP_TAB_SIZE];
static DEFINE_SPINLOCK(udp_app_lock);

static inline __u16 udp_app_hashkey(__be16 port)
{
	return (((__force u16)port >> UDP_APP_TAB_BITS) ^ (__force u16)port)
		& UDP_APP_TAB_MASK;
}


static int udp_register_app(struct ip_vs_app *inc)
{
	struct ip_vs_app *i;
	__u16 hash;
	__be16 port = inc->port;
	int ret = 0;

	hash = udp_app_hashkey(port);


	spin_lock_bh(&udp_app_lock);
	list_for_each_entry(i, &udp_apps[hash], p_list) {
		if (i->port == port) {
			ret = -EEXIST;
			goto out;
		}
	}
	list_add(&inc->p_list, &udp_apps[hash]);
	atomic_inc(&ip_vs_protocol_udp.appcnt);

  out:
	spin_unlock_bh(&udp_app_lock);
	return ret;
}


static void
udp_unregister_app(struct ip_vs_app *inc)
{
	spin_lock_bh(&udp_app_lock);
	atomic_dec(&ip_vs_protocol_udp.appcnt);
	list_del(&inc->p_list);
	spin_unlock_bh(&udp_app_lock);
}


static int udp_app_conn_bind(struct ip_vs_conn *cp)
{
	int hash;
	struct ip_vs_app *inc;
	int result = 0;

	/* Default binding: bind app only for NAT */
	if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ)
		return 0;

	/* Lookup application incarnations and bind the right one */
	hash = udp_app_hashkey(cp->vport);

	spin_lock(&udp_app_lock);
	list_for_each_entry(inc, &udp_apps[hash], p_list) {
		if (inc->port == cp->vport) {
			if (unlikely(!ip_vs_app_inc_get(inc)))
				break;
			spin_unlock(&udp_app_lock);

			IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->"
				      "%s:%u to app %s on port %u\n",
				      __func__,
				      IP_VS_DBG_ADDR(cp->af, &cp->caddr),
				      ntohs(cp->cport),
				      IP_VS_DBG_ADDR(cp->af, &cp->vaddr),
				      ntohs(cp->vport),
				      inc->name, ntohs(inc->port));

			cp->app = inc;
			if (inc->init_conn)
				result = inc->init_conn(inc, cp);
			goto out;
		}
	}
	spin_unlock(&udp_app_lock);

  out:
	return result;
}


static int udp_timeouts[IP_VS_UDP_S_LAST+1] = {
	[IP_VS_UDP_S_NORMAL]		=	5*60*HZ,
	[IP_VS_UDP_S_LAST]		=	2*HZ,
};

static const char *const udp_state_name_table[IP_VS_UDP_S_LAST+1] = {
	[IP_VS_UDP_S_NORMAL]		=	"UDP",
	[IP_VS_UDP_S_LAST]		=	"BUG!",
};


static int
udp_set_state_timeout(struct ip_vs_protocol *pp, char *sname, int to)
{
	return ip_vs_set_state_timeout(pp->timeout_table, IP_VS_UDP_S_LAST,
				       udp_state_name_table, sname, to);
}

static const char * udp_state_name(int state)
{
	if (state >= IP_VS_UDP_S_LAST)
		return "ERR!";
	return udp_state_name_table[state] ? udp_state_name_table[state] : "?";
}

static int
udp_state_transition(struct ip_vs_conn *cp, int direction,
		     const struct sk_buff *skb,
		     struct ip_vs_protocol *pp)
{
	cp->timeout = pp->timeout_table[IP_VS_UDP_S_NORMAL];
	return 1;
}

static void udp_init(struct ip_vs_protocol *pp)
{
	IP_VS_INIT_HASH_TABLE(udp_apps);
	pp->timeout_table = udp_timeouts;
}

static void udp_exit(struct ip_vs_protocol *pp)
{
}


struct ip_vs_protocol ip_vs_protocol_udp = {
	.name =			"UDP",
	.protocol =		IPPROTO_UDP,
	.num_states =		IP_VS_UDP_S_LAST,
	.dont_defrag =		0,
	.init =			udp_init,
	.exit =			udp_exit,
	.conn_schedule =	udp_conn_schedule,
	.conn_in_get =		ip_vs_conn_in_get_proto,
	.conn_out_get =		ip_vs_conn_out_get_proto,
	.snat_handler =		udp_snat_handler,
	.dnat_handler =		udp_dnat_handler,
	.csum_check =		udp_csum_check,
	.state_transition =	udp_state_transition,
	.state_name =		udp_state_name,
	.register_app =		udp_register_app,
	.unregister_app =	udp_unregister_app,
	.app_conn_bind =	udp_app_conn_bind,
	.debug_packet =		ip_vs_tcpudp_debug_packet,
	.timeout_change =	NULL,
	.set_state_timeout =	udp_set_state_timeout,
};
Commit	Line	Data
1da177e4 LT	1	/*
	2	* ip_vs_proto_udp.c: UDP load balancing support for IPVS
	3	*
1da177e4 LT	4	* Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
	5	* Julian Anastasov <ja@ssi.bg>
	6	*
	7	* This program is free software; you can redistribute it and/or
	8	* modify it under the terms of the GNU General Public License
	9	* as published by the Free Software Foundation; either version
	10	* 2 of the License, or (at your option) any later version.
	11	*
	12	* Changes:
	13	*
	14	*/
	15
9aada7ac HE	16	#define KMSG_COMPONENT "IPVS"
	17	#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
	18
14c85021 ACM	19	#include <linux/in.h>
14c85021 ACM	20	#include <linux/ip.h>
1da177e4	21	#include <linux/kernel.h>
af1e1cf0	22	#include <linux/netfilter.h>
1da177e4	23	#include <linux/netfilter_ipv4.h>
14c85021	24	#include <linux/udp.h>
1da177e4 LT	25
1da177e4 LT	26	#include <net/ip_vs.h>
c9bdd4b5	27	#include <net/ip.h>
63f2c046	28	#include <net/ip6_checksum.h>
1da177e4	29
1da177e4	30	static int
51ef348b	31	udp_conn_schedule(int af, struct sk_buff skb, struct ip_vs_protocol pp,
1da177e4 LT	32	int verdict, struct ip_vs_conn *cpp)
	33	{
	34	struct ip_vs_service *svc;
	35	struct udphdr _udph, *uh;
3c2e0505	36	struct ip_vs_iphdr iph;
1da177e4	37
51ef348b	38	ip_vs_fill_iphdr(af, skb_network_header(skb), &iph);
3c2e0505 JV	39
3c2e0505 JV	40	uh = skb_header_pointer(skb, iph.len, sizeof(_udph), &_udph);
1da177e4 LT	41	if (uh == NULL) {
	42	*verdict = NF_DROP;
	43	return 0;
	44	}
	45
51ef348b	46	svc = ip_vs_service_get(af, skb->mark, iph.protocol,
3c2e0505 JV	47	&iph.daddr, uh->dest);
3c2e0505 JV	48	if (svc) {
190ecd27 JA	49	int ignored;
190ecd27 JA	50
1da177e4 LT	51	if (ip_vs_todrop()) {
	52	/*
	53	* It seems that we are very loaded.
	54	* We have to drop this packet :(
	55	*/
	56	ip_vs_service_put(svc);
	57	*verdict = NF_DROP;
	58	return 0;
	59	}
	60
	61	/*
	62	* Let the virtual server select a real server for the
	63	* incoming connection, and create a connection entry.
	64	*/
190ecd27 JA	65	*cpp = ip_vs_schedule(svc, skb, pp, &ignored);
190ecd27 JA	66	if (!*cpp && !ignored) {
1da177e4 LT	67	*verdict = ip_vs_leave(svc, skb, pp);
	68	return 0;
	69	}
	70	ip_vs_service_put(svc);
	71	}
	72	return 1;
	73	}
	74
	75
	76	static inline void
0bbdd42b JV	77	udp_fast_csum_update(int af, struct udphdr *uhdr,
	78	const union nf_inet_addr *oldip,
	79	const union nf_inet_addr *newip,
014d730d	80	__be16 oldport, __be16 newport)
1da177e4	81	{
0bbdd42b JV	82	#ifdef CONFIG_IP_VS_IPV6
	83	if (af == AF_INET6)
	84	uhdr->check =
	85	csum_fold(ip_vs_check_diff16(oldip->ip6, newip->ip6,
	86	ip_vs_check_diff2(oldport, newport,
	87	~csum_unfold(uhdr->check))));
	88	else
	89	#endif
	90	uhdr->check =
	91	csum_fold(ip_vs_check_diff4(oldip->ip, newip->ip,
	92	ip_vs_check_diff2(oldport, newport,
	93	~csum_unfold(uhdr->check))));
1da177e4	94	if (!uhdr->check)
f6ab0288	95	uhdr->check = CSUM_MANGLED_0;
1da177e4 LT	96	}
1da177e4 LT	97
503e81f6 SH	98	static inline void
	99	udp_partial_csum_update(int af, struct udphdr *uhdr,
	100	const union nf_inet_addr *oldip,
	101	const union nf_inet_addr *newip,
	102	__be16 oldlen, __be16 newlen)
	103	{
	104	#ifdef CONFIG_IP_VS_IPV6
	105	if (af == AF_INET6)
	106	uhdr->check =
5bc9068e	107	~csum_fold(ip_vs_check_diff16(oldip->ip6, newip->ip6,
503e81f6	108	ip_vs_check_diff2(oldlen, newlen,
5bc9068e	109	csum_unfold(uhdr->check))));
503e81f6 SH	110	else
	111	#endif
	112	uhdr->check =
5bc9068e	113	~csum_fold(ip_vs_check_diff4(oldip->ip, newip->ip,
503e81f6	114	ip_vs_check_diff2(oldlen, newlen,
5bc9068e	115	csum_unfold(uhdr->check))));
503e81f6 SH	116	}
	117
	118
1da177e4	119	static int
3db05fea	120	udp_snat_handler(struct sk_buff *skb,
1da177e4 LT	121	struct ip_vs_protocol pp, struct ip_vs_conn cp)
	122	{
	123	struct udphdr *udph;
0bbdd42b	124	unsigned int udphoff;
503e81f6	125	int oldlen;
8b27b10f	126	int payload_csum = 0;
0bbdd42b JV	127
	128	#ifdef CONFIG_IP_VS_IPV6
	129	if (cp->af == AF_INET6)
	130	udphoff = sizeof(struct ipv6hdr);
	131	else
	132	#endif
	133	udphoff = ip_hdrlen(skb);
503e81f6	134	oldlen = skb->len - udphoff;
1da177e4 LT	135
1da177e4 LT	136	/* csum_check requires unshared skb */
3db05fea	137	if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
1da177e4 LT	138	return 0;
	139
	140	if (unlikely(cp->app != NULL)) {
8b27b10f JA	141	int ret;
8b27b10f JA	142
1da177e4	143	/* Some checks before mangling */
0bbdd42b	144	if (pp->csum_check && !pp->csum_check(cp->af, skb, pp))
1da177e4 LT	145	return 0;
	146
	147	/*
	148	* Call application helper if needed
	149	*/
8b27b10f	150	if (!(ret = ip_vs_app_pkt_out(cp, skb)))
1da177e4	151	return 0;
8b27b10f JA	152	/* ret=2: csum update is needed after payload mangling */
	153	if (ret == 1)
	154	oldlen = skb->len - udphoff;
	155	else
	156	payload_csum = 1;
1da177e4 LT	157	}
1da177e4 LT	158
0bbdd42b	159	udph = (void *)skb_network_header(skb) + udphoff;
1da177e4 LT	160	udph->source = cp->vport;
	161
	162	/*
	163	* Adjust UDP checksums
	164	*/
503e81f6 SH	165	if (skb->ip_summed == CHECKSUM_PARTIAL) {
503e81f6 SH	166	udp_partial_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
ca62059b HH	167	htons(oldlen),
ca62059b HH	168	htons(skb->len - udphoff));
8b27b10f	169	} else if (!payload_csum && (udph->check != 0)) {
1da177e4	170	/* Only port and addr are changed, do fast csum update */
0bbdd42b	171	udp_fast_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
1da177e4	172	cp->dport, cp->vport);
3db05fea	173	if (skb->ip_summed == CHECKSUM_COMPLETE)
8b27b10f JA	174	skb->ip_summed = (cp->app && pp->csum_check) ?
8b27b10f JA	175	CHECKSUM_UNNECESSARY : CHECKSUM_NONE;
1da177e4 LT	176	} else {
	177	/* full checksum calculation */
	178	udph->check = 0;
3db05fea	179	skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
0bbdd42b JV	180	#ifdef CONFIG_IP_VS_IPV6
	181	if (cp->af == AF_INET6)
	182	udph->check = csum_ipv6_magic(&cp->vaddr.in6,
	183	&cp->caddr.in6,
	184	skb->len - udphoff,
	185	cp->protocol, skb->csum);
	186	else
	187	#endif
	188	udph->check = csum_tcpudp_magic(cp->vaddr.ip,
	189	cp->caddr.ip,
	190	skb->len - udphoff,
	191	cp->protocol,
	192	skb->csum);
1da177e4	193	if (udph->check == 0)
f6ab0288	194	udph->check = CSUM_MANGLED_0;
8b27b10f	195	skb->ip_summed = CHECKSUM_UNNECESSARY;
1da177e4 LT	196	IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
	197	pp->name, udph->check,
	198	(char)&(udph->check) - (char)udph);
	199	}
	200	return 1;
	201	}
	202
	203
	204	static int
3db05fea	205	udp_dnat_handler(struct sk_buff *skb,
1da177e4 LT	206	struct ip_vs_protocol pp, struct ip_vs_conn cp)
	207	{
	208	struct udphdr *udph;
0bbdd42b	209	unsigned int udphoff;
503e81f6	210	int oldlen;
8b27b10f	211	int payload_csum = 0;
0bbdd42b JV	212
	213	#ifdef CONFIG_IP_VS_IPV6
	214	if (cp->af == AF_INET6)
	215	udphoff = sizeof(struct ipv6hdr);
	216	else
	217	#endif
	218	udphoff = ip_hdrlen(skb);
503e81f6	219	oldlen = skb->len - udphoff;
1da177e4 LT	220
1da177e4 LT	221	/* csum_check requires unshared skb */
3db05fea	222	if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
1da177e4 LT	223	return 0;
	224
	225	if (unlikely(cp->app != NULL)) {
8b27b10f JA	226	int ret;
8b27b10f JA	227
1da177e4	228	/* Some checks before mangling */
0bbdd42b	229	if (pp->csum_check && !pp->csum_check(cp->af, skb, pp))
1da177e4 LT	230	return 0;
	231
	232	/*
	233	* Attempt ip_vs_app call.
	234	* It will fix ip_vs_conn
	235	*/
8b27b10f	236	if (!(ret = ip_vs_app_pkt_in(cp, skb)))
1da177e4	237	return 0;
8b27b10f JA	238	/* ret=2: csum update is needed after payload mangling */
	239	if (ret == 1)
	240	oldlen = skb->len - udphoff;
	241	else
	242	payload_csum = 1;
1da177e4 LT	243	}
1da177e4 LT	244
0bbdd42b	245	udph = (void *)skb_network_header(skb) + udphoff;
1da177e4 LT	246	udph->dest = cp->dport;
	247
	248	/*
	249	* Adjust UDP checksums
	250	*/
503e81f6	251	if (skb->ip_summed == CHECKSUM_PARTIAL) {
5bc9068e	252	udp_partial_csum_update(cp->af, udph, &cp->vaddr, &cp->daddr,
ca62059b HH	253	htons(oldlen),
ca62059b HH	254	htons(skb->len - udphoff));
8b27b10f	255	} else if (!payload_csum && (udph->check != 0)) {
1da177e4	256	/* Only port and addr are changed, do fast csum update */
0bbdd42b	257	udp_fast_csum_update(cp->af, udph, &cp->vaddr, &cp->daddr,
1da177e4	258	cp->vport, cp->dport);
3db05fea	259	if (skb->ip_summed == CHECKSUM_COMPLETE)
8b27b10f JA	260	skb->ip_summed = (cp->app && pp->csum_check) ?
8b27b10f JA	261	CHECKSUM_UNNECESSARY : CHECKSUM_NONE;
1da177e4 LT	262	} else {
	263	/* full checksum calculation */
	264	udph->check = 0;
3db05fea	265	skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
0bbdd42b JV	266	#ifdef CONFIG_IP_VS_IPV6
	267	if (cp->af == AF_INET6)
	268	udph->check = csum_ipv6_magic(&cp->caddr.in6,
	269	&cp->daddr.in6,
	270	skb->len - udphoff,
	271	cp->protocol, skb->csum);
	272	else
	273	#endif
	274	udph->check = csum_tcpudp_magic(cp->caddr.ip,
	275	cp->daddr.ip,
	276	skb->len - udphoff,
	277	cp->protocol,
	278	skb->csum);
1da177e4	279	if (udph->check == 0)
f6ab0288	280	udph->check = CSUM_MANGLED_0;
3db05fea	281	skb->ip_summed = CHECKSUM_UNNECESSARY;
1da177e4 LT	282	}
	283	return 1;
	284	}
	285
	286
	287	static int
51ef348b	288	udp_csum_check(int af, struct sk_buff skb, struct ip_vs_protocol pp)
1da177e4 LT	289	{
1da177e4 LT	290	struct udphdr _udph, *uh;
51ef348b JV	291	unsigned int udphoff;
	292
	293	#ifdef CONFIG_IP_VS_IPV6
	294	if (af == AF_INET6)
	295	udphoff = sizeof(struct ipv6hdr);
	296	else
	297	#endif
	298	udphoff = ip_hdrlen(skb);
1da177e4 LT	299
	300	uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph);
	301	if (uh == NULL)
	302	return 0;
	303
	304	if (uh->check != 0) {
	305	switch (skb->ip_summed) {
	306	case CHECKSUM_NONE:
	307	skb->csum = skb_checksum(skb, udphoff,
	308	skb->len - udphoff, 0);
84fa7933	309	case CHECKSUM_COMPLETE:
51ef348b JV	310	#ifdef CONFIG_IP_VS_IPV6
	311	if (af == AF_INET6) {
	312	if (csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
	313	&ipv6_hdr(skb)->daddr,
	314	skb->len - udphoff,
	315	ipv6_hdr(skb)->nexthdr,
	316	skb->csum)) {
0d79641a	317	IP_VS_DBG_RL_PKT(0, af, pp, skb, 0,
51ef348b JV	318	"Failed checksum for");
	319	return 0;
	320	}
	321	} else
	322	#endif
	323	if (csum_tcpudp_magic(ip_hdr(skb)->saddr,
	324	ip_hdr(skb)->daddr,
	325	skb->len - udphoff,
	326	ip_hdr(skb)->protocol,
	327	skb->csum)) {
0d79641a	328	IP_VS_DBG_RL_PKT(0, af, pp, skb, 0,
51ef348b JV	329	"Failed checksum for");
	330	return 0;
	331	}
1da177e4 LT	332	break;
1da177e4 LT	333	default:
84fa7933	334	/* No need to checksum. */
1da177e4 LT	335	break;
	336	}
	337	}
	338	return 1;
	339	}
	340
	341
	342	/*
	343	* Note: the caller guarantees that only one of register_app,
	344	* unregister_app or app_conn_bind is called each time.
	345	*/
	346
	347	#define UDP_APP_TAB_BITS 4
	348	#define UDP_APP_TAB_SIZE (1 << UDP_APP_TAB_BITS)
	349	#define UDP_APP_TAB_MASK (UDP_APP_TAB_SIZE - 1)
	350
	351	static struct list_head udp_apps[UDP_APP_TAB_SIZE];
	352	static DEFINE_SPINLOCK(udp_app_lock);
	353
75e7ce66	354	static inline __u16 udp_app_hashkey(__be16 port)
1da177e4	355	{
75e7ce66 AV	356	return (((__force u16)port >> UDP_APP_TAB_BITS) ^ (__force u16)port)
75e7ce66 AV	357	& UDP_APP_TAB_MASK;
1da177e4 LT	358	}
	359
	360
	361	static int udp_register_app(struct ip_vs_app *inc)
	362	{
	363	struct ip_vs_app *i;
75e7ce66 AV	364	__u16 hash;
75e7ce66 AV	365	__be16 port = inc->port;
1da177e4 LT	366	int ret = 0;
	367
	368	hash = udp_app_hashkey(port);
	369
	370
	371	spin_lock_bh(&udp_app_lock);
	372	list_for_each_entry(i, &udp_apps[hash], p_list) {
	373	if (i->port == port) {
	374	ret = -EEXIST;
	375	goto out;
	376	}
	377	}
	378	list_add(&inc->p_list, &udp_apps[hash]);
	379	atomic_inc(&ip_vs_protocol_udp.appcnt);
	380
	381	out:
	382	spin_unlock_bh(&udp_app_lock);
	383	return ret;
	384	}
	385
	386
	387	static void
	388	udp_unregister_app(struct ip_vs_app *inc)
	389	{
	390	spin_lock_bh(&udp_app_lock);
	391	atomic_dec(&ip_vs_protocol_udp.appcnt);
	392	list_del(&inc->p_list);
	393	spin_unlock_bh(&udp_app_lock);
	394	}
	395
	396
	397	static int udp_app_conn_bind(struct ip_vs_conn *cp)
	398	{
	399	int hash;
	400	struct ip_vs_app *inc;
	401	int result = 0;
	402
	403	/* Default binding: bind app only for NAT */
	404	if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ)
	405	return 0;
	406
	407	/* Lookup application incarnations and bind the right one */
	408	hash = udp_app_hashkey(cp->vport);
	409
	410	spin_lock(&udp_app_lock);
	411	list_for_each_entry(inc, &udp_apps[hash], p_list) {
	412	if (inc->port == cp->vport) {
	413	if (unlikely(!ip_vs_app_inc_get(inc)))
	414	break;
	415	spin_unlock(&udp_app_lock);
	416
1e3e238e	417	IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->"
cfc78c5a JV	418	"%s:%u to app %s on port %u\n",
	419	__func__,
	420	IP_VS_DBG_ADDR(cp->af, &cp->caddr),
	421	ntohs(cp->cport),
	422	IP_VS_DBG_ADDR(cp->af, &cp->vaddr),
	423	ntohs(cp->vport),
	424	inc->name, ntohs(inc->port));
	425
1da177e4 LT	426	cp->app = inc;
	427	if (inc->init_conn)
	428	result = inc->init_conn(inc, cp);
	429	goto out;
	430	}
	431	}
	432	spin_unlock(&udp_app_lock);
	433
	434	out:
	435	return result;
	436	}
	437
	438
	439	static int udp_timeouts[IP_VS_UDP_S_LAST+1] = {
	440	[IP_VS_UDP_S_NORMAL] = 560HZ,
	441	[IP_VS_UDP_S_LAST] = 2*HZ,
	442	};
	443
36cbd3dc	444	static const char *const udp_state_name_table[IP_VS_UDP_S_LAST+1] = {
1da177e4 LT	445	[IP_VS_UDP_S_NORMAL] = "UDP",
	446	[IP_VS_UDP_S_LAST] = "BUG!",
	447	};
	448
	449
	450	static int
	451	udp_set_state_timeout(struct ip_vs_protocol pp, char sname, int to)
	452	{
	453	return ip_vs_set_state_timeout(pp->timeout_table, IP_VS_UDP_S_LAST,
	454	udp_state_name_table, sname, to);
	455	}
	456
	457	static const char * udp_state_name(int state)
	458	{
	459	if (state >= IP_VS_UDP_S_LAST)
	460	return "ERR!";
	461	return udp_state_name_table[state] ? udp_state_name_table[state] : "?";
	462	}
	463
	464	static int
	465	udp_state_transition(struct ip_vs_conn *cp, int direction,
	466	const struct sk_buff *skb,
	467	struct ip_vs_protocol *pp)
	468	{
	469	cp->timeout = pp->timeout_table[IP_VS_UDP_S_NORMAL];
	470	return 1;
	471	}
	472
	473	static void udp_init(struct ip_vs_protocol *pp)
	474	{
	475	IP_VS_INIT_HASH_TABLE(udp_apps);
	476	pp->timeout_table = udp_timeouts;
	477	}
	478
	479	static void udp_exit(struct ip_vs_protocol *pp)
	480	{
	481	}
	482
	483
	484	struct ip_vs_protocol ip_vs_protocol_udp = {
	485	.name = "UDP",
	486	.protocol = IPPROTO_UDP,
2ad17def	487	.num_states = IP_VS_UDP_S_LAST,
1da177e4 LT	488	.dont_defrag = 0,
	489	.init = udp_init,
	490	.exit = udp_exit,
	491	.conn_schedule = udp_conn_schedule,
5c0d2374 SH	492	.conn_in_get = ip_vs_conn_in_get_proto,
5c0d2374 SH	493	.conn_out_get = ip_vs_conn_out_get_proto,
1da177e4 LT	494	.snat_handler = udp_snat_handler,
	495	.dnat_handler = udp_dnat_handler,
	496	.csum_check = udp_csum_check,
	497	.state_transition = udp_state_transition,
	498	.state_name = udp_state_name,
	499	.register_app = udp_register_app,
	500	.unregister_app = udp_unregister_app,
	501	.app_conn_bind = udp_app_conn_bind,
	502	.debug_packet = ip_vs_tcpudp_debug_packet,
	503	.timeout_change = NULL,
	504	.set_state_timeout = udp_set_state_timeout,
	505	};