2 * IPVS An implementation of the IP virtual server support for the
3 * LINUX operating system. IPVS is now implemented as a module
4 * over the NetFilter framework. IPVS can be used to build a
5 * high-performance and highly available server based on a
8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
9 * Peter Kese <peter.kese@ijs.si>
10 * Julian Anastasov <ja@ssi.bg>
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
21 #include <linux/module.h>
22 #include <linux/init.h>
23 #include <linux/types.h>
24 #include <linux/capability.h>
26 #include <linux/sysctl.h>
27 #include <linux/proc_fs.h>
28 #include <linux/workqueue.h>
29 #include <linux/swap.h>
30 #include <linux/seq_file.h>
32 #include <linux/netfilter.h>
33 #include <linux/netfilter_ipv4.h>
34 #include <linux/mutex.h>
36 #include <net/net_namespace.h>
38 #ifdef CONFIG_IP_VS_IPV6
40 #include <net/ip6_route.h>
42 #include <net/route.h>
44 #include <net/genetlink.h>
46 #include <asm/uaccess.h>
48 #include <net/ip_vs.h>
50 /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
51 static DEFINE_MUTEX(__ip_vs_mutex);
53 /* lock for service table */
54 static DEFINE_RWLOCK(__ip_vs_svc_lock);
56 /* lock for table with the real services */
57 static DEFINE_RWLOCK(__ip_vs_rs_lock);
59 /* lock for state and timeout tables */
60 static DEFINE_RWLOCK(__ip_vs_securetcp_lock);
62 /* lock for drop entry handling */
63 static DEFINE_SPINLOCK(__ip_vs_dropentry_lock);
65 /* lock for drop packet handling */
66 static DEFINE_SPINLOCK(__ip_vs_droppacket_lock);
68 /* 1/rate drop and drop-entry variables */
69 int ip_vs_drop_rate = 0;
70 int ip_vs_drop_counter = 0;
71 static atomic_t ip_vs_dropentry = ATOMIC_INIT(0);
73 /* number of virtual services */
74 static int ip_vs_num_services = 0;
76 /* sysctl variables */
77 static int sysctl_ip_vs_drop_entry = 0;
78 static int sysctl_ip_vs_drop_packet = 0;
79 static int sysctl_ip_vs_secure_tcp = 0;
80 static int sysctl_ip_vs_amemthresh = 1024;
81 static int sysctl_ip_vs_am_droprate = 10;
82 int sysctl_ip_vs_cache_bypass = 0;
83 int sysctl_ip_vs_expire_nodest_conn = 0;
84 int sysctl_ip_vs_expire_quiescent_template = 0;
85 int sysctl_ip_vs_sync_threshold[2] = { 3, 50 };
86 int sysctl_ip_vs_nat_icmp_send = 0;
89 #ifdef CONFIG_IP_VS_DEBUG
90 static int sysctl_ip_vs_debug_level = 0;
92 int ip_vs_get_debug_level(void)
94 return sysctl_ip_vs_debug_level;
98 #ifdef CONFIG_IP_VS_IPV6
99 /* Taken from rt6_fill_node() in net/ipv6/route.c, is there a better way? */
100 static int __ip_vs_addr_is_local_v6(const struct in6_addr *addr)
108 .saddr = { .s6_addr32 = {0, 0, 0, 0} }, } },
111 rt = (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
112 if (rt && rt->rt6i_dev && (rt->rt6i_dev->flags & IFF_LOOPBACK))
119 * update_defense_level is called from keventd and from sysctl,
120 * so it needs to protect itself from softirqs
122 static void update_defense_level(void)
125 static int old_secure_tcp = 0;
130 /* we only count free and buffered memory (in pages) */
132 availmem = i.freeram + i.bufferram;
133 /* however in linux 2.5 the i.bufferram is total page cache size,
135 /* si_swapinfo(&i); */
136 /* availmem = availmem - (i.totalswap - i.freeswap); */
138 nomem = (availmem < sysctl_ip_vs_amemthresh);
143 spin_lock(&__ip_vs_dropentry_lock);
144 switch (sysctl_ip_vs_drop_entry) {
146 atomic_set(&ip_vs_dropentry, 0);
150 atomic_set(&ip_vs_dropentry, 1);
151 sysctl_ip_vs_drop_entry = 2;
153 atomic_set(&ip_vs_dropentry, 0);
158 atomic_set(&ip_vs_dropentry, 1);
160 atomic_set(&ip_vs_dropentry, 0);
161 sysctl_ip_vs_drop_entry = 1;
165 atomic_set(&ip_vs_dropentry, 1);
168 spin_unlock(&__ip_vs_dropentry_lock);
171 spin_lock(&__ip_vs_droppacket_lock);
172 switch (sysctl_ip_vs_drop_packet) {
178 ip_vs_drop_rate = ip_vs_drop_counter
179 = sysctl_ip_vs_amemthresh /
180 (sysctl_ip_vs_amemthresh-availmem);
181 sysctl_ip_vs_drop_packet = 2;
188 ip_vs_drop_rate = ip_vs_drop_counter
189 = sysctl_ip_vs_amemthresh /
190 (sysctl_ip_vs_amemthresh-availmem);
193 sysctl_ip_vs_drop_packet = 1;
197 ip_vs_drop_rate = sysctl_ip_vs_am_droprate;
200 spin_unlock(&__ip_vs_droppacket_lock);
203 write_lock(&__ip_vs_securetcp_lock);
204 switch (sysctl_ip_vs_secure_tcp) {
206 if (old_secure_tcp >= 2)
211 if (old_secure_tcp < 2)
213 sysctl_ip_vs_secure_tcp = 2;
215 if (old_secure_tcp >= 2)
221 if (old_secure_tcp < 2)
224 if (old_secure_tcp >= 2)
226 sysctl_ip_vs_secure_tcp = 1;
230 if (old_secure_tcp < 2)
234 old_secure_tcp = sysctl_ip_vs_secure_tcp;
236 ip_vs_protocol_timeout_change(sysctl_ip_vs_secure_tcp>1);
237 write_unlock(&__ip_vs_securetcp_lock);
244 * Timer for checking the defense
246 #define DEFENSE_TIMER_PERIOD 1*HZ
247 static void defense_work_handler(struct work_struct *work);
248 static DECLARE_DELAYED_WORK(defense_work, defense_work_handler);
250 static void defense_work_handler(struct work_struct *work)
252 update_defense_level();
253 if (atomic_read(&ip_vs_dropentry))
254 ip_vs_random_dropentry();
256 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
260 ip_vs_use_count_inc(void)
262 return try_module_get(THIS_MODULE);
266 ip_vs_use_count_dec(void)
268 module_put(THIS_MODULE);
273 * Hash table: for virtual service lookups
275 #define IP_VS_SVC_TAB_BITS 8
276 #define IP_VS_SVC_TAB_SIZE (1 << IP_VS_SVC_TAB_BITS)
277 #define IP_VS_SVC_TAB_MASK (IP_VS_SVC_TAB_SIZE - 1)
279 /* the service table hashed by <protocol, addr, port> */
280 static struct list_head ip_vs_svc_table[IP_VS_SVC_TAB_SIZE];
281 /* the service table hashed by fwmark */
282 static struct list_head ip_vs_svc_fwm_table[IP_VS_SVC_TAB_SIZE];
285 * Hash table: for real service lookups
287 #define IP_VS_RTAB_BITS 4
288 #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
289 #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
291 static struct list_head ip_vs_rtable[IP_VS_RTAB_SIZE];
294 * Trash for destinations
296 static LIST_HEAD(ip_vs_dest_trash);
299 * FTP & NULL virtual service counters
301 static atomic_t ip_vs_ftpsvc_counter = ATOMIC_INIT(0);
302 static atomic_t ip_vs_nullsvc_counter = ATOMIC_INIT(0);
306 * Returns hash value for virtual service
308 static __inline__ unsigned
309 ip_vs_svc_hashkey(int af, unsigned proto, const union nf_inet_addr *addr,
312 register unsigned porth = ntohs(port);
313 __be32 addr_fold = addr->ip;
315 #ifdef CONFIG_IP_VS_IPV6
317 addr_fold = addr->ip6[0]^addr->ip6[1]^
318 addr->ip6[2]^addr->ip6[3];
321 return (proto^ntohl(addr_fold)^(porth>>IP_VS_SVC_TAB_BITS)^porth)
322 & IP_VS_SVC_TAB_MASK;
326 * Returns hash value of fwmark for virtual service lookup
328 static __inline__ unsigned ip_vs_svc_fwm_hashkey(__u32 fwmark)
330 return fwmark & IP_VS_SVC_TAB_MASK;
334 * Hashes a service in the ip_vs_svc_table by <proto,addr,port>
335 * or in the ip_vs_svc_fwm_table by fwmark.
336 * Should be called with locked tables.
338 static int ip_vs_svc_hash(struct ip_vs_service *svc)
342 if (svc->flags & IP_VS_SVC_F_HASHED) {
343 IP_VS_ERR("ip_vs_svc_hash(): request for already hashed, "
344 "called from %p\n", __builtin_return_address(0));
348 if (svc->fwmark == 0) {
350 * Hash it by <protocol,addr,port> in ip_vs_svc_table
352 hash = ip_vs_svc_hashkey(svc->af, svc->protocol, &svc->addr,
354 list_add(&svc->s_list, &ip_vs_svc_table[hash]);
357 * Hash it by fwmark in ip_vs_svc_fwm_table
359 hash = ip_vs_svc_fwm_hashkey(svc->fwmark);
360 list_add(&svc->f_list, &ip_vs_svc_fwm_table[hash]);
363 svc->flags |= IP_VS_SVC_F_HASHED;
364 /* increase its refcnt because it is referenced by the svc table */
365 atomic_inc(&svc->refcnt);
371 * Unhashes a service from ip_vs_svc_table/ip_vs_svc_fwm_table.
372 * Should be called with locked tables.
374 static int ip_vs_svc_unhash(struct ip_vs_service *svc)
376 if (!(svc->flags & IP_VS_SVC_F_HASHED)) {
377 IP_VS_ERR("ip_vs_svc_unhash(): request for unhash flagged, "
378 "called from %p\n", __builtin_return_address(0));
382 if (svc->fwmark == 0) {
383 /* Remove it from the ip_vs_svc_table table */
384 list_del(&svc->s_list);
386 /* Remove it from the ip_vs_svc_fwm_table table */
387 list_del(&svc->f_list);
390 svc->flags &= ~IP_VS_SVC_F_HASHED;
391 atomic_dec(&svc->refcnt);
397 * Get service by {proto,addr,port} in the service table.
399 static inline struct ip_vs_service *
400 __ip_vs_service_get(int af, __u16 protocol, const union nf_inet_addr *vaddr,
404 struct ip_vs_service *svc;
406 /* Check for "full" addressed entries */
407 hash = ip_vs_svc_hashkey(af, protocol, vaddr, vport);
409 list_for_each_entry(svc, &ip_vs_svc_table[hash], s_list){
411 && ip_vs_addr_equal(af, &svc->addr, vaddr)
412 && (svc->port == vport)
413 && (svc->protocol == protocol)) {
415 atomic_inc(&svc->usecnt);
425 * Get service by {fwmark} in the service table.
427 static inline struct ip_vs_service *
428 __ip_vs_svc_fwm_get(int af, __u32 fwmark)
431 struct ip_vs_service *svc;
433 /* Check for fwmark addressed entries */
434 hash = ip_vs_svc_fwm_hashkey(fwmark);
436 list_for_each_entry(svc, &ip_vs_svc_fwm_table[hash], f_list) {
437 if (svc->fwmark == fwmark && svc->af == af) {
439 atomic_inc(&svc->usecnt);
447 struct ip_vs_service *
448 ip_vs_service_get(int af, __u32 fwmark, __u16 protocol,
449 const union nf_inet_addr *vaddr, __be16 vport)
451 struct ip_vs_service *svc;
453 read_lock(&__ip_vs_svc_lock);
456 * Check the table hashed by fwmark first
458 if (fwmark && (svc = __ip_vs_svc_fwm_get(af, fwmark)))
462 * Check the table hashed by <protocol,addr,port>
463 * for "full" addressed entries
465 svc = __ip_vs_service_get(af, protocol, vaddr, vport);
468 && protocol == IPPROTO_TCP
469 && atomic_read(&ip_vs_ftpsvc_counter)
470 && (vport == FTPDATA || ntohs(vport) >= PROT_SOCK)) {
472 * Check if ftp service entry exists, the packet
473 * might belong to FTP data connections.
475 svc = __ip_vs_service_get(af, protocol, vaddr, FTPPORT);
479 && atomic_read(&ip_vs_nullsvc_counter)) {
481 * Check if the catch-all port (port zero) exists
483 svc = __ip_vs_service_get(af, protocol, vaddr, 0);
487 read_unlock(&__ip_vs_svc_lock);
489 IP_VS_DBG_BUF(9, "lookup service: fwm %u %s %s:%u %s\n",
490 fwmark, ip_vs_proto_name(protocol),
491 IP_VS_DBG_ADDR(af, vaddr), ntohs(vport),
492 svc ? "hit" : "not hit");
499 __ip_vs_bind_svc(struct ip_vs_dest *dest, struct ip_vs_service *svc)
501 atomic_inc(&svc->refcnt);
506 __ip_vs_unbind_svc(struct ip_vs_dest *dest)
508 struct ip_vs_service *svc = dest->svc;
511 if (atomic_dec_and_test(&svc->refcnt))
517 * Returns hash value for real service
519 static inline unsigned ip_vs_rs_hashkey(int af,
520 const union nf_inet_addr *addr,
523 register unsigned porth = ntohs(port);
524 __be32 addr_fold = addr->ip;
526 #ifdef CONFIG_IP_VS_IPV6
528 addr_fold = addr->ip6[0]^addr->ip6[1]^
529 addr->ip6[2]^addr->ip6[3];
532 return (ntohl(addr_fold)^(porth>>IP_VS_RTAB_BITS)^porth)
537 * Hashes ip_vs_dest in ip_vs_rtable by <proto,addr,port>.
538 * should be called with locked tables.
540 static int ip_vs_rs_hash(struct ip_vs_dest *dest)
544 if (!list_empty(&dest->d_list)) {
549 * Hash by proto,addr,port,
550 * which are the parameters of the real service.
552 hash = ip_vs_rs_hashkey(dest->af, &dest->addr, dest->port);
554 list_add(&dest->d_list, &ip_vs_rtable[hash]);
560 * UNhashes ip_vs_dest from ip_vs_rtable.
561 * should be called with locked tables.
563 static int ip_vs_rs_unhash(struct ip_vs_dest *dest)
566 * Remove it from the ip_vs_rtable table.
568 if (!list_empty(&dest->d_list)) {
569 list_del(&dest->d_list);
570 INIT_LIST_HEAD(&dest->d_list);
577 * Lookup real service by <proto,addr,port> in the real service table.
580 ip_vs_lookup_real_service(int af, __u16 protocol,
581 const union nf_inet_addr *daddr,
585 struct ip_vs_dest *dest;
588 * Check for "full" addressed entries
589 * Return the first found entry
591 hash = ip_vs_rs_hashkey(af, daddr, dport);
593 read_lock(&__ip_vs_rs_lock);
594 list_for_each_entry(dest, &ip_vs_rtable[hash], d_list) {
596 && ip_vs_addr_equal(af, &dest->addr, daddr)
597 && (dest->port == dport)
598 && ((dest->protocol == protocol) ||
601 read_unlock(&__ip_vs_rs_lock);
605 read_unlock(&__ip_vs_rs_lock);
611 * Lookup destination by {addr,port} in the given service
613 static struct ip_vs_dest *
614 ip_vs_lookup_dest(struct ip_vs_service *svc, const union nf_inet_addr *daddr,
617 struct ip_vs_dest *dest;
620 * Find the destination for the given service
622 list_for_each_entry(dest, &svc->destinations, n_list) {
623 if ((dest->af == svc->af)
624 && ip_vs_addr_equal(svc->af, &dest->addr, daddr)
625 && (dest->port == dport)) {
635 * Find destination by {daddr,dport,vaddr,protocol}
636 * Cretaed to be used in ip_vs_process_message() in
637 * the backup synchronization daemon. It finds the
638 * destination to be bound to the received connection
641 * ip_vs_lookup_real_service() looked promissing, but
642 * seems not working as expected.
644 struct ip_vs_dest *ip_vs_find_dest(int af, const union nf_inet_addr *daddr,
646 const union nf_inet_addr *vaddr,
647 __be16 vport, __u16 protocol)
649 struct ip_vs_dest *dest;
650 struct ip_vs_service *svc;
652 svc = ip_vs_service_get(af, 0, protocol, vaddr, vport);
655 dest = ip_vs_lookup_dest(svc, daddr, dport);
657 atomic_inc(&dest->refcnt);
658 ip_vs_service_put(svc);
663 * Lookup dest by {svc,addr,port} in the destination trash.
664 * The destination trash is used to hold the destinations that are removed
665 * from the service table but are still referenced by some conn entries.
666 * The reason to add the destination trash is when the dest is temporary
667 * down (either by administrator or by monitor program), the dest can be
668 * picked back from the trash, the remaining connections to the dest can
669 * continue, and the counting information of the dest is also useful for
672 static struct ip_vs_dest *
673 ip_vs_trash_get_dest(struct ip_vs_service *svc, const union nf_inet_addr *daddr,
676 struct ip_vs_dest *dest, *nxt;
679 * Find the destination in trash
681 list_for_each_entry_safe(dest, nxt, &ip_vs_dest_trash, n_list) {
682 IP_VS_DBG_BUF(3, "Destination %u/%s:%u still in trash, "
685 IP_VS_DBG_ADDR(svc->af, &dest->addr),
687 atomic_read(&dest->refcnt));
688 if (dest->af == svc->af &&
689 ip_vs_addr_equal(svc->af, &dest->addr, daddr) &&
690 dest->port == dport &&
691 dest->vfwmark == svc->fwmark &&
692 dest->protocol == svc->protocol &&
694 (ip_vs_addr_equal(svc->af, &dest->vaddr, &svc->addr) &&
695 dest->vport == svc->port))) {
701 * Try to purge the destination from trash if not referenced
703 if (atomic_read(&dest->refcnt) == 1) {
704 IP_VS_DBG_BUF(3, "Removing destination %u/%s:%u "
707 IP_VS_DBG_ADDR(svc->af, &dest->addr),
709 list_del(&dest->n_list);
710 ip_vs_dst_reset(dest);
711 __ip_vs_unbind_svc(dest);
721 * Clean up all the destinations in the trash
722 * Called by the ip_vs_control_cleanup()
724 * When the ip_vs_control_clearup is activated by ipvs module exit,
725 * the service tables must have been flushed and all the connections
726 * are expired, and the refcnt of each destination in the trash must
727 * be 1, so we simply release them here.
729 static void ip_vs_trash_cleanup(void)
731 struct ip_vs_dest *dest, *nxt;
733 list_for_each_entry_safe(dest, nxt, &ip_vs_dest_trash, n_list) {
734 list_del(&dest->n_list);
735 ip_vs_dst_reset(dest);
736 __ip_vs_unbind_svc(dest);
743 ip_vs_zero_stats(struct ip_vs_stats *stats)
745 spin_lock_bh(&stats->lock);
759 ip_vs_zero_estimator(stats);
761 spin_unlock_bh(&stats->lock);
765 * Update a destination in the given service
768 __ip_vs_update_dest(struct ip_vs_service *svc,
769 struct ip_vs_dest *dest, struct ip_vs_dest_user_kern *udest)
773 /* set the weight and the flags */
774 atomic_set(&dest->weight, udest->weight);
775 conn_flags = udest->conn_flags | IP_VS_CONN_F_INACTIVE;
777 /* check if local node and update the flags */
778 #ifdef CONFIG_IP_VS_IPV6
779 if (svc->af == AF_INET6) {
780 if (__ip_vs_addr_is_local_v6(&udest->addr.in6)) {
781 conn_flags = (conn_flags & ~IP_VS_CONN_F_FWD_MASK)
782 | IP_VS_CONN_F_LOCALNODE;
786 if (inet_addr_type(&init_net, udest->addr.ip) == RTN_LOCAL) {
787 conn_flags = (conn_flags & ~IP_VS_CONN_F_FWD_MASK)
788 | IP_VS_CONN_F_LOCALNODE;
791 /* set the IP_VS_CONN_F_NOOUTPUT flag if not masquerading/NAT */
792 if ((conn_flags & IP_VS_CONN_F_FWD_MASK) != 0) {
793 conn_flags |= IP_VS_CONN_F_NOOUTPUT;
796 * Put the real service in ip_vs_rtable if not present.
797 * For now only for NAT!
799 write_lock_bh(&__ip_vs_rs_lock);
801 write_unlock_bh(&__ip_vs_rs_lock);
803 atomic_set(&dest->conn_flags, conn_flags);
805 /* bind the service */
807 __ip_vs_bind_svc(dest, svc);
809 if (dest->svc != svc) {
810 __ip_vs_unbind_svc(dest);
811 ip_vs_zero_stats(&dest->stats);
812 __ip_vs_bind_svc(dest, svc);
816 /* set the dest status flags */
817 dest->flags |= IP_VS_DEST_F_AVAILABLE;
819 if (udest->u_threshold == 0 || udest->u_threshold > dest->u_threshold)
820 dest->flags &= ~IP_VS_DEST_F_OVERLOAD;
821 dest->u_threshold = udest->u_threshold;
822 dest->l_threshold = udest->l_threshold;
827 * Create a destination for the given service
830 ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
831 struct ip_vs_dest **dest_p)
833 struct ip_vs_dest *dest;
838 #ifdef CONFIG_IP_VS_IPV6
839 if (svc->af == AF_INET6) {
840 atype = ipv6_addr_type(&udest->addr.in6);
841 if (!(atype & IPV6_ADDR_UNICAST) &&
842 !__ip_vs_addr_is_local_v6(&udest->addr.in6))
847 atype = inet_addr_type(&init_net, udest->addr.ip);
848 if (atype != RTN_LOCAL && atype != RTN_UNICAST)
852 dest = kzalloc(sizeof(struct ip_vs_dest), GFP_ATOMIC);
854 IP_VS_ERR("ip_vs_new_dest: kmalloc failed.\n");
859 dest->protocol = svc->protocol;
860 dest->vaddr = svc->addr;
861 dest->vport = svc->port;
862 dest->vfwmark = svc->fwmark;
863 ip_vs_addr_copy(svc->af, &dest->addr, &udest->addr);
864 dest->port = udest->port;
866 atomic_set(&dest->activeconns, 0);
867 atomic_set(&dest->inactconns, 0);
868 atomic_set(&dest->persistconns, 0);
869 atomic_set(&dest->refcnt, 0);
871 INIT_LIST_HEAD(&dest->d_list);
872 spin_lock_init(&dest->dst_lock);
873 spin_lock_init(&dest->stats.lock);
874 __ip_vs_update_dest(svc, dest, udest);
875 ip_vs_new_estimator(&dest->stats);
885 * Add a destination into an existing service
888 ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
890 struct ip_vs_dest *dest;
891 union nf_inet_addr daddr;
892 __be16 dport = udest->port;
897 if (udest->weight < 0) {
898 IP_VS_ERR("ip_vs_add_dest(): server weight less than zero\n");
902 if (udest->l_threshold > udest->u_threshold) {
903 IP_VS_ERR("ip_vs_add_dest(): lower threshold is higher than "
904 "upper threshold\n");
908 ip_vs_addr_copy(svc->af, &daddr, &udest->addr);
911 * Check if the dest already exists in the list
913 dest = ip_vs_lookup_dest(svc, &daddr, dport);
916 IP_VS_DBG(1, "ip_vs_add_dest(): dest already exists\n");
921 * Check if the dest already exists in the trash and
922 * is from the same service
924 dest = ip_vs_trash_get_dest(svc, &daddr, dport);
927 IP_VS_DBG_BUF(3, "Get destination %s:%u from trash, "
928 "dest->refcnt=%d, service %u/%s:%u\n",
929 IP_VS_DBG_ADDR(svc->af, &daddr), ntohs(dport),
930 atomic_read(&dest->refcnt),
932 IP_VS_DBG_ADDR(svc->af, &dest->vaddr),
935 __ip_vs_update_dest(svc, dest, udest);
938 * Get the destination from the trash
940 list_del(&dest->n_list);
942 ip_vs_new_estimator(&dest->stats);
944 write_lock_bh(&__ip_vs_svc_lock);
947 * Wait until all other svc users go away.
949 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
951 list_add(&dest->n_list, &svc->destinations);
954 /* call the update_service function of its scheduler */
955 if (svc->scheduler->update_service)
956 svc->scheduler->update_service(svc);
958 write_unlock_bh(&__ip_vs_svc_lock);
963 * Allocate and initialize the dest structure
965 ret = ip_vs_new_dest(svc, udest, &dest);
971 * Add the dest entry into the list
973 atomic_inc(&dest->refcnt);
975 write_lock_bh(&__ip_vs_svc_lock);
978 * Wait until all other svc users go away.
980 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
982 list_add(&dest->n_list, &svc->destinations);
985 /* call the update_service function of its scheduler */
986 if (svc->scheduler->update_service)
987 svc->scheduler->update_service(svc);
989 write_unlock_bh(&__ip_vs_svc_lock);
998 * Edit a destination in the given service
1001 ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1003 struct ip_vs_dest *dest;
1004 union nf_inet_addr daddr;
1005 __be16 dport = udest->port;
1009 if (udest->weight < 0) {
1010 IP_VS_ERR("ip_vs_edit_dest(): server weight less than zero\n");
1014 if (udest->l_threshold > udest->u_threshold) {
1015 IP_VS_ERR("ip_vs_edit_dest(): lower threshold is higher than "
1016 "upper threshold\n");
1020 ip_vs_addr_copy(svc->af, &daddr, &udest->addr);
1023 * Lookup the destination list
1025 dest = ip_vs_lookup_dest(svc, &daddr, dport);
1028 IP_VS_DBG(1, "ip_vs_edit_dest(): dest doesn't exist\n");
1032 __ip_vs_update_dest(svc, dest, udest);
1034 write_lock_bh(&__ip_vs_svc_lock);
1036 /* Wait until all other svc users go away */
1037 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1039 /* call the update_service, because server weight may be changed */
1040 if (svc->scheduler->update_service)
1041 svc->scheduler->update_service(svc);
1043 write_unlock_bh(&__ip_vs_svc_lock);
1052 * Delete a destination (must be already unlinked from the service)
1054 static void __ip_vs_del_dest(struct ip_vs_dest *dest)
1056 ip_vs_kill_estimator(&dest->stats);
1059 * Remove it from the d-linked list with the real services.
1061 write_lock_bh(&__ip_vs_rs_lock);
1062 ip_vs_rs_unhash(dest);
1063 write_unlock_bh(&__ip_vs_rs_lock);
1066 * Decrease the refcnt of the dest, and free the dest
1067 * if nobody refers to it (refcnt=0). Otherwise, throw
1068 * the destination into the trash.
1070 if (atomic_dec_and_test(&dest->refcnt)) {
1071 ip_vs_dst_reset(dest);
1072 /* simply decrease svc->refcnt here, let the caller check
1073 and release the service if nobody refers to it.
1074 Only user context can release destination and service,
1075 and only one user context can update virtual service at a
1076 time, so the operation here is OK */
1077 atomic_dec(&dest->svc->refcnt);
1080 IP_VS_DBG_BUF(3, "Moving dest %s:%u into trash, "
1081 "dest->refcnt=%d\n",
1082 IP_VS_DBG_ADDR(dest->af, &dest->addr),
1084 atomic_read(&dest->refcnt));
1085 list_add(&dest->n_list, &ip_vs_dest_trash);
1086 atomic_inc(&dest->refcnt);
1092 * Unlink a destination from the given service
1094 static void __ip_vs_unlink_dest(struct ip_vs_service *svc,
1095 struct ip_vs_dest *dest,
1098 dest->flags &= ~IP_VS_DEST_F_AVAILABLE;
1101 * Remove it from the d-linked destination list.
1103 list_del(&dest->n_list);
1107 * Call the update_service function of its scheduler
1109 if (svcupd && svc->scheduler->update_service)
1110 svc->scheduler->update_service(svc);
1115 * Delete a destination server in the given service
1118 ip_vs_del_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1120 struct ip_vs_dest *dest;
1121 __be16 dport = udest->port;
1125 dest = ip_vs_lookup_dest(svc, &udest->addr, dport);
1128 IP_VS_DBG(1, "ip_vs_del_dest(): destination not found!\n");
1132 write_lock_bh(&__ip_vs_svc_lock);
1135 * Wait until all other svc users go away.
1137 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1140 * Unlink dest from the service
1142 __ip_vs_unlink_dest(svc, dest, 1);
1144 write_unlock_bh(&__ip_vs_svc_lock);
1147 * Delete the destination
1149 __ip_vs_del_dest(dest);
1158 * Add a service into the service hash table
1161 ip_vs_add_service(struct ip_vs_service_user_kern *u,
1162 struct ip_vs_service **svc_p)
1165 struct ip_vs_scheduler *sched = NULL;
1166 struct ip_vs_service *svc = NULL;
1168 /* increase the module use count */
1169 ip_vs_use_count_inc();
1171 /* Lookup the scheduler by 'u->sched_name' */
1172 sched = ip_vs_scheduler_get(u->sched_name);
1173 if (sched == NULL) {
1174 IP_VS_INFO("Scheduler module ip_vs_%s not found\n",
1180 #ifdef CONFIG_IP_VS_IPV6
1181 if (u->af == AF_INET6) {
1182 if (!sched->supports_ipv6) {
1183 ret = -EAFNOSUPPORT;
1186 if ((u->netmask < 1) || (u->netmask > 128)) {
1193 svc = kzalloc(sizeof(struct ip_vs_service), GFP_ATOMIC);
1195 IP_VS_DBG(1, "ip_vs_add_service: kmalloc failed.\n");
1200 /* I'm the first user of the service */
1201 atomic_set(&svc->usecnt, 1);
1202 atomic_set(&svc->refcnt, 0);
1205 svc->protocol = u->protocol;
1206 ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
1207 svc->port = u->port;
1208 svc->fwmark = u->fwmark;
1209 svc->flags = u->flags;
1210 svc->timeout = u->timeout * HZ;
1211 svc->netmask = u->netmask;
1213 INIT_LIST_HEAD(&svc->destinations);
1214 rwlock_init(&svc->sched_lock);
1215 spin_lock_init(&svc->stats.lock);
1217 /* Bind the scheduler */
1218 ret = ip_vs_bind_scheduler(svc, sched);
1223 /* Update the virtual service counters */
1224 if (svc->port == FTPPORT)
1225 atomic_inc(&ip_vs_ftpsvc_counter);
1226 else if (svc->port == 0)
1227 atomic_inc(&ip_vs_nullsvc_counter);
1229 ip_vs_new_estimator(&svc->stats);
1231 /* Count only IPv4 services for old get/setsockopt interface */
1232 if (svc->af == AF_INET)
1233 ip_vs_num_services++;
1235 /* Hash the service into the service table */
1236 write_lock_bh(&__ip_vs_svc_lock);
1237 ip_vs_svc_hash(svc);
1238 write_unlock_bh(&__ip_vs_svc_lock);
1246 ip_vs_unbind_scheduler(svc);
1249 ip_vs_app_inc_put(svc->inc);
1254 ip_vs_scheduler_put(sched);
1257 /* decrease the module use count */
1258 ip_vs_use_count_dec();
1265 * Edit a service and bind it with a new scheduler
1268 ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u)
1270 struct ip_vs_scheduler *sched, *old_sched;
1274 * Lookup the scheduler, by 'u->sched_name'
1276 sched = ip_vs_scheduler_get(u->sched_name);
1277 if (sched == NULL) {
1278 IP_VS_INFO("Scheduler module ip_vs_%s not found\n",
1284 #ifdef CONFIG_IP_VS_IPV6
1285 if (u->af == AF_INET6) {
1286 if (!sched->supports_ipv6) {
1287 ret = -EAFNOSUPPORT;
1290 if ((u->netmask < 1) || (u->netmask > 128)) {
1297 write_lock_bh(&__ip_vs_svc_lock);
1300 * Wait until all other svc users go away.
1302 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1305 * Set the flags and timeout value
1307 svc->flags = u->flags | IP_VS_SVC_F_HASHED;
1308 svc->timeout = u->timeout * HZ;
1309 svc->netmask = u->netmask;
1311 old_sched = svc->scheduler;
1312 if (sched != old_sched) {
1314 * Unbind the old scheduler
1316 if ((ret = ip_vs_unbind_scheduler(svc))) {
1322 * Bind the new scheduler
1324 if ((ret = ip_vs_bind_scheduler(svc, sched))) {
1326 * If ip_vs_bind_scheduler fails, restore the old
1328 * The main reason of failure is out of memory.
1330 * The question is if the old scheduler can be
1331 * restored all the time. TODO: if it cannot be
1332 * restored some time, we must delete the service,
1333 * otherwise the system may crash.
1335 ip_vs_bind_scheduler(svc, old_sched);
1342 write_unlock_bh(&__ip_vs_svc_lock);
1345 ip_vs_scheduler_put(old_sched);
1352 * Delete a service from the service list
1353 * - The service must be unlinked, unlocked and not referenced!
1354 * - We are called under _bh lock
1356 static void __ip_vs_del_service(struct ip_vs_service *svc)
1358 struct ip_vs_dest *dest, *nxt;
1359 struct ip_vs_scheduler *old_sched;
1361 /* Count only IPv4 services for old get/setsockopt interface */
1362 if (svc->af == AF_INET)
1363 ip_vs_num_services--;
1365 ip_vs_kill_estimator(&svc->stats);
1367 /* Unbind scheduler */
1368 old_sched = svc->scheduler;
1369 ip_vs_unbind_scheduler(svc);
1371 ip_vs_scheduler_put(old_sched);
1373 /* Unbind app inc */
1375 ip_vs_app_inc_put(svc->inc);
1380 * Unlink the whole destination list
1382 list_for_each_entry_safe(dest, nxt, &svc->destinations, n_list) {
1383 __ip_vs_unlink_dest(svc, dest, 0);
1384 __ip_vs_del_dest(dest);
1388 * Update the virtual service counters
1390 if (svc->port == FTPPORT)
1391 atomic_dec(&ip_vs_ftpsvc_counter);
1392 else if (svc->port == 0)
1393 atomic_dec(&ip_vs_nullsvc_counter);
1396 * Free the service if nobody refers to it
1398 if (atomic_read(&svc->refcnt) == 0)
1401 /* decrease the module use count */
1402 ip_vs_use_count_dec();
1406 * Delete a service from the service list
1408 static int ip_vs_del_service(struct ip_vs_service *svc)
1414 * Unhash it from the service table
1416 write_lock_bh(&__ip_vs_svc_lock);
1418 ip_vs_svc_unhash(svc);
1421 * Wait until all the svc users go away.
1423 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1425 __ip_vs_del_service(svc);
1427 write_unlock_bh(&__ip_vs_svc_lock);
1434 * Flush all the virtual services
1436 static int ip_vs_flush(void)
1439 struct ip_vs_service *svc, *nxt;
1442 * Flush the service table hashed by <protocol,addr,port>
1444 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1445 list_for_each_entry_safe(svc, nxt, &ip_vs_svc_table[idx], s_list) {
1446 write_lock_bh(&__ip_vs_svc_lock);
1447 ip_vs_svc_unhash(svc);
1449 * Wait until all the svc users go away.
1451 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 0);
1452 __ip_vs_del_service(svc);
1453 write_unlock_bh(&__ip_vs_svc_lock);
1458 * Flush the service table hashed by fwmark
1460 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1461 list_for_each_entry_safe(svc, nxt,
1462 &ip_vs_svc_fwm_table[idx], f_list) {
1463 write_lock_bh(&__ip_vs_svc_lock);
1464 ip_vs_svc_unhash(svc);
1466 * Wait until all the svc users go away.
1468 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 0);
1469 __ip_vs_del_service(svc);
1470 write_unlock_bh(&__ip_vs_svc_lock);
1479 * Zero counters in a service or all services
1481 static int ip_vs_zero_service(struct ip_vs_service *svc)
1483 struct ip_vs_dest *dest;
1485 write_lock_bh(&__ip_vs_svc_lock);
1486 list_for_each_entry(dest, &svc->destinations, n_list) {
1487 ip_vs_zero_stats(&dest->stats);
1489 ip_vs_zero_stats(&svc->stats);
1490 write_unlock_bh(&__ip_vs_svc_lock);
1494 static int ip_vs_zero_all(void)
1497 struct ip_vs_service *svc;
1499 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1500 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1501 ip_vs_zero_service(svc);
1505 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1506 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1507 ip_vs_zero_service(svc);
1511 ip_vs_zero_stats(&ip_vs_stats);
1517 proc_do_defense_mode(ctl_table *table, int write, struct file * filp,
1518 void __user *buffer, size_t *lenp, loff_t *ppos)
1520 int *valp = table->data;
1524 rc = proc_dointvec(table, write, filp, buffer, lenp, ppos);
1525 if (write && (*valp != val)) {
1526 if ((*valp < 0) || (*valp > 3)) {
1527 /* Restore the correct value */
1530 update_defense_level();
1538 proc_do_sync_threshold(ctl_table *table, int write, struct file *filp,
1539 void __user *buffer, size_t *lenp, loff_t *ppos)
1541 int *valp = table->data;
1545 /* backup the value first */
1546 memcpy(val, valp, sizeof(val));
1548 rc = proc_dointvec(table, write, filp, buffer, lenp, ppos);
1549 if (write && (valp[0] < 0 || valp[1] < 0 || valp[0] >= valp[1])) {
1550 /* Restore the correct value */
1551 memcpy(valp, val, sizeof(val));
1558 * IPVS sysctl table (under the /proc/sys/net/ipv4/vs/)
1561 static struct ctl_table vs_vars[] = {
1563 .procname = "amemthresh",
1564 .data = &sysctl_ip_vs_amemthresh,
1565 .maxlen = sizeof(int),
1567 .proc_handler = &proc_dointvec,
1569 #ifdef CONFIG_IP_VS_DEBUG
1571 .procname = "debug_level",
1572 .data = &sysctl_ip_vs_debug_level,
1573 .maxlen = sizeof(int),
1575 .proc_handler = &proc_dointvec,
1579 .procname = "am_droprate",
1580 .data = &sysctl_ip_vs_am_droprate,
1581 .maxlen = sizeof(int),
1583 .proc_handler = &proc_dointvec,
1586 .procname = "drop_entry",
1587 .data = &sysctl_ip_vs_drop_entry,
1588 .maxlen = sizeof(int),
1590 .proc_handler = &proc_do_defense_mode,
1593 .procname = "drop_packet",
1594 .data = &sysctl_ip_vs_drop_packet,
1595 .maxlen = sizeof(int),
1597 .proc_handler = &proc_do_defense_mode,
1600 .procname = "secure_tcp",
1601 .data = &sysctl_ip_vs_secure_tcp,
1602 .maxlen = sizeof(int),
1604 .proc_handler = &proc_do_defense_mode,
1608 .procname = "timeout_established",
1609 .data = &vs_timeout_table_dos.timeout[IP_VS_S_ESTABLISHED],
1610 .maxlen = sizeof(int),
1612 .proc_handler = &proc_dointvec_jiffies,
1615 .procname = "timeout_synsent",
1616 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYN_SENT],
1617 .maxlen = sizeof(int),
1619 .proc_handler = &proc_dointvec_jiffies,
1622 .procname = "timeout_synrecv",
1623 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYN_RECV],
1624 .maxlen = sizeof(int),
1626 .proc_handler = &proc_dointvec_jiffies,
1629 .procname = "timeout_finwait",
1630 .data = &vs_timeout_table_dos.timeout[IP_VS_S_FIN_WAIT],
1631 .maxlen = sizeof(int),
1633 .proc_handler = &proc_dointvec_jiffies,
1636 .procname = "timeout_timewait",
1637 .data = &vs_timeout_table_dos.timeout[IP_VS_S_TIME_WAIT],
1638 .maxlen = sizeof(int),
1640 .proc_handler = &proc_dointvec_jiffies,
1643 .procname = "timeout_close",
1644 .data = &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE],
1645 .maxlen = sizeof(int),
1647 .proc_handler = &proc_dointvec_jiffies,
1650 .procname = "timeout_closewait",
1651 .data = &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE_WAIT],
1652 .maxlen = sizeof(int),
1654 .proc_handler = &proc_dointvec_jiffies,
1657 .procname = "timeout_lastack",
1658 .data = &vs_timeout_table_dos.timeout[IP_VS_S_LAST_ACK],
1659 .maxlen = sizeof(int),
1661 .proc_handler = &proc_dointvec_jiffies,
1664 .procname = "timeout_listen",
1665 .data = &vs_timeout_table_dos.timeout[IP_VS_S_LISTEN],
1666 .maxlen = sizeof(int),
1668 .proc_handler = &proc_dointvec_jiffies,
1671 .procname = "timeout_synack",
1672 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYNACK],
1673 .maxlen = sizeof(int),
1675 .proc_handler = &proc_dointvec_jiffies,
1678 .procname = "timeout_udp",
1679 .data = &vs_timeout_table_dos.timeout[IP_VS_S_UDP],
1680 .maxlen = sizeof(int),
1682 .proc_handler = &proc_dointvec_jiffies,
1685 .procname = "timeout_icmp",
1686 .data = &vs_timeout_table_dos.timeout[IP_VS_S_ICMP],
1687 .maxlen = sizeof(int),
1689 .proc_handler = &proc_dointvec_jiffies,
1693 .procname = "cache_bypass",
1694 .data = &sysctl_ip_vs_cache_bypass,
1695 .maxlen = sizeof(int),
1697 .proc_handler = &proc_dointvec,
1700 .procname = "expire_nodest_conn",
1701 .data = &sysctl_ip_vs_expire_nodest_conn,
1702 .maxlen = sizeof(int),
1704 .proc_handler = &proc_dointvec,
1707 .procname = "expire_quiescent_template",
1708 .data = &sysctl_ip_vs_expire_quiescent_template,
1709 .maxlen = sizeof(int),
1711 .proc_handler = &proc_dointvec,
1714 .procname = "sync_threshold",
1715 .data = &sysctl_ip_vs_sync_threshold,
1716 .maxlen = sizeof(sysctl_ip_vs_sync_threshold),
1718 .proc_handler = &proc_do_sync_threshold,
1721 .procname = "nat_icmp_send",
1722 .data = &sysctl_ip_vs_nat_icmp_send,
1723 .maxlen = sizeof(int),
1725 .proc_handler = &proc_dointvec,
1730 const struct ctl_path net_vs_ctl_path[] = {
1731 { .procname = "net", .ctl_name = CTL_NET, },
1732 { .procname = "ipv4", .ctl_name = NET_IPV4, },
1733 { .procname = "vs", },
1736 EXPORT_SYMBOL_GPL(net_vs_ctl_path);
1738 static struct ctl_table_header * sysctl_header;
1740 #ifdef CONFIG_PROC_FS
1743 struct list_head *table;
1748 * Write the contents of the VS rule table to a PROCfs file.
1749 * (It is kept just for backward compatibility)
1751 static inline const char *ip_vs_fwd_name(unsigned flags)
1753 switch (flags & IP_VS_CONN_F_FWD_MASK) {
1754 case IP_VS_CONN_F_LOCALNODE:
1756 case IP_VS_CONN_F_TUNNEL:
1758 case IP_VS_CONN_F_DROUTE:
1766 /* Get the Nth entry in the two lists */
1767 static struct ip_vs_service *ip_vs_info_array(struct seq_file *seq, loff_t pos)
1769 struct ip_vs_iter *iter = seq->private;
1771 struct ip_vs_service *svc;
1773 /* look in hash by protocol */
1774 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1775 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1777 iter->table = ip_vs_svc_table;
1784 /* keep looking in fwmark */
1785 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1786 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1788 iter->table = ip_vs_svc_fwm_table;
1798 static void *ip_vs_info_seq_start(struct seq_file *seq, loff_t *pos)
1801 read_lock_bh(&__ip_vs_svc_lock);
1802 return *pos ? ip_vs_info_array(seq, *pos - 1) : SEQ_START_TOKEN;
1806 static void *ip_vs_info_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1808 struct list_head *e;
1809 struct ip_vs_iter *iter;
1810 struct ip_vs_service *svc;
1813 if (v == SEQ_START_TOKEN)
1814 return ip_vs_info_array(seq,0);
1817 iter = seq->private;
1819 if (iter->table == ip_vs_svc_table) {
1820 /* next service in table hashed by protocol */
1821 if ((e = svc->s_list.next) != &ip_vs_svc_table[iter->bucket])
1822 return list_entry(e, struct ip_vs_service, s_list);
1825 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1826 list_for_each_entry(svc,&ip_vs_svc_table[iter->bucket],
1832 iter->table = ip_vs_svc_fwm_table;
1837 /* next service in hashed by fwmark */
1838 if ((e = svc->f_list.next) != &ip_vs_svc_fwm_table[iter->bucket])
1839 return list_entry(e, struct ip_vs_service, f_list);
1842 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1843 list_for_each_entry(svc, &ip_vs_svc_fwm_table[iter->bucket],
1851 static void ip_vs_info_seq_stop(struct seq_file *seq, void *v)
1853 read_unlock_bh(&__ip_vs_svc_lock);
1857 static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
1859 if (v == SEQ_START_TOKEN) {
1861 "IP Virtual Server version %d.%d.%d (size=%d)\n",
1862 NVERSION(IP_VS_VERSION_CODE), IP_VS_CONN_TAB_SIZE);
1864 "Prot LocalAddress:Port Scheduler Flags\n");
1866 " -> RemoteAddress:Port Forward Weight ActiveConn InActConn\n");
1868 const struct ip_vs_service *svc = v;
1869 const struct ip_vs_iter *iter = seq->private;
1870 const struct ip_vs_dest *dest;
1872 if (iter->table == ip_vs_svc_table) {
1873 #ifdef CONFIG_IP_VS_IPV6
1874 if (svc->af == AF_INET6)
1875 seq_printf(seq, "%s [" NIP6_FMT "]:%04X %s ",
1876 ip_vs_proto_name(svc->protocol),
1877 NIP6(svc->addr.in6),
1879 svc->scheduler->name);
1882 seq_printf(seq, "%s %08X:%04X %s ",
1883 ip_vs_proto_name(svc->protocol),
1884 ntohl(svc->addr.ip),
1886 svc->scheduler->name);
1888 seq_printf(seq, "FWM %08X %s ",
1889 svc->fwmark, svc->scheduler->name);
1892 if (svc->flags & IP_VS_SVC_F_PERSISTENT)
1893 seq_printf(seq, "persistent %d %08X\n",
1895 ntohl(svc->netmask));
1897 seq_putc(seq, '\n');
1899 list_for_each_entry(dest, &svc->destinations, n_list) {
1900 #ifdef CONFIG_IP_VS_IPV6
1901 if (dest->af == AF_INET6)
1903 " -> [" NIP6_FMT "]:%04X"
1904 " %-7s %-6d %-10d %-10d\n",
1905 NIP6(dest->addr.in6),
1907 ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
1908 atomic_read(&dest->weight),
1909 atomic_read(&dest->activeconns),
1910 atomic_read(&dest->inactconns));
1915 "%-7s %-6d %-10d %-10d\n",
1916 ntohl(dest->addr.ip),
1918 ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
1919 atomic_read(&dest->weight),
1920 atomic_read(&dest->activeconns),
1921 atomic_read(&dest->inactconns));
1928 static const struct seq_operations ip_vs_info_seq_ops = {
1929 .start = ip_vs_info_seq_start,
1930 .next = ip_vs_info_seq_next,
1931 .stop = ip_vs_info_seq_stop,
1932 .show = ip_vs_info_seq_show,
1935 static int ip_vs_info_open(struct inode *inode, struct file *file)
1937 return seq_open_private(file, &ip_vs_info_seq_ops,
1938 sizeof(struct ip_vs_iter));
1941 static const struct file_operations ip_vs_info_fops = {
1942 .owner = THIS_MODULE,
1943 .open = ip_vs_info_open,
1945 .llseek = seq_lseek,
1946 .release = seq_release_private,
1951 struct ip_vs_stats ip_vs_stats = {
1952 .lock = __SPIN_LOCK_UNLOCKED(ip_vs_stats.lock),
1955 #ifdef CONFIG_PROC_FS
1956 static int ip_vs_stats_show(struct seq_file *seq, void *v)
1959 /* 01234567 01234567 01234567 0123456701234567 0123456701234567 */
1961 " Total Incoming Outgoing Incoming Outgoing\n");
1963 " Conns Packets Packets Bytes Bytes\n");
1965 spin_lock_bh(&ip_vs_stats.lock);
1966 seq_printf(seq, "%8X %8X %8X %16LX %16LX\n\n", ip_vs_stats.conns,
1967 ip_vs_stats.inpkts, ip_vs_stats.outpkts,
1968 (unsigned long long) ip_vs_stats.inbytes,
1969 (unsigned long long) ip_vs_stats.outbytes);
1971 /* 01234567 01234567 01234567 0123456701234567 0123456701234567 */
1973 " Conns/s Pkts/s Pkts/s Bytes/s Bytes/s\n");
1974 seq_printf(seq,"%8X %8X %8X %16X %16X\n",
1979 ip_vs_stats.outbps);
1980 spin_unlock_bh(&ip_vs_stats.lock);
1985 static int ip_vs_stats_seq_open(struct inode *inode, struct file *file)
1987 return single_open(file, ip_vs_stats_show, NULL);
1990 static const struct file_operations ip_vs_stats_fops = {
1991 .owner = THIS_MODULE,
1992 .open = ip_vs_stats_seq_open,
1994 .llseek = seq_lseek,
1995 .release = single_release,
2001 * Set timeout values for tcp tcpfin udp in the timeout_table.
2003 static int ip_vs_set_timeout(struct ip_vs_timeout_user *u)
2005 IP_VS_DBG(2, "Setting timeout tcp:%d tcpfin:%d udp:%d\n",
2010 #ifdef CONFIG_IP_VS_PROTO_TCP
2011 if (u->tcp_timeout) {
2012 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_ESTABLISHED]
2013 = u->tcp_timeout * HZ;
2016 if (u->tcp_fin_timeout) {
2017 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_FIN_WAIT]
2018 = u->tcp_fin_timeout * HZ;
2022 #ifdef CONFIG_IP_VS_PROTO_UDP
2023 if (u->udp_timeout) {
2024 ip_vs_protocol_udp.timeout_table[IP_VS_UDP_S_NORMAL]
2025 = u->udp_timeout * HZ;
2032 #define SET_CMDID(cmd) (cmd - IP_VS_BASE_CTL)
2033 #define SERVICE_ARG_LEN (sizeof(struct ip_vs_service_user))
2034 #define SVCDEST_ARG_LEN (sizeof(struct ip_vs_service_user) + \
2035 sizeof(struct ip_vs_dest_user))
2036 #define TIMEOUT_ARG_LEN (sizeof(struct ip_vs_timeout_user))
2037 #define DAEMON_ARG_LEN (sizeof(struct ip_vs_daemon_user))
2038 #define MAX_ARG_LEN SVCDEST_ARG_LEN
2040 static const unsigned char set_arglen[SET_CMDID(IP_VS_SO_SET_MAX)+1] = {
2041 [SET_CMDID(IP_VS_SO_SET_ADD)] = SERVICE_ARG_LEN,
2042 [SET_CMDID(IP_VS_SO_SET_EDIT)] = SERVICE_ARG_LEN,
2043 [SET_CMDID(IP_VS_SO_SET_DEL)] = SERVICE_ARG_LEN,
2044 [SET_CMDID(IP_VS_SO_SET_FLUSH)] = 0,
2045 [SET_CMDID(IP_VS_SO_SET_ADDDEST)] = SVCDEST_ARG_LEN,
2046 [SET_CMDID(IP_VS_SO_SET_DELDEST)] = SVCDEST_ARG_LEN,
2047 [SET_CMDID(IP_VS_SO_SET_EDITDEST)] = SVCDEST_ARG_LEN,
2048 [SET_CMDID(IP_VS_SO_SET_TIMEOUT)] = TIMEOUT_ARG_LEN,
2049 [SET_CMDID(IP_VS_SO_SET_STARTDAEMON)] = DAEMON_ARG_LEN,
2050 [SET_CMDID(IP_VS_SO_SET_STOPDAEMON)] = DAEMON_ARG_LEN,
2051 [SET_CMDID(IP_VS_SO_SET_ZERO)] = SERVICE_ARG_LEN,
2054 static void ip_vs_copy_usvc_compat(struct ip_vs_service_user_kern *usvc,
2055 struct ip_vs_service_user *usvc_compat)
2058 usvc->protocol = usvc_compat->protocol;
2059 usvc->addr.ip = usvc_compat->addr;
2060 usvc->port = usvc_compat->port;
2061 usvc->fwmark = usvc_compat->fwmark;
2063 /* Deep copy of sched_name is not needed here */
2064 usvc->sched_name = usvc_compat->sched_name;
2066 usvc->flags = usvc_compat->flags;
2067 usvc->timeout = usvc_compat->timeout;
2068 usvc->netmask = usvc_compat->netmask;
2071 static void ip_vs_copy_udest_compat(struct ip_vs_dest_user_kern *udest,
2072 struct ip_vs_dest_user *udest_compat)
2074 udest->addr.ip = udest_compat->addr;
2075 udest->port = udest_compat->port;
2076 udest->conn_flags = udest_compat->conn_flags;
2077 udest->weight = udest_compat->weight;
2078 udest->u_threshold = udest_compat->u_threshold;
2079 udest->l_threshold = udest_compat->l_threshold;
2083 do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2086 unsigned char arg[MAX_ARG_LEN];
2087 struct ip_vs_service_user *usvc_compat;
2088 struct ip_vs_service_user_kern usvc;
2089 struct ip_vs_service *svc;
2090 struct ip_vs_dest_user *udest_compat;
2091 struct ip_vs_dest_user_kern udest;
2093 if (!capable(CAP_NET_ADMIN))
2096 if (len != set_arglen[SET_CMDID(cmd)]) {
2097 IP_VS_ERR("set_ctl: len %u != %u\n",
2098 len, set_arglen[SET_CMDID(cmd)]);
2102 if (copy_from_user(arg, user, len) != 0)
2105 /* increase the module use count */
2106 ip_vs_use_count_inc();
2108 if (mutex_lock_interruptible(&__ip_vs_mutex)) {
2113 if (cmd == IP_VS_SO_SET_FLUSH) {
2114 /* Flush the virtual service */
2115 ret = ip_vs_flush();
2117 } else if (cmd == IP_VS_SO_SET_TIMEOUT) {
2118 /* Set timeout values for (tcp tcpfin udp) */
2119 ret = ip_vs_set_timeout((struct ip_vs_timeout_user *)arg);
2121 } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
2122 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2123 ret = start_sync_thread(dm->state, dm->mcast_ifn, dm->syncid);
2125 } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
2126 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2127 ret = stop_sync_thread(dm->state);
2131 usvc_compat = (struct ip_vs_service_user *)arg;
2132 udest_compat = (struct ip_vs_dest_user *)(usvc_compat + 1);
2134 /* We only use the new structs internally, so copy userspace compat
2135 * structs to extended internal versions */
2136 ip_vs_copy_usvc_compat(&usvc, usvc_compat);
2137 ip_vs_copy_udest_compat(&udest, udest_compat);
2139 if (cmd == IP_VS_SO_SET_ZERO) {
2140 /* if no service address is set, zero counters in all */
2141 if (!usvc.fwmark && !usvc.addr.ip && !usvc.port) {
2142 ret = ip_vs_zero_all();
2147 /* Check for valid protocol: TCP or UDP, even for fwmark!=0 */
2148 if (usvc.protocol != IPPROTO_TCP && usvc.protocol != IPPROTO_UDP) {
2149 IP_VS_ERR("set_ctl: invalid protocol: %d %d.%d.%d.%d:%d %s\n",
2150 usvc.protocol, NIPQUAD(usvc.addr.ip),
2151 ntohs(usvc.port), usvc.sched_name);
2156 /* Lookup the exact service by <protocol, addr, port> or fwmark */
2157 if (usvc.fwmark == 0)
2158 svc = __ip_vs_service_get(usvc.af, usvc.protocol,
2159 &usvc.addr, usvc.port);
2161 svc = __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
2163 if (cmd != IP_VS_SO_SET_ADD
2164 && (svc == NULL || svc->protocol != usvc.protocol)) {
2170 case IP_VS_SO_SET_ADD:
2174 ret = ip_vs_add_service(&usvc, &svc);
2176 case IP_VS_SO_SET_EDIT:
2177 ret = ip_vs_edit_service(svc, &usvc);
2179 case IP_VS_SO_SET_DEL:
2180 ret = ip_vs_del_service(svc);
2184 case IP_VS_SO_SET_ZERO:
2185 ret = ip_vs_zero_service(svc);
2187 case IP_VS_SO_SET_ADDDEST:
2188 ret = ip_vs_add_dest(svc, &udest);
2190 case IP_VS_SO_SET_EDITDEST:
2191 ret = ip_vs_edit_dest(svc, &udest);
2193 case IP_VS_SO_SET_DELDEST:
2194 ret = ip_vs_del_dest(svc, &udest);
2201 ip_vs_service_put(svc);
2204 mutex_unlock(&__ip_vs_mutex);
2206 /* decrease the module use count */
2207 ip_vs_use_count_dec();
2214 ip_vs_copy_stats(struct ip_vs_stats_user *dst, struct ip_vs_stats *src)
2216 spin_lock_bh(&src->lock);
2217 memcpy(dst, src, (char*)&src->lock - (char*)src);
2218 spin_unlock_bh(&src->lock);
2222 ip_vs_copy_service(struct ip_vs_service_entry *dst, struct ip_vs_service *src)
2224 dst->protocol = src->protocol;
2225 dst->addr = src->addr.ip;
2226 dst->port = src->port;
2227 dst->fwmark = src->fwmark;
2228 strlcpy(dst->sched_name, src->scheduler->name, sizeof(dst->sched_name));
2229 dst->flags = src->flags;
2230 dst->timeout = src->timeout / HZ;
2231 dst->netmask = src->netmask;
2232 dst->num_dests = src->num_dests;
2233 ip_vs_copy_stats(&dst->stats, &src->stats);
2237 __ip_vs_get_service_entries(const struct ip_vs_get_services *get,
2238 struct ip_vs_get_services __user *uptr)
2241 struct ip_vs_service *svc;
2242 struct ip_vs_service_entry entry;
2245 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2246 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
2247 /* Only expose IPv4 entries to old interface */
2248 if (svc->af != AF_INET)
2251 if (count >= get->num_services)
2253 memset(&entry, 0, sizeof(entry));
2254 ip_vs_copy_service(&entry, svc);
2255 if (copy_to_user(&uptr->entrytable[count],
2256 &entry, sizeof(entry))) {
2264 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2265 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
2266 /* Only expose IPv4 entries to old interface */
2267 if (svc->af != AF_INET)
2270 if (count >= get->num_services)
2272 memset(&entry, 0, sizeof(entry));
2273 ip_vs_copy_service(&entry, svc);
2274 if (copy_to_user(&uptr->entrytable[count],
2275 &entry, sizeof(entry))) {
2287 __ip_vs_get_dest_entries(const struct ip_vs_get_dests *get,
2288 struct ip_vs_get_dests __user *uptr)
2290 struct ip_vs_service *svc;
2291 union nf_inet_addr addr = { .ip = get->addr };
2295 svc = __ip_vs_svc_fwm_get(AF_INET, get->fwmark);
2297 svc = __ip_vs_service_get(AF_INET, get->protocol, &addr,
2302 struct ip_vs_dest *dest;
2303 struct ip_vs_dest_entry entry;
2305 list_for_each_entry(dest, &svc->destinations, n_list) {
2306 if (count >= get->num_dests)
2309 entry.addr = dest->addr.ip;
2310 entry.port = dest->port;
2311 entry.conn_flags = atomic_read(&dest->conn_flags);
2312 entry.weight = atomic_read(&dest->weight);
2313 entry.u_threshold = dest->u_threshold;
2314 entry.l_threshold = dest->l_threshold;
2315 entry.activeconns = atomic_read(&dest->activeconns);
2316 entry.inactconns = atomic_read(&dest->inactconns);
2317 entry.persistconns = atomic_read(&dest->persistconns);
2318 ip_vs_copy_stats(&entry.stats, &dest->stats);
2319 if (copy_to_user(&uptr->entrytable[count],
2320 &entry, sizeof(entry))) {
2326 ip_vs_service_put(svc);
2333 __ip_vs_get_timeouts(struct ip_vs_timeout_user *u)
2335 #ifdef CONFIG_IP_VS_PROTO_TCP
2337 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_ESTABLISHED] / HZ;
2338 u->tcp_fin_timeout =
2339 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_FIN_WAIT] / HZ;
2341 #ifdef CONFIG_IP_VS_PROTO_UDP
2343 ip_vs_protocol_udp.timeout_table[IP_VS_UDP_S_NORMAL] / HZ;
2348 #define GET_CMDID(cmd) (cmd - IP_VS_BASE_CTL)
2349 #define GET_INFO_ARG_LEN (sizeof(struct ip_vs_getinfo))
2350 #define GET_SERVICES_ARG_LEN (sizeof(struct ip_vs_get_services))
2351 #define GET_SERVICE_ARG_LEN (sizeof(struct ip_vs_service_entry))
2352 #define GET_DESTS_ARG_LEN (sizeof(struct ip_vs_get_dests))
2353 #define GET_TIMEOUT_ARG_LEN (sizeof(struct ip_vs_timeout_user))
2354 #define GET_DAEMON_ARG_LEN (sizeof(struct ip_vs_daemon_user) * 2)
2356 static const unsigned char get_arglen[GET_CMDID(IP_VS_SO_GET_MAX)+1] = {
2357 [GET_CMDID(IP_VS_SO_GET_VERSION)] = 64,
2358 [GET_CMDID(IP_VS_SO_GET_INFO)] = GET_INFO_ARG_LEN,
2359 [GET_CMDID(IP_VS_SO_GET_SERVICES)] = GET_SERVICES_ARG_LEN,
2360 [GET_CMDID(IP_VS_SO_GET_SERVICE)] = GET_SERVICE_ARG_LEN,
2361 [GET_CMDID(IP_VS_SO_GET_DESTS)] = GET_DESTS_ARG_LEN,
2362 [GET_CMDID(IP_VS_SO_GET_TIMEOUT)] = GET_TIMEOUT_ARG_LEN,
2363 [GET_CMDID(IP_VS_SO_GET_DAEMON)] = GET_DAEMON_ARG_LEN,
2367 do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2369 unsigned char arg[128];
2372 if (!capable(CAP_NET_ADMIN))
2375 if (*len < get_arglen[GET_CMDID(cmd)]) {
2376 IP_VS_ERR("get_ctl: len %u < %u\n",
2377 *len, get_arglen[GET_CMDID(cmd)]);
2381 if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0)
2384 if (mutex_lock_interruptible(&__ip_vs_mutex))
2385 return -ERESTARTSYS;
2388 case IP_VS_SO_GET_VERSION:
2392 sprintf(buf, "IP Virtual Server version %d.%d.%d (size=%d)",
2393 NVERSION(IP_VS_VERSION_CODE), IP_VS_CONN_TAB_SIZE);
2394 if (copy_to_user(user, buf, strlen(buf)+1) != 0) {
2398 *len = strlen(buf)+1;
2402 case IP_VS_SO_GET_INFO:
2404 struct ip_vs_getinfo info;
2405 info.version = IP_VS_VERSION_CODE;
2406 info.size = IP_VS_CONN_TAB_SIZE;
2407 info.num_services = ip_vs_num_services;
2408 if (copy_to_user(user, &info, sizeof(info)) != 0)
2413 case IP_VS_SO_GET_SERVICES:
2415 struct ip_vs_get_services *get;
2418 get = (struct ip_vs_get_services *)arg;
2419 size = sizeof(*get) +
2420 sizeof(struct ip_vs_service_entry) * get->num_services;
2422 IP_VS_ERR("length: %u != %u\n", *len, size);
2426 ret = __ip_vs_get_service_entries(get, user);
2430 case IP_VS_SO_GET_SERVICE:
2432 struct ip_vs_service_entry *entry;
2433 struct ip_vs_service *svc;
2434 union nf_inet_addr addr;
2436 entry = (struct ip_vs_service_entry *)arg;
2437 addr.ip = entry->addr;
2439 svc = __ip_vs_svc_fwm_get(AF_INET, entry->fwmark);
2441 svc = __ip_vs_service_get(AF_INET, entry->protocol,
2442 &addr, entry->port);
2444 ip_vs_copy_service(entry, svc);
2445 if (copy_to_user(user, entry, sizeof(*entry)) != 0)
2447 ip_vs_service_put(svc);
2453 case IP_VS_SO_GET_DESTS:
2455 struct ip_vs_get_dests *get;
2458 get = (struct ip_vs_get_dests *)arg;
2459 size = sizeof(*get) +
2460 sizeof(struct ip_vs_dest_entry) * get->num_dests;
2462 IP_VS_ERR("length: %u != %u\n", *len, size);
2466 ret = __ip_vs_get_dest_entries(get, user);
2470 case IP_VS_SO_GET_TIMEOUT:
2472 struct ip_vs_timeout_user t;
2474 __ip_vs_get_timeouts(&t);
2475 if (copy_to_user(user, &t, sizeof(t)) != 0)
2480 case IP_VS_SO_GET_DAEMON:
2482 struct ip_vs_daemon_user d[2];
2484 memset(&d, 0, sizeof(d));
2485 if (ip_vs_sync_state & IP_VS_STATE_MASTER) {
2486 d[0].state = IP_VS_STATE_MASTER;
2487 strlcpy(d[0].mcast_ifn, ip_vs_master_mcast_ifn, sizeof(d[0].mcast_ifn));
2488 d[0].syncid = ip_vs_master_syncid;
2490 if (ip_vs_sync_state & IP_VS_STATE_BACKUP) {
2491 d[1].state = IP_VS_STATE_BACKUP;
2492 strlcpy(d[1].mcast_ifn, ip_vs_backup_mcast_ifn, sizeof(d[1].mcast_ifn));
2493 d[1].syncid = ip_vs_backup_syncid;
2495 if (copy_to_user(user, &d, sizeof(d)) != 0)
2505 mutex_unlock(&__ip_vs_mutex);
2510 static struct nf_sockopt_ops ip_vs_sockopts = {
2512 .set_optmin = IP_VS_BASE_CTL,
2513 .set_optmax = IP_VS_SO_SET_MAX+1,
2514 .set = do_ip_vs_set_ctl,
2515 .get_optmin = IP_VS_BASE_CTL,
2516 .get_optmax = IP_VS_SO_GET_MAX+1,
2517 .get = do_ip_vs_get_ctl,
2518 .owner = THIS_MODULE,
2522 * Generic Netlink interface
2525 /* IPVS genetlink family */
2526 static struct genl_family ip_vs_genl_family = {
2527 .id = GENL_ID_GENERATE,
2529 .name = IPVS_GENL_NAME,
2530 .version = IPVS_GENL_VERSION,
2531 .maxattr = IPVS_CMD_MAX,
2534 /* Policy used for first-level command attributes */
2535 static const struct nla_policy ip_vs_cmd_policy[IPVS_CMD_ATTR_MAX + 1] = {
2536 [IPVS_CMD_ATTR_SERVICE] = { .type = NLA_NESTED },
2537 [IPVS_CMD_ATTR_DEST] = { .type = NLA_NESTED },
2538 [IPVS_CMD_ATTR_DAEMON] = { .type = NLA_NESTED },
2539 [IPVS_CMD_ATTR_TIMEOUT_TCP] = { .type = NLA_U32 },
2540 [IPVS_CMD_ATTR_TIMEOUT_TCP_FIN] = { .type = NLA_U32 },
2541 [IPVS_CMD_ATTR_TIMEOUT_UDP] = { .type = NLA_U32 },
2544 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DAEMON */
2545 static const struct nla_policy ip_vs_daemon_policy[IPVS_DAEMON_ATTR_MAX + 1] = {
2546 [IPVS_DAEMON_ATTR_STATE] = { .type = NLA_U32 },
2547 [IPVS_DAEMON_ATTR_MCAST_IFN] = { .type = NLA_NUL_STRING,
2548 .len = IP_VS_IFNAME_MAXLEN },
2549 [IPVS_DAEMON_ATTR_SYNC_ID] = { .type = NLA_U32 },
2552 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_SERVICE */
2553 static const struct nla_policy ip_vs_svc_policy[IPVS_SVC_ATTR_MAX + 1] = {
2554 [IPVS_SVC_ATTR_AF] = { .type = NLA_U16 },
2555 [IPVS_SVC_ATTR_PROTOCOL] = { .type = NLA_U16 },
2556 [IPVS_SVC_ATTR_ADDR] = { .type = NLA_BINARY,
2557 .len = sizeof(union nf_inet_addr) },
2558 [IPVS_SVC_ATTR_PORT] = { .type = NLA_U16 },
2559 [IPVS_SVC_ATTR_FWMARK] = { .type = NLA_U32 },
2560 [IPVS_SVC_ATTR_SCHED_NAME] = { .type = NLA_NUL_STRING,
2561 .len = IP_VS_SCHEDNAME_MAXLEN },
2562 [IPVS_SVC_ATTR_FLAGS] = { .type = NLA_BINARY,
2563 .len = sizeof(struct ip_vs_flags) },
2564 [IPVS_SVC_ATTR_TIMEOUT] = { .type = NLA_U32 },
2565 [IPVS_SVC_ATTR_NETMASK] = { .type = NLA_U32 },
2566 [IPVS_SVC_ATTR_STATS] = { .type = NLA_NESTED },
2569 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DEST */
2570 static const struct nla_policy ip_vs_dest_policy[IPVS_DEST_ATTR_MAX + 1] = {
2571 [IPVS_DEST_ATTR_ADDR] = { .type = NLA_BINARY,
2572 .len = sizeof(union nf_inet_addr) },
2573 [IPVS_DEST_ATTR_PORT] = { .type = NLA_U16 },
2574 [IPVS_DEST_ATTR_FWD_METHOD] = { .type = NLA_U32 },
2575 [IPVS_DEST_ATTR_WEIGHT] = { .type = NLA_U32 },
2576 [IPVS_DEST_ATTR_U_THRESH] = { .type = NLA_U32 },
2577 [IPVS_DEST_ATTR_L_THRESH] = { .type = NLA_U32 },
2578 [IPVS_DEST_ATTR_ACTIVE_CONNS] = { .type = NLA_U32 },
2579 [IPVS_DEST_ATTR_INACT_CONNS] = { .type = NLA_U32 },
2580 [IPVS_DEST_ATTR_PERSIST_CONNS] = { .type = NLA_U32 },
2581 [IPVS_DEST_ATTR_STATS] = { .type = NLA_NESTED },
2584 static int ip_vs_genl_fill_stats(struct sk_buff *skb, int container_type,
2585 struct ip_vs_stats *stats)
2587 struct nlattr *nl_stats = nla_nest_start(skb, container_type);
2591 spin_lock_bh(&stats->lock);
2593 NLA_PUT_U32(skb, IPVS_STATS_ATTR_CONNS, stats->conns);
2594 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INPKTS, stats->inpkts);
2595 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTPKTS, stats->outpkts);
2596 NLA_PUT_U64(skb, IPVS_STATS_ATTR_INBYTES, stats->inbytes);
2597 NLA_PUT_U64(skb, IPVS_STATS_ATTR_OUTBYTES, stats->outbytes);
2598 NLA_PUT_U32(skb, IPVS_STATS_ATTR_CPS, stats->cps);
2599 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INPPS, stats->inpps);
2600 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTPPS, stats->outpps);
2601 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INBPS, stats->inbps);
2602 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTBPS, stats->outbps);
2604 spin_unlock_bh(&stats->lock);
2606 nla_nest_end(skb, nl_stats);
2611 spin_unlock_bh(&stats->lock);
2612 nla_nest_cancel(skb, nl_stats);
2616 static int ip_vs_genl_fill_service(struct sk_buff *skb,
2617 struct ip_vs_service *svc)
2619 struct nlattr *nl_service;
2620 struct ip_vs_flags flags = { .flags = svc->flags,
2623 nl_service = nla_nest_start(skb, IPVS_CMD_ATTR_SERVICE);
2627 NLA_PUT_U16(skb, IPVS_SVC_ATTR_AF, svc->af);
2630 NLA_PUT_U32(skb, IPVS_SVC_ATTR_FWMARK, svc->fwmark);
2632 NLA_PUT_U16(skb, IPVS_SVC_ATTR_PROTOCOL, svc->protocol);
2633 NLA_PUT(skb, IPVS_SVC_ATTR_ADDR, sizeof(svc->addr), &svc->addr);
2634 NLA_PUT_U16(skb, IPVS_SVC_ATTR_PORT, svc->port);
2637 NLA_PUT_STRING(skb, IPVS_SVC_ATTR_SCHED_NAME, svc->scheduler->name);
2638 NLA_PUT(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags);
2639 NLA_PUT_U32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ);
2640 NLA_PUT_U32(skb, IPVS_SVC_ATTR_NETMASK, svc->netmask);
2642 if (ip_vs_genl_fill_stats(skb, IPVS_SVC_ATTR_STATS, &svc->stats))
2643 goto nla_put_failure;
2645 nla_nest_end(skb, nl_service);
2650 nla_nest_cancel(skb, nl_service);
2654 static int ip_vs_genl_dump_service(struct sk_buff *skb,
2655 struct ip_vs_service *svc,
2656 struct netlink_callback *cb)
2660 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2661 &ip_vs_genl_family, NLM_F_MULTI,
2662 IPVS_CMD_NEW_SERVICE);
2666 if (ip_vs_genl_fill_service(skb, svc) < 0)
2667 goto nla_put_failure;
2669 return genlmsg_end(skb, hdr);
2672 genlmsg_cancel(skb, hdr);
2676 static int ip_vs_genl_dump_services(struct sk_buff *skb,
2677 struct netlink_callback *cb)
2680 int start = cb->args[0];
2681 struct ip_vs_service *svc;
2683 mutex_lock(&__ip_vs_mutex);
2684 for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
2685 list_for_each_entry(svc, &ip_vs_svc_table[i], s_list) {
2688 if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
2690 goto nla_put_failure;
2695 for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
2696 list_for_each_entry(svc, &ip_vs_svc_fwm_table[i], f_list) {
2699 if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
2701 goto nla_put_failure;
2707 mutex_unlock(&__ip_vs_mutex);
2713 static int ip_vs_genl_parse_service(struct ip_vs_service_user_kern *usvc,
2714 struct nlattr *nla, int full_entry)
2716 struct nlattr *attrs[IPVS_SVC_ATTR_MAX + 1];
2717 struct nlattr *nla_af, *nla_port, *nla_fwmark, *nla_protocol, *nla_addr;
2719 /* Parse mandatory identifying service fields first */
2721 nla_parse_nested(attrs, IPVS_SVC_ATTR_MAX, nla, ip_vs_svc_policy))
2724 nla_af = attrs[IPVS_SVC_ATTR_AF];
2725 nla_protocol = attrs[IPVS_SVC_ATTR_PROTOCOL];
2726 nla_addr = attrs[IPVS_SVC_ATTR_ADDR];
2727 nla_port = attrs[IPVS_SVC_ATTR_PORT];
2728 nla_fwmark = attrs[IPVS_SVC_ATTR_FWMARK];
2730 if (!(nla_af && (nla_fwmark || (nla_port && nla_protocol && nla_addr))))
2733 usvc->af = nla_get_u16(nla_af);
2734 #ifdef CONFIG_IP_VS_IPV6
2735 if (usvc->af != AF_INET && usvc->af != AF_INET6)
2737 if (usvc->af != AF_INET)
2739 return -EAFNOSUPPORT;
2742 usvc->protocol = IPPROTO_TCP;
2743 usvc->fwmark = nla_get_u32(nla_fwmark);
2745 usvc->protocol = nla_get_u16(nla_protocol);
2746 nla_memcpy(&usvc->addr, nla_addr, sizeof(usvc->addr));
2747 usvc->port = nla_get_u16(nla_port);
2751 /* If a full entry was requested, check for the additional fields */
2753 struct nlattr *nla_sched, *nla_flags, *nla_timeout,
2755 struct ip_vs_flags flags;
2756 struct ip_vs_service *svc;
2758 nla_sched = attrs[IPVS_SVC_ATTR_SCHED_NAME];
2759 nla_flags = attrs[IPVS_SVC_ATTR_FLAGS];
2760 nla_timeout = attrs[IPVS_SVC_ATTR_TIMEOUT];
2761 nla_netmask = attrs[IPVS_SVC_ATTR_NETMASK];
2763 if (!(nla_sched && nla_flags && nla_timeout && nla_netmask))
2766 nla_memcpy(&flags, nla_flags, sizeof(flags));
2768 /* prefill flags from service if it already exists */
2770 svc = __ip_vs_svc_fwm_get(usvc->af, usvc->fwmark);
2772 svc = __ip_vs_service_get(usvc->af, usvc->protocol,
2773 &usvc->addr, usvc->port);
2775 usvc->flags = svc->flags;
2776 ip_vs_service_put(svc);
2780 /* set new flags from userland */
2781 usvc->flags = (usvc->flags & ~flags.mask) |
2782 (flags.flags & flags.mask);
2783 usvc->sched_name = nla_data(nla_sched);
2784 usvc->timeout = nla_get_u32(nla_timeout);
2785 usvc->netmask = nla_get_u32(nla_netmask);
2791 static struct ip_vs_service *ip_vs_genl_find_service(struct nlattr *nla)
2793 struct ip_vs_service_user_kern usvc;
2796 ret = ip_vs_genl_parse_service(&usvc, nla, 0);
2798 return ERR_PTR(ret);
2801 return __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
2803 return __ip_vs_service_get(usvc.af, usvc.protocol,
2804 &usvc.addr, usvc.port);
2807 static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
2809 struct nlattr *nl_dest;
2811 nl_dest = nla_nest_start(skb, IPVS_CMD_ATTR_DEST);
2815 NLA_PUT(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr);
2816 NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port);
2818 NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD,
2819 atomic_read(&dest->conn_flags) & IP_VS_CONN_F_FWD_MASK);
2820 NLA_PUT_U32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight));
2821 NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold);
2822 NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold);
2823 NLA_PUT_U32(skb, IPVS_DEST_ATTR_ACTIVE_CONNS,
2824 atomic_read(&dest->activeconns));
2825 NLA_PUT_U32(skb, IPVS_DEST_ATTR_INACT_CONNS,
2826 atomic_read(&dest->inactconns));
2827 NLA_PUT_U32(skb, IPVS_DEST_ATTR_PERSIST_CONNS,
2828 atomic_read(&dest->persistconns));
2830 if (ip_vs_genl_fill_stats(skb, IPVS_DEST_ATTR_STATS, &dest->stats))
2831 goto nla_put_failure;
2833 nla_nest_end(skb, nl_dest);
2838 nla_nest_cancel(skb, nl_dest);
2842 static int ip_vs_genl_dump_dest(struct sk_buff *skb, struct ip_vs_dest *dest,
2843 struct netlink_callback *cb)
2847 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2848 &ip_vs_genl_family, NLM_F_MULTI,
2853 if (ip_vs_genl_fill_dest(skb, dest) < 0)
2854 goto nla_put_failure;
2856 return genlmsg_end(skb, hdr);
2859 genlmsg_cancel(skb, hdr);
2863 static int ip_vs_genl_dump_dests(struct sk_buff *skb,
2864 struct netlink_callback *cb)
2867 int start = cb->args[0];
2868 struct ip_vs_service *svc;
2869 struct ip_vs_dest *dest;
2870 struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1];
2872 mutex_lock(&__ip_vs_mutex);
2874 /* Try to find the service for which to dump destinations */
2875 if (nlmsg_parse(cb->nlh, GENL_HDRLEN, attrs,
2876 IPVS_CMD_ATTR_MAX, ip_vs_cmd_policy))
2879 svc = ip_vs_genl_find_service(attrs[IPVS_CMD_ATTR_SERVICE]);
2880 if (IS_ERR(svc) || svc == NULL)
2883 /* Dump the destinations */
2884 list_for_each_entry(dest, &svc->destinations, n_list) {
2887 if (ip_vs_genl_dump_dest(skb, dest, cb) < 0) {
2889 goto nla_put_failure;
2895 ip_vs_service_put(svc);
2898 mutex_unlock(&__ip_vs_mutex);
2903 static int ip_vs_genl_parse_dest(struct ip_vs_dest_user_kern *udest,
2904 struct nlattr *nla, int full_entry)
2906 struct nlattr *attrs[IPVS_DEST_ATTR_MAX + 1];
2907 struct nlattr *nla_addr, *nla_port;
2909 /* Parse mandatory identifying destination fields first */
2911 nla_parse_nested(attrs, IPVS_DEST_ATTR_MAX, nla, ip_vs_dest_policy))
2914 nla_addr = attrs[IPVS_DEST_ATTR_ADDR];
2915 nla_port = attrs[IPVS_DEST_ATTR_PORT];
2917 if (!(nla_addr && nla_port))
2920 nla_memcpy(&udest->addr, nla_addr, sizeof(udest->addr));
2921 udest->port = nla_get_u16(nla_port);
2923 /* If a full entry was requested, check for the additional fields */
2925 struct nlattr *nla_fwd, *nla_weight, *nla_u_thresh,
2928 nla_fwd = attrs[IPVS_DEST_ATTR_FWD_METHOD];
2929 nla_weight = attrs[IPVS_DEST_ATTR_WEIGHT];
2930 nla_u_thresh = attrs[IPVS_DEST_ATTR_U_THRESH];
2931 nla_l_thresh = attrs[IPVS_DEST_ATTR_L_THRESH];
2933 if (!(nla_fwd && nla_weight && nla_u_thresh && nla_l_thresh))
2936 udest->conn_flags = nla_get_u32(nla_fwd)
2937 & IP_VS_CONN_F_FWD_MASK;
2938 udest->weight = nla_get_u32(nla_weight);
2939 udest->u_threshold = nla_get_u32(nla_u_thresh);
2940 udest->l_threshold = nla_get_u32(nla_l_thresh);
2946 static int ip_vs_genl_fill_daemon(struct sk_buff *skb, __be32 state,
2947 const char *mcast_ifn, __be32 syncid)
2949 struct nlattr *nl_daemon;
2951 nl_daemon = nla_nest_start(skb, IPVS_CMD_ATTR_DAEMON);
2955 NLA_PUT_U32(skb, IPVS_DAEMON_ATTR_STATE, state);
2956 NLA_PUT_STRING(skb, IPVS_DAEMON_ATTR_MCAST_IFN, mcast_ifn);
2957 NLA_PUT_U32(skb, IPVS_DAEMON_ATTR_SYNC_ID, syncid);
2959 nla_nest_end(skb, nl_daemon);
2964 nla_nest_cancel(skb, nl_daemon);
2968 static int ip_vs_genl_dump_daemon(struct sk_buff *skb, __be32 state,
2969 const char *mcast_ifn, __be32 syncid,
2970 struct netlink_callback *cb)
2973 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2974 &ip_vs_genl_family, NLM_F_MULTI,
2975 IPVS_CMD_NEW_DAEMON);
2979 if (ip_vs_genl_fill_daemon(skb, state, mcast_ifn, syncid))
2980 goto nla_put_failure;
2982 return genlmsg_end(skb, hdr);
2985 genlmsg_cancel(skb, hdr);
2989 static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
2990 struct netlink_callback *cb)
2992 mutex_lock(&__ip_vs_mutex);
2993 if ((ip_vs_sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
2994 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
2995 ip_vs_master_mcast_ifn,
2996 ip_vs_master_syncid, cb) < 0)
2997 goto nla_put_failure;
3002 if ((ip_vs_sync_state & IP_VS_STATE_BACKUP) && !cb->args[1]) {
3003 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_BACKUP,
3004 ip_vs_backup_mcast_ifn,
3005 ip_vs_backup_syncid, cb) < 0)
3006 goto nla_put_failure;
3012 mutex_unlock(&__ip_vs_mutex);
3017 static int ip_vs_genl_new_daemon(struct nlattr **attrs)
3019 if (!(attrs[IPVS_DAEMON_ATTR_STATE] &&
3020 attrs[IPVS_DAEMON_ATTR_MCAST_IFN] &&
3021 attrs[IPVS_DAEMON_ATTR_SYNC_ID]))
3024 return start_sync_thread(nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]),
3025 nla_data(attrs[IPVS_DAEMON_ATTR_MCAST_IFN]),
3026 nla_get_u32(attrs[IPVS_DAEMON_ATTR_SYNC_ID]));
3029 static int ip_vs_genl_del_daemon(struct nlattr **attrs)
3031 if (!attrs[IPVS_DAEMON_ATTR_STATE])
3034 return stop_sync_thread(nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
3037 static int ip_vs_genl_set_config(struct nlattr **attrs)
3039 struct ip_vs_timeout_user t;
3041 __ip_vs_get_timeouts(&t);
3043 if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP])
3044 t.tcp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP]);
3046 if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN])
3048 nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN]);
3050 if (attrs[IPVS_CMD_ATTR_TIMEOUT_UDP])
3051 t.udp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_UDP]);
3053 return ip_vs_set_timeout(&t);
3056 static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3058 struct ip_vs_service *svc = NULL;
3059 struct ip_vs_service_user_kern usvc;
3060 struct ip_vs_dest_user_kern udest;
3062 int need_full_svc = 0, need_full_dest = 0;
3064 cmd = info->genlhdr->cmd;
3066 mutex_lock(&__ip_vs_mutex);
3068 if (cmd == IPVS_CMD_FLUSH) {
3069 ret = ip_vs_flush();
3071 } else if (cmd == IPVS_CMD_SET_CONFIG) {
3072 ret = ip_vs_genl_set_config(info->attrs);
3074 } else if (cmd == IPVS_CMD_NEW_DAEMON ||
3075 cmd == IPVS_CMD_DEL_DAEMON) {
3077 struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
3079 if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
3080 nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
3081 info->attrs[IPVS_CMD_ATTR_DAEMON],
3082 ip_vs_daemon_policy)) {
3087 if (cmd == IPVS_CMD_NEW_DAEMON)
3088 ret = ip_vs_genl_new_daemon(daemon_attrs);
3090 ret = ip_vs_genl_del_daemon(daemon_attrs);
3092 } else if (cmd == IPVS_CMD_ZERO &&
3093 !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
3094 ret = ip_vs_zero_all();
3098 /* All following commands require a service argument, so check if we
3099 * received a valid one. We need a full service specification when
3100 * adding / editing a service. Only identifying members otherwise. */
3101 if (cmd == IPVS_CMD_NEW_SERVICE || cmd == IPVS_CMD_SET_SERVICE)
3104 ret = ip_vs_genl_parse_service(&usvc,
3105 info->attrs[IPVS_CMD_ATTR_SERVICE],
3110 /* Lookup the exact service by <protocol, addr, port> or fwmark */
3111 if (usvc.fwmark == 0)
3112 svc = __ip_vs_service_get(usvc.af, usvc.protocol,
3113 &usvc.addr, usvc.port);
3115 svc = __ip_vs_svc_fwm_get(usvc.af, usvc.fwmark);
3117 /* Unless we're adding a new service, the service must already exist */
3118 if ((cmd != IPVS_CMD_NEW_SERVICE) && (svc == NULL)) {
3123 /* Destination commands require a valid destination argument. For
3124 * adding / editing a destination, we need a full destination
3126 if (cmd == IPVS_CMD_NEW_DEST || cmd == IPVS_CMD_SET_DEST ||
3127 cmd == IPVS_CMD_DEL_DEST) {
3128 if (cmd != IPVS_CMD_DEL_DEST)
3131 ret = ip_vs_genl_parse_dest(&udest,
3132 info->attrs[IPVS_CMD_ATTR_DEST],
3139 case IPVS_CMD_NEW_SERVICE:
3141 ret = ip_vs_add_service(&usvc, &svc);
3145 case IPVS_CMD_SET_SERVICE:
3146 ret = ip_vs_edit_service(svc, &usvc);
3148 case IPVS_CMD_DEL_SERVICE:
3149 ret = ip_vs_del_service(svc);
3151 case IPVS_CMD_NEW_DEST:
3152 ret = ip_vs_add_dest(svc, &udest);
3154 case IPVS_CMD_SET_DEST:
3155 ret = ip_vs_edit_dest(svc, &udest);
3157 case IPVS_CMD_DEL_DEST:
3158 ret = ip_vs_del_dest(svc, &udest);
3161 ret = ip_vs_zero_service(svc);
3169 ip_vs_service_put(svc);
3170 mutex_unlock(&__ip_vs_mutex);
3175 static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct genl_info *info)
3177 struct sk_buff *msg;
3179 int ret, cmd, reply_cmd;
3181 cmd = info->genlhdr->cmd;
3183 if (cmd == IPVS_CMD_GET_SERVICE)
3184 reply_cmd = IPVS_CMD_NEW_SERVICE;
3185 else if (cmd == IPVS_CMD_GET_INFO)
3186 reply_cmd = IPVS_CMD_SET_INFO;
3187 else if (cmd == IPVS_CMD_GET_CONFIG)
3188 reply_cmd = IPVS_CMD_SET_CONFIG;
3190 IP_VS_ERR("unknown Generic Netlink command\n");
3194 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3198 mutex_lock(&__ip_vs_mutex);
3200 reply = genlmsg_put_reply(msg, info, &ip_vs_genl_family, 0, reply_cmd);
3202 goto nla_put_failure;
3205 case IPVS_CMD_GET_SERVICE:
3207 struct ip_vs_service *svc;
3209 svc = ip_vs_genl_find_service(info->attrs[IPVS_CMD_ATTR_SERVICE]);
3214 ret = ip_vs_genl_fill_service(msg, svc);
3215 ip_vs_service_put(svc);
3217 goto nla_put_failure;
3226 case IPVS_CMD_GET_CONFIG:
3228 struct ip_vs_timeout_user t;
3230 __ip_vs_get_timeouts(&t);
3231 #ifdef CONFIG_IP_VS_PROTO_TCP
3232 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP, t.tcp_timeout);
3233 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP_FIN,
3236 #ifdef CONFIG_IP_VS_PROTO_UDP
3237 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_UDP, t.udp_timeout);
3243 case IPVS_CMD_GET_INFO:
3244 NLA_PUT_U32(msg, IPVS_INFO_ATTR_VERSION, IP_VS_VERSION_CODE);
3245 NLA_PUT_U32(msg, IPVS_INFO_ATTR_CONN_TAB_SIZE,
3246 IP_VS_CONN_TAB_SIZE);
3250 genlmsg_end(msg, reply);
3251 ret = genlmsg_unicast(msg, info->snd_pid);
3255 IP_VS_ERR("not enough space in Netlink message\n");
3261 mutex_unlock(&__ip_vs_mutex);
3267 static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
3269 .cmd = IPVS_CMD_NEW_SERVICE,
3270 .flags = GENL_ADMIN_PERM,
3271 .policy = ip_vs_cmd_policy,
3272 .doit = ip_vs_genl_set_cmd,
3275 .cmd = IPVS_CMD_SET_SERVICE,
3276 .flags = GENL_ADMIN_PERM,
3277 .policy = ip_vs_cmd_policy,
3278 .doit = ip_vs_genl_set_cmd,
3281 .cmd = IPVS_CMD_DEL_SERVICE,
3282 .flags = GENL_ADMIN_PERM,
3283 .policy = ip_vs_cmd_policy,
3284 .doit = ip_vs_genl_set_cmd,
3287 .cmd = IPVS_CMD_GET_SERVICE,
3288 .flags = GENL_ADMIN_PERM,
3289 .doit = ip_vs_genl_get_cmd,
3290 .dumpit = ip_vs_genl_dump_services,
3291 .policy = ip_vs_cmd_policy,
3294 .cmd = IPVS_CMD_NEW_DEST,
3295 .flags = GENL_ADMIN_PERM,
3296 .policy = ip_vs_cmd_policy,
3297 .doit = ip_vs_genl_set_cmd,
3300 .cmd = IPVS_CMD_SET_DEST,
3301 .flags = GENL_ADMIN_PERM,
3302 .policy = ip_vs_cmd_policy,
3303 .doit = ip_vs_genl_set_cmd,
3306 .cmd = IPVS_CMD_DEL_DEST,
3307 .flags = GENL_ADMIN_PERM,
3308 .policy = ip_vs_cmd_policy,
3309 .doit = ip_vs_genl_set_cmd,
3312 .cmd = IPVS_CMD_GET_DEST,
3313 .flags = GENL_ADMIN_PERM,
3314 .policy = ip_vs_cmd_policy,
3315 .dumpit = ip_vs_genl_dump_dests,
3318 .cmd = IPVS_CMD_NEW_DAEMON,
3319 .flags = GENL_ADMIN_PERM,
3320 .policy = ip_vs_cmd_policy,
3321 .doit = ip_vs_genl_set_cmd,
3324 .cmd = IPVS_CMD_DEL_DAEMON,
3325 .flags = GENL_ADMIN_PERM,
3326 .policy = ip_vs_cmd_policy,
3327 .doit = ip_vs_genl_set_cmd,
3330 .cmd = IPVS_CMD_GET_DAEMON,
3331 .flags = GENL_ADMIN_PERM,
3332 .dumpit = ip_vs_genl_dump_daemons,
3335 .cmd = IPVS_CMD_SET_CONFIG,
3336 .flags = GENL_ADMIN_PERM,
3337 .policy = ip_vs_cmd_policy,
3338 .doit = ip_vs_genl_set_cmd,
3341 .cmd = IPVS_CMD_GET_CONFIG,
3342 .flags = GENL_ADMIN_PERM,
3343 .doit = ip_vs_genl_get_cmd,
3346 .cmd = IPVS_CMD_GET_INFO,
3347 .flags = GENL_ADMIN_PERM,
3348 .doit = ip_vs_genl_get_cmd,
3351 .cmd = IPVS_CMD_ZERO,
3352 .flags = GENL_ADMIN_PERM,
3353 .policy = ip_vs_cmd_policy,
3354 .doit = ip_vs_genl_set_cmd,
3357 .cmd = IPVS_CMD_FLUSH,
3358 .flags = GENL_ADMIN_PERM,
3359 .doit = ip_vs_genl_set_cmd,
3363 static int __init ip_vs_genl_register(void)
3367 ret = genl_register_family(&ip_vs_genl_family);
3371 for (i = 0; i < ARRAY_SIZE(ip_vs_genl_ops); i++) {
3372 ret = genl_register_ops(&ip_vs_genl_family, &ip_vs_genl_ops[i]);
3379 genl_unregister_family(&ip_vs_genl_family);
3383 static void ip_vs_genl_unregister(void)
3385 genl_unregister_family(&ip_vs_genl_family);
3388 /* End of Generic Netlink interface definitions */
3391 int __init ip_vs_control_init(void)
3398 ret = nf_register_sockopt(&ip_vs_sockopts);
3400 IP_VS_ERR("cannot register sockopt.\n");
3404 ret = ip_vs_genl_register();
3406 IP_VS_ERR("cannot register Generic Netlink interface.\n");
3407 nf_unregister_sockopt(&ip_vs_sockopts);
3411 proc_net_fops_create(&init_net, "ip_vs", 0, &ip_vs_info_fops);
3412 proc_net_fops_create(&init_net, "ip_vs_stats",0, &ip_vs_stats_fops);
3414 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars);
3416 /* Initialize ip_vs_svc_table, ip_vs_svc_fwm_table, ip_vs_rtable */
3417 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
3418 INIT_LIST_HEAD(&ip_vs_svc_table[idx]);
3419 INIT_LIST_HEAD(&ip_vs_svc_fwm_table[idx]);
3421 for(idx = 0; idx < IP_VS_RTAB_SIZE; idx++) {
3422 INIT_LIST_HEAD(&ip_vs_rtable[idx]);
3425 ip_vs_new_estimator(&ip_vs_stats);
3427 /* Hook the defense timer */
3428 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
3435 void ip_vs_control_cleanup(void)
3438 ip_vs_trash_cleanup();
3439 cancel_rearming_delayed_work(&defense_work);
3440 cancel_work_sync(&defense_work.work);
3441 ip_vs_kill_estimator(&ip_vs_stats);
3442 unregister_sysctl_table(sysctl_header);
3443 proc_net_remove(&init_net, "ip_vs_stats");
3444 proc_net_remove(&init_net, "ip_vs");
3445 ip_vs_genl_unregister();
3446 nf_unregister_sockopt(&ip_vs_sockopts);