2 * IPVS An implementation of the IP virtual server support for the
3 * LINUX operating system. IPVS is now implemented as a module
4 * over the NetFilter framework. IPVS can be used to build a
5 * high-performance and highly available server based on a
8 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
9 * Peter Kese <peter.kese@ijs.si>
10 * Julian Anastasov <ja@ssi.bg>
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
21 #include <linux/module.h>
22 #include <linux/init.h>
23 #include <linux/types.h>
24 #include <linux/capability.h>
26 #include <linux/sysctl.h>
27 #include <linux/proc_fs.h>
28 #include <linux/workqueue.h>
29 #include <linux/swap.h>
30 #include <linux/seq_file.h>
32 #include <linux/netfilter.h>
33 #include <linux/netfilter_ipv4.h>
34 #include <linux/mutex.h>
36 #include <net/net_namespace.h>
38 #include <net/route.h>
40 #include <net/genetlink.h>
42 #include <asm/uaccess.h>
44 #include <net/ip_vs.h>
46 /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
47 static DEFINE_MUTEX(__ip_vs_mutex);
49 /* lock for service table */
50 static DEFINE_RWLOCK(__ip_vs_svc_lock);
52 /* lock for table with the real services */
53 static DEFINE_RWLOCK(__ip_vs_rs_lock);
55 /* lock for state and timeout tables */
56 static DEFINE_RWLOCK(__ip_vs_securetcp_lock);
58 /* lock for drop entry handling */
59 static DEFINE_SPINLOCK(__ip_vs_dropentry_lock);
61 /* lock for drop packet handling */
62 static DEFINE_SPINLOCK(__ip_vs_droppacket_lock);
64 /* 1/rate drop and drop-entry variables */
65 int ip_vs_drop_rate = 0;
66 int ip_vs_drop_counter = 0;
67 static atomic_t ip_vs_dropentry = ATOMIC_INIT(0);
69 /* number of virtual services */
70 static int ip_vs_num_services = 0;
72 /* sysctl variables */
73 static int sysctl_ip_vs_drop_entry = 0;
74 static int sysctl_ip_vs_drop_packet = 0;
75 static int sysctl_ip_vs_secure_tcp = 0;
76 static int sysctl_ip_vs_amemthresh = 1024;
77 static int sysctl_ip_vs_am_droprate = 10;
78 int sysctl_ip_vs_cache_bypass = 0;
79 int sysctl_ip_vs_expire_nodest_conn = 0;
80 int sysctl_ip_vs_expire_quiescent_template = 0;
81 int sysctl_ip_vs_sync_threshold[2] = { 3, 50 };
82 int sysctl_ip_vs_nat_icmp_send = 0;
85 #ifdef CONFIG_IP_VS_DEBUG
86 static int sysctl_ip_vs_debug_level = 0;
88 int ip_vs_get_debug_level(void)
90 return sysctl_ip_vs_debug_level;
95 * update_defense_level is called from keventd and from sysctl,
96 * so it needs to protect itself from softirqs
98 static void update_defense_level(void)
101 static int old_secure_tcp = 0;
106 /* we only count free and buffered memory (in pages) */
108 availmem = i.freeram + i.bufferram;
109 /* however in linux 2.5 the i.bufferram is total page cache size,
111 /* si_swapinfo(&i); */
112 /* availmem = availmem - (i.totalswap - i.freeswap); */
114 nomem = (availmem < sysctl_ip_vs_amemthresh);
119 spin_lock(&__ip_vs_dropentry_lock);
120 switch (sysctl_ip_vs_drop_entry) {
122 atomic_set(&ip_vs_dropentry, 0);
126 atomic_set(&ip_vs_dropentry, 1);
127 sysctl_ip_vs_drop_entry = 2;
129 atomic_set(&ip_vs_dropentry, 0);
134 atomic_set(&ip_vs_dropentry, 1);
136 atomic_set(&ip_vs_dropentry, 0);
137 sysctl_ip_vs_drop_entry = 1;
141 atomic_set(&ip_vs_dropentry, 1);
144 spin_unlock(&__ip_vs_dropentry_lock);
147 spin_lock(&__ip_vs_droppacket_lock);
148 switch (sysctl_ip_vs_drop_packet) {
154 ip_vs_drop_rate = ip_vs_drop_counter
155 = sysctl_ip_vs_amemthresh /
156 (sysctl_ip_vs_amemthresh-availmem);
157 sysctl_ip_vs_drop_packet = 2;
164 ip_vs_drop_rate = ip_vs_drop_counter
165 = sysctl_ip_vs_amemthresh /
166 (sysctl_ip_vs_amemthresh-availmem);
169 sysctl_ip_vs_drop_packet = 1;
173 ip_vs_drop_rate = sysctl_ip_vs_am_droprate;
176 spin_unlock(&__ip_vs_droppacket_lock);
179 write_lock(&__ip_vs_securetcp_lock);
180 switch (sysctl_ip_vs_secure_tcp) {
182 if (old_secure_tcp >= 2)
187 if (old_secure_tcp < 2)
189 sysctl_ip_vs_secure_tcp = 2;
191 if (old_secure_tcp >= 2)
197 if (old_secure_tcp < 2)
200 if (old_secure_tcp >= 2)
202 sysctl_ip_vs_secure_tcp = 1;
206 if (old_secure_tcp < 2)
210 old_secure_tcp = sysctl_ip_vs_secure_tcp;
212 ip_vs_protocol_timeout_change(sysctl_ip_vs_secure_tcp>1);
213 write_unlock(&__ip_vs_securetcp_lock);
220 * Timer for checking the defense
222 #define DEFENSE_TIMER_PERIOD 1*HZ
223 static void defense_work_handler(struct work_struct *work);
224 static DECLARE_DELAYED_WORK(defense_work, defense_work_handler);
226 static void defense_work_handler(struct work_struct *work)
228 update_defense_level();
229 if (atomic_read(&ip_vs_dropentry))
230 ip_vs_random_dropentry();
232 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
236 ip_vs_use_count_inc(void)
238 return try_module_get(THIS_MODULE);
242 ip_vs_use_count_dec(void)
244 module_put(THIS_MODULE);
249 * Hash table: for virtual service lookups
251 #define IP_VS_SVC_TAB_BITS 8
252 #define IP_VS_SVC_TAB_SIZE (1 << IP_VS_SVC_TAB_BITS)
253 #define IP_VS_SVC_TAB_MASK (IP_VS_SVC_TAB_SIZE - 1)
255 /* the service table hashed by <protocol, addr, port> */
256 static struct list_head ip_vs_svc_table[IP_VS_SVC_TAB_SIZE];
257 /* the service table hashed by fwmark */
258 static struct list_head ip_vs_svc_fwm_table[IP_VS_SVC_TAB_SIZE];
261 * Hash table: for real service lookups
263 #define IP_VS_RTAB_BITS 4
264 #define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)
265 #define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)
267 static struct list_head ip_vs_rtable[IP_VS_RTAB_SIZE];
270 * Trash for destinations
272 static LIST_HEAD(ip_vs_dest_trash);
275 * FTP & NULL virtual service counters
277 static atomic_t ip_vs_ftpsvc_counter = ATOMIC_INIT(0);
278 static atomic_t ip_vs_nullsvc_counter = ATOMIC_INIT(0);
282 * Returns hash value for virtual service
284 static __inline__ unsigned
285 ip_vs_svc_hashkey(unsigned proto, __be32 addr, __be16 port)
287 register unsigned porth = ntohs(port);
289 return (proto^ntohl(addr)^(porth>>IP_VS_SVC_TAB_BITS)^porth)
290 & IP_VS_SVC_TAB_MASK;
294 * Returns hash value of fwmark for virtual service lookup
296 static __inline__ unsigned ip_vs_svc_fwm_hashkey(__u32 fwmark)
298 return fwmark & IP_VS_SVC_TAB_MASK;
302 * Hashes a service in the ip_vs_svc_table by <proto,addr,port>
303 * or in the ip_vs_svc_fwm_table by fwmark.
304 * Should be called with locked tables.
306 static int ip_vs_svc_hash(struct ip_vs_service *svc)
310 if (svc->flags & IP_VS_SVC_F_HASHED) {
311 IP_VS_ERR("ip_vs_svc_hash(): request for already hashed, "
312 "called from %p\n", __builtin_return_address(0));
316 if (svc->fwmark == 0) {
318 * Hash it by <protocol,addr,port> in ip_vs_svc_table
320 hash = ip_vs_svc_hashkey(svc->protocol, svc->addr, svc->port);
321 list_add(&svc->s_list, &ip_vs_svc_table[hash]);
324 * Hash it by fwmark in ip_vs_svc_fwm_table
326 hash = ip_vs_svc_fwm_hashkey(svc->fwmark);
327 list_add(&svc->f_list, &ip_vs_svc_fwm_table[hash]);
330 svc->flags |= IP_VS_SVC_F_HASHED;
331 /* increase its refcnt because it is referenced by the svc table */
332 atomic_inc(&svc->refcnt);
338 * Unhashes a service from ip_vs_svc_table/ip_vs_svc_fwm_table.
339 * Should be called with locked tables.
341 static int ip_vs_svc_unhash(struct ip_vs_service *svc)
343 if (!(svc->flags & IP_VS_SVC_F_HASHED)) {
344 IP_VS_ERR("ip_vs_svc_unhash(): request for unhash flagged, "
345 "called from %p\n", __builtin_return_address(0));
349 if (svc->fwmark == 0) {
350 /* Remove it from the ip_vs_svc_table table */
351 list_del(&svc->s_list);
353 /* Remove it from the ip_vs_svc_fwm_table table */
354 list_del(&svc->f_list);
357 svc->flags &= ~IP_VS_SVC_F_HASHED;
358 atomic_dec(&svc->refcnt);
364 * Get service by {proto,addr,port} in the service table.
366 static __inline__ struct ip_vs_service *
367 __ip_vs_service_get(__u16 protocol, __be32 vaddr, __be16 vport)
370 struct ip_vs_service *svc;
372 /* Check for "full" addressed entries */
373 hash = ip_vs_svc_hashkey(protocol, vaddr, vport);
375 list_for_each_entry(svc, &ip_vs_svc_table[hash], s_list){
376 if ((svc->addr == vaddr)
377 && (svc->port == vport)
378 && (svc->protocol == protocol)) {
380 atomic_inc(&svc->usecnt);
390 * Get service by {fwmark} in the service table.
392 static __inline__ struct ip_vs_service *__ip_vs_svc_fwm_get(__u32 fwmark)
395 struct ip_vs_service *svc;
397 /* Check for fwmark addressed entries */
398 hash = ip_vs_svc_fwm_hashkey(fwmark);
400 list_for_each_entry(svc, &ip_vs_svc_fwm_table[hash], f_list) {
401 if (svc->fwmark == fwmark) {
403 atomic_inc(&svc->usecnt);
411 struct ip_vs_service *
412 ip_vs_service_get(__u32 fwmark, __u16 protocol, __be32 vaddr, __be16 vport)
414 struct ip_vs_service *svc;
416 read_lock(&__ip_vs_svc_lock);
419 * Check the table hashed by fwmark first
421 if (fwmark && (svc = __ip_vs_svc_fwm_get(fwmark)))
425 * Check the table hashed by <protocol,addr,port>
426 * for "full" addressed entries
428 svc = __ip_vs_service_get(protocol, vaddr, vport);
431 && protocol == IPPROTO_TCP
432 && atomic_read(&ip_vs_ftpsvc_counter)
433 && (vport == FTPDATA || ntohs(vport) >= PROT_SOCK)) {
435 * Check if ftp service entry exists, the packet
436 * might belong to FTP data connections.
438 svc = __ip_vs_service_get(protocol, vaddr, FTPPORT);
442 && atomic_read(&ip_vs_nullsvc_counter)) {
444 * Check if the catch-all port (port zero) exists
446 svc = __ip_vs_service_get(protocol, vaddr, 0);
450 read_unlock(&__ip_vs_svc_lock);
452 IP_VS_DBG(9, "lookup service: fwm %u %s %u.%u.%u.%u:%u %s\n",
453 fwmark, ip_vs_proto_name(protocol),
454 NIPQUAD(vaddr), ntohs(vport),
455 svc?"hit":"not hit");
462 __ip_vs_bind_svc(struct ip_vs_dest *dest, struct ip_vs_service *svc)
464 atomic_inc(&svc->refcnt);
469 __ip_vs_unbind_svc(struct ip_vs_dest *dest)
471 struct ip_vs_service *svc = dest->svc;
474 if (atomic_dec_and_test(&svc->refcnt))
480 * Returns hash value for real service
482 static __inline__ unsigned ip_vs_rs_hashkey(__be32 addr, __be16 port)
484 register unsigned porth = ntohs(port);
486 return (ntohl(addr)^(porth>>IP_VS_RTAB_BITS)^porth)
491 * Hashes ip_vs_dest in ip_vs_rtable by <proto,addr,port>.
492 * should be called with locked tables.
494 static int ip_vs_rs_hash(struct ip_vs_dest *dest)
498 if (!list_empty(&dest->d_list)) {
503 * Hash by proto,addr,port,
504 * which are the parameters of the real service.
506 hash = ip_vs_rs_hashkey(dest->addr, dest->port);
507 list_add(&dest->d_list, &ip_vs_rtable[hash]);
513 * UNhashes ip_vs_dest from ip_vs_rtable.
514 * should be called with locked tables.
516 static int ip_vs_rs_unhash(struct ip_vs_dest *dest)
519 * Remove it from the ip_vs_rtable table.
521 if (!list_empty(&dest->d_list)) {
522 list_del(&dest->d_list);
523 INIT_LIST_HEAD(&dest->d_list);
530 * Lookup real service by <proto,addr,port> in the real service table.
533 ip_vs_lookup_real_service(__u16 protocol, __be32 daddr, __be16 dport)
536 struct ip_vs_dest *dest;
539 * Check for "full" addressed entries
540 * Return the first found entry
542 hash = ip_vs_rs_hashkey(daddr, dport);
544 read_lock(&__ip_vs_rs_lock);
545 list_for_each_entry(dest, &ip_vs_rtable[hash], d_list) {
546 if ((dest->addr == daddr)
547 && (dest->port == dport)
548 && ((dest->protocol == protocol) ||
551 read_unlock(&__ip_vs_rs_lock);
555 read_unlock(&__ip_vs_rs_lock);
561 * Lookup destination by {addr,port} in the given service
563 static struct ip_vs_dest *
564 ip_vs_lookup_dest(struct ip_vs_service *svc, __be32 daddr, __be16 dport)
566 struct ip_vs_dest *dest;
569 * Find the destination for the given service
571 list_for_each_entry(dest, &svc->destinations, n_list) {
572 if ((dest->addr == daddr) && (dest->port == dport)) {
582 * Find destination by {daddr,dport,vaddr,protocol}
583 * Cretaed to be used in ip_vs_process_message() in
584 * the backup synchronization daemon. It finds the
585 * destination to be bound to the received connection
588 * ip_vs_lookup_real_service() looked promissing, but
589 * seems not working as expected.
591 struct ip_vs_dest *ip_vs_find_dest(__be32 daddr, __be16 dport,
592 __be32 vaddr, __be16 vport, __u16 protocol)
594 struct ip_vs_dest *dest;
595 struct ip_vs_service *svc;
597 svc = ip_vs_service_get(0, protocol, vaddr, vport);
600 dest = ip_vs_lookup_dest(svc, daddr, dport);
602 atomic_inc(&dest->refcnt);
603 ip_vs_service_put(svc);
608 * Lookup dest by {svc,addr,port} in the destination trash.
609 * The destination trash is used to hold the destinations that are removed
610 * from the service table but are still referenced by some conn entries.
611 * The reason to add the destination trash is when the dest is temporary
612 * down (either by administrator or by monitor program), the dest can be
613 * picked back from the trash, the remaining connections to the dest can
614 * continue, and the counting information of the dest is also useful for
617 static struct ip_vs_dest *
618 ip_vs_trash_get_dest(struct ip_vs_service *svc, __be32 daddr, __be16 dport)
620 struct ip_vs_dest *dest, *nxt;
623 * Find the destination in trash
625 list_for_each_entry_safe(dest, nxt, &ip_vs_dest_trash, n_list) {
626 IP_VS_DBG(3, "Destination %u/%u.%u.%u.%u:%u still in trash, "
629 NIPQUAD(dest->addr), ntohs(dest->port),
630 atomic_read(&dest->refcnt));
631 if (dest->addr == daddr &&
632 dest->port == dport &&
633 dest->vfwmark == svc->fwmark &&
634 dest->protocol == svc->protocol &&
636 (dest->vaddr == svc->addr &&
637 dest->vport == svc->port))) {
643 * Try to purge the destination from trash if not referenced
645 if (atomic_read(&dest->refcnt) == 1) {
646 IP_VS_DBG(3, "Removing destination %u/%u.%u.%u.%u:%u "
649 NIPQUAD(dest->addr), ntohs(dest->port));
650 list_del(&dest->n_list);
651 ip_vs_dst_reset(dest);
652 __ip_vs_unbind_svc(dest);
662 * Clean up all the destinations in the trash
663 * Called by the ip_vs_control_cleanup()
665 * When the ip_vs_control_clearup is activated by ipvs module exit,
666 * the service tables must have been flushed and all the connections
667 * are expired, and the refcnt of each destination in the trash must
668 * be 1, so we simply release them here.
670 static void ip_vs_trash_cleanup(void)
672 struct ip_vs_dest *dest, *nxt;
674 list_for_each_entry_safe(dest, nxt, &ip_vs_dest_trash, n_list) {
675 list_del(&dest->n_list);
676 ip_vs_dst_reset(dest);
677 __ip_vs_unbind_svc(dest);
684 ip_vs_zero_stats(struct ip_vs_stats *stats)
686 spin_lock_bh(&stats->lock);
700 ip_vs_zero_estimator(stats);
702 spin_unlock_bh(&stats->lock);
706 * Update a destination in the given service
709 __ip_vs_update_dest(struct ip_vs_service *svc,
710 struct ip_vs_dest *dest, struct ip_vs_dest_user *udest)
714 /* set the weight and the flags */
715 atomic_set(&dest->weight, udest->weight);
716 conn_flags = udest->conn_flags | IP_VS_CONN_F_INACTIVE;
718 /* check if local node and update the flags */
719 if (inet_addr_type(&init_net, udest->addr) == RTN_LOCAL) {
720 conn_flags = (conn_flags & ~IP_VS_CONN_F_FWD_MASK)
721 | IP_VS_CONN_F_LOCALNODE;
724 /* set the IP_VS_CONN_F_NOOUTPUT flag if not masquerading/NAT */
725 if ((conn_flags & IP_VS_CONN_F_FWD_MASK) != 0) {
726 conn_flags |= IP_VS_CONN_F_NOOUTPUT;
729 * Put the real service in ip_vs_rtable if not present.
730 * For now only for NAT!
732 write_lock_bh(&__ip_vs_rs_lock);
734 write_unlock_bh(&__ip_vs_rs_lock);
736 atomic_set(&dest->conn_flags, conn_flags);
738 /* bind the service */
740 __ip_vs_bind_svc(dest, svc);
742 if (dest->svc != svc) {
743 __ip_vs_unbind_svc(dest);
744 ip_vs_zero_stats(&dest->stats);
745 __ip_vs_bind_svc(dest, svc);
749 /* set the dest status flags */
750 dest->flags |= IP_VS_DEST_F_AVAILABLE;
752 if (udest->u_threshold == 0 || udest->u_threshold > dest->u_threshold)
753 dest->flags &= ~IP_VS_DEST_F_OVERLOAD;
754 dest->u_threshold = udest->u_threshold;
755 dest->l_threshold = udest->l_threshold;
760 * Create a destination for the given service
763 ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest,
764 struct ip_vs_dest **dest_p)
766 struct ip_vs_dest *dest;
771 atype = inet_addr_type(&init_net, udest->addr);
772 if (atype != RTN_LOCAL && atype != RTN_UNICAST)
775 dest = kzalloc(sizeof(struct ip_vs_dest), GFP_ATOMIC);
777 IP_VS_ERR("ip_vs_new_dest: kmalloc failed.\n");
781 dest->protocol = svc->protocol;
782 dest->vaddr = svc->addr;
783 dest->vport = svc->port;
784 dest->vfwmark = svc->fwmark;
785 dest->addr = udest->addr;
786 dest->port = udest->port;
788 atomic_set(&dest->activeconns, 0);
789 atomic_set(&dest->inactconns, 0);
790 atomic_set(&dest->persistconns, 0);
791 atomic_set(&dest->refcnt, 0);
793 INIT_LIST_HEAD(&dest->d_list);
794 spin_lock_init(&dest->dst_lock);
795 spin_lock_init(&dest->stats.lock);
796 __ip_vs_update_dest(svc, dest, udest);
797 ip_vs_new_estimator(&dest->stats);
807 * Add a destination into an existing service
810 ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest)
812 struct ip_vs_dest *dest;
813 __be32 daddr = udest->addr;
814 __be16 dport = udest->port;
819 if (udest->weight < 0) {
820 IP_VS_ERR("ip_vs_add_dest(): server weight less than zero\n");
824 if (udest->l_threshold > udest->u_threshold) {
825 IP_VS_ERR("ip_vs_add_dest(): lower threshold is higher than "
826 "upper threshold\n");
831 * Check if the dest already exists in the list
833 dest = ip_vs_lookup_dest(svc, daddr, dport);
835 IP_VS_DBG(1, "ip_vs_add_dest(): dest already exists\n");
840 * Check if the dest already exists in the trash and
841 * is from the same service
843 dest = ip_vs_trash_get_dest(svc, daddr, dport);
845 IP_VS_DBG(3, "Get destination %u.%u.%u.%u:%u from trash, "
846 "dest->refcnt=%d, service %u/%u.%u.%u.%u:%u\n",
847 NIPQUAD(daddr), ntohs(dport),
848 atomic_read(&dest->refcnt),
850 NIPQUAD(dest->vaddr),
852 __ip_vs_update_dest(svc, dest, udest);
855 * Get the destination from the trash
857 list_del(&dest->n_list);
859 ip_vs_new_estimator(&dest->stats);
861 write_lock_bh(&__ip_vs_svc_lock);
864 * Wait until all other svc users go away.
866 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
868 list_add(&dest->n_list, &svc->destinations);
871 /* call the update_service function of its scheduler */
872 svc->scheduler->update_service(svc);
874 write_unlock_bh(&__ip_vs_svc_lock);
879 * Allocate and initialize the dest structure
881 ret = ip_vs_new_dest(svc, udest, &dest);
887 * Add the dest entry into the list
889 atomic_inc(&dest->refcnt);
891 write_lock_bh(&__ip_vs_svc_lock);
894 * Wait until all other svc users go away.
896 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
898 list_add(&dest->n_list, &svc->destinations);
901 /* call the update_service function of its scheduler */
902 svc->scheduler->update_service(svc);
904 write_unlock_bh(&__ip_vs_svc_lock);
913 * Edit a destination in the given service
916 ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest)
918 struct ip_vs_dest *dest;
919 __be32 daddr = udest->addr;
920 __be16 dport = udest->port;
924 if (udest->weight < 0) {
925 IP_VS_ERR("ip_vs_edit_dest(): server weight less than zero\n");
929 if (udest->l_threshold > udest->u_threshold) {
930 IP_VS_ERR("ip_vs_edit_dest(): lower threshold is higher than "
931 "upper threshold\n");
936 * Lookup the destination list
938 dest = ip_vs_lookup_dest(svc, daddr, dport);
940 IP_VS_DBG(1, "ip_vs_edit_dest(): dest doesn't exist\n");
944 __ip_vs_update_dest(svc, dest, udest);
946 write_lock_bh(&__ip_vs_svc_lock);
948 /* Wait until all other svc users go away */
949 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
951 /* call the update_service, because server weight may be changed */
952 svc->scheduler->update_service(svc);
954 write_unlock_bh(&__ip_vs_svc_lock);
963 * Delete a destination (must be already unlinked from the service)
965 static void __ip_vs_del_dest(struct ip_vs_dest *dest)
967 ip_vs_kill_estimator(&dest->stats);
970 * Remove it from the d-linked list with the real services.
972 write_lock_bh(&__ip_vs_rs_lock);
973 ip_vs_rs_unhash(dest);
974 write_unlock_bh(&__ip_vs_rs_lock);
977 * Decrease the refcnt of the dest, and free the dest
978 * if nobody refers to it (refcnt=0). Otherwise, throw
979 * the destination into the trash.
981 if (atomic_dec_and_test(&dest->refcnt)) {
982 ip_vs_dst_reset(dest);
983 /* simply decrease svc->refcnt here, let the caller check
984 and release the service if nobody refers to it.
985 Only user context can release destination and service,
986 and only one user context can update virtual service at a
987 time, so the operation here is OK */
988 atomic_dec(&dest->svc->refcnt);
991 IP_VS_DBG(3, "Moving dest %u.%u.%u.%u:%u into trash, "
993 NIPQUAD(dest->addr), ntohs(dest->port),
994 atomic_read(&dest->refcnt));
995 list_add(&dest->n_list, &ip_vs_dest_trash);
996 atomic_inc(&dest->refcnt);
1002 * Unlink a destination from the given service
1004 static void __ip_vs_unlink_dest(struct ip_vs_service *svc,
1005 struct ip_vs_dest *dest,
1008 dest->flags &= ~IP_VS_DEST_F_AVAILABLE;
1011 * Remove it from the d-linked destination list.
1013 list_del(&dest->n_list);
1017 * Call the update_service function of its scheduler
1019 svc->scheduler->update_service(svc);
1025 * Delete a destination server in the given service
1028 ip_vs_del_dest(struct ip_vs_service *svc,struct ip_vs_dest_user *udest)
1030 struct ip_vs_dest *dest;
1031 __be32 daddr = udest->addr;
1032 __be16 dport = udest->port;
1036 dest = ip_vs_lookup_dest(svc, daddr, dport);
1038 IP_VS_DBG(1, "ip_vs_del_dest(): destination not found!\n");
1042 write_lock_bh(&__ip_vs_svc_lock);
1045 * Wait until all other svc users go away.
1047 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1050 * Unlink dest from the service
1052 __ip_vs_unlink_dest(svc, dest, 1);
1054 write_unlock_bh(&__ip_vs_svc_lock);
1057 * Delete the destination
1059 __ip_vs_del_dest(dest);
1068 * Add a service into the service hash table
1071 ip_vs_add_service(struct ip_vs_service_user *u, struct ip_vs_service **svc_p)
1074 struct ip_vs_scheduler *sched = NULL;
1075 struct ip_vs_service *svc = NULL;
1077 /* increase the module use count */
1078 ip_vs_use_count_inc();
1080 /* Lookup the scheduler by 'u->sched_name' */
1081 sched = ip_vs_scheduler_get(u->sched_name);
1082 if (sched == NULL) {
1083 IP_VS_INFO("Scheduler module ip_vs_%s not found\n",
1089 svc = kzalloc(sizeof(struct ip_vs_service), GFP_ATOMIC);
1091 IP_VS_DBG(1, "ip_vs_add_service: kmalloc failed.\n");
1096 /* I'm the first user of the service */
1097 atomic_set(&svc->usecnt, 1);
1098 atomic_set(&svc->refcnt, 0);
1100 svc->protocol = u->protocol;
1101 svc->addr = u->addr;
1102 svc->port = u->port;
1103 svc->fwmark = u->fwmark;
1104 svc->flags = u->flags;
1105 svc->timeout = u->timeout * HZ;
1106 svc->netmask = u->netmask;
1108 INIT_LIST_HEAD(&svc->destinations);
1109 rwlock_init(&svc->sched_lock);
1110 spin_lock_init(&svc->stats.lock);
1112 /* Bind the scheduler */
1113 ret = ip_vs_bind_scheduler(svc, sched);
1118 /* Update the virtual service counters */
1119 if (svc->port == FTPPORT)
1120 atomic_inc(&ip_vs_ftpsvc_counter);
1121 else if (svc->port == 0)
1122 atomic_inc(&ip_vs_nullsvc_counter);
1124 ip_vs_new_estimator(&svc->stats);
1125 ip_vs_num_services++;
1127 /* Hash the service into the service table */
1128 write_lock_bh(&__ip_vs_svc_lock);
1129 ip_vs_svc_hash(svc);
1130 write_unlock_bh(&__ip_vs_svc_lock);
1138 ip_vs_unbind_scheduler(svc);
1141 ip_vs_app_inc_put(svc->inc);
1146 ip_vs_scheduler_put(sched);
1149 /* decrease the module use count */
1150 ip_vs_use_count_dec();
1157 * Edit a service and bind it with a new scheduler
1160 ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user *u)
1162 struct ip_vs_scheduler *sched, *old_sched;
1166 * Lookup the scheduler, by 'u->sched_name'
1168 sched = ip_vs_scheduler_get(u->sched_name);
1169 if (sched == NULL) {
1170 IP_VS_INFO("Scheduler module ip_vs_%s not found\n",
1176 write_lock_bh(&__ip_vs_svc_lock);
1179 * Wait until all other svc users go away.
1181 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1184 * Set the flags and timeout value
1186 svc->flags = u->flags | IP_VS_SVC_F_HASHED;
1187 svc->timeout = u->timeout * HZ;
1188 svc->netmask = u->netmask;
1190 old_sched = svc->scheduler;
1191 if (sched != old_sched) {
1193 * Unbind the old scheduler
1195 if ((ret = ip_vs_unbind_scheduler(svc))) {
1201 * Bind the new scheduler
1203 if ((ret = ip_vs_bind_scheduler(svc, sched))) {
1205 * If ip_vs_bind_scheduler fails, restore the old
1207 * The main reason of failure is out of memory.
1209 * The question is if the old scheduler can be
1210 * restored all the time. TODO: if it cannot be
1211 * restored some time, we must delete the service,
1212 * otherwise the system may crash.
1214 ip_vs_bind_scheduler(svc, old_sched);
1221 write_unlock_bh(&__ip_vs_svc_lock);
1224 ip_vs_scheduler_put(old_sched);
1231 * Delete a service from the service list
1232 * - The service must be unlinked, unlocked and not referenced!
1233 * - We are called under _bh lock
1235 static void __ip_vs_del_service(struct ip_vs_service *svc)
1237 struct ip_vs_dest *dest, *nxt;
1238 struct ip_vs_scheduler *old_sched;
1240 ip_vs_num_services--;
1241 ip_vs_kill_estimator(&svc->stats);
1243 /* Unbind scheduler */
1244 old_sched = svc->scheduler;
1245 ip_vs_unbind_scheduler(svc);
1247 ip_vs_scheduler_put(old_sched);
1249 /* Unbind app inc */
1251 ip_vs_app_inc_put(svc->inc);
1256 * Unlink the whole destination list
1258 list_for_each_entry_safe(dest, nxt, &svc->destinations, n_list) {
1259 __ip_vs_unlink_dest(svc, dest, 0);
1260 __ip_vs_del_dest(dest);
1264 * Update the virtual service counters
1266 if (svc->port == FTPPORT)
1267 atomic_dec(&ip_vs_ftpsvc_counter);
1268 else if (svc->port == 0)
1269 atomic_dec(&ip_vs_nullsvc_counter);
1272 * Free the service if nobody refers to it
1274 if (atomic_read(&svc->refcnt) == 0)
1277 /* decrease the module use count */
1278 ip_vs_use_count_dec();
1282 * Delete a service from the service list
1284 static int ip_vs_del_service(struct ip_vs_service *svc)
1290 * Unhash it from the service table
1292 write_lock_bh(&__ip_vs_svc_lock);
1294 ip_vs_svc_unhash(svc);
1297 * Wait until all the svc users go away.
1299 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 1);
1301 __ip_vs_del_service(svc);
1303 write_unlock_bh(&__ip_vs_svc_lock);
1310 * Flush all the virtual services
1312 static int ip_vs_flush(void)
1315 struct ip_vs_service *svc, *nxt;
1318 * Flush the service table hashed by <protocol,addr,port>
1320 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1321 list_for_each_entry_safe(svc, nxt, &ip_vs_svc_table[idx], s_list) {
1322 write_lock_bh(&__ip_vs_svc_lock);
1323 ip_vs_svc_unhash(svc);
1325 * Wait until all the svc users go away.
1327 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 0);
1328 __ip_vs_del_service(svc);
1329 write_unlock_bh(&__ip_vs_svc_lock);
1334 * Flush the service table hashed by fwmark
1336 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1337 list_for_each_entry_safe(svc, nxt,
1338 &ip_vs_svc_fwm_table[idx], f_list) {
1339 write_lock_bh(&__ip_vs_svc_lock);
1340 ip_vs_svc_unhash(svc);
1342 * Wait until all the svc users go away.
1344 IP_VS_WAIT_WHILE(atomic_read(&svc->usecnt) > 0);
1345 __ip_vs_del_service(svc);
1346 write_unlock_bh(&__ip_vs_svc_lock);
1355 * Zero counters in a service or all services
1357 static int ip_vs_zero_service(struct ip_vs_service *svc)
1359 struct ip_vs_dest *dest;
1361 write_lock_bh(&__ip_vs_svc_lock);
1362 list_for_each_entry(dest, &svc->destinations, n_list) {
1363 ip_vs_zero_stats(&dest->stats);
1365 ip_vs_zero_stats(&svc->stats);
1366 write_unlock_bh(&__ip_vs_svc_lock);
1370 static int ip_vs_zero_all(void)
1373 struct ip_vs_service *svc;
1375 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1376 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1377 ip_vs_zero_service(svc);
1381 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1382 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1383 ip_vs_zero_service(svc);
1387 ip_vs_zero_stats(&ip_vs_stats);
1393 proc_do_defense_mode(ctl_table *table, int write, struct file * filp,
1394 void __user *buffer, size_t *lenp, loff_t *ppos)
1396 int *valp = table->data;
1400 rc = proc_dointvec(table, write, filp, buffer, lenp, ppos);
1401 if (write && (*valp != val)) {
1402 if ((*valp < 0) || (*valp > 3)) {
1403 /* Restore the correct value */
1406 update_defense_level();
1414 proc_do_sync_threshold(ctl_table *table, int write, struct file *filp,
1415 void __user *buffer, size_t *lenp, loff_t *ppos)
1417 int *valp = table->data;
1421 /* backup the value first */
1422 memcpy(val, valp, sizeof(val));
1424 rc = proc_dointvec(table, write, filp, buffer, lenp, ppos);
1425 if (write && (valp[0] < 0 || valp[1] < 0 || valp[0] >= valp[1])) {
1426 /* Restore the correct value */
1427 memcpy(valp, val, sizeof(val));
1434 * IPVS sysctl table (under the /proc/sys/net/ipv4/vs/)
1437 static struct ctl_table vs_vars[] = {
1439 .procname = "amemthresh",
1440 .data = &sysctl_ip_vs_amemthresh,
1441 .maxlen = sizeof(int),
1443 .proc_handler = &proc_dointvec,
1445 #ifdef CONFIG_IP_VS_DEBUG
1447 .procname = "debug_level",
1448 .data = &sysctl_ip_vs_debug_level,
1449 .maxlen = sizeof(int),
1451 .proc_handler = &proc_dointvec,
1455 .procname = "am_droprate",
1456 .data = &sysctl_ip_vs_am_droprate,
1457 .maxlen = sizeof(int),
1459 .proc_handler = &proc_dointvec,
1462 .procname = "drop_entry",
1463 .data = &sysctl_ip_vs_drop_entry,
1464 .maxlen = sizeof(int),
1466 .proc_handler = &proc_do_defense_mode,
1469 .procname = "drop_packet",
1470 .data = &sysctl_ip_vs_drop_packet,
1471 .maxlen = sizeof(int),
1473 .proc_handler = &proc_do_defense_mode,
1476 .procname = "secure_tcp",
1477 .data = &sysctl_ip_vs_secure_tcp,
1478 .maxlen = sizeof(int),
1480 .proc_handler = &proc_do_defense_mode,
1484 .procname = "timeout_established",
1485 .data = &vs_timeout_table_dos.timeout[IP_VS_S_ESTABLISHED],
1486 .maxlen = sizeof(int),
1488 .proc_handler = &proc_dointvec_jiffies,
1491 .procname = "timeout_synsent",
1492 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYN_SENT],
1493 .maxlen = sizeof(int),
1495 .proc_handler = &proc_dointvec_jiffies,
1498 .procname = "timeout_synrecv",
1499 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYN_RECV],
1500 .maxlen = sizeof(int),
1502 .proc_handler = &proc_dointvec_jiffies,
1505 .procname = "timeout_finwait",
1506 .data = &vs_timeout_table_dos.timeout[IP_VS_S_FIN_WAIT],
1507 .maxlen = sizeof(int),
1509 .proc_handler = &proc_dointvec_jiffies,
1512 .procname = "timeout_timewait",
1513 .data = &vs_timeout_table_dos.timeout[IP_VS_S_TIME_WAIT],
1514 .maxlen = sizeof(int),
1516 .proc_handler = &proc_dointvec_jiffies,
1519 .procname = "timeout_close",
1520 .data = &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE],
1521 .maxlen = sizeof(int),
1523 .proc_handler = &proc_dointvec_jiffies,
1526 .procname = "timeout_closewait",
1527 .data = &vs_timeout_table_dos.timeout[IP_VS_S_CLOSE_WAIT],
1528 .maxlen = sizeof(int),
1530 .proc_handler = &proc_dointvec_jiffies,
1533 .procname = "timeout_lastack",
1534 .data = &vs_timeout_table_dos.timeout[IP_VS_S_LAST_ACK],
1535 .maxlen = sizeof(int),
1537 .proc_handler = &proc_dointvec_jiffies,
1540 .procname = "timeout_listen",
1541 .data = &vs_timeout_table_dos.timeout[IP_VS_S_LISTEN],
1542 .maxlen = sizeof(int),
1544 .proc_handler = &proc_dointvec_jiffies,
1547 .procname = "timeout_synack",
1548 .data = &vs_timeout_table_dos.timeout[IP_VS_S_SYNACK],
1549 .maxlen = sizeof(int),
1551 .proc_handler = &proc_dointvec_jiffies,
1554 .procname = "timeout_udp",
1555 .data = &vs_timeout_table_dos.timeout[IP_VS_S_UDP],
1556 .maxlen = sizeof(int),
1558 .proc_handler = &proc_dointvec_jiffies,
1561 .procname = "timeout_icmp",
1562 .data = &vs_timeout_table_dos.timeout[IP_VS_S_ICMP],
1563 .maxlen = sizeof(int),
1565 .proc_handler = &proc_dointvec_jiffies,
1569 .procname = "cache_bypass",
1570 .data = &sysctl_ip_vs_cache_bypass,
1571 .maxlen = sizeof(int),
1573 .proc_handler = &proc_dointvec,
1576 .procname = "expire_nodest_conn",
1577 .data = &sysctl_ip_vs_expire_nodest_conn,
1578 .maxlen = sizeof(int),
1580 .proc_handler = &proc_dointvec,
1583 .procname = "expire_quiescent_template",
1584 .data = &sysctl_ip_vs_expire_quiescent_template,
1585 .maxlen = sizeof(int),
1587 .proc_handler = &proc_dointvec,
1590 .procname = "sync_threshold",
1591 .data = &sysctl_ip_vs_sync_threshold,
1592 .maxlen = sizeof(sysctl_ip_vs_sync_threshold),
1594 .proc_handler = &proc_do_sync_threshold,
1597 .procname = "nat_icmp_send",
1598 .data = &sysctl_ip_vs_nat_icmp_send,
1599 .maxlen = sizeof(int),
1601 .proc_handler = &proc_dointvec,
1606 const struct ctl_path net_vs_ctl_path[] = {
1607 { .procname = "net", .ctl_name = CTL_NET, },
1608 { .procname = "ipv4", .ctl_name = NET_IPV4, },
1609 { .procname = "vs", },
1612 EXPORT_SYMBOL_GPL(net_vs_ctl_path);
1614 static struct ctl_table_header * sysctl_header;
1616 #ifdef CONFIG_PROC_FS
1619 struct list_head *table;
1624 * Write the contents of the VS rule table to a PROCfs file.
1625 * (It is kept just for backward compatibility)
1627 static inline const char *ip_vs_fwd_name(unsigned flags)
1629 switch (flags & IP_VS_CONN_F_FWD_MASK) {
1630 case IP_VS_CONN_F_LOCALNODE:
1632 case IP_VS_CONN_F_TUNNEL:
1634 case IP_VS_CONN_F_DROUTE:
1642 /* Get the Nth entry in the two lists */
1643 static struct ip_vs_service *ip_vs_info_array(struct seq_file *seq, loff_t pos)
1645 struct ip_vs_iter *iter = seq->private;
1647 struct ip_vs_service *svc;
1649 /* look in hash by protocol */
1650 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1651 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1653 iter->table = ip_vs_svc_table;
1660 /* keep looking in fwmark */
1661 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1662 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1664 iter->table = ip_vs_svc_fwm_table;
1674 static void *ip_vs_info_seq_start(struct seq_file *seq, loff_t *pos)
1677 read_lock_bh(&__ip_vs_svc_lock);
1678 return *pos ? ip_vs_info_array(seq, *pos - 1) : SEQ_START_TOKEN;
1682 static void *ip_vs_info_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1684 struct list_head *e;
1685 struct ip_vs_iter *iter;
1686 struct ip_vs_service *svc;
1689 if (v == SEQ_START_TOKEN)
1690 return ip_vs_info_array(seq,0);
1693 iter = seq->private;
1695 if (iter->table == ip_vs_svc_table) {
1696 /* next service in table hashed by protocol */
1697 if ((e = svc->s_list.next) != &ip_vs_svc_table[iter->bucket])
1698 return list_entry(e, struct ip_vs_service, s_list);
1701 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1702 list_for_each_entry(svc,&ip_vs_svc_table[iter->bucket],
1708 iter->table = ip_vs_svc_fwm_table;
1713 /* next service in hashed by fwmark */
1714 if ((e = svc->f_list.next) != &ip_vs_svc_fwm_table[iter->bucket])
1715 return list_entry(e, struct ip_vs_service, f_list);
1718 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1719 list_for_each_entry(svc, &ip_vs_svc_fwm_table[iter->bucket],
1727 static void ip_vs_info_seq_stop(struct seq_file *seq, void *v)
1729 read_unlock_bh(&__ip_vs_svc_lock);
1733 static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
1735 if (v == SEQ_START_TOKEN) {
1737 "IP Virtual Server version %d.%d.%d (size=%d)\n",
1738 NVERSION(IP_VS_VERSION_CODE), IP_VS_CONN_TAB_SIZE);
1740 "Prot LocalAddress:Port Scheduler Flags\n");
1742 " -> RemoteAddress:Port Forward Weight ActiveConn InActConn\n");
1744 const struct ip_vs_service *svc = v;
1745 const struct ip_vs_iter *iter = seq->private;
1746 const struct ip_vs_dest *dest;
1748 if (iter->table == ip_vs_svc_table)
1749 seq_printf(seq, "%s %08X:%04X %s ",
1750 ip_vs_proto_name(svc->protocol),
1753 svc->scheduler->name);
1755 seq_printf(seq, "FWM %08X %s ",
1756 svc->fwmark, svc->scheduler->name);
1758 if (svc->flags & IP_VS_SVC_F_PERSISTENT)
1759 seq_printf(seq, "persistent %d %08X\n",
1761 ntohl(svc->netmask));
1763 seq_putc(seq, '\n');
1765 list_for_each_entry(dest, &svc->destinations, n_list) {
1767 " -> %08X:%04X %-7s %-6d %-10d %-10d\n",
1768 ntohl(dest->addr), ntohs(dest->port),
1769 ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
1770 atomic_read(&dest->weight),
1771 atomic_read(&dest->activeconns),
1772 atomic_read(&dest->inactconns));
1778 static const struct seq_operations ip_vs_info_seq_ops = {
1779 .start = ip_vs_info_seq_start,
1780 .next = ip_vs_info_seq_next,
1781 .stop = ip_vs_info_seq_stop,
1782 .show = ip_vs_info_seq_show,
1785 static int ip_vs_info_open(struct inode *inode, struct file *file)
1787 return seq_open_private(file, &ip_vs_info_seq_ops,
1788 sizeof(struct ip_vs_iter));
1791 static const struct file_operations ip_vs_info_fops = {
1792 .owner = THIS_MODULE,
1793 .open = ip_vs_info_open,
1795 .llseek = seq_lseek,
1796 .release = seq_release_private,
1801 struct ip_vs_stats ip_vs_stats = {
1802 .lock = __SPIN_LOCK_UNLOCKED(ip_vs_stats.lock),
1805 #ifdef CONFIG_PROC_FS
1806 static int ip_vs_stats_show(struct seq_file *seq, void *v)
1809 /* 01234567 01234567 01234567 0123456701234567 0123456701234567 */
1811 " Total Incoming Outgoing Incoming Outgoing\n");
1813 " Conns Packets Packets Bytes Bytes\n");
1815 spin_lock_bh(&ip_vs_stats.lock);
1816 seq_printf(seq, "%8X %8X %8X %16LX %16LX\n\n", ip_vs_stats.conns,
1817 ip_vs_stats.inpkts, ip_vs_stats.outpkts,
1818 (unsigned long long) ip_vs_stats.inbytes,
1819 (unsigned long long) ip_vs_stats.outbytes);
1821 /* 01234567 01234567 01234567 0123456701234567 0123456701234567 */
1823 " Conns/s Pkts/s Pkts/s Bytes/s Bytes/s\n");
1824 seq_printf(seq,"%8X %8X %8X %16X %16X\n",
1829 ip_vs_stats.outbps);
1830 spin_unlock_bh(&ip_vs_stats.lock);
1835 static int ip_vs_stats_seq_open(struct inode *inode, struct file *file)
1837 return single_open(file, ip_vs_stats_show, NULL);
1840 static const struct file_operations ip_vs_stats_fops = {
1841 .owner = THIS_MODULE,
1842 .open = ip_vs_stats_seq_open,
1844 .llseek = seq_lseek,
1845 .release = single_release,
1851 * Set timeout values for tcp tcpfin udp in the timeout_table.
1853 static int ip_vs_set_timeout(struct ip_vs_timeout_user *u)
1855 IP_VS_DBG(2, "Setting timeout tcp:%d tcpfin:%d udp:%d\n",
1860 #ifdef CONFIG_IP_VS_PROTO_TCP
1861 if (u->tcp_timeout) {
1862 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_ESTABLISHED]
1863 = u->tcp_timeout * HZ;
1866 if (u->tcp_fin_timeout) {
1867 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_FIN_WAIT]
1868 = u->tcp_fin_timeout * HZ;
1872 #ifdef CONFIG_IP_VS_PROTO_UDP
1873 if (u->udp_timeout) {
1874 ip_vs_protocol_udp.timeout_table[IP_VS_UDP_S_NORMAL]
1875 = u->udp_timeout * HZ;
1882 #define SET_CMDID(cmd) (cmd - IP_VS_BASE_CTL)
1883 #define SERVICE_ARG_LEN (sizeof(struct ip_vs_service_user))
1884 #define SVCDEST_ARG_LEN (sizeof(struct ip_vs_service_user) + \
1885 sizeof(struct ip_vs_dest_user))
1886 #define TIMEOUT_ARG_LEN (sizeof(struct ip_vs_timeout_user))
1887 #define DAEMON_ARG_LEN (sizeof(struct ip_vs_daemon_user))
1888 #define MAX_ARG_LEN SVCDEST_ARG_LEN
1890 static const unsigned char set_arglen[SET_CMDID(IP_VS_SO_SET_MAX)+1] = {
1891 [SET_CMDID(IP_VS_SO_SET_ADD)] = SERVICE_ARG_LEN,
1892 [SET_CMDID(IP_VS_SO_SET_EDIT)] = SERVICE_ARG_LEN,
1893 [SET_CMDID(IP_VS_SO_SET_DEL)] = SERVICE_ARG_LEN,
1894 [SET_CMDID(IP_VS_SO_SET_FLUSH)] = 0,
1895 [SET_CMDID(IP_VS_SO_SET_ADDDEST)] = SVCDEST_ARG_LEN,
1896 [SET_CMDID(IP_VS_SO_SET_DELDEST)] = SVCDEST_ARG_LEN,
1897 [SET_CMDID(IP_VS_SO_SET_EDITDEST)] = SVCDEST_ARG_LEN,
1898 [SET_CMDID(IP_VS_SO_SET_TIMEOUT)] = TIMEOUT_ARG_LEN,
1899 [SET_CMDID(IP_VS_SO_SET_STARTDAEMON)] = DAEMON_ARG_LEN,
1900 [SET_CMDID(IP_VS_SO_SET_STOPDAEMON)] = DAEMON_ARG_LEN,
1901 [SET_CMDID(IP_VS_SO_SET_ZERO)] = SERVICE_ARG_LEN,
1905 do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
1908 unsigned char arg[MAX_ARG_LEN];
1909 struct ip_vs_service_user *usvc;
1910 struct ip_vs_service *svc;
1911 struct ip_vs_dest_user *udest;
1913 if (!capable(CAP_NET_ADMIN))
1916 if (len != set_arglen[SET_CMDID(cmd)]) {
1917 IP_VS_ERR("set_ctl: len %u != %u\n",
1918 len, set_arglen[SET_CMDID(cmd)]);
1922 if (copy_from_user(arg, user, len) != 0)
1925 /* increase the module use count */
1926 ip_vs_use_count_inc();
1928 if (mutex_lock_interruptible(&__ip_vs_mutex)) {
1933 if (cmd == IP_VS_SO_SET_FLUSH) {
1934 /* Flush the virtual service */
1935 ret = ip_vs_flush();
1937 } else if (cmd == IP_VS_SO_SET_TIMEOUT) {
1938 /* Set timeout values for (tcp tcpfin udp) */
1939 ret = ip_vs_set_timeout((struct ip_vs_timeout_user *)arg);
1941 } else if (cmd == IP_VS_SO_SET_STARTDAEMON) {
1942 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
1943 ret = start_sync_thread(dm->state, dm->mcast_ifn, dm->syncid);
1945 } else if (cmd == IP_VS_SO_SET_STOPDAEMON) {
1946 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
1947 ret = stop_sync_thread(dm->state);
1951 usvc = (struct ip_vs_service_user *)arg;
1952 udest = (struct ip_vs_dest_user *)(usvc + 1);
1954 if (cmd == IP_VS_SO_SET_ZERO) {
1955 /* if no service address is set, zero counters in all */
1956 if (!usvc->fwmark && !usvc->addr && !usvc->port) {
1957 ret = ip_vs_zero_all();
1962 /* Check for valid protocol: TCP or UDP, even for fwmark!=0 */
1963 if (usvc->protocol!=IPPROTO_TCP && usvc->protocol!=IPPROTO_UDP) {
1964 IP_VS_ERR("set_ctl: invalid protocol: %d %d.%d.%d.%d:%d %s\n",
1965 usvc->protocol, NIPQUAD(usvc->addr),
1966 ntohs(usvc->port), usvc->sched_name);
1971 /* Lookup the exact service by <protocol, addr, port> or fwmark */
1972 if (usvc->fwmark == 0)
1973 svc = __ip_vs_service_get(usvc->protocol,
1974 usvc->addr, usvc->port);
1976 svc = __ip_vs_svc_fwm_get(usvc->fwmark);
1978 if (cmd != IP_VS_SO_SET_ADD
1979 && (svc == NULL || svc->protocol != usvc->protocol)) {
1985 case IP_VS_SO_SET_ADD:
1989 ret = ip_vs_add_service(usvc, &svc);
1991 case IP_VS_SO_SET_EDIT:
1992 ret = ip_vs_edit_service(svc, usvc);
1994 case IP_VS_SO_SET_DEL:
1995 ret = ip_vs_del_service(svc);
1999 case IP_VS_SO_SET_ZERO:
2000 ret = ip_vs_zero_service(svc);
2002 case IP_VS_SO_SET_ADDDEST:
2003 ret = ip_vs_add_dest(svc, udest);
2005 case IP_VS_SO_SET_EDITDEST:
2006 ret = ip_vs_edit_dest(svc, udest);
2008 case IP_VS_SO_SET_DELDEST:
2009 ret = ip_vs_del_dest(svc, udest);
2016 ip_vs_service_put(svc);
2019 mutex_unlock(&__ip_vs_mutex);
2021 /* decrease the module use count */
2022 ip_vs_use_count_dec();
2029 ip_vs_copy_stats(struct ip_vs_stats_user *dst, struct ip_vs_stats *src)
2031 spin_lock_bh(&src->lock);
2032 memcpy(dst, src, (char*)&src->lock - (char*)src);
2033 spin_unlock_bh(&src->lock);
2037 ip_vs_copy_service(struct ip_vs_service_entry *dst, struct ip_vs_service *src)
2039 dst->protocol = src->protocol;
2040 dst->addr = src->addr;
2041 dst->port = src->port;
2042 dst->fwmark = src->fwmark;
2043 strlcpy(dst->sched_name, src->scheduler->name, sizeof(dst->sched_name));
2044 dst->flags = src->flags;
2045 dst->timeout = src->timeout / HZ;
2046 dst->netmask = src->netmask;
2047 dst->num_dests = src->num_dests;
2048 ip_vs_copy_stats(&dst->stats, &src->stats);
2052 __ip_vs_get_service_entries(const struct ip_vs_get_services *get,
2053 struct ip_vs_get_services __user *uptr)
2056 struct ip_vs_service *svc;
2057 struct ip_vs_service_entry entry;
2060 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2061 list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
2062 if (count >= get->num_services)
2064 memset(&entry, 0, sizeof(entry));
2065 ip_vs_copy_service(&entry, svc);
2066 if (copy_to_user(&uptr->entrytable[count],
2067 &entry, sizeof(entry))) {
2075 for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2076 list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
2077 if (count >= get->num_services)
2079 memset(&entry, 0, sizeof(entry));
2080 ip_vs_copy_service(&entry, svc);
2081 if (copy_to_user(&uptr->entrytable[count],
2082 &entry, sizeof(entry))) {
2094 __ip_vs_get_dest_entries(const struct ip_vs_get_dests *get,
2095 struct ip_vs_get_dests __user *uptr)
2097 struct ip_vs_service *svc;
2101 svc = __ip_vs_svc_fwm_get(get->fwmark);
2103 svc = __ip_vs_service_get(get->protocol,
2104 get->addr, get->port);
2107 struct ip_vs_dest *dest;
2108 struct ip_vs_dest_entry entry;
2110 list_for_each_entry(dest, &svc->destinations, n_list) {
2111 if (count >= get->num_dests)
2114 entry.addr = dest->addr;
2115 entry.port = dest->port;
2116 entry.conn_flags = atomic_read(&dest->conn_flags);
2117 entry.weight = atomic_read(&dest->weight);
2118 entry.u_threshold = dest->u_threshold;
2119 entry.l_threshold = dest->l_threshold;
2120 entry.activeconns = atomic_read(&dest->activeconns);
2121 entry.inactconns = atomic_read(&dest->inactconns);
2122 entry.persistconns = atomic_read(&dest->persistconns);
2123 ip_vs_copy_stats(&entry.stats, &dest->stats);
2124 if (copy_to_user(&uptr->entrytable[count],
2125 &entry, sizeof(entry))) {
2131 ip_vs_service_put(svc);
2138 __ip_vs_get_timeouts(struct ip_vs_timeout_user *u)
2140 #ifdef CONFIG_IP_VS_PROTO_TCP
2142 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_ESTABLISHED] / HZ;
2143 u->tcp_fin_timeout =
2144 ip_vs_protocol_tcp.timeout_table[IP_VS_TCP_S_FIN_WAIT] / HZ;
2146 #ifdef CONFIG_IP_VS_PROTO_UDP
2148 ip_vs_protocol_udp.timeout_table[IP_VS_UDP_S_NORMAL] / HZ;
2153 #define GET_CMDID(cmd) (cmd - IP_VS_BASE_CTL)
2154 #define GET_INFO_ARG_LEN (sizeof(struct ip_vs_getinfo))
2155 #define GET_SERVICES_ARG_LEN (sizeof(struct ip_vs_get_services))
2156 #define GET_SERVICE_ARG_LEN (sizeof(struct ip_vs_service_entry))
2157 #define GET_DESTS_ARG_LEN (sizeof(struct ip_vs_get_dests))
2158 #define GET_TIMEOUT_ARG_LEN (sizeof(struct ip_vs_timeout_user))
2159 #define GET_DAEMON_ARG_LEN (sizeof(struct ip_vs_daemon_user) * 2)
2161 static const unsigned char get_arglen[GET_CMDID(IP_VS_SO_GET_MAX)+1] = {
2162 [GET_CMDID(IP_VS_SO_GET_VERSION)] = 64,
2163 [GET_CMDID(IP_VS_SO_GET_INFO)] = GET_INFO_ARG_LEN,
2164 [GET_CMDID(IP_VS_SO_GET_SERVICES)] = GET_SERVICES_ARG_LEN,
2165 [GET_CMDID(IP_VS_SO_GET_SERVICE)] = GET_SERVICE_ARG_LEN,
2166 [GET_CMDID(IP_VS_SO_GET_DESTS)] = GET_DESTS_ARG_LEN,
2167 [GET_CMDID(IP_VS_SO_GET_TIMEOUT)] = GET_TIMEOUT_ARG_LEN,
2168 [GET_CMDID(IP_VS_SO_GET_DAEMON)] = GET_DAEMON_ARG_LEN,
2172 do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2174 unsigned char arg[128];
2177 if (!capable(CAP_NET_ADMIN))
2180 if (*len < get_arglen[GET_CMDID(cmd)]) {
2181 IP_VS_ERR("get_ctl: len %u < %u\n",
2182 *len, get_arglen[GET_CMDID(cmd)]);
2186 if (copy_from_user(arg, user, get_arglen[GET_CMDID(cmd)]) != 0)
2189 if (mutex_lock_interruptible(&__ip_vs_mutex))
2190 return -ERESTARTSYS;
2193 case IP_VS_SO_GET_VERSION:
2197 sprintf(buf, "IP Virtual Server version %d.%d.%d (size=%d)",
2198 NVERSION(IP_VS_VERSION_CODE), IP_VS_CONN_TAB_SIZE);
2199 if (copy_to_user(user, buf, strlen(buf)+1) != 0) {
2203 *len = strlen(buf)+1;
2207 case IP_VS_SO_GET_INFO:
2209 struct ip_vs_getinfo info;
2210 info.version = IP_VS_VERSION_CODE;
2211 info.size = IP_VS_CONN_TAB_SIZE;
2212 info.num_services = ip_vs_num_services;
2213 if (copy_to_user(user, &info, sizeof(info)) != 0)
2218 case IP_VS_SO_GET_SERVICES:
2220 struct ip_vs_get_services *get;
2223 get = (struct ip_vs_get_services *)arg;
2224 size = sizeof(*get) +
2225 sizeof(struct ip_vs_service_entry) * get->num_services;
2227 IP_VS_ERR("length: %u != %u\n", *len, size);
2231 ret = __ip_vs_get_service_entries(get, user);
2235 case IP_VS_SO_GET_SERVICE:
2237 struct ip_vs_service_entry *entry;
2238 struct ip_vs_service *svc;
2240 entry = (struct ip_vs_service_entry *)arg;
2242 svc = __ip_vs_svc_fwm_get(entry->fwmark);
2244 svc = __ip_vs_service_get(entry->protocol,
2245 entry->addr, entry->port);
2247 ip_vs_copy_service(entry, svc);
2248 if (copy_to_user(user, entry, sizeof(*entry)) != 0)
2250 ip_vs_service_put(svc);
2256 case IP_VS_SO_GET_DESTS:
2258 struct ip_vs_get_dests *get;
2261 get = (struct ip_vs_get_dests *)arg;
2262 size = sizeof(*get) +
2263 sizeof(struct ip_vs_dest_entry) * get->num_dests;
2265 IP_VS_ERR("length: %u != %u\n", *len, size);
2269 ret = __ip_vs_get_dest_entries(get, user);
2273 case IP_VS_SO_GET_TIMEOUT:
2275 struct ip_vs_timeout_user t;
2277 __ip_vs_get_timeouts(&t);
2278 if (copy_to_user(user, &t, sizeof(t)) != 0)
2283 case IP_VS_SO_GET_DAEMON:
2285 struct ip_vs_daemon_user d[2];
2287 memset(&d, 0, sizeof(d));
2288 if (ip_vs_sync_state & IP_VS_STATE_MASTER) {
2289 d[0].state = IP_VS_STATE_MASTER;
2290 strlcpy(d[0].mcast_ifn, ip_vs_master_mcast_ifn, sizeof(d[0].mcast_ifn));
2291 d[0].syncid = ip_vs_master_syncid;
2293 if (ip_vs_sync_state & IP_VS_STATE_BACKUP) {
2294 d[1].state = IP_VS_STATE_BACKUP;
2295 strlcpy(d[1].mcast_ifn, ip_vs_backup_mcast_ifn, sizeof(d[1].mcast_ifn));
2296 d[1].syncid = ip_vs_backup_syncid;
2298 if (copy_to_user(user, &d, sizeof(d)) != 0)
2308 mutex_unlock(&__ip_vs_mutex);
2313 static struct nf_sockopt_ops ip_vs_sockopts = {
2315 .set_optmin = IP_VS_BASE_CTL,
2316 .set_optmax = IP_VS_SO_SET_MAX+1,
2317 .set = do_ip_vs_set_ctl,
2318 .get_optmin = IP_VS_BASE_CTL,
2319 .get_optmax = IP_VS_SO_GET_MAX+1,
2320 .get = do_ip_vs_get_ctl,
2321 .owner = THIS_MODULE,
2325 * Generic Netlink interface
2328 /* IPVS genetlink family */
2329 static struct genl_family ip_vs_genl_family = {
2330 .id = GENL_ID_GENERATE,
2332 .name = IPVS_GENL_NAME,
2333 .version = IPVS_GENL_VERSION,
2334 .maxattr = IPVS_CMD_MAX,
2337 /* Policy used for first-level command attributes */
2338 static const struct nla_policy ip_vs_cmd_policy[IPVS_CMD_ATTR_MAX + 1] = {
2339 [IPVS_CMD_ATTR_SERVICE] = { .type = NLA_NESTED },
2340 [IPVS_CMD_ATTR_DEST] = { .type = NLA_NESTED },
2341 [IPVS_CMD_ATTR_DAEMON] = { .type = NLA_NESTED },
2342 [IPVS_CMD_ATTR_TIMEOUT_TCP] = { .type = NLA_U32 },
2343 [IPVS_CMD_ATTR_TIMEOUT_TCP_FIN] = { .type = NLA_U32 },
2344 [IPVS_CMD_ATTR_TIMEOUT_UDP] = { .type = NLA_U32 },
2347 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DAEMON */
2348 static const struct nla_policy ip_vs_daemon_policy[IPVS_DAEMON_ATTR_MAX + 1] = {
2349 [IPVS_DAEMON_ATTR_STATE] = { .type = NLA_U32 },
2350 [IPVS_DAEMON_ATTR_MCAST_IFN] = { .type = NLA_NUL_STRING,
2351 .len = IP_VS_IFNAME_MAXLEN },
2352 [IPVS_DAEMON_ATTR_SYNC_ID] = { .type = NLA_U32 },
2355 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_SERVICE */
2356 static const struct nla_policy ip_vs_svc_policy[IPVS_SVC_ATTR_MAX + 1] = {
2357 [IPVS_SVC_ATTR_AF] = { .type = NLA_U16 },
2358 [IPVS_SVC_ATTR_PROTOCOL] = { .type = NLA_U16 },
2359 [IPVS_SVC_ATTR_ADDR] = { .type = NLA_BINARY,
2360 .len = sizeof(union nf_inet_addr) },
2361 [IPVS_SVC_ATTR_PORT] = { .type = NLA_U16 },
2362 [IPVS_SVC_ATTR_FWMARK] = { .type = NLA_U32 },
2363 [IPVS_SVC_ATTR_SCHED_NAME] = { .type = NLA_NUL_STRING,
2364 .len = IP_VS_SCHEDNAME_MAXLEN },
2365 [IPVS_SVC_ATTR_FLAGS] = { .type = NLA_BINARY,
2366 .len = sizeof(struct ip_vs_flags) },
2367 [IPVS_SVC_ATTR_TIMEOUT] = { .type = NLA_U32 },
2368 [IPVS_SVC_ATTR_NETMASK] = { .type = NLA_U32 },
2369 [IPVS_SVC_ATTR_STATS] = { .type = NLA_NESTED },
2372 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DEST */
2373 static const struct nla_policy ip_vs_dest_policy[IPVS_DEST_ATTR_MAX + 1] = {
2374 [IPVS_DEST_ATTR_ADDR] = { .type = NLA_BINARY,
2375 .len = sizeof(union nf_inet_addr) },
2376 [IPVS_DEST_ATTR_PORT] = { .type = NLA_U16 },
2377 [IPVS_DEST_ATTR_FWD_METHOD] = { .type = NLA_U32 },
2378 [IPVS_DEST_ATTR_WEIGHT] = { .type = NLA_U32 },
2379 [IPVS_DEST_ATTR_U_THRESH] = { .type = NLA_U32 },
2380 [IPVS_DEST_ATTR_L_THRESH] = { .type = NLA_U32 },
2381 [IPVS_DEST_ATTR_ACTIVE_CONNS] = { .type = NLA_U32 },
2382 [IPVS_DEST_ATTR_INACT_CONNS] = { .type = NLA_U32 },
2383 [IPVS_DEST_ATTR_PERSIST_CONNS] = { .type = NLA_U32 },
2384 [IPVS_DEST_ATTR_STATS] = { .type = NLA_NESTED },
2387 static int ip_vs_genl_fill_stats(struct sk_buff *skb, int container_type,
2388 struct ip_vs_stats *stats)
2390 struct nlattr *nl_stats = nla_nest_start(skb, container_type);
2394 spin_lock_bh(&stats->lock);
2396 NLA_PUT_U32(skb, IPVS_STATS_ATTR_CONNS, stats->conns);
2397 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INPKTS, stats->inpkts);
2398 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTPKTS, stats->outpkts);
2399 NLA_PUT_U64(skb, IPVS_STATS_ATTR_INBYTES, stats->inbytes);
2400 NLA_PUT_U64(skb, IPVS_STATS_ATTR_OUTBYTES, stats->outbytes);
2401 NLA_PUT_U32(skb, IPVS_STATS_ATTR_CPS, stats->cps);
2402 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INPPS, stats->inpps);
2403 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTPPS, stats->outpps);
2404 NLA_PUT_U32(skb, IPVS_STATS_ATTR_INBPS, stats->inbps);
2405 NLA_PUT_U32(skb, IPVS_STATS_ATTR_OUTBPS, stats->outbps);
2407 spin_unlock_bh(&stats->lock);
2409 nla_nest_end(skb, nl_stats);
2414 spin_unlock_bh(&stats->lock);
2415 nla_nest_cancel(skb, nl_stats);
2419 static int ip_vs_genl_fill_service(struct sk_buff *skb,
2420 struct ip_vs_service *svc)
2422 struct nlattr *nl_service;
2423 struct ip_vs_flags flags = { .flags = svc->flags,
2426 nl_service = nla_nest_start(skb, IPVS_CMD_ATTR_SERVICE);
2430 NLA_PUT_U16(skb, IPVS_SVC_ATTR_AF, AF_INET);
2433 NLA_PUT_U32(skb, IPVS_SVC_ATTR_FWMARK, svc->fwmark);
2435 NLA_PUT_U16(skb, IPVS_SVC_ATTR_PROTOCOL, svc->protocol);
2436 NLA_PUT(skb, IPVS_SVC_ATTR_ADDR, sizeof(svc->addr), &svc->addr);
2437 NLA_PUT_U16(skb, IPVS_SVC_ATTR_PORT, svc->port);
2440 NLA_PUT_STRING(skb, IPVS_SVC_ATTR_SCHED_NAME, svc->scheduler->name);
2441 NLA_PUT(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags);
2442 NLA_PUT_U32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ);
2443 NLA_PUT_U32(skb, IPVS_SVC_ATTR_NETMASK, svc->netmask);
2445 if (ip_vs_genl_fill_stats(skb, IPVS_SVC_ATTR_STATS, &svc->stats))
2446 goto nla_put_failure;
2448 nla_nest_end(skb, nl_service);
2453 nla_nest_cancel(skb, nl_service);
2457 static int ip_vs_genl_dump_service(struct sk_buff *skb,
2458 struct ip_vs_service *svc,
2459 struct netlink_callback *cb)
2463 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2464 &ip_vs_genl_family, NLM_F_MULTI,
2465 IPVS_CMD_NEW_SERVICE);
2469 if (ip_vs_genl_fill_service(skb, svc) < 0)
2470 goto nla_put_failure;
2472 return genlmsg_end(skb, hdr);
2475 genlmsg_cancel(skb, hdr);
2479 static int ip_vs_genl_dump_services(struct sk_buff *skb,
2480 struct netlink_callback *cb)
2483 int start = cb->args[0];
2484 struct ip_vs_service *svc;
2486 mutex_lock(&__ip_vs_mutex);
2487 for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
2488 list_for_each_entry(svc, &ip_vs_svc_table[i], s_list) {
2491 if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
2493 goto nla_put_failure;
2498 for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
2499 list_for_each_entry(svc, &ip_vs_svc_fwm_table[i], f_list) {
2502 if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
2504 goto nla_put_failure;
2510 mutex_unlock(&__ip_vs_mutex);
2516 static int ip_vs_genl_parse_service(struct ip_vs_service_user *usvc,
2517 struct nlattr *nla, int full_entry)
2519 struct nlattr *attrs[IPVS_SVC_ATTR_MAX + 1];
2520 struct nlattr *nla_af, *nla_port, *nla_fwmark, *nla_protocol, *nla_addr;
2522 /* Parse mandatory identifying service fields first */
2524 nla_parse_nested(attrs, IPVS_SVC_ATTR_MAX, nla, ip_vs_svc_policy))
2527 nla_af = attrs[IPVS_SVC_ATTR_AF];
2528 nla_protocol = attrs[IPVS_SVC_ATTR_PROTOCOL];
2529 nla_addr = attrs[IPVS_SVC_ATTR_ADDR];
2530 nla_port = attrs[IPVS_SVC_ATTR_PORT];
2531 nla_fwmark = attrs[IPVS_SVC_ATTR_FWMARK];
2533 if (!(nla_af && (nla_fwmark || (nla_port && nla_protocol && nla_addr))))
2536 /* For now, only support IPv4 */
2537 if (nla_get_u16(nla_af) != AF_INET)
2538 return -EAFNOSUPPORT;
2541 usvc->protocol = IPPROTO_TCP;
2542 usvc->fwmark = nla_get_u32(nla_fwmark);
2544 usvc->protocol = nla_get_u16(nla_protocol);
2545 nla_memcpy(&usvc->addr, nla_addr, sizeof(usvc->addr));
2546 usvc->port = nla_get_u16(nla_port);
2550 /* If a full entry was requested, check for the additional fields */
2552 struct nlattr *nla_sched, *nla_flags, *nla_timeout,
2554 struct ip_vs_flags flags;
2555 struct ip_vs_service *svc;
2557 nla_sched = attrs[IPVS_SVC_ATTR_SCHED_NAME];
2558 nla_flags = attrs[IPVS_SVC_ATTR_FLAGS];
2559 nla_timeout = attrs[IPVS_SVC_ATTR_TIMEOUT];
2560 nla_netmask = attrs[IPVS_SVC_ATTR_NETMASK];
2562 if (!(nla_sched && nla_flags && nla_timeout && nla_netmask))
2565 nla_memcpy(&flags, nla_flags, sizeof(flags));
2567 /* prefill flags from service if it already exists */
2569 svc = __ip_vs_svc_fwm_get(usvc->fwmark);
2571 svc = __ip_vs_service_get(usvc->protocol, usvc->addr,
2574 usvc->flags = svc->flags;
2575 ip_vs_service_put(svc);
2579 /* set new flags from userland */
2580 usvc->flags = (usvc->flags & ~flags.mask) |
2581 (flags.flags & flags.mask);
2583 strlcpy(usvc->sched_name, nla_data(nla_sched),
2584 sizeof(usvc->sched_name));
2585 usvc->timeout = nla_get_u32(nla_timeout);
2586 usvc->netmask = nla_get_u32(nla_netmask);
2592 static struct ip_vs_service *ip_vs_genl_find_service(struct nlattr *nla)
2594 struct ip_vs_service_user usvc;
2597 ret = ip_vs_genl_parse_service(&usvc, nla, 0);
2599 return ERR_PTR(ret);
2602 return __ip_vs_svc_fwm_get(usvc.fwmark);
2604 return __ip_vs_service_get(usvc.protocol, usvc.addr,
2608 static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
2610 struct nlattr *nl_dest;
2612 nl_dest = nla_nest_start(skb, IPVS_CMD_ATTR_DEST);
2616 NLA_PUT(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr);
2617 NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port);
2619 NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD,
2620 atomic_read(&dest->conn_flags) & IP_VS_CONN_F_FWD_MASK);
2621 NLA_PUT_U32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight));
2622 NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold);
2623 NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold);
2624 NLA_PUT_U32(skb, IPVS_DEST_ATTR_ACTIVE_CONNS,
2625 atomic_read(&dest->activeconns));
2626 NLA_PUT_U32(skb, IPVS_DEST_ATTR_INACT_CONNS,
2627 atomic_read(&dest->inactconns));
2628 NLA_PUT_U32(skb, IPVS_DEST_ATTR_PERSIST_CONNS,
2629 atomic_read(&dest->persistconns));
2631 if (ip_vs_genl_fill_stats(skb, IPVS_DEST_ATTR_STATS, &dest->stats))
2632 goto nla_put_failure;
2634 nla_nest_end(skb, nl_dest);
2639 nla_nest_cancel(skb, nl_dest);
2643 static int ip_vs_genl_dump_dest(struct sk_buff *skb, struct ip_vs_dest *dest,
2644 struct netlink_callback *cb)
2648 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2649 &ip_vs_genl_family, NLM_F_MULTI,
2654 if (ip_vs_genl_fill_dest(skb, dest) < 0)
2655 goto nla_put_failure;
2657 return genlmsg_end(skb, hdr);
2660 genlmsg_cancel(skb, hdr);
2664 static int ip_vs_genl_dump_dests(struct sk_buff *skb,
2665 struct netlink_callback *cb)
2668 int start = cb->args[0];
2669 struct ip_vs_service *svc;
2670 struct ip_vs_dest *dest;
2671 struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1];
2673 mutex_lock(&__ip_vs_mutex);
2675 /* Try to find the service for which to dump destinations */
2676 if (nlmsg_parse(cb->nlh, GENL_HDRLEN, attrs,
2677 IPVS_CMD_ATTR_MAX, ip_vs_cmd_policy))
2680 svc = ip_vs_genl_find_service(attrs[IPVS_CMD_ATTR_SERVICE]);
2681 if (IS_ERR(svc) || svc == NULL)
2684 /* Dump the destinations */
2685 list_for_each_entry(dest, &svc->destinations, n_list) {
2688 if (ip_vs_genl_dump_dest(skb, dest, cb) < 0) {
2690 goto nla_put_failure;
2696 ip_vs_service_put(svc);
2699 mutex_unlock(&__ip_vs_mutex);
2704 static int ip_vs_genl_parse_dest(struct ip_vs_dest_user *udest,
2705 struct nlattr *nla, int full_entry)
2707 struct nlattr *attrs[IPVS_DEST_ATTR_MAX + 1];
2708 struct nlattr *nla_addr, *nla_port;
2710 /* Parse mandatory identifying destination fields first */
2712 nla_parse_nested(attrs, IPVS_DEST_ATTR_MAX, nla, ip_vs_dest_policy))
2715 nla_addr = attrs[IPVS_DEST_ATTR_ADDR];
2716 nla_port = attrs[IPVS_DEST_ATTR_PORT];
2718 if (!(nla_addr && nla_port))
2721 nla_memcpy(&udest->addr, nla_addr, sizeof(udest->addr));
2722 udest->port = nla_get_u16(nla_port);
2724 /* If a full entry was requested, check for the additional fields */
2726 struct nlattr *nla_fwd, *nla_weight, *nla_u_thresh,
2729 nla_fwd = attrs[IPVS_DEST_ATTR_FWD_METHOD];
2730 nla_weight = attrs[IPVS_DEST_ATTR_WEIGHT];
2731 nla_u_thresh = attrs[IPVS_DEST_ATTR_U_THRESH];
2732 nla_l_thresh = attrs[IPVS_DEST_ATTR_L_THRESH];
2734 if (!(nla_fwd && nla_weight && nla_u_thresh && nla_l_thresh))
2737 udest->conn_flags = nla_get_u32(nla_fwd)
2738 & IP_VS_CONN_F_FWD_MASK;
2739 udest->weight = nla_get_u32(nla_weight);
2740 udest->u_threshold = nla_get_u32(nla_u_thresh);
2741 udest->l_threshold = nla_get_u32(nla_l_thresh);
2747 static int ip_vs_genl_fill_daemon(struct sk_buff *skb, __be32 state,
2748 const char *mcast_ifn, __be32 syncid)
2750 struct nlattr *nl_daemon;
2752 nl_daemon = nla_nest_start(skb, IPVS_CMD_ATTR_DAEMON);
2756 NLA_PUT_U32(skb, IPVS_DAEMON_ATTR_STATE, state);
2757 NLA_PUT_STRING(skb, IPVS_DAEMON_ATTR_MCAST_IFN, mcast_ifn);
2758 NLA_PUT_U32(skb, IPVS_DAEMON_ATTR_SYNC_ID, syncid);
2760 nla_nest_end(skb, nl_daemon);
2765 nla_nest_cancel(skb, nl_daemon);
2769 static int ip_vs_genl_dump_daemon(struct sk_buff *skb, __be32 state,
2770 const char *mcast_ifn, __be32 syncid,
2771 struct netlink_callback *cb)
2774 hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
2775 &ip_vs_genl_family, NLM_F_MULTI,
2776 IPVS_CMD_NEW_DAEMON);
2780 if (ip_vs_genl_fill_daemon(skb, state, mcast_ifn, syncid))
2781 goto nla_put_failure;
2783 return genlmsg_end(skb, hdr);
2786 genlmsg_cancel(skb, hdr);
2790 static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
2791 struct netlink_callback *cb)
2793 mutex_lock(&__ip_vs_mutex);
2794 if ((ip_vs_sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
2795 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
2796 ip_vs_master_mcast_ifn,
2797 ip_vs_master_syncid, cb) < 0)
2798 goto nla_put_failure;
2803 if ((ip_vs_sync_state & IP_VS_STATE_BACKUP) && !cb->args[1]) {
2804 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_BACKUP,
2805 ip_vs_backup_mcast_ifn,
2806 ip_vs_backup_syncid, cb) < 0)
2807 goto nla_put_failure;
2813 mutex_unlock(&__ip_vs_mutex);
2818 static int ip_vs_genl_new_daemon(struct nlattr **attrs)
2820 if (!(attrs[IPVS_DAEMON_ATTR_STATE] &&
2821 attrs[IPVS_DAEMON_ATTR_MCAST_IFN] &&
2822 attrs[IPVS_DAEMON_ATTR_SYNC_ID]))
2825 return start_sync_thread(nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]),
2826 nla_data(attrs[IPVS_DAEMON_ATTR_MCAST_IFN]),
2827 nla_get_u32(attrs[IPVS_DAEMON_ATTR_SYNC_ID]));
2830 static int ip_vs_genl_del_daemon(struct nlattr **attrs)
2832 if (!attrs[IPVS_DAEMON_ATTR_STATE])
2835 return stop_sync_thread(nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
2838 static int ip_vs_genl_set_config(struct nlattr **attrs)
2840 struct ip_vs_timeout_user t;
2842 __ip_vs_get_timeouts(&t);
2844 if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP])
2845 t.tcp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP]);
2847 if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN])
2849 nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN]);
2851 if (attrs[IPVS_CMD_ATTR_TIMEOUT_UDP])
2852 t.udp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_UDP]);
2854 return ip_vs_set_timeout(&t);
2857 static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
2859 struct ip_vs_service *svc = NULL;
2860 struct ip_vs_service_user usvc;
2861 struct ip_vs_dest_user udest;
2863 int need_full_svc = 0, need_full_dest = 0;
2865 cmd = info->genlhdr->cmd;
2867 mutex_lock(&__ip_vs_mutex);
2869 if (cmd == IPVS_CMD_FLUSH) {
2870 ret = ip_vs_flush();
2872 } else if (cmd == IPVS_CMD_SET_CONFIG) {
2873 ret = ip_vs_genl_set_config(info->attrs);
2875 } else if (cmd == IPVS_CMD_NEW_DAEMON ||
2876 cmd == IPVS_CMD_DEL_DAEMON) {
2878 struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
2880 if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
2881 nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
2882 info->attrs[IPVS_CMD_ATTR_DAEMON],
2883 ip_vs_daemon_policy)) {
2888 if (cmd == IPVS_CMD_NEW_DAEMON)
2889 ret = ip_vs_genl_new_daemon(daemon_attrs);
2891 ret = ip_vs_genl_del_daemon(daemon_attrs);
2893 } else if (cmd == IPVS_CMD_ZERO &&
2894 !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
2895 ret = ip_vs_zero_all();
2899 /* All following commands require a service argument, so check if we
2900 * received a valid one. We need a full service specification when
2901 * adding / editing a service. Only identifying members otherwise. */
2902 if (cmd == IPVS_CMD_NEW_SERVICE || cmd == IPVS_CMD_SET_SERVICE)
2905 ret = ip_vs_genl_parse_service(&usvc,
2906 info->attrs[IPVS_CMD_ATTR_SERVICE],
2911 /* Lookup the exact service by <protocol, addr, port> or fwmark */
2912 if (usvc.fwmark == 0)
2913 svc = __ip_vs_service_get(usvc.protocol, usvc.addr, usvc.port);
2915 svc = __ip_vs_svc_fwm_get(usvc.fwmark);
2917 /* Unless we're adding a new service, the service must already exist */
2918 if ((cmd != IPVS_CMD_NEW_SERVICE) && (svc == NULL)) {
2923 /* Destination commands require a valid destination argument. For
2924 * adding / editing a destination, we need a full destination
2926 if (cmd == IPVS_CMD_NEW_DEST || cmd == IPVS_CMD_SET_DEST ||
2927 cmd == IPVS_CMD_DEL_DEST) {
2928 if (cmd != IPVS_CMD_DEL_DEST)
2931 ret = ip_vs_genl_parse_dest(&udest,
2932 info->attrs[IPVS_CMD_ATTR_DEST],
2939 case IPVS_CMD_NEW_SERVICE:
2941 ret = ip_vs_add_service(&usvc, &svc);
2945 case IPVS_CMD_SET_SERVICE:
2946 ret = ip_vs_edit_service(svc, &usvc);
2948 case IPVS_CMD_DEL_SERVICE:
2949 ret = ip_vs_del_service(svc);
2951 case IPVS_CMD_NEW_DEST:
2952 ret = ip_vs_add_dest(svc, &udest);
2954 case IPVS_CMD_SET_DEST:
2955 ret = ip_vs_edit_dest(svc, &udest);
2957 case IPVS_CMD_DEL_DEST:
2958 ret = ip_vs_del_dest(svc, &udest);
2961 ret = ip_vs_zero_service(svc);
2969 ip_vs_service_put(svc);
2970 mutex_unlock(&__ip_vs_mutex);
2975 static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct genl_info *info)
2977 struct sk_buff *msg;
2979 int ret, cmd, reply_cmd;
2981 cmd = info->genlhdr->cmd;
2983 if (cmd == IPVS_CMD_GET_SERVICE)
2984 reply_cmd = IPVS_CMD_NEW_SERVICE;
2985 else if (cmd == IPVS_CMD_GET_INFO)
2986 reply_cmd = IPVS_CMD_SET_INFO;
2987 else if (cmd == IPVS_CMD_GET_CONFIG)
2988 reply_cmd = IPVS_CMD_SET_CONFIG;
2990 IP_VS_ERR("unknown Generic Netlink command\n");
2994 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2998 mutex_lock(&__ip_vs_mutex);
3000 reply = genlmsg_put_reply(msg, info, &ip_vs_genl_family, 0, reply_cmd);
3002 goto nla_put_failure;
3005 case IPVS_CMD_GET_SERVICE:
3007 struct ip_vs_service *svc;
3009 svc = ip_vs_genl_find_service(info->attrs[IPVS_CMD_ATTR_SERVICE]);
3014 ret = ip_vs_genl_fill_service(msg, svc);
3015 ip_vs_service_put(svc);
3017 goto nla_put_failure;
3026 case IPVS_CMD_GET_CONFIG:
3028 struct ip_vs_timeout_user t;
3030 __ip_vs_get_timeouts(&t);
3031 #ifdef CONFIG_IP_VS_PROTO_TCP
3032 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP, t.tcp_timeout);
3033 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP_FIN,
3036 #ifdef CONFIG_IP_VS_PROTO_UDP
3037 NLA_PUT_U32(msg, IPVS_CMD_ATTR_TIMEOUT_UDP, t.udp_timeout);
3043 case IPVS_CMD_GET_INFO:
3044 NLA_PUT_U32(msg, IPVS_INFO_ATTR_VERSION, IP_VS_VERSION_CODE);
3045 NLA_PUT_U32(msg, IPVS_INFO_ATTR_CONN_TAB_SIZE,
3046 IP_VS_CONN_TAB_SIZE);
3050 genlmsg_end(msg, reply);
3051 ret = genlmsg_unicast(msg, info->snd_pid);
3055 IP_VS_ERR("not enough space in Netlink message\n");
3061 mutex_unlock(&__ip_vs_mutex);
3067 static struct genl_ops ip_vs_genl_ops[] __read_mostly = {
3069 .cmd = IPVS_CMD_NEW_SERVICE,
3070 .flags = GENL_ADMIN_PERM,
3071 .policy = ip_vs_cmd_policy,
3072 .doit = ip_vs_genl_set_cmd,
3075 .cmd = IPVS_CMD_SET_SERVICE,
3076 .flags = GENL_ADMIN_PERM,
3077 .policy = ip_vs_cmd_policy,
3078 .doit = ip_vs_genl_set_cmd,
3081 .cmd = IPVS_CMD_DEL_SERVICE,
3082 .flags = GENL_ADMIN_PERM,
3083 .policy = ip_vs_cmd_policy,
3084 .doit = ip_vs_genl_set_cmd,
3087 .cmd = IPVS_CMD_GET_SERVICE,
3088 .flags = GENL_ADMIN_PERM,
3089 .doit = ip_vs_genl_get_cmd,
3090 .dumpit = ip_vs_genl_dump_services,
3091 .policy = ip_vs_cmd_policy,
3094 .cmd = IPVS_CMD_NEW_DEST,
3095 .flags = GENL_ADMIN_PERM,
3096 .policy = ip_vs_cmd_policy,
3097 .doit = ip_vs_genl_set_cmd,
3100 .cmd = IPVS_CMD_SET_DEST,
3101 .flags = GENL_ADMIN_PERM,
3102 .policy = ip_vs_cmd_policy,
3103 .doit = ip_vs_genl_set_cmd,
3106 .cmd = IPVS_CMD_DEL_DEST,
3107 .flags = GENL_ADMIN_PERM,
3108 .policy = ip_vs_cmd_policy,
3109 .doit = ip_vs_genl_set_cmd,
3112 .cmd = IPVS_CMD_GET_DEST,
3113 .flags = GENL_ADMIN_PERM,
3114 .policy = ip_vs_cmd_policy,
3115 .dumpit = ip_vs_genl_dump_dests,
3118 .cmd = IPVS_CMD_NEW_DAEMON,
3119 .flags = GENL_ADMIN_PERM,
3120 .policy = ip_vs_cmd_policy,
3121 .doit = ip_vs_genl_set_cmd,
3124 .cmd = IPVS_CMD_DEL_DAEMON,
3125 .flags = GENL_ADMIN_PERM,
3126 .policy = ip_vs_cmd_policy,
3127 .doit = ip_vs_genl_set_cmd,
3130 .cmd = IPVS_CMD_GET_DAEMON,
3131 .flags = GENL_ADMIN_PERM,
3132 .dumpit = ip_vs_genl_dump_daemons,
3135 .cmd = IPVS_CMD_SET_CONFIG,
3136 .flags = GENL_ADMIN_PERM,
3137 .policy = ip_vs_cmd_policy,
3138 .doit = ip_vs_genl_set_cmd,
3141 .cmd = IPVS_CMD_GET_CONFIG,
3142 .flags = GENL_ADMIN_PERM,
3143 .doit = ip_vs_genl_get_cmd,
3146 .cmd = IPVS_CMD_GET_INFO,
3147 .flags = GENL_ADMIN_PERM,
3148 .doit = ip_vs_genl_get_cmd,
3151 .cmd = IPVS_CMD_ZERO,
3152 .flags = GENL_ADMIN_PERM,
3153 .policy = ip_vs_cmd_policy,
3154 .doit = ip_vs_genl_set_cmd,
3157 .cmd = IPVS_CMD_FLUSH,
3158 .flags = GENL_ADMIN_PERM,
3159 .doit = ip_vs_genl_set_cmd,
3163 static int __init ip_vs_genl_register(void)
3167 ret = genl_register_family(&ip_vs_genl_family);
3171 for (i = 0; i < ARRAY_SIZE(ip_vs_genl_ops); i++) {
3172 ret = genl_register_ops(&ip_vs_genl_family, &ip_vs_genl_ops[i]);
3179 genl_unregister_family(&ip_vs_genl_family);
3183 static void ip_vs_genl_unregister(void)
3185 genl_unregister_family(&ip_vs_genl_family);
3188 /* End of Generic Netlink interface definitions */
3191 int __init ip_vs_control_init(void)
3198 ret = nf_register_sockopt(&ip_vs_sockopts);
3200 IP_VS_ERR("cannot register sockopt.\n");
3204 ret = ip_vs_genl_register();
3206 IP_VS_ERR("cannot register Generic Netlink interface.\n");
3207 nf_unregister_sockopt(&ip_vs_sockopts);
3211 proc_net_fops_create(&init_net, "ip_vs", 0, &ip_vs_info_fops);
3212 proc_net_fops_create(&init_net, "ip_vs_stats",0, &ip_vs_stats_fops);
3214 sysctl_header = register_sysctl_paths(net_vs_ctl_path, vs_vars);
3216 /* Initialize ip_vs_svc_table, ip_vs_svc_fwm_table, ip_vs_rtable */
3217 for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
3218 INIT_LIST_HEAD(&ip_vs_svc_table[idx]);
3219 INIT_LIST_HEAD(&ip_vs_svc_fwm_table[idx]);
3221 for(idx = 0; idx < IP_VS_RTAB_SIZE; idx++) {
3222 INIT_LIST_HEAD(&ip_vs_rtable[idx]);
3225 ip_vs_new_estimator(&ip_vs_stats);
3227 /* Hook the defense timer */
3228 schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
3235 void ip_vs_control_cleanup(void)
3238 ip_vs_trash_cleanup();
3239 cancel_rearming_delayed_work(&defense_work);
3240 cancel_work_sync(&defense_work.work);
3241 ip_vs_kill_estimator(&ip_vs_stats);
3242 unregister_sysctl_table(sysctl_header);
3243 proc_net_remove(&init_net, "ip_vs_stats");
3244 proc_net_remove(&init_net, "ip_vs");
3245 ip_vs_genl_unregister();
3246 nf_unregister_sockopt(&ip_vs_sockopts);
git://bbs.cooldavid.org / net-next-2.6.git / blob