71
89
struct ip_vs_seq out_seq; /* outgoing seq. struct */
93
Sync Connection format (sync_conn)
96
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
97
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
98
| Type | Protocol | Ver. | Size |
99
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
101
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
103
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
105
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
107
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
108
| timeout (in sec.) |
109
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
111
| IP-Addresses (v4 or v6) |
113
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
115
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
116
| Param. Type | Param. Length | Param. data |
117
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
119
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
120
| | Param Type | Param. Length |
121
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
123
| Last Param data should be padded for 32 bit alignment |
124
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
128
* Type 0, IPv4 sync connection format
130
struct ip_vs_sync_v4 {
132
__u8 protocol; /* Which protocol (TCP/UDP) */
133
__be16 ver_size; /* Version msb 4 bits */
134
/* Flags and state transition */
135
__be32 flags; /* status flags */
136
__be16 state; /* state info */
137
/* Protocol, addresses and port numbers */
141
__be32 fwmark; /* Firewall mark from skb */
142
__be32 timeout; /* cp timeout */
143
__be32 caddr; /* client address */
144
__be32 vaddr; /* virtual address */
145
__be32 daddr; /* destination address */
146
/* The sequence options start here */
147
/* PE data padded to 32bit alignment after seq. options */
150
* Type 2 messages IPv6
152
struct ip_vs_sync_v6 {
154
__u8 protocol; /* Which protocol (TCP/UDP) */
155
__be16 ver_size; /* Version msb 4 bits */
156
/* Flags and state transition */
157
__be32 flags; /* status flags */
158
__be16 state; /* state info */
159
/* Protocol, addresses and port numbers */
163
__be32 fwmark; /* Firewall mark from skb */
164
__be32 timeout; /* cp timeout */
165
struct in6_addr caddr; /* client address */
166
struct in6_addr vaddr; /* virtual address */
167
struct in6_addr daddr; /* destination address */
168
/* The sequence options start here */
169
/* PE data padded to 32bit alignment after seq. options */
172
union ip_vs_sync_conn {
173
struct ip_vs_sync_v4 v4;
174
struct ip_vs_sync_v6 v6;
177
/* Bits in Type field in above */
178
#define STYPE_INET6 0
179
#define STYPE_F_INET6 (1 << STYPE_INET6)
181
#define SVER_SHIFT 12 /* Shift to get version */
182
#define SVER_MASK 0x0fff /* Mask to strip version */
184
#define IPVS_OPT_SEQ_DATA 1
185
#define IPVS_OPT_PE_DATA 2
186
#define IPVS_OPT_PE_NAME 3
187
#define IPVS_OPT_PARAM 7
189
#define IPVS_OPT_F_SEQ_DATA (1 << (IPVS_OPT_SEQ_DATA-1))
190
#define IPVS_OPT_F_PE_DATA (1 << (IPVS_OPT_PE_DATA-1))
191
#define IPVS_OPT_F_PE_NAME (1 << (IPVS_OPT_PE_NAME-1))
192
#define IPVS_OPT_F_PARAM (1 << (IPVS_OPT_PARAM-1))
74
194
struct ip_vs_sync_thread_data {
75
196
struct socket *sock;
79
#define SIMPLE_CONN_SIZE (sizeof(struct ip_vs_sync_conn))
200
/* Version 0 definition of packet sizes */
201
#define SIMPLE_CONN_SIZE (sizeof(struct ip_vs_sync_conn_v0))
80
202
#define FULL_CONN_SIZE \
81
(sizeof(struct ip_vs_sync_conn) + sizeof(struct ip_vs_sync_conn_options))
203
(sizeof(struct ip_vs_sync_conn_v0) + sizeof(struct ip_vs_sync_conn_options))
85
The master mulitcasts messages to the backup load balancers in the
207
The master mulitcasts messages (Datagrams) to the backup load balancers
208
in the following format.
211
Note, first byte should be Zero, so ver 0 receivers will drop the packet.
214
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
215
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
216
| 0 | SyncID | Size |
217
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
218
| Count Conns | Version | Reserved, set to Zero |
219
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
221
| IPVS Sync Connection (1) |
222
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
226
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
228
| IPVS Sync Connection (n) |
229
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
89
233
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
90
234
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
91
235
| Count Conns | SyncID | Size |
92
236
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
94
237
| IPVS Sync Connection (1) |
95
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
99
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
101
| IPVS Sync Connection (n) |
102
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
105
240
#define SYNC_MESG_HEADER_LEN 4
106
241
#define MAX_CONNS_PER_SYNCBUFF 255 /* nr_conns in ip_vs_sync_mesg is 8 bit */
108
struct ip_vs_sync_mesg {
243
/* Version 0 header */
244
struct ip_vs_sync_mesg_v0 {
156
277
.sin_addr.s_addr = cpu_to_be32(IP_VS_SYNC_GROUP),
160
static inline struct ip_vs_sync_buff *sb_dequeue(void)
281
* Copy of struct ip_vs_seq
282
* From unaligned network order to aligned host order
284
static void ntoh_seq(struct ip_vs_seq *no, struct ip_vs_seq *ho)
286
ho->init_seq = get_unaligned_be32(&no->init_seq);
287
ho->delta = get_unaligned_be32(&no->delta);
288
ho->previous_delta = get_unaligned_be32(&no->previous_delta);
292
* Copy of struct ip_vs_seq
293
* From Aligned host order to unaligned network order
295
static void hton_seq(struct ip_vs_seq *ho, struct ip_vs_seq *no)
297
put_unaligned_be32(ho->init_seq, &no->init_seq);
298
put_unaligned_be32(ho->delta, &no->delta);
299
put_unaligned_be32(ho->previous_delta, &no->previous_delta);
302
static inline struct ip_vs_sync_buff *sb_dequeue(struct netns_ipvs *ipvs)
162
304
struct ip_vs_sync_buff *sb;
164
spin_lock_bh(&ip_vs_sync_lock);
165
if (list_empty(&ip_vs_sync_queue)) {
306
spin_lock_bh(&ipvs->sync_lock);
307
if (list_empty(&ipvs->sync_queue)) {
168
sb = list_entry(ip_vs_sync_queue.next,
310
sb = list_entry(ipvs->sync_queue.next,
169
311
struct ip_vs_sync_buff,
171
313
list_del(&sb->list);
173
spin_unlock_bh(&ip_vs_sync_lock);
315
spin_unlock_bh(&ipvs->sync_lock);
178
static inline struct ip_vs_sync_buff * ip_vs_sync_buff_create(void)
321
* Create a new sync buffer for Version 1 proto.
323
static inline struct ip_vs_sync_buff *
324
ip_vs_sync_buff_create(struct netns_ipvs *ipvs)
180
326
struct ip_vs_sync_buff *sb;
182
328
if (!(sb=kmalloc(sizeof(struct ip_vs_sync_buff), GFP_ATOMIC)))
185
if (!(sb->mesg=kmalloc(sync_send_mesg_maxlen, GFP_ATOMIC))) {
331
sb->mesg = kmalloc(ipvs->send_mesg_maxlen, GFP_ATOMIC);
336
sb->mesg->reserved = 0; /* old nr_conns i.e. must be zeo now */
337
sb->mesg->version = SYNC_PROTO_VER;
338
sb->mesg->syncid = ipvs->master_syncid;
339
sb->mesg->size = sizeof(struct ip_vs_sync_mesg);
189
340
sb->mesg->nr_conns = 0;
190
sb->mesg->syncid = ip_vs_master_syncid;
192
sb->head = (unsigned char *)sb->mesg + 4;
193
sb->end = (unsigned char *)sb->mesg + sync_send_mesg_maxlen;
342
sb->head = (unsigned char *)sb->mesg + sizeof(struct ip_vs_sync_mesg);
343
sb->end = (unsigned char *)sb->mesg + ipvs->send_mesg_maxlen;
194
345
sb->firstuse = jiffies;
216
369
* than the specified time or the specified time is zero.
218
371
static inline struct ip_vs_sync_buff *
219
get_curr_sync_buff(unsigned long time)
372
get_curr_sync_buff(struct netns_ipvs *ipvs, unsigned long time)
221
374
struct ip_vs_sync_buff *sb;
223
spin_lock_bh(&curr_sb_lock);
224
if (curr_sb && (time == 0 ||
225
time_before(jiffies - curr_sb->firstuse, time))) {
376
spin_lock_bh(&ipvs->sync_buff_lock);
377
if (ipvs->sync_buff &&
378
time_after_eq(jiffies - ipvs->sync_buff->firstuse, time)) {
379
sb = ipvs->sync_buff;
380
ipvs->sync_buff = NULL;
230
spin_unlock_bh(&curr_sb_lock);
383
spin_unlock_bh(&ipvs->sync_buff_lock);
388
* Switch mode from sending version 0 or 1
389
* - must handle sync_buf
391
void ip_vs_sync_switch_mode(struct net *net, int mode)
393
struct netns_ipvs *ipvs = net_ipvs(net);
395
if (!(ipvs->sync_state & IP_VS_STATE_MASTER))
397
if (mode == sysctl_sync_ver(ipvs) || !ipvs->sync_buff)
400
spin_lock_bh(&ipvs->sync_buff_lock);
401
/* Buffer empty ? then let buf_create do the job */
402
if (ipvs->sync_buff->mesg->size <= sizeof(struct ip_vs_sync_mesg)) {
403
kfree(ipvs->sync_buff);
404
ipvs->sync_buff = NULL;
406
spin_lock_bh(&ipvs->sync_lock);
407
if (ipvs->sync_state & IP_VS_STATE_MASTER)
408
list_add_tail(&ipvs->sync_buff->list,
411
ip_vs_sync_buff_release(ipvs->sync_buff);
412
spin_unlock_bh(&ipvs->sync_lock);
414
spin_unlock_bh(&ipvs->sync_buff_lock);
418
* Create a new sync buffer for Version 0 proto.
420
static inline struct ip_vs_sync_buff *
421
ip_vs_sync_buff_create_v0(struct netns_ipvs *ipvs)
423
struct ip_vs_sync_buff *sb;
424
struct ip_vs_sync_mesg_v0 *mesg;
426
if (!(sb=kmalloc(sizeof(struct ip_vs_sync_buff), GFP_ATOMIC)))
429
sb->mesg = kmalloc(ipvs->send_mesg_maxlen, GFP_ATOMIC);
434
mesg = (struct ip_vs_sync_mesg_v0 *)sb->mesg;
436
mesg->syncid = ipvs->master_syncid;
437
mesg->size = sizeof(struct ip_vs_sync_mesg_v0);
438
sb->head = (unsigned char *)mesg + sizeof(struct ip_vs_sync_mesg_v0);
439
sb->end = (unsigned char *)mesg + ipvs->send_mesg_maxlen;
440
sb->firstuse = jiffies;
445
* Version 0 , could be switched in by sys_ctl.
236
446
* Add an ip_vs_conn information into the current sync_buff.
237
* Called by ip_vs_in.
239
void ip_vs_sync_conn(struct ip_vs_conn *cp)
448
void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp)
241
struct ip_vs_sync_mesg *m;
242
struct ip_vs_sync_conn *s;
450
struct netns_ipvs *ipvs = net_ipvs(net);
451
struct ip_vs_sync_mesg_v0 *m;
452
struct ip_vs_sync_conn_v0 *s;
245
spin_lock(&curr_sb_lock);
247
if (!(curr_sb=ip_vs_sync_buff_create())) {
248
spin_unlock(&curr_sb_lock);
455
if (unlikely(cp->af != AF_INET))
457
/* Do not sync ONE PACKET */
458
if (cp->flags & IP_VS_CONN_F_ONE_PACKET)
461
spin_lock(&ipvs->sync_buff_lock);
462
if (!ipvs->sync_buff) {
464
ip_vs_sync_buff_create_v0(ipvs);
465
if (!ipvs->sync_buff) {
466
spin_unlock(&ipvs->sync_buff_lock);
249
467
pr_err("ip_vs_sync_buff_create failed.\n");
277
curr_sb->head += len;
496
ipvs->sync_buff->head += len;
279
498
/* check if there is a space for next one */
280
if (curr_sb->head+FULL_CONN_SIZE > curr_sb->end) {
281
sb_queue_tail(curr_sb);
499
if (ipvs->sync_buff->head + FULL_CONN_SIZE > ipvs->sync_buff->end) {
501
ipvs->sync_buff = NULL;
284
spin_unlock(&curr_sb_lock);
503
spin_unlock(&ipvs->sync_buff_lock);
286
505
/* synchronize its controller if it has */
288
ip_vs_sync_conn(cp->control);
507
ip_vs_sync_conn(net, cp->control);
511
* Add an ip_vs_conn information into the current sync_buff.
512
* Called by ip_vs_in.
513
* Sending Version 1 messages
515
void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp)
517
struct netns_ipvs *ipvs = net_ipvs(net);
518
struct ip_vs_sync_mesg *m;
519
union ip_vs_sync_conn *s;
521
unsigned int len, pe_name_len, pad;
523
/* Handle old version of the protocol */
524
if (sysctl_sync_ver(ipvs) == 0) {
525
ip_vs_sync_conn_v0(net, cp);
528
/* Do not sync ONE PACKET */
529
if (cp->flags & IP_VS_CONN_F_ONE_PACKET)
534
if (cp->pe_data_len) {
535
if (!cp->pe_data || !cp->dest) {
536
IP_VS_ERR_RL("SYNC, connection pe_data invalid\n");
539
pe_name_len = strnlen(cp->pe->name, IP_VS_PENAME_MAXLEN);
542
spin_lock(&ipvs->sync_buff_lock);
544
#ifdef CONFIG_IP_VS_IPV6
545
if (cp->af == AF_INET6)
546
len = sizeof(struct ip_vs_sync_v6);
549
len = sizeof(struct ip_vs_sync_v4);
551
if (cp->flags & IP_VS_CONN_F_SEQ_MASK)
552
len += sizeof(struct ip_vs_sync_conn_options) + 2;
555
len += cp->pe_data_len + 2; /* + Param hdr field */
557
len += pe_name_len + 2;
559
/* check if there is a space for this one */
561
if (ipvs->sync_buff) {
562
pad = (4 - (size_t)ipvs->sync_buff->head) & 3;
563
if (ipvs->sync_buff->head + len + pad > ipvs->sync_buff->end) {
565
ipvs->sync_buff = NULL;
570
if (!ipvs->sync_buff) {
571
ipvs->sync_buff = ip_vs_sync_buff_create(ipvs);
572
if (!ipvs->sync_buff) {
573
spin_unlock(&ipvs->sync_buff_lock);
574
pr_err("ip_vs_sync_buff_create failed.\n");
579
m = ipvs->sync_buff->mesg;
580
p = ipvs->sync_buff->head;
581
ipvs->sync_buff->head += pad + len;
582
m->size += pad + len;
583
/* Add ev. padding from prev. sync_conn */
587
s = (union ip_vs_sync_conn *)p;
589
/* Set message type & copy members */
590
s->v4.type = (cp->af == AF_INET6 ? STYPE_F_INET6 : 0);
591
s->v4.ver_size = htons(len & SVER_MASK); /* Version 0 */
592
s->v4.flags = htonl(cp->flags & ~IP_VS_CONN_F_HASHED);
593
s->v4.state = htons(cp->state);
594
s->v4.protocol = cp->protocol;
595
s->v4.cport = cp->cport;
596
s->v4.vport = cp->vport;
597
s->v4.dport = cp->dport;
598
s->v4.fwmark = htonl(cp->fwmark);
599
s->v4.timeout = htonl(cp->timeout / HZ);
602
#ifdef CONFIG_IP_VS_IPV6
603
if (cp->af == AF_INET6) {
604
p += sizeof(struct ip_vs_sync_v6);
605
ipv6_addr_copy(&s->v6.caddr, &cp->caddr.in6);
606
ipv6_addr_copy(&s->v6.vaddr, &cp->vaddr.in6);
607
ipv6_addr_copy(&s->v6.daddr, &cp->daddr.in6);
611
p += sizeof(struct ip_vs_sync_v4); /* options ptr */
612
s->v4.caddr = cp->caddr.ip;
613
s->v4.vaddr = cp->vaddr.ip;
614
s->v4.daddr = cp->daddr.ip;
616
if (cp->flags & IP_VS_CONN_F_SEQ_MASK) {
617
*(p++) = IPVS_OPT_SEQ_DATA;
618
*(p++) = sizeof(struct ip_vs_sync_conn_options);
619
hton_seq((struct ip_vs_seq *)p, &cp->in_seq);
620
p += sizeof(struct ip_vs_seq);
621
hton_seq((struct ip_vs_seq *)p, &cp->out_seq);
622
p += sizeof(struct ip_vs_seq);
625
if (cp->pe_data_len && cp->pe_data) {
626
*(p++) = IPVS_OPT_PE_DATA;
627
*(p++) = cp->pe_data_len;
628
memcpy(p, cp->pe_data, cp->pe_data_len);
629
p += cp->pe_data_len;
632
*(p++) = IPVS_OPT_PE_NAME;
633
*(p++) = pe_name_len;
634
memcpy(p, cp->pe->name, pe_name_len);
639
spin_unlock(&ipvs->sync_buff_lock);
642
/* synchronize its controller if it has */
647
* Reduce sync rate for templates
648
* i.e only increment in_pkts for Templates.
650
if (cp->flags & IP_VS_CONN_F_TEMPLATE) {
651
int pkts = atomic_add_return(1, &cp->in_pkts);
653
if (pkts % sysctl_sync_period(ipvs) != 1)
660
* fill_param used by version 1
291
662
static inline int
292
ip_vs_conn_fill_param_sync(int af, int protocol,
293
const union nf_inet_addr *caddr, __be16 cport,
294
const union nf_inet_addr *vaddr, __be16 vport,
295
struct ip_vs_conn_param *p)
663
ip_vs_conn_fill_param_sync(struct net *net, int af, union ip_vs_sync_conn *sc,
664
struct ip_vs_conn_param *p,
665
__u8 *pe_data, unsigned int pe_data_len,
666
__u8 *pe_name, unsigned int pe_name_len)
297
/* XXX: Need to take into account persistence engine */
298
ip_vs_conn_fill_param(af, protocol, caddr, cport, vaddr, vport, p);
668
#ifdef CONFIG_IP_VS_IPV6
670
ip_vs_conn_fill_param(net, af, sc->v6.protocol,
671
(const union nf_inet_addr *)&sc->v6.caddr,
673
(const union nf_inet_addr *)&sc->v6.vaddr,
677
ip_vs_conn_fill_param(net, af, sc->v4.protocol,
678
(const union nf_inet_addr *)&sc->v4.caddr,
680
(const union nf_inet_addr *)&sc->v4.vaddr,
685
char buff[IP_VS_PENAME_MAXLEN+1];
687
memcpy(buff, pe_name, pe_name_len);
689
p->pe = __ip_vs_pe_getbyname(buff);
691
IP_VS_DBG(3, "BACKUP, no %s engine found/loaded\n",
696
IP_VS_ERR_RL("BACKUP, Invalid PE parameters\n");
700
p->pe_data = kmemdup(pe_data, pe_data_len, GFP_ATOMIC);
703
module_put(p->pe->module);
706
p->pe_data_len = pe_data_len;
303
* Process received multicast message and create the corresponding
304
* ip_vs_conn entries.
306
static void ip_vs_process_message(const char *buffer, const size_t buflen)
308
struct ip_vs_sync_mesg *m = (struct ip_vs_sync_mesg *)buffer;
309
struct ip_vs_sync_conn *s;
712
* Connection Add / Update.
713
* Common for version 0 and 1 reception of backup sync_conns.
717
static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param,
718
unsigned int flags, unsigned int state,
719
unsigned int protocol, unsigned int type,
720
const union nf_inet_addr *daddr, __be16 dport,
721
unsigned long timeout, __u32 fwmark,
722
struct ip_vs_sync_conn_options *opt)
724
struct ip_vs_dest *dest;
725
struct ip_vs_conn *cp;
726
struct netns_ipvs *ipvs = net_ipvs(net);
728
if (!(flags & IP_VS_CONN_F_TEMPLATE))
729
cp = ip_vs_conn_in_get(param);
731
cp = ip_vs_ct_in_get(param);
733
if (cp && param->pe_data) /* Free pe_data */
734
kfree(param->pe_data);
737
* Find the appropriate destination for the connection.
738
* If it is not found the connection will remain unbound
741
dest = ip_vs_find_dest(net, type, daddr, dport, param->vaddr,
742
param->vport, protocol, fwmark);
744
/* Set the approprite ativity flag */
745
if (protocol == IPPROTO_TCP) {
746
if (state != IP_VS_TCP_S_ESTABLISHED)
747
flags |= IP_VS_CONN_F_INACTIVE;
749
flags &= ~IP_VS_CONN_F_INACTIVE;
750
} else if (protocol == IPPROTO_SCTP) {
751
if (state != IP_VS_SCTP_S_ESTABLISHED)
752
flags |= IP_VS_CONN_F_INACTIVE;
754
flags &= ~IP_VS_CONN_F_INACTIVE;
756
cp = ip_vs_conn_new(param, daddr, dport, flags, dest, fwmark);
758
atomic_dec(&dest->refcnt);
761
kfree(param->pe_data);
762
IP_VS_DBG(2, "BACKUP, add new conn. failed\n");
765
} else if (!cp->dest) {
766
dest = ip_vs_try_bind_dest(cp);
768
atomic_dec(&dest->refcnt);
769
} else if ((cp->dest) && (cp->protocol == IPPROTO_TCP) &&
770
(cp->state != state)) {
771
/* update active/inactive flag for the connection */
773
if (!(cp->flags & IP_VS_CONN_F_INACTIVE) &&
774
(state != IP_VS_TCP_S_ESTABLISHED)) {
775
atomic_dec(&dest->activeconns);
776
atomic_inc(&dest->inactconns);
777
cp->flags |= IP_VS_CONN_F_INACTIVE;
778
} else if ((cp->flags & IP_VS_CONN_F_INACTIVE) &&
779
(state == IP_VS_TCP_S_ESTABLISHED)) {
780
atomic_inc(&dest->activeconns);
781
atomic_dec(&dest->inactconns);
782
cp->flags &= ~IP_VS_CONN_F_INACTIVE;
784
} else if ((cp->dest) && (cp->protocol == IPPROTO_SCTP) &&
785
(cp->state != state)) {
787
if (!(cp->flags & IP_VS_CONN_F_INACTIVE) &&
788
(state != IP_VS_SCTP_S_ESTABLISHED)) {
789
atomic_dec(&dest->activeconns);
790
atomic_inc(&dest->inactconns);
791
cp->flags &= ~IP_VS_CONN_F_INACTIVE;
796
memcpy(&cp->in_seq, opt, sizeof(*opt));
797
atomic_set(&cp->in_pkts, sysctl_sync_threshold(ipvs));
799
cp->old_state = cp->state;
801
* For Ver 0 messages style
802
* - Not possible to recover the right timeout for templates
803
* - can not find the right fwmark
804
* virtual service. If needed, we can do it for
805
* non-fwmark persistent services.
806
* Ver 1 messages style.
810
if (timeout > MAX_SCHEDULE_TIMEOUT / HZ)
811
timeout = MAX_SCHEDULE_TIMEOUT / HZ;
812
cp->timeout = timeout*HZ;
814
struct ip_vs_proto_data *pd;
816
pd = ip_vs_proto_data_get(net, protocol);
817
if (!(flags & IP_VS_CONN_F_TEMPLATE) && pd && pd->timeout_table)
818
cp->timeout = pd->timeout_table[state];
820
cp->timeout = (3*60*HZ);
826
* Process received multicast message for Version 0
828
static void ip_vs_process_message_v0(struct net *net, const char *buffer,
831
struct ip_vs_sync_mesg_v0 *m = (struct ip_vs_sync_mesg_v0 *)buffer;
832
struct ip_vs_sync_conn_v0 *s;
310
833
struct ip_vs_sync_conn_options *opt;
311
struct ip_vs_conn *cp;
312
834
struct ip_vs_protocol *pp;
313
struct ip_vs_dest *dest;
314
835
struct ip_vs_conn_param param;
318
if (buflen < sizeof(struct ip_vs_sync_mesg)) {
319
IP_VS_ERR_RL("sync message header too short\n");
323
/* Convert size back to host byte order */
324
m->size = ntohs(m->size);
326
if (buflen != m->size) {
327
IP_VS_ERR_RL("bogus sync message size\n");
331
/* SyncID sanity check */
332
if (ip_vs_backup_syncid != 0 && m->syncid != ip_vs_backup_syncid) {
333
IP_VS_DBG(7, "Ignoring incoming msg with syncid = %d\n",
338
p = (char *)buffer + sizeof(struct ip_vs_sync_mesg);
839
p = (char *)buffer + sizeof(struct ip_vs_sync_mesg_v0);
339
840
for (i=0; i<m->nr_conns; i++) {
340
841
unsigned flags, state;
342
843
if (p + SIMPLE_CONN_SIZE > buffer+buflen) {
343
IP_VS_ERR_RL("bogus conn in sync message\n");
844
IP_VS_ERR_RL("BACKUP v0, bogus conn\n");
346
s = (struct ip_vs_sync_conn *) p;
847
s = (struct ip_vs_sync_conn_v0 *) p;
347
848
flags = ntohs(s->flags) | IP_VS_CONN_F_SYNC;
348
849
flags &= ~IP_VS_CONN_F_HASHED;
349
850
if (flags & IP_VS_CONN_F_SEQ_MASK) {
350
851
opt = (struct ip_vs_sync_conn_options *)&s[1];
351
852
p += FULL_CONN_SIZE;
352
853
if (p > buffer+buflen) {
353
IP_VS_ERR_RL("bogus conn options in sync message\n");
854
IP_VS_ERR_RL("BACKUP v0, Dropping buffer bogus conn options\n");
362
863
if (!(flags & IP_VS_CONN_F_TEMPLATE)) {
363
864
pp = ip_vs_proto_get(s->protocol);
365
IP_VS_ERR_RL("Unsupported protocol %u in sync msg\n",
866
IP_VS_DBG(2, "BACKUP v0, Unsupported protocol %u\n",
369
870
if (state >= pp->num_states) {
370
IP_VS_DBG(2, "Invalid %s state %u in sync msg\n",
871
IP_VS_DBG(2, "BACKUP v0, Invalid %s state %u\n",
371
872
pp->name, state);
375
876
/* protocol in templates is not used for state/timeout */
378
IP_VS_DBG(2, "Invalid template state %u in sync msg\n",
878
IP_VS_DBG(2, "BACKUP v0, Invalid template state %u\n",
385
if (ip_vs_conn_fill_param_sync(AF_INET, s->protocol,
386
(union nf_inet_addr *)&s->caddr,
388
(union nf_inet_addr *)&s->vaddr,
390
pr_err("ip_vs_conn_fill_param_sync failed");
393
if (!(flags & IP_VS_CONN_F_TEMPLATE))
394
cp = ip_vs_conn_in_get(¶m);
396
cp = ip_vs_ct_in_get(¶m);
400
* Find the appropriate destination for the connection.
401
* If it is not found the connection will remain unbound
404
dest = ip_vs_find_dest(AF_INET,
405
(union nf_inet_addr *)&s->daddr,
407
(union nf_inet_addr *)&s->vaddr,
410
/* Set the approprite ativity flag */
411
if (s->protocol == IPPROTO_TCP) {
412
if (state != IP_VS_TCP_S_ESTABLISHED)
413
flags |= IP_VS_CONN_F_INACTIVE;
415
flags &= ~IP_VS_CONN_F_INACTIVE;
416
} else if (s->protocol == IPPROTO_SCTP) {
417
if (state != IP_VS_SCTP_S_ESTABLISHED)
418
flags |= IP_VS_CONN_F_INACTIVE;
420
flags &= ~IP_VS_CONN_F_INACTIVE;
422
cp = ip_vs_conn_new(¶m,
423
(union nf_inet_addr *)&s->daddr,
424
s->dport, flags, dest);
426
atomic_dec(&dest->refcnt);
428
pr_err("ip_vs_conn_new failed\n");
431
} else if (!cp->dest) {
432
dest = ip_vs_try_bind_dest(cp);
434
atomic_dec(&dest->refcnt);
435
} else if ((cp->dest) && (cp->protocol == IPPROTO_TCP) &&
436
(cp->state != state)) {
437
/* update active/inactive flag for the connection */
439
if (!(cp->flags & IP_VS_CONN_F_INACTIVE) &&
440
(state != IP_VS_TCP_S_ESTABLISHED)) {
441
atomic_dec(&dest->activeconns);
442
atomic_inc(&dest->inactconns);
443
cp->flags |= IP_VS_CONN_F_INACTIVE;
444
} else if ((cp->flags & IP_VS_CONN_F_INACTIVE) &&
445
(state == IP_VS_TCP_S_ESTABLISHED)) {
446
atomic_inc(&dest->activeconns);
447
atomic_dec(&dest->inactconns);
448
cp->flags &= ~IP_VS_CONN_F_INACTIVE;
450
} else if ((cp->dest) && (cp->protocol == IPPROTO_SCTP) &&
451
(cp->state != state)) {
453
if (!(cp->flags & IP_VS_CONN_F_INACTIVE) &&
454
(state != IP_VS_SCTP_S_ESTABLISHED)) {
455
atomic_dec(&dest->activeconns);
456
atomic_inc(&dest->inactconns);
457
cp->flags &= ~IP_VS_CONN_F_INACTIVE;
462
memcpy(&cp->in_seq, opt, sizeof(*opt));
463
atomic_set(&cp->in_pkts, sysctl_ip_vs_sync_threshold[0]);
465
cp->old_state = cp->state;
467
* We can not recover the right timeout for templates
468
* in all cases, we can not find the right fwmark
469
* virtual service. If needed, we can do it for
470
* non-fwmark persistent services.
472
if (!(flags & IP_VS_CONN_F_TEMPLATE) && pp->timeout_table)
473
cp->timeout = pp->timeout_table[state];
475
cp->timeout = (3*60*HZ);
884
ip_vs_conn_fill_param(net, AF_INET, s->protocol,
885
(const union nf_inet_addr *)&s->caddr,
887
(const union nf_inet_addr *)&s->vaddr,
890
/* Send timeout as Zero */
891
ip_vs_proc_conn(net, ¶m, flags, state, s->protocol, AF_INET,
892
(union nf_inet_addr *)&s->daddr, s->dport,
900
static inline int ip_vs_proc_seqopt(__u8 *p, unsigned int plen,
902
struct ip_vs_sync_conn_options *opt)
904
struct ip_vs_sync_conn_options *topt;
906
topt = (struct ip_vs_sync_conn_options *)p;
908
if (plen != sizeof(struct ip_vs_sync_conn_options)) {
909
IP_VS_DBG(2, "BACKUP, bogus conn options length\n");
912
if (*opt_flags & IPVS_OPT_F_SEQ_DATA) {
913
IP_VS_DBG(2, "BACKUP, conn options found twice\n");
916
ntoh_seq(&topt->in_seq, &opt->in_seq);
917
ntoh_seq(&topt->out_seq, &opt->out_seq);
918
*opt_flags |= IPVS_OPT_F_SEQ_DATA;
922
static int ip_vs_proc_str(__u8 *p, unsigned int plen, unsigned int *data_len,
923
__u8 **data, unsigned int maxlen,
924
__u32 *opt_flags, __u32 flag)
927
IP_VS_DBG(2, "BACKUP, bogus par.data len > %d\n", maxlen);
930
if (*opt_flags & flag) {
931
IP_VS_DBG(2, "BACKUP, Par.data found twice 0x%x\n", flag);
940
* Process a Version 1 sync. connection
942
static inline int ip_vs_proc_sync_conn(struct net *net, __u8 *p, __u8 *msg_end)
944
struct ip_vs_sync_conn_options opt;
945
union ip_vs_sync_conn *s;
946
struct ip_vs_protocol *pp;
947
struct ip_vs_conn_param param;
949
unsigned int af, state, pe_data_len=0, pe_name_len=0;
950
__u8 *pe_data=NULL, *pe_name=NULL;
954
s = (union ip_vs_sync_conn *) p;
956
if (s->v6.type & STYPE_F_INET6) {
957
#ifdef CONFIG_IP_VS_IPV6
959
p += sizeof(struct ip_vs_sync_v6);
961
IP_VS_DBG(3,"BACKUP, IPv6 msg received, and IPVS is not compiled for IPv6\n");
965
} else if (!s->v4.type) {
967
p += sizeof(struct ip_vs_sync_v4);
974
/* Process optional params check Type & Len. */
975
while (p < msg_end) {
984
if (!plen || ((p + plen) > msg_end))
986
/* Handle seq option p = param data */
987
switch (ptype & ~IPVS_OPT_F_PARAM) {
988
case IPVS_OPT_SEQ_DATA:
989
if (ip_vs_proc_seqopt(p, plen, &opt_flags, &opt))
993
case IPVS_OPT_PE_DATA:
994
if (ip_vs_proc_str(p, plen, &pe_data_len, &pe_data,
995
IP_VS_PEDATA_MAXLEN, &opt_flags,
1000
case IPVS_OPT_PE_NAME:
1001
if (ip_vs_proc_str(p, plen,&pe_name_len, &pe_name,
1002
IP_VS_PENAME_MAXLEN, &opt_flags,
1003
IPVS_OPT_F_PE_NAME))
1008
/* Param data mandatory ? */
1009
if (!(ptype & IPVS_OPT_F_PARAM)) {
1010
IP_VS_DBG(3, "BACKUP, Unknown mandatory param %d found\n",
1011
ptype & ~IPVS_OPT_F_PARAM);
1016
p += plen; /* Next option */
1019
/* Get flags and Mask off unsupported */
1020
flags = ntohl(s->v4.flags) & IP_VS_CONN_F_BACKUP_MASK;
1021
flags |= IP_VS_CONN_F_SYNC;
1022
state = ntohs(s->v4.state);
1024
if (!(flags & IP_VS_CONN_F_TEMPLATE)) {
1025
pp = ip_vs_proto_get(s->v4.protocol);
1027
IP_VS_DBG(3,"BACKUP, Unsupported protocol %u\n",
1032
if (state >= pp->num_states) {
1033
IP_VS_DBG(3, "BACKUP, Invalid %s state %u\n",
1039
/* protocol in templates is not used for state/timeout */
1041
IP_VS_DBG(3, "BACKUP, Invalid template state %u\n",
1046
if (ip_vs_conn_fill_param_sync(net, af, s, ¶m, pe_data,
1047
pe_data_len, pe_name, pe_name_len)) {
1051
/* If only IPv4, just silent skip IPv6 */
1053
ip_vs_proc_conn(net, ¶m, flags, state, s->v4.protocol, af,
1054
(union nf_inet_addr *)&s->v4.daddr, s->v4.dport,
1055
ntohl(s->v4.timeout), ntohl(s->v4.fwmark),
1056
(opt_flags & IPVS_OPT_F_SEQ_DATA ? &opt : NULL)
1058
#ifdef CONFIG_IP_VS_IPV6
1060
ip_vs_proc_conn(net, ¶m, flags, state, s->v6.protocol, af,
1061
(union nf_inet_addr *)&s->v6.daddr, s->v6.dport,
1062
ntohl(s->v6.timeout), ntohl(s->v6.fwmark),
1063
(opt_flags & IPVS_OPT_F_SEQ_DATA ? &opt : NULL)
1069
IP_VS_DBG(2, "BACKUP, Single msg dropped err:%d\n", retc);
1074
* Process received multicast message and create the corresponding
1075
* ip_vs_conn entries.
1076
* Handles Version 0 & 1
1078
static void ip_vs_process_message(struct net *net, __u8 *buffer,
1079
const size_t buflen)
1081
struct netns_ipvs *ipvs = net_ipvs(net);
1082
struct ip_vs_sync_mesg *m2 = (struct ip_vs_sync_mesg *)buffer;
1086
if (buflen < sizeof(struct ip_vs_sync_mesg_v0)) {
1087
IP_VS_DBG(2, "BACKUP, message header too short\n");
1090
/* Convert size back to host byte order */
1091
m2->size = ntohs(m2->size);
1093
if (buflen != m2->size) {
1094
IP_VS_DBG(2, "BACKUP, bogus message size\n");
1097
/* SyncID sanity check */
1098
if (ipvs->backup_syncid != 0 && m2->syncid != ipvs->backup_syncid) {
1099
IP_VS_DBG(7, "BACKUP, Ignoring syncid = %d\n", m2->syncid);
1102
/* Handle version 1 message */
1103
if ((m2->version == SYNC_PROTO_VER) && (m2->reserved == 0)
1104
&& (m2->spare == 0)) {
1106
msg_end = buffer + sizeof(struct ip_vs_sync_mesg);
1107
nr_conns = m2->nr_conns;
1109
for (i=0; i<nr_conns; i++) {
1110
union ip_vs_sync_conn *s;
1115
if (p + sizeof(s->v4) > buffer+buflen) {
1116
IP_VS_ERR_RL("BACKUP, Dropping buffer, to small\n");
1119
s = (union ip_vs_sync_conn *)p;
1120
size = ntohs(s->v4.ver_size) & SVER_MASK;
1122
/* Basic sanity checks */
1123
if (msg_end > buffer+buflen) {
1124
IP_VS_ERR_RL("BACKUP, Dropping buffer, msg > buffer\n");
1127
if (ntohs(s->v4.ver_size) >> SVER_SHIFT) {
1128
IP_VS_ERR_RL("BACKUP, Dropping buffer, Unknown version %d\n",
1129
ntohs(s->v4.ver_size) >> SVER_SHIFT);
1132
/* Process a single sync_conn */
1133
retc = ip_vs_proc_sync_conn(net, p, msg_end);
1135
IP_VS_ERR_RL("BACKUP, Dropping buffer, Err: %d in decoding\n",
1139
/* Make sure we have 32 bit alignment */
1140
msg_end = p + ((size + 3) & ~3);
1143
/* Old type of message */
1144
ip_vs_process_message_v0(net, buffer, buflen);
added
removed
net/netfilter/ipvs/ip_vs_sync.c
