IPVS: netns to services part 1

{

	return net->ipvs;

}

/*

 * Get net ptr from skb in traffic cases

 * use skb_sknet when call is from userland (ioctl or netlink)

 */

static inline struct net *skb_net(struct sk_buff *skb)

{

#ifdef CONFIG_NET_NS

#ifdef CONFIG_IP_VS_DEBUG

	/*

	 * This is used for debug only.

	 * Start with the most likely hit

	 * End with BUG

	 */

	if (likely(skb->dev && skb->dev->nd_net))

		return dev_net(skb->dev);

	if (skb_dst(skb)->dev)

		return dev_net(skb_dst(skb)->dev);

	WARN(skb->sk, "Maybe skb_sknet should be used in %s() at line:%d\n",

		      __func__, __LINE__);

	if (likely(skb->sk && skb->sk->sk_net))

		return sock_net(skb->sk);

	pr_err("There is no net ptr to find in the skb in %s() line:%d\n",

		__func__, __LINE__);

	BUG();

#else

	return dev_net(skb->dev ? : skb_dst(skb)->dev);

#endif

#else

	return &init_net;

#endif

}

static inline struct net *skb_sknet(struct sk_buff *skb)

{

#ifdef CONFIG_NET_NS

#ifdef CONFIG_IP_VS_DEBUG

	/* Start with the most likely hit */

	if (likely(skb->sk && skb->sk->sk_net))

		return sock_net(skb->sk);

	WARN(skb->dev, "Maybe skb_net should be used instead in %s() line:%d\n",

		       __func__, __LINE__);

	if (likely(skb->dev && skb->dev->nd_net))

		return dev_net(skb->dev);

	pr_err("There is no net ptr to find in the skb in %s() line:%d\n",

		__func__, __LINE__);

	BUG();

#else

	return sock_net(skb->sk);

#endif

#else

	return &init_net;

#endif

}

/* Connections' size value needed by ip_vs_ctl.c */

extern int ip_vs_conn_tab_size;

	unsigned		flags;	  /* service status flags */

	unsigned		timeout;  /* persistent timeout in ticks */

	__be32			netmask;  /* grouping granularity */

	struct net		*net;

	struct list_head	destinations;  /* real server d-linked list */

	__u32			num_dests;     /* number of servers */

extern void ip_vs_sync_switch_mode(int mode);

extern struct ip_vs_service *

ip_vs_service_get(int af, __u32 fwmark, __u16 protocol,

ip_vs_service_get(struct net *net, int af, __u32 fwmark, __u16 protocol,

		  const union nf_inet_addr *vaddr, __be16 vport);

static inline void ip_vs_service_put(struct ip_vs_service *svc)

}

extern struct ip_vs_dest *

ip_vs_lookup_real_service(int af, __u16 protocol,

ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol,

			  const union nf_inet_addr *daddr, __be16 dport);

extern int ip_vs_use_count_inc(void);

extern int ip_vs_control_init(void);

extern void ip_vs_control_cleanup(void);

extern struct ip_vs_dest *

ip_vs_find_dest(int af, const union nf_inet_addr *daddr, __be16 dport,

		const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol,

		__u32 fwmark);

ip_vs_find_dest(struct net *net, int af, const union nf_inet_addr *daddr,

		__be16 dport, const union nf_inet_addr *vaddr, __be16 vport,

		__u16 protocol, __u32 fwmark);

extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);

struct netns_ipvs {

	int			gen;		/* Generation */

	/*

	 *	Hash table: for real service lookups

	 */

	#define IP_VS_RTAB_BITS 4

	#define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)

	#define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)

	struct list_head	rs_table[IP_VS_RTAB_SIZE];

};

#endif /* IP_VS_H_ */

	struct ip_vs_dest *dest;

	if ((cp) && (!cp->dest)) {

		dest = ip_vs_find_dest(cp->af, &cp->daddr, cp->dport,

		dest = ip_vs_find_dest(&init_net, cp->af, &cp->daddr, cp->dport,

				       &cp->vaddr, cp->vport,

				       cp->protocol, cp->fwmark);

		ip_vs_bind_dest(cp, dest);

static unsigned int

ip_vs_out(unsigned int hooknum, struct sk_buff *skb, int af)

{

	struct net *net = NULL;

	struct ip_vs_iphdr iph;

	struct ip_vs_protocol *pp;

	struct ip_vs_conn *cp;

	if (unlikely(!skb_dst(skb)))

		return NF_ACCEPT;

	net = skb_net(skb);

	ip_vs_fill_iphdr(af, skb_network_header(skb), &iph);

#ifdef CONFIG_IP_VS_IPV6

	if (af == AF_INET6) {

					  sizeof(_ports), _ports);

		if (pptr == NULL)

			return NF_ACCEPT;	/* Not for me */

		if (ip_vs_lookup_real_service(af, iph.protocol,

		if (ip_vs_lookup_real_service(net, af, iph.protocol,

					      &iph.saddr,

					      pptr[0])) {

			/*

/* the service table hashed by fwmark */

static struct list_head ip_vs_svc_fwm_table[IP_VS_SVC_TAB_SIZE];

/*

 *	Hash table: for real service lookups

 */

#define IP_VS_RTAB_BITS 4

#define IP_VS_RTAB_SIZE (1 << IP_VS_RTAB_BITS)

#define IP_VS_RTAB_MASK (IP_VS_RTAB_SIZE - 1)

static struct list_head ip_vs_rtable[IP_VS_RTAB_SIZE];

/*

 *	Trash for destinations

 */

/*

 *	Returns hash value for virtual service

 */

static __inline__ unsigned

ip_vs_svc_hashkey(int af, unsigned proto, const union nf_inet_addr *addr,

		  __be16 port)

static inline unsigned

ip_vs_svc_hashkey(struct net *net, int af, unsigned proto,

		  const union nf_inet_addr *addr, __be16 port)

{

	register unsigned porth = ntohs(port);

	__be32 addr_fold = addr->ip;

		addr_fold = addr->ip6[0]^addr->ip6[1]^

			    addr->ip6[2]^addr->ip6[3];

#endif

	addr_fold ^= ((size_t)net>>8);

	return (proto^ntohl(addr_fold)^(porth>>IP_VS_SVC_TAB_BITS)^porth)

		& IP_VS_SVC_TAB_MASK;

/*

 *	Returns hash value of fwmark for virtual service lookup

 */

static __inline__ unsigned ip_vs_svc_fwm_hashkey(__u32 fwmark)

static inline unsigned ip_vs_svc_fwm_hashkey(struct net *net, __u32 fwmark)

{

	return fwmark & IP_VS_SVC_TAB_MASK;

	return (((size_t)net>>8) ^ fwmark) & IP_VS_SVC_TAB_MASK;

}

/*

 *	Hashes a service in the ip_vs_svc_table by <proto,addr,port>

 *	Hashes a service in the ip_vs_svc_table by <netns,proto,addr,port>

 *	or in the ip_vs_svc_fwm_table by fwmark.

 *	Should be called with locked tables.

 */

	if (svc->fwmark == 0) {

		/*

		 *  Hash it by <protocol,addr,port> in ip_vs_svc_table

		 *  Hash it by <netns,protocol,addr,port> in ip_vs_svc_table

		 */

		hash = ip_vs_svc_hashkey(svc->af, svc->protocol, &svc->addr,

					 svc->port);

		hash = ip_vs_svc_hashkey(svc->net, svc->af, svc->protocol,

					 &svc->addr, svc->port);

		list_add(&svc->s_list, &ip_vs_svc_table[hash]);

	} else {

		/*

		 *  Hash it by fwmark in ip_vs_svc_fwm_table

		 *  Hash it by fwmark in svc_fwm_table

		 */

		hash = ip_vs_svc_fwm_hashkey(svc->fwmark);

		hash = ip_vs_svc_fwm_hashkey(svc->net, svc->fwmark);

		list_add(&svc->f_list, &ip_vs_svc_fwm_table[hash]);

	}

/*

 *	Unhashes a service from ip_vs_svc_table/ip_vs_svc_fwm_table.

 *	Unhashes a service from svc_table / svc_fwm_table.

 *	Should be called with locked tables.

 */

static int ip_vs_svc_unhash(struct ip_vs_service *svc)

	}

	if (svc->fwmark == 0) {

		/* Remove it from the ip_vs_svc_table table */

		/* Remove it from the svc_table table */

		list_del(&svc->s_list);

	} else {

		/* Remove it from the ip_vs_svc_fwm_table table */

		/* Remove it from the svc_fwm_table table */

		list_del(&svc->f_list);

	}

/*

 *	Get service by {proto,addr,port} in the service table.

 *	Get service by {netns, proto,addr,port} in the service table.

 */

static inline struct ip_vs_service *

__ip_vs_service_find(int af, __u16 protocol, const union nf_inet_addr *vaddr,

		    __be16 vport)

__ip_vs_service_find(struct net *net, int af, __u16 protocol,

		     const union nf_inet_addr *vaddr, __be16 vport)

{

	unsigned hash;

	struct ip_vs_service *svc;

	/* Check for "full" addressed entries */

	hash = ip_vs_svc_hashkey(af, protocol, vaddr, vport);

	hash = ip_vs_svc_hashkey(net, af, protocol, vaddr, vport);

	list_for_each_entry(svc, &ip_vs_svc_table[hash], s_list){

		if ((svc->af == af)

		    && ip_vs_addr_equal(af, &svc->addr, vaddr)

		    && (svc->port == vport)

		    && (svc->protocol == protocol)) {

		    && (svc->protocol == protocol)

		    && net_eq(svc->net, net)) {

			/* HIT */

			return svc;

		}

 *	Get service by {fwmark} in the service table.

 */

static inline struct ip_vs_service *

__ip_vs_svc_fwm_find(int af, __u32 fwmark)

__ip_vs_svc_fwm_find(struct net *net, int af, __u32 fwmark)

{

	unsigned hash;

	struct ip_vs_service *svc;

	/* Check for fwmark addressed entries */

	hash = ip_vs_svc_fwm_hashkey(fwmark);

	hash = ip_vs_svc_fwm_hashkey(net, fwmark);

	list_for_each_entry(svc, &ip_vs_svc_fwm_table[hash], f_list) {

		if (svc->fwmark == fwmark && svc->af == af) {

		if (svc->fwmark == fwmark && svc->af == af

		    && net_eq(svc->net, net)) {

			/* HIT */

			return svc;

		}

}

struct ip_vs_service *

ip_vs_service_get(int af, __u32 fwmark, __u16 protocol,

ip_vs_service_get(struct net *net, int af, __u32 fwmark, __u16 protocol,

		  const union nf_inet_addr *vaddr, __be16 vport)

{

	struct ip_vs_service *svc;

	/*

	 *	Check the table hashed by fwmark first

	 */

	if (fwmark && (svc = __ip_vs_svc_fwm_find(af, fwmark)))

	svc = __ip_vs_svc_fwm_find(net, af, fwmark);

	if (fwmark && svc)

		goto out;

	/*

	 *	Check the table hashed by <protocol,addr,port>

	 *	for "full" addressed entries

	 */

	svc = __ip_vs_service_find(af, protocol, vaddr, vport);

	svc = __ip_vs_service_find(net, af, protocol, vaddr, vport);

	if (svc == NULL

	    && protocol == IPPROTO_TCP

		 * Check if ftp service entry exists, the packet

		 * might belong to FTP data connections.

		 */

		svc = __ip_vs_service_find(af, protocol, vaddr, FTPPORT);

		svc = __ip_vs_service_find(net, af, protocol, vaddr, FTPPORT);

	}

	if (svc == NULL

		/*

		 * Check if the catch-all port (port zero) exists

		 */

		svc = __ip_vs_service_find(af, protocol, vaddr, 0);

		svc = __ip_vs_service_find(net, af, protocol, vaddr, 0);

	}

  out:

}

/*

 *	Hashes ip_vs_dest in ip_vs_rtable by <proto,addr,port>.

 *	Hashes ip_vs_dest in rs_table by <proto,addr,port>.

 *	should be called with locked tables.

 */

static int ip_vs_rs_hash(struct ip_vs_dest *dest)

static int ip_vs_rs_hash(struct netns_ipvs *ipvs, struct ip_vs_dest *dest)

{

	unsigned hash;

	 */

	hash = ip_vs_rs_hashkey(dest->af, &dest->addr, dest->port);

	list_add(&dest->d_list, &ip_vs_rtable[hash]);

	list_add(&dest->d_list, &ipvs->rs_table[hash]);

	return 1;

}

/*

 *	UNhashes ip_vs_dest from ip_vs_rtable.

 *	UNhashes ip_vs_dest from rs_table.

 *	should be called with locked tables.

 */

static int ip_vs_rs_unhash(struct ip_vs_dest *dest)

{

	/*

	 * Remove it from the ip_vs_rtable table.

	 * Remove it from the rs_table table.

	 */

	if (!list_empty(&dest->d_list)) {

		list_del(&dest->d_list);

 *	Lookup real service by <proto,addr,port> in the real service table.

 */

struct ip_vs_dest *

ip_vs_lookup_real_service(int af, __u16 protocol,

ip_vs_lookup_real_service(struct net *net, int af, __u16 protocol,

			  const union nf_inet_addr *daddr,

			  __be16 dport)

{

	struct netns_ipvs *ipvs = net_ipvs(net);

	unsigned hash;

	struct ip_vs_dest *dest;

	hash = ip_vs_rs_hashkey(af, daddr, dport);

	read_lock(&__ip_vs_rs_lock);

	list_for_each_entry(dest, &ip_vs_rtable[hash], d_list) {

	list_for_each_entry(dest, &ipvs->rs_table[hash], d_list) {

		if ((dest->af == af)

		    && ip_vs_addr_equal(af, &dest->addr, daddr)

		    && (dest->port == dport)

 * ip_vs_lookup_real_service() looked promissing, but

 * seems not working as expected.

 */

struct ip_vs_dest *ip_vs_find_dest(int af, const union nf_inet_addr *daddr,

struct ip_vs_dest *ip_vs_find_dest(struct net  *net, int af,

				   const union nf_inet_addr *daddr,

				   __be16 dport,

				   const union nf_inet_addr *vaddr,

				   __be16 vport, __u16 protocol, __u32 fwmark)

	struct ip_vs_dest *dest;

	struct ip_vs_service *svc;

	svc = ip_vs_service_get(af, fwmark, protocol, vaddr, vport);

	svc = ip_vs_service_get(net, af, fwmark, protocol, vaddr, vport);

	if (!svc)

		return NULL;

	dest = ip_vs_lookup_dest(svc, daddr, dport);

__ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,

		    struct ip_vs_dest_user_kern *udest, int add)

{

	struct netns_ipvs *ipvs = net_ipvs(svc->net);

	int conn_flags;

	/* set the weight and the flags */

		conn_flags |= IP_VS_CONN_F_NOOUTPUT;

	} else {

		/*

		 *    Put the real service in ip_vs_rtable if not present.

		 *    Put the real service in rs_table if not present.

		 *    For now only for NAT!

		 */

		write_lock_bh(&__ip_vs_rs_lock);

		ip_vs_rs_hash(dest);

		ip_vs_rs_hash(ipvs, dest);

		write_unlock_bh(&__ip_vs_rs_lock);

	}

	atomic_set(&dest->conn_flags, conn_flags);

 *	Add a service into the service hash table

 */

static int

ip_vs_add_service(struct ip_vs_service_user_kern *u,

ip_vs_add_service(struct net *net, struct ip_vs_service_user_kern *u,

		  struct ip_vs_service **svc_p)

{

	int ret = 0;

	svc->flags = u->flags;

	svc->timeout = u->timeout * HZ;

	svc->netmask = u->netmask;

	svc->net = net;

	INIT_LIST_HEAD(&svc->destinations);

	rwlock_init(&svc->sched_lock);

/*

 *	Flush all the virtual services

 */

static int ip_vs_flush(void)

static int ip_vs_flush(struct net *net)

{

	int idx;

	struct ip_vs_service *svc, *nxt;

	/*

	 * Flush the service table hashed by <protocol,addr,port>

	 * Flush the service table hashed by <netns,protocol,addr,port>

	 */

	for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {

		list_for_each_entry_safe(svc, nxt, &ip_vs_svc_table[idx], s_list) {

		list_for_each_entry_safe(svc, nxt, &ip_vs_svc_table[idx],

					 s_list) {

			if (net_eq(svc->net, net))

				ip_vs_unlink_service(svc);

		}

	}

	for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {

		list_for_each_entry_safe(svc, nxt,

					 &ip_vs_svc_fwm_table[idx], f_list) {

			if (net_eq(svc->net, net))

				ip_vs_unlink_service(svc);

		}

	}

	return 0;

}

static int ip_vs_zero_all(void)

static int ip_vs_zero_all(struct net *net)

{

	int idx;

	struct ip_vs_service *svc;

	for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {

		list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {

			if (net_eq(svc->net, net))

				ip_vs_zero_service(svc);

		}

	}

	for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {

		list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {

			if (net_eq(svc->net, net))

				ip_vs_zero_service(svc);

		}

	}

#ifdef CONFIG_PROC_FS

struct ip_vs_iter {

	struct seq_net_private p;  /* Do not move this, netns depends upon it*/

	struct list_head *table;

	int bucket;

};

/* Get the Nth entry in the two lists */

static struct ip_vs_service *ip_vs_info_array(struct seq_file *seq, loff_t pos)

{

	struct net *net = seq_file_net(seq);

	struct ip_vs_iter *iter = seq->private;

	int idx;

	struct ip_vs_service *svc;

	/* look in hash by protocol */

	for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {

		list_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {

			if (pos-- == 0){

			if (net_eq(svc->net, net) && pos-- == 0) {

				iter->table = ip_vs_svc_table;

				iter->bucket = idx;

				return svc;

	/* keep looking in fwmark */

	for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {

		list_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {

			if (pos-- == 0) {

			if (net_eq(svc->net, net) && pos-- == 0) {

				iter->table = ip_vs_svc_fwm_table;

				iter->bucket = idx;

				return svc;

static int ip_vs_info_open(struct inode *inode, struct file *file)

{

	return seq_open_private(file, &ip_vs_info_seq_ops,

	return seq_open_net(inode, file, &ip_vs_info_seq_ops,

			sizeof(struct ip_vs_iter));

}

static int ip_vs_stats_seq_open(struct inode *inode, struct file *file)

{

	return single_open(file, ip_vs_stats_show, NULL);

	return single_open_net(inode, file, ip_vs_stats_show);

}

static const struct file_operations ip_vs_stats_fops = {

static int

do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)

{

	struct net *net = sock_net(sk);

	int ret;

	unsigned char arg[MAX_ARG_LEN];

	struct ip_vs_service_user *usvc_compat;

	if (cmd == IP_VS_SO_SET_FLUSH) {

		/* Flush the virtual service */

		ret = ip_vs_flush();

		ret = ip_vs_flush(net);

		goto out_unlock;

	} else if (cmd == IP_VS_SO_SET_TIMEOUT) {

		/* Set timeout values for (tcp tcpfin udp) */

	if (cmd == IP_VS_SO_SET_ZERO) {

		/* if no service address is set, zero counters in all */

		if (!usvc.fwmark && !usvc.addr.ip && !usvc.port) {

			ret = ip_vs_zero_all();

			ret = ip_vs_zero_all(net);