Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0e051e68 authored by Hans Schillstrom's avatar Hans Schillstrom Committed by Simon Horman
Browse files

IPVS: Backup, Prepare for transferring firewall marks (fwmark) to the backup daemon. 



One struct will have fwmark added:
 * ip_vs_conn

ip_vs_conn_new() and ip_vs_find_dest()
will have an extra param - fwmark
The effects of that, is in this patch.

Signed-off-by: default avatarHans Schillstrom <hans.schillstrom@ericsson.com>
Acked-by: default avatarJulian Anastasov <ja@ssi.bg>
Signed-off-by: default avatarSimon Horman <horms@verge.net.au>
parent 2c2bf086

include/net/ip_vs.h

+4 −2
Original line number Original line Diff line number Diff line
@@ -382,6 +382,7 @@ struct ip_vs_conn { 
	union nf_inet_addr       vaddr;          /* virtual address */

	union nf_inet_addr       vaddr;          /* virtual address */

	union nf_inet_addr       daddr;          /* destination address */

	union nf_inet_addr       daddr;          /* destination address */

	volatile __u32           flags;          /* status flags */

	volatile __u32           flags;          /* status flags */

	__u32                    fwmark;         /* Fire wall mark from skb */

	__be16                   cport;

	__be16                   cport;

	__be16                   vport;

	__be16                   vport;

	__be16                   dport;

	__be16                   dport;
@@ -720,7 +721,7 @@ extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport); 
struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p,

struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p,

				  const union nf_inet_addr *daddr,

				  const union nf_inet_addr *daddr,

				  __be16 dport, unsigned flags,

				  __be16 dport, unsigned flags,

				  struct ip_vs_dest *dest);

				  struct ip_vs_dest *dest, __u32 fwmark);

extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);

extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp);





extern const char * ip_vs_state_name(__u16 proto, int state);

extern const char * ip_vs_state_name(__u16 proto, int state);
@@ -901,7 +902,8 @@ extern int ip_vs_control_init(void); 
extern void ip_vs_control_cleanup(void);

extern void ip_vs_control_cleanup(void);

extern struct ip_vs_dest *

extern struct ip_vs_dest *

ip_vs_find_dest(int af, const union nf_inet_addr *daddr, __be16 dport,

ip_vs_find_dest(int af, const union nf_inet_addr *daddr, __be16 dport,

		const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol);

		const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol,

		__u32 fwmark);

extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);

extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);

net/netfilter/ipvs/ip_vs_conn.c

+3 −2
Original line number Original line Diff line number Diff line
@@ -613,7 +613,7 @@ struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp) 
	if ((cp) && (!cp->dest)) {

	if ((cp) && (!cp->dest)) {

		dest = ip_vs_find_dest(cp->af, &cp->daddr, cp->dport,

		dest = ip_vs_find_dest(cp->af, &cp->daddr, cp->dport,

				       &cp->vaddr, cp->vport,

				       &cp->vaddr, cp->vport,

				       cp->protocol);

				       cp->protocol, cp->fwmark);

		ip_vs_bind_dest(cp, dest);

		ip_vs_bind_dest(cp, dest);

		return dest;

		return dest;

	} else

	} else
@@ -803,7 +803,7 @@ void ip_vs_conn_expire_now(struct ip_vs_conn *cp) 
struct ip_vs_conn *

struct ip_vs_conn *

ip_vs_conn_new(const struct ip_vs_conn_param *p,

ip_vs_conn_new(const struct ip_vs_conn_param *p,

	       const union nf_inet_addr *daddr, __be16 dport, unsigned flags,

	       const union nf_inet_addr *daddr, __be16 dport, unsigned flags,

	       struct ip_vs_dest *dest)

	       struct ip_vs_dest *dest, __u32 fwmark)

{

{

	struct ip_vs_conn *cp;

	struct ip_vs_conn *cp;

	struct ip_vs_protocol *pp = ip_vs_proto_get(p->protocol);

	struct ip_vs_protocol *pp = ip_vs_proto_get(p->protocol);
@@ -827,6 +827,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, 
			&cp->daddr, daddr);

			&cp->daddr, daddr);

	cp->dport          = dport;

	cp->dport          = dport;

	cp->flags	   = flags;

	cp->flags	   = flags;

	cp->fwmark         = fwmark;

	if (flags & IP_VS_CONN_F_TEMPLATE && p->pe) {

	if (flags & IP_VS_CONN_F_TEMPLATE && p->pe) {

		ip_vs_pe_get(p->pe);

		ip_vs_pe_get(p->pe);

		cp->pe = p->pe;

		cp->pe = p->pe;

net/netfilter/ipvs/ip_vs_core.c

+4 −4
Original line number Original line Diff line number Diff line
@@ -293,7 +293,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, 
		 * and thus param.pe_data will be destroyed

		 * and thus param.pe_data will be destroyed

		 * when the template expires */

		 * when the template expires */

		ct = ip_vs_conn_new(&param, &dest->addr, dport,

		ct = ip_vs_conn_new(&param, &dest->addr, dport,

				    IP_VS_CONN_F_TEMPLATE, dest);

				    IP_VS_CONN_F_TEMPLATE, dest, skb->mark);

		if (ct == NULL) {

		if (ct == NULL) {

			kfree(param.pe_data);

			kfree(param.pe_data);

			return NULL;

			return NULL;
@@ -319,7 +319,7 @@ ip_vs_sched_persist(struct ip_vs_service *svc, 
	 */

	 */

	ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, ports[0],

	ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, ports[0],

			      &iph.daddr, ports[1], &param);

			      &iph.daddr, ports[1], &param);

	cp = ip_vs_conn_new(&param, &dest->addr, dport, flags, dest);

	cp = ip_vs_conn_new(&param, &dest->addr, dport, flags, dest, skb->mark);

	if (cp == NULL) {

	if (cp == NULL) {

		ip_vs_conn_put(ct);

		ip_vs_conn_put(ct);

		return NULL;

		return NULL;
@@ -423,7 +423,7 @@ ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb, 
				      pptr[0], &iph.daddr, pptr[1], &p);

				      pptr[0], &iph.daddr, pptr[1], &p);

		cp = ip_vs_conn_new(&p, &dest->addr,

		cp = ip_vs_conn_new(&p, &dest->addr,

				    dest->port ? dest->port : pptr[1],

				    dest->port ? dest->port : pptr[1],

				    flags, dest);

				    flags, dest, skb->mark);

		if (!cp)

		if (!cp)

			return NULL;

			return NULL;

	}

	}
@@ -489,7 +489,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, 
					      &iph.daddr, pptr[1], &p);

					      &iph.daddr, pptr[1], &p);

			cp = ip_vs_conn_new(&p, &daddr, 0,

			cp = ip_vs_conn_new(&p, &daddr, 0,

					    IP_VS_CONN_F_BYPASS | flags,

					    IP_VS_CONN_F_BYPASS | flags,

					    NULL);

					    NULL, skb->mark);

			if (!cp)

			if (!cp)

				return NF_DROP;

				return NF_DROP;

		}

		}

net/netfilter/ipvs/ip_vs_ctl.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -657,12 +657,12 @@ ip_vs_lookup_dest(struct ip_vs_service *svc, const union nf_inet_addr *daddr, 
struct ip_vs_dest *ip_vs_find_dest(int af, const union nf_inet_addr *daddr,

struct ip_vs_dest *ip_vs_find_dest(int af, const union nf_inet_addr *daddr,

				   __be16 dport,

				   __be16 dport,

				   const union nf_inet_addr *vaddr,

				   const union nf_inet_addr *vaddr,

				   __be16 vport, __u16 protocol)

				   __be16 vport, __u16 protocol, __u32 fwmark)

{

{

	struct ip_vs_dest *dest;

	struct ip_vs_dest *dest;

	struct ip_vs_service *svc;

	struct ip_vs_service *svc;





	svc = ip_vs_service_get(af, 0, protocol, vaddr, vport);

	svc = ip_vs_service_get(af, fwmark, protocol, vaddr, vport);

	if (!svc)

	if (!svc)

		return NULL;

		return NULL;

	dest = ip_vs_lookup_dest(svc, daddr, dport);

	dest = ip_vs_lookup_dest(svc, daddr, dport);

net/netfilter/ipvs/ip_vs_ftp.c

+3 −2
Original line number Original line Diff line number Diff line
@@ -208,7 +208,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, 
			n_cp = ip_vs_conn_new(&p, &from, port,

			n_cp = ip_vs_conn_new(&p, &from, port,

					      IP_VS_CONN_F_NO_CPORT |

					      IP_VS_CONN_F_NO_CPORT |

					      IP_VS_CONN_F_NFCT,

					      IP_VS_CONN_F_NFCT,

					      cp->dest);

					      cp->dest, skb->mark);

			if (!n_cp)

			if (!n_cp)

				return 0;

				return 0;
@@ -365,7 +365,8 @@ static int ip_vs_ftp_in(struct ip_vs_app *app, struct ip_vs_conn *cp, 
		if (!n_cp) {

		if (!n_cp) {

			n_cp = ip_vs_conn_new(&p, &cp->daddr,

			n_cp = ip_vs_conn_new(&p, &cp->daddr,

					      htons(ntohs(cp->dport)-1),

					      htons(ntohs(cp->dport)-1),

					      IP_VS_CONN_F_NFCT, cp->dest);

					      IP_VS_CONN_F_NFCT, cp->dest,

					      skb->mark);

			if (!n_cp)

			if (!n_cp)

				return 0;

				return 0;