Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next

#include <linux/ip.h>

#include <linux/ip.h>

#include <linux/ipv6.h>			/* for struct ipv6hdr */

#include <linux/ipv6.h>			/* for struct ipv6hdr */

#include <net/ipv6.h>

#include <net/ipv6.h>

#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)

#if IS_ENABLED(CONFIG_IPV6)

#include <linux/netfilter_ipv6/ip6_tables.h>

#endif

#if IS_ENABLED(CONFIG_NF_CONNTRACK)

#include <net/netfilter/nf_conntrack.h>

#include <net/netfilter/nf_conntrack.h>

#endif

#endif

#include <net/net_namespace.h>		/* Netw namespace */

#include <net/net_namespace.h>		/* Netw namespace */

/* Connections' size value needed by ip_vs_ctl.c */

/* Connections' size value needed by ip_vs_ctl.c */

extern int ip_vs_conn_tab_size;

extern int ip_vs_conn_tab_size;

struct ip_vs_iphdr {

struct ip_vs_iphdr {

	int len;

	__u32 len;	/* IPv4 simply where L4 starts

	__u8 protocol;

			   IPv6 where L4 Transport Header starts */

	__u32 thoff_reasm; /* Transport Header Offset in nfct_reasm skb */

	__u16 fragoffs; /* IPv6 fragment offset, 0 if first frag (or not frag)*/

	__s16 protocol;

	__s32 flags;

	union nf_inet_addr saddr;

	union nf_inet_addr saddr;

	union nf_inet_addr daddr;

	union nf_inet_addr daddr;

};

};

/* Dependency to module: nf_defrag_ipv6 */

#if defined(CONFIG_NF_DEFRAG_IPV6) || defined(CONFIG_NF_DEFRAG_IPV6_MODULE)

static inline struct sk_buff *skb_nfct_reasm(const struct sk_buff *skb)

{

	return skb->nfct_reasm;

}

static inline void *frag_safe_skb_hp(const struct sk_buff *skb, int offset,

				      int len, void *buffer,

				      const struct ip_vs_iphdr *ipvsh)

{

	if (unlikely(ipvsh->fragoffs && skb_nfct_reasm(skb)))

		return skb_header_pointer(skb_nfct_reasm(skb),

					  ipvsh->thoff_reasm, len, buffer);

	return skb_header_pointer(skb, offset, len, buffer);

}

#else

static inline struct sk_buff *skb_nfct_reasm(const struct sk_buff *skb)

{

	return NULL;

}

static inline void *frag_safe_skb_hp(const struct sk_buff *skb, int offset,

				      int len, void *buffer,

				      const struct ip_vs_iphdr *ipvsh)

{

	return skb_header_pointer(skb, offset, len, buffer);

}

#endif

static inline void

static inline void

ip_vs_fill_iphdr(int af, const void *nh, struct ip_vs_iphdr *iphdr)

ip_vs_fill_ip4hdr(const void *nh, struct ip_vs_iphdr *iphdr)

{

	const struct iphdr *iph = nh;

	iphdr->len	= iph->ihl * 4;

	iphdr->fragoffs	= 0;

	iphdr->protocol	= iph->protocol;

	iphdr->saddr.ip	= iph->saddr;

	iphdr->daddr.ip	= iph->daddr;

}

/* This function handles filling *ip_vs_iphdr, both for IPv4 and IPv6.

 * IPv6 requires some extra work, as finding proper header position,

 * depend on the IPv6 extension headers.

 */

static inline void

ip_vs_fill_iph_skb(int af, const struct sk_buff *skb, struct ip_vs_iphdr *iphdr)

{

{

#ifdef CONFIG_IP_VS_IPV6

#ifdef CONFIG_IP_VS_IPV6

	if (af == AF_INET6) {

	if (af == AF_INET6) {

		const struct ipv6hdr *iph = nh;

		const struct ipv6hdr *iph =

		iphdr->len = sizeof(struct ipv6hdr);

			(struct ipv6hdr *)skb_network_header(skb);

		iphdr->protocol = iph->nexthdr;

		iphdr->saddr.in6 = iph->saddr;

		iphdr->saddr.in6 = iph->saddr;

		iphdr->daddr.in6 = iph->daddr;

		iphdr->daddr.in6 = iph->daddr;

		/* ipv6_find_hdr() updates len, flags, thoff_reasm */

		iphdr->thoff_reasm = 0;

		iphdr->len	 = 0;

		iphdr->flags	 = 0;

		iphdr->protocol  = ipv6_find_hdr(skb, &iphdr->len, -1,

						 &iphdr->fragoffs,

						 &iphdr->flags);

		/* get proto from re-assembled packet and it's offset */

		if (skb_nfct_reasm(skb))

			iphdr->protocol = ipv6_find_hdr(skb_nfct_reasm(skb),

							&iphdr->thoff_reasm,

							-1, NULL, NULL);

	} else

	} else

#endif

#endif

	{

	{

		const struct iphdr *iph = nh;

		const struct iphdr *iph =

			(struct iphdr *)skb_network_header(skb);

		iphdr->len	= iph->ihl * 4;

		iphdr->len	= iph->ihl * 4;

		iphdr->fragoffs	= 0;

		iphdr->protocol	= iph->protocol;

		iphdr->protocol	= iph->protocol;

		iphdr->saddr.ip	= iph->saddr;

		iphdr->saddr.ip	= iph->saddr;

		iphdr->daddr.ip	= iph->daddr;

		iphdr->daddr.ip	= iph->daddr;

	}

	}

}

}

/* This function is a faster version of ip_vs_fill_iph_skb().

 * Where we only populate {s,d}addr (and avoid calling ipv6_find_hdr()).

 * This is used by the some of the ip_vs_*_schedule() functions.

 * (Mostly done to avoid ABI breakage of external schedulers)

 */

static inline void

ip_vs_fill_iph_addr_only(int af, const struct sk_buff *skb,

			 struct ip_vs_iphdr *iphdr)

{

#ifdef CONFIG_IP_VS_IPV6

	if (af == AF_INET6) {

		const struct ipv6hdr *iph =

			(struct ipv6hdr *)skb_network_header(skb);

		iphdr->saddr.in6 = iph->saddr;

		iphdr->daddr.in6 = iph->daddr;

	} else {

#endif

		const struct iphdr *iph =

			(struct iphdr *)skb_network_header(skb);

		iphdr->saddr.ip = iph->saddr;

		iphdr->daddr.ip = iph->daddr;

	}

}

static inline void ip_vs_addr_copy(int af, union nf_inet_addr *dst,

static inline void ip_vs_addr_copy(int af, union nf_inet_addr *dst,

				   const union nf_inet_addr *src)

				   const union nf_inet_addr *src)

{

{

	int len;

	int len;

#ifdef CONFIG_IP_VS_IPV6

#ifdef CONFIG_IP_VS_IPV6

	if (af == AF_INET6)

	if (af == AF_INET6)

		len = snprintf(&buf[*idx], buf_len - *idx, "[%pI6]",

		len = snprintf(&buf[*idx], buf_len - *idx, "[%pI6c]",

			       &addr->in6) + 1;

			       &addr->in6) + 1;

	else

	else

#endif

#endif

	int (*conn_schedule)(int af, struct sk_buff *skb,

	int (*conn_schedule)(int af, struct sk_buff *skb,

			     struct ip_vs_proto_data *pd,

			     struct ip_vs_proto_data *pd,

			     int *verdict, struct ip_vs_conn **cpp);

			     int *verdict, struct ip_vs_conn **cpp,

			     struct ip_vs_iphdr *iph);

	struct ip_vs_conn *

	struct ip_vs_conn *

	(*conn_in_get)(int af,

	(*conn_in_get)(int af,

		       const struct sk_buff *skb,

		       const struct sk_buff *skb,

		       const struct ip_vs_iphdr *iph,

		       const struct ip_vs_iphdr *iph,

		       unsigned int proto_off,

		       int inverse);

		       int inverse);

	struct ip_vs_conn *

	struct ip_vs_conn *

	(*conn_out_get)(int af,

	(*conn_out_get)(int af,

			const struct sk_buff *skb,

			const struct sk_buff *skb,

			const struct ip_vs_iphdr *iph,

			const struct ip_vs_iphdr *iph,

			unsigned int proto_off,

			int inverse);

			int inverse);

	int (*snat_handler)(struct sk_buff *skb,

	int (*snat_handler)(struct sk_buff *skb, struct ip_vs_protocol *pp,

			    struct ip_vs_protocol *pp, struct ip_vs_conn *cp);

			    struct ip_vs_conn *cp, struct ip_vs_iphdr *iph);

	int (*dnat_handler)(struct sk_buff *skb,

	int (*dnat_handler)(struct sk_buff *skb, struct ip_vs_protocol *pp,

			    struct ip_vs_protocol *pp, struct ip_vs_conn *cp);

			    struct ip_vs_conn *cp, struct ip_vs_iphdr *iph);

	int (*csum_check)(int af, struct sk_buff *skb,

	int (*csum_check)(int af, struct sk_buff *skb,

			  struct ip_vs_protocol *pp);

			  struct ip_vs_protocol *pp);

	   NF_ACCEPT can be returned when destination is local.

	   NF_ACCEPT can be returned when destination is local.

	 */

	 */

	int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp,

	int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp,

			   struct ip_vs_protocol *pp);

			   struct ip_vs_protocol *pp, struct ip_vs_iphdr *iph);

	/* Note: we can group the following members into a structure,

	/* Note: we can group the following members into a structure,

	   in order to save more space, and the following members are

	   in order to save more space, and the following members are

	struct ip_vs_conn *

	struct ip_vs_conn *

	(*conn_in_get)(const struct sk_buff *skb, struct ip_vs_app *app,

	(*conn_in_get)(const struct sk_buff *skb, struct ip_vs_app *app,

		       const struct iphdr *iph, unsigned int proto_off,

		       const struct iphdr *iph, int inverse);

		       int inverse);

	struct ip_vs_conn *

	struct ip_vs_conn *

	(*conn_out_get)(const struct sk_buff *skb, struct ip_vs_app *app,

	(*conn_out_get)(const struct sk_buff *skb, struct ip_vs_app *app,

			const struct iphdr *iph, unsigned int proto_off,

			const struct iphdr *iph, int inverse);

			int inverse);

	int (*state_transition)(struct ip_vs_conn *cp, int direction,

	int (*state_transition)(struct ip_vs_conn *cp, int direction,

				const struct sk_buff *skb,

				const struct sk_buff *skb,

struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,

struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,

					    const struct ip_vs_iphdr *iph,

					    const struct ip_vs_iphdr *iph,

					    unsigned int proto_off,

					    int inverse);

					    int inverse);

struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);

struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p);

struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,

struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,

					     const struct ip_vs_iphdr *iph,

					     const struct ip_vs_iphdr *iph,

					     unsigned int proto_off,

					     int inverse);

					     int inverse);

/* put back the conn without restarting its timer */

/* put back the conn without restarting its timer */

extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);

extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler);

extern struct ip_vs_conn *

extern struct ip_vs_conn *

ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,

ip_vs_schedule(struct ip_vs_service *svc, struct sk_buff *skb,

	       struct ip_vs_proto_data *pd, int *ignored);

	       struct ip_vs_proto_data *pd, int *ignored,

	       struct ip_vs_iphdr *iph);

extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,

extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,

			struct ip_vs_proto_data *pd);

			struct ip_vs_proto_data *pd, struct ip_vs_iphdr *iph);

extern void ip_vs_scheduler_err(struct ip_vs_service *svc, const char *msg);

extern void ip_vs_scheduler_err(struct ip_vs_service *svc, const char *msg);

/*

/*

 *	Various IPVS packet transmitters (from ip_vs_xmit.c)

 *	Various IPVS packet transmitters (from ip_vs_xmit.c)

 */

 */

extern int ip_vs_null_xmit

extern int ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

			   struct ip_vs_protocol *pp, struct ip_vs_iphdr *iph);

extern int ip_vs_bypass_xmit

extern int ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

			     struct ip_vs_protocol *pp,

extern int ip_vs_nat_xmit

			     struct ip_vs_iphdr *iph);

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

extern int ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,

extern int ip_vs_tunnel_xmit

			  struct ip_vs_protocol *pp, struct ip_vs_iphdr *iph);

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

extern int ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,

extern int ip_vs_dr_xmit

			     struct ip_vs_protocol *pp,

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

			     struct ip_vs_iphdr *iph);

extern int ip_vs_icmp_xmit

extern int ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp,

			 struct ip_vs_protocol *pp, struct ip_vs_iphdr *iph);

 int offset, unsigned int hooknum);

extern int ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,

			   struct ip_vs_protocol *pp, int offset,

			   unsigned int hooknum, struct ip_vs_iphdr *iph);

extern void ip_vs_dst_reset(struct ip_vs_dest *dest);

extern void ip_vs_dst_reset(struct ip_vs_dest *dest);

#ifdef CONFIG_IP_VS_IPV6

#ifdef CONFIG_IP_VS_IPV6

extern int ip_vs_bypass_xmit_v6

extern int ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

				struct ip_vs_protocol *pp,

extern int ip_vs_nat_xmit_v6

				struct ip_vs_iphdr *iph);

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

extern int ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,

extern int ip_vs_tunnel_xmit_v6

			     struct ip_vs_protocol *pp,

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

			     struct ip_vs_iphdr *iph);

extern int ip_vs_dr_xmit_v6

extern int ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

				struct ip_vs_protocol *pp,

extern int ip_vs_icmp_xmit_v6

				struct ip_vs_iphdr *iph);

(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp,

extern int ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,

 int offset, unsigned int hooknum);

			    struct ip_vs_protocol *pp, struct ip_vs_iphdr *iph);

extern int ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,

			      struct ip_vs_protocol *pp, int offset,

			      unsigned int hooknum, struct ip_vs_iphdr *iph);

#endif

#endif

#ifdef CONFIG_SYSCTL

#ifdef CONFIG_SYSCTL

config	IP_VS_IPV6

config	IP_VS_IPV6

	bool "IPv6 support for IPVS"

	bool "IPv6 support for IPVS"

	depends on IPV6 = y || IP_VS = IPV6

	depends on IPV6 = y || IP_VS = IPV6

	select IP6_NF_IPTABLES

	---help---

	---help---

	  Add IPv6 support to IPVS. This is incomplete and might be dangerous.

	  Add IPv6 support to IPVS.

	  See http://www.mindbasket.com/ipvs for more information.

	  Say Y if unsure.

	  Say N if unsure.

config	IP_VS_DEBUG

config	IP_VS_DEBUG

	bool "IP virtual server debugging"

	bool "IP virtual server debugging"

static int

static int

ip_vs_conn_fill_param_proto(int af, const struct sk_buff *skb,

ip_vs_conn_fill_param_proto(int af, const struct sk_buff *skb,

			    const struct ip_vs_iphdr *iph,

			    const struct ip_vs_iphdr *iph,

			    unsigned int proto_off, int inverse,

			    int inverse, struct ip_vs_conn_param *p)

			    struct ip_vs_conn_param *p)

{

{

	__be16 _ports[2], *pptr;

	__be16 _ports[2], *pptr;

	struct net *net = skb_net(skb);

	struct net *net = skb_net(skb);

	pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports);

	pptr = frag_safe_skb_hp(skb, iph->len, sizeof(_ports), _ports, iph);

	if (pptr == NULL)

	if (pptr == NULL)

		return 1;

		return 1;

struct ip_vs_conn *

struct ip_vs_conn *

ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,

ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb,

			const struct ip_vs_iphdr *iph,

			const struct ip_vs_iphdr *iph, int inverse)

			unsigned int proto_off, int inverse)

{

{

	struct ip_vs_conn_param p;

	struct ip_vs_conn_param p;

	if (ip_vs_conn_fill_param_proto(af, skb, iph, proto_off, inverse, &p))

	if (ip_vs_conn_fill_param_proto(af, skb, iph, inverse, &p))

		return NULL;

		return NULL;

	return ip_vs_conn_in_get(&p);

	return ip_vs_conn_in_get(&p);

struct ip_vs_conn *

struct ip_vs_conn *

ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,

ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb,

			 const struct ip_vs_iphdr *iph,

			 const struct ip_vs_iphdr *iph, int inverse)

			 unsigned int proto_off, int inverse)

{

{

	struct ip_vs_conn_param p;

	struct ip_vs_conn_param p;

	if (ip_vs_conn_fill_param_proto(af, skb, iph, proto_off, inverse, &p))

	if (ip_vs_conn_fill_param_proto(af, skb, iph, inverse, &p))

		return NULL;

		return NULL;

	return ip_vs_conn_out_get(&p);

	return ip_vs_conn_out_get(&p);

	struct ip_vs_dh_bucket *tbl;

	struct ip_vs_dh_bucket *tbl;

	struct ip_vs_iphdr iph;

	struct ip_vs_iphdr iph;

	ip_vs_fill_iphdr(svc->af, skb_network_header(skb), &iph);

	ip_vs_fill_iph_addr_only(svc->af, skb, &iph);

	IP_VS_DBG(6, "%s(): Scheduling...\n", __func__);

	IP_VS_DBG(6, "%s(): Scheduling...\n", __func__);