IPVS: netns, connection hash got net as param.

						     unsigned short proto);

struct ip_vs_conn_param {

	struct net			*net;

	const union nf_inet_addr	*caddr;

	const union nf_inet_addr	*vaddr;

	__be16				cport;

 */

struct ip_vs_conn {

	struct list_head        c_list;         /* hashed list heads */

#ifdef CONFIG_NET_NS

	struct net              *net;           /* Name space */

#endif

	/* Protocol, addresses and port numbers */

	u16                     af;             /* address family */

	__be16                  cport;

	__be16                  vport;

	__be16                  dport;

	__u32                   fwmark;         /* Fire wall mark from skb */

	union nf_inet_addr      caddr;          /* client address */

	union nf_inet_addr      vaddr;          /* virtual address */

	union nf_inet_addr      daddr;          /* destination address */

	volatile __u32          flags;          /* status flags */

	__u32                    fwmark;         /* Fire wall mark from skb */

	__be16                   cport;

	__be16                   vport;

	__be16                   dport;

	__u16                   protocol;       /* Which protocol (TCP/UDP) */

	/* counter and timer */

	__u8			pe_data_len;

};

/*

 *  To save some memory in conn table when name space is disabled.

 */

static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp)

{

#ifdef CONFIG_NET_NS

	return cp->net;

#else

	return &init_net;

#endif

}

static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net)

{

#ifdef CONFIG_NET_NS

	cp->net = net;

#endif

}

static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp,

				    struct net *net)

{

#ifdef CONFIG_NET_NS

	return cp->net == net;

#else

	return 1;

#endif

}

/*

 *	Extended internal versions of struct ip_vs_service_user and

	IP_VS_DIR_LAST,

};

static inline void ip_vs_conn_fill_param(int af, int protocol,

static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol,

					 const union nf_inet_addr *caddr,

					 __be16 cport,

					 const union nf_inet_addr *vaddr,

					 __be16 vport,

					 struct ip_vs_conn_param *p)

{

	p->net = net;

	p->af = af;

	p->protocol = protocol;

	p->caddr = caddr;

	struct ip_vs_cpu_stats __percpu *cpustats;   /* Stats per cpu */

	seqcount_t			*ustats_seq; /* u64 read retry */

	/* ip_vs_conn */

	atomic_t		conn_count;         /*  connection counter */

	/* ip_vs_lblc */

	int			sysctl_lblc_expiration;

	struct ctl_table_header	*lblc_ctl_header;

/*  SLAB cache for IPVS connections */

static struct kmem_cache *ip_vs_conn_cachep __read_mostly;

/*  counter for current IPVS connections */

static atomic_t ip_vs_conn_count = ATOMIC_INIT(0);

/*  counter for no client port connections */

static atomic_t ip_vs_conn_no_cport_cnt = ATOMIC_INIT(0);

/*

 *  Fine locking granularity for big connection hash table

 */

#define CT_LOCKARRAY_BITS  4

#define CT_LOCKARRAY_BITS  5

#define CT_LOCKARRAY_SIZE  (1<<CT_LOCKARRAY_BITS)

#define CT_LOCKARRAY_MASK  (CT_LOCKARRAY_SIZE-1)

/*

 *	Returns hash value for IPVS connection entry

 */

static unsigned int ip_vs_conn_hashkey(int af, unsigned proto,

static unsigned int ip_vs_conn_hashkey(struct net *net, int af, unsigned proto,

				       const union nf_inet_addr *addr,

				       __be16 port)

{

#ifdef CONFIG_IP_VS_IPV6

	if (af == AF_INET6)

		return jhash_3words(jhash(addr, 16, ip_vs_conn_rnd),

				    (__force u32)port, proto, ip_vs_conn_rnd)

			& ip_vs_conn_tab_mask;

		return (jhash_3words(jhash(addr, 16, ip_vs_conn_rnd),

				    (__force u32)port, proto, ip_vs_conn_rnd) ^

			((size_t)net>>8)) & ip_vs_conn_tab_mask;

#endif

	return jhash_3words((__force u32)addr->ip, (__force u32)port, proto,

			    ip_vs_conn_rnd)

		& ip_vs_conn_tab_mask;

	return (jhash_3words((__force u32)addr->ip, (__force u32)port, proto,

			    ip_vs_conn_rnd) ^

		((size_t)net>>8)) & ip_vs_conn_tab_mask;

}

static unsigned int ip_vs_conn_hashkey_param(const struct ip_vs_conn_param *p,

		port = p->vport;

	}

	return ip_vs_conn_hashkey(p->af, p->protocol, addr, port);

	return ip_vs_conn_hashkey(p->net, p->af, p->protocol, addr, port);

}

static unsigned int ip_vs_conn_hashkey_conn(const struct ip_vs_conn *cp)

{

	struct ip_vs_conn_param p;

	ip_vs_conn_fill_param(cp->af, cp->protocol, &cp->caddr, cp->cport,

			      NULL, 0, &p);

	ip_vs_conn_fill_param(ip_vs_conn_net(cp), cp->af, cp->protocol,

			      &cp->caddr, cp->cport, NULL, 0, &p);

	if (cp->pe) {

		p.pe = cp->pe;

}

/*

 *	Hashes ip_vs_conn in ip_vs_conn_tab by proto,addr,port.

 *	Hashes ip_vs_conn in ip_vs_conn_tab by netns,proto,addr,port.

 *	returns bool success.

 */

static inline int ip_vs_conn_hash(struct ip_vs_conn *cp)

	list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {

		if (cp->af == p->af &&

		    p->cport == cp->cport && p->vport == cp->vport &&

		    ip_vs_addr_equal(p->af, p->caddr, &cp->caddr) &&

		    ip_vs_addr_equal(p->af, p->vaddr, &cp->vaddr) &&

		    p->cport == cp->cport && p->vport == cp->vport &&

		    ((!p->cport) ^ (!(cp->flags & IP_VS_CONN_F_NO_CPORT))) &&

		    p->protocol == cp->protocol) {

		    p->protocol == cp->protocol &&

		    ip_vs_conn_net_eq(cp, p->net)) {

			/* HIT */

			atomic_inc(&cp->refcnt);

			ct_read_unlock(hash);

			    struct ip_vs_conn_param *p)

{

	__be16 _ports[2], *pptr;

	struct net *net = skb_net(skb);

	pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports);

	if (pptr == NULL)

		return 1;

	if (likely(!inverse))

		ip_vs_conn_fill_param(af, iph->protocol, &iph->saddr, pptr[0],

				      &iph->daddr, pptr[1], p);

		ip_vs_conn_fill_param(net, af, iph->protocol, &iph->saddr,

				      pptr[0], &iph->daddr, pptr[1], p);

	else

		ip_vs_conn_fill_param(af, iph->protocol, &iph->daddr, pptr[1],

				      &iph->saddr, pptr[0], p);

		ip_vs_conn_fill_param(net, af, iph->protocol, &iph->daddr,

				      pptr[1], &iph->saddr, pptr[0], p);

	return 0;

}

	ct_read_lock(hash);

	list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {

		if (!ip_vs_conn_net_eq(cp, p->net))

			continue;

		if (p->pe_data && p->pe->ct_match) {

			if (p->pe == cp->pe && p->pe->ct_match(p, cp))

				goto out;

	list_for_each_entry(cp, &ip_vs_conn_tab[hash], c_list) {

		if (cp->af == p->af &&

		    p->vport == cp->cport && p->cport == cp->dport &&

		    ip_vs_addr_equal(p->af, p->vaddr, &cp->caddr) &&

		    ip_vs_addr_equal(p->af, p->caddr, &cp->daddr) &&

		    p->vport == cp->cport && p->cport == cp->dport &&

		    p->protocol == cp->protocol) {

		    p->protocol == cp->protocol &&

		    ip_vs_conn_net_eq(cp, p->net)) {

			/* HIT */

			atomic_inc(&cp->refcnt);

			ret = cp;

	struct ip_vs_dest *dest;

	if ((cp) && (!cp->dest)) {

		dest = ip_vs_find_dest(&init_net, cp->af, &cp->daddr, cp->dport,

				       &cp->vaddr, cp->vport,

		dest = ip_vs_find_dest(ip_vs_conn_net(cp), cp->af, &cp->daddr,

				       cp->dport, &cp->vaddr, cp->vport,

				       cp->protocol, cp->fwmark);

		ip_vs_bind_dest(cp, dest);

		return dest;

static void ip_vs_conn_expire(unsigned long data)

{

	struct ip_vs_conn *cp = (struct ip_vs_conn *)data;

	struct netns_ipvs *ipvs = net_ipvs(ip_vs_conn_net(cp));

	cp->timeout = 60*HZ;

		ip_vs_unbind_dest(cp);

		if (cp->flags & IP_VS_CONN_F_NO_CPORT)

			atomic_dec(&ip_vs_conn_no_cport_cnt);

		atomic_dec(&ip_vs_conn_count);

		atomic_dec(&ipvs->conn_count);

		kmem_cache_free(ip_vs_conn_cachep, cp);

		return;

	       struct ip_vs_dest *dest, __u32 fwmark)

{

	struct ip_vs_conn *cp;

	struct ip_vs_proto_data *pd = ip_vs_proto_data_get(&init_net, p->protocol);

	struct netns_ipvs *ipvs = net_ipvs(p->net);

	struct ip_vs_proto_data *pd = ip_vs_proto_data_get(p->net,

							   p->protocol);

	cp = kmem_cache_zalloc(ip_vs_conn_cachep, GFP_ATOMIC);

	if (cp == NULL) {

	INIT_LIST_HEAD(&cp->c_list);

	setup_timer(&cp->timer, ip_vs_conn_expire, (unsigned long)cp);

	ip_vs_conn_net_set(cp, p->net);

	cp->af		   = p->af;

	cp->protocol	   = p->protocol;

	ip_vs_addr_copy(p->af, &cp->caddr, p->caddr);

	atomic_set(&cp->n_control, 0);

	atomic_set(&cp->in_pkts, 0);

	atomic_inc(&ip_vs_conn_count);

	atomic_inc(&ipvs->conn_count);

	if (flags & IP_VS_CONN_F_NO_CPORT)

		atomic_inc(&ip_vs_conn_no_cport_cnt);

 *	/proc/net/ip_vs_conn entries

 */

#ifdef CONFIG_PROC_FS

struct ip_vs_iter_state {

	struct seq_net_private p;

	struct list_head *l;

};

static void *ip_vs_conn_array(struct seq_file *seq, loff_t pos)

{

	int idx;

	struct ip_vs_conn *cp;

	struct ip_vs_iter_state *iter = seq->private;

	for (idx = 0; idx < ip_vs_conn_tab_size; idx++) {

		ct_read_lock_bh(idx);

		list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {

			if (pos-- == 0) {

				seq->private = &ip_vs_conn_tab[idx];

				iter->l = &ip_vs_conn_tab[idx];

			return cp;

			}

		}

static void *ip_vs_conn_seq_start(struct seq_file *seq, loff_t *pos)

{

	seq->private = NULL;

	struct ip_vs_iter_state *iter = seq->private;

	iter->l = NULL;

	return *pos ? ip_vs_conn_array(seq, *pos - 1) :SEQ_START_TOKEN;

}

static void *ip_vs_conn_seq_next(struct seq_file *seq, void *v, loff_t *pos)

{

	struct ip_vs_conn *cp = v;

	struct list_head *e, *l = seq->private;

	struct ip_vs_iter_state *iter = seq->private;

	struct list_head *e, *l = iter->l;

	int idx;

	++*pos;

	while (++idx < ip_vs_conn_tab_size) {

		ct_read_lock_bh(idx);

		list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {

			seq->private = &ip_vs_conn_tab[idx];

			iter->l = &ip_vs_conn_tab[idx];

			return cp;

		}

		ct_read_unlock_bh(idx);

	}

	seq->private = NULL;

	iter->l = NULL;

	return NULL;

}

static void ip_vs_conn_seq_stop(struct seq_file *seq, void *v)

{

	struct list_head *l = seq->private;

	struct ip_vs_iter_state *iter = seq->private;

	struct list_head *l = iter->l;

	if (l)

		ct_read_unlock_bh(l - ip_vs_conn_tab);

   "Pro FromIP   FPrt ToIP     TPrt DestIP   DPrt State       Expires PEName PEData\n");

	else {

		const struct ip_vs_conn *cp = v;

		struct net *net = seq_file_net(seq);

		char pe_data[IP_VS_PENAME_MAXLEN + IP_VS_PEDATA_MAXLEN + 3];

		size_t len = 0;

		if (!ip_vs_conn_net_eq(cp, net))

			return 0;

		if (cp->pe_data) {

			pe_data[0] = ' ';

			len = strlen(cp->pe->name);

static int ip_vs_conn_open(struct inode *inode, struct file *file)

{

	return seq_open(file, &ip_vs_conn_seq_ops);

	return seq_open_net(inode, file, &ip_vs_conn_seq_ops,

			    sizeof(struct ip_vs_iter_state));

}

static const struct file_operations ip_vs_conn_fops = {

   "Pro FromIP   FPrt ToIP     TPrt DestIP   DPrt State       Origin Expires\n");

	else {

		const struct ip_vs_conn *cp = v;

		struct net *net = seq_file_net(seq);

		if (!ip_vs_conn_net_eq(cp, net))

			return 0;

#ifdef CONFIG_IP_VS_IPV6

		if (cp->af == AF_INET6)

static int ip_vs_conn_sync_open(struct inode *inode, struct file *file)

{

	return seq_open(file, &ip_vs_conn_sync_seq_ops);

	return seq_open_net(inode, file, &ip_vs_conn_sync_seq_ops,

			    sizeof(struct ip_vs_iter_state));

}

static const struct file_operations ip_vs_conn_sync_fops = {

/*

 *      Flush all the connection entries in the ip_vs_conn_tab

 */

static void ip_vs_conn_flush(void)

static void ip_vs_conn_flush(struct net *net)

{

	int idx;

	struct ip_vs_conn *cp;

	struct netns_ipvs *ipvs = net_ipvs(net);

  flush_again:

	for (idx = 0; idx < ip_vs_conn_tab_size; idx++) {

		ct_write_lock_bh(idx);

		list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {

			if (!ip_vs_conn_net_eq(cp, net))

				continue;

			IP_VS_DBG(4, "del connection\n");

			ip_vs_conn_expire_now(cp);

			if (cp->control) {

	/* the counter may be not NULL, because maybe some conn entries

	   are run by slow timer handler or unhashed but still referred */

	if (atomic_read(&ip_vs_conn_count) != 0) {

	if (atomic_read(&ipvs->conn_count) != 0) {

		schedule();

		goto flush_again;

	}

 */

int __net_init __ip_vs_conn_init(struct net *net)

{

	struct netns_ipvs *ipvs = net_ipvs(net);

	if (!net_eq(net, &init_net))	/* netns not enabled yet */

		return -EPERM;

	atomic_set(&ipvs->conn_count, 0);

	proc_net_fops_create(net, "ip_vs_conn", 0, &ip_vs_conn_fops);

	proc_net_fops_create(net, "ip_vs_conn_sync", 0, &ip_vs_conn_sync_fops);

	if (!net_eq(net, &init_net))	/* netns not enabled yet */

		return;

	/* flush all the connection entries first */

	ip_vs_conn_flush(net);

	proc_net_remove(net, "ip_vs_conn");

	proc_net_remove(net, "ip_vs_conn_sync");

}

void ip_vs_conn_cleanup(void)

{

	unregister_pernet_subsys(&ipvs_conn_ops);

	/* flush all the connection entries first */

	ip_vs_conn_flush();

	/* Release the empty cache */

	kmem_cache_destroy(ip_vs_conn_cachep);

	vfree(ip_vs_conn_tab);

			      const union nf_inet_addr *vaddr, __be16 vport,

			      struct ip_vs_conn_param *p)

{

	ip_vs_conn_fill_param(svc->af, protocol, caddr, cport, vaddr, vport, p);

	ip_vs_conn_fill_param(svc->net, svc->af, protocol, caddr, cport, vaddr,

			      vport, p);

	p->pe = svc->pe;

	if (p->pe && p->pe->fill_param)

		return p->pe->fill_param(p, skb);

	/*

	 *    Create a new connection according to the template

	 */

	ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr, src_port,

			      &iph.daddr, dst_port, &param);

	ip_vs_conn_fill_param(svc->net, svc->af, iph.protocol, &iph.saddr,

			      src_port, &iph.daddr, dst_port, &param);

	cp = ip_vs_conn_new(&param, &dest->addr, dport, flags, dest, skb->mark);

	if (cp == NULL) {

	 */

	{

		struct ip_vs_conn_param p;

		ip_vs_conn_fill_param(svc->af, iph.protocol, &iph.saddr,

				      pptr[0], &iph.daddr, pptr[1], &p);

		ip_vs_conn_fill_param(svc->net, svc->af, iph.protocol,

				      &iph.saddr, pptr[0], &iph.daddr, pptr[1],

				      &p);

		cp = ip_vs_conn_new(&p, &dest->addr,

				    dest->port ? dest->port : pptr[1],

				    flags, dest, skb->mark);

		IP_VS_DBG(6, "%s(): create a cache_bypass entry\n", __func__);

		{

			struct ip_vs_conn_param p;

			ip_vs_conn_fill_param(svc->af, iph.protocol,

			ip_vs_conn_fill_param(svc->net, svc->af, iph.protocol,

					      &iph.saddr, pptr[0],

					      &iph.daddr, pptr[1], &p);

			cp = ip_vs_conn_new(&p, &daddr, 0,

		 */

		{

			struct ip_vs_conn_param p;

			ip_vs_conn_fill_param(AF_INET, iph->protocol,

					      &from, port, &cp->caddr, 0, &p);

			ip_vs_conn_fill_param(ip_vs_conn_net(cp), AF_INET,

					      iph->protocol, &from, port,

					      &cp->caddr, 0, &p);

			n_cp = ip_vs_conn_out_get(&p);

		}

		if (!n_cp) {

			struct ip_vs_conn_param p;

			ip_vs_conn_fill_param(AF_INET, IPPROTO_TCP, &cp->caddr,

			ip_vs_conn_fill_param(ip_vs_conn_net(cp),

					      AF_INET, IPPROTO_TCP, &cp->caddr,

					      0, &cp->vaddr, port, &p);

			n_cp = ip_vs_conn_new(&p, &from, port,

					      IP_VS_CONN_F_NO_CPORT |

	{

		struct ip_vs_conn_param p;

		ip_vs_conn_fill_param(AF_INET, iph->protocol, &to, port,

				      &cp->vaddr, htons(ntohs(cp->vport)-1),

				      &p);

		ip_vs_conn_fill_param(ip_vs_conn_net(cp), AF_INET,

				      iph->protocol, &to, port, &cp->vaddr,

				      htons(ntohs(cp->vport)-1), &p);

		n_cp = ip_vs_conn_in_get(&p);

		if (!n_cp) {

			n_cp = ip_vs_conn_new(&p, &cp->daddr,