1 /* 2 * IP Virtual Server 3 * data structure and functionality definitions 4 */ 5 6 #ifndef _IP_VS_H 7 #define _IP_VS_H 8 9 #include <asm/types.h> /* For __uXX types */ 10 11 #define IP_VS_VERSION_CODE 0x010201 12 #define NVERSION(version) \ 13 (version >> 16) & 0xFF, \ 14 (version >> 8) & 0xFF, \ 15 version & 0xFF 16 17 /* 18 * Virtual Service Flags 19 */ 20 #define IP_VS_SVC_F_PERSISTENT 0x0001 /* persistent port */ 21 #define IP_VS_SVC_F_HASHED 0x0002 /* hashed entry */ 22 23 /* 24 * Destination Server Flags 25 */ 26 #define IP_VS_DEST_F_AVAILABLE 0x0001 /* server is available */ 27 #define IP_VS_DEST_F_OVERLOAD 0x0002 /* server is overloaded */ 28 29 /* 30 * IPVS sync daemon states 31 */ 32 #define IP_VS_STATE_NONE 0x0000 /* daemon is stopped */ 33 #define IP_VS_STATE_MASTER 0x0001 /* started as master */ 34 #define IP_VS_STATE_BACKUP 0x0002 /* started as backup */ 35 36 /* 37 * IPVS socket options 38 */ 39 #define IP_VS_BASE_CTL (64+1024+64) /* base */ 40 41 #define IP_VS_SO_SET_NONE IP_VS_BASE_CTL /* just peek */ 42 #define IP_VS_SO_SET_INSERT (IP_VS_BASE_CTL+1) 43 #define IP_VS_SO_SET_ADD (IP_VS_BASE_CTL+2) 44 #define IP_VS_SO_SET_EDIT (IP_VS_BASE_CTL+3) 45 #define IP_VS_SO_SET_DEL (IP_VS_BASE_CTL+4) 46 #define IP_VS_SO_SET_FLUSH (IP_VS_BASE_CTL+5) 47 #define IP_VS_SO_SET_LIST (IP_VS_BASE_CTL+6) 48 #define IP_VS_SO_SET_ADDDEST (IP_VS_BASE_CTL+7) 49 #define IP_VS_SO_SET_DELDEST (IP_VS_BASE_CTL+8) 50 #define IP_VS_SO_SET_EDITDEST (IP_VS_BASE_CTL+9) 51 #define IP_VS_SO_SET_TIMEOUT (IP_VS_BASE_CTL+10) 52 #define IP_VS_SO_SET_STARTDAEMON (IP_VS_BASE_CTL+11) 53 #define IP_VS_SO_SET_STOPDAEMON (IP_VS_BASE_CTL+12) 54 #define IP_VS_SO_SET_RESTORE (IP_VS_BASE_CTL+13) 55 #define IP_VS_SO_SET_SAVE (IP_VS_BASE_CTL+14) 56 #define IP_VS_SO_SET_ZERO (IP_VS_BASE_CTL+15) 57 #define IP_VS_SO_SET_MAX IP_VS_SO_SET_ZERO 58 59 #define IP_VS_SO_GET_VERSION IP_VS_BASE_CTL 60 #define IP_VS_SO_GET_INFO (IP_VS_BASE_CTL+1) 61 #define IP_VS_SO_GET_SERVICES (IP_VS_BASE_CTL+2) 62 #define IP_VS_SO_GET_SERVICE (IP_VS_BASE_CTL+3) 63 #define IP_VS_SO_GET_DESTS (IP_VS_BASE_CTL+4) 64 #define IP_VS_SO_GET_DEST (IP_VS_BASE_CTL+5) /* not used now */ 65 #define IP_VS_SO_GET_TIMEOUT (IP_VS_BASE_CTL+6) 66 #define IP_VS_SO_GET_DAEMON (IP_VS_BASE_CTL+7) 67 #define IP_VS_SO_GET_MAX IP_VS_SO_GET_DAEMON 68 69 70 /* 71 * IPVS Connection Flags 72 */ 73 #define IP_VS_CONN_F_FWD_MASK 0x0007 /* mask for the fwd methods */ 74 #define IP_VS_CONN_F_MASQ 0x0000 /* masquerading/NAT */ 75 #define IP_VS_CONN_F_LOCALNODE 0x0001 /* local node */ 76 #define IP_VS_CONN_F_TUNNEL 0x0002 /* tunneling */ 77 #define IP_VS_CONN_F_DROUTE 0x0003 /* direct routing */ 78 #define IP_VS_CONN_F_BYPASS 0x0004 /* cache bypass */ 79 #define IP_VS_CONN_F_SYNC 0x0020 /* entry created by sync */ 80 #define IP_VS_CONN_F_HASHED 0x0040 /* hashed entry */ 81 #define IP_VS_CONN_F_NOOUTPUT 0x0080 /* no output packets */ 82 #define IP_VS_CONN_F_INACTIVE 0x0100 /* not established */ 83 #define IP_VS_CONN_F_OUT_SEQ 0x0200 /* must do output seq adjust */ 84 #define IP_VS_CONN_F_IN_SEQ 0x0400 /* must do input seq adjust */ 85 #define IP_VS_CONN_F_SEQ_MASK 0x0600 /* in/out sequence mask */ 86 #define IP_VS_CONN_F_NO_CPORT 0x0800 /* no client port set yet */ 87 #define IP_VS_CONN_F_TEMPLATE 0x1000 /* template, not connection */ 88 89 /* Move it to better place one day, for now keep it unique */ 90 #define NFC_IPVS_PROPERTY 0x10000 91 92 #define IP_VS_SCHEDNAME_MAXLEN 16 93 #define IP_VS_IFNAME_MAXLEN 16 94 95 96 /* 97 * The struct ip_vs_service_user and struct ip_vs_dest_user are 98 * used to set IPVS rules through setsockopt. 99 */ 100 struct ip_vs_service_user { 101 /* virtual service addresses */ 102 u_int16_t protocol; 103 u_int32_t addr; /* virtual ip address */ 104 u_int16_t port; 105 u_int32_t fwmark; /* firwall mark of service */ 106 107 /* virtual service options */ 108 char sched_name[IP_VS_SCHEDNAME_MAXLEN]; 109 unsigned flags; /* virtual service flags */ 110 unsigned timeout; /* persistent timeout in sec */ 111 u_int32_t netmask; /* persistent netmask */ 112 }; 113 114 115 struct ip_vs_dest_user { 116 /* destination server address */ 117 u_int32_t addr; 118 u_int16_t port; 119 120 /* real server options */ 121 unsigned conn_flags; /* connection flags */ 122 int weight; /* destination weight */ 123 124 /* thresholds for active connections */ 125 u_int32_t u_threshold; /* upper threshold */ 126 u_int32_t l_threshold; /* lower threshold */ 127 }; 128 129 130 /* 131 * IPVS statistics object (for user space) 132 */ 133 struct ip_vs_stats_user 134 { 135 __u32 conns; /* connections scheduled */ 136 __u32 inpkts; /* incoming packets */ 137 __u32 outpkts; /* outgoing packets */ 138 __u64 inbytes; /* incoming bytes */ 139 __u64 outbytes; /* outgoing bytes */ 140 141 __u32 cps; /* current connection rate */ 142 __u32 inpps; /* current in packet rate */ 143 __u32 outpps; /* current out packet rate */ 144 __u32 inbps; /* current in byte rate */ 145 __u32 outbps; /* current out byte rate */ 146 }; 147 148 149 /* The argument to IP_VS_SO_GET_INFO */ 150 struct ip_vs_getinfo { 151 /* version number */ 152 unsigned int version; 153 154 /* size of connection hash table */ 155 unsigned int size; 156 157 /* number of virtual services */ 158 unsigned int num_services; 159 }; 160 161 162 /* The argument to IP_VS_SO_GET_SERVICE */ 163 struct ip_vs_service_entry { 164 /* which service: user fills in these */ 165 u_int16_t protocol; 166 u_int32_t addr; /* virtual address */ 167 u_int16_t port; 168 u_int32_t fwmark; /* firwall mark of service */ 169 170 /* service options */ 171 char sched_name[IP_VS_SCHEDNAME_MAXLEN]; 172 unsigned flags; /* virtual service flags */ 173 unsigned timeout; /* persistent timeout */ 174 u_int32_t netmask; /* persistent netmask */ 175 176 /* number of real servers */ 177 unsigned int num_dests; 178 179 /* statistics */ 180 struct ip_vs_stats_user stats; 181 }; 182 183 184 struct ip_vs_dest_entry { 185 u_int32_t addr; /* destination address */ 186 u_int16_t port; 187 unsigned conn_flags; /* connection flags */ 188 int weight; /* destination weight */ 189 190 u_int32_t u_threshold; /* upper threshold */ 191 u_int32_t l_threshold; /* lower threshold */ 192 193 u_int32_t activeconns; /* active connections */ 194 u_int32_t inactconns; /* inactive connections */ 195 u_int32_t persistconns; /* persistent connections */ 196 197 /* statistics */ 198 struct ip_vs_stats_user stats; 199 }; 200 201 202 /* The argument to IP_VS_SO_GET_DESTS */ 203 struct ip_vs_get_dests { 204 /* which service: user fills in these */ 205 u_int16_t protocol; 206 u_int32_t addr; /* virtual address */ 207 u_int16_t port; 208 u_int32_t fwmark; /* firwall mark of service */ 209 210 /* number of real servers */ 211 unsigned int num_dests; 212 213 /* the real servers */ 214 struct ip_vs_dest_entry entrytable[0]; 215 }; 216 217 218 /* The argument to IP_VS_SO_GET_SERVICES */ 219 struct ip_vs_get_services { 220 /* number of virtual services */ 221 unsigned int num_services; 222 223 /* service table */ 224 struct ip_vs_service_entry entrytable[0]; 225 }; 226 227 228 /* The argument to IP_VS_SO_GET_TIMEOUT */ 229 struct ip_vs_timeout_user { 230 int tcp_timeout; 231 int tcp_fin_timeout; 232 int udp_timeout; 233 }; 234 235 236 /* The argument to IP_VS_SO_GET_DAEMON */ 237 struct ip_vs_daemon_user { 238 /* sync daemon state (master/backup) */ 239 int state; 240 241 /* multicast interface name */ 242 char mcast_ifn[IP_VS_IFNAME_MAXLEN]; 243 244 /* SyncID we belong to */ 245 int syncid; 246 }; 247 248 249 #ifdef __KERNEL__ 250 251 #include <linux/list.h> /* for struct list_head */ 252 #include <linux/spinlock.h> /* for struct rwlock_t */ 253 #include <asm/atomic.h> /* for struct atomic_t */ 254 #include <linux/compiler.h> 255 #include <linux/timer.h> 256 257 #include <net/checksum.h> 258 259 #ifdef CONFIG_IP_VS_DEBUG 260 #include <linux/net.h> 261 262 extern int ip_vs_get_debug_level(void); 263 #define IP_VS_DBG(level, msg...) \ 264 do { \ 265 if (level <= ip_vs_get_debug_level()) \ 266 printk(KERN_DEBUG "IPVS: " msg); \ 267 } while (0) 268 #define IP_VS_DBG_RL(msg...) \ 269 do { \ 270 if (net_ratelimit()) \ 271 printk(KERN_DEBUG "IPVS: " msg); \ 272 } while (0) 273 #define IP_VS_DBG_PKT(level, pp, skb, ofs, msg) \ 274 do { \ 275 if (level <= ip_vs_get_debug_level()) \ 276 pp->debug_packet(pp, skb, ofs, msg); \ 277 } while (0) 278 #define IP_VS_DBG_RL_PKT(level, pp, skb, ofs, msg) \ 279 do { \ 280 if (level <= ip_vs_get_debug_level() && \ 281 net_ratelimit()) \ 282 pp->debug_packet(pp, skb, ofs, msg); \ 283 } while (0) 284 #else /* NO DEBUGGING at ALL */ 285 #define IP_VS_DBG(level, msg...) do {} while (0) 286 #define IP_VS_DBG_RL(msg...) do {} while (0) 287 #define IP_VS_DBG_PKT(level, pp, skb, ofs, msg) do {} while (0) 288 #define IP_VS_DBG_RL_PKT(level, pp, skb, ofs, msg) do {} while (0) 289 #endif 290 291 #define IP_VS_BUG() BUG() 292 #define IP_VS_ERR(msg...) printk(KERN_ERR "IPVS: " msg) 293 #define IP_VS_INFO(msg...) printk(KERN_INFO "IPVS: " msg) 294 #define IP_VS_WARNING(msg...) \ 295 printk(KERN_WARNING "IPVS: " msg) 296 #define IP_VS_ERR_RL(msg...) \ 297 do { \ 298 if (net_ratelimit()) \ 299 printk(KERN_ERR "IPVS: " msg); \ 300 } while (0) 301 302 #ifdef CONFIG_IP_VS_DEBUG 303 #define EnterFunction(level) \ 304 do { \ 305 if (level <= ip_vs_get_debug_level()) \ 306 printk(KERN_DEBUG "Enter: %s, %s line %i\n", \ 307 __FUNCTION__, __FILE__, __LINE__); \ 308 } while (0) 309 #define LeaveFunction(level) \ 310 do { \ 311 if (level <= ip_vs_get_debug_level()) \ 312 printk(KERN_DEBUG "Leave: %s, %s line %i\n", \ 313 __FUNCTION__, __FILE__, __LINE__); \ 314 } while (0) 315 #else 316 #define EnterFunction(level) do {} while (0) 317 #define LeaveFunction(level) do {} while (0) 318 #endif 319 320 #define IP_VS_WAIT_WHILE(expr) while (expr) { cpu_relax(); } 321 322 323 /* 324 * The port number of FTP service (in network order). 325 */ 326 #define FTPPORT __constant_htons(21) 327 #define FTPDATA __constant_htons(20) 328 329 /* 330 * IPVS sysctl variables under the /proc/sys/net/ipv4/vs/ 331 */ 332 #define NET_IPV4_VS 21 333 334 enum { 335 NET_IPV4_VS_DEBUG_LEVEL=1, 336 NET_IPV4_VS_AMEMTHRESH=2, 337 NET_IPV4_VS_AMDROPRATE=3, 338 NET_IPV4_VS_DROP_ENTRY=4, 339 NET_IPV4_VS_DROP_PACKET=5, 340 NET_IPV4_VS_SECURE_TCP=6, 341 NET_IPV4_VS_TO_ES=7, 342 NET_IPV4_VS_TO_SS=8, 343 NET_IPV4_VS_TO_SR=9, 344 NET_IPV4_VS_TO_FW=10, 345 NET_IPV4_VS_TO_TW=11, 346 NET_IPV4_VS_TO_CL=12, 347 NET_IPV4_VS_TO_CW=13, 348 NET_IPV4_VS_TO_LA=14, 349 NET_IPV4_VS_TO_LI=15, 350 NET_IPV4_VS_TO_SA=16, 351 NET_IPV4_VS_TO_UDP=17, 352 NET_IPV4_VS_TO_ICMP=18, 353 NET_IPV4_VS_LBLC_EXPIRE=19, 354 NET_IPV4_VS_LBLCR_EXPIRE=20, 355 NET_IPV4_VS_CACHE_BYPASS=22, 356 NET_IPV4_VS_EXPIRE_NODEST_CONN=23, 357 NET_IPV4_VS_SYNC_THRESHOLD=24, 358 NET_IPV4_VS_NAT_ICMP_SEND=25, 359 NET_IPV4_VS_EXPIRE_QUIESCENT_TEMPLATE=26, 360 NET_IPV4_VS_LAST 361 }; 362 363 /* 364 * TCP State Values 365 */ 366 enum { 367 IP_VS_TCP_S_NONE = 0, 368 IP_VS_TCP_S_ESTABLISHED, 369 IP_VS_TCP_S_SYN_SENT, 370 IP_VS_TCP_S_SYN_RECV, 371 IP_VS_TCP_S_FIN_WAIT, 372 IP_VS_TCP_S_TIME_WAIT, 373 IP_VS_TCP_S_CLOSE, 374 IP_VS_TCP_S_CLOSE_WAIT, 375 IP_VS_TCP_S_LAST_ACK, 376 IP_VS_TCP_S_LISTEN, 377 IP_VS_TCP_S_SYNACK, 378 IP_VS_TCP_S_LAST 379 }; 380 381 /* 382 * UDP State Values 383 */ 384 enum { 385 IP_VS_UDP_S_NORMAL, 386 IP_VS_UDP_S_LAST, 387 }; 388 389 /* 390 * ICMP State Values 391 */ 392 enum { 393 IP_VS_ICMP_S_NORMAL, 394 IP_VS_ICMP_S_LAST, 395 }; 396 397 /* 398 * Delta sequence info structure 399 * Each ip_vs_conn has 2 (output AND input seq. changes). 400 * Only used in the VS/NAT. 401 */ 402 struct ip_vs_seq { 403 __u32 init_seq; /* Add delta from this seq */ 404 __u32 delta; /* Delta in sequence numbers */ 405 __u32 previous_delta; /* Delta in sequence numbers 406 before last resized pkt */ 407 }; 408 409 410 /* 411 * IPVS statistics object 412 */ 413 struct ip_vs_stats 414 { 415 __u32 conns; /* connections scheduled */ 416 __u32 inpkts; /* incoming packets */ 417 __u32 outpkts; /* outgoing packets */ 418 __u64 inbytes; /* incoming bytes */ 419 __u64 outbytes; /* outgoing bytes */ 420 421 __u32 cps; /* current connection rate */ 422 __u32 inpps; /* current in packet rate */ 423 __u32 outpps; /* current out packet rate */ 424 __u32 inbps; /* current in byte rate */ 425 __u32 outbps; /* current out byte rate */ 426 427 spinlock_t lock; /* spin lock */ 428 }; 429 430 struct dst_entry; 431 struct iphdr; 432 struct ip_vs_conn; 433 struct ip_vs_app; 434 struct sk_buff; 435 436 struct ip_vs_protocol { 437 struct ip_vs_protocol *next; 438 char *name; 439 __u16 protocol; 440 int dont_defrag; 441 atomic_t appcnt; /* counter of proto app incs */ 442 int *timeout_table; /* protocol timeout table */ 443 444 void (*init)(struct ip_vs_protocol *pp); 445 446 void (*exit)(struct ip_vs_protocol *pp); 447 448 int (*conn_schedule)(struct sk_buff *skb, 449 struct ip_vs_protocol *pp, 450 int *verdict, struct ip_vs_conn **cpp); 451 452 struct ip_vs_conn * 453 (*conn_in_get)(const struct sk_buff *skb, 454 struct ip_vs_protocol *pp, 455 const struct iphdr *iph, 456 unsigned int proto_off, 457 int inverse); 458 459 struct ip_vs_conn * 460 (*conn_out_get)(const struct sk_buff *skb, 461 struct ip_vs_protocol *pp, 462 const struct iphdr *iph, 463 unsigned int proto_off, 464 int inverse); 465 466 int (*snat_handler)(struct sk_buff **pskb, 467 struct ip_vs_protocol *pp, struct ip_vs_conn *cp); 468 469 int (*dnat_handler)(struct sk_buff **pskb, 470 struct ip_vs_protocol *pp, struct ip_vs_conn *cp); 471 472 int (*csum_check)(struct sk_buff *skb, struct ip_vs_protocol *pp); 473 474 const char *(*state_name)(int state); 475 476 int (*state_transition)(struct ip_vs_conn *cp, int direction, 477 const struct sk_buff *skb, 478 struct ip_vs_protocol *pp); 479 480 int (*register_app)(struct ip_vs_app *inc); 481 482 void (*unregister_app)(struct ip_vs_app *inc); 483 484 int (*app_conn_bind)(struct ip_vs_conn *cp); 485 486 void (*debug_packet)(struct ip_vs_protocol *pp, 487 const struct sk_buff *skb, 488 int offset, 489 const char *msg); 490 491 void (*timeout_change)(struct ip_vs_protocol *pp, int flags); 492 493 int (*set_state_timeout)(struct ip_vs_protocol *pp, char *sname, int to); 494 }; 495 496 extern struct ip_vs_protocol * ip_vs_proto_get(unsigned short proto); 497 498 /* 499 * IP_VS structure allocated for each dynamically scheduled connection 500 */ 501 struct ip_vs_conn { 502 struct list_head c_list; /* hashed list heads */ 503 504 /* Protocol, addresses and port numbers */ 505 __u32 caddr; /* client address */ 506 __u32 vaddr; /* virtual address */ 507 __u32 daddr; /* destination address */ 508 __u16 cport; 509 __u16 vport; 510 __u16 dport; 511 __u16 protocol; /* Which protocol (TCP/UDP) */ 512 513 /* counter and timer */ 514 atomic_t refcnt; /* reference count */ 515 struct timer_list timer; /* Expiration timer */ 516 volatile unsigned long timeout; /* timeout */ 517 518 /* Flags and state transition */ 519 spinlock_t lock; /* lock for state transition */ 520 volatile __u16 flags; /* status flags */ 521 volatile __u16 state; /* state info */ 522 523 /* Control members */ 524 struct ip_vs_conn *control; /* Master control connection */ 525 atomic_t n_control; /* Number of controlled ones */ 526 struct ip_vs_dest *dest; /* real server */ 527 atomic_t in_pkts; /* incoming packet counter */ 528 529 /* packet transmitter for different forwarding methods. If it 530 mangles the packet, it must return NF_DROP or better NF_STOLEN, 531 otherwise this must be changed to a sk_buff **. 532 */ 533 int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp, 534 struct ip_vs_protocol *pp); 535 536 /* Note: we can group the following members into a structure, 537 in order to save more space, and the following members are 538 only used in VS/NAT anyway */ 539 struct ip_vs_app *app; /* bound ip_vs_app object */ 540 void *app_data; /* Application private data */ 541 struct ip_vs_seq in_seq; /* incoming seq. struct */ 542 struct ip_vs_seq out_seq; /* outgoing seq. struct */ 543 }; 544 545 546 /* 547 * The information about the virtual service offered to the net 548 * and the forwarding entries 549 */ 550 struct ip_vs_service { 551 struct list_head s_list; /* for normal service table */ 552 struct list_head f_list; /* for fwmark-based service table */ 553 atomic_t refcnt; /* reference counter */ 554 atomic_t usecnt; /* use counter */ 555 556 __u16 protocol; /* which protocol (TCP/UDP) */ 557 __u32 addr; /* IP address for virtual service */ 558 __u16 port; /* port number for the service */ 559 __u32 fwmark; /* firewall mark of the service */ 560 unsigned flags; /* service status flags */ 561 unsigned timeout; /* persistent timeout in ticks */ 562 __u32 netmask; /* grouping granularity */ 563 564 struct list_head destinations; /* real server d-linked list */ 565 __u32 num_dests; /* number of servers */ 566 struct ip_vs_stats stats; /* statistics for the service */ 567 struct ip_vs_app *inc; /* bind conns to this app inc */ 568 569 /* for scheduling */ 570 struct ip_vs_scheduler *scheduler; /* bound scheduler object */ 571 rwlock_t sched_lock; /* lock sched_data */ 572 void *sched_data; /* scheduler application data */ 573 }; 574 575 576 /* 577 * The real server destination forwarding entry 578 * with ip address, port number, and so on. 579 */ 580 struct ip_vs_dest { 581 struct list_head n_list; /* for the dests in the service */ 582 struct list_head d_list; /* for table with all the dests */ 583 584 __u32 addr; /* IP address of the server */ 585 __u16 port; /* port number of the server */ 586 volatile unsigned flags; /* dest status flags */ 587 atomic_t conn_flags; /* flags to copy to conn */ 588 atomic_t weight; /* server weight */ 589 590 atomic_t refcnt; /* reference counter */ 591 struct ip_vs_stats stats; /* statistics */ 592 593 /* connection counters and thresholds */ 594 atomic_t activeconns; /* active connections */ 595 atomic_t inactconns; /* inactive connections */ 596 atomic_t persistconns; /* persistent connections */ 597 __u32 u_threshold; /* upper threshold */ 598 __u32 l_threshold; /* lower threshold */ 599 600 /* for destination cache */ 601 spinlock_t dst_lock; /* lock of dst_cache */ 602 struct dst_entry *dst_cache; /* destination cache entry */ 603 u32 dst_rtos; /* RT_TOS(tos) for dst */ 604 605 /* for virtual service */ 606 struct ip_vs_service *svc; /* service it belongs to */ 607 __u16 protocol; /* which protocol (TCP/UDP) */ 608 __u32 vaddr; /* virtual IP address */ 609 __u16 vport; /* virtual port number */ 610 __u32 vfwmark; /* firewall mark of service */ 611 }; 612 613 614 /* 615 * The scheduler object 616 */ 617 struct ip_vs_scheduler { 618 struct list_head n_list; /* d-linked list head */ 619 char *name; /* scheduler name */ 620 atomic_t refcnt; /* reference counter */ 621 struct module *module; /* THIS_MODULE/NULL */ 622 623 /* scheduler initializing service */ 624 int (*init_service)(struct ip_vs_service *svc); 625 /* scheduling service finish */ 626 int (*done_service)(struct ip_vs_service *svc); 627 /* scheduler updating service */ 628 int (*update_service)(struct ip_vs_service *svc); 629 630 /* selecting a server from the given service */ 631 struct ip_vs_dest* (*schedule)(struct ip_vs_service *svc, 632 const struct sk_buff *skb); 633 }; 634 635 636 /* 637 * The application module object (a.k.a. app incarnation) 638 */ 639 struct ip_vs_app 640 { 641 struct list_head a_list; /* member in app list */ 642 int type; /* IP_VS_APP_TYPE_xxx */ 643 char *name; /* application module name */ 644 __u16 protocol; 645 struct module *module; /* THIS_MODULE/NULL */ 646 struct list_head incs_list; /* list of incarnations */ 647 648 /* members for application incarnations */ 649 struct list_head p_list; /* member in proto app list */ 650 struct ip_vs_app *app; /* its real application */ 651 __u16 port; /* port number in net order */ 652 atomic_t usecnt; /* usage counter */ 653 654 /* output hook: return false if can't linearize. diff set for TCP. */ 655 int (*pkt_out)(struct ip_vs_app *, struct ip_vs_conn *, 656 struct sk_buff **, int *diff); 657 658 /* input hook: return false if can't linearize. diff set for TCP. */ 659 int (*pkt_in)(struct ip_vs_app *, struct ip_vs_conn *, 660 struct sk_buff **, int *diff); 661 662 /* ip_vs_app initializer */ 663 int (*init_conn)(struct ip_vs_app *, struct ip_vs_conn *); 664 665 /* ip_vs_app finish */ 666 int (*done_conn)(struct ip_vs_app *, struct ip_vs_conn *); 667 668 669 /* not used now */ 670 int (*bind_conn)(struct ip_vs_app *, struct ip_vs_conn *, 671 struct ip_vs_protocol *); 672 673 void (*unbind_conn)(struct ip_vs_app *, struct ip_vs_conn *); 674 675 int * timeout_table; 676 int * timeouts; 677 int timeouts_size; 678 679 int (*conn_schedule)(struct sk_buff *skb, struct ip_vs_app *app, 680 int *verdict, struct ip_vs_conn **cpp); 681 682 struct ip_vs_conn * 683 (*conn_in_get)(const struct sk_buff *skb, struct ip_vs_app *app, 684 const struct iphdr *iph, unsigned int proto_off, 685 int inverse); 686 687 struct ip_vs_conn * 688 (*conn_out_get)(const struct sk_buff *skb, struct ip_vs_app *app, 689 const struct iphdr *iph, unsigned int proto_off, 690 int inverse); 691 692 int (*state_transition)(struct ip_vs_conn *cp, int direction, 693 const struct sk_buff *skb, 694 struct ip_vs_app *app); 695 696 void (*timeout_change)(struct ip_vs_app *app, int flags); 697 }; 698 699 700 /* 701 * IPVS core functions 702 * (from ip_vs_core.c) 703 */ 704 extern const char *ip_vs_proto_name(unsigned proto); 705 extern void ip_vs_init_hash_table(struct list_head *table, int rows); 706 #define IP_VS_INIT_HASH_TABLE(t) ip_vs_init_hash_table(t, sizeof(t)/sizeof(t[0])) 707 708 #define IP_VS_APP_TYPE_UNSPEC 0 709 #define IP_VS_APP_TYPE_FTP 1 710 711 /* 712 * ip_vs_conn handling functions 713 * (from ip_vs_conn.c) 714 */ 715 716 /* 717 * IPVS connection entry hash table 718 */ 719 #ifndef CONFIG_IP_VS_TAB_BITS 720 #define CONFIG_IP_VS_TAB_BITS 12 721 #endif 722 /* make sure that IP_VS_CONN_TAB_BITS is located in [8, 20] */ 723 #if CONFIG_IP_VS_TAB_BITS < 8 724 #define IP_VS_CONN_TAB_BITS 8 725 #endif 726 #if CONFIG_IP_VS_TAB_BITS > 20 727 #define IP_VS_CONN_TAB_BITS 20 728 #endif 729 #if 8 <= CONFIG_IP_VS_TAB_BITS && CONFIG_IP_VS_TAB_BITS <= 20 730 #define IP_VS_CONN_TAB_BITS CONFIG_IP_VS_TAB_BITS 731 #endif 732 #define IP_VS_CONN_TAB_SIZE (1 << IP_VS_CONN_TAB_BITS) 733 #define IP_VS_CONN_TAB_MASK (IP_VS_CONN_TAB_SIZE - 1) 734 735 enum { 736 IP_VS_DIR_INPUT = 0, 737 IP_VS_DIR_OUTPUT, 738 IP_VS_DIR_INPUT_ONLY, 739 IP_VS_DIR_LAST, 740 }; 741 742 extern struct ip_vs_conn *ip_vs_conn_in_get 743 (int protocol, __u32 s_addr, __u16 s_port, __u32 d_addr, __u16 d_port); 744 extern struct ip_vs_conn *ip_vs_ct_in_get 745 (int protocol, __u32 s_addr, __u16 s_port, __u32 d_addr, __u16 d_port); 746 extern struct ip_vs_conn *ip_vs_conn_out_get 747 (int protocol, __u32 s_addr, __u16 s_port, __u32 d_addr, __u16 d_port); 748 749 /* put back the conn without restarting its timer */ 750 static inline void __ip_vs_conn_put(struct ip_vs_conn *cp) 751 { 752 atomic_dec(&cp->refcnt); 753 } 754 extern void ip_vs_conn_put(struct ip_vs_conn *cp); 755 extern void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __u16 cport); 756 757 extern struct ip_vs_conn * 758 ip_vs_conn_new(int proto, __u32 caddr, __u16 cport, __u32 vaddr, __u16 vport, 759 __u32 daddr, __u16 dport, unsigned flags, 760 struct ip_vs_dest *dest); 761 extern void ip_vs_conn_expire_now(struct ip_vs_conn *cp); 762 763 extern const char * ip_vs_state_name(__u16 proto, int state); 764 765 extern void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp); 766 extern int ip_vs_check_template(struct ip_vs_conn *ct); 767 extern void ip_vs_secure_tcp_set(int on); 768 extern void ip_vs_random_dropentry(void); 769 extern int ip_vs_conn_init(void); 770 extern void ip_vs_conn_cleanup(void); 771 772 static inline void ip_vs_control_del(struct ip_vs_conn *cp) 773 { 774 struct ip_vs_conn *ctl_cp = cp->control; 775 if (!ctl_cp) { 776 IP_VS_ERR("request control DEL for uncontrolled: " 777 "%d.%d.%d.%d:%d to %d.%d.%d.%d:%d\n", 778 NIPQUAD(cp->caddr),ntohs(cp->cport), 779 NIPQUAD(cp->vaddr),ntohs(cp->vport)); 780 return; 781 } 782 783 IP_VS_DBG(7, "DELeting control for: " 784 "cp.dst=%d.%d.%d.%d:%d ctl_cp.dst=%d.%d.%d.%d:%d\n", 785 NIPQUAD(cp->caddr),ntohs(cp->cport), 786 NIPQUAD(ctl_cp->caddr),ntohs(ctl_cp->cport)); 787 788 cp->control = NULL; 789 if (atomic_read(&ctl_cp->n_control) == 0) { 790 IP_VS_ERR("BUG control DEL with n=0 : " 791 "%d.%d.%d.%d:%d to %d.%d.%d.%d:%d\n", 792 NIPQUAD(cp->caddr),ntohs(cp->cport), 793 NIPQUAD(cp->vaddr),ntohs(cp->vport)); 794 return; 795 } 796 atomic_dec(&ctl_cp->n_control); 797 } 798 799 static inline void 800 ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp) 801 { 802 if (cp->control) { 803 IP_VS_ERR("request control ADD for already controlled: " 804 "%d.%d.%d.%d:%d to %d.%d.%d.%d:%d\n", 805 NIPQUAD(cp->caddr),ntohs(cp->cport), 806 NIPQUAD(cp->vaddr),ntohs(cp->vport)); 807 ip_vs_control_del(cp); 808 } 809 810 IP_VS_DBG(7, "ADDing control for: " 811 "cp.dst=%d.%d.%d.%d:%d ctl_cp.dst=%d.%d.%d.%d:%d\n", 812 NIPQUAD(cp->caddr),ntohs(cp->cport), 813 NIPQUAD(ctl_cp->caddr),ntohs(ctl_cp->cport)); 814 815 cp->control = ctl_cp; 816 atomic_inc(&ctl_cp->n_control); 817 } 818 819 820 /* 821 * IPVS application functions 822 * (from ip_vs_app.c) 823 */ 824 #define IP_VS_APP_MAX_PORTS 8 825 extern int register_ip_vs_app(struct ip_vs_app *app); 826 extern void unregister_ip_vs_app(struct ip_vs_app *app); 827 extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 828 extern void ip_vs_unbind_app(struct ip_vs_conn *cp); 829 extern int 830 register_ip_vs_app_inc(struct ip_vs_app *app, __u16 proto, __u16 port); 831 extern int ip_vs_app_inc_get(struct ip_vs_app *inc); 832 extern void ip_vs_app_inc_put(struct ip_vs_app *inc); 833 834 extern int ip_vs_app_pkt_out(struct ip_vs_conn *, struct sk_buff **pskb); 835 extern int ip_vs_app_pkt_in(struct ip_vs_conn *, struct sk_buff **pskb); 836 extern int ip_vs_skb_replace(struct sk_buff *skb, gfp_t pri, 837 char *o_buf, int o_len, char *n_buf, int n_len); 838 extern int ip_vs_app_init(void); 839 extern void ip_vs_app_cleanup(void); 840 841 842 /* 843 * IPVS protocol functions (from ip_vs_proto.c) 844 */ 845 extern int ip_vs_protocol_init(void); 846 extern void ip_vs_protocol_cleanup(void); 847 extern void ip_vs_protocol_timeout_change(int flags); 848 extern int *ip_vs_create_timeout_table(int *table, int size); 849 extern int 850 ip_vs_set_state_timeout(int *table, int num, char **names, char *name, int to); 851 extern void 852 ip_vs_tcpudp_debug_packet(struct ip_vs_protocol *pp, const struct sk_buff *skb, 853 int offset, const char *msg); 854 855 extern struct ip_vs_protocol ip_vs_protocol_tcp; 856 extern struct ip_vs_protocol ip_vs_protocol_udp; 857 extern struct ip_vs_protocol ip_vs_protocol_icmp; 858 extern struct ip_vs_protocol ip_vs_protocol_esp; 859 extern struct ip_vs_protocol ip_vs_protocol_ah; 860 861 862 /* 863 * Registering/unregistering scheduler functions 864 * (from ip_vs_sched.c) 865 */ 866 extern int register_ip_vs_scheduler(struct ip_vs_scheduler *scheduler); 867 extern int unregister_ip_vs_scheduler(struct ip_vs_scheduler *scheduler); 868 extern int ip_vs_bind_scheduler(struct ip_vs_service *svc, 869 struct ip_vs_scheduler *scheduler); 870 extern int ip_vs_unbind_scheduler(struct ip_vs_service *svc); 871 extern struct ip_vs_scheduler *ip_vs_scheduler_get(const char *sched_name); 872 extern void ip_vs_scheduler_put(struct ip_vs_scheduler *scheduler); 873 extern struct ip_vs_conn * 874 ip_vs_schedule(struct ip_vs_service *svc, const struct sk_buff *skb); 875 extern int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, 876 struct ip_vs_protocol *pp); 877 878 879 /* 880 * IPVS control data and functions (from ip_vs_ctl.c) 881 */ 882 extern int sysctl_ip_vs_cache_bypass; 883 extern int sysctl_ip_vs_expire_nodest_conn; 884 extern int sysctl_ip_vs_expire_quiescent_template; 885 extern int sysctl_ip_vs_sync_threshold[2]; 886 extern int sysctl_ip_vs_nat_icmp_send; 887 extern struct ip_vs_stats ip_vs_stats; 888 889 extern struct ip_vs_service * 890 ip_vs_service_get(__u32 fwmark, __u16 protocol, __u32 vaddr, __u16 vport); 891 892 static inline void ip_vs_service_put(struct ip_vs_service *svc) 893 { 894 atomic_dec(&svc->usecnt); 895 } 896 897 extern struct ip_vs_dest * 898 ip_vs_lookup_real_service(__u16 protocol, __u32 daddr, __u16 dport); 899 extern int ip_vs_use_count_inc(void); 900 extern void ip_vs_use_count_dec(void); 901 extern int ip_vs_control_init(void); 902 extern void ip_vs_control_cleanup(void); 903 904 905 /* 906 * IPVS sync daemon data and function prototypes 907 * (from ip_vs_sync.c) 908 */ 909 extern volatile int ip_vs_sync_state; 910 extern volatile int ip_vs_master_syncid; 911 extern volatile int ip_vs_backup_syncid; 912 extern char ip_vs_master_mcast_ifn[IP_VS_IFNAME_MAXLEN]; 913 extern char ip_vs_backup_mcast_ifn[IP_VS_IFNAME_MAXLEN]; 914 extern int start_sync_thread(int state, char *mcast_ifn, __u8 syncid); 915 extern int stop_sync_thread(int state); 916 extern void ip_vs_sync_conn(struct ip_vs_conn *cp); 917 918 919 /* 920 * IPVS rate estimator prototypes (from ip_vs_est.c) 921 */ 922 extern int ip_vs_new_estimator(struct ip_vs_stats *stats); 923 extern void ip_vs_kill_estimator(struct ip_vs_stats *stats); 924 extern void ip_vs_zero_estimator(struct ip_vs_stats *stats); 925 926 /* 927 * Various IPVS packet transmitters (from ip_vs_xmit.c) 928 */ 929 extern int ip_vs_null_xmit 930 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 931 extern int ip_vs_bypass_xmit 932 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 933 extern int ip_vs_nat_xmit 934 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 935 extern int ip_vs_tunnel_xmit 936 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 937 extern int ip_vs_dr_xmit 938 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp); 939 extern int ip_vs_icmp_xmit 940 (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp, int offset); 941 extern void ip_vs_dst_reset(struct ip_vs_dest *dest); 942 943 944 /* 945 * This is a simple mechanism to ignore packets when 946 * we are loaded. Just set ip_vs_drop_rate to 'n' and 947 * we start to drop 1/rate of the packets 948 */ 949 extern int ip_vs_drop_rate; 950 extern int ip_vs_drop_counter; 951 952 static __inline__ int ip_vs_todrop(void) 953 { 954 if (!ip_vs_drop_rate) return 0; 955 if (--ip_vs_drop_counter > 0) return 0; 956 ip_vs_drop_counter = ip_vs_drop_rate; 957 return 1; 958 } 959 960 /* 961 * ip_vs_fwd_tag returns the forwarding tag of the connection 962 */ 963 #define IP_VS_FWD_METHOD(cp) (cp->flags & IP_VS_CONN_F_FWD_MASK) 964 965 static inline char ip_vs_fwd_tag(struct ip_vs_conn *cp) 966 { 967 char fwd; 968 969 switch (IP_VS_FWD_METHOD(cp)) { 970 case IP_VS_CONN_F_MASQ: 971 fwd = 'M'; break; 972 case IP_VS_CONN_F_LOCALNODE: 973 fwd = 'L'; break; 974 case IP_VS_CONN_F_TUNNEL: 975 fwd = 'T'; break; 976 case IP_VS_CONN_F_DROUTE: 977 fwd = 'R'; break; 978 case IP_VS_CONN_F_BYPASS: 979 fwd = 'B'; break; 980 default: 981 fwd = '?'; break; 982 } 983 return fwd; 984 } 985 986 extern int ip_vs_make_skb_writable(struct sk_buff **pskb, int len); 987 extern void ip_vs_nat_icmp(struct sk_buff *skb, struct ip_vs_protocol *pp, 988 struct ip_vs_conn *cp, int dir); 989 990 extern u16 ip_vs_checksum_complete(struct sk_buff *skb, int offset); 991 992 static inline u16 ip_vs_check_diff(u32 old, u32 new, u16 oldsum) 993 { 994 u32 diff[2] = { old, new }; 995 996 return csum_fold(csum_partial((char *) diff, sizeof(diff), 997 oldsum ^ 0xFFFF)); 998 } 999 1000 #endif /* __KERNEL__ */ 1001 1002 #endif /* _IP_VS_H */ 1003