2 * ip_vs_proto_udp.c: UDP load balancing support for IPVS
4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
5 * Julian Anastasov <ja@ssi.bg>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
16 #define KMSG_COMPONENT "IPVS"
17 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
21 #include <linux/kernel.h>
22 #include <linux/netfilter.h>
23 #include <linux/netfilter_ipv4.h>
24 #include <linux/udp.h>
26 #include <net/ip_vs.h>
28 #include <net/ip6_checksum.h>
30 static struct ip_vs_conn
*
31 udp_conn_in_get(int af
, const struct sk_buff
*skb
, struct ip_vs_protocol
*pp
,
32 const struct ip_vs_iphdr
*iph
, unsigned int proto_off
,
35 struct ip_vs_conn
*cp
;
36 __be16 _ports
[2], *pptr
;
38 pptr
= skb_header_pointer(skb
, proto_off
, sizeof(_ports
), _ports
);
42 if (likely(!inverse
)) {
43 cp
= ip_vs_conn_in_get(af
, iph
->protocol
,
45 &iph
->daddr
, pptr
[1]);
47 cp
= ip_vs_conn_in_get(af
, iph
->protocol
,
49 &iph
->saddr
, pptr
[0]);
56 static struct ip_vs_conn
*
57 udp_conn_out_get(int af
, const struct sk_buff
*skb
, struct ip_vs_protocol
*pp
,
58 const struct ip_vs_iphdr
*iph
, unsigned int proto_off
,
61 struct ip_vs_conn
*cp
;
62 __be16 _ports
[2], *pptr
;
64 pptr
= skb_header_pointer(skb
, proto_off
, sizeof(_ports
), _ports
);
68 if (likely(!inverse
)) {
69 cp
= ip_vs_conn_out_get(af
, iph
->protocol
,
71 &iph
->daddr
, pptr
[1]);
73 cp
= ip_vs_conn_out_get(af
, iph
->protocol
,
75 &iph
->saddr
, pptr
[0]);
83 udp_conn_schedule(int af
, struct sk_buff
*skb
, struct ip_vs_protocol
*pp
,
84 int *verdict
, struct ip_vs_conn
**cpp
)
86 struct ip_vs_service
*svc
;
87 struct udphdr _udph
, *uh
;
88 struct ip_vs_iphdr iph
;
90 ip_vs_fill_iphdr(af
, skb_network_header(skb
), &iph
);
92 uh
= skb_header_pointer(skb
, iph
.len
, sizeof(_udph
), &_udph
);
98 svc
= ip_vs_service_get(af
, skb
->mark
, iph
.protocol
,
99 &iph
.daddr
, uh
->dest
);
101 if (ip_vs_todrop()) {
103 * It seems that we are very loaded.
104 * We have to drop this packet :(
106 ip_vs_service_put(svc
);
112 * Let the virtual server select a real server for the
113 * incoming connection, and create a connection entry.
115 *cpp
= ip_vs_schedule(svc
, skb
);
117 *verdict
= ip_vs_leave(svc
, skb
, pp
);
120 ip_vs_service_put(svc
);
127 udp_fast_csum_update(int af
, struct udphdr
*uhdr
,
128 const union nf_inet_addr
*oldip
,
129 const union nf_inet_addr
*newip
,
130 __be16 oldport
, __be16 newport
)
132 #ifdef CONFIG_IP_VS_IPV6
135 csum_fold(ip_vs_check_diff16(oldip
->ip6
, newip
->ip6
,
136 ip_vs_check_diff2(oldport
, newport
,
137 ~csum_unfold(uhdr
->check
))));
141 csum_fold(ip_vs_check_diff4(oldip
->ip
, newip
->ip
,
142 ip_vs_check_diff2(oldport
, newport
,
143 ~csum_unfold(uhdr
->check
))));
145 uhdr
->check
= CSUM_MANGLED_0
;
149 udp_partial_csum_update(int af
, struct udphdr
*uhdr
,
150 const union nf_inet_addr
*oldip
,
151 const union nf_inet_addr
*newip
,
152 __be16 oldlen
, __be16 newlen
)
154 #ifdef CONFIG_IP_VS_IPV6
157 csum_fold(ip_vs_check_diff16(oldip
->ip6
, newip
->ip6
,
158 ip_vs_check_diff2(oldlen
, newlen
,
159 ~csum_unfold(uhdr
->check
))));
163 csum_fold(ip_vs_check_diff4(oldip
->ip
, newip
->ip
,
164 ip_vs_check_diff2(oldlen
, newlen
,
165 ~csum_unfold(uhdr
->check
))));
170 udp_snat_handler(struct sk_buff
*skb
,
171 struct ip_vs_protocol
*pp
, struct ip_vs_conn
*cp
)
174 unsigned int udphoff
;
177 #ifdef CONFIG_IP_VS_IPV6
178 if (cp
->af
== AF_INET6
)
179 udphoff
= sizeof(struct ipv6hdr
);
182 udphoff
= ip_hdrlen(skb
);
183 oldlen
= skb
->len
- udphoff
;
185 /* csum_check requires unshared skb */
186 if (!skb_make_writable(skb
, udphoff
+sizeof(*udph
)))
189 if (unlikely(cp
->app
!= NULL
)) {
190 /* Some checks before mangling */
191 if (pp
->csum_check
&& !pp
->csum_check(cp
->af
, skb
, pp
))
195 * Call application helper if needed
197 if (!ip_vs_app_pkt_out(cp
, skb
))
201 udph
= (void *)skb_network_header(skb
) + udphoff
;
202 udph
->source
= cp
->vport
;
205 * Adjust UDP checksums
207 if (skb
->ip_summed
== CHECKSUM_PARTIAL
) {
208 udp_partial_csum_update(cp
->af
, udph
, &cp
->daddr
, &cp
->vaddr
,
210 htons(skb
->len
- udphoff
));
211 } else if (!cp
->app
&& (udph
->check
!= 0)) {
212 /* Only port and addr are changed, do fast csum update */
213 udp_fast_csum_update(cp
->af
, udph
, &cp
->daddr
, &cp
->vaddr
,
214 cp
->dport
, cp
->vport
);
215 if (skb
->ip_summed
== CHECKSUM_COMPLETE
)
216 skb
->ip_summed
= CHECKSUM_NONE
;
218 /* full checksum calculation */
220 skb
->csum
= skb_checksum(skb
, udphoff
, skb
->len
- udphoff
, 0);
221 #ifdef CONFIG_IP_VS_IPV6
222 if (cp
->af
== AF_INET6
)
223 udph
->check
= csum_ipv6_magic(&cp
->vaddr
.in6
,
226 cp
->protocol
, skb
->csum
);
229 udph
->check
= csum_tcpudp_magic(cp
->vaddr
.ip
,
234 if (udph
->check
== 0)
235 udph
->check
= CSUM_MANGLED_0
;
236 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
237 pp
->name
, udph
->check
,
238 (char*)&(udph
->check
) - (char*)udph
);
245 udp_dnat_handler(struct sk_buff
*skb
,
246 struct ip_vs_protocol
*pp
, struct ip_vs_conn
*cp
)
249 unsigned int udphoff
;
252 #ifdef CONFIG_IP_VS_IPV6
253 if (cp
->af
== AF_INET6
)
254 udphoff
= sizeof(struct ipv6hdr
);
257 udphoff
= ip_hdrlen(skb
);
258 oldlen
= skb
->len
- udphoff
;
260 /* csum_check requires unshared skb */
261 if (!skb_make_writable(skb
, udphoff
+sizeof(*udph
)))
264 if (unlikely(cp
->app
!= NULL
)) {
265 /* Some checks before mangling */
266 if (pp
->csum_check
&& !pp
->csum_check(cp
->af
, skb
, pp
))
270 * Attempt ip_vs_app call.
271 * It will fix ip_vs_conn
273 if (!ip_vs_app_pkt_in(cp
, skb
))
277 udph
= (void *)skb_network_header(skb
) + udphoff
;
278 udph
->dest
= cp
->dport
;
281 * Adjust UDP checksums
283 if (skb
->ip_summed
== CHECKSUM_PARTIAL
) {
284 udp_partial_csum_update(cp
->af
, udph
, &cp
->daddr
, &cp
->vaddr
,
286 htons(skb
->len
- udphoff
));
287 } else if (!cp
->app
&& (udph
->check
!= 0)) {
288 /* Only port and addr are changed, do fast csum update */
289 udp_fast_csum_update(cp
->af
, udph
, &cp
->vaddr
, &cp
->daddr
,
290 cp
->vport
, cp
->dport
);
291 if (skb
->ip_summed
== CHECKSUM_COMPLETE
)
292 skb
->ip_summed
= CHECKSUM_NONE
;
294 /* full checksum calculation */
296 skb
->csum
= skb_checksum(skb
, udphoff
, skb
->len
- udphoff
, 0);
297 #ifdef CONFIG_IP_VS_IPV6
298 if (cp
->af
== AF_INET6
)
299 udph
->check
= csum_ipv6_magic(&cp
->caddr
.in6
,
302 cp
->protocol
, skb
->csum
);
305 udph
->check
= csum_tcpudp_magic(cp
->caddr
.ip
,
310 if (udph
->check
== 0)
311 udph
->check
= CSUM_MANGLED_0
;
312 skb
->ip_summed
= CHECKSUM_UNNECESSARY
;
319 udp_csum_check(int af
, struct sk_buff
*skb
, struct ip_vs_protocol
*pp
)
321 struct udphdr _udph
, *uh
;
322 unsigned int udphoff
;
324 #ifdef CONFIG_IP_VS_IPV6
326 udphoff
= sizeof(struct ipv6hdr
);
329 udphoff
= ip_hdrlen(skb
);
331 uh
= skb_header_pointer(skb
, udphoff
, sizeof(_udph
), &_udph
);
335 if (uh
->check
!= 0) {
336 switch (skb
->ip_summed
) {
338 skb
->csum
= skb_checksum(skb
, udphoff
,
339 skb
->len
- udphoff
, 0);
340 case CHECKSUM_COMPLETE
:
341 #ifdef CONFIG_IP_VS_IPV6
342 if (af
== AF_INET6
) {
343 if (csum_ipv6_magic(&ipv6_hdr(skb
)->saddr
,
344 &ipv6_hdr(skb
)->daddr
,
346 ipv6_hdr(skb
)->nexthdr
,
348 IP_VS_DBG_RL_PKT(0, pp
, skb
, 0,
349 "Failed checksum for");
354 if (csum_tcpudp_magic(ip_hdr(skb
)->saddr
,
357 ip_hdr(skb
)->protocol
,
359 IP_VS_DBG_RL_PKT(0, pp
, skb
, 0,
360 "Failed checksum for");
365 /* No need to checksum. */
374 * Note: the caller guarantees that only one of register_app,
375 * unregister_app or app_conn_bind is called each time.
378 #define UDP_APP_TAB_BITS 4
379 #define UDP_APP_TAB_SIZE (1 << UDP_APP_TAB_BITS)
380 #define UDP_APP_TAB_MASK (UDP_APP_TAB_SIZE - 1)
382 static struct list_head udp_apps
[UDP_APP_TAB_SIZE
];
383 static DEFINE_SPINLOCK(udp_app_lock
);
385 static inline __u16
udp_app_hashkey(__be16 port
)
387 return (((__force u16
)port
>> UDP_APP_TAB_BITS
) ^ (__force u16
)port
)
392 static int udp_register_app(struct ip_vs_app
*inc
)
396 __be16 port
= inc
->port
;
399 hash
= udp_app_hashkey(port
);
402 spin_lock_bh(&udp_app_lock
);
403 list_for_each_entry(i
, &udp_apps
[hash
], p_list
) {
404 if (i
->port
== port
) {
409 list_add(&inc
->p_list
, &udp_apps
[hash
]);
410 atomic_inc(&ip_vs_protocol_udp
.appcnt
);
413 spin_unlock_bh(&udp_app_lock
);
419 udp_unregister_app(struct ip_vs_app
*inc
)
421 spin_lock_bh(&udp_app_lock
);
422 atomic_dec(&ip_vs_protocol_udp
.appcnt
);
423 list_del(&inc
->p_list
);
424 spin_unlock_bh(&udp_app_lock
);
428 static int udp_app_conn_bind(struct ip_vs_conn
*cp
)
431 struct ip_vs_app
*inc
;
434 /* Default binding: bind app only for NAT */
435 if (IP_VS_FWD_METHOD(cp
) != IP_VS_CONN_F_MASQ
)
438 /* Lookup application incarnations and bind the right one */
439 hash
= udp_app_hashkey(cp
->vport
);
441 spin_lock(&udp_app_lock
);
442 list_for_each_entry(inc
, &udp_apps
[hash
], p_list
) {
443 if (inc
->port
== cp
->vport
) {
444 if (unlikely(!ip_vs_app_inc_get(inc
)))
446 spin_unlock(&udp_app_lock
);
448 IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->"
449 "%s:%u to app %s on port %u\n",
451 IP_VS_DBG_ADDR(cp
->af
, &cp
->caddr
),
453 IP_VS_DBG_ADDR(cp
->af
, &cp
->vaddr
),
455 inc
->name
, ntohs(inc
->port
));
459 result
= inc
->init_conn(inc
, cp
);
463 spin_unlock(&udp_app_lock
);
470 static int udp_timeouts
[IP_VS_UDP_S_LAST
+1] = {
471 [IP_VS_UDP_S_NORMAL
] = 5*60*HZ
,
472 [IP_VS_UDP_S_LAST
] = 2*HZ
,
475 static const char *const udp_state_name_table
[IP_VS_UDP_S_LAST
+1] = {
476 [IP_VS_UDP_S_NORMAL
] = "UDP",
477 [IP_VS_UDP_S_LAST
] = "BUG!",
482 udp_set_state_timeout(struct ip_vs_protocol
*pp
, char *sname
, int to
)
484 return ip_vs_set_state_timeout(pp
->timeout_table
, IP_VS_UDP_S_LAST
,
485 udp_state_name_table
, sname
, to
);
488 static const char * udp_state_name(int state
)
490 if (state
>= IP_VS_UDP_S_LAST
)
492 return udp_state_name_table
[state
] ? udp_state_name_table
[state
] : "?";
496 udp_state_transition(struct ip_vs_conn
*cp
, int direction
,
497 const struct sk_buff
*skb
,
498 struct ip_vs_protocol
*pp
)
500 cp
->timeout
= pp
->timeout_table
[IP_VS_UDP_S_NORMAL
];
504 static void udp_init(struct ip_vs_protocol
*pp
)
506 IP_VS_INIT_HASH_TABLE(udp_apps
);
507 pp
->timeout_table
= udp_timeouts
;
510 static void udp_exit(struct ip_vs_protocol
*pp
)
515 struct ip_vs_protocol ip_vs_protocol_udp
= {
517 .protocol
= IPPROTO_UDP
,
518 .num_states
= IP_VS_UDP_S_LAST
,
522 .conn_schedule
= udp_conn_schedule
,
523 .conn_in_get
= udp_conn_in_get
,
524 .conn_out_get
= udp_conn_out_get
,
525 .snat_handler
= udp_snat_handler
,
526 .dnat_handler
= udp_dnat_handler
,
527 .csum_check
= udp_csum_check
,
528 .state_transition
= udp_state_transition
,
529 .state_name
= udp_state_name
,
530 .register_app
= udp_register_app
,
531 .unregister_app
= udp_unregister_app
,
532 .app_conn_bind
= udp_app_conn_bind
,
533 .debug_packet
= ip_vs_tcpudp_debug_packet
,
534 .timeout_change
= NULL
,
535 .set_state_timeout
= udp_set_state_timeout
,