2 * ip_vs_proto_udp.c: UDP load balancing support for IPVS
4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
5 * Julian Anastasov <ja@ssi.bg>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
16 #define KMSG_COMPONENT "IPVS"
17 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
21 #include <linux/kernel.h>
22 #include <linux/netfilter.h>
23 #include <linux/netfilter_ipv4.h>
24 #include <linux/udp.h>
26 #include <net/ip_vs.h>
28 #include <net/ip6_checksum.h>
31 udp_conn_schedule(int af
, struct sk_buff
*skb
, struct ip_vs_protocol
*pp
,
32 int *verdict
, struct ip_vs_conn
**cpp
)
34 struct ip_vs_service
*svc
;
35 struct udphdr _udph
, *uh
;
36 struct ip_vs_iphdr iph
;
38 ip_vs_fill_iphdr(af
, skb_network_header(skb
), &iph
);
40 uh
= skb_header_pointer(skb
, iph
.len
, sizeof(_udph
), &_udph
);
46 svc
= ip_vs_service_get(af
, skb
->mark
, iph
.protocol
,
47 &iph
.daddr
, uh
->dest
);
53 * It seems that we are very loaded.
54 * We have to drop this packet :(
56 ip_vs_service_put(svc
);
62 * Let the virtual server select a real server for the
63 * incoming connection, and create a connection entry.
65 *cpp
= ip_vs_schedule(svc
, skb
, pp
, &ignored
);
66 if (!*cpp
&& !ignored
) {
67 *verdict
= ip_vs_leave(svc
, skb
, pp
);
70 ip_vs_service_put(svc
);
77 udp_fast_csum_update(int af
, struct udphdr
*uhdr
,
78 const union nf_inet_addr
*oldip
,
79 const union nf_inet_addr
*newip
,
80 __be16 oldport
, __be16 newport
)
82 #ifdef CONFIG_IP_VS_IPV6
85 csum_fold(ip_vs_check_diff16(oldip
->ip6
, newip
->ip6
,
86 ip_vs_check_diff2(oldport
, newport
,
87 ~csum_unfold(uhdr
->check
))));
91 csum_fold(ip_vs_check_diff4(oldip
->ip
, newip
->ip
,
92 ip_vs_check_diff2(oldport
, newport
,
93 ~csum_unfold(uhdr
->check
))));
95 uhdr
->check
= CSUM_MANGLED_0
;
99 udp_partial_csum_update(int af
, struct udphdr
*uhdr
,
100 const union nf_inet_addr
*oldip
,
101 const union nf_inet_addr
*newip
,
102 __be16 oldlen
, __be16 newlen
)
104 #ifdef CONFIG_IP_VS_IPV6
107 ~csum_fold(ip_vs_check_diff16(oldip
->ip6
, newip
->ip6
,
108 ip_vs_check_diff2(oldlen
, newlen
,
109 csum_unfold(uhdr
->check
))));
113 ~csum_fold(ip_vs_check_diff4(oldip
->ip
, newip
->ip
,
114 ip_vs_check_diff2(oldlen
, newlen
,
115 csum_unfold(uhdr
->check
))));
120 udp_snat_handler(struct sk_buff
*skb
,
121 struct ip_vs_protocol
*pp
, struct ip_vs_conn
*cp
)
124 unsigned int udphoff
;
126 int payload_csum
= 0;
128 #ifdef CONFIG_IP_VS_IPV6
129 if (cp
->af
== AF_INET6
)
130 udphoff
= sizeof(struct ipv6hdr
);
133 udphoff
= ip_hdrlen(skb
);
134 oldlen
= skb
->len
- udphoff
;
136 /* csum_check requires unshared skb */
137 if (!skb_make_writable(skb
, udphoff
+sizeof(*udph
)))
140 if (unlikely(cp
->app
!= NULL
)) {
143 /* Some checks before mangling */
144 if (pp
->csum_check
&& !pp
->csum_check(cp
->af
, skb
, pp
))
148 * Call application helper if needed
150 if (!(ret
= ip_vs_app_pkt_out(cp
, skb
)))
152 /* ret=2: csum update is needed after payload mangling */
154 oldlen
= skb
->len
- udphoff
;
159 udph
= (void *)skb_network_header(skb
) + udphoff
;
160 udph
->source
= cp
->vport
;
163 * Adjust UDP checksums
165 if (skb
->ip_summed
== CHECKSUM_PARTIAL
) {
166 udp_partial_csum_update(cp
->af
, udph
, &cp
->daddr
, &cp
->vaddr
,
168 htons(skb
->len
- udphoff
));
169 } else if (!payload_csum
&& (udph
->check
!= 0)) {
170 /* Only port and addr are changed, do fast csum update */
171 udp_fast_csum_update(cp
->af
, udph
, &cp
->daddr
, &cp
->vaddr
,
172 cp
->dport
, cp
->vport
);
173 if (skb
->ip_summed
== CHECKSUM_COMPLETE
)
174 skb
->ip_summed
= (cp
->app
&& pp
->csum_check
) ?
175 CHECKSUM_UNNECESSARY
: CHECKSUM_NONE
;
177 /* full checksum calculation */
179 skb
->csum
= skb_checksum(skb
, udphoff
, skb
->len
- udphoff
, 0);
180 #ifdef CONFIG_IP_VS_IPV6
181 if (cp
->af
== AF_INET6
)
182 udph
->check
= csum_ipv6_magic(&cp
->vaddr
.in6
,
185 cp
->protocol
, skb
->csum
);
188 udph
->check
= csum_tcpudp_magic(cp
->vaddr
.ip
,
193 if (udph
->check
== 0)
194 udph
->check
= CSUM_MANGLED_0
;
195 skb
->ip_summed
= CHECKSUM_UNNECESSARY
;
196 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
197 pp
->name
, udph
->check
,
198 (char*)&(udph
->check
) - (char*)udph
);
205 udp_dnat_handler(struct sk_buff
*skb
,
206 struct ip_vs_protocol
*pp
, struct ip_vs_conn
*cp
)
209 unsigned int udphoff
;
211 int payload_csum
= 0;
213 #ifdef CONFIG_IP_VS_IPV6
214 if (cp
->af
== AF_INET6
)
215 udphoff
= sizeof(struct ipv6hdr
);
218 udphoff
= ip_hdrlen(skb
);
219 oldlen
= skb
->len
- udphoff
;
221 /* csum_check requires unshared skb */
222 if (!skb_make_writable(skb
, udphoff
+sizeof(*udph
)))
225 if (unlikely(cp
->app
!= NULL
)) {
228 /* Some checks before mangling */
229 if (pp
->csum_check
&& !pp
->csum_check(cp
->af
, skb
, pp
))
233 * Attempt ip_vs_app call.
234 * It will fix ip_vs_conn
236 if (!(ret
= ip_vs_app_pkt_in(cp
, skb
)))
238 /* ret=2: csum update is needed after payload mangling */
240 oldlen
= skb
->len
- udphoff
;
245 udph
= (void *)skb_network_header(skb
) + udphoff
;
246 udph
->dest
= cp
->dport
;
249 * Adjust UDP checksums
251 if (skb
->ip_summed
== CHECKSUM_PARTIAL
) {
252 udp_partial_csum_update(cp
->af
, udph
, &cp
->vaddr
, &cp
->daddr
,
254 htons(skb
->len
- udphoff
));
255 } else if (!payload_csum
&& (udph
->check
!= 0)) {
256 /* Only port and addr are changed, do fast csum update */
257 udp_fast_csum_update(cp
->af
, udph
, &cp
->vaddr
, &cp
->daddr
,
258 cp
->vport
, cp
->dport
);
259 if (skb
->ip_summed
== CHECKSUM_COMPLETE
)
260 skb
->ip_summed
= (cp
->app
&& pp
->csum_check
) ?
261 CHECKSUM_UNNECESSARY
: CHECKSUM_NONE
;
263 /* full checksum calculation */
265 skb
->csum
= skb_checksum(skb
, udphoff
, skb
->len
- udphoff
, 0);
266 #ifdef CONFIG_IP_VS_IPV6
267 if (cp
->af
== AF_INET6
)
268 udph
->check
= csum_ipv6_magic(&cp
->caddr
.in6
,
271 cp
->protocol
, skb
->csum
);
274 udph
->check
= csum_tcpudp_magic(cp
->caddr
.ip
,
279 if (udph
->check
== 0)
280 udph
->check
= CSUM_MANGLED_0
;
281 skb
->ip_summed
= CHECKSUM_UNNECESSARY
;
288 udp_csum_check(int af
, struct sk_buff
*skb
, struct ip_vs_protocol
*pp
)
290 struct udphdr _udph
, *uh
;
291 unsigned int udphoff
;
293 #ifdef CONFIG_IP_VS_IPV6
295 udphoff
= sizeof(struct ipv6hdr
);
298 udphoff
= ip_hdrlen(skb
);
300 uh
= skb_header_pointer(skb
, udphoff
, sizeof(_udph
), &_udph
);
304 if (uh
->check
!= 0) {
305 switch (skb
->ip_summed
) {
307 skb
->csum
= skb_checksum(skb
, udphoff
,
308 skb
->len
- udphoff
, 0);
309 case CHECKSUM_COMPLETE
:
310 #ifdef CONFIG_IP_VS_IPV6
311 if (af
== AF_INET6
) {
312 if (csum_ipv6_magic(&ipv6_hdr(skb
)->saddr
,
313 &ipv6_hdr(skb
)->daddr
,
315 ipv6_hdr(skb
)->nexthdr
,
317 IP_VS_DBG_RL_PKT(0, af
, pp
, skb
, 0,
318 "Failed checksum for");
323 if (csum_tcpudp_magic(ip_hdr(skb
)->saddr
,
326 ip_hdr(skb
)->protocol
,
328 IP_VS_DBG_RL_PKT(0, af
, pp
, skb
, 0,
329 "Failed checksum for");
334 /* No need to checksum. */
343 * Note: the caller guarantees that only one of register_app,
344 * unregister_app or app_conn_bind is called each time.
347 #define UDP_APP_TAB_BITS 4
348 #define UDP_APP_TAB_SIZE (1 << UDP_APP_TAB_BITS)
349 #define UDP_APP_TAB_MASK (UDP_APP_TAB_SIZE - 1)
351 static struct list_head udp_apps
[UDP_APP_TAB_SIZE
];
352 static DEFINE_SPINLOCK(udp_app_lock
);
354 static inline __u16
udp_app_hashkey(__be16 port
)
356 return (((__force u16
)port
>> UDP_APP_TAB_BITS
) ^ (__force u16
)port
)
361 static int udp_register_app(struct ip_vs_app
*inc
)
365 __be16 port
= inc
->port
;
368 hash
= udp_app_hashkey(port
);
371 spin_lock_bh(&udp_app_lock
);
372 list_for_each_entry(i
, &udp_apps
[hash
], p_list
) {
373 if (i
->port
== port
) {
378 list_add(&inc
->p_list
, &udp_apps
[hash
]);
379 atomic_inc(&ip_vs_protocol_udp
.appcnt
);
382 spin_unlock_bh(&udp_app_lock
);
388 udp_unregister_app(struct ip_vs_app
*inc
)
390 spin_lock_bh(&udp_app_lock
);
391 atomic_dec(&ip_vs_protocol_udp
.appcnt
);
392 list_del(&inc
->p_list
);
393 spin_unlock_bh(&udp_app_lock
);
397 static int udp_app_conn_bind(struct ip_vs_conn
*cp
)
400 struct ip_vs_app
*inc
;
403 /* Default binding: bind app only for NAT */
404 if (IP_VS_FWD_METHOD(cp
) != IP_VS_CONN_F_MASQ
)
407 /* Lookup application incarnations and bind the right one */
408 hash
= udp_app_hashkey(cp
->vport
);
410 spin_lock(&udp_app_lock
);
411 list_for_each_entry(inc
, &udp_apps
[hash
], p_list
) {
412 if (inc
->port
== cp
->vport
) {
413 if (unlikely(!ip_vs_app_inc_get(inc
)))
415 spin_unlock(&udp_app_lock
);
417 IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->"
418 "%s:%u to app %s on port %u\n",
420 IP_VS_DBG_ADDR(cp
->af
, &cp
->caddr
),
422 IP_VS_DBG_ADDR(cp
->af
, &cp
->vaddr
),
424 inc
->name
, ntohs(inc
->port
));
428 result
= inc
->init_conn(inc
, cp
);
432 spin_unlock(&udp_app_lock
);
439 static int udp_timeouts
[IP_VS_UDP_S_LAST
+1] = {
440 [IP_VS_UDP_S_NORMAL
] = 5*60*HZ
,
441 [IP_VS_UDP_S_LAST
] = 2*HZ
,
444 static const char *const udp_state_name_table
[IP_VS_UDP_S_LAST
+1] = {
445 [IP_VS_UDP_S_NORMAL
] = "UDP",
446 [IP_VS_UDP_S_LAST
] = "BUG!",
451 udp_set_state_timeout(struct ip_vs_protocol
*pp
, char *sname
, int to
)
453 return ip_vs_set_state_timeout(pp
->timeout_table
, IP_VS_UDP_S_LAST
,
454 udp_state_name_table
, sname
, to
);
457 static const char * udp_state_name(int state
)
459 if (state
>= IP_VS_UDP_S_LAST
)
461 return udp_state_name_table
[state
] ? udp_state_name_table
[state
] : "?";
465 udp_state_transition(struct ip_vs_conn
*cp
, int direction
,
466 const struct sk_buff
*skb
,
467 struct ip_vs_protocol
*pp
)
469 cp
->timeout
= pp
->timeout_table
[IP_VS_UDP_S_NORMAL
];
473 static void udp_init(struct ip_vs_protocol
*pp
)
475 IP_VS_INIT_HASH_TABLE(udp_apps
);
476 pp
->timeout_table
= udp_timeouts
;
479 static void udp_exit(struct ip_vs_protocol
*pp
)
484 struct ip_vs_protocol ip_vs_protocol_udp
= {
486 .protocol
= IPPROTO_UDP
,
487 .num_states
= IP_VS_UDP_S_LAST
,
491 .conn_schedule
= udp_conn_schedule
,
492 .conn_in_get
= ip_vs_conn_in_get_proto
,
493 .conn_out_get
= ip_vs_conn_out_get_proto
,
494 .snat_handler
= udp_snat_handler
,
495 .dnat_handler
= udp_dnat_handler
,
496 .csum_check
= udp_csum_check
,
497 .state_transition
= udp_state_transition
,
498 .state_name
= udp_state_name
,
499 .register_app
= udp_register_app
,
500 .unregister_app
= udp_unregister_app
,
501 .app_conn_bind
= udp_app_conn_bind
,
502 .debug_packet
= ip_vs_tcpudp_debug_packet
,
503 .timeout_change
= NULL
,
504 .set_state_timeout
= udp_set_state_timeout
,