~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/netfilter/ipvs/ip_vs_ctl.c

Version: ~ [ linux-5.2-rc5 ] ~ [ linux-5.1.12 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.53 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.128 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.182 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.182 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.68 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * IPVS         An implementation of the IP virtual server support for the
  3  *              LINUX operating system.  IPVS is now implemented as a module
  4  *              over the NetFilter framework. IPVS can be used to build a
  5  *              high-performance and highly available server based on a
  6  *              cluster of servers.
  7  *
  8  * Authors:     Wensong Zhang <wensong@linuxvirtualserver.org>
  9  *              Peter Kese <peter.kese@ijs.si>
 10  *              Julian Anastasov <ja@ssi.bg>
 11  *
 12  *              This program is free software; you can redistribute it and/or
 13  *              modify it under the terms of the GNU General Public License
 14  *              as published by the Free Software Foundation; either version
 15  *              2 of the License, or (at your option) any later version.
 16  *
 17  * Changes:
 18  *
 19  */
 20 
 21 #define KMSG_COMPONENT "IPVS"
 22 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
 23 
 24 #include <linux/module.h>
 25 #include <linux/init.h>
 26 #include <linux/types.h>
 27 #include <linux/capability.h>
 28 #include <linux/fs.h>
 29 #include <linux/sysctl.h>
 30 #include <linux/proc_fs.h>
 31 #include <linux/workqueue.h>
 32 #include <linux/swap.h>
 33 #include <linux/seq_file.h>
 34 #include <linux/slab.h>
 35 
 36 #include <linux/netfilter.h>
 37 #include <linux/netfilter_ipv4.h>
 38 #include <linux/mutex.h>
 39 
 40 #include <net/net_namespace.h>
 41 #include <linux/nsproxy.h>
 42 #include <net/ip.h>
 43 #ifdef CONFIG_IP_VS_IPV6
 44 #include <net/ipv6.h>
 45 #include <net/ip6_route.h>
 46 #endif
 47 #include <net/route.h>
 48 #include <net/sock.h>
 49 #include <net/genetlink.h>
 50 
 51 #include <linux/uaccess.h>
 52 
 53 #include <net/ip_vs.h>
 54 
 55 /* semaphore for IPVS sockopts. And, [gs]etsockopt may sleep. */
 56 static DEFINE_MUTEX(__ip_vs_mutex);
 57 
 58 /* sysctl variables */
 59 
 60 #ifdef CONFIG_IP_VS_DEBUG
 61 static int sysctl_ip_vs_debug_level = 0;
 62 
 63 int ip_vs_get_debug_level(void)
 64 {
 65         return sysctl_ip_vs_debug_level;
 66 }
 67 #endif
 68 
 69 
 70 /*  Protos */
 71 static void __ip_vs_del_service(struct ip_vs_service *svc, bool cleanup);
 72 
 73 
 74 #ifdef CONFIG_IP_VS_IPV6
 75 /* Taken from rt6_fill_node() in net/ipv6/route.c, is there a better way? */
 76 static bool __ip_vs_addr_is_local_v6(struct net *net,
 77                                      const struct in6_addr *addr)
 78 {
 79         struct flowi6 fl6 = {
 80                 .daddr = *addr,
 81         };
 82         struct dst_entry *dst = ip6_route_output(net, NULL, &fl6);
 83         bool is_local;
 84 
 85         is_local = !dst->error && dst->dev && (dst->dev->flags & IFF_LOOPBACK);
 86 
 87         dst_release(dst);
 88         return is_local;
 89 }
 90 #endif
 91 
 92 #ifdef CONFIG_SYSCTL
 93 /*
 94  *      update_defense_level is called from keventd and from sysctl,
 95  *      so it needs to protect itself from softirqs
 96  */
 97 static void update_defense_level(struct netns_ipvs *ipvs)
 98 {
 99         struct sysinfo i;
100         static int old_secure_tcp = 0;
101         int availmem;
102         int nomem;
103         int to_change = -1;
104 
105         /* we only count free and buffered memory (in pages) */
106         si_meminfo(&i);
107         availmem = i.freeram + i.bufferram;
108         /* however in linux 2.5 the i.bufferram is total page cache size,
109            we need adjust it */
110         /* si_swapinfo(&i); */
111         /* availmem = availmem - (i.totalswap - i.freeswap); */
112 
113         nomem = (availmem < ipvs->sysctl_amemthresh);
114 
115         local_bh_disable();
116 
117         /* drop_entry */
118         spin_lock(&ipvs->dropentry_lock);
119         switch (ipvs->sysctl_drop_entry) {
120         case 0:
121                 atomic_set(&ipvs->dropentry, 0);
122                 break;
123         case 1:
124                 if (nomem) {
125                         atomic_set(&ipvs->dropentry, 1);
126                         ipvs->sysctl_drop_entry = 2;
127                 } else {
128                         atomic_set(&ipvs->dropentry, 0);
129                 }
130                 break;
131         case 2:
132                 if (nomem) {
133                         atomic_set(&ipvs->dropentry, 1);
134                 } else {
135                         atomic_set(&ipvs->dropentry, 0);
136                         ipvs->sysctl_drop_entry = 1;
137                 };
138                 break;
139         case 3:
140                 atomic_set(&ipvs->dropentry, 1);
141                 break;
142         }
143         spin_unlock(&ipvs->dropentry_lock);
144 
145         /* drop_packet */
146         spin_lock(&ipvs->droppacket_lock);
147         switch (ipvs->sysctl_drop_packet) {
148         case 0:
149                 ipvs->drop_rate = 0;
150                 break;
151         case 1:
152                 if (nomem) {
153                         ipvs->drop_rate = ipvs->drop_counter
154                                 = ipvs->sysctl_amemthresh /
155                                 (ipvs->sysctl_amemthresh-availmem);
156                         ipvs->sysctl_drop_packet = 2;
157                 } else {
158                         ipvs->drop_rate = 0;
159                 }
160                 break;
161         case 2:
162                 if (nomem) {
163                         ipvs->drop_rate = ipvs->drop_counter
164                                 = ipvs->sysctl_amemthresh /
165                                 (ipvs->sysctl_amemthresh-availmem);
166                 } else {
167                         ipvs->drop_rate = 0;
168                         ipvs->sysctl_drop_packet = 1;
169                 }
170                 break;
171         case 3:
172                 ipvs->drop_rate = ipvs->sysctl_am_droprate;
173                 break;
174         }
175         spin_unlock(&ipvs->droppacket_lock);
176 
177         /* secure_tcp */
178         spin_lock(&ipvs->securetcp_lock);
179         switch (ipvs->sysctl_secure_tcp) {
180         case 0:
181                 if (old_secure_tcp >= 2)
182                         to_change = 0;
183                 break;
184         case 1:
185                 if (nomem) {
186                         if (old_secure_tcp < 2)
187                                 to_change = 1;
188                         ipvs->sysctl_secure_tcp = 2;
189                 } else {
190                         if (old_secure_tcp >= 2)
191                                 to_change = 0;
192                 }
193                 break;
194         case 2:
195                 if (nomem) {
196                         if (old_secure_tcp < 2)
197                                 to_change = 1;
198                 } else {
199                         if (old_secure_tcp >= 2)
200                                 to_change = 0;
201                         ipvs->sysctl_secure_tcp = 1;
202                 }
203                 break;
204         case 3:
205                 if (old_secure_tcp < 2)
206                         to_change = 1;
207                 break;
208         }
209         old_secure_tcp = ipvs->sysctl_secure_tcp;
210         if (to_change >= 0)
211                 ip_vs_protocol_timeout_change(ipvs,
212                                               ipvs->sysctl_secure_tcp > 1);
213         spin_unlock(&ipvs->securetcp_lock);
214 
215         local_bh_enable();
216 }
217 
218 
219 /*
220  *      Timer for checking the defense
221  */
222 #define DEFENSE_TIMER_PERIOD    1*HZ
223 
224 static void defense_work_handler(struct work_struct *work)
225 {
226         struct netns_ipvs *ipvs =
227                 container_of(work, struct netns_ipvs, defense_work.work);
228 
229         update_defense_level(ipvs);
230         if (atomic_read(&ipvs->dropentry))
231                 ip_vs_random_dropentry(ipvs);
232         schedule_delayed_work(&ipvs->defense_work, DEFENSE_TIMER_PERIOD);
233 }
234 #endif
235 
236 int
237 ip_vs_use_count_inc(void)
238 {
239         return try_module_get(THIS_MODULE);
240 }
241 
242 void
243 ip_vs_use_count_dec(void)
244 {
245         module_put(THIS_MODULE);
246 }
247 
248 
249 /*
250  *      Hash table: for virtual service lookups
251  */
252 #define IP_VS_SVC_TAB_BITS 8
253 #define IP_VS_SVC_TAB_SIZE (1 << IP_VS_SVC_TAB_BITS)
254 #define IP_VS_SVC_TAB_MASK (IP_VS_SVC_TAB_SIZE - 1)
255 
256 /* the service table hashed by <protocol, addr, port> */
257 static struct hlist_head ip_vs_svc_table[IP_VS_SVC_TAB_SIZE];
258 /* the service table hashed by fwmark */
259 static struct hlist_head ip_vs_svc_fwm_table[IP_VS_SVC_TAB_SIZE];
260 
261 
262 /*
263  *      Returns hash value for virtual service
264  */
265 static inline unsigned int
266 ip_vs_svc_hashkey(struct netns_ipvs *ipvs, int af, unsigned int proto,
267                   const union nf_inet_addr *addr, __be16 port)
268 {
269         register unsigned int porth = ntohs(port);
270         __be32 addr_fold = addr->ip;
271         __u32 ahash;
272 
273 #ifdef CONFIG_IP_VS_IPV6
274         if (af == AF_INET6)
275                 addr_fold = addr->ip6[0]^addr->ip6[1]^
276                             addr->ip6[2]^addr->ip6[3];
277 #endif
278         ahash = ntohl(addr_fold);
279         ahash ^= ((size_t) ipvs >> 8);
280 
281         return (proto ^ ahash ^ (porth >> IP_VS_SVC_TAB_BITS) ^ porth) &
282                IP_VS_SVC_TAB_MASK;
283 }
284 
285 /*
286  *      Returns hash value of fwmark for virtual service lookup
287  */
288 static inline unsigned int ip_vs_svc_fwm_hashkey(struct netns_ipvs *ipvs, __u32 fwmark)
289 {
290         return (((size_t)ipvs>>8) ^ fwmark) & IP_VS_SVC_TAB_MASK;
291 }
292 
293 /*
294  *      Hashes a service in the ip_vs_svc_table by <netns,proto,addr,port>
295  *      or in the ip_vs_svc_fwm_table by fwmark.
296  *      Should be called with locked tables.
297  */
298 static int ip_vs_svc_hash(struct ip_vs_service *svc)
299 {
300         unsigned int hash;
301 
302         if (svc->flags & IP_VS_SVC_F_HASHED) {
303                 pr_err("%s(): request for already hashed, called from %pF\n",
304                        __func__, __builtin_return_address(0));
305                 return 0;
306         }
307 
308         if (svc->fwmark == 0) {
309                 /*
310                  *  Hash it by <netns,protocol,addr,port> in ip_vs_svc_table
311                  */
312                 hash = ip_vs_svc_hashkey(svc->ipvs, svc->af, svc->protocol,
313                                          &svc->addr, svc->port);
314                 hlist_add_head_rcu(&svc->s_list, &ip_vs_svc_table[hash]);
315         } else {
316                 /*
317                  *  Hash it by fwmark in svc_fwm_table
318                  */
319                 hash = ip_vs_svc_fwm_hashkey(svc->ipvs, svc->fwmark);
320                 hlist_add_head_rcu(&svc->f_list, &ip_vs_svc_fwm_table[hash]);
321         }
322 
323         svc->flags |= IP_VS_SVC_F_HASHED;
324         /* increase its refcnt because it is referenced by the svc table */
325         atomic_inc(&svc->refcnt);
326         return 1;
327 }
328 
329 
330 /*
331  *      Unhashes a service from svc_table / svc_fwm_table.
332  *      Should be called with locked tables.
333  */
334 static int ip_vs_svc_unhash(struct ip_vs_service *svc)
335 {
336         if (!(svc->flags & IP_VS_SVC_F_HASHED)) {
337                 pr_err("%s(): request for unhash flagged, called from %pF\n",
338                        __func__, __builtin_return_address(0));
339                 return 0;
340         }
341 
342         if (svc->fwmark == 0) {
343                 /* Remove it from the svc_table table */
344                 hlist_del_rcu(&svc->s_list);
345         } else {
346                 /* Remove it from the svc_fwm_table table */
347                 hlist_del_rcu(&svc->f_list);
348         }
349 
350         svc->flags &= ~IP_VS_SVC_F_HASHED;
351         atomic_dec(&svc->refcnt);
352         return 1;
353 }
354 
355 
356 /*
357  *      Get service by {netns, proto,addr,port} in the service table.
358  */
359 static inline struct ip_vs_service *
360 __ip_vs_service_find(struct netns_ipvs *ipvs, int af, __u16 protocol,
361                      const union nf_inet_addr *vaddr, __be16 vport)
362 {
363         unsigned int hash;
364         struct ip_vs_service *svc;
365 
366         /* Check for "full" addressed entries */
367         hash = ip_vs_svc_hashkey(ipvs, af, protocol, vaddr, vport);
368 
369         hlist_for_each_entry_rcu(svc, &ip_vs_svc_table[hash], s_list) {
370                 if ((svc->af == af)
371                     && ip_vs_addr_equal(af, &svc->addr, vaddr)
372                     && (svc->port == vport)
373                     && (svc->protocol == protocol)
374                     && (svc->ipvs == ipvs)) {
375                         /* HIT */
376                         return svc;
377                 }
378         }
379 
380         return NULL;
381 }
382 
383 
384 /*
385  *      Get service by {fwmark} in the service table.
386  */
387 static inline struct ip_vs_service *
388 __ip_vs_svc_fwm_find(struct netns_ipvs *ipvs, int af, __u32 fwmark)
389 {
390         unsigned int hash;
391         struct ip_vs_service *svc;
392 
393         /* Check for fwmark addressed entries */
394         hash = ip_vs_svc_fwm_hashkey(ipvs, fwmark);
395 
396         hlist_for_each_entry_rcu(svc, &ip_vs_svc_fwm_table[hash], f_list) {
397                 if (svc->fwmark == fwmark && svc->af == af
398                     && (svc->ipvs == ipvs)) {
399                         /* HIT */
400                         return svc;
401                 }
402         }
403 
404         return NULL;
405 }
406 
407 /* Find service, called under RCU lock */
408 struct ip_vs_service *
409 ip_vs_service_find(struct netns_ipvs *ipvs, int af, __u32 fwmark, __u16 protocol,
410                    const union nf_inet_addr *vaddr, __be16 vport)
411 {
412         struct ip_vs_service *svc;
413 
414         /*
415          *      Check the table hashed by fwmark first
416          */
417         if (fwmark) {
418                 svc = __ip_vs_svc_fwm_find(ipvs, af, fwmark);
419                 if (svc)
420                         goto out;
421         }
422 
423         /*
424          *      Check the table hashed by <protocol,addr,port>
425          *      for "full" addressed entries
426          */
427         svc = __ip_vs_service_find(ipvs, af, protocol, vaddr, vport);
428 
429         if (!svc && protocol == IPPROTO_TCP &&
430             atomic_read(&ipvs->ftpsvc_counter) &&
431             (vport == FTPDATA || ntohs(vport) >= inet_prot_sock(ipvs->net))) {
432                 /*
433                  * Check if ftp service entry exists, the packet
434                  * might belong to FTP data connections.
435                  */
436                 svc = __ip_vs_service_find(ipvs, af, protocol, vaddr, FTPPORT);
437         }
438 
439         if (svc == NULL
440             && atomic_read(&ipvs->nullsvc_counter)) {
441                 /*
442                  * Check if the catch-all port (port zero) exists
443                  */
444                 svc = __ip_vs_service_find(ipvs, af, protocol, vaddr, 0);
445         }
446 
447   out:
448         IP_VS_DBG_BUF(9, "lookup service: fwm %u %s %s:%u %s\n",
449                       fwmark, ip_vs_proto_name(protocol),
450                       IP_VS_DBG_ADDR(af, vaddr), ntohs(vport),
451                       svc ? "hit" : "not hit");
452 
453         return svc;
454 }
455 
456 
457 static inline void
458 __ip_vs_bind_svc(struct ip_vs_dest *dest, struct ip_vs_service *svc)
459 {
460         atomic_inc(&svc->refcnt);
461         rcu_assign_pointer(dest->svc, svc);
462 }
463 
464 static void ip_vs_service_free(struct ip_vs_service *svc)
465 {
466         free_percpu(svc->stats.cpustats);
467         kfree(svc);
468 }
469 
470 static void ip_vs_service_rcu_free(struct rcu_head *head)
471 {
472         struct ip_vs_service *svc;
473 
474         svc = container_of(head, struct ip_vs_service, rcu_head);
475         ip_vs_service_free(svc);
476 }
477 
478 static void __ip_vs_svc_put(struct ip_vs_service *svc, bool do_delay)
479 {
480         if (atomic_dec_and_test(&svc->refcnt)) {
481                 IP_VS_DBG_BUF(3, "Removing service %u/%s:%u\n",
482                               svc->fwmark,
483                               IP_VS_DBG_ADDR(svc->af, &svc->addr),
484                               ntohs(svc->port));
485                 if (do_delay)
486                         call_rcu(&svc->rcu_head, ip_vs_service_rcu_free);
487                 else
488                         ip_vs_service_free(svc);
489         }
490 }
491 
492 
493 /*
494  *      Returns hash value for real service
495  */
496 static inline unsigned int ip_vs_rs_hashkey(int af,
497                                             const union nf_inet_addr *addr,
498                                             __be16 port)
499 {
500         register unsigned int porth = ntohs(port);
501         __be32 addr_fold = addr->ip;
502 
503 #ifdef CONFIG_IP_VS_IPV6
504         if (af == AF_INET6)
505                 addr_fold = addr->ip6[0]^addr->ip6[1]^
506                             addr->ip6[2]^addr->ip6[3];
507 #endif
508 
509         return (ntohl(addr_fold)^(porth>>IP_VS_RTAB_BITS)^porth)
510                 & IP_VS_RTAB_MASK;
511 }
512 
513 /* Hash ip_vs_dest in rs_table by <proto,addr,port>. */
514 static void ip_vs_rs_hash(struct netns_ipvs *ipvs, struct ip_vs_dest *dest)
515 {
516         unsigned int hash;
517 
518         if (dest->in_rs_table)
519                 return;
520 
521         /*
522          *      Hash by proto,addr,port,
523          *      which are the parameters of the real service.
524          */
525         hash = ip_vs_rs_hashkey(dest->af, &dest->addr, dest->port);
526 
527         hlist_add_head_rcu(&dest->d_list, &ipvs->rs_table[hash]);
528         dest->in_rs_table = 1;
529 }
530 
531 /* Unhash ip_vs_dest from rs_table. */
532 static void ip_vs_rs_unhash(struct ip_vs_dest *dest)
533 {
534         /*
535          * Remove it from the rs_table table.
536          */
537         if (dest->in_rs_table) {
538                 hlist_del_rcu(&dest->d_list);
539                 dest->in_rs_table = 0;
540         }
541 }
542 
543 /* Check if real service by <proto,addr,port> is present */
544 bool ip_vs_has_real_service(struct netns_ipvs *ipvs, int af, __u16 protocol,
545                             const union nf_inet_addr *daddr, __be16 dport)
546 {
547         unsigned int hash;
548         struct ip_vs_dest *dest;
549 
550         /* Check for "full" addressed entries */
551         hash = ip_vs_rs_hashkey(af, daddr, dport);
552 
553         rcu_read_lock();
554         hlist_for_each_entry_rcu(dest, &ipvs->rs_table[hash], d_list) {
555                 if (dest->port == dport &&
556                     dest->af == af &&
557                     ip_vs_addr_equal(af, &dest->addr, daddr) &&
558                     (dest->protocol == protocol || dest->vfwmark)) {
559                         /* HIT */
560                         rcu_read_unlock();
561                         return true;
562                 }
563         }
564         rcu_read_unlock();
565 
566         return false;
567 }
568 
569 /* Find real service record by <proto,addr,port>.
570  * In case of multiple records with the same <proto,addr,port>, only
571  * the first found record is returned.
572  *
573  * To be called under RCU lock.
574  */
575 struct ip_vs_dest *ip_vs_find_real_service(struct netns_ipvs *ipvs, int af,
576                                            __u16 protocol,
577                                            const union nf_inet_addr *daddr,
578                                            __be16 dport)
579 {
580         unsigned int hash;
581         struct ip_vs_dest *dest;
582 
583         /* Check for "full" addressed entries */
584         hash = ip_vs_rs_hashkey(af, daddr, dport);
585 
586         hlist_for_each_entry_rcu(dest, &ipvs->rs_table[hash], d_list) {
587                 if (dest->port == dport &&
588                     dest->af == af &&
589                     ip_vs_addr_equal(af, &dest->addr, daddr) &&
590                         (dest->protocol == protocol || dest->vfwmark)) {
591                         /* HIT */
592                         return dest;
593                 }
594         }
595 
596         return NULL;
597 }
598 
599 /* Lookup destination by {addr,port} in the given service
600  * Called under RCU lock.
601  */
602 static struct ip_vs_dest *
603 ip_vs_lookup_dest(struct ip_vs_service *svc, int dest_af,
604                   const union nf_inet_addr *daddr, __be16 dport)
605 {
606         struct ip_vs_dest *dest;
607 
608         /*
609          * Find the destination for the given service
610          */
611         list_for_each_entry_rcu(dest, &svc->destinations, n_list) {
612                 if ((dest->af == dest_af) &&
613                     ip_vs_addr_equal(dest_af, &dest->addr, daddr) &&
614                     (dest->port == dport)) {
615                         /* HIT */
616                         return dest;
617                 }
618         }
619 
620         return NULL;
621 }
622 
623 /*
624  * Find destination by {daddr,dport,vaddr,protocol}
625  * Created to be used in ip_vs_process_message() in
626  * the backup synchronization daemon. It finds the
627  * destination to be bound to the received connection
628  * on the backup.
629  * Called under RCU lock, no refcnt is returned.
630  */
631 struct ip_vs_dest *ip_vs_find_dest(struct netns_ipvs *ipvs, int svc_af, int dest_af,
632                                    const union nf_inet_addr *daddr,
633                                    __be16 dport,
634                                    const union nf_inet_addr *vaddr,
635                                    __be16 vport, __u16 protocol, __u32 fwmark,
636                                    __u32 flags)
637 {
638         struct ip_vs_dest *dest;
639         struct ip_vs_service *svc;
640         __be16 port = dport;
641 
642         svc = ip_vs_service_find(ipvs, svc_af, fwmark, protocol, vaddr, vport);
643         if (!svc)
644                 return NULL;
645         if (fwmark && (flags & IP_VS_CONN_F_FWD_MASK) != IP_VS_CONN_F_MASQ)
646                 port = 0;
647         dest = ip_vs_lookup_dest(svc, dest_af, daddr, port);
648         if (!dest)
649                 dest = ip_vs_lookup_dest(svc, dest_af, daddr, port ^ dport);
650         return dest;
651 }
652 
653 void ip_vs_dest_dst_rcu_free(struct rcu_head *head)
654 {
655         struct ip_vs_dest_dst *dest_dst = container_of(head,
656                                                        struct ip_vs_dest_dst,
657                                                        rcu_head);
658 
659         dst_release(dest_dst->dst_cache);
660         kfree(dest_dst);
661 }
662 
663 /* Release dest_dst and dst_cache for dest in user context */
664 static void __ip_vs_dst_cache_reset(struct ip_vs_dest *dest)
665 {
666         struct ip_vs_dest_dst *old;
667 
668         old = rcu_dereference_protected(dest->dest_dst, 1);
669         if (old) {
670                 RCU_INIT_POINTER(dest->dest_dst, NULL);
671                 call_rcu(&old->rcu_head, ip_vs_dest_dst_rcu_free);
672         }
673 }
674 
675 /*
676  *  Lookup dest by {svc,addr,port} in the destination trash.
677  *  The destination trash is used to hold the destinations that are removed
678  *  from the service table but are still referenced by some conn entries.
679  *  The reason to add the destination trash is when the dest is temporary
680  *  down (either by administrator or by monitor program), the dest can be
681  *  picked back from the trash, the remaining connections to the dest can
682  *  continue, and the counting information of the dest is also useful for
683  *  scheduling.
684  */
685 static struct ip_vs_dest *
686 ip_vs_trash_get_dest(struct ip_vs_service *svc, int dest_af,
687                      const union nf_inet_addr *daddr, __be16 dport)
688 {
689         struct ip_vs_dest *dest;
690         struct netns_ipvs *ipvs = svc->ipvs;
691 
692         /*
693          * Find the destination in trash
694          */
695         spin_lock_bh(&ipvs->dest_trash_lock);
696         list_for_each_entry(dest, &ipvs->dest_trash, t_list) {
697                 IP_VS_DBG_BUF(3, "Destination %u/%s:%u still in trash, "
698                               "dest->refcnt=%d\n",
699                               dest->vfwmark,
700                               IP_VS_DBG_ADDR(dest->af, &dest->addr),
701                               ntohs(dest->port),
702                               atomic_read(&dest->refcnt));
703                 if (dest->af == dest_af &&
704                     ip_vs_addr_equal(dest_af, &dest->addr, daddr) &&
705                     dest->port == dport &&
706                     dest->vfwmark == svc->fwmark &&
707                     dest->protocol == svc->protocol &&
708                     (svc->fwmark ||
709                      (ip_vs_addr_equal(svc->af, &dest->vaddr, &svc->addr) &&
710                       dest->vport == svc->port))) {
711                         /* HIT */
712                         list_del(&dest->t_list);
713                         goto out;
714                 }
715         }
716 
717         dest = NULL;
718 
719 out:
720         spin_unlock_bh(&ipvs->dest_trash_lock);
721 
722         return dest;
723 }
724 
725 static void ip_vs_dest_free(struct ip_vs_dest *dest)
726 {
727         struct ip_vs_service *svc = rcu_dereference_protected(dest->svc, 1);
728 
729         __ip_vs_dst_cache_reset(dest);
730         __ip_vs_svc_put(svc, false);
731         free_percpu(dest->stats.cpustats);
732         ip_vs_dest_put_and_free(dest);
733 }
734 
735 /*
736  *  Clean up all the destinations in the trash
737  *  Called by the ip_vs_control_cleanup()
738  *
739  *  When the ip_vs_control_clearup is activated by ipvs module exit,
740  *  the service tables must have been flushed and all the connections
741  *  are expired, and the refcnt of each destination in the trash must
742  *  be 1, so we simply release them here.
743  */
744 static void ip_vs_trash_cleanup(struct netns_ipvs *ipvs)
745 {
746         struct ip_vs_dest *dest, *nxt;
747 
748         del_timer_sync(&ipvs->dest_trash_timer);
749         /* No need to use dest_trash_lock */
750         list_for_each_entry_safe(dest, nxt, &ipvs->dest_trash, t_list) {
751                 list_del(&dest->t_list);
752                 ip_vs_dest_free(dest);
753         }
754 }
755 
756 static void
757 ip_vs_copy_stats(struct ip_vs_kstats *dst, struct ip_vs_stats *src)
758 {
759 #define IP_VS_SHOW_STATS_COUNTER(c) dst->c = src->kstats.c - src->kstats0.c
760 
761         spin_lock_bh(&src->lock);
762 
763         IP_VS_SHOW_STATS_COUNTER(conns);
764         IP_VS_SHOW_STATS_COUNTER(inpkts);
765         IP_VS_SHOW_STATS_COUNTER(outpkts);
766         IP_VS_SHOW_STATS_COUNTER(inbytes);
767         IP_VS_SHOW_STATS_COUNTER(outbytes);
768 
769         ip_vs_read_estimator(dst, src);
770 
771         spin_unlock_bh(&src->lock);
772 }
773 
774 static void
775 ip_vs_export_stats_user(struct ip_vs_stats_user *dst, struct ip_vs_kstats *src)
776 {
777         dst->conns = (u32)src->conns;
778         dst->inpkts = (u32)src->inpkts;
779         dst->outpkts = (u32)src->outpkts;
780         dst->inbytes = src->inbytes;
781         dst->outbytes = src->outbytes;
782         dst->cps = (u32)src->cps;
783         dst->inpps = (u32)src->inpps;
784         dst->outpps = (u32)src->outpps;
785         dst->inbps = (u32)src->inbps;
786         dst->outbps = (u32)src->outbps;
787 }
788 
789 static void
790 ip_vs_zero_stats(struct ip_vs_stats *stats)
791 {
792         spin_lock_bh(&stats->lock);
793 
794         /* get current counters as zero point, rates are zeroed */
795 
796 #define IP_VS_ZERO_STATS_COUNTER(c) stats->kstats0.c = stats->kstats.c
797 
798         IP_VS_ZERO_STATS_COUNTER(conns);
799         IP_VS_ZERO_STATS_COUNTER(inpkts);
800         IP_VS_ZERO_STATS_COUNTER(outpkts);
801         IP_VS_ZERO_STATS_COUNTER(inbytes);
802         IP_VS_ZERO_STATS_COUNTER(outbytes);
803 
804         ip_vs_zero_estimator(stats);
805 
806         spin_unlock_bh(&stats->lock);
807 }
808 
809 /*
810  *      Update a destination in the given service
811  */
812 static void
813 __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
814                     struct ip_vs_dest_user_kern *udest, int add)
815 {
816         struct netns_ipvs *ipvs = svc->ipvs;
817         struct ip_vs_service *old_svc;
818         struct ip_vs_scheduler *sched;
819         int conn_flags;
820 
821         /* We cannot modify an address and change the address family */
822         BUG_ON(!add && udest->af != dest->af);
823 
824         if (add && udest->af != svc->af)
825                 ipvs->mixed_address_family_dests++;
826 
827         /* set the weight and the flags */
828         atomic_set(&dest->weight, udest->weight);
829         conn_flags = udest->conn_flags & IP_VS_CONN_F_DEST_MASK;
830         conn_flags |= IP_VS_CONN_F_INACTIVE;
831 
832         /* set the IP_VS_CONN_F_NOOUTPUT flag if not masquerading/NAT */
833         if ((conn_flags & IP_VS_CONN_F_FWD_MASK) != IP_VS_CONN_F_MASQ) {
834                 conn_flags |= IP_VS_CONN_F_NOOUTPUT;
835         } else {
836                 /*
837                  *    Put the real service in rs_table if not present.
838                  *    For now only for NAT!
839                  */
840                 ip_vs_rs_hash(ipvs, dest);
841         }
842         atomic_set(&dest->conn_flags, conn_flags);
843 
844         /* bind the service */
845         old_svc = rcu_dereference_protected(dest->svc, 1);
846         if (!old_svc) {
847                 __ip_vs_bind_svc(dest, svc);
848         } else {
849                 if (old_svc != svc) {
850                         ip_vs_zero_stats(&dest->stats);
851                         __ip_vs_bind_svc(dest, svc);
852                         __ip_vs_svc_put(old_svc, true);
853                 }
854         }
855 
856         /* set the dest status flags */
857         dest->flags |= IP_VS_DEST_F_AVAILABLE;
858 
859         if (udest->u_threshold == 0 || udest->u_threshold > dest->u_threshold)
860                 dest->flags &= ~IP_VS_DEST_F_OVERLOAD;
861         dest->u_threshold = udest->u_threshold;
862         dest->l_threshold = udest->l_threshold;
863 
864         dest->af = udest->af;
865 
866         spin_lock_bh(&dest->dst_lock);
867         __ip_vs_dst_cache_reset(dest);
868         spin_unlock_bh(&dest->dst_lock);
869 
870         if (add) {
871                 ip_vs_start_estimator(svc->ipvs, &dest->stats);
872                 list_add_rcu(&dest->n_list, &svc->destinations);
873                 svc->num_dests++;
874                 sched = rcu_dereference_protected(svc->scheduler, 1);
875                 if (sched && sched->add_dest)
876                         sched->add_dest(svc, dest);
877         } else {
878                 sched = rcu_dereference_protected(svc->scheduler, 1);
879                 if (sched && sched->upd_dest)
880                         sched->upd_dest(svc, dest);
881         }
882 }
883 
884 
885 /*
886  *      Create a destination for the given service
887  */
888 static int
889 ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
890                struct ip_vs_dest **dest_p)
891 {
892         struct ip_vs_dest *dest;
893         unsigned int atype, i;
894 
895         EnterFunction(2);
896 
897 #ifdef CONFIG_IP_VS_IPV6
898         if (udest->af == AF_INET6) {
899                 atype = ipv6_addr_type(&udest->addr.in6);
900                 if ((!(atype & IPV6_ADDR_UNICAST) ||
901                         atype & IPV6_ADDR_LINKLOCAL) &&
902                         !__ip_vs_addr_is_local_v6(svc->ipvs->net, &udest->addr.in6))
903                         return -EINVAL;
904         } else
905 #endif
906         {
907                 atype = inet_addr_type(svc->ipvs->net, udest->addr.ip);
908                 if (atype != RTN_LOCAL && atype != RTN_UNICAST)
909                         return -EINVAL;
910         }
911 
912         dest = kzalloc(sizeof(struct ip_vs_dest), GFP_KERNEL);
913         if (dest == NULL)
914                 return -ENOMEM;
915 
916         dest->stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats);
917         if (!dest->stats.cpustats)
918                 goto err_alloc;
919 
920         for_each_possible_cpu(i) {
921                 struct ip_vs_cpu_stats *ip_vs_dest_stats;
922                 ip_vs_dest_stats = per_cpu_ptr(dest->stats.cpustats, i);
923                 u64_stats_init(&ip_vs_dest_stats->syncp);
924         }
925 
926         dest->af = udest->af;
927         dest->protocol = svc->protocol;
928         dest->vaddr = svc->addr;
929         dest->vport = svc->port;
930         dest->vfwmark = svc->fwmark;
931         ip_vs_addr_copy(udest->af, &dest->addr, &udest->addr);
932         dest->port = udest->port;
933 
934         atomic_set(&dest->activeconns, 0);
935         atomic_set(&dest->inactconns, 0);
936         atomic_set(&dest->persistconns, 0);
937         atomic_set(&dest->refcnt, 1);
938 
939         INIT_HLIST_NODE(&dest->d_list);
940         spin_lock_init(&dest->dst_lock);
941         spin_lock_init(&dest->stats.lock);
942         __ip_vs_update_dest(svc, dest, udest, 1);
943 
944         *dest_p = dest;
945 
946         LeaveFunction(2);
947         return 0;
948 
949 err_alloc:
950         kfree(dest);
951         return -ENOMEM;
952 }
953 
954 
955 /*
956  *      Add a destination into an existing service
957  */
958 static int
959 ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
960 {
961         struct ip_vs_dest *dest;
962         union nf_inet_addr daddr;
963         __be16 dport = udest->port;
964         int ret;
965 
966         EnterFunction(2);
967 
968         if (udest->weight < 0) {
969                 pr_err("%s(): server weight less than zero\n", __func__);
970                 return -ERANGE;
971         }
972 
973         if (udest->l_threshold > udest->u_threshold) {
974                 pr_err("%s(): lower threshold is higher than upper threshold\n",
975                         __func__);
976                 return -ERANGE;
977         }
978 
979         ip_vs_addr_copy(udest->af, &daddr, &udest->addr);
980 
981         /* We use function that requires RCU lock */
982         rcu_read_lock();
983         dest = ip_vs_lookup_dest(svc, udest->af, &daddr, dport);
984         rcu_read_unlock();
985 
986         if (dest != NULL) {
987                 IP_VS_DBG(1, "%s(): dest already exists\n", __func__);
988                 return -EEXIST;
989         }
990 
991         /*
992          * Check if the dest already exists in the trash and
993          * is from the same service
994          */
995         dest = ip_vs_trash_get_dest(svc, udest->af, &daddr, dport);
996 
997         if (dest != NULL) {
998                 IP_VS_DBG_BUF(3, "Get destination %s:%u from trash, "
999                               "dest->refcnt=%d, service %u/%s:%u\n",
1000                               IP_VS_DBG_ADDR(udest->af, &daddr), ntohs(dport),
1001                               atomic_read(&dest->refcnt),
1002                               dest->vfwmark,
1003                               IP_VS_DBG_ADDR(svc->af, &dest->vaddr),
1004                               ntohs(dest->vport));
1005 
1006                 __ip_vs_update_dest(svc, dest, udest, 1);
1007                 ret = 0;
1008         } else {
1009                 /*
1010                  * Allocate and initialize the dest structure
1011                  */
1012                 ret = ip_vs_new_dest(svc, udest, &dest);
1013         }
1014         LeaveFunction(2);
1015 
1016         return ret;
1017 }
1018 
1019 
1020 /*
1021  *      Edit a destination in the given service
1022  */
1023 static int
1024 ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1025 {
1026         struct ip_vs_dest *dest;
1027         union nf_inet_addr daddr;
1028         __be16 dport = udest->port;
1029 
1030         EnterFunction(2);
1031 
1032         if (udest->weight < 0) {
1033                 pr_err("%s(): server weight less than zero\n", __func__);
1034                 return -ERANGE;
1035         }
1036 
1037         if (udest->l_threshold > udest->u_threshold) {
1038                 pr_err("%s(): lower threshold is higher than upper threshold\n",
1039                         __func__);
1040                 return -ERANGE;
1041         }
1042 
1043         ip_vs_addr_copy(udest->af, &daddr, &udest->addr);
1044 
1045         /* We use function that requires RCU lock */
1046         rcu_read_lock();
1047         dest = ip_vs_lookup_dest(svc, udest->af, &daddr, dport);
1048         rcu_read_unlock();
1049 
1050         if (dest == NULL) {
1051                 IP_VS_DBG(1, "%s(): dest doesn't exist\n", __func__);
1052                 return -ENOENT;
1053         }
1054 
1055         __ip_vs_update_dest(svc, dest, udest, 0);
1056         LeaveFunction(2);
1057 
1058         return 0;
1059 }
1060 
1061 /*
1062  *      Delete a destination (must be already unlinked from the service)
1063  */
1064 static void __ip_vs_del_dest(struct netns_ipvs *ipvs, struct ip_vs_dest *dest,
1065                              bool cleanup)
1066 {
1067         ip_vs_stop_estimator(ipvs, &dest->stats);
1068 
1069         /*
1070          *  Remove it from the d-linked list with the real services.
1071          */
1072         ip_vs_rs_unhash(dest);
1073 
1074         spin_lock_bh(&ipvs->dest_trash_lock);
1075         IP_VS_DBG_BUF(3, "Moving dest %s:%u into trash, dest->refcnt=%d\n",
1076                       IP_VS_DBG_ADDR(dest->af, &dest->addr), ntohs(dest->port),
1077                       atomic_read(&dest->refcnt));
1078         if (list_empty(&ipvs->dest_trash) && !cleanup)
1079                 mod_timer(&ipvs->dest_trash_timer,
1080                           jiffies + (IP_VS_DEST_TRASH_PERIOD >> 1));
1081         /* dest lives in trash with reference */
1082         list_add(&dest->t_list, &ipvs->dest_trash);
1083         dest->idle_start = 0;
1084         spin_unlock_bh(&ipvs->dest_trash_lock);
1085 }
1086 
1087 
1088 /*
1089  *      Unlink a destination from the given service
1090  */
1091 static void __ip_vs_unlink_dest(struct ip_vs_service *svc,
1092                                 struct ip_vs_dest *dest,
1093                                 int svcupd)
1094 {
1095         dest->flags &= ~IP_VS_DEST_F_AVAILABLE;
1096 
1097         /*
1098          *  Remove it from the d-linked destination list.
1099          */
1100         list_del_rcu(&dest->n_list);
1101         svc->num_dests--;
1102 
1103         if (dest->af != svc->af)
1104                 svc->ipvs->mixed_address_family_dests--;
1105 
1106         if (svcupd) {
1107                 struct ip_vs_scheduler *sched;
1108 
1109                 sched = rcu_dereference_protected(svc->scheduler, 1);
1110                 if (sched && sched->del_dest)
1111                         sched->del_dest(svc, dest);
1112         }
1113 }
1114 
1115 
1116 /*
1117  *      Delete a destination server in the given service
1118  */
1119 static int
1120 ip_vs_del_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
1121 {
1122         struct ip_vs_dest *dest;
1123         __be16 dport = udest->port;
1124 
1125         EnterFunction(2);
1126 
1127         /* We use function that requires RCU lock */
1128         rcu_read_lock();
1129         dest = ip_vs_lookup_dest(svc, udest->af, &udest->addr, dport);
1130         rcu_read_unlock();
1131 
1132         if (dest == NULL) {
1133                 IP_VS_DBG(1, "%s(): destination not found!\n", __func__);
1134                 return -ENOENT;
1135         }
1136 
1137         /*
1138          *      Unlink dest from the service
1139          */
1140         __ip_vs_unlink_dest(svc, dest, 1);
1141 
1142         /*
1143          *      Delete the destination
1144          */
1145         __ip_vs_del_dest(svc->ipvs, dest, false);
1146 
1147         LeaveFunction(2);
1148 
1149         return 0;
1150 }
1151 
1152 static void ip_vs_dest_trash_expire(unsigned long data)
1153 {
1154         struct netns_ipvs *ipvs = (struct netns_ipvs *)data;
1155         struct ip_vs_dest *dest, *next;
1156         unsigned long now = jiffies;
1157 
1158         spin_lock(&ipvs->dest_trash_lock);
1159         list_for_each_entry_safe(dest, next, &ipvs->dest_trash, t_list) {
1160                 if (atomic_read(&dest->refcnt) > 1)
1161                         continue;
1162                 if (dest->idle_start) {
1163                         if (time_before(now, dest->idle_start +
1164                                              IP_VS_DEST_TRASH_PERIOD))
1165                                 continue;
1166                 } else {
1167                         dest->idle_start = max(1UL, now);
1168                         continue;
1169                 }
1170                 IP_VS_DBG_BUF(3, "Removing destination %u/%s:%u from trash\n",
1171                               dest->vfwmark,
1172                               IP_VS_DBG_ADDR(dest->af, &dest->addr),
1173                               ntohs(dest->port));
1174                 list_del(&dest->t_list);
1175                 ip_vs_dest_free(dest);
1176         }
1177         if (!list_empty(&ipvs->dest_trash))
1178                 mod_timer(&ipvs->dest_trash_timer,
1179                           jiffies + (IP_VS_DEST_TRASH_PERIOD >> 1));
1180         spin_unlock(&ipvs->dest_trash_lock);
1181 }
1182 
1183 /*
1184  *      Add a service into the service hash table
1185  */
1186 static int
1187 ip_vs_add_service(struct netns_ipvs *ipvs, struct ip_vs_service_user_kern *u,
1188                   struct ip_vs_service **svc_p)
1189 {
1190         int ret = 0, i;
1191         struct ip_vs_scheduler *sched = NULL;
1192         struct ip_vs_pe *pe = NULL;
1193         struct ip_vs_service *svc = NULL;
1194 
1195         /* increase the module use count */
1196         ip_vs_use_count_inc();
1197 
1198         /* Lookup the scheduler by 'u->sched_name' */
1199         if (strcmp(u->sched_name, "none")) {
1200                 sched = ip_vs_scheduler_get(u->sched_name);
1201                 if (!sched) {
1202                         pr_info("Scheduler module ip_vs_%s not found\n",
1203                                 u->sched_name);
1204                         ret = -ENOENT;
1205                         goto out_err;
1206                 }
1207         }
1208 
1209         if (u->pe_name && *u->pe_name) {
1210                 pe = ip_vs_pe_getbyname(u->pe_name);
1211                 if (pe == NULL) {
1212                         pr_info("persistence engine module ip_vs_pe_%s "
1213                                 "not found\n", u->pe_name);
1214                         ret = -ENOENT;
1215                         goto out_err;
1216                 }
1217         }
1218 
1219 #ifdef CONFIG_IP_VS_IPV6
1220         if (u->af == AF_INET6) {
1221                 __u32 plen = (__force __u32) u->netmask;
1222 
1223                 if (plen < 1 || plen > 128) {
1224                         ret = -EINVAL;
1225                         goto out_err;
1226                 }
1227         }
1228 #endif
1229 
1230         svc = kzalloc(sizeof(struct ip_vs_service), GFP_KERNEL);
1231         if (svc == NULL) {
1232                 IP_VS_DBG(1, "%s(): no memory\n", __func__);
1233                 ret = -ENOMEM;
1234                 goto out_err;
1235         }
1236         svc->stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats);
1237         if (!svc->stats.cpustats) {
1238                 ret = -ENOMEM;
1239                 goto out_err;
1240         }
1241 
1242         for_each_possible_cpu(i) {
1243                 struct ip_vs_cpu_stats *ip_vs_stats;
1244                 ip_vs_stats = per_cpu_ptr(svc->stats.cpustats, i);
1245                 u64_stats_init(&ip_vs_stats->syncp);
1246         }
1247 
1248 
1249         /* I'm the first user of the service */
1250         atomic_set(&svc->refcnt, 0);
1251 
1252         svc->af = u->af;
1253         svc->protocol = u->protocol;
1254         ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
1255         svc->port = u->port;
1256         svc->fwmark = u->fwmark;
1257         svc->flags = u->flags;
1258         svc->timeout = u->timeout * HZ;
1259         svc->netmask = u->netmask;
1260         svc->ipvs = ipvs;
1261 
1262         INIT_LIST_HEAD(&svc->destinations);
1263         spin_lock_init(&svc->sched_lock);
1264         spin_lock_init(&svc->stats.lock);
1265 
1266         /* Bind the scheduler */
1267         if (sched) {
1268                 ret = ip_vs_bind_scheduler(svc, sched);
1269                 if (ret)
1270                         goto out_err;
1271                 sched = NULL;
1272         }
1273 
1274         /* Bind the ct retriever */
1275         RCU_INIT_POINTER(svc->pe, pe);
1276         pe = NULL;
1277 
1278         /* Update the virtual service counters */
1279         if (svc->port == FTPPORT)
1280                 atomic_inc(&ipvs->ftpsvc_counter);
1281         else if (svc->port == 0)
1282                 atomic_inc(&ipvs->nullsvc_counter);
1283         if (svc->pe && svc->pe->conn_out)
1284                 atomic_inc(&ipvs->conn_out_counter);
1285 
1286         ip_vs_start_estimator(ipvs, &svc->stats);
1287 
1288         /* Count only IPv4 services for old get/setsockopt interface */
1289         if (svc->af == AF_INET)
1290                 ipvs->num_services++;
1291 
1292         /* Hash the service into the service table */
1293         ip_vs_svc_hash(svc);
1294 
1295         *svc_p = svc;
1296         /* Now there is a service - full throttle */
1297         ipvs->enable = 1;
1298         return 0;
1299 
1300 
1301  out_err:
1302         if (svc != NULL) {
1303                 ip_vs_unbind_scheduler(svc, sched);
1304                 ip_vs_service_free(svc);
1305         }
1306         ip_vs_scheduler_put(sched);
1307         ip_vs_pe_put(pe);
1308 
1309         /* decrease the module use count */
1310         ip_vs_use_count_dec();
1311 
1312         return ret;
1313 }
1314 
1315 
1316 /*
1317  *      Edit a service and bind it with a new scheduler
1318  */
1319 static int
1320 ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u)
1321 {
1322         struct ip_vs_scheduler *sched = NULL, *old_sched;
1323         struct ip_vs_pe *pe = NULL, *old_pe = NULL;
1324         int ret = 0;
1325         bool new_pe_conn_out, old_pe_conn_out;
1326 
1327         /*
1328          * Lookup the scheduler, by 'u->sched_name'
1329          */
1330         if (strcmp(u->sched_name, "none")) {
1331                 sched = ip_vs_scheduler_get(u->sched_name);
1332                 if (!sched) {
1333                         pr_info("Scheduler module ip_vs_%s not found\n",
1334                                 u->sched_name);
1335                         return -ENOENT;
1336                 }
1337         }
1338         old_sched = sched;
1339 
1340         if (u->pe_name && *u->pe_name) {
1341                 pe = ip_vs_pe_getbyname(u->pe_name);
1342                 if (pe == NULL) {
1343                         pr_info("persistence engine module ip_vs_pe_%s "
1344                                 "not found\n", u->pe_name);
1345                         ret = -ENOENT;
1346                         goto out;
1347                 }
1348                 old_pe = pe;
1349         }
1350 
1351 #ifdef CONFIG_IP_VS_IPV6
1352         if (u->af == AF_INET6) {
1353                 __u32 plen = (__force __u32) u->netmask;
1354 
1355                 if (plen < 1 || plen > 128) {
1356                         ret = -EINVAL;
1357                         goto out;
1358                 }
1359         }
1360 #endif
1361 
1362         old_sched = rcu_dereference_protected(svc->scheduler, 1);
1363         if (sched != old_sched) {
1364                 if (old_sched) {
1365                         ip_vs_unbind_scheduler(svc, old_sched);
1366                         RCU_INIT_POINTER(svc->scheduler, NULL);
1367                         /* Wait all svc->sched_data users */
1368                         synchronize_rcu();
1369                 }
1370                 /* Bind the new scheduler */
1371                 if (sched) {
1372                         ret = ip_vs_bind_scheduler(svc, sched);
1373                         if (ret) {
1374                                 ip_vs_scheduler_put(sched);
1375                                 goto out;
1376                         }
1377                 }
1378         }
1379 
1380         /*
1381          * Set the flags and timeout value
1382          */
1383         svc->flags = u->flags | IP_VS_SVC_F_HASHED;
1384         svc->timeout = u->timeout * HZ;
1385         svc->netmask = u->netmask;
1386 
1387         old_pe = rcu_dereference_protected(svc->pe, 1);
1388         if (pe != old_pe) {
1389                 rcu_assign_pointer(svc->pe, pe);
1390                 /* check for optional methods in new pe */
1391                 new_pe_conn_out = (pe && pe->conn_out) ? true : false;
1392                 old_pe_conn_out = (old_pe && old_pe->conn_out) ? true : false;
1393                 if (new_pe_conn_out && !old_pe_conn_out)
1394                         atomic_inc(&svc->ipvs->conn_out_counter);
1395                 if (old_pe_conn_out && !new_pe_conn_out)
1396                         atomic_dec(&svc->ipvs->conn_out_counter);
1397         }
1398 
1399 out:
1400         ip_vs_scheduler_put(old_sched);
1401         ip_vs_pe_put(old_pe);
1402         return ret;
1403 }
1404 
1405 /*
1406  *      Delete a service from the service list
1407  *      - The service must be unlinked, unlocked and not referenced!
1408  *      - We are called under _bh lock
1409  */
1410 static void __ip_vs_del_service(struct ip_vs_service *svc, bool cleanup)
1411 {
1412         struct ip_vs_dest *dest, *nxt;
1413         struct ip_vs_scheduler *old_sched;
1414         struct ip_vs_pe *old_pe;
1415         struct netns_ipvs *ipvs = svc->ipvs;
1416 
1417         /* Count only IPv4 services for old get/setsockopt interface */
1418         if (svc->af == AF_INET)
1419                 ipvs->num_services--;
1420 
1421         ip_vs_stop_estimator(svc->ipvs, &svc->stats);
1422 
1423         /* Unbind scheduler */
1424         old_sched = rcu_dereference_protected(svc->scheduler, 1);
1425         ip_vs_unbind_scheduler(svc, old_sched);
1426         ip_vs_scheduler_put(old_sched);
1427 
1428         /* Unbind persistence engine, keep svc->pe */
1429         old_pe = rcu_dereference_protected(svc->pe, 1);
1430         if (old_pe && old_pe->conn_out)
1431                 atomic_dec(&ipvs->conn_out_counter);
1432         ip_vs_pe_put(old_pe);
1433 
1434         /*
1435          *    Unlink the whole destination list
1436          */
1437         list_for_each_entry_safe(dest, nxt, &svc->destinations, n_list) {
1438                 __ip_vs_unlink_dest(svc, dest, 0);
1439                 __ip_vs_del_dest(svc->ipvs, dest, cleanup);
1440         }
1441 
1442         /*
1443          *    Update the virtual service counters
1444          */
1445         if (svc->port == FTPPORT)
1446                 atomic_dec(&ipvs->ftpsvc_counter);
1447         else if (svc->port == 0)
1448                 atomic_dec(&ipvs->nullsvc_counter);
1449 
1450         /*
1451          *    Free the service if nobody refers to it
1452          */
1453         __ip_vs_svc_put(svc, true);
1454 
1455         /* decrease the module use count */
1456         ip_vs_use_count_dec();
1457 }
1458 
1459 /*
1460  * Unlink a service from list and try to delete it if its refcnt reached 0
1461  */
1462 static void ip_vs_unlink_service(struct ip_vs_service *svc, bool cleanup)
1463 {
1464         /* Hold svc to avoid double release from dest_trash */
1465         atomic_inc(&svc->refcnt);
1466         /*
1467          * Unhash it from the service table
1468          */
1469         ip_vs_svc_unhash(svc);
1470 
1471         __ip_vs_del_service(svc, cleanup);
1472 }
1473 
1474 /*
1475  *      Delete a service from the service list
1476  */
1477 static int ip_vs_del_service(struct ip_vs_service *svc)
1478 {
1479         if (svc == NULL)
1480                 return -EEXIST;
1481         ip_vs_unlink_service(svc, false);
1482 
1483         return 0;
1484 }
1485 
1486 
1487 /*
1488  *      Flush all the virtual services
1489  */
1490 static int ip_vs_flush(struct netns_ipvs *ipvs, bool cleanup)
1491 {
1492         int idx;
1493         struct ip_vs_service *svc;
1494         struct hlist_node *n;
1495 
1496         /*
1497          * Flush the service table hashed by <netns,protocol,addr,port>
1498          */
1499         for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1500                 hlist_for_each_entry_safe(svc, n, &ip_vs_svc_table[idx],
1501                                           s_list) {
1502                         if (svc->ipvs == ipvs)
1503                                 ip_vs_unlink_service(svc, cleanup);
1504                 }
1505         }
1506 
1507         /*
1508          * Flush the service table hashed by fwmark
1509          */
1510         for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1511                 hlist_for_each_entry_safe(svc, n, &ip_vs_svc_fwm_table[idx],
1512                                           f_list) {
1513                         if (svc->ipvs == ipvs)
1514                                 ip_vs_unlink_service(svc, cleanup);
1515                 }
1516         }
1517 
1518         return 0;
1519 }
1520 
1521 /*
1522  *      Delete service by {netns} in the service table.
1523  *      Called by __ip_vs_cleanup()
1524  */
1525 void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs)
1526 {
1527         EnterFunction(2);
1528         /* Check for "full" addressed entries */
1529         mutex_lock(&__ip_vs_mutex);
1530         ip_vs_flush(ipvs, true);
1531         mutex_unlock(&__ip_vs_mutex);
1532         LeaveFunction(2);
1533 }
1534 
1535 /* Put all references for device (dst_cache) */
1536 static inline void
1537 ip_vs_forget_dev(struct ip_vs_dest *dest, struct net_device *dev)
1538 {
1539         struct ip_vs_dest_dst *dest_dst;
1540 
1541         spin_lock_bh(&dest->dst_lock);
1542         dest_dst = rcu_dereference_protected(dest->dest_dst, 1);
1543         if (dest_dst && dest_dst->dst_cache->dev == dev) {
1544                 IP_VS_DBG_BUF(3, "Reset dev:%s dest %s:%u ,dest->refcnt=%d\n",
1545                               dev->name,
1546                               IP_VS_DBG_ADDR(dest->af, &dest->addr),
1547                               ntohs(dest->port),
1548                               atomic_read(&dest->refcnt));
1549                 __ip_vs_dst_cache_reset(dest);
1550         }
1551         spin_unlock_bh(&dest->dst_lock);
1552 
1553 }
1554 /* Netdev event receiver
1555  * Currently only NETDEV_DOWN is handled to release refs to cached dsts
1556  */
1557 static int ip_vs_dst_event(struct notifier_block *this, unsigned long event,
1558                            void *ptr)
1559 {
1560         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1561         struct net *net = dev_net(dev);
1562         struct netns_ipvs *ipvs = net_ipvs(net);
1563         struct ip_vs_service *svc;
1564         struct ip_vs_dest *dest;
1565         unsigned int idx;
1566 
1567         if (event != NETDEV_DOWN || !ipvs)
1568                 return NOTIFY_DONE;
1569         IP_VS_DBG(3, "%s() dev=%s\n", __func__, dev->name);
1570         EnterFunction(2);
1571         mutex_lock(&__ip_vs_mutex);
1572         for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1573                 hlist_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1574                         if (svc->ipvs == ipvs) {
1575                                 list_for_each_entry(dest, &svc->destinations,
1576                                                     n_list) {
1577                                         ip_vs_forget_dev(dest, dev);
1578                                 }
1579                         }
1580                 }
1581 
1582                 hlist_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1583                         if (svc->ipvs == ipvs) {
1584                                 list_for_each_entry(dest, &svc->destinations,
1585                                                     n_list) {
1586                                         ip_vs_forget_dev(dest, dev);
1587                                 }
1588                         }
1589 
1590                 }
1591         }
1592 
1593         spin_lock_bh(&ipvs->dest_trash_lock);
1594         list_for_each_entry(dest, &ipvs->dest_trash, t_list) {
1595                 ip_vs_forget_dev(dest, dev);
1596         }
1597         spin_unlock_bh(&ipvs->dest_trash_lock);
1598         mutex_unlock(&__ip_vs_mutex);
1599         LeaveFunction(2);
1600         return NOTIFY_DONE;
1601 }
1602 
1603 /*
1604  *      Zero counters in a service or all services
1605  */
1606 static int ip_vs_zero_service(struct ip_vs_service *svc)
1607 {
1608         struct ip_vs_dest *dest;
1609 
1610         list_for_each_entry(dest, &svc->destinations, n_list) {
1611                 ip_vs_zero_stats(&dest->stats);
1612         }
1613         ip_vs_zero_stats(&svc->stats);
1614         return 0;
1615 }
1616 
1617 static int ip_vs_zero_all(struct netns_ipvs *ipvs)
1618 {
1619         int idx;
1620         struct ip_vs_service *svc;
1621 
1622         for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1623                 hlist_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
1624                         if (svc->ipvs == ipvs)
1625                                 ip_vs_zero_service(svc);
1626                 }
1627         }
1628 
1629         for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1630                 hlist_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
1631                         if (svc->ipvs == ipvs)
1632                                 ip_vs_zero_service(svc);
1633                 }
1634         }
1635 
1636         ip_vs_zero_stats(&ipvs->tot_stats);
1637         return 0;
1638 }
1639 
1640 #ifdef CONFIG_SYSCTL
1641 
1642 static int zero;
1643 static int three = 3;
1644 
1645 static int
1646 proc_do_defense_mode(struct ctl_table *table, int write,
1647                      void __user *buffer, size_t *lenp, loff_t *ppos)
1648 {
1649         struct netns_ipvs *ipvs = table->extra2;
1650         int *valp = table->data;
1651         int val = *valp;
1652         int rc;
1653 
1654         rc = proc_dointvec(table, write, buffer, lenp, ppos);
1655         if (write && (*valp != val)) {
1656                 if ((*valp < 0) || (*valp > 3)) {
1657                         /* Restore the correct value */
1658                         *valp = val;
1659                 } else {
1660                         update_defense_level(ipvs);
1661                 }
1662         }
1663         return rc;
1664 }
1665 
1666 static int
1667 proc_do_sync_threshold(struct ctl_table *table, int write,
1668                        void __user *buffer, size_t *lenp, loff_t *ppos)
1669 {
1670         int *valp = table->data;
1671         int val[2];
1672         int rc;
1673 
1674         /* backup the value first */
1675         memcpy(val, valp, sizeof(val));
1676 
1677         rc = proc_dointvec(table, write, buffer, lenp, ppos);
1678         if (write && (valp[0] < 0 || valp[1] < 0 ||
1679             (valp[0] >= valp[1] && valp[1]))) {
1680                 /* Restore the correct value */
1681                 memcpy(valp, val, sizeof(val));
1682         }
1683         return rc;
1684 }
1685 
1686 static int
1687 proc_do_sync_mode(struct ctl_table *table, int write,
1688                      void __user *buffer, size_t *lenp, loff_t *ppos)
1689 {
1690         int *valp = table->data;
1691         int val = *valp;
1692         int rc;
1693 
1694         rc = proc_dointvec(table, write, buffer, lenp, ppos);
1695         if (write && (*valp != val)) {
1696                 if ((*valp < 0) || (*valp > 1)) {
1697                         /* Restore the correct value */
1698                         *valp = val;
1699                 }
1700         }
1701         return rc;
1702 }
1703 
1704 static int
1705 proc_do_sync_ports(struct ctl_table *table, int write,
1706                    void __user *buffer, size_t *lenp, loff_t *ppos)
1707 {
1708         int *valp = table->data;
1709         int val = *valp;
1710         int rc;
1711 
1712         rc = proc_dointvec(table, write, buffer, lenp, ppos);
1713         if (write && (*valp != val)) {
1714                 if (*valp < 1 || !is_power_of_2(*valp)) {
1715                         /* Restore the correct value */
1716                         *valp = val;
1717                 }
1718         }
1719         return rc;
1720 }
1721 
1722 /*
1723  *      IPVS sysctl table (under the /proc/sys/net/ipv4/vs/)
1724  *      Do not change order or insert new entries without
1725  *      align with netns init in ip_vs_control_net_init()
1726  */
1727 
1728 static struct ctl_table vs_vars[] = {
1729         {
1730                 .procname       = "amemthresh",
1731                 .maxlen         = sizeof(int),
1732                 .mode           = 0644,
1733                 .proc_handler   = proc_dointvec,
1734         },
1735         {
1736                 .procname       = "am_droprate",
1737                 .maxlen         = sizeof(int),
1738                 .mode           = 0644,
1739                 .proc_handler   = proc_dointvec,
1740         },
1741         {
1742                 .procname       = "drop_entry",
1743                 .maxlen         = sizeof(int),
1744                 .mode           = 0644,
1745                 .proc_handler   = proc_do_defense_mode,
1746         },
1747         {
1748                 .procname       = "drop_packet",
1749                 .maxlen         = sizeof(int),
1750                 .mode           = 0644,
1751                 .proc_handler   = proc_do_defense_mode,
1752         },
1753 #ifdef CONFIG_IP_VS_NFCT
1754         {
1755                 .procname       = "conntrack",
1756                 .maxlen         = sizeof(int),
1757                 .mode           = 0644,
1758                 .proc_handler   = &proc_dointvec,
1759         },
1760 #endif
1761         {
1762                 .procname       = "secure_tcp",
1763                 .maxlen         = sizeof(int),
1764                 .mode           = 0644,
1765                 .proc_handler   = proc_do_defense_mode,
1766         },
1767         {
1768                 .procname       = "snat_reroute",
1769                 .maxlen         = sizeof(int),
1770                 .mode           = 0644,
1771                 .proc_handler   = &proc_dointvec,
1772         },
1773         {
1774                 .procname       = "sync_version",
1775                 .maxlen         = sizeof(int),
1776                 .mode           = 0644,
1777                 .proc_handler   = &proc_do_sync_mode,
1778         },
1779         {
1780                 .procname       = "sync_ports",
1781                 .maxlen         = sizeof(int),
1782                 .mode           = 0644,
1783                 .proc_handler   = &proc_do_sync_ports,
1784         },
1785         {
1786                 .procname       = "sync_persist_mode",
1787                 .maxlen         = sizeof(int),
1788                 .mode           = 0644,
1789                 .proc_handler   = proc_dointvec,
1790         },
1791         {
1792                 .procname       = "sync_qlen_max",
1793                 .maxlen         = sizeof(unsigned long),
1794                 .mode           = 0644,
1795                 .proc_handler   = proc_doulongvec_minmax,
1796         },
1797         {
1798                 .procname       = "sync_sock_size",
1799                 .maxlen         = sizeof(int),
1800                 .mode           = 0644,
1801                 .proc_handler   = proc_dointvec,
1802         },
1803         {
1804                 .procname       = "cache_bypass",
1805                 .maxlen         = sizeof(int),
1806                 .mode           = 0644,
1807                 .proc_handler   = proc_dointvec,
1808         },
1809         {
1810                 .procname       = "expire_nodest_conn",
1811                 .maxlen         = sizeof(int),
1812                 .mode           = 0644,
1813                 .proc_handler   = proc_dointvec,
1814         },
1815         {
1816                 .procname       = "sloppy_tcp",
1817                 .maxlen         = sizeof(int),
1818                 .mode           = 0644,
1819                 .proc_handler   = proc_dointvec,
1820         },
1821         {
1822                 .procname       = "sloppy_sctp",
1823                 .maxlen         = sizeof(int),
1824                 .mode           = 0644,
1825                 .proc_handler   = proc_dointvec,
1826         },
1827         {
1828                 .procname       = "expire_quiescent_template",
1829                 .maxlen         = sizeof(int),
1830                 .mode           = 0644,
1831                 .proc_handler   = proc_dointvec,
1832         },
1833         {
1834                 .procname       = "sync_threshold",
1835                 .maxlen         =
1836                         sizeof(((struct netns_ipvs *)0)->sysctl_sync_threshold),
1837                 .mode           = 0644,
1838                 .proc_handler   = proc_do_sync_threshold,
1839         },
1840         {
1841                 .procname       = "sync_refresh_period",
1842                 .maxlen         = sizeof(int),
1843                 .mode           = 0644,
1844                 .proc_handler   = proc_dointvec_jiffies,
1845         },
1846         {
1847                 .procname       = "sync_retries",
1848                 .maxlen         = sizeof(int),
1849                 .mode           = 0644,
1850                 .proc_handler   = proc_dointvec_minmax,
1851                 .extra1         = &zero,
1852                 .extra2         = &three,
1853         },
1854         {
1855                 .procname       = "nat_icmp_send",
1856                 .maxlen         = sizeof(int),
1857                 .mode           = 0644,
1858                 .proc_handler   = proc_dointvec,
1859         },
1860         {
1861                 .procname       = "pmtu_disc",
1862                 .maxlen         = sizeof(int),
1863                 .mode           = 0644,
1864                 .proc_handler   = proc_dointvec,
1865         },
1866         {
1867                 .procname       = "backup_only",
1868                 .maxlen         = sizeof(int),
1869                 .mode           = 0644,
1870                 .proc_handler   = proc_dointvec,
1871         },
1872         {
1873                 .procname       = "conn_reuse_mode",
1874                 .maxlen         = sizeof(int),
1875                 .mode           = 0644,
1876                 .proc_handler   = proc_dointvec,
1877         },
1878         {
1879                 .procname       = "schedule_icmp",
1880                 .maxlen         = sizeof(int),
1881                 .mode           = 0644,
1882                 .proc_handler   = proc_dointvec,
1883         },
1884         {
1885                 .procname       = "ignore_tunneled",
1886                 .maxlen         = sizeof(int),
1887                 .mode           = 0644,
1888                 .proc_handler   = proc_dointvec,
1889         },
1890 #ifdef CONFIG_IP_VS_DEBUG
1891         {
1892                 .procname       = "debug_level",
1893                 .data           = &sysctl_ip_vs_debug_level,
1894                 .maxlen         = sizeof(int),
1895                 .mode           = 0644,
1896                 .proc_handler   = proc_dointvec,
1897         },
1898 #endif
1899         { }
1900 };
1901 
1902 #endif
1903 
1904 #ifdef CONFIG_PROC_FS
1905 
1906 struct ip_vs_iter {
1907         struct seq_net_private p;  /* Do not move this, netns depends upon it*/
1908         struct hlist_head *table;
1909         int bucket;
1910 };
1911 
1912 /*
1913  *      Write the contents of the VS rule table to a PROCfs file.
1914  *      (It is kept just for backward compatibility)
1915  */
1916 static inline const char *ip_vs_fwd_name(unsigned int flags)
1917 {
1918         switch (flags & IP_VS_CONN_F_FWD_MASK) {
1919         case IP_VS_CONN_F_LOCALNODE:
1920                 return "Local";
1921         case IP_VS_CONN_F_TUNNEL:
1922                 return "Tunnel";
1923         case IP_VS_CONN_F_DROUTE:
1924                 return "Route";
1925         default:
1926                 return "Masq";
1927         }
1928 }
1929 
1930 
1931 /* Get the Nth entry in the two lists */
1932 static struct ip_vs_service *ip_vs_info_array(struct seq_file *seq, loff_t pos)
1933 {
1934         struct net *net = seq_file_net(seq);
1935         struct netns_ipvs *ipvs = net_ipvs(net);
1936         struct ip_vs_iter *iter = seq->private;
1937         int idx;
1938         struct ip_vs_service *svc;
1939 
1940         /* look in hash by protocol */
1941         for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1942                 hlist_for_each_entry_rcu(svc, &ip_vs_svc_table[idx], s_list) {
1943                         if ((svc->ipvs == ipvs) && pos-- == 0) {
1944                                 iter->table = ip_vs_svc_table;
1945                                 iter->bucket = idx;
1946                                 return svc;
1947                         }
1948                 }
1949         }
1950 
1951         /* keep looking in fwmark */
1952         for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
1953                 hlist_for_each_entry_rcu(svc, &ip_vs_svc_fwm_table[idx],
1954                                          f_list) {
1955                         if ((svc->ipvs == ipvs) && pos-- == 0) {
1956                                 iter->table = ip_vs_svc_fwm_table;
1957                                 iter->bucket = idx;
1958                                 return svc;
1959                         }
1960                 }
1961         }
1962 
1963         return NULL;
1964 }
1965 
1966 static void *ip_vs_info_seq_start(struct seq_file *seq, loff_t *pos)
1967         __acquires(RCU)
1968 {
1969         rcu_read_lock();
1970         return *pos ? ip_vs_info_array(seq, *pos - 1) : SEQ_START_TOKEN;
1971 }
1972 
1973 
1974 static void *ip_vs_info_seq_next(struct seq_file *seq, void *v, loff_t *pos)
1975 {
1976         struct hlist_node *e;
1977         struct ip_vs_iter *iter;
1978         struct ip_vs_service *svc;
1979 
1980         ++*pos;
1981         if (v == SEQ_START_TOKEN)
1982                 return ip_vs_info_array(seq,0);
1983 
1984         svc = v;
1985         iter = seq->private;
1986 
1987         if (iter->table == ip_vs_svc_table) {
1988                 /* next service in table hashed by protocol */
1989                 e = rcu_dereference(hlist_next_rcu(&svc->s_list));
1990                 if (e)
1991                         return hlist_entry(e, struct ip_vs_service, s_list);
1992 
1993                 while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
1994                         hlist_for_each_entry_rcu(svc,
1995                                                  &ip_vs_svc_table[iter->bucket],
1996                                                  s_list) {
1997                                 return svc;
1998                         }
1999                 }
2000 
2001                 iter->table = ip_vs_svc_fwm_table;
2002                 iter->bucket = -1;
2003                 goto scan_fwmark;
2004         }
2005 
2006         /* next service in hashed by fwmark */
2007         e = rcu_dereference(hlist_next_rcu(&svc->f_list));
2008         if (e)
2009                 return hlist_entry(e, struct ip_vs_service, f_list);
2010 
2011  scan_fwmark:
2012         while (++iter->bucket < IP_VS_SVC_TAB_SIZE) {
2013                 hlist_for_each_entry_rcu(svc,
2014                                          &ip_vs_svc_fwm_table[iter->bucket],
2015                                          f_list)
2016                         return svc;
2017         }
2018 
2019         return NULL;
2020 }
2021 
2022 static void ip_vs_info_seq_stop(struct seq_file *seq, void *v)
2023         __releases(RCU)
2024 {
2025         rcu_read_unlock();
2026 }
2027 
2028 
2029 static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
2030 {
2031         if (v == SEQ_START_TOKEN) {
2032                 seq_printf(seq,
2033                         "IP Virtual Server version %d.%d.%d (size=%d)\n",
2034                         NVERSION(IP_VS_VERSION_CODE), ip_vs_conn_tab_size);
2035                 seq_puts(seq,
2036                          "Prot LocalAddress:Port Scheduler Flags\n");
2037                 seq_puts(seq,
2038                          "  -> RemoteAddress:Port Forward Weight ActiveConn InActConn\n");
2039         } else {
2040                 const struct ip_vs_service *svc = v;
2041                 const struct ip_vs_iter *iter = seq->private;
2042                 const struct ip_vs_dest *dest;
2043                 struct ip_vs_scheduler *sched = rcu_dereference(svc->scheduler);
2044                 char *sched_name = sched ? sched->name : "none";
2045 
2046                 if (iter->table == ip_vs_svc_table) {
2047 #ifdef CONFIG_IP_VS_IPV6
2048                         if (svc->af == AF_INET6)
2049                                 seq_printf(seq, "%s  [%pI6]:%04X %s ",
2050                                            ip_vs_proto_name(svc->protocol),
2051                                            &svc->addr.in6,
2052                                            ntohs(svc->port),
2053                                            sched_name);
2054                         else
2055 #endif
2056                                 seq_printf(seq, "%s  %08X:%04X %s %s ",
2057                                            ip_vs_proto_name(svc->protocol),
2058                                            ntohl(svc->addr.ip),
2059                                            ntohs(svc->port),
2060                                            sched_name,
2061                                            (svc->flags & IP_VS_SVC_F_ONEPACKET)?"ops ":"");
2062                 } else {
2063                         seq_printf(seq, "FWM  %08X %s %s",
2064                                    svc->fwmark, sched_name,
2065                                    (svc->flags & IP_VS_SVC_F_ONEPACKET)?"ops ":"");
2066                 }
2067 
2068                 if (svc->flags & IP_VS_SVC_F_PERSISTENT)
2069                         seq_printf(seq, "persistent %d %08X\n",
2070                                 svc->timeout,
2071                                 ntohl(svc->netmask));
2072                 else
2073                         seq_putc(seq, '\n');
2074 
2075                 list_for_each_entry_rcu(dest, &svc->destinations, n_list) {
2076 #ifdef CONFIG_IP_VS_IPV6
2077                         if (dest->af == AF_INET6)
2078                                 seq_printf(seq,
2079                                            "  -> [%pI6]:%04X"
2080                                            "      %-7s %-6d %-10d %-10d\n",
2081                                            &dest->addr.in6,
2082                                            ntohs(dest->port),
2083                                            ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
2084                                            atomic_read(&dest->weight),
2085                                            atomic_read(&dest->activeconns),
2086                                            atomic_read(&dest->inactconns));
2087                         else
2088 #endif
2089                                 seq_printf(seq,
2090                                            "  -> %08X:%04X      "
2091                                            "%-7s %-6d %-10d %-10d\n",
2092                                            ntohl(dest->addr.ip),
2093                                            ntohs(dest->port),
2094                                            ip_vs_fwd_name(atomic_read(&dest->conn_flags)),
2095                                            atomic_read(&dest->weight),
2096                                            atomic_read(&dest->activeconns),
2097                                            atomic_read(&dest->inactconns));
2098 
2099                 }
2100         }
2101         return 0;
2102 }
2103 
2104 static const struct seq_operations ip_vs_info_seq_ops = {
2105         .start = ip_vs_info_seq_start,
2106         .next  = ip_vs_info_seq_next,
2107         .stop  = ip_vs_info_seq_stop,
2108         .show  = ip_vs_info_seq_show,
2109 };
2110 
2111 static int ip_vs_info_open(struct inode *inode, struct file *file)
2112 {
2113         return seq_open_net(inode, file, &ip_vs_info_seq_ops,
2114                         sizeof(struct ip_vs_iter));
2115 }
2116 
2117 static const struct file_operations ip_vs_info_fops = {
2118         .owner   = THIS_MODULE,
2119         .open    = ip_vs_info_open,
2120         .read    = seq_read,
2121         .llseek  = seq_lseek,
2122         .release = seq_release_net,
2123 };
2124 
2125 static int ip_vs_stats_show(struct seq_file *seq, void *v)
2126 {
2127         struct net *net = seq_file_single_net(seq);
2128         struct ip_vs_kstats show;
2129 
2130 /*               01234567 01234567 01234567 0123456701234567 0123456701234567 */
2131         seq_puts(seq,
2132                  "   Total Incoming Outgoing         Incoming         Outgoing\n");
2133         seq_printf(seq,
2134                    "   Conns  Packets  Packets            Bytes            Bytes\n");
2135 
2136         ip_vs_copy_stats(&show, &net_ipvs(net)->tot_stats);
2137         seq_printf(seq, "%8LX %8LX %8LX %16LX %16LX\n\n",
2138                    (unsigned long long)show.conns,
2139                    (unsigned long long)show.inpkts,
2140                    (unsigned long long)show.outpkts,
2141                    (unsigned long long)show.inbytes,
2142                    (unsigned long long)show.outbytes);
2143 
2144 /*                01234567 01234567 01234567 0123456701234567 0123456701234567*/
2145         seq_puts(seq,
2146                  " Conns/s   Pkts/s   Pkts/s          Bytes/s          Bytes/s\n");
2147         seq_printf(seq, "%8LX %8LX %8LX %16LX %16LX\n",
2148                    (unsigned long long)show.cps,
2149                    (unsigned long long)show.inpps,
2150                    (unsigned long long)show.outpps,
2151                    (unsigned long long)show.inbps,
2152                    (unsigned long long)show.outbps);
2153 
2154         return 0;
2155 }
2156 
2157 static int ip_vs_stats_seq_open(struct inode *inode, struct file *file)
2158 {
2159         return single_open_net(inode, file, ip_vs_stats_show);
2160 }
2161 
2162 static const struct file_operations ip_vs_stats_fops = {
2163         .owner = THIS_MODULE,
2164         .open = ip_vs_stats_seq_open,
2165         .read = seq_read,
2166         .llseek = seq_lseek,
2167         .release = single_release_net,
2168 };
2169 
2170 static int ip_vs_stats_percpu_show(struct seq_file *seq, void *v)
2171 {
2172         struct net *net = seq_file_single_net(seq);
2173         struct ip_vs_stats *tot_stats = &net_ipvs(net)->tot_stats;
2174         struct ip_vs_cpu_stats __percpu *cpustats = tot_stats->cpustats;
2175         struct ip_vs_kstats kstats;
2176         int i;
2177 
2178 /*               01234567 01234567 01234567 0123456701234567 0123456701234567 */
2179         seq_puts(seq,
2180                  "       Total Incoming Outgoing         Incoming         Outgoing\n");
2181         seq_printf(seq,
2182                    "CPU    Conns  Packets  Packets            Bytes            Bytes\n");
2183 
2184         for_each_possible_cpu(i) {
2185                 struct ip_vs_cpu_stats *u = per_cpu_ptr(cpustats, i);
2186                 unsigned int start;
2187                 u64 conns, inpkts, outpkts, inbytes, outbytes;
2188 
2189                 do {
2190                         start = u64_stats_fetch_begin_irq(&u->syncp);
2191                         conns = u->cnt.conns;
2192                         inpkts = u->cnt.inpkts;
2193                         outpkts = u->cnt.outpkts;
2194                         inbytes = u->cnt.inbytes;
2195                         outbytes = u->cnt.outbytes;
2196                 } while (u64_stats_fetch_retry_irq(&u->syncp, start));
2197 
2198                 seq_printf(seq, "%3X %8LX %8LX %8LX %16LX %16LX\n",
2199                            i, (u64)conns, (u64)inpkts,
2200                            (u64)outpkts, (u64)inbytes,
2201                            (u64)outbytes);
2202         }
2203 
2204         ip_vs_copy_stats(&kstats, tot_stats);
2205 
2206         seq_printf(seq, "  ~ %8LX %8LX %8LX %16LX %16LX\n\n",
2207                    (unsigned long long)kstats.conns,
2208                    (unsigned long long)kstats.inpkts,
2209                    (unsigned long long)kstats.outpkts,
2210                    (unsigned long long)kstats.inbytes,
2211                    (unsigned long long)kstats.outbytes);
2212 
2213 /*                ... 01234567 01234567 01234567 0123456701234567 0123456701234567 */
2214         seq_puts(seq,
2215                  "     Conns/s   Pkts/s   Pkts/s          Bytes/s          Bytes/s\n");
2216         seq_printf(seq, "    %8LX %8LX %8LX %16LX %16LX\n",
2217                    kstats.cps,
2218                    kstats.inpps,
2219                    kstats.outpps,
2220                    kstats.inbps,
2221                    kstats.outbps);
2222 
2223         return 0;
2224 }
2225 
2226 static int ip_vs_stats_percpu_seq_open(struct inode *inode, struct file *file)
2227 {
2228         return single_open_net(inode, file, ip_vs_stats_percpu_show);
2229 }
2230 
2231 static const struct file_operations ip_vs_stats_percpu_fops = {
2232         .owner = THIS_MODULE,
2233         .open = ip_vs_stats_percpu_seq_open,
2234         .read = seq_read,
2235         .llseek = seq_lseek,
2236         .release = single_release_net,
2237 };
2238 #endif
2239 
2240 /*
2241  *      Set timeout values for tcp tcpfin udp in the timeout_table.
2242  */
2243 static int ip_vs_set_timeout(struct netns_ipvs *ipvs, struct ip_vs_timeout_user *u)
2244 {
2245 #if defined(CONFIG_IP_VS_PROTO_TCP) || defined(CONFIG_IP_VS_PROTO_UDP)
2246         struct ip_vs_proto_data *pd;
2247 #endif
2248 
2249         IP_VS_DBG(2, "Setting timeout tcp:%d tcpfin:%d udp:%d\n",
2250                   u->tcp_timeout,
2251                   u->tcp_fin_timeout,
2252                   u->udp_timeout);
2253 
2254 #ifdef CONFIG_IP_VS_PROTO_TCP
2255         if (u->tcp_timeout) {
2256                 pd = ip_vs_proto_data_get(ipvs, IPPROTO_TCP);
2257                 pd->timeout_table[IP_VS_TCP_S_ESTABLISHED]
2258                         = u->tcp_timeout * HZ;
2259         }
2260 
2261         if (u->tcp_fin_timeout) {
2262                 pd = ip_vs_proto_data_get(ipvs, IPPROTO_TCP);
2263                 pd->timeout_table[IP_VS_TCP_S_FIN_WAIT]
2264                         = u->tcp_fin_timeout * HZ;
2265         }
2266 #endif
2267 
2268 #ifdef CONFIG_IP_VS_PROTO_UDP
2269         if (u->udp_timeout) {
2270                 pd = ip_vs_proto_data_get(ipvs, IPPROTO_UDP);
2271                 pd->timeout_table[IP_VS_UDP_S_NORMAL]
2272                         = u->udp_timeout * HZ;
2273         }
2274 #endif
2275         return 0;
2276 }
2277 
2278 #define CMDID(cmd)              (cmd - IP_VS_BASE_CTL)
2279 
2280 struct ip_vs_svcdest_user {
2281         struct ip_vs_service_user       s;
2282         struct ip_vs_dest_user          d;
2283 };
2284 
2285 static const unsigned char set_arglen[CMDID(IP_VS_SO_SET_MAX) + 1] = {
2286         [CMDID(IP_VS_SO_SET_ADD)]         = sizeof(struct ip_vs_service_user),
2287         [CMDID(IP_VS_SO_SET_EDIT)]        = sizeof(struct ip_vs_service_user),
2288         [CMDID(IP_VS_SO_SET_DEL)]         = sizeof(struct ip_vs_service_user),
2289         [CMDID(IP_VS_SO_SET_ADDDEST)]     = sizeof(struct ip_vs_svcdest_user),
2290         [CMDID(IP_VS_SO_SET_DELDEST)]     = sizeof(struct ip_vs_svcdest_user),
2291         [CMDID(IP_VS_SO_SET_EDITDEST)]    = sizeof(struct ip_vs_svcdest_user),
2292         [CMDID(IP_VS_SO_SET_TIMEOUT)]     = sizeof(struct ip_vs_timeout_user),
2293         [CMDID(IP_VS_SO_SET_STARTDAEMON)] = sizeof(struct ip_vs_daemon_user),
2294         [CMDID(IP_VS_SO_SET_STOPDAEMON)]  = sizeof(struct ip_vs_daemon_user),
2295         [CMDID(IP_VS_SO_SET_ZERO)]        = sizeof(struct ip_vs_service_user),
2296 };
2297 
2298 union ip_vs_set_arglen {
2299         struct ip_vs_service_user       field_IP_VS_SO_SET_ADD;
2300         struct ip_vs_service_user       field_IP_VS_SO_SET_EDIT;
2301         struct ip_vs_service_user       field_IP_VS_SO_SET_DEL;
2302         struct ip_vs_svcdest_user       field_IP_VS_SO_SET_ADDDEST;
2303         struct ip_vs_svcdest_user       field_IP_VS_SO_SET_DELDEST;
2304         struct ip_vs_svcdest_user       field_IP_VS_SO_SET_EDITDEST;
2305         struct ip_vs_timeout_user       field_IP_VS_SO_SET_TIMEOUT;
2306         struct ip_vs_daemon_user        field_IP_VS_SO_SET_STARTDAEMON;
2307         struct ip_vs_daemon_user        field_IP_VS_SO_SET_STOPDAEMON;
2308         struct ip_vs_service_user       field_IP_VS_SO_SET_ZERO;
2309 };
2310 
2311 #define MAX_SET_ARGLEN  sizeof(union ip_vs_set_arglen)
2312 
2313 static void ip_vs_copy_usvc_compat(struct ip_vs_service_user_kern *usvc,
2314                                   struct ip_vs_service_user *usvc_compat)
2315 {
2316         memset(usvc, 0, sizeof(*usvc));
2317 
2318         usvc->af                = AF_INET;
2319         usvc->protocol          = usvc_compat->protocol;
2320         usvc->addr.ip           = usvc_compat->addr;
2321         usvc->port              = usvc_compat->port;
2322         usvc->fwmark            = usvc_compat->fwmark;
2323 
2324         /* Deep copy of sched_name is not needed here */
2325         usvc->sched_name        = usvc_compat->sched_name;
2326 
2327         usvc->flags             = usvc_compat->flags;
2328         usvc->timeout           = usvc_compat->timeout;
2329         usvc->netmask           = usvc_compat->netmask;
2330 }
2331 
2332 static void ip_vs_copy_udest_compat(struct ip_vs_dest_user_kern *udest,
2333                                    struct ip_vs_dest_user *udest_compat)
2334 {
2335         memset(udest, 0, sizeof(*udest));
2336 
2337         udest->addr.ip          = udest_compat->addr;
2338         udest->port             = udest_compat->port;
2339         udest->conn_flags       = udest_compat->conn_flags;
2340         udest->weight           = udest_compat->weight;
2341         udest->u_threshold      = udest_compat->u_threshold;
2342         udest->l_threshold      = udest_compat->l_threshold;
2343         udest->af               = AF_INET;
2344 }
2345 
2346 static int
2347 do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
2348 {
2349         struct net *net = sock_net(sk);
2350         int ret;
2351         unsigned char arg[MAX_SET_ARGLEN];
2352         struct ip_vs_service_user *usvc_compat;
2353         struct ip_vs_service_user_kern usvc;
2354         struct ip_vs_service *svc;
2355         struct ip_vs_dest_user *udest_compat;
2356         struct ip_vs_dest_user_kern udest;
2357         struct netns_ipvs *ipvs = net_ipvs(net);
2358 
2359         BUILD_BUG_ON(sizeof(arg) > 255);
2360         if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2361                 return -EPERM;
2362 
2363         if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_SET_MAX)
2364                 return -EINVAL;
2365         if (len != set_arglen[CMDID(cmd)]) {
2366                 IP_VS_DBG(1, "set_ctl: len %u != %u\n",
2367                           len, set_arglen[CMDID(cmd)]);
2368                 return -EINVAL;
2369         }
2370 
2371         if (copy_from_user(arg, user, len) != 0)
2372                 return -EFAULT;
2373 
2374         /* increase the module use count */
2375         ip_vs_use_count_inc();
2376 
2377         /* Handle daemons since they have another lock */
2378         if (cmd == IP_VS_SO_SET_STARTDAEMON ||
2379             cmd == IP_VS_SO_SET_STOPDAEMON) {
2380                 struct ip_vs_daemon_user *dm = (struct ip_vs_daemon_user *)arg;
2381 
2382                 if (cmd == IP_VS_SO_SET_STARTDAEMON) {
2383                         struct ipvs_sync_daemon_cfg cfg;
2384 
2385                         memset(&cfg, 0, sizeof(cfg));
2386                         strlcpy(cfg.mcast_ifn, dm->mcast_ifn,
2387                                 sizeof(cfg.mcast_ifn));
2388                         cfg.syncid = dm->syncid;
2389                         rtnl_lock();
2390                         mutex_lock(&ipvs->sync_mutex);
2391                         ret = start_sync_thread(ipvs, &cfg, dm->state);
2392                         mutex_unlock(&ipvs->sync_mutex);
2393                         rtnl_unlock();
2394                 } else {
2395                         mutex_lock(&ipvs->sync_mutex);
2396                         ret = stop_sync_thread(ipvs, dm->state);
2397                         mutex_unlock(&ipvs->sync_mutex);
2398                 }
2399                 goto out_dec;
2400         }
2401 
2402         mutex_lock(&__ip_vs_mutex);
2403         if (cmd == IP_VS_SO_SET_FLUSH) {
2404                 /* Flush the virtual service */
2405                 ret = ip_vs_flush(ipvs, false);
2406                 goto out_unlock;
2407         } else if (cmd == IP_VS_SO_SET_TIMEOUT) {
2408                 /* Set timeout values for (tcp tcpfin udp) */
2409                 ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg);
2410                 goto out_unlock;
2411         }
2412 
2413         usvc_compat = (struct ip_vs_service_user *)arg;
2414         udest_compat = (struct ip_vs_dest_user *)(usvc_compat + 1);
2415 
2416         /* We only use the new structs internally, so copy userspace compat
2417          * structs to extended internal versions */
2418         ip_vs_copy_usvc_compat(&usvc, usvc_compat);
2419         ip_vs_copy_udest_compat(&udest, udest_compat);
2420 
2421         if (cmd == IP_VS_SO_SET_ZERO) {
2422                 /* if no service address is set, zero counters in all */
2423                 if (!usvc.fwmark && !usvc.addr.ip && !usvc.port) {
2424                         ret = ip_vs_zero_all(ipvs);
2425                         goto out_unlock;
2426                 }
2427         }
2428 
2429         /* Check for valid protocol: TCP or UDP or SCTP, even for fwmark!=0 */
2430         if (usvc.protocol != IPPROTO_TCP && usvc.protocol != IPPROTO_UDP &&
2431             usvc.protocol != IPPROTO_SCTP) {
2432                 pr_err("set_ctl: invalid protocol: %d %pI4:%d %s\n",
2433                        usvc.protocol, &usvc.addr.ip,
2434                        ntohs(usvc.port), usvc.sched_name);
2435                 ret = -EFAULT;
2436                 goto out_unlock;
2437         }
2438 
2439         /* Lookup the exact service by <protocol, addr, port> or fwmark */
2440         rcu_read_lock();
2441         if (usvc.fwmark == 0)
2442                 svc = __ip_vs_service_find(ipvs, usvc.af, usvc.protocol,
2443                                            &usvc.addr, usvc.port);
2444         else
2445                 svc = __ip_vs_svc_fwm_find(ipvs, usvc.af, usvc.fwmark);
2446         rcu_read_unlock();
2447 
2448         if (cmd != IP_VS_SO_SET_ADD
2449             && (svc == NULL || svc->protocol != usvc.protocol)) {
2450                 ret = -ESRCH;
2451                 goto out_unlock;
2452         }
2453 
2454         switch (cmd) {
2455         case IP_VS_SO_SET_ADD:
2456                 if (svc != NULL)
2457                         ret = -EEXIST;
2458                 else
2459                         ret = ip_vs_add_service(ipvs, &usvc, &svc);
2460                 break;
2461         case IP_VS_SO_SET_EDIT:
2462                 ret = ip_vs_edit_service(svc, &usvc);
2463                 break;
2464         case IP_VS_SO_SET_DEL:
2465                 ret = ip_vs_del_service(svc);
2466                 if (!ret)
2467                         goto out_unlock;
2468                 break;
2469         case IP_VS_SO_SET_ZERO:
2470                 ret = ip_vs_zero_service(svc);
2471                 break;
2472         case IP_VS_SO_SET_ADDDEST:
2473                 ret = ip_vs_add_dest(svc, &udest);
2474                 break;
2475         case IP_VS_SO_SET_EDITDEST:
2476                 ret = ip_vs_edit_dest(svc, &udest);
2477                 break;
2478         case IP_VS_SO_SET_DELDEST:
2479                 ret = ip_vs_del_dest(svc, &udest);
2480                 break;
2481         default:
2482                 ret = -EINVAL;
2483         }
2484 
2485   out_unlock:
2486         mutex_unlock(&__ip_vs_mutex);
2487   out_dec:
2488         /* decrease the module use count */
2489         ip_vs_use_count_dec();
2490 
2491         return ret;
2492 }
2493 
2494 
2495 static void
2496 ip_vs_copy_service(struct ip_vs_service_entry *dst, struct ip_vs_service *src)
2497 {
2498         struct ip_vs_scheduler *sched;
2499         struct ip_vs_kstats kstats;
2500         char *sched_name;
2501 
2502         sched = rcu_dereference_protected(src->scheduler, 1);
2503         sched_name = sched ? sched->name : "none";
2504         dst->protocol = src->protocol;
2505         dst->addr = src->addr.ip;
2506         dst->port = src->port;
2507         dst->fwmark = src->fwmark;
2508         strlcpy(dst->sched_name, sched_name, sizeof(dst->sched_name));
2509         dst->flags = src->flags;
2510         dst->timeout = src->timeout / HZ;
2511         dst->netmask = src->netmask;
2512         dst->num_dests = src->num_dests;
2513         ip_vs_copy_stats(&kstats, &src->stats);
2514         ip_vs_export_stats_user(&dst->stats, &kstats);
2515 }
2516 
2517 static inline int
2518 __ip_vs_get_service_entries(struct netns_ipvs *ipvs,
2519                             const struct ip_vs_get_services *get,
2520                             struct ip_vs_get_services __user *uptr)
2521 {
2522         int idx, count=0;
2523         struct ip_vs_service *svc;
2524         struct ip_vs_service_entry entry;
2525         int ret = 0;
2526 
2527         for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2528                 hlist_for_each_entry(svc, &ip_vs_svc_table[idx], s_list) {
2529                         /* Only expose IPv4 entries to old interface */
2530                         if (svc->af != AF_INET || (svc->ipvs != ipvs))
2531                                 continue;
2532 
2533                         if (count >= get->num_services)
2534                                 goto out;
2535                         memset(&entry, 0, sizeof(entry));
2536                         ip_vs_copy_service(&entry, svc);
2537                         if (copy_to_user(&uptr->entrytable[count],
2538                                          &entry, sizeof(entry))) {
2539                                 ret = -EFAULT;
2540                                 goto out;
2541                         }
2542                         count++;
2543                 }
2544         }
2545 
2546         for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
2547                 hlist_for_each_entry(svc, &ip_vs_svc_fwm_table[idx], f_list) {
2548                         /* Only expose IPv4 entries to old interface */
2549                         if (svc->af != AF_INET || (svc->ipvs != ipvs))
2550                                 continue;
2551 
2552                         if (count >= get->num_services)
2553                                 goto out;
2554                         memset(&entry, 0, sizeof(entry));
2555                         ip_vs_copy_service(&entry, svc);
2556                         if (copy_to_user(&uptr->entrytable[count],
2557                                          &entry, sizeof(entry))) {
2558                                 ret = -EFAULT;
2559                                 goto out;
2560                         }
2561                         count++;
2562                 }
2563         }
2564 out:
2565         return ret;
2566 }
2567 
2568 static inline int
2569 __ip_vs_get_dest_entries(struct netns_ipvs *ipvs, const struct ip_vs_get_dests *get,
2570                          struct ip_vs_get_dests __user *uptr)
2571 {
2572         struct ip_vs_service *svc;
2573         union nf_inet_addr addr = { .ip = get->addr };
2574         int ret = 0;
2575 
2576         rcu_read_lock();
2577         if (get->fwmark)
2578                 svc = __ip_vs_svc_fwm_find(ipvs, AF_INET, get->fwmark);
2579         else
2580                 svc = __ip_vs_service_find(ipvs, AF_INET, get->protocol, &addr,
2581                                            get->port);
2582         rcu_read_unlock();
2583 
2584         if (svc) {
2585                 int count = 0;
2586                 struct ip_vs_dest *dest;
2587                 struct ip_vs_dest_entry entry;
2588                 struct ip_vs_kstats kstats;
2589 
2590                 memset(&entry, 0, sizeof(entry));
2591                 list_for_each_entry(dest, &svc->destinations, n_list) {
2592                         if (count >= get->num_dests)
2593                                 break;
2594 
2595                         /* Cannot expose heterogeneous members via sockopt
2596                          * interface
2597                          */
2598                         if (dest->af != svc->af)
2599                                 continue;
2600 
2601                         entry.addr = dest->addr.ip;
2602                         entry.port = dest->port;
2603                         entry.conn_flags = atomic_read(&dest->conn_flags);
2604                         entry.weight = atomic_read(&dest->weight);
2605                         entry.u_threshold = dest->u_threshold;
2606                         entry.l_threshold = dest->l_threshold;
2607                         entry.activeconns = atomic_read(&dest->activeconns);
2608                         entry.inactconns = atomic_read(&dest->inactconns);
2609                         entry.persistconns = atomic_read(&dest->persistconns);
2610                         ip_vs_copy_stats(&kstats, &dest->stats);
2611                         ip_vs_export_stats_user(&entry.stats, &kstats);
2612                         if (copy_to_user(&uptr->entrytable[count],
2613                                          &entry, sizeof(entry))) {
2614                                 ret = -EFAULT;
2615                                 break;
2616                         }
2617                         count++;
2618                 }
2619         } else
2620                 ret = -ESRCH;
2621         return ret;
2622 }
2623 
2624 static inline void
2625 __ip_vs_get_timeouts(struct netns_ipvs *ipvs, struct ip_vs_timeout_user *u)
2626 {
2627 #if defined(CONFIG_IP_VS_PROTO_TCP) || defined(CONFIG_IP_VS_PROTO_UDP)
2628         struct ip_vs_proto_data *pd;
2629 #endif
2630 
2631         memset(u, 0, sizeof (*u));
2632 
2633 #ifdef CONFIG_IP_VS_PROTO_TCP
2634         pd = ip_vs_proto_data_get(ipvs, IPPROTO_TCP);
2635         u->tcp_timeout = pd->timeout_table[IP_VS_TCP_S_ESTABLISHED] / HZ;
2636         u->tcp_fin_timeout = pd->timeout_table[IP_VS_TCP_S_FIN_WAIT] / HZ;
2637 #endif
2638 #ifdef CONFIG_IP_VS_PROTO_UDP
2639         pd = ip_vs_proto_data_get(ipvs, IPPROTO_UDP);
2640         u->udp_timeout =
2641                         pd->timeout_table[IP_VS_UDP_S_NORMAL] / HZ;
2642 #endif
2643 }
2644 
2645 static const unsigned char get_arglen[CMDID(IP_VS_SO_GET_MAX) + 1] = {
2646         [CMDID(IP_VS_SO_GET_VERSION)]  = 64,
2647         [CMDID(IP_VS_SO_GET_INFO)]     = sizeof(struct ip_vs_getinfo),
2648         [CMDID(IP_VS_SO_GET_SERVICES)] = sizeof(struct ip_vs_get_services),
2649         [CMDID(IP_VS_SO_GET_SERVICE)]  = sizeof(struct ip_vs_service_entry),
2650         [CMDID(IP_VS_SO_GET_DESTS)]    = sizeof(struct ip_vs_get_dests),
2651         [CMDID(IP_VS_SO_GET_TIMEOUT)]  = sizeof(struct ip_vs_timeout_user),
2652         [CMDID(IP_VS_SO_GET_DAEMON)]   = 2 * sizeof(struct ip_vs_daemon_user),
2653 };
2654 
2655 union ip_vs_get_arglen {
2656         char                            field_IP_VS_SO_GET_VERSION[64];
2657         struct ip_vs_getinfo            field_IP_VS_SO_GET_INFO;
2658         struct ip_vs_get_services       field_IP_VS_SO_GET_SERVICES;
2659         struct ip_vs_service_entry      field_IP_VS_SO_GET_SERVICE;
2660         struct ip_vs_get_dests          field_IP_VS_SO_GET_DESTS;
2661         struct ip_vs_timeout_user       field_IP_VS_SO_GET_TIMEOUT;
2662         struct ip_vs_daemon_user        field_IP_VS_SO_GET_DAEMON[2];
2663 };
2664 
2665 #define MAX_GET_ARGLEN  sizeof(union ip_vs_get_arglen)
2666 
2667 static int
2668 do_ip_vs_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
2669 {
2670         unsigned char arg[MAX_GET_ARGLEN];
2671         int ret = 0;
2672         unsigned int copylen;
2673         struct net *net = sock_net(sk);
2674         struct netns_ipvs *ipvs = net_ipvs(net);
2675 
2676         BUG_ON(!net);
2677         BUILD_BUG_ON(sizeof(arg) > 255);
2678         if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2679                 return -EPERM;
2680 
2681         if (cmd < IP_VS_BASE_CTL || cmd > IP_VS_SO_GET_MAX)
2682                 return -EINVAL;
2683 
2684         copylen = get_arglen[CMDID(cmd)];
2685         if (*len < (int) copylen) {
2686                 IP_VS_DBG(1, "get_ctl: len %d < %u\n", *len, copylen);
2687                 return -EINVAL;
2688         }
2689 
2690         if (copy_from_user(arg, user, copylen) != 0)
2691                 return -EFAULT;
2692         /*
2693          * Handle daemons first since it has its own locking
2694          */
2695         if (cmd == IP_VS_SO_GET_DAEMON) {
2696                 struct ip_vs_daemon_user d[2];
2697 
2698                 memset(&d, 0, sizeof(d));
2699                 mutex_lock(&ipvs->sync_mutex);
2700                 if (ipvs->sync_state & IP_VS_STATE_MASTER) {
2701                         d[0].state = IP_VS_STATE_MASTER;
2702                         strlcpy(d[0].mcast_ifn, ipvs->mcfg.mcast_ifn,
2703                                 sizeof(d[0].mcast_ifn));
2704                         d[0].syncid = ipvs->mcfg.syncid;
2705                 }
2706                 if (ipvs->sync_state & IP_VS_STATE_BACKUP) {
2707                         d[1].state = IP_VS_STATE_BACKUP;
2708                         strlcpy(d[1].mcast_ifn, ipvs->bcfg.mcast_ifn,
2709                                 sizeof(d[1].mcast_ifn));
2710                         d[1].syncid = ipvs->bcfg.syncid;
2711                 }
2712                 if (copy_to_user(user, &d, sizeof(d)) != 0)
2713                         ret = -EFAULT;
2714                 mutex_unlock(&ipvs->sync_mutex);
2715                 return ret;
2716         }
2717 
2718         mutex_lock(&__ip_vs_mutex);
2719         switch (cmd) {
2720         case IP_VS_SO_GET_VERSION:
2721         {
2722                 char buf[64];
2723 
2724                 sprintf(buf, "IP Virtual Server version %d.%d.%d (size=%d)",
2725                         NVERSION(IP_VS_VERSION_CODE), ip_vs_conn_tab_size);
2726                 if (copy_to_user(user, buf, strlen(buf)+1) != 0) {
2727                         ret = -EFAULT;
2728                         goto out;
2729                 }
2730                 *len = strlen(buf)+1;
2731         }
2732         break;
2733 
2734         case IP_VS_SO_GET_INFO:
2735         {
2736                 struct ip_vs_getinfo info;
2737                 info.version = IP_VS_VERSION_CODE;
2738                 info.size = ip_vs_conn_tab_size;
2739                 info.num_services = ipvs->num_services;
2740                 if (copy_to_user(user, &info, sizeof(info)) != 0)
2741                         ret = -EFAULT;
2742         }
2743         break;
2744 
2745         case IP_VS_SO_GET_SERVICES:
2746         {
2747                 struct ip_vs_get_services *get;
2748                 int size;
2749 
2750                 get = (struct ip_vs_get_services *)arg;
2751                 size = sizeof(*get) +
2752                         sizeof(struct ip_vs_service_entry) * get->num_services;
2753                 if (*len != size) {
2754                         pr_err("length: %u != %u\n", *len, size);
2755                         ret = -EINVAL;
2756                         goto out;
2757                 }
2758                 ret = __ip_vs_get_service_entries(ipvs, get, user);
2759         }
2760         break;
2761 
2762         case IP_VS_SO_GET_SERVICE:
2763         {
2764                 struct ip_vs_service_entry *entry;
2765                 struct ip_vs_service *svc;
2766                 union nf_inet_addr addr;
2767 
2768                 entry = (struct ip_vs_service_entry *)arg;
2769                 addr.ip = entry->addr;
2770                 rcu_read_lock();
2771                 if (entry->fwmark)
2772                         svc = __ip_vs_svc_fwm_find(ipvs, AF_INET, entry->fwmark);
2773                 else
2774                         svc = __ip_vs_service_find(ipvs, AF_INET,
2775                                                    entry->protocol, &addr,
2776                                                    entry->port);
2777                 rcu_read_unlock();
2778                 if (svc) {
2779                         ip_vs_copy_service(entry, svc);
2780                         if (copy_to_user(user, entry, sizeof(*entry)) != 0)
2781                                 ret = -EFAULT;
2782                 } else
2783                         ret = -ESRCH;
2784         }
2785         break;
2786 
2787         case IP_VS_SO_GET_DESTS:
2788         {
2789                 struct ip_vs_get_dests *get;
2790                 int size;
2791 
2792                 get = (struct ip_vs_get_dests *)arg;
2793                 size = sizeof(*get) +
2794                         sizeof(struct ip_vs_dest_entry) * get->num_dests;
2795                 if (*len != size) {
2796                         pr_err("length: %u != %u\n", *len, size);
2797                         ret = -EINVAL;
2798                         goto out;
2799                 }
2800                 ret = __ip_vs_get_dest_entries(ipvs, get, user);
2801         }
2802         break;
2803 
2804         case IP_VS_SO_GET_TIMEOUT:
2805         {
2806                 struct ip_vs_timeout_user t;
2807 
2808                 __ip_vs_get_timeouts(ipvs, &t);
2809                 if (copy_to_user(user, &t, sizeof(t)) != 0)
2810                         ret = -EFAULT;
2811         }
2812         break;
2813 
2814         default:
2815                 ret = -EINVAL;
2816         }
2817 
2818 out:
2819         mutex_unlock(&__ip_vs_mutex);
2820         return ret;
2821 }
2822 
2823 
2824 static struct nf_sockopt_ops ip_vs_sockopts = {
2825         .pf             = PF_INET,
2826         .set_optmin     = IP_VS_BASE_CTL,
2827         .set_optmax     = IP_VS_SO_SET_MAX+1,
2828         .set            = do_ip_vs_set_ctl,
2829         .get_optmin     = IP_VS_BASE_CTL,
2830         .get_optmax     = IP_VS_SO_GET_MAX+1,
2831         .get            = do_ip_vs_get_ctl,
2832         .owner          = THIS_MODULE,
2833 };
2834 
2835 /*
2836  * Generic Netlink interface
2837  */
2838 
2839 /* IPVS genetlink family */
2840 static struct genl_family ip_vs_genl_family;
2841 
2842 /* Policy used for first-level command attributes */
2843 static const struct nla_policy ip_vs_cmd_policy[IPVS_CMD_ATTR_MAX + 1] = {
2844         [IPVS_CMD_ATTR_SERVICE]         = { .type = NLA_NESTED },
2845         [IPVS_CMD_ATTR_DEST]            = { .type = NLA_NESTED },
2846         [IPVS_CMD_ATTR_DAEMON]          = { .type = NLA_NESTED },
2847         [IPVS_CMD_ATTR_TIMEOUT_TCP]     = { .type = NLA_U32 },
2848         [IPVS_CMD_ATTR_TIMEOUT_TCP_FIN] = { .type = NLA_U32 },
2849         [IPVS_CMD_ATTR_TIMEOUT_UDP]     = { .type = NLA_U32 },
2850 };
2851 
2852 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DAEMON */
2853 static const struct nla_policy ip_vs_daemon_policy[IPVS_DAEMON_ATTR_MAX + 1] = {
2854         [IPVS_DAEMON_ATTR_STATE]        = { .type = NLA_U32 },
2855         [IPVS_DAEMON_ATTR_MCAST_IFN]    = { .type = NLA_NUL_STRING,
2856                                             .len = IP_VS_IFNAME_MAXLEN },
2857         [IPVS_DAEMON_ATTR_SYNC_ID]      = { .type = NLA_U32 },
2858         [IPVS_DAEMON_ATTR_SYNC_MAXLEN]  = { .type = NLA_U16 },
2859         [IPVS_DAEMON_ATTR_MCAST_GROUP]  = { .type = NLA_U32 },
2860         [IPVS_DAEMON_ATTR_MCAST_GROUP6] = { .len = sizeof(struct in6_addr) },
2861         [IPVS_DAEMON_ATTR_MCAST_PORT]   = { .type = NLA_U16 },
2862         [IPVS_DAEMON_ATTR_MCAST_TTL]    = { .type = NLA_U8 },
2863 };
2864 
2865 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_SERVICE */
2866 static const struct nla_policy ip_vs_svc_policy[IPVS_SVC_ATTR_MAX + 1] = {
2867         [IPVS_SVC_ATTR_AF]              = { .type = NLA_U16 },
2868         [IPVS_SVC_ATTR_PROTOCOL]        = { .type = NLA_U16 },
2869         [IPVS_SVC_ATTR_ADDR]            = { .type = NLA_BINARY,
2870                                             .len = sizeof(union nf_inet_addr) },
2871         [IPVS_SVC_ATTR_PORT]            = { .type = NLA_U16 },
2872         [IPVS_SVC_ATTR_FWMARK]          = { .type = NLA_U32 },
2873         [IPVS_SVC_ATTR_SCHED_NAME]      = { .type = NLA_NUL_STRING,
2874                                             .len = IP_VS_SCHEDNAME_MAXLEN },
2875         [IPVS_SVC_ATTR_PE_NAME]         = { .type = NLA_NUL_STRING,
2876                                             .len = IP_VS_PENAME_MAXLEN },
2877         [IPVS_SVC_ATTR_FLAGS]           = { .type = NLA_BINARY,
2878                                             .len = sizeof(struct ip_vs_flags) },
2879         [IPVS_SVC_ATTR_TIMEOUT]         = { .type = NLA_U32 },
2880         [IPVS_SVC_ATTR_NETMASK]         = { .type = NLA_U32 },
2881         [IPVS_SVC_ATTR_STATS]           = { .type = NLA_NESTED },
2882 };
2883 
2884 /* Policy used for attributes in nested attribute IPVS_CMD_ATTR_DEST */
2885 static const struct nla_policy ip_vs_dest_policy[IPVS_DEST_ATTR_MAX + 1] = {
2886         [IPVS_DEST_ATTR_ADDR]           = { .type = NLA_BINARY,
2887                                             .len = sizeof(union nf_inet_addr) },
2888         [IPVS_DEST_ATTR_PORT]           = { .type = NLA_U16 },
2889         [IPVS_DEST_ATTR_FWD_METHOD]     = { .type = NLA_U32 },
2890         [IPVS_DEST_ATTR_WEIGHT]         = { .type = NLA_U32 },
2891         [IPVS_DEST_ATTR_U_THRESH]       = { .type = NLA_U32 },
2892         [IPVS_DEST_ATTR_L_THRESH]       = { .type = NLA_U32 },
2893         [IPVS_DEST_ATTR_ACTIVE_CONNS]   = { .type = NLA_U32 },
2894         [IPVS_DEST_ATTR_INACT_CONNS]    = { .type = NLA_U32 },
2895         [IPVS_DEST_ATTR_PERSIST_CONNS]  = { .type = NLA_U32 },
2896         [IPVS_DEST_ATTR_STATS]          = { .type = NLA_NESTED },
2897         [IPVS_DEST_ATTR_ADDR_FAMILY]    = { .type = NLA_U16 },
2898 };
2899 
2900 static int ip_vs_genl_fill_stats(struct sk_buff *skb, int container_type,
2901                                  struct ip_vs_kstats *kstats)
2902 {
2903         struct nlattr *nl_stats = nla_nest_start(skb, container_type);
2904 
2905         if (!nl_stats)
2906                 return -EMSGSIZE;
2907 
2908         if (nla_put_u32(skb, IPVS_STATS_ATTR_CONNS, (u32)kstats->conns) ||
2909             nla_put_u32(skb, IPVS_STATS_ATTR_INPKTS, (u32)kstats->inpkts) ||
2910             nla_put_u32(skb, IPVS_STATS_ATTR_OUTPKTS, (u32)kstats->outpkts) ||
2911             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_INBYTES, kstats->inbytes,
2912                               IPVS_STATS_ATTR_PAD) ||
2913             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_OUTBYTES, kstats->outbytes,
2914                               IPVS_STATS_ATTR_PAD) ||
2915             nla_put_u32(skb, IPVS_STATS_ATTR_CPS, (u32)kstats->cps) ||
2916             nla_put_u32(skb, IPVS_STATS_ATTR_INPPS, (u32)kstats->inpps) ||
2917             nla_put_u32(skb, IPVS_STATS_ATTR_OUTPPS, (u32)kstats->outpps) ||
2918             nla_put_u32(skb, IPVS_STATS_ATTR_INBPS, (u32)kstats->inbps) ||
2919             nla_put_u32(skb, IPVS_STATS_ATTR_OUTBPS, (u32)kstats->outbps))
2920                 goto nla_put_failure;
2921         nla_nest_end(skb, nl_stats);
2922 
2923         return 0;
2924 
2925 nla_put_failure:
2926         nla_nest_cancel(skb, nl_stats);
2927         return -EMSGSIZE;
2928 }
2929 
2930 static int ip_vs_genl_fill_stats64(struct sk_buff *skb, int container_type,
2931                                    struct ip_vs_kstats *kstats)
2932 {
2933         struct nlattr *nl_stats = nla_nest_start(skb, container_type);
2934 
2935         if (!nl_stats)
2936                 return -EMSGSIZE;
2937 
2938         if (nla_put_u64_64bit(skb, IPVS_STATS_ATTR_CONNS, kstats->conns,
2939                               IPVS_STATS_ATTR_PAD) ||
2940             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_INPKTS, kstats->inpkts,
2941                               IPVS_STATS_ATTR_PAD) ||
2942             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_OUTPKTS, kstats->outpkts,
2943                               IPVS_STATS_ATTR_PAD) ||
2944             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_INBYTES, kstats->inbytes,
2945                               IPVS_STATS_ATTR_PAD) ||
2946             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_OUTBYTES, kstats->outbytes,
2947                               IPVS_STATS_ATTR_PAD) ||
2948             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_CPS, kstats->cps,
2949                               IPVS_STATS_ATTR_PAD) ||
2950             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_INPPS, kstats->inpps,
2951                               IPVS_STATS_ATTR_PAD) ||
2952             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_OUTPPS, kstats->outpps,
2953                               IPVS_STATS_ATTR_PAD) ||
2954             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_INBPS, kstats->inbps,
2955                               IPVS_STATS_ATTR_PAD) ||
2956             nla_put_u64_64bit(skb, IPVS_STATS_ATTR_OUTBPS, kstats->outbps,
2957                               IPVS_STATS_ATTR_PAD))
2958                 goto nla_put_failure;
2959         nla_nest_end(skb, nl_stats);
2960 
2961         return 0;
2962 
2963 nla_put_failure:
2964         nla_nest_cancel(skb, nl_stats);
2965         return -EMSGSIZE;
2966 }
2967 
2968 static int ip_vs_genl_fill_service(struct sk_buff *skb,
2969                                    struct ip_vs_service *svc)
2970 {
2971         struct ip_vs_scheduler *sched;
2972         struct ip_vs_pe *pe;
2973         struct nlattr *nl_service;
2974         struct ip_vs_flags flags = { .flags = svc->flags,
2975                                      .mask = ~0 };
2976         struct ip_vs_kstats kstats;
2977         char *sched_name;
2978 
2979         nl_service = nla_nest_start(skb, IPVS_CMD_ATTR_SERVICE);
2980         if (!nl_service)
2981                 return -EMSGSIZE;
2982 
2983         if (nla_put_u16(skb, IPVS_SVC_ATTR_AF, svc->af))
2984                 goto nla_put_failure;
2985         if (svc->fwmark) {
2986                 if (nla_put_u32(skb, IPVS_SVC_ATTR_FWMARK, svc->fwmark))
2987                         goto nla_put_failure;
2988         } else {
2989                 if (nla_put_u16(skb, IPVS_SVC_ATTR_PROTOCOL, svc->protocol) ||
2990                     nla_put(skb, IPVS_SVC_ATTR_ADDR, sizeof(svc->addr), &svc->addr) ||
2991                     nla_put_be16(skb, IPVS_SVC_ATTR_PORT, svc->port))
2992                         goto nla_put_failure;
2993         }
2994 
2995         sched = rcu_dereference_protected(svc->scheduler, 1);
2996         sched_name = sched ? sched->name : "none";
2997         pe = rcu_dereference_protected(svc->pe, 1);
2998         if (nla_put_string(skb, IPVS_SVC_ATTR_SCHED_NAME, sched_name) ||
2999             (pe && nla_put_string(skb, IPVS_SVC_ATTR_PE_NAME, pe->name)) ||
3000             nla_put(skb, IPVS_SVC_ATTR_FLAGS, sizeof(flags), &flags) ||
3001             nla_put_u32(skb, IPVS_SVC_ATTR_TIMEOUT, svc->timeout / HZ) ||
3002             nla_put_be32(skb, IPVS_SVC_ATTR_NETMASK, svc->netmask))
3003                 goto nla_put_failure;
3004         ip_vs_copy_stats(&kstats, &svc->stats);
3005         if (ip_vs_genl_fill_stats(skb, IPVS_SVC_ATTR_STATS, &kstats))
3006                 goto nla_put_failure;
3007         if (ip_vs_genl_fill_stats64(skb, IPVS_SVC_ATTR_STATS64, &kstats))
3008                 goto nla_put_failure;
3009 
3010         nla_nest_end(skb, nl_service);
3011 
3012         return 0;
3013 
3014 nla_put_failure:
3015         nla_nest_cancel(skb, nl_service);
3016         return -EMSGSIZE;
3017 }
3018 
3019 static int ip_vs_genl_dump_service(struct sk_buff *skb,
3020                                    struct ip_vs_service *svc,
3021                                    struct netlink_callback *cb)
3022 {
3023         void *hdr;
3024 
3025         hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
3026                           &ip_vs_genl_family, NLM_F_MULTI,
3027                           IPVS_CMD_NEW_SERVICE);
3028         if (!hdr)
3029                 return -EMSGSIZE;
3030 
3031         if (ip_vs_genl_fill_service(skb, svc) < 0)
3032                 goto nla_put_failure;
3033 
3034         genlmsg_end(skb, hdr);
3035         return 0;
3036 
3037 nla_put_failure:
3038         genlmsg_cancel(skb, hdr);
3039         return -EMSGSIZE;
3040 }
3041 
3042 static int ip_vs_genl_dump_services(struct sk_buff *skb,
3043                                     struct netlink_callback *cb)
3044 {
3045         int idx = 0, i;
3046         int start = cb->args[0];
3047         struct ip_vs_service *svc;
3048         struct net *net = sock_net(skb->sk);
3049         struct netns_ipvs *ipvs = net_ipvs(net);
3050 
3051         mutex_lock(&__ip_vs_mutex);
3052         for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
3053                 hlist_for_each_entry(svc, &ip_vs_svc_table[i], s_list) {
3054                         if (++idx <= start || (svc->ipvs != ipvs))
3055                                 continue;
3056                         if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
3057                                 idx--;
3058                                 goto nla_put_failure;
3059                         }
3060                 }
3061         }
3062 
3063         for (i = 0; i < IP_VS_SVC_TAB_SIZE; i++) {
3064                 hlist_for_each_entry(svc, &ip_vs_svc_fwm_table[i], f_list) {
3065                         if (++idx <= start || (svc->ipvs != ipvs))
3066                                 continue;
3067                         if (ip_vs_genl_dump_service(skb, svc, cb) < 0) {
3068                                 idx--;
3069                                 goto nla_put_failure;
3070                         }
3071                 }
3072         }
3073 
3074 nla_put_failure:
3075         mutex_unlock(&__ip_vs_mutex);
3076         cb->args[0] = idx;
3077 
3078         return skb->len;
3079 }
3080 
3081 static int ip_vs_genl_parse_service(struct netns_ipvs *ipvs,
3082                                     struct ip_vs_service_user_kern *usvc,
3083                                     struct nlattr *nla, int full_entry,
3084                                     struct ip_vs_service **ret_svc)
3085 {
3086         struct nlattr *attrs[IPVS_SVC_ATTR_MAX + 1];
3087         struct nlattr *nla_af, *nla_port, *nla_fwmark, *nla_protocol, *nla_addr;
3088         struct ip_vs_service *svc;
3089 
3090         /* Parse mandatory identifying service fields first */
3091         if (nla == NULL ||
3092             nla_parse_nested(attrs, IPVS_SVC_ATTR_MAX, nla, ip_vs_svc_policy))
3093                 return -EINVAL;
3094 
3095         nla_af          = attrs[IPVS_SVC_ATTR_AF];
3096         nla_protocol    = attrs[IPVS_SVC_ATTR_PROTOCOL];
3097         nla_addr        = attrs[IPVS_SVC_ATTR_ADDR];
3098         nla_port        = attrs[IPVS_SVC_ATTR_PORT];
3099         nla_fwmark      = attrs[IPVS_SVC_ATTR_FWMARK];
3100 
3101         if (!(nla_af && (nla_fwmark || (nla_port && nla_protocol && nla_addr))))
3102                 return -EINVAL;
3103 
3104         memset(usvc, 0, sizeof(*usvc));
3105 
3106         usvc->af = nla_get_u16(nla_af);
3107 #ifdef CONFIG_IP_VS_IPV6
3108         if (usvc->af != AF_INET && usvc->af != AF_INET6)
3109 #else
3110         if (usvc->af != AF_INET)
3111 #endif
3112                 return -EAFNOSUPPORT;
3113 
3114         if (nla_fwmark) {
3115                 usvc->protocol = IPPROTO_TCP;
3116                 usvc->fwmark = nla_get_u32(nla_fwmark);
3117         } else {
3118                 usvc->protocol = nla_get_u16(nla_protocol);
3119                 nla_memcpy(&usvc->addr, nla_addr, sizeof(usvc->addr));
3120                 usvc->port = nla_get_be16(nla_port);
3121                 usvc->fwmark = 0;
3122         }
3123 
3124         rcu_read_lock();
3125         if (usvc->fwmark)
3126                 svc = __ip_vs_svc_fwm_find(ipvs, usvc->af, usvc->fwmark);
3127         else
3128                 svc = __ip_vs_service_find(ipvs, usvc->af, usvc->protocol,
3129                                            &usvc->addr, usvc->port);
3130         rcu_read_unlock();
3131         *ret_svc = svc;
3132 
3133         /* If a full entry was requested, check for the additional fields */
3134         if (full_entry) {
3135                 struct nlattr *nla_sched, *nla_flags, *nla_pe, *nla_timeout,
3136                               *nla_netmask;
3137                 struct ip_vs_flags flags;
3138 
3139                 nla_sched = attrs[IPVS_SVC_ATTR_SCHED_NAME];
3140                 nla_pe = attrs[IPVS_SVC_ATTR_PE_NAME];
3141                 nla_flags = attrs[IPVS_SVC_ATTR_FLAGS];
3142                 nla_timeout = attrs[IPVS_SVC_ATTR_TIMEOUT];
3143                 nla_netmask = attrs[IPVS_SVC_ATTR_NETMASK];
3144 
3145                 if (!(nla_sched && nla_flags && nla_timeout && nla_netmask))
3146                         return -EINVAL;
3147 
3148                 nla_memcpy(&flags, nla_flags, sizeof(flags));
3149 
3150                 /* prefill flags from service if it already exists */
3151                 if (svc)
3152                         usvc->flags = svc->flags;
3153 
3154                 /* set new flags from userland */
3155                 usvc->flags = (usvc->flags & ~flags.mask) |
3156                               (flags.flags & flags.mask);
3157                 usvc->sched_name = nla_data(nla_sched);
3158                 usvc->pe_name = nla_pe ? nla_data(nla_pe) : NULL;
3159                 usvc->timeout = nla_get_u32(nla_timeout);
3160                 usvc->netmask = nla_get_be32(nla_netmask);
3161         }
3162 
3163         return 0;
3164 }
3165 
3166 static struct ip_vs_service *ip_vs_genl_find_service(struct netns_ipvs *ipvs,
3167                                                      struct nlattr *nla)
3168 {
3169         struct ip_vs_service_user_kern usvc;
3170         struct ip_vs_service *svc;
3171         int ret;
3172 
3173         ret = ip_vs_genl_parse_service(ipvs, &usvc, nla, 0, &svc);
3174         return ret ? ERR_PTR(ret) : svc;
3175 }
3176 
3177 static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
3178 {
3179         struct nlattr *nl_dest;
3180         struct ip_vs_kstats kstats;
3181 
3182         nl_dest = nla_nest_start(skb, IPVS_CMD_ATTR_DEST);
3183         if (!nl_dest)
3184                 return -EMSGSIZE;
3185 
3186         if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) ||
3187             nla_put_be16(skb, IPVS_DEST_ATTR_PORT, dest->port) ||
3188             nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD,
3189                         (atomic_read(&dest->conn_flags) &
3190                          IP_VS_CONN_F_FWD_MASK)) ||
3191             nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT,
3192                         atomic_read(&dest->weight)) ||
3193             nla_put_u32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold) ||
3194             nla_put_u32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold) ||
3195             nla_put_u32(skb, IPVS_DEST_ATTR_ACTIVE_CONNS,
3196                         atomic_read(&dest->activeconns)) ||
3197             nla_put_u32(skb, IPVS_DEST_ATTR_INACT_CONNS,
3198                         atomic_read(&dest->inactconns)) ||
3199             nla_put_u32(skb, IPVS_DEST_ATTR_PERSIST_CONNS,
3200                         atomic_read(&dest->persistconns)) ||
3201             nla_put_u16(skb, IPVS_DEST_ATTR_ADDR_FAMILY, dest->af))
3202                 goto nla_put_failure;
3203         ip_vs_copy_stats(&kstats, &dest->stats);
3204         if (ip_vs_genl_fill_stats(skb, IPVS_DEST_ATTR_STATS, &kstats))
3205                 goto nla_put_failure;
3206         if (ip_vs_genl_fill_stats64(skb, IPVS_DEST_ATTR_STATS64, &kstats))
3207                 goto nla_put_failure;
3208 
3209         nla_nest_end(skb, nl_dest);
3210 
3211         return 0;
3212 
3213 nla_put_failure:
3214         nla_nest_cancel(skb, nl_dest);
3215         return -EMSGSIZE;
3216 }
3217 
3218 static int ip_vs_genl_dump_dest(struct sk_buff *skb, struct ip_vs_dest *dest,
3219                                 struct netlink_callback *cb)
3220 {
3221         void *hdr;
3222 
3223         hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
3224                           &ip_vs_genl_family, NLM_F_MULTI,
3225                           IPVS_CMD_NEW_DEST);
3226         if (!hdr)
3227                 return -EMSGSIZE;
3228 
3229         if (ip_vs_genl_fill_dest(skb, dest) < 0)
3230                 goto nla_put_failure;
3231 
3232         genlmsg_end(skb, hdr);
3233         return 0;
3234 
3235 nla_put_failure:
3236         genlmsg_cancel(skb, hdr);
3237         return -EMSGSIZE;
3238 }
3239 
3240 static int ip_vs_genl_dump_dests(struct sk_buff *skb,
3241                                  struct netlink_callback *cb)
3242 {
3243         int idx = 0;
3244         int start = cb->args[0];
3245         struct ip_vs_service *svc;
3246         struct ip_vs_dest *dest;
3247         struct nlattr *attrs[IPVS_CMD_ATTR_MAX + 1];
3248         struct net *net = sock_net(skb->sk);
3249         struct netns_ipvs *ipvs = net_ipvs(net);
3250 
3251         mutex_lock(&__ip_vs_mutex);
3252 
3253         /* Try to find the service for which to dump destinations */
3254         if (nlmsg_parse(cb->nlh, GENL_HDRLEN, attrs,
3255                         IPVS_CMD_ATTR_MAX, ip_vs_cmd_policy))
3256                 goto out_err;
3257 
3258 
3259         svc = ip_vs_genl_find_service(ipvs, attrs[IPVS_CMD_ATTR_SERVICE]);
3260         if (IS_ERR_OR_NULL(svc))
3261                 goto out_err;
3262 
3263         /* Dump the destinations */
3264         list_for_each_entry(dest, &svc->destinations, n_list) {
3265                 if (++idx <= start)
3266                         continue;
3267                 if (ip_vs_genl_dump_dest(skb, dest, cb) < 0) {
3268                         idx--;
3269                         goto nla_put_failure;
3270                 }
3271         }
3272 
3273 nla_put_failure:
3274         cb->args[0] = idx;
3275 
3276 out_err:
3277         mutex_unlock(&__ip_vs_mutex);
3278 
3279         return skb->len;
3280 }
3281 
3282 static int ip_vs_genl_parse_dest(struct ip_vs_dest_user_kern *udest,
3283                                  struct nlattr *nla, int full_entry)
3284 {
3285         struct nlattr *attrs[IPVS_DEST_ATTR_MAX + 1];
3286         struct nlattr *nla_addr, *nla_port;
3287         struct nlattr *nla_addr_family;
3288 
3289         /* Parse mandatory identifying destination fields first */
3290         if (nla == NULL ||
3291             nla_parse_nested(attrs, IPVS_DEST_ATTR_MAX, nla, ip_vs_dest_policy))
3292                 return -EINVAL;
3293 
3294         nla_addr        = attrs[IPVS_DEST_ATTR_ADDR];
3295         nla_port        = attrs[IPVS_DEST_ATTR_PORT];
3296         nla_addr_family = attrs[IPVS_DEST_ATTR_ADDR_FAMILY];
3297 
3298         if (!(nla_addr && nla_port))
3299                 return -EINVAL;
3300 
3301         memset(udest, 0, sizeof(*udest));
3302 
3303         nla_memcpy(&udest->addr, nla_addr, sizeof(udest->addr));
3304         udest->port = nla_get_be16(nla_port);
3305 
3306         if (nla_addr_family)
3307                 udest->af = nla_get_u16(nla_addr_family);
3308         else
3309                 udest->af = 0;
3310 
3311         /* If a full entry was requested, check for the additional fields */
3312         if (full_entry) {
3313                 struct nlattr *nla_fwd, *nla_weight, *nla_u_thresh,
3314                               *nla_l_thresh;
3315 
3316                 nla_fwd         = attrs[IPVS_DEST_ATTR_FWD_METHOD];
3317                 nla_weight      = attrs[IPVS_DEST_ATTR_WEIGHT];
3318                 nla_u_thresh    = attrs[IPVS_DEST_ATTR_U_THRESH];
3319                 nla_l_thresh    = attrs[IPVS_DEST_ATTR_L_THRESH];
3320 
3321                 if (!(nla_fwd && nla_weight && nla_u_thresh && nla_l_thresh))
3322                         return -EINVAL;
3323 
3324                 udest->conn_flags = nla_get_u32(nla_fwd)
3325                                     & IP_VS_CONN_F_FWD_MASK;
3326                 udest->weight = nla_get_u32(nla_weight);
3327                 udest->u_threshold = nla_get_u32(nla_u_thresh);
3328                 udest->l_threshold = nla_get_u32(nla_l_thresh);
3329         }
3330 
3331         return 0;
3332 }
3333 
3334 static int ip_vs_genl_fill_daemon(struct sk_buff *skb, __u32 state,
3335                                   struct ipvs_sync_daemon_cfg *c)
3336 {
3337         struct nlattr *nl_daemon;
3338 
3339         nl_daemon = nla_nest_start(skb, IPVS_CMD_ATTR_DAEMON);
3340         if (!nl_daemon)
3341                 return -EMSGSIZE;
3342 
3343         if (nla_put_u32(skb, IPVS_DAEMON_ATTR_STATE, state) ||
3344             nla_put_string(skb, IPVS_DAEMON_ATTR_MCAST_IFN, c->mcast_ifn) ||
3345             nla_put_u32(skb, IPVS_DAEMON_ATTR_SYNC_ID, c->syncid) ||
3346             nla_put_u16(skb, IPVS_DAEMON_ATTR_SYNC_MAXLEN, c->sync_maxlen) ||
3347             nla_put_u16(skb, IPVS_DAEMON_ATTR_MCAST_PORT, c->mcast_port) ||
3348             nla_put_u8(skb, IPVS_DAEMON_ATTR_MCAST_TTL, c->mcast_ttl))
3349                 goto nla_put_failure;
3350 #ifdef CONFIG_IP_VS_IPV6
3351         if (c->mcast_af == AF_INET6) {
3352                 if (nla_put_in6_addr(skb, IPVS_DAEMON_ATTR_MCAST_GROUP6,
3353                                      &c->mcast_group.in6))
3354                         goto nla_put_failure;
3355         } else
3356 #endif
3357                 if (c->mcast_af == AF_INET &&
3358                     nla_put_in_addr(skb, IPVS_DAEMON_ATTR_MCAST_GROUP,
3359                                     c->mcast_group.ip))
3360                         goto nla_put_failure;
3361         nla_nest_end(skb, nl_daemon);
3362 
3363         return 0;
3364 
3365 nla_put_failure:
3366         nla_nest_cancel(skb, nl_daemon);
3367         return -EMSGSIZE;
3368 }
3369 
3370 static int ip_vs_genl_dump_daemon(struct sk_buff *skb, __u32 state,
3371                                   struct ipvs_sync_daemon_cfg *c,
3372                                   struct netlink_callback *cb)
3373 {
3374         void *hdr;
3375         hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
3376                           &ip_vs_genl_family, NLM_F_MULTI,
3377                           IPVS_CMD_NEW_DAEMON);
3378         if (!hdr)
3379                 return -EMSGSIZE;
3380 
3381         if (ip_vs_genl_fill_daemon(skb, state, c))
3382                 goto nla_put_failure;
3383 
3384         genlmsg_end(skb, hdr);
3385         return 0;
3386 
3387 nla_put_failure:
3388         genlmsg_cancel(skb, hdr);
3389         return -EMSGSIZE;
3390 }
3391 
3392 static int ip_vs_genl_dump_daemons(struct sk_buff *skb,
3393                                    struct netlink_callback *cb)
3394 {
3395         struct net *net = sock_net(skb->sk);
3396         struct netns_ipvs *ipvs = net_ipvs(net);
3397 
3398         mutex_lock(&ipvs->sync_mutex);
3399         if ((ipvs->sync_state & IP_VS_STATE_MASTER) && !cb->args[0]) {
3400                 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_MASTER,
3401                                            &ipvs->mcfg, cb) < 0)
3402                         goto nla_put_failure;
3403 
3404                 cb->args[0] = 1;
3405         }
3406 
3407         if ((ipvs->sync_state & IP_VS_STATE_BACKUP) && !cb->args[1]) {
3408                 if (ip_vs_genl_dump_daemon(skb, IP_VS_STATE_BACKUP,
3409                                            &ipvs->bcfg, cb) < 0)
3410                         goto nla_put_failure;
3411 
3412                 cb->args[1] = 1;
3413         }
3414 
3415 nla_put_failure:
3416         mutex_unlock(&ipvs->sync_mutex);
3417 
3418         return skb->len;
3419 }
3420 
3421 static int ip_vs_genl_new_daemon(struct netns_ipvs *ipvs, struct nlattr **attrs)
3422 {
3423         struct ipvs_sync_daemon_cfg c;
3424         struct nlattr *a;
3425         int ret;
3426 
3427         memset(&c, 0, sizeof(c));
3428         if (!(attrs[IPVS_DAEMON_ATTR_STATE] &&
3429               attrs[IPVS_DAEMON_ATTR_MCAST_IFN] &&
3430               attrs[IPVS_DAEMON_ATTR_SYNC_ID]))
3431                 return -EINVAL;
3432         strlcpy(c.mcast_ifn, nla_data(attrs[IPVS_DAEMON_ATTR_MCAST_IFN]),
3433                 sizeof(c.mcast_ifn));
3434         c.syncid = nla_get_u32(attrs[IPVS_DAEMON_ATTR_SYNC_ID]);
3435 
3436         a = attrs[IPVS_DAEMON_ATTR_SYNC_MAXLEN];
3437         if (a)
3438                 c.sync_maxlen = nla_get_u16(a);
3439 
3440         a = attrs[IPVS_DAEMON_ATTR_MCAST_GROUP];
3441         if (a) {
3442                 c.mcast_af = AF_INET;
3443                 c.mcast_group.ip = nla_get_in_addr(a);
3444                 if (!ipv4_is_multicast(c.mcast_group.ip))
3445                         return -EINVAL;
3446         } else {
3447                 a = attrs[IPVS_DAEMON_ATTR_MCAST_GROUP6];
3448                 if (a) {
3449 #ifdef CONFIG_IP_VS_IPV6
3450                         int addr_type;
3451 
3452                         c.mcast_af = AF_INET6;
3453                         c.mcast_group.in6 = nla_get_in6_addr(a);
3454                         addr_type = ipv6_addr_type(&c.mcast_group.in6);
3455                         if (!(addr_type & IPV6_ADDR_MULTICAST))
3456                                 return -EINVAL;
3457 #else
3458                         return -EAFNOSUPPORT;
3459 #endif
3460                 }
3461         }
3462 
3463         a = attrs[IPVS_DAEMON_ATTR_MCAST_PORT];
3464         if (a)
3465                 c.mcast_port = nla_get_u16(a);
3466 
3467         a = attrs[IPVS_DAEMON_ATTR_MCAST_TTL];
3468         if (a)
3469                 c.mcast_ttl = nla_get_u8(a);
3470 
3471         /* The synchronization protocol is incompatible with mixed family
3472          * services
3473          */
3474         if (ipvs->mixed_address_family_dests > 0)
3475                 return -EINVAL;
3476 
3477         rtnl_lock();
3478         mutex_lock(&ipvs->sync_mutex);
3479         ret = start_sync_thread(ipvs, &c,
3480                                 nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
3481         mutex_unlock(&ipvs->sync_mutex);
3482         rtnl_unlock();
3483         return ret;
3484 }
3485 
3486 static int ip_vs_genl_del_daemon(struct netns_ipvs *ipvs, struct nlattr **attrs)
3487 {
3488         int ret;
3489 
3490         if (!attrs[IPVS_DAEMON_ATTR_STATE])
3491                 return -EINVAL;
3492 
3493         mutex_lock(&ipvs->sync_mutex);
3494         ret = stop_sync_thread(ipvs,
3495                                nla_get_u32(attrs[IPVS_DAEMON_ATTR_STATE]));
3496         mutex_unlock(&ipvs->sync_mutex);
3497         return ret;
3498 }
3499 
3500 static int ip_vs_genl_set_config(struct netns_ipvs *ipvs, struct nlattr **attrs)
3501 {
3502         struct ip_vs_timeout_user t;
3503 
3504         __ip_vs_get_timeouts(ipvs, &t);
3505 
3506         if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP])
3507                 t.tcp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP]);
3508 
3509         if (attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN])
3510                 t.tcp_fin_timeout =
3511                         nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_TCP_FIN]);
3512 
3513         if (attrs[IPVS_CMD_ATTR_TIMEOUT_UDP])
3514                 t.udp_timeout = nla_get_u32(attrs[IPVS_CMD_ATTR_TIMEOUT_UDP]);
3515 
3516         return ip_vs_set_timeout(ipvs, &t);
3517 }
3518 
3519 static int ip_vs_genl_set_daemon(struct sk_buff *skb, struct genl_info *info)
3520 {
3521         int ret = -EINVAL, cmd;
3522         struct net *net = sock_net(skb->sk);
3523         struct netns_ipvs *ipvs = net_ipvs(net);
3524 
3525         cmd = info->genlhdr->cmd;
3526 
3527         if (cmd == IPVS_CMD_NEW_DAEMON || cmd == IPVS_CMD_DEL_DAEMON) {
3528                 struct nlattr *daemon_attrs[IPVS_DAEMON_ATTR_MAX + 1];
3529 
3530                 if (!info->attrs[IPVS_CMD_ATTR_DAEMON] ||
3531                     nla_parse_nested(daemon_attrs, IPVS_DAEMON_ATTR_MAX,
3532                                      info->attrs[IPVS_CMD_ATTR_DAEMON],
3533                                      ip_vs_daemon_policy))
3534                         goto out;
3535 
3536                 if (cmd == IPVS_CMD_NEW_DAEMON)
3537                         ret = ip_vs_genl_new_daemon(ipvs, daemon_attrs);
3538                 else
3539                         ret = ip_vs_genl_del_daemon(ipvs, daemon_attrs);
3540         }
3541 
3542 out:
3543         return ret;
3544 }
3545 
3546 static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
3547 {
3548         struct ip_vs_service *svc = NULL;
3549         struct ip_vs_service_user_kern usvc;
3550         struct ip_vs_dest_user_kern udest;
3551         int ret = 0, cmd;
3552         int need_full_svc = 0, need_full_dest = 0;
3553         struct net *net = sock_net(skb->sk);
3554         struct netns_ipvs *ipvs = net_ipvs(net);
3555 
3556         cmd = info->genlhdr->cmd;
3557 
3558         mutex_lock(&__ip_vs_mutex);
3559 
3560         if (cmd == IPVS_CMD_FLUSH) {
3561                 ret = ip_vs_flush(ipvs, false);
3562                 goto out;
3563         } else if (cmd == IPVS_CMD_SET_CONFIG) {
3564                 ret = ip_vs_genl_set_config(ipvs, info->attrs);
3565                 goto out;
3566         } else if (cmd == IPVS_CMD_ZERO &&
3567                    !info->attrs[IPVS_CMD_ATTR_SERVICE]) {
3568                 ret = ip_vs_zero_all(ipvs);
3569                 goto out;
3570         }
3571 
3572         /* All following commands require a service argument, so check if we
3573          * received a valid one. We need a full service specification when
3574          * adding / editing a service. Only identifying members otherwise. */
3575         if (cmd == IPVS_CMD_NEW_SERVICE || cmd == IPVS_CMD_SET_SERVICE)
3576                 need_full_svc = 1;
3577 
3578         ret = ip_vs_genl_parse_service(ipvs, &usvc,
3579                                        info->attrs[IPVS_CMD_ATTR_SERVICE],
3580                                        need_full_svc, &svc);
3581         if (ret)
3582                 goto out;
3583 
3584         /* Unless we're adding a new service, the service must already exist */
3585         if ((cmd != IPVS_CMD_NEW_SERVICE) && (svc == NULL)) {
3586                 ret = -ESRCH;
3587                 goto out;
3588         }
3589 
3590         /* Destination commands require a valid destination argument. For
3591          * adding / editing a destination, we need a full destination
3592          * specification. */
3593         if (cmd == IPVS_CMD_NEW_DEST || cmd == IPVS_CMD_SET_DEST ||
3594             cmd == IPVS_CMD_DEL_DEST) {
3595                 if (cmd != IPVS_CMD_DEL_DEST)
3596                         need_full_dest = 1;
3597 
3598                 ret = ip_vs_genl_parse_dest(&udest,
3599                                             info->attrs[IPVS_CMD_ATTR_DEST],
3600                                             need_full_dest);
3601                 if (ret)
3602                         goto out;
3603 
3604                 /* Old protocols did not allow the user to specify address
3605                  * family, so we set it to zero instead.  We also didn't
3606                  * allow heterogeneous pools in the old code, so it's safe
3607                  * to assume that this will have the same address family as
3608                  * the service.
3609                  */
3610                 if (udest.af == 0)
3611                         udest.af = svc->af;
3612 
3613                 if (udest.af != svc->af && cmd != IPVS_CMD_DEL_DEST) {
3614                         /* The synchronization protocol is incompatible
3615                          * with mixed family services
3616                          */
3617                         if (ipvs->sync_state) {
3618                                 ret = -EINVAL;
3619                                 goto out;
3620                         }
3621 
3622                         /* Which connection types do we support? */
3623                         switch (udest.conn_flags) {
3624                         case IP_VS_CONN_F_TUNNEL:
3625                                 /* We are able to forward this */
3626                                 break;
3627                         default:
3628                                 ret = -EINVAL;
3629                                 goto out;
3630                         }
3631                 }
3632         }
3633 
3634         switch (cmd) {
3635         case IPVS_CMD_NEW_SERVICE:
3636                 if (svc == NULL)
3637                         ret = ip_vs_add_service(ipvs, &usvc, &svc);
3638                 else
3639                         ret = -EEXIST;
3640                 break;
3641         case IPVS_CMD_SET_SERVICE:
3642                 ret = ip_vs_edit_service(svc, &usvc);
3643                 break;
3644         case IPVS_CMD_DEL_SERVICE:
3645                 ret = ip_vs_del_service(svc);
3646                 /* do not use svc, it can be freed */
3647                 break;
3648         case IPVS_CMD_NEW_DEST:
3649                 ret = ip_vs_add_dest(svc, &udest);
3650                 break;
3651         case IPVS_CMD_SET_DEST:
3652                 ret = ip_vs_edit_dest(svc, &udest);
3653                 break;
3654         case IPVS_CMD_DEL_DEST:
3655                 ret = ip_vs_del_dest(svc, &udest);
3656                 break;
3657         case IPVS_CMD_ZERO:
3658                 ret = ip_vs_zero_service(svc);
3659                 break;
3660         default:
3661                 ret = -EINVAL;
3662         }
3663 
3664 out:
3665         mutex_unlock(&__ip_vs_mutex);
3666 
3667         return ret;
3668 }
3669 
3670 static int ip_vs_genl_get_cmd(struct sk_buff *skb, struct genl_info *info)
3671 {
3672         struct sk_buff *msg;
3673         void *reply;
3674         int ret, cmd, reply_cmd;
3675         struct net *net = sock_net(skb->sk);
3676         struct netns_ipvs *ipvs = net_ipvs(net);
3677 
3678         cmd = info->genlhdr->cmd;
3679 
3680         if (cmd == IPVS_CMD_GET_SERVICE)
3681                 reply_cmd = IPVS_CMD_NEW_SERVICE;
3682         else if (cmd == IPVS_CMD_GET_INFO)
3683                 reply_cmd = IPVS_CMD_SET_INFO;
3684         else if (cmd == IPVS_CMD_GET_CONFIG)
3685                 reply_cmd = IPVS_CMD_SET_CONFIG;
3686         else {
3687                 pr_err("unknown Generic Netlink command\n");
3688                 return -EINVAL;
3689         }
3690 
3691         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3692         if (!msg)
3693                 return -ENOMEM;
3694 
3695         mutex_lock(&__ip_vs_mutex);
3696 
3697         reply = genlmsg_put_reply(msg, info, &ip_vs_genl_family, 0, reply_cmd);
3698         if (reply == NULL)
3699                 goto nla_put_failure;
3700 
3701         switch (cmd) {
3702         case IPVS_CMD_GET_SERVICE:
3703         {
3704                 struct ip_vs_service *svc;
3705 
3706                 svc = ip_vs_genl_find_service(ipvs,
3707                                               info->attrs[IPVS_CMD_ATTR_SERVICE]);
3708                 if (IS_ERR(svc)) {
3709                         ret = PTR_ERR(svc);
3710                         goto out_err;
3711                 } else if (svc) {
3712                         ret = ip_vs_genl_fill_service(msg, svc);
3713                         if (ret)
3714                                 goto nla_put_failure;
3715                 } else {
3716                         ret = -ESRCH;
3717                         goto out_err;
3718                 }
3719 
3720                 break;
3721         }
3722 
3723         case IPVS_CMD_GET_CONFIG:
3724         {
3725                 struct ip_vs_timeout_user t;
3726 
3727                 __ip_vs_get_timeouts(ipvs, &t);
3728 #ifdef CONFIG_IP_VS_PROTO_TCP
3729                 if (nla_put_u32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP,
3730                                 t.tcp_timeout) ||
3731                     nla_put_u32(msg, IPVS_CMD_ATTR_TIMEOUT_TCP_FIN,
3732                                 t.tcp_fin_timeout))
3733                         goto nla_put_failure;
3734 #endif
3735 #ifdef CONFIG_IP_VS_PROTO_UDP
3736                 if (nla_put_u32(msg, IPVS_CMD_ATTR_TIMEOUT_UDP, t.udp_timeout))
3737                         goto nla_put_failure;
3738 #endif
3739 
3740                 break;
3741         }
3742 
3743         case IPVS_CMD_GET_INFO:
3744                 if (nla_put_u32(msg, IPVS_INFO_ATTR_VERSION,
3745                                 IP_VS_VERSION_CODE) ||
3746                     nla_put_u32(msg, IPVS_INFO_ATTR_CONN_TAB_SIZE,
3747                                 ip_vs_conn_tab_size))
3748                         goto nla_put_failure;
3749                 break;
3750         }
3751 
3752         genlmsg_end(msg, reply);
3753         ret = genlmsg_reply(msg, info);
3754         goto out;
3755 
3756 nla_put_failure:
3757         pr_err("not enough space in Netlink message\n");
3758         ret = -EMSGSIZE;
3759 
3760 out_err:
3761         nlmsg_free(msg);
3762 out:
3763         mutex_unlock(&__ip_vs_mutex);
3764 
3765         return ret;
3766 }
3767 
3768 
3769 static const struct genl_ops ip_vs_genl_ops[] = {
3770         {
3771                 .cmd    = IPVS_CMD_NEW_SERVICE,
3772                 .flags  = GENL_ADMIN_PERM,
3773                 .policy = ip_vs_cmd_policy,
3774                 .doit   = ip_vs_genl_set_cmd,
3775         },
3776         {
3777                 .cmd    = IPVS_CMD_SET_SERVICE,
3778                 .flags  = GENL_ADMIN_PERM,
3779                 .policy = ip_vs_cmd_policy,
3780                 .doit   = ip_vs_genl_set_cmd,
3781         },
3782         {
3783                 .cmd    = IPVS_CMD_DEL_SERVICE,
3784                 .flags  = GENL_ADMIN_PERM,
3785                 .policy = ip_vs_cmd_policy,
3786                 .doit   = ip_vs_genl_set_cmd,
3787         },
3788         {
3789                 .cmd    = IPVS_CMD_GET_SERVICE,
3790                 .flags  = GENL_ADMIN_PERM,
3791                 .doit   = ip_vs_genl_get_cmd,
3792                 .dumpit = ip_vs_genl_dump_services,
3793                 .policy = ip_vs_cmd_policy,
3794         },
3795         {
3796                 .cmd    = IPVS_CMD_NEW_DEST,
3797                 .flags  = GENL_ADMIN_PERM,
3798                 .policy = ip_vs_cmd_policy,
3799                 .doit   = ip_vs_genl_set_cmd,
3800         },
3801         {
3802                 .cmd    = IPVS_CMD_SET_DEST,
3803                 .flags  = GENL_ADMIN_PERM,
3804                 .policy = ip_vs_cmd_policy,
3805                 .doit   = ip_vs_genl_set_cmd,
3806         },
3807         {
3808                 .cmd    = IPVS_CMD_DEL_DEST,
3809                 .flags  = GENL_ADMIN_PERM,
3810                 .policy = ip_vs_cmd_policy,
3811                 .doit   = ip_vs_genl_set_cmd,
3812         },
3813         {
3814                 .cmd    = IPVS_CMD_GET_DEST,
3815                 .flags  = GENL_ADMIN_PERM,
3816                 .policy = ip_vs_cmd_policy,
3817                 .dumpit = ip_vs_genl_dump_dests,
3818         },
3819         {
3820                 .cmd    = IPVS_CMD_NEW_DAEMON,
3821                 .flags  = GENL_ADMIN_PERM,
3822                 .policy = ip_vs_cmd_policy,
3823                 .doit   = ip_vs_genl_set_daemon,
3824         },
3825         {
3826                 .cmd    = IPVS_CMD_DEL_DAEMON,
3827                 .flags  = GENL_ADMIN_PERM,
3828                 .policy = ip_vs_cmd_policy,
3829                 .doit   = ip_vs_genl_set_daemon,
3830         },
3831         {
3832                 .cmd    = IPVS_CMD_GET_DAEMON,
3833                 .flags  = GENL_ADMIN_PERM,
3834                 .dumpit = ip_vs_genl_dump_daemons,
3835         },
3836         {
3837                 .cmd    = IPVS_CMD_SET_CONFIG,
3838                 .flags  = GENL_ADMIN_PERM,
3839                 .policy = ip_vs_cmd_policy,
3840                 .doit   = ip_vs_genl_set_cmd,
3841         },
3842         {
3843                 .cmd    = IPVS_CMD_GET_CONFIG,
3844                 .flags  = GENL_ADMIN_PERM,
3845                 .doit   = ip_vs_genl_get_cmd,
3846         },
3847         {
3848                 .cmd    = IPVS_CMD_GET_INFO,
3849                 .flags  = GENL_ADMIN_PERM,
3850                 .doit   = ip_vs_genl_get_cmd,
3851         },
3852         {
3853                 .cmd    = IPVS_CMD_ZERO,
3854                 .flags  = GENL_ADMIN_PERM,
3855                 .policy = ip_vs_cmd_policy,
3856                 .doit   = ip_vs_genl_set_cmd,
3857         },
3858         {
3859                 .cmd    = IPVS_CMD_FLUSH,
3860                 .flags  = GENL_ADMIN_PERM,
3861                 .doit   = ip_vs_genl_set_cmd,
3862         },
3863 };
3864 
3865 static struct genl_family ip_vs_genl_family __ro_after_init = {
3866         .hdrsize        = 0,
3867         .name           = IPVS_GENL_NAME,
3868         .version        = IPVS_GENL_VERSION,
3869         .maxattr        = IPVS_CMD_ATTR_MAX,
3870         .netnsok        = true,         /* Make ipvsadm to work on netns */
3871         .module         = THIS_MODULE,
3872         .ops            = ip_vs_genl_ops,
3873         .n_ops          = ARRAY_SIZE(ip_vs_genl_ops),
3874 };
3875 
3876 static int __init ip_vs_genl_register(void)
3877 {
3878         return genl_register_family(&ip_vs_genl_family);
3879 }
3880 
3881 static void ip_vs_genl_unregister(void)
3882 {
3883         genl_unregister_family(&ip_vs_genl_family);
3884 }
3885 
3886 /* End of Generic Netlink interface definitions */
3887 
3888 /*
3889  * per netns intit/exit func.
3890  */
3891 #ifdef CONFIG_SYSCTL
3892 static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs)
3893 {
3894         struct net *net = ipvs->net;
3895         int idx;
3896         struct ctl_table *tbl;
3897 
3898         atomic_set(&ipvs->dropentry, 0);
3899         spin_lock_init(&ipvs->dropentry_lock);
3900         spin_lock_init(&ipvs->droppacket_lock);
3901         spin_lock_init(&ipvs->securetcp_lock);
3902 
3903         if (!net_eq(net, &init_net)) {
3904                 tbl = kmemdup(vs_vars, sizeof(vs_vars), GFP_KERNEL);
3905                 if (tbl == NULL)
3906                         return -ENOMEM;
3907 
3908                 /* Don't export sysctls to unprivileged users */
3909                 if (net->user_ns != &init_user_ns)
3910                         tbl[0].procname = NULL;
3911         } else
3912                 tbl = vs_vars;
3913         /* Initialize sysctl defaults */
3914         for (idx = 0; idx < ARRAY_SIZE(vs_vars); idx++) {
3915                 if (tbl[idx].proc_handler == proc_do_defense_mode)
3916                         tbl[idx].extra2 = ipvs;
3917         }
3918         idx = 0;
3919         ipvs->sysctl_amemthresh = 1024;
3920         tbl[idx++].data = &ipvs->sysctl_amemthresh;
3921         ipvs->sysctl_am_droprate = 10;
3922         tbl[idx++].data = &ipvs->sysctl_am_droprate;
3923         tbl[idx++].data = &ipvs->sysctl_drop_entry;
3924         tbl[idx++].data = &ipvs->sysctl_drop_packet;
3925 #ifdef CONFIG_IP_VS_NFCT
3926         tbl[idx++].data = &ipvs->sysctl_conntrack;
3927 #endif
3928         tbl[idx++].data = &ipvs->sysctl_secure_tcp;
3929         ipvs->sysctl_snat_reroute = 1;
3930         tbl[idx++].data = &ipvs->sysctl_snat_reroute;
3931         ipvs->sysctl_sync_ver = 1;
3932         tbl[idx++].data = &ipvs->sysctl_sync_ver;
3933         ipvs->sysctl_sync_ports = 1;
3934         tbl[idx++].data = &ipvs->sysctl_sync_ports;
3935         tbl[idx++].data = &ipvs->sysctl_sync_persist_mode;
3936         ipvs->sysctl_sync_qlen_max = nr_free_buffer_pages() / 32;
3937         tbl[idx++].data = &ipvs->sysctl_sync_qlen_max;
3938         ipvs->sysctl_sync_sock_size = 0;
3939         tbl[idx++].data = &ipvs->sysctl_sync_sock_size;
3940         tbl[idx++].data = &ipvs->sysctl_cache_bypass;
3941         tbl[idx++].data = &ipvs->sysctl_expire_nodest_conn;
3942         tbl[idx++].data = &ipvs->sysctl_sloppy_tcp;
3943         tbl[idx++].data = &ipvs->sysctl_sloppy_sctp;
3944         tbl[idx++].data = &ipvs->sysctl_expire_quiescent_template;
3945         ipvs->sysctl_sync_threshold[0] = DEFAULT_SYNC_THRESHOLD;
3946         ipvs->sysctl_sync_threshold[1] = DEFAULT_SYNC_PERIOD;
3947         tbl[idx].data = &ipvs->sysctl_sync_threshold;
3948         tbl[idx++].maxlen = sizeof(ipvs->sysctl_sync_threshold);
3949         ipvs->sysctl_sync_refresh_period = DEFAULT_SYNC_REFRESH_PERIOD;
3950         tbl[idx++].data = &ipvs->sysctl_sync_refresh_period;
3951         ipvs->sysctl_sync_retries = clamp_t(int, DEFAULT_SYNC_RETRIES, 0, 3);
3952         tbl[idx++].data = &ipvs->sysctl_sync_retries;
3953         tbl[idx++].data = &ipvs->sysctl_nat_icmp_send;
3954         ipvs->sysctl_pmtu_disc = 1;
3955         tbl[idx++].data = &ipvs->sysctl_pmtu_disc;
3956         tbl[idx++].data = &ipvs->sysctl_backup_only;
3957         ipvs->sysctl_conn_reuse_mode = 1;
3958         tbl[idx++].data = &ipvs->sysctl_conn_reuse_mode;
3959         tbl[idx++].data = &ipvs->sysctl_schedule_icmp;
3960         tbl[idx++].data = &ipvs->sysctl_ignore_tunneled;
3961 
3962         ipvs->sysctl_hdr = register_net_sysctl(net, "net/ipv4/vs", tbl);
3963         if (ipvs->sysctl_hdr == NULL) {
3964                 if (!net_eq(net, &init_net))
3965                         kfree(tbl);
3966                 return -ENOMEM;
3967         }
3968         ip_vs_start_estimator(ipvs, &ipvs->tot_stats);
3969         ipvs->sysctl_tbl = tbl;
3970         /* Schedule defense work */
3971         INIT_DELAYED_WORK(&ipvs->defense_work, defense_work_handler);
3972         schedule_delayed_work(&ipvs->defense_work, DEFENSE_TIMER_PERIOD);
3973 
3974         return 0;
3975 }
3976 
3977 static void __net_exit ip_vs_control_net_cleanup_sysctl(struct netns_ipvs *ipvs)
3978 {
3979         struct net *net = ipvs->net;
3980 
3981         cancel_delayed_work_sync(&ipvs->defense_work);
3982         cancel_work_sync(&ipvs->defense_work.work);
3983         unregister_net_sysctl_table(ipvs->sysctl_hdr);
3984         ip_vs_stop_estimator(ipvs, &ipvs->tot_stats);
3985 
3986         if (!net_eq(net, &init_net))
3987                 kfree(ipvs->sysctl_tbl);
3988 }
3989 
3990 #else
3991 
3992 static int __net_init ip_vs_control_net_init_sysctl(struct netns_ipvs *ipvs) { return 0; }
3993 static void __net_exit ip_vs_control_net_cleanup_sysctl(struct netns_ipvs *ipvs) { }
3994 
3995 #endif
3996 
3997 static struct notifier_block ip_vs_dst_notifier = {
3998         .notifier_call = ip_vs_dst_event,
3999 };
4000 
4001 int __net_init ip_vs_control_net_init(struct netns_ipvs *ipvs)
4002 {
4003         int i, idx;
4004 
4005         /* Initialize rs_table */
4006         for (idx = 0; idx < IP_VS_RTAB_SIZE; idx++)
4007                 INIT_HLIST_HEAD(&ipvs->rs_table[idx]);
4008 
4009         INIT_LIST_HEAD(&ipvs->dest_trash);
4010         spin_lock_init(&ipvs->dest_trash_lock);
4011         setup_timer(&ipvs->dest_trash_timer, ip_vs_dest_trash_expire,
4012                     (unsigned long) ipvs);
4013         atomic_set(&ipvs->ftpsvc_counter, 0);
4014         atomic_set(&ipvs->nullsvc_counter, 0);
4015         atomic_set(&ipvs->conn_out_counter, 0);
4016 
4017         /* procfs stats */
4018         ipvs->tot_stats.cpustats = alloc_percpu(struct ip_vs_cpu_stats);
4019         if (!ipvs->tot_stats.cpustats)
4020                 return -ENOMEM;
4021 
4022         for_each_possible_cpu(i) {
4023                 struct ip_vs_cpu_stats *ipvs_tot_stats;
4024                 ipvs_tot_stats = per_cpu_ptr(ipvs->tot_stats.cpustats, i);
4025                 u64_stats_init(&ipvs_tot_stats->syncp);
4026         }
4027 
4028         spin_lock_init(&ipvs->tot_stats.lock);
4029 
4030         proc_create("ip_vs", 0, ipvs->net->proc_net, &ip_vs_info_fops);
4031         proc_create("ip_vs_stats", 0, ipvs->net->proc_net, &ip_vs_stats_fops);
4032         proc_create("ip_vs_stats_percpu", 0, ipvs->net->proc_net,
4033                     &ip_vs_stats_percpu_fops);
4034 
4035         if (ip_vs_control_net_init_sysctl(ipvs))
4036                 goto err;
4037 
4038         return 0;
4039 
4040 err:
4041         free_percpu(ipvs->tot_stats.cpustats);
4042         return -ENOMEM;
4043 }
4044 
4045 void __net_exit ip_vs_control_net_cleanup(struct netns_ipvs *ipvs)
4046 {
4047         ip_vs_trash_cleanup(ipvs);
4048         ip_vs_control_net_cleanup_sysctl(ipvs);
4049         remove_proc_entry("ip_vs_stats_percpu", ipvs->net->proc_net);
4050         remove_proc_entry("ip_vs_stats", ipvs->net->proc_net);
4051         remove_proc_entry("ip_vs", ipvs->net->proc_net);
4052         free_percpu(ipvs->tot_stats.cpustats);
4053 }
4054 
4055 int __init ip_vs_register_nl_ioctl(void)
4056 {
4057         int ret;
4058 
4059         ret = nf_register_sockopt(&ip_vs_sockopts);
4060         if (ret) {
4061                 pr_err("cannot register sockopt.\n");
4062                 goto err_sock;
4063         }
4064 
4065         ret = ip_vs_genl_register();
4066         if (ret) {
4067                 pr_err("cannot register Generic Netlink interface.\n");
4068                 goto err_genl;
4069         }
4070         return 0;
4071 
4072 err_genl:
4073         nf_unregister_sockopt(&ip_vs_sockopts);
4074 err_sock:
4075         return ret;
4076 }
4077 
4078 void ip_vs_unregister_nl_ioctl(void)
4079 {
4080         ip_vs_genl_unregister();
4081         nf_unregister_sockopt(&ip_vs_sockopts);
4082 }
4083 
4084 int __init ip_vs_control_init(void)
4085 {
4086         int idx;
4087         int ret;
4088 
4089         EnterFunction(2);
4090 
4091         /* Initialize svc_table, ip_vs_svc_fwm_table */
4092         for (idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
4093                 INIT_HLIST_HEAD(&ip_vs_svc_table[idx]);
4094                 INIT_HLIST_HEAD(&ip_vs_svc_fwm_table[idx]);
4095         }
4096 
4097         smp_wmb();      /* Do we really need it now ? */
4098 
4099         ret = register_netdevice_notifier(&ip_vs_dst_notifier);
4100         if (ret < 0)
4101                 return ret;
4102 
4103         LeaveFunction(2);
4104         return 0;
4105 }
4106 
4107 
4108 void ip_vs_control_cleanup(void)
4109 {
4110         EnterFunction(2);
4111         unregister_netdevice_notifier(&ip_vs_dst_notifier);
4112         LeaveFunction(2);
4113 }
4114 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp