2 * ip_vs_xmit.c: various packet transmitters for IPVS
4 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
5 * Julian Anastasov <ja@ssi.bg>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
16 #define KMSG_COMPONENT "IPVS"
17 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
19 #include <linux/kernel.h>
20 #include <linux/slab.h>
21 #include <linux/tcp.h> /* for tcphdr */
23 #include <net/tcp.h> /* for csum_tcpudp_magic */
25 #include <net/icmp.h> /* for icmp_send */
26 #include <net/route.h> /* for ip_route_output */
28 #include <net/ip6_route.h>
29 #include <linux/icmpv6.h>
30 #include <linux/netfilter.h>
31 #include <linux/netfilter_ipv4.h>
33 #include <net/ip_vs.h>
37 * Destination cache to speed up outgoing route lookup
40 __ip_vs_dst_set(struct ip_vs_dest *dest, u32 rtos, struct dst_entry *dst)
42 struct dst_entry *old_dst;
44 old_dst = dest->dst_cache;
45 dest->dst_cache = dst;
46 dest->dst_rtos = rtos;
50 static inline struct dst_entry *
51 __ip_vs_dst_check(struct ip_vs_dest *dest, u32 rtos, u32 cookie)
53 struct dst_entry *dst = dest->dst_cache;
58 || (dest->af == AF_INET && rtos != dest->dst_rtos)) &&
59 dst->ops->check(dst, cookie) == NULL) {
60 dest->dst_cache = NULL;
68 static struct rtable *
69 __ip_vs_get_out_rt(struct ip_vs_conn *cp, u32 rtos)
71 struct rtable *rt; /* Route to the other host */
72 struct ip_vs_dest *dest = cp->dest;
75 spin_lock(&dest->dst_lock);
76 if (!(rt = (struct rtable *)
77 __ip_vs_dst_check(dest, rtos, 0))) {
82 .daddr = dest->addr.ip,
87 if (ip_route_output_key(&init_net, &rt, &fl)) {
88 spin_unlock(&dest->dst_lock);
89 IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n",
93 __ip_vs_dst_set(dest, rtos, dst_clone(&rt->u.dst));
94 IP_VS_DBG(10, "new dst %pI4, refcnt=%d, rtos=%X\n",
96 atomic_read(&rt->u.dst.__refcnt), rtos);
98 spin_unlock(&dest->dst_lock);
104 .daddr = cp->daddr.ip,
109 if (ip_route_output_key(&init_net, &rt, &fl)) {
110 IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n",
119 #ifdef CONFIG_IP_VS_IPV6
120 static struct rt6_info *
121 __ip_vs_get_out_rt_v6(struct ip_vs_conn *cp)
123 struct rt6_info *rt; /* Route to the other host */
124 struct ip_vs_dest *dest = cp->dest;
127 spin_lock(&dest->dst_lock);
128 rt = (struct rt6_info *)__ip_vs_dst_check(dest, 0, 0);
134 .daddr = dest->addr.in6,
143 rt = (struct rt6_info *)ip6_route_output(&init_net,
146 spin_unlock(&dest->dst_lock);
147 IP_VS_DBG_RL("ip6_route_output error, dest: %pI6\n",
151 __ip_vs_dst_set(dest, 0, dst_clone(&rt->u.dst));
152 IP_VS_DBG(10, "new dst %pI6, refcnt=%d\n",
154 atomic_read(&rt->u.dst.__refcnt));
156 spin_unlock(&dest->dst_lock);
162 .daddr = cp->daddr.in6,
164 .s6_addr32 = { 0, 0, 0, 0 },
170 rt = (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
172 IP_VS_DBG_RL("ip6_route_output error, dest: %pI6\n",
184 * Release dest->dst_cache before a dest is removed
187 ip_vs_dst_reset(struct ip_vs_dest *dest)
189 struct dst_entry *old_dst;
191 old_dst = dest->dst_cache;
192 dest->dst_cache = NULL;
193 dst_release(old_dst);
196 #define IP_VS_XMIT(pf, skb, rt) \
198 (skb)->ipvs_property = 1; \
199 skb_forward_csum(skb); \
200 NF_HOOK(pf, NF_INET_LOCAL_OUT, (skb), NULL, \
201 (rt)->u.dst.dev, dst_output); \
206 * NULL transmitter (do nothing except return NF_ACCEPT)
209 ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
210 struct ip_vs_protocol *pp)
212 /* we do not touch skb and do not need pskb ptr */
219 * Let packets bypass the destination when the destination is not
220 * available, it may be only used in transparent cache cluster.
223 ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
224 struct ip_vs_protocol *pp)
226 struct rtable *rt; /* Route to the other host */
227 struct iphdr *iph = ip_hdr(skb);
236 .tos = RT_TOS(tos), } },
241 if (ip_route_output_key(&init_net, &rt, &fl)) {
242 IP_VS_DBG_RL("%s(): ip_route_output error, dest: %pI4\n",
243 __func__, &iph->daddr);
248 mtu = dst_mtu(&rt->u.dst);
249 if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) {
251 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
252 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
257 * Call ip_send_check because we are not sure it is called
258 * after ip_defrag. Is copy-on-write needed?
260 if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
264 ip_send_check(ip_hdr(skb));
268 skb_dst_set(skb, &rt->u.dst);
270 /* Another hack: avoid icmp_send in ip_fragment */
273 IP_VS_XMIT(NFPROTO_IPV4, skb, rt);
279 dst_link_failure(skb);
286 #ifdef CONFIG_IP_VS_IPV6
288 ip_vs_bypass_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
289 struct ip_vs_protocol *pp)
291 struct rt6_info *rt; /* Route to the other host */
292 struct ipv6hdr *iph = ipv6_hdr(skb);
299 .saddr = { .s6_addr32 = {0, 0, 0, 0} }, } },
304 rt = (struct rt6_info *)ip6_route_output(&init_net, NULL, &fl);
306 IP_VS_DBG_RL("%s(): ip6_route_output error, dest: %pI6\n",
307 __func__, &iph->daddr);
312 mtu = dst_mtu(&rt->u.dst);
313 if (skb->len > mtu) {
314 dst_release(&rt->u.dst);
315 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
316 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
321 * Call ip_send_check because we are not sure it is called
322 * after ip_defrag. Is copy-on-write needed?
324 skb = skb_share_check(skb, GFP_ATOMIC);
325 if (unlikely(skb == NULL)) {
326 dst_release(&rt->u.dst);
332 skb_dst_set(skb, &rt->u.dst);
334 /* Another hack: avoid icmp_send in ip_fragment */
337 IP_VS_XMIT(NFPROTO_IPV6, skb, rt);
343 dst_link_failure(skb);
352 * NAT transmitter (only for outside-to-inside nat forwarding)
353 * Not used for related ICMP
356 ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
357 struct ip_vs_protocol *pp)
359 struct rtable *rt; /* Route to the other host */
361 struct iphdr *iph = ip_hdr(skb);
365 /* check if it is a connection of no-client-port */
366 if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
368 p = skb_header_pointer(skb, iph->ihl*4, sizeof(_pt), &_pt);
371 ip_vs_conn_fill_cport(cp, *p);
372 IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
375 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(iph->tos))))
379 mtu = dst_mtu(&rt->u.dst);
380 if ((skb->len > mtu) && (iph->frag_off & htons(IP_DF))) {
382 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
383 IP_VS_DBG_RL_PKT(0, pp, skb, 0, "ip_vs_nat_xmit(): frag needed for");
387 /* copy-on-write the packet before mangling it */
388 if (!skb_make_writable(skb, sizeof(struct iphdr)))
391 if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
396 skb_dst_set(skb, &rt->u.dst);
398 /* mangle the packet */
399 if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
401 ip_hdr(skb)->daddr = cp->daddr.ip;
402 ip_send_check(ip_hdr(skb));
404 IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT");
406 /* FIXME: when application helper enlarges the packet and the length
407 is larger than the MTU of outgoing device, there will be still
410 /* Another hack: avoid icmp_send in ip_fragment */
413 IP_VS_XMIT(NFPROTO_IPV4, skb, rt);
419 dst_link_failure(skb);
429 #ifdef CONFIG_IP_VS_IPV6
431 ip_vs_nat_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
432 struct ip_vs_protocol *pp)
434 struct rt6_info *rt; /* Route to the other host */
439 /* check if it is a connection of no-client-port */
440 if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
442 p = skb_header_pointer(skb, sizeof(struct ipv6hdr),
446 ip_vs_conn_fill_cport(cp, *p);
447 IP_VS_DBG(10, "filled cport=%d\n", ntohs(*p));
450 rt = __ip_vs_get_out_rt_v6(cp);
455 mtu = dst_mtu(&rt->u.dst);
456 if (skb->len > mtu) {
457 dst_release(&rt->u.dst);
458 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
459 IP_VS_DBG_RL_PKT(0, pp, skb, 0,
460 "ip_vs_nat_xmit_v6(): frag needed for");
464 /* copy-on-write the packet before mangling it */
465 if (!skb_make_writable(skb, sizeof(struct ipv6hdr)))
468 if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
473 skb_dst_set(skb, &rt->u.dst);
475 /* mangle the packet */
476 if (pp->dnat_handler && !pp->dnat_handler(skb, pp, cp))
478 ipv6_hdr(skb)->daddr = cp->daddr.in6;
480 IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT");
482 /* FIXME: when application helper enlarges the packet and the length
483 is larger than the MTU of outgoing device, there will be still
486 /* Another hack: avoid icmp_send in ip_fragment */
489 IP_VS_XMIT(NFPROTO_IPV6, skb, rt);
495 dst_link_failure(skb);
501 dst_release(&rt->u.dst);
508 * IP Tunneling transmitter
510 * This function encapsulates the packet in a new IP packet, its
511 * destination will be set to cp->daddr. Most code of this function
512 * is taken from ipip.c.
514 * It is used in VS/TUN cluster. The load balancer selects a real
515 * server from a cluster based on a scheduling algorithm,
516 * encapsulates the request packet and forwards it to the selected
517 * server. For example, all real servers are configured with
518 * "ifconfig tunl0 <Virtual IP Address> up". When the server receives
519 * the encapsulated packet, it will decapsulate the packet, processe
520 * the request and return the response packets directly to the client
521 * without passing the load balancer. This can greatly increase the
522 * scalability of virtual server.
524 * Used for ANY protocol
527 ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
528 struct ip_vs_protocol *pp)
530 struct rtable *rt; /* Route to the other host */
531 struct net_device *tdev; /* Device to other host */
532 struct iphdr *old_iph = ip_hdr(skb);
533 u8 tos = old_iph->tos;
534 __be16 df = old_iph->frag_off;
535 sk_buff_data_t old_transport_header = skb->transport_header;
536 struct iphdr *iph; /* Our new IP header */
537 unsigned int max_headroom; /* The extra header space needed */
542 if (skb->protocol != htons(ETH_P_IP)) {
543 IP_VS_DBG_RL("%s(): protocol error, "
544 "ETH_P_IP: %d, skb protocol: %d\n",
545 __func__, htons(ETH_P_IP), skb->protocol);
549 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(tos))))
552 tdev = rt->u.dst.dev;
554 mtu = dst_mtu(&rt->u.dst) - sizeof(struct iphdr);
557 IP_VS_DBG_RL("%s(): mtu less than 68\n", __func__);
561 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
563 df |= (old_iph->frag_off & htons(IP_DF));
565 if ((old_iph->frag_off & htons(IP_DF))
566 && mtu < ntohs(old_iph->tot_len)) {
567 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
569 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
574 * Okay, now see if we can stuff it in the buffer as-is.
576 max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct iphdr);
578 if (skb_headroom(skb) < max_headroom
579 || skb_cloned(skb) || skb_shared(skb)) {
580 struct sk_buff *new_skb =
581 skb_realloc_headroom(skb, max_headroom);
585 IP_VS_ERR_RL("%s(): no memory\n", __func__);
590 old_iph = ip_hdr(skb);
593 skb->transport_header = old_transport_header;
595 /* fix old IP header checksum */
596 ip_send_check(old_iph);
598 skb_push(skb, sizeof(struct iphdr));
599 skb_reset_network_header(skb);
600 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
604 skb_dst_set(skb, &rt->u.dst);
607 * Push down and install the IPIP header.
611 iph->ihl = sizeof(struct iphdr)>>2;
613 iph->protocol = IPPROTO_IPIP;
615 iph->daddr = rt->rt_dst;
616 iph->saddr = rt->rt_src;
617 iph->ttl = old_iph->ttl;
618 ip_select_ident(iph, &rt->u.dst, NULL);
620 /* Another hack: avoid icmp_send in ip_fragment */
630 dst_link_failure(skb);
637 #ifdef CONFIG_IP_VS_IPV6
639 ip_vs_tunnel_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
640 struct ip_vs_protocol *pp)
642 struct rt6_info *rt; /* Route to the other host */
643 struct net_device *tdev; /* Device to other host */
644 struct ipv6hdr *old_iph = ipv6_hdr(skb);
645 sk_buff_data_t old_transport_header = skb->transport_header;
646 struct ipv6hdr *iph; /* Our new IP header */
647 unsigned int max_headroom; /* The extra header space needed */
652 if (skb->protocol != htons(ETH_P_IPV6)) {
653 IP_VS_DBG_RL("%s(): protocol error, "
654 "ETH_P_IPV6: %d, skb protocol: %d\n",
655 __func__, htons(ETH_P_IPV6), skb->protocol);
659 rt = __ip_vs_get_out_rt_v6(cp);
663 tdev = rt->u.dst.dev;
665 mtu = dst_mtu(&rt->u.dst) - sizeof(struct ipv6hdr);
666 /* TODO IPv6: do we need this check in IPv6? */
668 dst_release(&rt->u.dst);
669 IP_VS_DBG_RL("%s(): mtu less than 1280\n", __func__);
673 skb_dst(skb)->ops->update_pmtu(skb_dst(skb), mtu);
675 if (mtu < ntohs(old_iph->payload_len) + sizeof(struct ipv6hdr)) {
676 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
677 dst_release(&rt->u.dst);
678 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
683 * Okay, now see if we can stuff it in the buffer as-is.
685 max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct ipv6hdr);
687 if (skb_headroom(skb) < max_headroom
688 || skb_cloned(skb) || skb_shared(skb)) {
689 struct sk_buff *new_skb =
690 skb_realloc_headroom(skb, max_headroom);
692 dst_release(&rt->u.dst);
694 IP_VS_ERR_RL("%s(): no memory\n", __func__);
699 old_iph = ipv6_hdr(skb);
702 skb->transport_header = old_transport_header;
704 skb_push(skb, sizeof(struct ipv6hdr));
705 skb_reset_network_header(skb);
706 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
710 skb_dst_set(skb, &rt->u.dst);
713 * Push down and install the IPIP header.
717 iph->nexthdr = IPPROTO_IPV6;
718 iph->payload_len = old_iph->payload_len;
719 be16_add_cpu(&iph->payload_len, sizeof(*old_iph));
720 iph->priority = old_iph->priority;
721 memset(&iph->flow_lbl, 0, sizeof(iph->flow_lbl));
722 iph->daddr = rt->rt6i_dst.addr;
723 iph->saddr = cp->vaddr.in6; /* rt->rt6i_src.addr; */
724 iph->hop_limit = old_iph->hop_limit;
726 /* Another hack: avoid icmp_send in ip_fragment */
736 dst_link_failure(skb);
746 * Direct Routing transmitter
747 * Used for ANY protocol
750 ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
751 struct ip_vs_protocol *pp)
753 struct rtable *rt; /* Route to the other host */
754 struct iphdr *iph = ip_hdr(skb);
759 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(iph->tos))))
763 mtu = dst_mtu(&rt->u.dst);
764 if ((iph->frag_off & htons(IP_DF)) && skb->len > mtu) {
765 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
767 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
772 * Call ip_send_check because we are not sure it is called
773 * after ip_defrag. Is copy-on-write needed?
775 if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
779 ip_send_check(ip_hdr(skb));
783 skb_dst_set(skb, &rt->u.dst);
785 /* Another hack: avoid icmp_send in ip_fragment */
788 IP_VS_XMIT(NFPROTO_IPV4, skb, rt);
794 dst_link_failure(skb);
801 #ifdef CONFIG_IP_VS_IPV6
803 ip_vs_dr_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
804 struct ip_vs_protocol *pp)
806 struct rt6_info *rt; /* Route to the other host */
811 rt = __ip_vs_get_out_rt_v6(cp);
816 mtu = dst_mtu(&rt->u.dst);
817 if (skb->len > mtu) {
818 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
819 dst_release(&rt->u.dst);
820 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
825 * Call ip_send_check because we are not sure it is called
826 * after ip_defrag. Is copy-on-write needed?
828 skb = skb_share_check(skb, GFP_ATOMIC);
829 if (unlikely(skb == NULL)) {
830 dst_release(&rt->u.dst);
836 skb_dst_set(skb, &rt->u.dst);
838 /* Another hack: avoid icmp_send in ip_fragment */
841 IP_VS_XMIT(NFPROTO_IPV6, skb, rt);
847 dst_link_failure(skb);
857 * ICMP packet transmitter
858 * called by the ip_vs_in_icmp
861 ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
862 struct ip_vs_protocol *pp, int offset)
864 struct rtable *rt; /* Route to the other host */
870 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
871 forwarded directly here, because there is no need to
872 translate address/port back */
873 if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
875 rc = cp->packet_xmit(skb, cp, pp);
878 /* do not touch skb anymore */
879 atomic_inc(&cp->in_pkts);
884 * mangle and send the packet here (only for VS/NAT)
887 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(ip_hdr(skb)->tos))))
891 mtu = dst_mtu(&rt->u.dst);
892 if ((skb->len > mtu) && (ip_hdr(skb)->frag_off & htons(IP_DF))) {
894 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
895 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
899 /* copy-on-write the packet before mangling it */
900 if (!skb_make_writable(skb, offset))
903 if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
906 /* drop the old route when skb is not shared */
908 skb_dst_set(skb, &rt->u.dst);
910 ip_vs_nat_icmp(skb, pp, cp, 0);
912 /* Another hack: avoid icmp_send in ip_fragment */
915 IP_VS_XMIT(NFPROTO_IPV4, skb, rt);
921 dst_link_failure(skb);
933 #ifdef CONFIG_IP_VS_IPV6
935 ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
936 struct ip_vs_protocol *pp, int offset)
938 struct rt6_info *rt; /* Route to the other host */
944 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
945 forwarded directly here, because there is no need to
946 translate address/port back */
947 if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
949 rc = cp->packet_xmit(skb, cp, pp);
952 /* do not touch skb anymore */
953 atomic_inc(&cp->in_pkts);
958 * mangle and send the packet here (only for VS/NAT)
961 rt = __ip_vs_get_out_rt_v6(cp);
966 mtu = dst_mtu(&rt->u.dst);
967 if (skb->len > mtu) {
968 dst_release(&rt->u.dst);
969 icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
970 IP_VS_DBG_RL("%s(): frag needed\n", __func__);
974 /* copy-on-write the packet before mangling it */
975 if (!skb_make_writable(skb, offset))
978 if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
981 /* drop the old route when skb is not shared */
983 skb_dst_set(skb, &rt->u.dst);
985 ip_vs_nat_icmp_v6(skb, pp, cp, 0);
987 /* Another hack: avoid icmp_send in ip_fragment */
990 IP_VS_XMIT(NFPROTO_IPV6, skb, rt);
996 dst_link_failure(skb);
1004 dst_release(&rt->u.dst);
projects / linux-drm-fsl-dcu.git / blob