1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * ip_vs_proto_udp.c: UDP load balancing support for IPVS
5 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
6 * Julian Anastasov <ja@ssi.bg>
8 * Changes: Hans Schillstrom <hans.schillstrom@ericsson.com>
9 * Network name space (netns) aware.
12 #define KMSG_COMPONENT "IPVS"
13 #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
17 #include <linux/kernel.h>
18 #include <linux/netfilter.h>
19 #include <linux/netfilter_ipv4.h>
20 #include <linux/udp.h>
21 #include <linux/indirect_call_wrapper.h>
23 #include <net/ip_vs.h>
25 #include <net/ip6_checksum.h>
28 udp_csum_check(int af, struct sk_buff *skb, struct ip_vs_protocol *pp);
31 udp_conn_schedule(struct netns_ipvs *ipvs, int af, struct sk_buff *skb,
32 struct ip_vs_proto_data *pd,
33 int *verdict, struct ip_vs_conn **cpp,
34 struct ip_vs_iphdr *iph)
36 struct ip_vs_service *svc;
37 struct udphdr _udph, *uh;
38 __be16 _ports[2], *ports = NULL;
40 if (likely(!ip_vs_iph_icmp(iph))) {
41 /* IPv6 fragments, only first fragment will hit this */
42 uh = skb_header_pointer(skb, iph->len, sizeof(_udph), &_udph);
46 ports = skb_header_pointer(
47 skb, iph->len, sizeof(_ports), &_ports);
55 if (likely(!ip_vs_iph_inverse(iph)))
56 svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
57 &iph->daddr, ports[1]);
59 svc = ip_vs_service_find(ipvs, af, skb->mark, iph->protocol,
60 &iph->saddr, ports[0]);
65 if (ip_vs_todrop(ipvs)) {
67 * It seems that we are very loaded.
68 * We have to drop this packet :(
75 * Let the virtual server select a real server for the
76 * incoming connection, and create a connection entry.
78 *cpp = ip_vs_schedule(svc, skb, pd, &ignored, iph);
79 if (!*cpp && ignored <= 0) {
81 *verdict = ip_vs_leave(svc, skb, pd, iph);
93 udp_fast_csum_update(int af, struct udphdr *uhdr,
94 const union nf_inet_addr *oldip,
95 const union nf_inet_addr *newip,
96 __be16 oldport, __be16 newport)
98 #ifdef CONFIG_IP_VS_IPV6
101 csum_fold(ip_vs_check_diff16(oldip->ip6, newip->ip6,
102 ip_vs_check_diff2(oldport, newport,
103 ~csum_unfold(uhdr->check))));
107 csum_fold(ip_vs_check_diff4(oldip->ip, newip->ip,
108 ip_vs_check_diff2(oldport, newport,
109 ~csum_unfold(uhdr->check))));
111 uhdr->check = CSUM_MANGLED_0;
115 udp_partial_csum_update(int af, struct udphdr *uhdr,
116 const union nf_inet_addr *oldip,
117 const union nf_inet_addr *newip,
118 __be16 oldlen, __be16 newlen)
120 #ifdef CONFIG_IP_VS_IPV6
123 ~csum_fold(ip_vs_check_diff16(oldip->ip6, newip->ip6,
124 ip_vs_check_diff2(oldlen, newlen,
125 csum_unfold(uhdr->check))));
129 ~csum_fold(ip_vs_check_diff4(oldip->ip, newip->ip,
130 ip_vs_check_diff2(oldlen, newlen,
131 csum_unfold(uhdr->check))));
135 INDIRECT_CALLABLE_SCOPE int
136 udp_snat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp,
137 struct ip_vs_conn *cp, struct ip_vs_iphdr *iph)
140 unsigned int udphoff = iph->len;
141 bool payload_csum = false;
144 #ifdef CONFIG_IP_VS_IPV6
145 if (cp->af == AF_INET6 && iph->fragoffs)
148 oldlen = skb->len - udphoff;
150 /* csum_check requires unshared skb */
151 if (skb_ensure_writable(skb, udphoff + sizeof(*udph)))
154 if (unlikely(cp->app != NULL)) {
157 /* Some checks before mangling */
158 if (!udp_csum_check(cp->af, skb, pp))
162 * Call application helper if needed
164 if (!(ret = ip_vs_app_pkt_out(cp, skb, iph)))
166 /* ret=2: csum update is needed after payload mangling */
168 oldlen = skb->len - udphoff;
173 udph = (void *)skb_network_header(skb) + udphoff;
174 udph->source = cp->vport;
177 * Adjust UDP checksums
179 if (skb->ip_summed == CHECKSUM_PARTIAL) {
180 udp_partial_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
182 htons(skb->len - udphoff));
183 } else if (!payload_csum && (udph->check != 0)) {
184 /* Only port and addr are changed, do fast csum update */
185 udp_fast_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
186 cp->dport, cp->vport);
187 if (skb->ip_summed == CHECKSUM_COMPLETE)
188 skb->ip_summed = cp->app ?
189 CHECKSUM_UNNECESSARY : CHECKSUM_NONE;
191 /* full checksum calculation */
193 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
194 #ifdef CONFIG_IP_VS_IPV6
195 if (cp->af == AF_INET6)
196 udph->check = csum_ipv6_magic(&cp->vaddr.in6,
199 cp->protocol, skb->csum);
202 udph->check = csum_tcpudp_magic(cp->vaddr.ip,
207 if (udph->check == 0)
208 udph->check = CSUM_MANGLED_0;
209 skb->ip_summed = CHECKSUM_UNNECESSARY;
210 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
211 pp->name, udph->check,
212 (char*)&(udph->check) - (char*)udph);
219 udp_dnat_handler(struct sk_buff *skb, struct ip_vs_protocol *pp,
220 struct ip_vs_conn *cp, struct ip_vs_iphdr *iph)
223 unsigned int udphoff = iph->len;
224 bool payload_csum = false;
227 #ifdef CONFIG_IP_VS_IPV6
228 if (cp->af == AF_INET6 && iph->fragoffs)
231 oldlen = skb->len - udphoff;
233 /* csum_check requires unshared skb */
234 if (skb_ensure_writable(skb, udphoff + sizeof(*udph)))
237 if (unlikely(cp->app != NULL)) {
240 /* Some checks before mangling */
241 if (!udp_csum_check(cp->af, skb, pp))
245 * Attempt ip_vs_app call.
246 * It will fix ip_vs_conn
248 if (!(ret = ip_vs_app_pkt_in(cp, skb, iph)))
250 /* ret=2: csum update is needed after payload mangling */
252 oldlen = skb->len - udphoff;
257 udph = (void *)skb_network_header(skb) + udphoff;
258 udph->dest = cp->dport;
261 * Adjust UDP checksums
263 if (skb->ip_summed == CHECKSUM_PARTIAL) {
264 udp_partial_csum_update(cp->af, udph, &cp->vaddr, &cp->daddr,
266 htons(skb->len - udphoff));
267 } else if (!payload_csum && (udph->check != 0)) {
268 /* Only port and addr are changed, do fast csum update */
269 udp_fast_csum_update(cp->af, udph, &cp->vaddr, &cp->daddr,
270 cp->vport, cp->dport);
271 if (skb->ip_summed == CHECKSUM_COMPLETE)
272 skb->ip_summed = cp->app ?
273 CHECKSUM_UNNECESSARY : CHECKSUM_NONE;
275 /* full checksum calculation */
277 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
278 #ifdef CONFIG_IP_VS_IPV6
279 if (cp->af == AF_INET6)
280 udph->check = csum_ipv6_magic(&cp->caddr.in6,
283 cp->protocol, skb->csum);
286 udph->check = csum_tcpudp_magic(cp->caddr.ip,
291 if (udph->check == 0)
292 udph->check = CSUM_MANGLED_0;
293 skb->ip_summed = CHECKSUM_UNNECESSARY;
300 udp_csum_check(int af, struct sk_buff *skb, struct ip_vs_protocol *pp)
302 struct udphdr _udph, *uh;
303 unsigned int udphoff;
305 #ifdef CONFIG_IP_VS_IPV6
307 udphoff = sizeof(struct ipv6hdr);
310 udphoff = ip_hdrlen(skb);
312 uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph);
316 if (uh->check != 0) {
317 switch (skb->ip_summed) {
319 skb->csum = skb_checksum(skb, udphoff,
320 skb->len - udphoff, 0);
322 case CHECKSUM_COMPLETE:
323 #ifdef CONFIG_IP_VS_IPV6
324 if (af == AF_INET6) {
325 if (csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
326 &ipv6_hdr(skb)->daddr,
328 ipv6_hdr(skb)->nexthdr,
330 IP_VS_DBG_RL_PKT(0, af, pp, skb, 0,
331 "Failed checksum for");
336 if (csum_tcpudp_magic(ip_hdr(skb)->saddr,
339 ip_hdr(skb)->protocol,
341 IP_VS_DBG_RL_PKT(0, af, pp, skb, 0,
342 "Failed checksum for");
347 /* No need to checksum. */
354 static inline __u16 udp_app_hashkey(__be16 port)
356 return (((__force u16)port >> UDP_APP_TAB_BITS) ^ (__force u16)port)
361 static int udp_register_app(struct netns_ipvs *ipvs, struct ip_vs_app *inc)
365 __be16 port = inc->port;
367 struct ip_vs_proto_data *pd = ip_vs_proto_data_get(ipvs, IPPROTO_UDP);
369 hash = udp_app_hashkey(port);
371 list_for_each_entry(i, &ipvs->udp_apps[hash], p_list) {
372 if (i->port == port) {
377 list_add_rcu(&inc->p_list, &ipvs->udp_apps[hash]);
378 atomic_inc(&pd->appcnt);
386 udp_unregister_app(struct netns_ipvs *ipvs, struct ip_vs_app *inc)
388 struct ip_vs_proto_data *pd = ip_vs_proto_data_get(ipvs, IPPROTO_UDP);
390 atomic_dec(&pd->appcnt);
391 list_del_rcu(&inc->p_list);
395 static int udp_app_conn_bind(struct ip_vs_conn *cp)
397 struct netns_ipvs *ipvs = cp->ipvs;
399 struct ip_vs_app *inc;
402 /* Default binding: bind app only for NAT */
403 if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ)
406 /* Lookup application incarnations and bind the right one */
407 hash = udp_app_hashkey(cp->vport);
409 list_for_each_entry_rcu(inc, &ipvs->udp_apps[hash], p_list) {
410 if (inc->port == cp->vport) {
411 if (unlikely(!ip_vs_app_inc_get(inc)))
414 IP_VS_DBG_BUF(9, "%s(): Binding conn %s:%u->"
415 "%s:%u to app %s on port %u\n",
417 IP_VS_DBG_ADDR(cp->af, &cp->caddr),
419 IP_VS_DBG_ADDR(cp->af, &cp->vaddr),
421 inc->name, ntohs(inc->port));
425 result = inc->init_conn(inc, cp);
434 static const int udp_timeouts[IP_VS_UDP_S_LAST+1] = {
435 [IP_VS_UDP_S_NORMAL] = 5*60*HZ,
436 [IP_VS_UDP_S_LAST] = 2*HZ,
439 static const char *const udp_state_name_table[IP_VS_UDP_S_LAST+1] = {
440 [IP_VS_UDP_S_NORMAL] = "UDP",
441 [IP_VS_UDP_S_LAST] = "BUG!",
444 static const char * udp_state_name(int state)
446 if (state >= IP_VS_UDP_S_LAST)
448 return udp_state_name_table[state] ? udp_state_name_table[state] : "?";
452 udp_state_transition(struct ip_vs_conn *cp, int direction,
453 const struct sk_buff *skb,
454 struct ip_vs_proto_data *pd)
457 pr_err("UDP no ns data\n");
461 cp->timeout = pd->timeout_table[IP_VS_UDP_S_NORMAL];
462 if (direction == IP_VS_DIR_OUTPUT)
463 ip_vs_control_assure_ct(cp);
466 static int __udp_init(struct netns_ipvs *ipvs, struct ip_vs_proto_data *pd)
468 ip_vs_init_hash_table(ipvs->udp_apps, UDP_APP_TAB_SIZE);
469 pd->timeout_table = ip_vs_create_timeout_table((int *)udp_timeouts,
470 sizeof(udp_timeouts));
471 if (!pd->timeout_table)
476 static void __udp_exit(struct netns_ipvs *ipvs, struct ip_vs_proto_data *pd)
478 kfree(pd->timeout_table);
482 struct ip_vs_protocol ip_vs_protocol_udp = {
484 .protocol = IPPROTO_UDP,
485 .num_states = IP_VS_UDP_S_LAST,
489 .init_netns = __udp_init,
490 .exit_netns = __udp_exit,
491 .conn_schedule = udp_conn_schedule,
492 .conn_in_get = ip_vs_conn_in_get_proto,
493 .conn_out_get = ip_vs_conn_out_get_proto,
494 .snat_handler = udp_snat_handler,
495 .dnat_handler = udp_dnat_handler,
496 .state_transition = udp_state_transition,
497 .state_name = udp_state_name,
498 .register_app = udp_register_app,
499 .unregister_app = udp_unregister_app,
500 .app_conn_bind = udp_app_conn_bind,
501 .debug_packet = ip_vs_tcpudp_debug_packet,
502 .timeout_change = NULL,
projects / librecmc / linux-libre.git / blob