2 * ip_vs_xmit.c: various packet transmitters for IPVS
4 * Version: $Id: ip_vs_xmit.c,v 1.2 2002/11/30 01:50:35 wensong Exp $
6 * Authors: Wensong Zhang <wensong@linuxvirtualserver.org>
7 * Julian Anastasov <ja@ssi.bg>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 #include <linux/kernel.h>
20 #include <linux/tcp.h> /* for tcphdr */
21 #include <net/tcp.h> /* for csum_tcpudp_magic */
23 #include <net/icmp.h> /* for icmp_send */
24 #include <net/route.h> /* for ip_route_output */
25 #include <linux/netfilter.h>
26 #include <linux/netfilter_ipv4.h>
28 #include <net/ip_vs.h>
32 * Destination cache to speed up outgoing route lookup
35 __ip_vs_dst_set(struct ip_vs_dest *dest, u32 rtos, struct dst_entry *dst)
37 struct dst_entry *old_dst;
39 old_dst = dest->dst_cache;
40 dest->dst_cache = dst;
41 dest->dst_rtos = rtos;
45 static inline struct dst_entry *
46 __ip_vs_dst_check(struct ip_vs_dest *dest, u32 rtos, u32 cookie)
48 struct dst_entry *dst = dest->dst_cache;
52 if ((dst->obsolete || rtos != dest->dst_rtos) &&
53 dst->ops->check(dst, cookie) == NULL) {
61 static inline struct rtable *
62 __ip_vs_get_out_rt(struct ip_vs_conn *cp, u32 rtos)
64 struct rtable *rt; /* Route to the other host */
65 struct ip_vs_dest *dest = cp->dest;
68 spin_lock(&dest->dst_lock);
69 if (!(rt = (struct rtable *)
70 __ip_vs_dst_check(dest, rtos, 0))) {
80 if (ip_route_output_key(&rt, &fl)) {
81 spin_unlock(&dest->dst_lock);
82 IP_VS_DBG_RL("ip_route_output error, "
83 "dest: %u.%u.%u.%u\n",
87 __ip_vs_dst_set(dest, rtos, dst_clone(&rt->u.dst));
88 IP_VS_DBG(10, "new dst %u.%u.%u.%u, refcnt=%d, rtos=%X\n",
90 atomic_read(&rt->u.dst.__refcnt), rtos);
92 spin_unlock(&dest->dst_lock);
103 if (ip_route_output_key(&rt, &fl)) {
104 IP_VS_DBG_RL("ip_route_output error, dest: "
105 "%u.%u.%u.%u\n", NIPQUAD(cp->daddr));
115 * Release dest->dst_cache before a dest is removed
118 ip_vs_dst_reset(struct ip_vs_dest *dest)
120 struct dst_entry *old_dst;
122 old_dst = dest->dst_cache;
123 dest->dst_cache = NULL;
124 dst_release(old_dst);
128 #define IP_VS_XMIT(skb, rt) \
130 (skb)->nfcache |= NFC_IPVS_PROPERTY; \
131 NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \
132 (rt)->u.dst.dev, dst_output); \
137 * NULL transmitter (do nothing except return NF_ACCEPT)
140 ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
141 struct ip_vs_protocol *pp)
143 /* we do not touch skb and do not need pskb ptr */
150 * Let packets bypass the destination when the destination is not
151 * available, it may be only used in transparent cache cluster.
154 ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
155 struct ip_vs_protocol *pp)
157 struct rtable *rt; /* Route to the other host */
158 struct iphdr *iph = skb->nh.iph;
167 .tos = RT_TOS(tos), } },
172 if (ip_route_output_key(&rt, &fl)) {
173 IP_VS_DBG_RL("ip_vs_bypass_xmit(): ip_route_output error, "
174 "dest: %u.%u.%u.%u\n", NIPQUAD(iph->daddr));
179 mtu = dst_pmtu(&rt->u.dst);
180 if ((skb->len > mtu) && (iph->frag_off&__constant_htons(IP_DF))) {
182 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
183 IP_VS_DBG_RL("ip_vs_bypass_xmit(): frag needed\n");
188 * Call ip_send_check because we are not sure it is called
189 * after ip_defrag. Is copy-on-write needed?
191 if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
195 ip_send_check(skb->nh.iph);
198 dst_release(skb->dst);
199 skb->dst = &rt->u.dst;
201 /* Another hack: avoid icmp_send in ip_fragment */
204 #ifdef CONFIG_NETFILTER_DEBUG
206 #endif /* CONFIG_NETFILTER_DEBUG */
213 dst_link_failure(skb);
222 * NAT transmitter (only for outside-to-inside nat forwarding)
223 * Not used for related ICMP
226 ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
227 struct ip_vs_protocol *pp)
229 struct rtable *rt; /* Route to the other host */
231 struct iphdr *iph = skb->nh.iph;
235 /* check if it is a connection of no-client-port */
236 if (unlikely(cp->flags & IP_VS_CONN_F_NO_CPORT)) {
238 if (skb_copy_bits(skb, iph->ihl*4, &pt, sizeof(pt)) < 0)
240 ip_vs_conn_fill_cport(cp, pt);
241 IP_VS_DBG(10, "filled cport=%d\n", ntohs(pt));
244 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(iph->tos))))
248 mtu = dst_pmtu(&rt->u.dst);
249 if ((skb->len > mtu) && (iph->frag_off&__constant_htons(IP_DF))) {
251 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
252 IP_VS_DBG_RL_PKT(0, pp, skb, 0, "ip_vs_nat_xmit(): frag needed for");
256 /* copy-on-write the packet before mangling it */
257 if (!ip_vs_make_skb_writable(&skb, sizeof(struct iphdr)))
260 if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
264 dst_release(skb->dst);
265 skb->dst = &rt->u.dst;
267 /* mangle the packet */
268 if (pp->dnat_handler && !pp->dnat_handler(&skb, pp, cp))
270 skb->nh.iph->daddr = cp->daddr;
271 ip_send_check(skb->nh.iph);
273 IP_VS_DBG_PKT(10, pp, skb, 0, "After DNAT");
275 /* FIXME: when application helper enlarges the packet and the length
276 is larger than the MTU of outgoing device, there will be still
279 /* Another hack: avoid icmp_send in ip_fragment */
282 #ifdef CONFIG_NETFILTER_DEBUG
284 #endif /* CONFIG_NETFILTER_DEBUG */
291 dst_link_failure(skb);
303 * IP Tunneling transmitter
305 * This function encapsulates the packet in a new IP packet, its
306 * destination will be set to cp->daddr. Most code of this function
307 * is taken from ipip.c.
309 * It is used in VS/TUN cluster. The load balancer selects a real
310 * server from a cluster based on a scheduling algorithm,
311 * encapsulates the request packet and forwards it to the selected
312 * server. For example, all real servers are configured with
313 * "ifconfig tunl0 <Virtual IP Address> up". When the server receives
314 * the encapsulated packet, it will decapsulate the packet, processe
315 * the request and return the response packets directly to the client
316 * without passing the load balancer. This can greatly increase the
317 * scalability of virtual server.
319 * Used for ANY protocol
322 ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
323 struct ip_vs_protocol *pp)
325 struct rtable *rt; /* Route to the other host */
326 struct net_device *tdev; /* Device to other host */
327 struct iphdr *old_iph = skb->nh.iph;
328 u8 tos = old_iph->tos;
329 u16 df = old_iph->frag_off;
330 struct iphdr *iph; /* Our new IP header */
331 int max_headroom; /* The extra header space needed */
336 if (skb->protocol != __constant_htons(ETH_P_IP)) {
337 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): protocol error, "
338 "ETH_P_IP: %d, skb protocol: %d\n",
339 __constant_htons(ETH_P_IP), skb->protocol);
343 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(tos))))
346 tdev = rt->u.dst.dev;
348 mtu = dst_pmtu(&rt->u.dst) - sizeof(struct iphdr);
351 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): mtu less than 68\n");
355 skb->dst->ops->update_pmtu(skb->dst, mtu);
357 df |= (old_iph->frag_off&__constant_htons(IP_DF));
359 if ((old_iph->frag_off&__constant_htons(IP_DF))
360 && mtu < ntohs(old_iph->tot_len)) {
361 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
363 IP_VS_DBG_RL("ip_vs_tunnel_xmit(): frag needed\n");
368 * Okay, now see if we can stuff it in the buffer as-is.
370 max_headroom = LL_RESERVED_SPACE(tdev) + sizeof(struct iphdr);
372 if (skb_headroom(skb) < max_headroom
373 || skb_cloned(skb) || skb_shared(skb)) {
374 struct sk_buff *new_skb =
375 skb_realloc_headroom(skb, max_headroom);
379 IP_VS_ERR_RL("ip_vs_tunnel_xmit(): no memory\n");
384 old_iph = skb->nh.iph;
387 skb->h.raw = (void *) old_iph;
389 /* fix old IP header checksum */
390 ip_send_check(old_iph);
392 skb->nh.raw = skb_push(skb, sizeof(struct iphdr));
393 memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt));
396 dst_release(skb->dst);
397 skb->dst = &rt->u.dst;
400 * Push down and install the IPIP header.
404 iph->ihl = sizeof(struct iphdr)>>2;
406 iph->protocol = IPPROTO_IPIP;
408 iph->daddr = rt->rt_dst;
409 iph->saddr = rt->rt_src;
410 iph->ttl = old_iph->ttl;
411 iph->tot_len = htons(skb->len);
412 ip_select_ident(iph, &rt->u.dst, NULL);
415 skb->ip_summed = CHECKSUM_NONE;
417 /* Another hack: avoid icmp_send in ip_fragment */
420 #ifdef CONFIG_NETFILTER_DEBUG
422 #endif /* CONFIG_NETFILTER_DEBUG */
431 dst_link_failure(skb);
440 * Direct Routing transmitter
441 * Used for ANY protocol
444 ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
445 struct ip_vs_protocol *pp)
447 struct rtable *rt; /* Route to the other host */
448 struct iphdr *iph = skb->nh.iph;
453 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(iph->tos))))
457 mtu = dst_pmtu(&rt->u.dst);
458 if ((iph->frag_off&__constant_htons(IP_DF)) && skb->len > mtu) {
459 icmp_send(skb, ICMP_DEST_UNREACH,ICMP_FRAG_NEEDED, htonl(mtu));
461 IP_VS_DBG_RL("ip_vs_dr_xmit(): frag needed\n");
466 * Call ip_send_check because we are not sure it is called
467 * after ip_defrag. Is copy-on-write needed?
469 if (unlikely((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)) {
473 ip_send_check(skb->nh.iph);
476 dst_release(skb->dst);
477 skb->dst = &rt->u.dst;
479 /* Another hack: avoid icmp_send in ip_fragment */
482 #ifdef CONFIG_NETFILTER_DEBUG
484 #endif /* CONFIG_NETFILTER_DEBUG */
491 dst_link_failure(skb);
500 * ICMP packet transmitter
501 * called by the ip_vs_in_icmp
504 ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
505 struct ip_vs_protocol *pp, int offset)
507 struct rtable *rt; /* Route to the other host */
513 /* The ICMP packet for VS/TUN, VS/DR and LOCALNODE will be
514 forwarded directly here, because there is no need to
515 translate address/port back */
516 if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
518 rc = cp->packet_xmit(skb, cp, pp);
521 /* do not touch skb anymore */
522 atomic_inc(&cp->in_pkts);
523 __ip_vs_conn_put(cp);
528 * mangle and send the packet here (only for VS/NAT)
531 if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(skb->nh.iph->tos))))
535 mtu = dst_pmtu(&rt->u.dst);
536 if ((skb->len > mtu) && (skb->nh.iph->frag_off&__constant_htons(IP_DF))) {
538 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
539 IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n");
543 /* copy-on-write the packet before mangling it */
544 if (!ip_vs_make_skb_writable(&skb, offset))
547 if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
550 /* drop the old route when skb is not shared */
551 dst_release(skb->dst);
552 skb->dst = &rt->u.dst;
554 ip_vs_nat_icmp(skb, pp, cp, 0);
556 /* Another hack: avoid icmp_send in ip_fragment */
559 #ifdef CONFIG_NETFILTER_DEBUG
561 #endif /* CONFIG_NETFILTER_DEBUG */
568 dst_link_failure(skb);
git://git.onelab.eu / linux-2.6.git / blob