net/ipv4/ipvs/ip_vs_proto_udp.c

   1 /*
   2  * ip_vs_proto_udp.c:   UDP load balancing support for IPVS
   3  *
   4  * Authors:     Wensong Zhang <wensong@linuxvirtualserver.org>
   5  *              Julian Anastasov <ja@ssi.bg>
   6  *
   7  *              This program is free software; you can redistribute it and/or
   8  *              modify it under the terms of the GNU General Public License
   9  *              as published by the Free Software Foundation; either version
  10  *              2 of the License, or (at your option) any later version.
  11  *
  12  * Changes:
  13  *
  14  */
  15
  16 #include <linux/in.h>
  17 #include <linux/ip.h>
  18 #include <linux/kernel.h>
  19 #include <linux/netfilter.h>
  20 #include <linux/netfilter_ipv4.h>
  21 #include <linux/udp.h>
  22
  23 #include <net/ip_vs.h>
  24 #include <net/ip.h>
  25 #include <net/ip6_checksum.h>
  26
  27 static struct ip_vs_conn *
  28 udp_conn_in_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp,
  29                 const struct ip_vs_iphdr *iph, unsigned int proto_off,
  30                 int inverse)
  31 {
  32         struct ip_vs_conn *cp;
  33         __be16 _ports[2], *pptr;
  34
  35         pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports);
  36         if (pptr == NULL)
  37                 return NULL;
  38
  39         if (likely(!inverse)) {
  40                 cp = ip_vs_conn_in_get(af, iph->protocol,
  41                                        &iph->saddr, pptr[0],
  42                                        &iph->daddr, pptr[1]);
  43         } else {
  44                 cp = ip_vs_conn_in_get(af, iph->protocol,
  45                                        &iph->daddr, pptr[1],
  46                                        &iph->saddr, pptr[0]);
  47         }
  48
  49         return cp;
  50 }
  51
  52
  53 static struct ip_vs_conn *
  54 udp_conn_out_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp,
  55                  const struct ip_vs_iphdr *iph, unsigned int proto_off,
  56                  int inverse)
  57 {
  58         struct ip_vs_conn *cp;
  59         __be16 _ports[2], *pptr;
  60
  61         pptr = skb_header_pointer(skb, proto_off, sizeof(_ports), _ports);
  62         if (pptr == NULL)
  63                 return NULL;
  64
  65         if (likely(!inverse)) {
  66                 cp = ip_vs_conn_out_get(af, iph->protocol,
  67                                         &iph->saddr, pptr[0],
  68                                         &iph->daddr, pptr[1]);
  69         } else {
  70                 cp = ip_vs_conn_out_get(af, iph->protocol,
  71                                         &iph->daddr, pptr[1],
  72                                         &iph->saddr, pptr[0]);
  73         }
  74
  75         return cp;
  76 }
  77
  78
  79 static int
  80 udp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_protocol *pp,
  81                   int *verdict, struct ip_vs_conn **cpp)
  82 {
  83         struct ip_vs_service *svc;
  84         struct udphdr _udph, *uh;
  85         struct ip_vs_iphdr iph;
  86
  87         ip_vs_fill_iphdr(af, skb_network_header(skb), &iph);
  88
  89         uh = skb_header_pointer(skb, iph.len, sizeof(_udph), &_udph);
  90         if (uh == NULL) {
  91                 *verdict = NF_DROP;
  92                 return 0;
  93         }
  94
  95         svc = ip_vs_service_get(af, skb->mark, iph.protocol,
  96                                 &iph.daddr, uh->dest);
  97         if (svc) {
  98                 if (ip_vs_todrop()) {
  99                         /*
 100                          * It seems that we are very loaded.
 101                          * We have to drop this packet :(
 102                          */
 103                         ip_vs_service_put(svc);
 104                         *verdict = NF_DROP;
 105                         return 0;
 106                 }
 107
 108                 /*
 109                  * Let the virtual server select a real server for the
 110                  * incoming connection, and create a connection entry.
 111                  */
 112                 *cpp = ip_vs_schedule(svc, skb);
 113                 if (!*cpp) {
 114                         *verdict = ip_vs_leave(svc, skb, pp);
 115                         return 0;
 116                 }
 117                 ip_vs_service_put(svc);
 118         }
 119         return 1;
 120 }
 121
 122
 123 static inline void
 124 udp_fast_csum_update(int af, struct udphdr *uhdr,
 125                      const union nf_inet_addr *oldip,
 126                      const union nf_inet_addr *newip,
 127                      __be16 oldport, __be16 newport)
 128 {
 129 #ifdef CONFIG_IP_VS_IPV6
 130         if (af == AF_INET6)
 131                 uhdr->check =
 132                         csum_fold(ip_vs_check_diff16(oldip->ip6, newip->ip6,
 133                                          ip_vs_check_diff2(oldport, newport,
 134                                                 ~csum_unfold(uhdr->check))));
 135         else
 136 #endif
 137                 uhdr->check =
 138                         csum_fold(ip_vs_check_diff4(oldip->ip, newip->ip,
 139                                          ip_vs_check_diff2(oldport, newport,
 140                                                 ~csum_unfold(uhdr->check))));
 141         if (!uhdr->check)
 142                 uhdr->check = CSUM_MANGLED_0;
 143 }
 144
 145 static inline void
 146 udp_partial_csum_update(int af, struct udphdr *uhdr,
 147                      const union nf_inet_addr *oldip,
 148                      const union nf_inet_addr *newip,
 149                      __be16 oldlen, __be16 newlen)
 150 {
 151 #ifdef CONFIG_IP_VS_IPV6
 152         if (af == AF_INET6)
 153                 uhdr->check =
 154                         csum_fold(ip_vs_check_diff16(oldip->ip6, newip->ip6,
 155                                          ip_vs_check_diff2(oldlen, newlen,
 156                                                 ~csum_unfold(uhdr->check))));
 157         else
 158 #endif
 159         uhdr->check =
 160                 csum_fold(ip_vs_check_diff4(oldip->ip, newip->ip,
 161                                 ip_vs_check_diff2(oldlen, newlen,
 162                                                 ~csum_unfold(uhdr->check))));
 163 }
 164
 165
 166 static int
 167 udp_snat_handler(struct sk_buff *skb,
 168                  struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
 169 {
 170         struct udphdr *udph;
 171         unsigned int udphoff;
 172         int oldlen;
 173
 174 #ifdef CONFIG_IP_VS_IPV6
 175         if (cp->af == AF_INET6)
 176                 udphoff = sizeof(struct ipv6hdr);
 177         else
 178 #endif
 179                 udphoff = ip_hdrlen(skb);
 180         oldlen = skb->len - udphoff;
 181
 182         /* csum_check requires unshared skb */
 183         if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
 184                 return 0;
 185
 186         if (unlikely(cp->app != NULL)) {
 187                 /* Some checks before mangling */
 188                 if (pp->csum_check && !pp->csum_check(cp->af, skb, pp))
 189                         return 0;
 190
 191                 /*
 192                  *      Call application helper if needed
 193                  */
 194                 if (!ip_vs_app_pkt_out(cp, skb))
 195                         return 0;
 196         }
 197
 198         udph = (void *)skb_network_header(skb) + udphoff;
 199         udph->source = cp->vport;
 200
 201         /*
 202          *      Adjust UDP checksums
 203          */
 204         if (skb->ip_summed == CHECKSUM_PARTIAL) {
 205                 udp_partial_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
 206                                         htonl(oldlen),
 207                                         htonl(skb->len - udphoff));
 208         } else if (!cp->app && (udph->check != 0)) {
 209                 /* Only port and addr are changed, do fast csum update */
 210                 udp_fast_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
 211                                      cp->dport, cp->vport);
 212                 if (skb->ip_summed == CHECKSUM_COMPLETE)
 213                         skb->ip_summed = CHECKSUM_NONE;
 214         } else {
 215                 /* full checksum calculation */
 216                 udph->check = 0;
 217                 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
 218 #ifdef CONFIG_IP_VS_IPV6
 219                 if (cp->af == AF_INET6)
 220                         udph->check = csum_ipv6_magic(&cp->vaddr.in6,
 221                                                       &cp->caddr.in6,
 222                                                       skb->len - udphoff,
 223                                                       cp->protocol, skb->csum);
 224                 else
 225 #endif
 226                         udph->check = csum_tcpudp_magic(cp->vaddr.ip,
 227                                                         cp->caddr.ip,
 228                                                         skb->len - udphoff,
 229                                                         cp->protocol,
 230                                                         skb->csum);
 231                 if (udph->check == 0)
 232                         udph->check = CSUM_MANGLED_0;
 233                 IP_VS_DBG(11, "O-pkt: %s O-csum=%d (+%zd)\n",
 234                           pp->name, udph->check,
 235                           (char*)&(udph->check) - (char*)udph);
 236         }
 237         return 1;
 238 }
 239
 240
 241 static int
 242 udp_dnat_handler(struct sk_buff *skb,
 243                  struct ip_vs_protocol *pp, struct ip_vs_conn *cp)
 244 {
 245         struct udphdr *udph;
 246         unsigned int udphoff;
 247         int oldlen;
 248
 249 #ifdef CONFIG_IP_VS_IPV6
 250         if (cp->af == AF_INET6)
 251                 udphoff = sizeof(struct ipv6hdr);
 252         else
 253 #endif
 254                 udphoff = ip_hdrlen(skb);
 255         oldlen = skb->len - udphoff;
 256
 257         /* csum_check requires unshared skb */
 258         if (!skb_make_writable(skb, udphoff+sizeof(*udph)))
 259                 return 0;
 260
 261         if (unlikely(cp->app != NULL)) {
 262                 /* Some checks before mangling */
 263                 if (pp->csum_check && !pp->csum_check(cp->af, skb, pp))
 264                         return 0;
 265
 266                 /*
 267                  *      Attempt ip_vs_app call.
 268                  *      It will fix ip_vs_conn
 269                  */
 270                 if (!ip_vs_app_pkt_in(cp, skb))
 271                         return 0;
 272         }
 273
 274         udph = (void *)skb_network_header(skb) + udphoff;
 275         udph->dest = cp->dport;
 276
 277         /*
 278          *      Adjust UDP checksums
 279          */
 280         if (skb->ip_summed == CHECKSUM_PARTIAL) {
 281                 udp_partial_csum_update(cp->af, udph, &cp->daddr, &cp->vaddr,
 282                                         htonl(oldlen),
 283                                         htonl(skb->len - udphoff));
 284         } else if (!cp->app && (udph->check != 0)) {
 285                 /* Only port and addr are changed, do fast csum update */
 286                 udp_fast_csum_update(cp->af, udph, &cp->vaddr, &cp->daddr,
 287                                      cp->vport, cp->dport);
 288                 if (skb->ip_summed == CHECKSUM_COMPLETE)
 289                         skb->ip_summed = CHECKSUM_NONE;
 290         } else {
 291                 /* full checksum calculation */
 292                 udph->check = 0;
 293                 skb->csum = skb_checksum(skb, udphoff, skb->len - udphoff, 0);
 294 #ifdef CONFIG_IP_VS_IPV6
 295                 if (cp->af == AF_INET6)
 296                         udph->check = csum_ipv6_magic(&cp->caddr.in6,
 297                                                       &cp->daddr.in6,
 298                                                       skb->len - udphoff,
 299                                                       cp->protocol, skb->csum);
 300                 else
 301 #endif
 302                         udph->check = csum_tcpudp_magic(cp->caddr.ip,
 303                                                         cp->daddr.ip,
 304                                                         skb->len - udphoff,
 305                                                         cp->protocol,
 306                                                         skb->csum);
 307                 if (udph->check == 0)
 308                         udph->check = CSUM_MANGLED_0;
 309                 skb->ip_summed = CHECKSUM_UNNECESSARY;
 310         }
 311         return 1;
 312 }
 313
 314
 315 static int
 316 udp_csum_check(int af, struct sk_buff *skb, struct ip_vs_protocol *pp)
 317 {
 318         struct udphdr _udph, *uh;
 319         unsigned int udphoff;
 320
 321 #ifdef CONFIG_IP_VS_IPV6
 322         if (af == AF_INET6)
 323                 udphoff = sizeof(struct ipv6hdr);
 324         else
 325 #endif
 326                 udphoff = ip_hdrlen(skb);
 327
 328         uh = skb_header_pointer(skb, udphoff, sizeof(_udph), &_udph);
 329         if (uh == NULL)
 330                 return 0;
 331
 332         if (uh->check != 0) {
 333                 switch (skb->ip_summed) {
 334                 case CHECKSUM_NONE:
 335                         skb->csum = skb_checksum(skb, udphoff,
 336                                                  skb->len - udphoff, 0);
 337                 case CHECKSUM_COMPLETE:
 338 #ifdef CONFIG_IP_VS_IPV6
 339                         if (af == AF_INET6) {
 340                                 if (csum_ipv6_magic(&ipv6_hdr(skb)->saddr,
 341                                                     &ipv6_hdr(skb)->daddr,
 342                                                     skb->len - udphoff,
 343                                                     ipv6_hdr(skb)->nexthdr,
 344                                                     skb->csum)) {
 345                                         IP_VS_DBG_RL_PKT(0, pp, skb, 0,
 346                                                          "Failed checksum for");
 347                                         return 0;
 348                                 }
 349                         } else
 350 #endif
 351                                 if (csum_tcpudp_magic(ip_hdr(skb)->saddr,
 352                                                       ip_hdr(skb)->daddr,
 353                                                       skb->len - udphoff,
 354                                                       ip_hdr(skb)->protocol,
 355                                                       skb->csum)) {
 356                                         IP_VS_DBG_RL_PKT(0, pp, skb, 0,
 357                                                          "Failed checksum for");
 358                                         return 0;
 359                                 }
 360                         break;
 361                 default:
 362                         /* No need to checksum. */
 363                         break;
 364                 }
 365         }
 366         return 1;
 367 }
 368
 369
 370 /*
 371  *      Note: the caller guarantees that only one of register_app,
 372  *      unregister_app or app_conn_bind is called each time.
 373  */
 374
 375 #define UDP_APP_TAB_BITS        4
 376 #define UDP_APP_TAB_SIZE        (1 << UDP_APP_TAB_BITS)
 377 #define UDP_APP_TAB_MASK        (UDP_APP_TAB_SIZE - 1)
 378
 379 static struct list_head udp_apps[UDP_APP_TAB_SIZE];
 380 static DEFINE_SPINLOCK(udp_app_lock);
 381
 382 static inline __u16 udp_app_hashkey(__be16 port)
 383 {
 384         return (((__force u16)port >> UDP_APP_TAB_BITS) ^ (__force u16)port)
 385                 & UDP_APP_TAB_MASK;
 386 }
 387
 388
 389 static int udp_register_app(struct ip_vs_app *inc)
 390 {
 391         struct ip_vs_app *i;
 392         __u16 hash;
 393         __be16 port = inc->port;
 394         int ret = 0;
 395
 396         hash = udp_app_hashkey(port);
 397
 398
 399         spin_lock_bh(&udp_app_lock);
 400         list_for_each_entry(i, &udp_apps[hash], p_list) {
 401                 if (i->port == port) {
 402                         ret = -EEXIST;
 403                         goto out;
 404                 }
 405         }
 406         list_add(&inc->p_list, &udp_apps[hash]);
 407         atomic_inc(&ip_vs_protocol_udp.appcnt);
 408
 409   out:
 410         spin_unlock_bh(&udp_app_lock);
 411         return ret;
 412 }
 413
 414
 415 static void
 416 udp_unregister_app(struct ip_vs_app *inc)
 417 {
 418         spin_lock_bh(&udp_app_lock);
 419         atomic_dec(&ip_vs_protocol_udp.appcnt);
 420         list_del(&inc->p_list);
 421         spin_unlock_bh(&udp_app_lock);
 422 }
 423
 424
 425 static int udp_app_conn_bind(struct ip_vs_conn *cp)
 426 {
 427         int hash;
 428         struct ip_vs_app *inc;
 429         int result = 0;
 430
 431         /* Default binding: bind app only for NAT */
 432         if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ)
 433                 return 0;
 434
 435         /* Lookup application incarnations and bind the right one */
 436         hash = udp_app_hashkey(cp->vport);
 437
 438         spin_lock(&udp_app_lock);
 439         list_for_each_entry(inc, &udp_apps[hash], p_list) {
 440                 if (inc->port == cp->vport) {
 441                         if (unlikely(!ip_vs_app_inc_get(inc)))
 442                                 break;
 443                         spin_unlock(&udp_app_lock);
 444
 445                         IP_VS_DBG_BUF(9, "%s: Binding conn %s:%u->"
 446                                       "%s:%u to app %s on port %u\n",
 447                                       __func__,
 448                                       IP_VS_DBG_ADDR(cp->af, &cp->caddr),
 449                                       ntohs(cp->cport),
 450                                       IP_VS_DBG_ADDR(cp->af, &cp->vaddr),
 451                                       ntohs(cp->vport),
 452                                       inc->name, ntohs(inc->port));
 453
 454                         cp->app = inc;
 455                         if (inc->init_conn)
 456                                 result = inc->init_conn(inc, cp);
 457                         goto out;
 458                 }
 459         }
 460         spin_unlock(&udp_app_lock);
 461
 462   out:
 463         return result;
 464 }
 465
 466
 467 static int udp_timeouts[IP_VS_UDP_S_LAST+1] = {
 468         [IP_VS_UDP_S_NORMAL]            =       5*60*HZ,
 469         [IP_VS_UDP_S_LAST]              =       2*HZ,
 470 };
 471
 472 static char * udp_state_name_table[IP_VS_UDP_S_LAST+1] = {
 473         [IP_VS_UDP_S_NORMAL]            =       "UDP",
 474         [IP_VS_UDP_S_LAST]              =       "BUG!",
 475 };
 476
 477
 478 static int
 479 udp_set_state_timeout(struct ip_vs_protocol *pp, char *sname, int to)
 480 {
 481         return ip_vs_set_state_timeout(pp->timeout_table, IP_VS_UDP_S_LAST,
 482                                        udp_state_name_table, sname, to);
 483 }
 484
 485 static const char * udp_state_name(int state)
 486 {
 487         if (state >= IP_VS_UDP_S_LAST)
 488                 return "ERR!";
 489         return udp_state_name_table[state] ? udp_state_name_table[state] : "?";
 490 }
 491
 492 static int
 493 udp_state_transition(struct ip_vs_conn *cp, int direction,
 494                      const struct sk_buff *skb,
 495                      struct ip_vs_protocol *pp)
 496 {
 497         cp->timeout = pp->timeout_table[IP_VS_UDP_S_NORMAL];
 498         return 1;
 499 }
 500
 501 static void udp_init(struct ip_vs_protocol *pp)
 502 {
 503         IP_VS_INIT_HASH_TABLE(udp_apps);
 504         pp->timeout_table = udp_timeouts;
 505 }
 506
 507 static void udp_exit(struct ip_vs_protocol *pp)
 508 {
 509 }
 510
 511
 512 struct ip_vs_protocol ip_vs_protocol_udp = {
 513         .name =                 "UDP",
 514         .protocol =             IPPROTO_UDP,
 515         .num_states =           IP_VS_UDP_S_LAST,
 516         .dont_defrag =          0,
 517         .init =                 udp_init,
 518         .exit =                 udp_exit,
 519         .conn_schedule =        udp_conn_schedule,
 520         .conn_in_get =          udp_conn_in_get,
 521         .conn_out_get =         udp_conn_out_get,
 522         .snat_handler =         udp_snat_handler,
 523         .dnat_handler =         udp_dnat_handler,
 524         .csum_check =           udp_csum_check,
 525         .state_transition =     udp_state_transition,
 526         .state_name =           udp_state_name,
 527         .register_app =         udp_register_app,
 528         .unregister_app =       udp_unregister_app,
 529         .app_conn_bind =        udp_app_conn_bind,
 530         .debug_packet =         ip_vs_tcpudp_debug_packet,
 531         .timeout_change =       NULL,
 532         .set_state_timeout =    udp_set_state_timeout,
 533 };