From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 15/25] ipvs: always update some of the flags bits in backup
Date: Tue, 8 May 2012 09:49:44 +0200 [thread overview]
Message-ID: <1336463394-3119-16-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1336463394-3119-1-git-send-email-pablo@netfilter.org>
From: Julian Anastasov <ja@ssi.bg>
As the goal is to mirror the inactconns/activeconns
counters in the backup server, make sure the cp->flags are
updated even if cp is still not bound to dest. If cp->flags
are not updated ip_vs_bind_dest will rely only on the initial
flags when updating the counters. To avoid mistakes and
complicated checks for protocol state rely only on the
IP_VS_CONN_F_INACTIVE bit when updating the counters.
Signed-off-by: Julian Anastasov <ja@ssi.bg>
Tested-by: Aleksey Chudov <aleksey.chudov@gmail.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
include/linux/ip_vs.h | 5 +++
net/netfilter/ipvs/ip_vs_sync.c | 65 ++++++++++++++-------------------------
2 files changed, 28 insertions(+), 42 deletions(-)
diff --git a/include/linux/ip_vs.h b/include/linux/ip_vs.h
index be0ef3d..8a2d438 100644
--- a/include/linux/ip_vs.h
+++ b/include/linux/ip_vs.h
@@ -89,6 +89,7 @@
#define IP_VS_CONN_F_TEMPLATE 0x1000 /* template, not connection */
#define IP_VS_CONN_F_ONE_PACKET 0x2000 /* forward only one packet */
+/* Initial bits allowed in backup server */
#define IP_VS_CONN_F_BACKUP_MASK (IP_VS_CONN_F_FWD_MASK | \
IP_VS_CONN_F_NOOUTPUT | \
IP_VS_CONN_F_INACTIVE | \
@@ -97,6 +98,10 @@
IP_VS_CONN_F_TEMPLATE \
)
+/* Bits allowed to update in backup server */
+#define IP_VS_CONN_F_BACKUP_UPD_MASK (IP_VS_CONN_F_INACTIVE | \
+ IP_VS_CONN_F_SEQ_MASK)
+
/* Flags that are not sent to backup server start from bit 16 */
#define IP_VS_CONN_F_NFCT (1 << 16) /* use netfilter conntrack */
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index f4e0b6c..eeed767 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -731,9 +731,30 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param,
else
cp = ip_vs_ct_in_get(param);
- if (cp && param->pe_data) /* Free pe_data */
+ if (cp) {
+ /* Free pe_data */
kfree(param->pe_data);
- if (!cp) {
+
+ dest = cp->dest;
+ if ((cp->flags ^ flags) & IP_VS_CONN_F_INACTIVE &&
+ !(flags & IP_VS_CONN_F_TEMPLATE) && dest) {
+ if (flags & IP_VS_CONN_F_INACTIVE) {
+ atomic_dec(&dest->activeconns);
+ atomic_inc(&dest->inactconns);
+ } else {
+ atomic_inc(&dest->activeconns);
+ atomic_dec(&dest->inactconns);
+ }
+ }
+ flags &= IP_VS_CONN_F_BACKUP_UPD_MASK;
+ flags |= cp->flags & ~IP_VS_CONN_F_BACKUP_UPD_MASK;
+ cp->flags = flags;
+ if (!dest) {
+ dest = ip_vs_try_bind_dest(cp);
+ if (dest)
+ atomic_dec(&dest->refcnt);
+ }
+ } else {
/*
* Find the appropriate destination for the connection.
* If it is not found the connection will remain unbound
@@ -742,18 +763,6 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param,
dest = ip_vs_find_dest(net, type, daddr, dport, param->vaddr,
param->vport, protocol, fwmark, flags);
- /* Set the approprite ativity flag */
- if (protocol == IPPROTO_TCP) {
- if (state != IP_VS_TCP_S_ESTABLISHED)
- flags |= IP_VS_CONN_F_INACTIVE;
- else
- flags &= ~IP_VS_CONN_F_INACTIVE;
- } else if (protocol == IPPROTO_SCTP) {
- if (state != IP_VS_SCTP_S_ESTABLISHED)
- flags |= IP_VS_CONN_F_INACTIVE;
- else
- flags &= ~IP_VS_CONN_F_INACTIVE;
- }
cp = ip_vs_conn_new(param, daddr, dport, flags, dest, fwmark);
if (dest)
atomic_dec(&dest->refcnt);
@@ -763,34 +772,6 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param,
IP_VS_DBG(2, "BACKUP, add new conn. failed\n");
return;
}
- } else if (!cp->dest) {
- dest = ip_vs_try_bind_dest(cp);
- if (dest)
- atomic_dec(&dest->refcnt);
- } else if ((cp->dest) && (cp->protocol == IPPROTO_TCP) &&
- (cp->state != state)) {
- /* update active/inactive flag for the connection */
- dest = cp->dest;
- if (!(cp->flags & IP_VS_CONN_F_INACTIVE) &&
- (state != IP_VS_TCP_S_ESTABLISHED)) {
- atomic_dec(&dest->activeconns);
- atomic_inc(&dest->inactconns);
- cp->flags |= IP_VS_CONN_F_INACTIVE;
- } else if ((cp->flags & IP_VS_CONN_F_INACTIVE) &&
- (state == IP_VS_TCP_S_ESTABLISHED)) {
- atomic_inc(&dest->activeconns);
- atomic_dec(&dest->inactconns);
- cp->flags &= ~IP_VS_CONN_F_INACTIVE;
- }
- } else if ((cp->dest) && (cp->protocol == IPPROTO_SCTP) &&
- (cp->state != state)) {
- dest = cp->dest;
- if (!(cp->flags & IP_VS_CONN_F_INACTIVE) &&
- (state != IP_VS_SCTP_S_ESTABLISHED)) {
- atomic_dec(&dest->activeconns);
- atomic_inc(&dest->inactconns);
- cp->flags &= ~IP_VS_CONN_F_INACTIVE;
- }
}
if (opt)
--
1.7.9.5
next prev parent reply other threads:[~2012-05-08 7:49 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-08 7:49 [PATCH 00/25] [v2] netfilter updates for net-next (upcoming 3.5) pablo
2012-05-08 7:49 ` [PATCH 01/25] netfilter: nf_ct_ecache: refactor notifier registration pablo
2012-05-08 7:49 ` [PATCH 02/25] netfilter: nf_ct_helper: allow to disable automatic helper assignment pablo
2012-05-08 7:49 ` [PATCH 03/25] netfilter: nf_conntrack: use this_cpu_inc() pablo
2012-05-08 7:49 ` [PATCH 04/25] netfilter: bridge: optionally set indev to vlan pablo
2012-05-08 7:49 ` pablo
2012-05-08 7:49 ` [PATCH 05/25] ipvs: timeout tables do not need GFP_ATOMIC allocation pablo
2012-05-08 7:49 ` [PATCH 06/25] ipvs: LBLC scheduler does not need GFP_ATOMIC allocation on init pablo
2012-05-08 7:49 ` [PATCH 07/25] ipvs: DH scheduler does not need GFP_ATOMIC allocation pablo
2012-05-08 7:49 ` [PATCH 08/25] ipvs: WRR " pablo
2012-05-08 7:49 ` [PATCH 10/25] ipvs: SH " pablo
2012-05-08 7:49 ` [PATCH 11/25] ipvs: use GFP_KERNEL allocation where possible pablo
2012-05-08 7:49 ` [PATCH 12/25] ipvs: ignore IP_VS_CONN_F_NOOUTPUT in backup server pablo
2012-05-08 7:49 ` [PATCH 13/25] ipvs: remove check for IP_VS_CONN_F_SYNC from ip_vs_bind_dest pablo
2012-05-08 7:49 ` [PATCH 14/25] ipvs: fix ip_vs_try_bind_dest to rebind app and transmitter pablo
2012-05-08 7:49 ` pablo [this message]
2012-05-08 7:49 ` [PATCH 16/25] ipvs: wakeup master thread pablo
2012-05-08 7:49 ` [PATCH 17/25] ipvs: reduce sync rate with time thresholds pablo
2012-05-08 7:49 ` [PATCH 18/25] ipvs: add support for sync threads pablo
2012-05-08 7:49 ` [PATCH 19/25] ipvs: optimize the use of flags in ip_vs_bind_dest pablo
2012-05-08 7:49 ` [PATCH 20/25] ipvs: ip_vs_ftp: local functions should not be exposed globally pablo
2012-05-08 7:49 ` [PATCH 21/25] ipvs: ip_vs_proto: " pablo
2012-05-08 7:49 ` [PATCH 22/25] net: export sysctl_[r|w]mem_max symbols needed by ip_vs_sync pablo
2012-05-08 7:49 ` [PATCH 23/25] netfilter: nf_ct_expect: partially implement ctnetlink_change_expect pablo
2012-05-08 7:49 ` [PATCH 24/25] netfilter: nf_conntrack: fix explicit helper attachment and NAT pablo
2012-05-08 7:49 ` [PATCH 25/25] netfilter: remove ip_queue support pablo
2012-05-08 16:49 ` [PATCH 00/25] [v2] netfilter updates for net-next (upcoming 3.5) David Miller
2012-05-08 17:10 ` Pablo Neira Ayuso
2012-05-08 17:12 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2012-05-08 0:21 [PATCH 00/25] " pablo
2012-05-08 0:22 ` [PATCH 15/25] ipvs: always update some of the flags bits in backup pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1336463394-3119-16-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).