lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080902060643.GC13730@verge.net.au>
Date:	Tue, 2 Sep 2008 16:06:45 +1000
From:	Simon Horman <horms@...ge.net.au>
To:	Julius Volz <juliusv@...gle.com>
Cc:	netdev@...r.kernel.org, lvs-devel@...r.kernel.org, kaber@...sh.net,
	vbusam@...gle.com
Subject: Re: [PATCHv2 RFC 05/25] IPVS: Add internal versions of sockopt
	interface structs

On Mon, Sep 01, 2008 at 02:56:02PM +0200, Julius Volz wrote:
> Add extended internal versions of struct ip_vs_service_user and struct
> ip_vs_dest_user (the originals can't be modified as they are part
> of the old sockopt interface). Adjust ip_vs_ctl.c to work with the new
> data structures and add some minor AF-awareness.
> 
> Signed-off-by: Julius Volz <juliusv@...gle.com>
> 
>  2 files changed, 129 insertions(+), 48 deletions(-)
> 
> diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
> index 45a7458..9657bd4 100644
> --- a/include/net/ip_vs.h
> +++ b/include/net/ip_vs.h
> @@ -400,6 +400,45 @@ struct ip_vs_conn {
>  
>  
>  /*
> + *	Extended internal versions of struct ip_vs_service_user and
> + *	ip_vs_dest_user for IPv6 support.
> + *
> + *	We need these to conveniently pass around service and destination
> + *	options, but unfortunately, we also need to keep the old definitions to
> + *	maintain userspace backwards compatibility for the setsockopt interface.
> + */
> +struct ip_vs_service_user_kern {
> +	/* virtual service addresses */
> +	u_int16_t		af;
> +	u_int16_t		protocol;
> +	union nf_inet_addr	addr;		/* virtual ip address */
> +	__be16			port;
> +	u_int32_t		fwmark;		/* firwall mark of service */
> +
> +	/* virtual service options */
> +	char			*sched_name;
> +	unsigned		flags;		/* virtual service flags */
> +	unsigned		timeout;	/* persistent timeout in sec */
> +	__be32			netmask;	/* persistent netmask */
> +};

As this is an internal structure I beleive that u_int16_t and u_int32_t
should be u16 and u32 respectively.

> +struct ip_vs_dest_user_kern {
> +	/* destination server address */
> +	union nf_inet_addr	addr;
> +	__be16			port;
> +
> +	/* real server options */
> +	unsigned		conn_flags;	/* connection flags */
> +	int			weight;		/* destination weight */
> +
> +	/* thresholds for active connections */
> +	u_int32_t		u_threshold;	/* upper threshold */
> +	u_int32_t		l_threshold;	/* lower threshold */
> +};

ditto

> +
> +
> +/*
>   *	The information about the virtual service offered to the net
>   *	and the forwarding entries
>   */
> diff --git a/net/ipv4/ipvs/ip_vs_ctl.c b/net/ipv4/ipvs/ip_vs_ctl.c
> index 47644f3..52b3c1e 100644
> --- a/net/ipv4/ipvs/ip_vs_ctl.c
> +++ b/net/ipv4/ipvs/ip_vs_ctl.c
> @@ -707,7 +707,7 @@ ip_vs_zero_stats(struct ip_vs_stats *stats)
>   */
>  static void
>  __ip_vs_update_dest(struct ip_vs_service *svc,
> -		    struct ip_vs_dest *dest, struct ip_vs_dest_user *udest)
> +		    struct ip_vs_dest *dest, struct ip_vs_dest_user_kern *udest)
>  {
>  	int conn_flags;
>  
> @@ -716,7 +716,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc,
>  	conn_flags = udest->conn_flags | IP_VS_CONN_F_INACTIVE;
>  
>  	/* check if local node and update the flags */
> -	if (inet_addr_type(&init_net, udest->addr) == RTN_LOCAL) {
> +	if (inet_addr_type(&init_net, udest->addr.ip) == RTN_LOCAL) {
>  		conn_flags = (conn_flags & ~IP_VS_CONN_F_FWD_MASK)
>  			| IP_VS_CONN_F_LOCALNODE;
>  	}
> @@ -760,7 +760,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc,
>   *	Create a destination for the given service
>   */
>  static int
> -ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest,
> +ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest,
>  	       struct ip_vs_dest **dest_p)
>  {
>  	struct ip_vs_dest *dest;
> @@ -768,7 +768,7 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest,
>  
>  	EnterFunction(2);
>  
> -	atype = inet_addr_type(&init_net, udest->addr);
> +	atype = inet_addr_type(&init_net, udest->addr.ip);
>  	if (atype != RTN_LOCAL && atype != RTN_UNICAST)
>  		return -EINVAL;
>  
> @@ -778,11 +778,12 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest,
>  		return -ENOMEM;
>  	}
>  
> +	dest->af = svc->af;
>  	dest->protocol = svc->protocol;
> -	dest->vaddr.ip = svc->addr.ip;
> +	dest->vaddr = svc->addr;
>  	dest->vport = svc->port;
>  	dest->vfwmark = svc->fwmark;
> -	dest->addr.ip = udest->addr;
> +	ip_vs_addr_copy(svc->af, &dest->addr, &udest->addr);
>  	dest->port = udest->port;
>  
>  	atomic_set(&dest->activeconns, 0);
> @@ -807,10 +808,10 @@ ip_vs_new_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest,
>   *	Add a destination into an existing service
>   */
>  static int
> -ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest)
> +ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
>  {
>  	struct ip_vs_dest *dest;
> -	__be32 daddr = udest->addr;
> +	union nf_inet_addr daddr;
>  	__be16 dport = udest->port;
>  	int ret;
>  
> @@ -827,10 +828,12 @@ ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest)
>  		return -ERANGE;
>  	}
>  
> +	ip_vs_addr_copy(svc->af, &daddr, &udest->addr);
> +
>  	/*
>  	 * Check if the dest already exists in the list
>  	 */
> -	dest = ip_vs_lookup_dest(svc, daddr, dport);
> +	dest = ip_vs_lookup_dest(svc, daddr.ip, dport);
>  	if (dest != NULL) {
>  		IP_VS_DBG(1, "ip_vs_add_dest(): dest already exists\n");
>  		return -EEXIST;
> @@ -840,7 +843,7 @@ ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest)
>  	 * Check if the dest already exists in the trash and
>  	 * is from the same service
>  	 */
> -	dest = ip_vs_trash_get_dest(svc, daddr, dport);
> +	dest = ip_vs_trash_get_dest(svc, daddr.ip, dport);
>  	if (dest != NULL) {
>  		IP_VS_DBG(3, "Get destination %u.%u.%u.%u:%u from trash, "
>  			  "dest->refcnt=%d, service %u/%u.%u.%u.%u:%u\n",
> @@ -915,10 +918,10 @@ ip_vs_add_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest)
>   *	Edit a destination in the given service
>   */
>  static int
> -ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest)
> +ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
>  {
>  	struct ip_vs_dest *dest;
> -	__be32 daddr = udest->addr;
> +	union nf_inet_addr daddr;
>  	__be16 dport = udest->port;
>  
>  	EnterFunction(2);
> @@ -934,10 +937,12 @@ ip_vs_edit_dest(struct ip_vs_service *svc, struct ip_vs_dest_user *udest)
>  		return -ERANGE;
>  	}
>  
> +	ip_vs_addr_copy(svc->af, &daddr, &udest->addr);
> +
>  	/*
>  	 *  Lookup the destination list
>  	 */
> -	dest = ip_vs_lookup_dest(svc, daddr, dport);
> +	dest = ip_vs_lookup_dest(svc, daddr.ip, dport);
>  	if (dest == NULL) {
>  		IP_VS_DBG(1, "ip_vs_edit_dest(): dest doesn't exist\n");
>  		return -ENOENT;
> @@ -1028,15 +1033,15 @@ static void __ip_vs_unlink_dest(struct ip_vs_service *svc,
>   *	Delete a destination server in the given service
>   */
>  static int
> -ip_vs_del_dest(struct ip_vs_service *svc,struct ip_vs_dest_user *udest)
> +ip_vs_del_dest(struct ip_vs_service *svc, struct ip_vs_dest_user_kern *udest)
>  {
>  	struct ip_vs_dest *dest;
> -	__be32 daddr = udest->addr;
>  	__be16 dport = udest->port;
>  
>  	EnterFunction(2);
>  
> -	dest = ip_vs_lookup_dest(svc, daddr, dport);
> +	dest = ip_vs_lookup_dest(svc, udest->addr.ip, dport);
> +
>  	if (dest == NULL) {
>  		IP_VS_DBG(1, "ip_vs_del_dest(): destination not found!\n");
>  		return -ENOENT;
> @@ -1071,7 +1076,8 @@ ip_vs_del_dest(struct ip_vs_service *svc,struct ip_vs_dest_user *udest)
>   *	Add a service into the service hash table
>   */
>  static int
> -ip_vs_add_service(struct ip_vs_service_user *u, struct ip_vs_service **svc_p)
> +ip_vs_add_service(struct ip_vs_service_user_kern *u,
> +		  struct ip_vs_service **svc_p)
>  {
>  	int ret = 0;
>  	struct ip_vs_scheduler *sched = NULL;
> @@ -1100,8 +1106,9 @@ ip_vs_add_service(struct ip_vs_service_user *u, struct ip_vs_service **svc_p)
>  	atomic_set(&svc->usecnt, 1);
>  	atomic_set(&svc->refcnt, 0);
>  
> +	svc->af = u->af;
>  	svc->protocol = u->protocol;
> -	svc->addr.ip = u->addr;
> +	ip_vs_addr_copy(svc->af, &svc->addr, &u->addr);
>  	svc->port = u->port;
>  	svc->fwmark = u->fwmark;
>  	svc->flags = u->flags;
> @@ -1160,7 +1167,7 @@ ip_vs_add_service(struct ip_vs_service_user *u, struct ip_vs_service **svc_p)
>   *	Edit a service and bind it with a new scheduler
>   */
>  static int
> -ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user *u)
> +ip_vs_edit_service(struct ip_vs_service *svc, struct ip_vs_service_user_kern *u)
>  {
>  	struct ip_vs_scheduler *sched, *old_sched;
>  	int ret = 0;
> @@ -1904,14 +1911,44 @@ static const unsigned char set_arglen[SET_CMDID(IP_VS_SO_SET_MAX)+1] = {
>  	[SET_CMDID(IP_VS_SO_SET_ZERO)]		= SERVICE_ARG_LEN,
>  };
>  
> +static void ip_vs_copy_usvc_compat(struct ip_vs_service_user_kern *usvc,
> +				  struct ip_vs_service_user *usvc_compat)
> +{
> +	usvc->af		= AF_INET;
> +	usvc->protocol		= usvc_compat->protocol;
> +	usvc->addr.ip		= usvc_compat->addr;
> +	usvc->port		= usvc_compat->port;
> +	usvc->fwmark		= usvc_compat->fwmark;
> +
> +	/* Deep copy of sched_name is not needed here */
> +	usvc->sched_name	= usvc_compat->sched_name;
> +
> +	usvc->flags		= usvc_compat->flags;
> +	usvc->timeout		= usvc_compat->timeout;
> +	usvc->netmask		= usvc_compat->netmask;
> +}
> +
> +static void ip_vs_copy_udest_compat(struct ip_vs_dest_user_kern *udest,
> +				   struct ip_vs_dest_user *udest_compat)
> +{
> +	udest->addr.ip		= udest_compat->addr;
> +	udest->port		= udest_compat->port;
> +	udest->conn_flags	= udest_compat->conn_flags;
> +	udest->weight		= udest_compat->weight;
> +	udest->u_threshold	= udest_compat->u_threshold;
> +	udest->l_threshold	= udest_compat->l_threshold;
> +}
> +
>  static int
>  do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
>  {
>  	int ret;
>  	unsigned char arg[MAX_ARG_LEN];
> -	struct ip_vs_service_user *usvc;
> +	struct ip_vs_service_user *usvc_compat;
> +	struct ip_vs_service_user_kern usvc;
>  	struct ip_vs_service *svc;
> -	struct ip_vs_dest_user *udest;
> +	struct ip_vs_dest_user *udest_compat;
> +	struct ip_vs_dest_user_kern udest;
>  
>  	if (!capable(CAP_NET_ADMIN))
>  		return -EPERM;
> @@ -1951,35 +1988,40 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
>  		goto out_unlock;
>  	}
>  
> -	usvc = (struct ip_vs_service_user *)arg;
> -	udest = (struct ip_vs_dest_user *)(usvc + 1);
> +	usvc_compat = (struct ip_vs_service_user *)arg;
> +	udest_compat = (struct ip_vs_dest_user *)(usvc_compat + 1);
> +
> +	/* We only use the new structs internally, so copy userspace compat
> +	 * structs to extended internal versions */
> +	ip_vs_copy_usvc_compat(&usvc, usvc_compat);
> +	ip_vs_copy_udest_compat(&udest, udest_compat);
>  
>  	if (cmd == IP_VS_SO_SET_ZERO) {
>  		/* if no service address is set, zero counters in all */
> -		if (!usvc->fwmark && !usvc->addr && !usvc->port) {
> +		if (!usvc.fwmark && !usvc.addr.ip && !usvc.port) {
>  			ret = ip_vs_zero_all();
>  			goto out_unlock;
>  		}
>  	}
>  
>  	/* Check for valid protocol: TCP or UDP, even for fwmark!=0 */
> -	if (usvc->protocol!=IPPROTO_TCP && usvc->protocol!=IPPROTO_UDP) {
> +	if (usvc.protocol != IPPROTO_TCP && usvc.protocol != IPPROTO_UDP) {
>  		IP_VS_ERR("set_ctl: invalid protocol: %d %d.%d.%d.%d:%d %s\n",
> -			  usvc->protocol, NIPQUAD(usvc->addr),
> -			  ntohs(usvc->port), usvc->sched_name);
> +			  usvc.protocol, NIPQUAD(usvc.addr.ip),
> +			  ntohs(usvc.port), usvc.sched_name);
>  		ret = -EFAULT;
>  		goto out_unlock;
>  	}
>  
>  	/* Lookup the exact service by <protocol, addr, port> or fwmark */
> -	if (usvc->fwmark == 0)
> -		svc = __ip_vs_service_get(usvc->protocol,
> -					  usvc->addr, usvc->port);
> +	if (usvc.fwmark == 0)
> +		svc = __ip_vs_service_get(usvc.protocol,
> +					  usvc.addr.ip, usvc.port);
>  	else
> -		svc = __ip_vs_svc_fwm_get(usvc->fwmark);
> +		svc = __ip_vs_svc_fwm_get(usvc.fwmark);
>  
>  	if (cmd != IP_VS_SO_SET_ADD
> -	    && (svc == NULL || svc->protocol != usvc->protocol)) {
> +	    && (svc == NULL || svc->protocol != usvc.protocol)) {
>  		ret = -ESRCH;
>  		goto out_unlock;
>  	}
> @@ -1989,10 +2031,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
>  		if (svc != NULL)
>  			ret = -EEXIST;
>  		else
> -			ret = ip_vs_add_service(usvc, &svc);
> +			ret = ip_vs_add_service(&usvc, &svc);
>  		break;
>  	case IP_VS_SO_SET_EDIT:
> -		ret = ip_vs_edit_service(svc, usvc);
> +		ret = ip_vs_edit_service(svc, &usvc);
>  		break;
>  	case IP_VS_SO_SET_DEL:
>  		ret = ip_vs_del_service(svc);
> @@ -2003,13 +2045,13 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
>  		ret = ip_vs_zero_service(svc);
>  		break;
>  	case IP_VS_SO_SET_ADDDEST:
> -		ret = ip_vs_add_dest(svc, udest);
> +		ret = ip_vs_add_dest(svc, &udest);
>  		break;
>  	case IP_VS_SO_SET_EDITDEST:
> -		ret = ip_vs_edit_dest(svc, udest);
> +		ret = ip_vs_edit_dest(svc, &udest);
>  		break;
>  	case IP_VS_SO_SET_DELDEST:
> -		ret = ip_vs_del_dest(svc, udest);
> +		ret = ip_vs_del_dest(svc, &udest);
>  		break;
>  	default:
>  		ret = -EINVAL;
> @@ -2516,7 +2558,7 @@ nla_put_failure:
>  	return skb->len;
>  }
>  
> -static int ip_vs_genl_parse_service(struct ip_vs_service_user *usvc,
> +static int ip_vs_genl_parse_service(struct ip_vs_service_user_kern *usvc,
>  				    struct nlattr *nla, int full_entry)
>  {
>  	struct nlattr *attrs[IPVS_SVC_ATTR_MAX + 1];
> @@ -2536,6 +2578,7 @@ static int ip_vs_genl_parse_service(struct ip_vs_service_user *usvc,
>  	if (!(nla_af && (nla_fwmark || (nla_port && nla_protocol && nla_addr))))
>  		return -EINVAL;
>  
> +	usvc->af = nla_get_u16(nla_af);
>  	/* For now, only support IPv4 */
>  	if (nla_get_u16(nla_af) != AF_INET)
>  		return -EAFNOSUPPORT;
> @@ -2571,7 +2614,7 @@ static int ip_vs_genl_parse_service(struct ip_vs_service_user *usvc,
>  		if (usvc->fwmark)
>  			svc = __ip_vs_svc_fwm_get(usvc->fwmark);
>  		else
> -			svc = __ip_vs_service_get(usvc->protocol, usvc->addr,
> +			svc = __ip_vs_service_get(usvc->protocol, usvc->addr.ip,
>  						  usvc->port);
>  		if (svc) {
>  			usvc->flags = svc->flags;
> @@ -2582,9 +2625,7 @@ static int ip_vs_genl_parse_service(struct ip_vs_service_user *usvc,
>  		/* set new flags from userland */
>  		usvc->flags = (usvc->flags & ~flags.mask) |
>  			      (flags.flags & flags.mask);
> -
> -		strlcpy(usvc->sched_name, nla_data(nla_sched),
> -			sizeof(usvc->sched_name));
> +		usvc->sched_name = nla_data(nla_sched);
>  		usvc->timeout = nla_get_u32(nla_timeout);
>  		usvc->netmask = nla_get_u32(nla_netmask);
>  	}
> @@ -2594,7 +2635,7 @@ static int ip_vs_genl_parse_service(struct ip_vs_service_user *usvc,
>  
>  static struct ip_vs_service *ip_vs_genl_find_service(struct nlattr *nla)
>  {
> -	struct ip_vs_service_user usvc;
> +	struct ip_vs_service_user_kern usvc;
>  	int ret;
>  
>  	ret = ip_vs_genl_parse_service(&usvc, nla, 0);
> @@ -2604,7 +2645,7 @@ static struct ip_vs_service *ip_vs_genl_find_service(struct nlattr *nla)
>  	if (usvc.fwmark)
>  		return __ip_vs_svc_fwm_get(usvc.fwmark);
>  	else
> -		return __ip_vs_service_get(usvc.protocol, usvc.addr,
> +		return __ip_vs_service_get(usvc.protocol, usvc.addr.ip,
>  					   usvc.port);
>  }
>  
> @@ -2704,7 +2745,7 @@ out_err:
>  	return skb->len;
>  }
>  
> -static int ip_vs_genl_parse_dest(struct ip_vs_dest_user *udest,
> +static int ip_vs_genl_parse_dest(struct ip_vs_dest_user_kern *udest,
>  				 struct nlattr *nla, int full_entry)
>  {
>  	struct nlattr *attrs[IPVS_DEST_ATTR_MAX + 1];
> @@ -2860,8 +2901,8 @@ static int ip_vs_genl_set_config(struct nlattr **attrs)
>  static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
>  {
>  	struct ip_vs_service *svc = NULL;
> -	struct ip_vs_service_user usvc;
> -	struct ip_vs_dest_user udest;
> +	struct ip_vs_service_user_kern usvc;
> +	struct ip_vs_dest_user_kern udest;
>  	int ret = 0, cmd;
>  	int need_full_svc = 0, need_full_dest = 0;
>  
> @@ -2913,7 +2954,8 @@ static int ip_vs_genl_set_cmd(struct sk_buff *skb, struct genl_info *info)
>  
>  	/* Lookup the exact service by <protocol, addr, port> or fwmark */
>  	if (usvc.fwmark == 0)
> -		svc = __ip_vs_service_get(usvc.protocol, usvc.addr, usvc.port);
> +		svc = __ip_vs_service_get(usvc.protocol, usvc.addr.ip,
> +					  usvc.port);
>  	else
>  		svc = __ip_vs_svc_fwm_get(usvc.fwmark);
>  
> -- 
> 1.5.4.5
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ