| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Sep 2020 09:26:10 +0800
From: "longguang.yue" <bigclouds@....com>
To: unlisted-recipients:; (no To-header on input)
Cc: kuba@...nel.org, yuelongguang@...il.com,
"longguang.yue" <bigclouds@....com>,
Wensong Zhang <wensong@...ux-vs.org>,
Simon Horman <horms@...ge.net.au>,
Julian Anastasov <ja@....bg>,
Pablo Neira Ayuso <pablo@...filter.org>,
Jozsef Kadlecsik <kadlec@...filter.org>,
Florian Westphal <fw@...len.de>,
"David S. Miller" <davem@...emloft.net>,
netdev@...r.kernel.org (open list:IPVS),
lvs-devel@...r.kernel.org (open list:IPVS),
netfilter-devel@...r.kernel.org (open list:NETFILTER),
coreteam@...filter.org (open list:NETFILTER),
linux-kernel@...r.kernel.org (open list)
Subject: [PATCH v3] ipvs: Add traffic statistic up even it is VS/DR or VS/TUN mode
It's ipvs's duty to do traffic statistic if packets get hit,
no matter what mode it is.
Signed-off-by: longguang.yue <bigclouds@....com>
---
net/netfilter/ipvs/ip_vs_conn.c | 14 ++++++++++++--
net/netfilter/ipvs/ip_vs_core.c | 5 ++++-
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
index a90b8eac16ac..c4d164ce8ca7 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -401,6 +401,8 @@ struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p)
struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p)
{
unsigned int hash;
+ __be16 cport;
+ const union nf_inet_addr *caddr;
struct ip_vs_conn *cp, *ret=NULL;
/*
@@ -411,10 +413,18 @@ struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p)
rcu_read_lock();
hlist_for_each_entry_rcu(cp, &ip_vs_conn_tab[hash], c_list) {
- if (p->vport == cp->cport && p->cport == cp->dport &&
+ cport = cp->dport;
+ caddr = &cp->daddr;
+
+ if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
+ cport = cp->vport;
+ caddr = &cp->vaddr;
+ }
+
+ if (p->vport == cp->cport && p->cport == cport &&
cp->af == p->af &&
ip_vs_addr_equal(p->af, p->vaddr, &cp->caddr) &&
- ip_vs_addr_equal(p->af, p->caddr, &cp->daddr) &&
+ ip_vs_addr_equal(p->af, p->caddr, caddr) &&
p->protocol == cp->protocol &&
cp->ipvs == p->ipvs) {
if (!__ip_vs_conn_get(cp))
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
index e3668a6e54e4..7ba88dab297a 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -1413,8 +1413,11 @@ ip_vs_out(struct netns_ipvs *ipvs, unsigned int hooknum, struct sk_buff *skb, in
ipvs, af, skb, &iph);
if (likely(cp)) {
- if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ)
+ if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
+ ip_vs_out_stats(cp, skb);
+ skb->ipvs_property = 1;
goto ignore_cp;
+ }
return handle_response(af, skb, pd, cp, &iph, hooknum);
}
--
2.20.1 (Apple Git-117)
Powered by blists - more mailing lists