ipvs: switch to per-net connection table

#define IP_VS_HDR_INVERSE	1

#define IP_VS_HDR_ICMP		2

/* conn_tab limits (as per Kconfig) */

#define IP_VS_CONN_TAB_MIN_BITS	8

#if BITS_PER_LONG > 32

#define IP_VS_CONN_TAB_MAX_BITS	27

#else

#define IP_VS_CONN_TAB_MAX_BITS	20

#endif

/* svc_table limits */

#define IP_VS_SVC_TAB_MIN_BITS	4

#define IP_VS_SVC_TAB_MAX_BITS	20

enum {

	IP_VS_WORK_SVC_RESIZE,		/* Schedule svc_resize_work */

	IP_VS_WORK_SVC_NORESIZE,	/* Stopping svc_resize_work */

	IP_VS_WORK_CONN_RESIZE,		/* Schedule conn_resize_work */

};

/* The port number of FTP service (in network order). */

/* IP_VS structure allocated for each dynamically scheduled connection */

struct ip_vs_conn {

	struct hlist_node	c_list;         /* hashed list heads */

	struct hlist_bl_node	c_list;         /* node in conn_tab */

	__u32			hash_key;	/* Key for the hash table */

	/* Protocol, addresses and port numbers */

	__be16                  cport;

	__be16                  dport;

	__be16                  vport;

	u16			af;		/* address family */

	__u16                   protocol;       /* Which protocol (TCP/UDP) */

	__u16			daf;		/* Address family of the dest */

	union nf_inet_addr      caddr;          /* client address */

	union nf_inet_addr      vaddr;          /* virtual address */

	union nf_inet_addr      daddr;          /* destination address */

	volatile __u32          flags;          /* status flags */

	__u16                   protocol;       /* Which protocol (TCP/UDP) */

	__u16			daf;		/* Address family of the dest */

	struct netns_ipvs	*ipvs;

	/* counter and timer */

	int (*fill_param)(struct ip_vs_conn_param *p, struct sk_buff *skb);

	bool (*ct_match)(const struct ip_vs_conn_param *p,

			 struct ip_vs_conn *ct);

	u32 (*hashkey_raw)(const struct ip_vs_conn_param *p, u32 initval,

			   bool inverse);

	u32 (*hashkey_raw)(const struct ip_vs_conn_param *p,

			   struct ip_vs_rht *t, bool inverse);

	int (*show_pe_data)(const struct ip_vs_conn *cp, char *buf);

	/* create connections for real-server outgoing packets */

	struct ip_vs_conn* (*conn_out)(struct ip_vs_service *svc,

	/* ip_vs_conn */

	atomic_t		conn_count;      /* connection counter */

	atomic_t		no_cport_conns[IP_VS_AF_MAX];

	struct delayed_work	conn_resize_work;/* resize conn_tab */

	/* ip_vs_ctl */

	struct ip_vs_stats_rcu	*tot_stats;      /* Statistics & est. */

	int			sysctl_est_nice;	/* kthread nice */

	int			est_stopped;		/* stop tasks */

#endif

	int			sysctl_conn_lfactor;

	int			sysctl_svc_lfactor;

	/* ip_vs_lblc */

	unsigned int		hooks_afmask;	/* &1=AF_INET, &2=AF_INET6 */

	struct ip_vs_rht __rcu	*svc_table;	/* Services */

	struct ip_vs_rht __rcu	*conn_tab;	/* Connections */

	atomic_t		conn_tab_changes;/* ++ on new table */

};

#define DEFAULT_SYNC_THRESHOLD	3

#endif

/* Get load factor to map conn_count/u_thresh to t->size */

static inline int sysctl_conn_lfactor(struct netns_ipvs *ipvs)

{

	return READ_ONCE(ipvs->sysctl_conn_lfactor);

}

/* Get load factor to map num_services/u_thresh to t->size

 * Smaller value decreases u_thresh to reduce collisions but increases

 * the table size

}

void ip_vs_conn_put(struct ip_vs_conn *cp);

void ip_vs_conn_fill_cport(struct ip_vs_conn *cp, __be16 cport);

int ip_vs_conn_desired_size(struct netns_ipvs *ipvs, struct ip_vs_rht *t,

			    int lfactor);

struct ip_vs_rht *ip_vs_conn_tab_alloc(struct netns_ipvs *ipvs, int buckets,

				       int lfactor);

struct ip_vs_conn *ip_vs_conn_new(const struct ip_vs_conn_param *p, int dest_af,

				  const union nf_inet_addr *daddr,

		  struct ip_vs_service **svc_p)

{

	struct ip_vs_scheduler *sched = NULL;

	struct ip_vs_rht *tc_new = NULL;

	struct ip_vs_rht *t, *t_new = NULL;

	int af_id = ip_vs_af_index(u->af);

	struct ip_vs_service *svc = NULL;

		}

	}

	if (!rcu_dereference_protected(ipvs->conn_tab, 1)) {

		int lfactor = sysctl_conn_lfactor(ipvs);

		int new_size = ip_vs_conn_desired_size(ipvs, NULL, lfactor);

		tc_new = ip_vs_conn_tab_alloc(ipvs, new_size, lfactor);

		if (!tc_new) {

			ret = -ENOMEM;

			goto out_err;

		}

	}

	if (!atomic_read(&ipvs->num_services[af_id])) {

		ret = ip_vs_register_hooks(ipvs, u->af);

		if (ret < 0)

		rcu_assign_pointer(ipvs->svc_table, t_new);

		t_new = NULL;

	}

	if (tc_new) {

		rcu_assign_pointer(ipvs->conn_tab, tc_new);

		tc_new = NULL;

	}

	/* Update the virtual service counters */

	if (svc->port == FTPPORT)

 out_err:

	if (tc_new)

		ip_vs_rht_free(tc_new);

	if (t_new)

		ip_vs_rht_free(t_new);

	if (ret_hooks >= 0)

}

static u32 ip_vs_sip_hashkey_raw(const struct ip_vs_conn_param *p,

				 u32 initval, bool inverse)

				 struct ip_vs_rht *t, bool inverse)

{

	return jhash(p->pe_data, p->pe_data_len, initval);

	return jhash(p->pe_data, p->pe_data_len, (u32)t->hash_key.key[0]);

}

static int ip_vs_sip_show_pe_data(const struct ip_vs_conn *cp, char *buf)

	if (!ip_vs_use_count_inc())

		return -ENOPROTOOPT;

	/* Backup server can be started without services just to sync conns,

	 * make sure conn_tab is created even if ipvs->enable is 0.

	 */

	if (state == IP_VS_STATE_BACKUP) {

		mutex_lock(&ipvs->service_mutex);

		if (!rcu_dereference_protected(ipvs->conn_tab, 1)) {

			int lfactor = sysctl_conn_lfactor(ipvs);

			int new_size = ip_vs_conn_desired_size(ipvs, NULL,

							       lfactor);

			struct ip_vs_rht *tc_new;

			tc_new = ip_vs_conn_tab_alloc(ipvs, new_size, lfactor);

			if (!tc_new) {

				mutex_unlock(&ipvs->service_mutex);

				result = -ENOMEM;

				goto out_module;

			}

			rcu_assign_pointer(ipvs->conn_tab, tc_new);

		}

		mutex_unlock(&ipvs->service_mutex);

	}

	/* Do not hold one mutex and then to block on another */

	for (;;) {

		rtnl_lock();

	mutex_unlock(&ipvs->sync_mutex);

	rtnl_unlock();

out_module:

	/* decrease the module use count */

	ip_vs_use_count_dec();

	return result;