Re: [PATCH net-next 1/3] ipvs: allow rs_table to contain different real server types

[Simon Horman <horms@xxxxxxxxxxxx>]

Hi Julian,

On Sun, Mar 31, 2019 at 01:26:19PM +0300, Julian Anastasov wrote:
> Before now rs_table was used only for NAT real servers.
> Change it to allow TUN real severs from different types,
> possibly hashed with different port key.
> 
> Signed-off-by: Julian Anastasov <ja@xxxxxx>

This looks good to me, modulo some nits below.

> ---
>  include/net/ip_vs.h            |  3 +++
>  net/netfilter/ipvs/ip_vs_ctl.c | 43 +++++++++++++++++++++++++++-------
>  2 files changed, 38 insertions(+), 8 deletions(-)
> 
> diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
> index 2ac40135b576..9a8ac8997e34 100644
> --- a/include/net/ip_vs.h
> +++ b/include/net/ip_vs.h
> @@ -1497,6 +1497,9 @@ static inline int ip_vs_todrop(struct netns_ipvs *ipvs)
>  static inline int ip_vs_todrop(struct netns_ipvs *ipvs) { return 0; }
>  #endif
>  
> +#define IP_VS_DFWD_METHOD(dest) (atomic_read(&(dest)->conn_flags) & \
> +                              IP_VS_CONN_F_FWD_MASK)
> +
>  /* ip_vs_fwd_tag returns the forwarding tag of the connection */
>  #define IP_VS_FWD_METHOD(cp)  (cp->flags & IP_VS_CONN_F_FWD_MASK)
>  
> diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
> index 328683452229..7de90c00c8bd 100644
> --- a/net/netfilter/ipvs/ip_vs_ctl.c
> +++ b/net/netfilter/ipvs/ip_vs_ctl.c
> @@ -515,15 +515,36 @@ static inline unsigned int ip_vs_rs_hashkey(int af,
>  static void ip_vs_rs_hash(struct netns_ipvs *ipvs, struct ip_vs_dest *dest)
>  {
>       unsigned int hash;
> +     __be16 port;
>  
>       if (dest->in_rs_table)
>               return;
>  
> +     switch (IP_VS_DFWD_METHOD(dest)) {
> +     case IP_VS_CONN_F_MASQ:
> +             port = dest->port;
> +             break;
> +     case IP_VS_CONN_F_TUNNEL:
> +             switch (dest->tun_type) {
> +             case IP_VS_CONN_F_TUNNEL_TYPE_GUE:
> +                     port = dest->tun_port;
> +                     break;
> +             case IP_VS_CONN_F_TUNNEL_TYPE_IPIP:
> +                     port = 0;
> +                     break;
> +             default:
> +                     return;
> +             }
> +             break;
> +     default:
> +             return;
> +     }
> +
>       /*
>        *      Hash by proto,addr,port,
>        *      which are the parameters of the real service.
>        */
> -     hash = ip_vs_rs_hashkey(dest->af, &dest->addr, dest->port);
> +     hash = ip_vs_rs_hashkey(dest->af, &dest->addr, port);
>  
>       hlist_add_head_rcu(&dest->d_list, &ipvs->rs_table[hash]);
>       dest->in_rs_table = 1;
> @@ -555,7 +576,8 @@ bool ip_vs_has_real_service(struct netns_ipvs *ipvs, int 
> af, __u16 protocol,
>               if (dest->port == dport &&
>                   dest->af == af &&
                    ip_vs_addr_equal(af, &dest->addr, daddr) &&
> -                 (dest->protocol == protocol || dest->vfwmark)) {
> +                 (dest->protocol == protocol || dest->vfwmark) &&
> +                 (IP_VS_DFWD_METHOD(dest) == IP_VS_CONN_F_MASQ)) {

nit: there seem to be unnecessary () on the line above

>                       /* HIT */
>                       return true;
>               }
> @@ -585,7 +607,8 @@ struct ip_vs_dest *ip_vs_find_real_service(struct 
> netns_ipvs *ipvs, int af,
>               if (dest->port == dport &&
>                   dest->af == af &&
>                   ip_vs_addr_equal(af, &dest->addr, daddr) &&
> -                     (dest->protocol == protocol || dest->vfwmark)) {
> +                 (dest->protocol == protocol || dest->vfwmark) &&
> +                 (IP_VS_DFWD_METHOD(dest) == IP_VS_CONN_F_MASQ)) {

ditto

>                       /* HIT */
>                       return dest;
>               }

...