ip_vs实现分析(2)
本文档的Copyleft归yfydz所有,使用GPL发布,可以自由拷贝,转载,转载时请保持文档的完整性,严禁用于任何商业用途。
msn: yfydz_no1@hotmail.com
来源:http://yfydz.cublog.cn
4. 模块初始化
初始化函数先初始化ipvs的各种处理机制,然后将ipvs的处理函数挂接到netfilter架构中。
/* net/ipv4/ipvs/ip_vs_core.c */
{
int ret;
// ioctl初始化
ret = ip_vs_control_init();
if (ret < 0) {
IP_VS_ERR("can't setup control.\n");
goto cleanup_nothing;
}
// 协议初始化
ip_vs_protocol_init();
ret = ip_vs_app_init();
if (ret < 0) {
IP_VS_ERR("can't setup application helper.\n");
goto cleanup_protocol;
}
ret = ip_vs_conn_init();
if (ret < 0) {
IP_VS_ERR("can't setup connection table.\n");
goto cleanup_app;
}
ret = nf_register_hook(&ip_vs_in_ops);
if (ret < 0) {
IP_VS_ERR("can't register in hook.\n");
goto cleanup_conn;
}
if (ret < 0) {
IP_VS_ERR("can't register out hook.\n");
goto cleanup_inops;
}
ret = nf_register_hook(&ip_vs_post_routing_ops);
if (ret < 0) {
IP_VS_ERR("can't register post_routing hook.\n");
goto cleanup_outops;
}
ret = nf_register_hook(&ip_vs_forward_icmp_ops);
if (ret < 0) {
IP_VS_ERR("can't register forward_icmp hook.\n");
goto cleanup_postroutingops;
}
return ret;
// 以下是如果初始化出现失败时依次进行释放
cleanup_postroutingops:
nf_unregister_hook(&ip_vs_post_routing_ops);
cleanup_outops:
nf_unregister_hook(&ip_vs_out_ops);
cleanup_inops:
nf_unregister_hook(&ip_vs_in_ops);
cleanup_conn:
ip_vs_conn_cleanup();
cleanup_app:
ip_vs_app_cleanup();
cleanup_protocol:
ip_vs_protocol_cleanup();
ip_vs_control_cleanup();
cleanup_nothing:
return ret;
}
4.1 ip_vs_control_init
int ip_vs_control_init(void)
{
int ret;
int idx;
ret = nf_register_sockopt(&ip_vs_sockopts);
if (ret) {
IP_VS_ERR("cannot register sockopt.\n");
return ret;
}
proc_net_fops_create("ip_vs", 0, &ip_vs_info_fops);
proc_net_fops_create("ip_vs_stats",0, &ip_vs_stats_fops);
sysctl_header = register_sysctl_table(vs_root_table, 0);
// svc_table是根据协议地址端口等信息进行服务结构struct ip_vs_service查找的HASH表
// svc_fwm_table是根据数据包的nfmark信息进行服务结构struct ip_vs_service查找的HASH表
/* Initialize ip_vs_svc_table, ip_vs_svc_fwm_table, ip_vs_rtable */
for(idx = 0; idx < IP_VS_SVC_TAB_SIZE; idx++) {
INIT_LIST_HEAD(&ip_vs_svc_table[idx]);
INIT_LIST_HEAD(&ip_vs_svc_fwm_table[idx]);
}
// rtable是目的结构struct ip_vs_dest的HASH链表
for(idx = 0; idx < IP_VS_RTAB_SIZE; idx++) {
INIT_LIST_HEAD(&ip_vs_rtable[idx]);
}
memset(&ip_vs_stats, 0, sizeof(ip_vs_stats));
// 统计锁
spin_lock_init(&ip_vs_stats.lock);
// 对当前统计信息建立一个预估器,可用于计算服务器的性能参数
ip_vs_new_estimator(&ip_vs_stats);
// 挂一个定时操作,根据系统当前负载情况定时调整系统参数
schedule_delayed_work(&defense_work, DEFENSE_TIMER_PERIOD);
return 0;
}
4.2 ip_vs_protocol_init
/* net/ipv4/ipvs/ip_vs_proto.c */
int ip_vs_protocol_init(void)
{
// 挂接ipvs能进行均衡处理的各种协议,目前支持TCP/UDP/AH/ESP
// 最好还要增加GRE,在PPTP服务器中使用
char protocols[64];
#define REGISTER_PROTOCOL(p) \
do { \
register_ip_vs_protocol(p); \
strcat(protocols, ", "); \
strcat(protocols, (p)->name); \
} while (0)
protocols[0] = '\0';
protocols[2] = '\0';
#ifdef CONFIG_IP_VS_PROTO_TCP
REGISTER_PROTOCOL(&ip_vs_protocol_tcp);
#endif
#ifdef CONFIG_IP_VS_PROTO_UDP
REGISTER_PROTOCOL(&ip_vs_protocol_udp);
#endif
#ifdef CONFIG_IP_VS_PROTO_AH
REGISTER_PROTOCOL(&ip_vs_protocol_ah);
#endif
#ifdef CONFIG_IP_VS_PROTO_ESP
REGISTER_PROTOCOL(&ip_vs_protocol_esp);
#endif
// 第0,1字符分别为逗号','和空格' ',从第2字符起才是真正数据串
IP_VS_INFO("Registered protocols (%s)\n", &protocols[2]);
}
* register an ipvs protocol
*/
static int register_ip_vs_protocol(struct ip_vs_protocol *pp)
{
unsigned hash = IP_VS_PROTO_HASH(pp->protocol);
pp->next = ip_vs_proto_table[hash];
ip_vs_proto_table[hash] = pp;
if (pp->init != NULL)
pp->init(pp);
}
4.3 ip_vs_app_init
int ip_vs_app_init(void)
{
/* we will replace it with proc_net_ipvs_create() soon */
// 该函数就是建立一个/proc/net/ip_vs_app项
proc_net_fops_create("ip_vs_app", 0, &ip_vs_app_fops);
return 0;
}
4.4 ip_vs_conn_init
int ip_vs_conn_init(void)
{
int idx;
* Allocate the connection hash table and initialize its list heads
*/
// ipvs连接HASH表
ip_vs_conn_tab = vmalloc(IP_VS_CONN_TAB_SIZE*sizeof(struct list_head));
if (!ip_vs_conn_tab)
return -ENOMEM;
// ipvs连接cache,由于使用cache在内存块释放时并不真正释放,而是cache起来,
// 因此重新分配时速度更快
ip_vs_conn_cachep = kmem_cache_create("ip_vs_conn",
sizeof(struct ip_vs_conn), 0,
SLAB_HWCACHE_ALIGN, NULL, NULL);
if (!ip_vs_conn_cachep) {
vfree(ip_vs_conn_tab);
return -ENOMEM;
}
"(size=%d, memory=%ldKbytes)\n",
IP_VS_CONN_TAB_SIZE,
(long)(IP_VS_CONN_TAB_SIZE*sizeof(struct list_head))/1024);
IP_VS_DBG(0, "Each connection entry needs %Zd bytes at least\n",
sizeof(struct ip_vs_conn));
// 初始化各HASH链表头
for (idx = 0; idx < IP_VS_CONN_TAB_SIZE; idx++) {
INIT_LIST_HEAD(&ip_vs_conn_tab[idx]);
}
// 初始化各读写锁
for (idx = 0; idx < CT_LOCKARRAY_SIZE; idx++) {
rwlock_init(&__ip_vs_conntbl_lock_array[idx].l);
}
proc_net_fops_create("ip_vs_conn", 0, &ip_vs_conn_fops);
// 初始随机数
get_random_bytes(&ip_vs_conn_rnd, sizeof(ip_vs_conn_rnd));
}
4.5 netfilter挂接点
nf_hook_ops分别在FORWARD点挂2个, INPUT点和POST_ROUTING点各挂一个
/* net/ipv4/ipvs/ip_vs_core.c */
/* After packet filtering, forward packet through VS/DR, VS/TUN,
or VS/NAT(change destination), so that filtering rules can be
applied to IPVS. */
static struct nf_hook_ops ip_vs_in_ops = {
.hook = ip_vs_in,
.owner = THIS_MODULE,
.pf = PF_INET,
// INPUT点
.hooknum = NF_IP_LOCAL_IN,
// 此优先级低于filter
.priority = 100,
};
ip_vs_in()这个函数对进入本机的包进行处理.
* Check if it's for virtual services, look it up,
* and send it on its way...
*/
static unsigned int
ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = *pskb;
struct iphdr *iph;
struct ip_vs_protocol *pp;
struct ip_vs_conn *cp;
int ret, restart;
int ihl;
* Big tappo: only PACKET_HOST (neither loopback nor mcasts)
* ... don't know why 1st test DOES NOT include 2nd (?)
*/
if (unlikely(skb->pkt_type != PACKET_HOST
|| skb->dev == &loopback_dev || skb->sk)) {
// input不处理目的非本机的包
IP_VS_DBG(12, "packet type=%d proto=%d daddr=%d.%d.%d.%d ignored\n",
skb->pkt_type,
skb->nh.iph->protocol,
NIPQUAD(skb->nh.iph->daddr));
return NF_ACCEPT;
}
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
// 如果是ICMP,可能是指示连接错误的ICMP信息,调用ip_vs_in_icmp进行检查
// 是否是相关的ICMP信息
int related, verdict = ip_vs_in_icmp(pskb, &related, hooknum);
return verdict;
// 非相关ICMP,恢复处理流程
// 但其实ipvs是不均衡ICMP信息的,后面就返回了
skb = *pskb;
iph = skb->nh.iph;
}
// 获取协议支持模块,由于只支持TCP、UDP、AH和ESP,如果是ICMP,返回为NULL
pp = ip_vs_proto_get(iph->protocol);
if (unlikely(!pp))
return NF_ACCEPT;
* Check if the packet belongs to an existing connection entry
*/
// 找到和该skb相关的ipvs连接,类似netfilter的根据tuple查找连接,
// 不过sk_buff结构中没有增加nfct那样能直接指向连接的成员
// 对TCP协议来说是tcp_conn_in_get()
cp = pp->conn_in_get(skb, pp, iph, ihl, 0);
int v;
// 如果没有连接, 表明是新连接, 调用IPVS连接的conn_schedule调度连接分配和处理
// 连接调度要根据调度算法选择一个真实目的服务器,然后建立新的IPVS连接
// 对TCP协议来说是tcp_conn_schedule()
if (!pp->conn_schedule(skb, pp, &v, &cp))
return v;
}
// 这种情况主要是没内存空间了,IPVS没提供主动删除连接的机制
/* sorry, all this trouble for a no-hit :) */
IP_VS_DBG_PKT(12, pp, skb, 0,
"packet continues traversal as normal");
return NF_ACCEPT;
}
if (cp->dest && !(cp->dest->flags & IP_VS_DEST_F_AVAILABLE)) {
/* the destination server is not available */
// 对于目的服务器失效的包丢弃
if (sysctl_ip_vs_expire_nodest_conn) {
/* try to expire the connection immediately */
ip_vs_conn_expire_now(cp);
}
/* don't restart its timer, and silently
drop the packet. */
__ip_vs_conn_put(cp);
return NF_DROP;
}
// 连接信息统计
ip_vs_in_stats(cp, skb);
// 对TCP协议来说是调用tcp_state_transition
restart = ip_vs_set_state(cp, IP_VS_DIR_INPUT, skb, pp);
// 将包发送出去, 具体xmit的实现在ip_vs_xmit.c中实现,
// NAT模式下为 ip_vs_nat_xmit;
// 通道模式下为 ip_vs_tunnel_xmit;
// 直接路由模式下为: ip_vs_dr_xmit;
// 本机数据为: ip_vs_null_xmit;
// 旁路模式下为: ip_vs_bypass_xmit;
// 函数成功时基本都返回NF_STOLEN使netfilter不再处理该包
// 所以对于NAT模式,应该是不需要配置DNAT规则的,请求方向数据也不经过FORWARD链
ret = cp->packet_xmit(skb, cp, pp);
/* do not touch skb anymore */
else {
IP_VS_DBG_RL("warning: packet_xmit is null");
ret = NF_ACCEPT;
}
to be synchronized */
atomic_inc(&cp->in_pkts);
// 连接不丢弃,但还是要有一定条件才进行同步
if ((ip_vs_sync_state & IP_VS_STATE_MASTER) &&
// 同步状态类型为主机
(cp->protocol != IPPROTO_TCP ||
cp->state == IP_VS_TCP_S_ESTABLISHED) &&
// 非TCP连接或是已经建立的连接
(atomic_read(&cp->in_pkts) % sysctl_ip_vs_sync_threshold[1]
== sysctl_ip_vs_sync_threshold[0]))
// 当前连接的包数为N*thres[1]+thres[0]时
// 进行连接的同步
ip_vs_sync_conn(cp);
// 调整连接超时,释放连接计数
ip_vs_conn_put(cp);
return ret;
}
4.5.2 ip_vs_out_ops
/* After packet filtering, change source only for VS/NAT */
static struct nf_hook_ops ip_vs_out_ops = {
.hook = ip_vs_out,
.owner = THIS_MODULE,
.pf = PF_INET,
// FORWARD点
.hooknum = NF_IP_FORWARD,
// 此优先级低于filter
.priority = 100,
};
/* net/ipv4/ipvs/ip_vs_core.c */
* It is hooked at the NF_IP_FORWARD chain, used only for VS/NAT.
* Check if outgoing packet belongs to the established ip_vs_conn,
* rewrite addresses of the packet and send it on its way...
*/
static unsigned int
ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = *pskb;
struct iphdr *iph;
struct ip_vs_protocol *pp;
struct ip_vs_conn *cp;
int ihl;
// 这个标志只占一位
// 标志设上就是已经经过IPVS处理了,直接返回
if (skb->ipvs_property)
return NF_ACCEPT;
if (unlikely(iph->protocol == IPPROTO_ICMP)) {
// 处理可能的连接相关ICMP错误信息,如地址端口不可达等
int related, verdict = ip_vs_out_icmp(pskb, &related);
return verdict;
skb = *pskb;
iph = skb->nh.iph;
}
// 取得IPVS协议, tcp/udp/ah/esp之一
pp = ip_vs_proto_get(iph->protocol);
if (unlikely(!pp))
return NF_ACCEPT;
if (unlikely(iph->frag_off & __constant_htons(IP_MF|IP_OFFSET) &&
!pp->dont_defrag)) {
// 如果是碎片包进行重组,基本不可能,因为数据包进入netfilter时就要进行碎片重组
skb = ip_vs_gather_frags(skb, IP_DEFRAG_VS_OUT);
if (!skb)
return NF_STOLEN;
iph = skb->nh.iph;
*pskb = skb;
}
* Check if the packet belongs to an existing entry
*/
// 查找IPVS连接
cp = pp->conn_out_get(skb, pp, iph, ihl, 0);
// 没找到IPVS连接,可能是请求方向的包经过DNAT过来的
if (sysctl_ip_vs_nat_icmp_send &&
(pp->protocol == IPPROTO_TCP ||
pp->protocol == IPPROTO_UDP)) {
__u16 _ports[2], *pptr;
sizeof(_ports), _ports);
if (pptr == NULL)
return NF_ACCEPT; /* Not for me */
// 用源地址,源端口来查真实服务器结构,如果是请求方向是找不到的
// 这种情况下数据包就不再被IPVS处理
if (ip_vs_lookup_real_service(iph->protocol,
iph->saddr, pptr[0])) {
/*
* Notify the real server: there is no
* existing entry if it is not RST
* packet or not TCP packet.
*/
if (iph->protocol != IPPROTO_TCP
|| !is_tcp_reset(skb)) {
icmp_send(skb,ICMP_DEST_UNREACH,
ICMP_PORT_UNREACH, 0);
return NF_DROP;
}
}
}
IP_VS_DBG_PKT(12, pp, skb, 0,
"packet continues traversal as normal");
return NF_ACCEPT;
}
// 找到连接,该包是服务器的回应包
IP_VS_DBG_PKT(11, pp, skb, 0, "Outgoing packet");
// skb数据包要求是可写的
if (!ip_vs_make_skb_writable(pskb, ihl))
goto drop;
// 修改协议部分信息,如TCP、UDP的端口
if (pp->snat_handler && !pp->snat_handler(pskb, pp, cp))
goto drop;
// 修改源地址, 由于是服务器的返回包,只修改源地址
skb = *pskb;
skb->nh.iph->saddr = cp->vaddr;
ip_send_check(skb->nh.iph);
ip_vs_out_stats(cp, skb);
ip_vs_set_state(cp, IP_VS_DIR_OUTPUT, skb, pp);
ip_vs_conn_put(cp);
skb->ipvs_property = 1;
return NF_ACCEPT;
ip_vs_conn_put(cp);
kfree_skb(*pskb);
return NF_STOLEN;
}
4.5.3 ip_vs_post_routing_ops
/* Before the netfilter connection tracking, exit from POST_ROUTING */
static struct nf_hook_ops ip_vs_post_routing_ops = {
.hook = ip_vs_post_routing,
.owner = THIS_MODULE,
.pf = PF_INET,
// POSTROUTING点
.hooknum = NF_IP_POST_ROUTING,
// 在源NAT之前进行
.priority = NF_IP_PRI_NAT_SRC-1,
};
ip_vs_post_routing()这个函数对最后要发出的包进行检查,这个包是经过FORWARD链的,源地址已经被IPVS修改过了,不用再被netfilter进行修改。如果是IPVS处理过的包,直接跳出POSTROUTING点, 不再继续可能的该点的更低优先级的hook点操作,即不用进行netfilter标准的SNAT操作。
/* net/ipv4/ipvs/ip_vs_core.c */
* It is hooked before NF_IP_PRI_NAT_SRC at the NF_IP_POST_ROUTING
* chain, and is used for VS/NAT.
* It detects packets for VS/NAT connections and sends the packets
* immediately. This can avoid that iptable_nat mangles the packets
* for VS/NAT.
*/
static unsigned int ip_vs_post_routing(unsigned int hooknum,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
// 如果没被IPVS处理过,继续后续hook点操作
if (!((*pskb)->ipvs_property))
return NF_ACCEPT;
/* The packet was sent from IPVS, exit this chain */
// NF_STOP和NF_ACCEPT的区别就是STOP就不继续后面的低优先级的hook_ops的操作了
return NF_STOP;
}
4.5.4 ip_vs_forward_icmp_ops
/* After packet filtering (but before ip_vs_out_icmp), catch icmp
destined for 0.0.0.0/0, which is for incoming IPVS connections */
static struct nf_hook_ops ip_vs_forward_icmp_ops = {
.hook = ip_vs_forward_icmp,
.owner = THIS_MODULE,
.pf = PF_INET,
// FORWARD点
.hooknum = NF_IP_FORWARD,
// 在ip_vs_out_ops之前进行
.priority = 99,
};
/* net/ipv4/ipvs/ip_vs_core.c */
* It is hooked at the NF_IP_FORWARD chain, in order to catch ICMP
* related packets destined for 0.0.0.0/0.
* When fwmark-based virtual service is used, such as transparent
* cache cluster, TCP packets can be marked and routed to ip_vs_in,
* but ICMP destined for 0.0.0.0/0 cannot not be easily marked and
* sent to ip_vs_in_icmp. So, catch them at the NF_IP_FORWARD chain
* and send them to ip_vs_in_icmp.
*/
static unsigned int
ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff **pskb,
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
int r;
return NF_ACCEPT;
// 实际调用ip_vs_in_icmp()来处理数据包
return ip_vs_in_icmp(pskb, &r, hooknum);
}
/*
* Handle ICMP messages in the outside-to-inside direction (incoming).
* Find any that might be relevant, check against existing connections,
* forward to the right destination host if relevant.
* Currently handles error types - unreachable, quench, ttl exceeded.
*/
static int
ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
{
struct sk_buff *skb = *pskb;
struct iphdr *iph;
struct icmphdr _icmph, *ic;
struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */
struct ip_vs_conn *cp;
struct ip_vs_protocol *pp;
unsigned int offset, ihl, verdict;
*related = 1;
if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) {
// 进行碎片重组
skb = ip_vs_gather_frags(skb,
hooknum == NF_IP_LOCAL_IN ?
IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD);
if (!skb)
return NF_STOLEN;
*pskb = skb;
}
offset = ihl = iph->ihl * 4;
ic = skb_header_pointer(skb, offset, sizeof(_icmph), &_icmph);
if (ic == NULL)
return NF_DROP;
ic->type, ntohs(icmp_id(ic)),
NIPQUAD(iph->saddr), NIPQUAD(iph->daddr));
* Work through seeing if this is for us.
* These checks are supposed to be in an order that means easy
* things are checked first to speed up processing.... however
* this means that some packets will manage to get a long way
* down this stack and then be rejected, but that's life.
*/
if ((ic->type != ICMP_DEST_UNREACH) &&
(ic->type != ICMP_SOURCE_QUENCH) &&
(ic->type != ICMP_TIME_EXCEEDED)) {
// 如果不是这三种ICMP信息,则该skb与IPVS无关
*related = 0;
return NF_ACCEPT;
}
offset += sizeof(_icmph);
cih = skb_header_pointer(skb, offset, sizeof(_ciph), &_ciph);
if (cih == NULL)
return NF_ACCEPT; /* The packet looks wrong, ignore */
// 找的是ICMP信息中包含的原始包中的协议,而不是ICMP
pp = ip_vs_proto_get(cih->protocol);
if (!pp)
return NF_ACCEPT;
// 如果是碎片不处理直接返回
if (unlikely(cih->frag_off & __constant_htons(IP_OFFSET) &&
pp->dont_defrag))
return NF_ACCEPT;
// 查找IPVS连接
cp = pp->conn_in_get(skb, pp, cih, offset, 1);
if (!cp)
return NF_ACCEPT;
verdict = NF_DROP;
if (skb->ip_summed != CHECKSUM_UNNECESSARY &&
// 检查一下IP头的校验和
ip_vs_checksum_complete(skb, ihl)) {
/* Failed checksum! */
IP_VS_DBG(1, "Incoming ICMP: failed checksum from %d.%d.%d.%d!\n",
NIPQUAD(iph->saddr));
goto out;
}
// 进行输入统计
ip_vs_in_stats(cp, skb);
// 如果内部协议是TCP/UDP,发送偏移量要包括前4个字节: 源端口和目的端口
if (IPPROTO_TCP == cih->protocol || IPPROTO_UDP == cih->protocol)
offset += 2 * sizeof(__u16);
// 发送ICMP
verdict = ip_vs_icmp_xmit(skb, cp, pp, offset);
/* do not touch skb anymore */
__ip_vs_conn_put(cp);
}
* ICMP packet transmitter
* called by the ip_vs_in_icmp
*/
int
ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
struct ip_vs_protocol *pp, int offset)
{
struct rtable *rt; /* Route to the other host */
int mtu;
int rc;
forwarded directly here, because there is no need to
translate address/port back */
if (IP_VS_FWD_METHOD(cp) != IP_VS_CONN_F_MASQ) {
// 如果不是NAT情况的IPVS连接, 即是TUNNEL或DR,直接调用连接的发送函数发送
if (cp->packet_xmit)
rc = cp->packet_xmit(skb, cp, pp);
else
rc = NF_ACCEPT;
/* do not touch skb anymore */
atomic_inc(&cp->in_pkts);
goto out;
}
* mangle and send the packet here (only for VS/NAT)
*/
// 查找路由
if (!(rt = __ip_vs_get_out_rt(cp, RT_TOS(skb->nh.iph->tos))))
goto tx_error_icmp;
mtu = dst_mtu(&rt->u.dst);
if ((skb->len > mtu) && (skb->nh.iph->frag_off&__constant_htons(IP_DF))) {
// 数据包过长超过MTU,但又是不允许分片的,发送ICMP出错包
ip_rt_put(rt);
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
IP_VS_DBG_RL("ip_vs_in_icmp(): frag needed\n");
goto tx_error;
}
// 让skb可写
if (!ip_vs_make_skb_writable(&skb, offset))
goto tx_error_put;
if (skb_cow(skb, rt->u.dst.dev->hard_header_len))
goto tx_error_put;
dst_release(skb->dst);
skb->dst = &rt->u.dst;
// 修改ICMP包
ip_vs_nat_icmp(skb, pp, cp, 0);
skb->local_df = 1;
IP_VS_XMIT(skb, rt);
rc = NF_STOLEN;
goto out;
dst_link_failure(skb);
tx_error:
dev_kfree_skb(skb);
rc = NF_STOLEN;
out:
LeaveFunction(10);
return rc;
tx_error_put:
ip_rt_put(rt);
goto tx_error;
}
ip_vs实现分析(2)相关推荐
- ip_vs实现分析(7)
本文档的Copyleft归yfydz所有,使用GPL发布,可以自由拷贝,转载,转载时请保持文档的完整性,严禁用于任何商业用途. msn: yfydz_no1@hotmail.com 来源:http:/ ...
- 使用Kubeadm来搭建k8s-v1.18.2(包含所有错误集锦分析)
k8s的搭建 使用 Kubeadm来搭建master集群,⽬前所安装的版本是 v1.18.2 欢迎运维萌新大佬等进群,涵盖业务运维.应用运维.系统运维.网络运维.数据库运维.桌面运维.运维开发等,地区 ...
- K8S kube-proxy ipvs 原理分析
1 在k8s 设置ipvs模式 1.1 Perquisites 1.2 修改kube-proxy 启动参数 2 ipvs kube-proxy原理分析 2.1 集群内部发送出去的packet通过clu ...
- 【Golang源码分析】Go Web常用程序包gorilla/mux的使用与源码简析
目录[阅读时间:约10分钟] 一.概述 二.对比: gorilla/mux与net/http DefaultServeMux 三.简单使用 四.源码简析 1.NewRouter函数 2.HandleF ...
- 2022-2028年中国自动驾驶系统行业现状调研分析报告
[报告类型]产业研究 [报告价格]4500起 [出版时间]即时更新(交付时间约3个工作日) [发布机构]智研瞻产业研究院 [报告格式]PDF版 本报告介绍了中国自动驾驶系统行业市场行业相关概述.中国自 ...
- 2022-2028年中国阻尼涂料市场研究及前瞻分析报告
[报告类型]产业研究 [报告价格]4500起 [出版时间]即时更新(交付时间约3个工作日) [发布机构]智研瞻产业研究院 [报告格式]PDF版 本报告介绍了中国阻尼涂料行业市场行业相关概述.中国阻尼涂 ...
- 2021-2028年中国阻燃装饰行业市场需求与投资规划分析报告
[报告类型]产业研究 [报告价格]4500起 [出版时间]即时更新(交付时间约3个工作日) [发布机构]智研瞻产业研究院 [报告格式]PDF版 本报告介绍了中国阻燃装饰行业市场行业相关概述.中国阻燃装 ...
- 2022-2028年全球与中国漂白吸水棉市场研究及前瞻分析报告
[报告类型]产业研究 [报告价格]4500起 [出版时间]即时更新(交付时间约3个工作日) [发布机构]智研瞻产业研究院 [报告格式]PDF版 本报告介绍了全球与中国漂白吸水棉行业市场行业相关概述.全 ...
- 2022-2028年全球与中国青苔清洗剂市场研究及前瞻分析报告
[报告类型]产业研究 [报告价格]4500起 [出版时间]即时更新(交付时间约3个工作日) [发布机构]智研瞻产业研究院 [报告格式]PDF版 本报告介绍了全球与中国青苔清洗剂行业市场行业相关概述.全 ...
最新文章
- 【自然框架】——思路、结构、特点的介绍(初稿,欢迎大家多提意见)
- bootstrap 标签页tab切换js(含报错原因)
- frame或者iframe的contentwindow属性
- 最大学术出版商妥协!与挪威46所机构签协议,90%出版物免费阅读
- 如何理解create_singlethread_workqueue是严格按照顺序执行的
- php 导出文件另行指定路径,生成excel文件到指定目录的函数php类库
- Linux密码忘了怎么办!
- 0动态规划中等 LeetCode97. 交错字符串
- python编写简单漏洞扫描器(通过实别服务版本号)
- osm地图数据 mysql_一种OSM地图数据中路网交叉口节点自动合并方法与流程
- Aria2-不限速全平台下载利器
- 制作一份手机录屏的 GIF 动态图片
- Business English-Unit 4 Memos -B
- IP地址冲突怎么办? 如何解决局域网IP地址冲突?
- mysql关系图查看
- Java_题目_面向对象文字花钱格斗游戏
- java.lang.RuntimeException:Canvas: trying to use a recycled bitmap
- oracle 中文导入 乱码 ZHS16GBK AL32UTF8
- 计算机语言学专业排名,2019QS世界大学学科排名,澳洲语言学专业排名Top200
- 个人比较喜欢的flash小游戏
热门文章
- hdu 2141 Can you find it? hdu1597 find the nth digit
- Web服務器的配置方法
- ARM(IMX6U)裸机按键输入实验(BSP+SDK、GPIO输入与输出、按键消抖)
- 全国计算机等级考试题库二级C操作题100套(第06套)
- android二分查找法简书,【PYTHON】二分查找算法
- python变量的输入
- 唐山师范学院计算机考试,[河北]唐山师范学院2017年3月计算机一级考试报名时间...
- MYSQL的函数有哪些?(4.1时间与日期函数)
- 电脑卡顿,最先升级这个硬件,运行速度可快速提升!
- Github上排名前五的开源网络监控工具