add snat gateway support for lvs_v2

kernel/.config

@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.32
-# Mon Feb 20 19:35:45 2012
+# Mon Jun 30 15:19:27 2014
 #
 CONFIG_64BIT=y
 # CONFIG_X86_32 is not set
@@ -763,6 +763,7 @@ CONFIG_IP_VS_PROTO_UDP=y
 CONFIG_IP_VS_PROTO_AH_ESP=y
 CONFIG_IP_VS_PROTO_ESP=y
 CONFIG_IP_VS_PROTO_AH=y
+CONFIG_IP_VS_PROTO_ICMP=y
 
 #
 # IPVS scheduler
@@ -777,6 +778,7 @@ CONFIG_IP_VS_DH=m
 CONFIG_IP_VS_SH=m
 CONFIG_IP_VS_SED=m
 CONFIG_IP_VS_NQ=m
+CONFIG_IP_VS_SNAT_SCHED=m
 
 #
 # IPVS application helper

kernel/include/linux/ip_vs.h

@@ -8,7 +8,7 @@
 
 #include <linux/types.h>	/* For __beXX types in userland */
 
-#define IP_VS_VERSION_CODE	0x010201
+#define IP_VS_VERSION_CODE	0x010202
 #define NVERSION(version)			\
 	(version >> 16) & 0xFF,			\
 	(version >> 8) & 0xFF,			\
@@ -57,7 +57,10 @@
 #define IP_VS_SO_SET_ZERO	(IP_VS_BASE_CTL+15)
 #define IP_VS_SO_SET_ADDLADDR	(IP_VS_BASE_CTL+16)
 #define IP_VS_SO_SET_DELLADDR	(IP_VS_BASE_CTL+17)
-#define IP_VS_SO_SET_MAX	IP_VS_SO_SET_DELLADDR
+#define IP_VS_SO_SET_ADDSNAT (IP_VS_BASE_CTL + 18)
+#define IP_VS_SO_SET_DELSNAT (IP_VS_BASE_CTL + 19)
+#define IP_VS_SO_SET_EDITSNAT (IP_VS_BASE_CTL + 20)
+#define IP_VS_SO_SET_MAX	 IP_VS_SO_SET_EDITSNAT	
 
 #define IP_VS_SO_GET_VERSION	IP_VS_BASE_CTL
 #define IP_VS_SO_GET_INFO	(IP_VS_BASE_CTL+1)
@@ -68,7 +71,8 @@
 #define IP_VS_SO_GET_TIMEOUT	(IP_VS_BASE_CTL+6)
 #define IP_VS_SO_GET_DAEMON	(IP_VS_BASE_CTL+7)
 #define IP_VS_SO_GET_LADDRS	(IP_VS_BASE_CTL+8)
-#define IP_VS_SO_GET_MAX	IP_VS_SO_GET_LADDRS
+#define IP_VS_SO_GET_SNAT (IP_VS_BASE_CTL + 9) /* not used now */
+#define IP_VS_SO_GET_MAX	 IP_VS_SO_GET_SNAT
 
 /*
  *      IPVS Connection Flags
@@ -127,6 +131,26 @@ struct ip_vs_dest_user {
 	__u32 l_threshold;	/* lower threshold */
 };
 
+/* SNAT ip pool select algorithm */
+enum {
+	IPVS_SNAT_IPS_NORMAL = 0, /* src-ip/dst-ip */
+	IPVS_SNAT_IPS_PERSITENT,  /* src-ip */
+	IPVS_SNAT_IPS_RANDOM,     /* src-ip/dst-ip/src-port */
+};
+
+struct ip_vs_dest_snat_user {
+	__be32 saddr; /* SNAT source address */
+	__be16 smask; /* SNAT source network mask */
+	__be32 daddr; /* SNAT dest address */
+	__be16 dmask; /* SNAT dest network mask */
+	__be32 gw; /* SNAT orign gateway */
+	__be32 min_source_ip, max_source_ip; /* SNAT ip pool */
+	__u8 algo; /* SNAT ip pool select algorithm */
+	unsigned conn_flags;
+	__be32 new_gw; /* SNAT new next gateway */
+	char out_dev[IP_VS_IFNAME_MAXLEN];
+};
+
 struct ip_vs_laddr_user {
 	__be32 addr;		/* ipv4 address */
 };
@@ -313,6 +337,11 @@ enum {
 	IPVS_CMD_DEL_LADDR,	/* del local address */
 	IPVS_CMD_GET_LADDR,	/* dump local address */
 
+	IPVS_CMD_NEW_SNATDEST, /* add snat rule */
+	IPVS_CMD_SET_SNATDEST,  /* edit snat rule */
+	IPVS_CMD_DEL_SNATDEST, /* del snat rule */
+	IPVS_CMD_GET_SNATDEST, /* dump snat rule */
+
 	__IPVS_CMD_MAX,
 };
 
@@ -328,10 +357,11 @@ enum {
 	IPVS_CMD_ATTR_TIMEOUT_TCP_FIN,	/* TCP FIN wait timeout */
 	IPVS_CMD_ATTR_TIMEOUT_UDP,	/* UDP timeout */
 	IPVS_CMD_ATTR_LADDR,	/* nested local address attribute */
+	IPVS_CMD_ATTR_SNATDEST,  /* nested snat rule attribute */
 	__IPVS_CMD_ATTR_MAX,
 };
 
-#define IPVS_CMD_ATTR_MAX (__IPVS_SVC_ATTR_MAX - 1)
+#define IPVS_CMD_ATTR_MAX (__IPVS_CMD_ATTR_MAX - 1)
 
 /*
  * Attributes used to describe a service
@@ -352,6 +382,7 @@ enum {
 	IPVS_SVC_ATTR_NETMASK,	/* persistent netmask */
 
 	IPVS_SVC_ATTR_STATS,	/* nested attribute for service stats */
+
 	__IPVS_SVC_ATTR_MAX,
 };
 
@@ -378,16 +409,42 @@ enum {
 	IPVS_DEST_ATTR_PERSIST_CONNS,	/* persistent connections */
 
 	IPVS_DEST_ATTR_STATS,	/* nested attribute for dest stats */
+
+	IPVS_DEST_ATTR_SNATRULE, /* nested attribute for dest snat rule */
+
 	__IPVS_DEST_ATTR_MAX,
 };
 
 #define IPVS_DEST_ATTR_MAX (__IPVS_DEST_ATTR_MAX - 1)
 
-/*
- *  * Attirbutes used to describe a local address
- *   *
- *    */
 
+/**
+	* Attribute used to describe a snat dest (snat rule)
+	* Used inside nested attribute IPVS_CMD_ATTR_SNATDEST and IPVS_DEST_ATTR_SNATRULE
+	*/
+enum {
+	IPVS_SNAT_DEST_ATTR_UNSPEC = 0,
+	IPVS_SNAT_DEST_ATTR_FADDR,
+	IPVS_SNAT_DEST_ATTR_FMASK,
+	IPVS_SNAT_DEST_ATTR_DADDR,
+	IPVS_SNAT_DEST_ATTR_DMASK,
+	IPVS_SNAT_DEST_ATTR_GW,
+	IPVS_SNAT_DEST_ATTR_MINIP,
+	IPVS_SNAT_DEST_ATTR_MAXIP,
+	IPVS_SNAT_DEST_ATTR_ALGO,
+	IPVS_SNAT_DEST_ATTR_NEWGW,
+	IPVS_SNAT_DEST_ATTR_CONNFLAG,
+	IPVS_SNAT_DEST_ATTR_OUTDEV,
+
+	__IPVS_SNAT_DEST_ATTR_MAX,
+};
+
+#define IPVS_SNAT_DEST_ATTR_MAX (__IPVS_SNAT_DEST_ATTR_MAX - 1)
+
+
+/*
+ * Attirbutes used to describe a local address
+ */
 enum {
 	IPVS_LADDR_ATTR_UNSPEC = 0,
 	IPVS_LADDR_ATTR_ADDR,
@@ -447,3 +504,4 @@ enum {
 #define IPVS_INFO_ATTR_MAX (__IPVS_INFO_ATTR_MAX - 1)
 
 #endif				/* _IP_VS_H */
+

kernel/include/net/ip_vs.h

@@ -426,6 +426,9 @@ struct ip_vs_conn {
 	struct net_device	*indev;
 	unsigned char		src_hwaddr[MAX_ADDR_LEN];
 	unsigned char		dst_hwaddr[MAX_ADDR_LEN];
+	struct net_device	*dev_inside;
+	unsigned char		src_hwaddr_inside[ETH_ALEN];
+	unsigned char		dst_hwaddr_inside[ETH_ALEN];
 };
 
 /*
@@ -465,6 +468,20 @@ struct ip_vs_dest_user_kern {
 	u32 l_threshold;	/* lower threshold */
 };
 
+struct ip_vs_snat_dest_user_kern {
+	//struct ip_vs_dest_user_kern dest;    
+	union nf_inet_addr saddr; /* source address */    
+	u32 smask; /* soure network mask */    
+	union nf_inet_addr daddr; /* dest address */   
+	u32 dmask; /* dest network mask */   
+	union nf_inet_addr  gw;/* isp gateway */    
+	union nf_inet_addr minip, maxip; /* snat ip */    
+	u8 algo; /* snat source ip address choice algo */    
+	union nf_inet_addr new_gw; /* dest gateway */   
+	unsigned conn_flags; /* connection flags */    
+	char out_dev[IP_VS_IFNAME_MAXLEN];
+};
+
 struct ip_vs_laddr_user_kern {
 	union nf_inet_addr addr;	/* ip address */
 };
@@ -545,6 +562,33 @@ struct ip_vs_dest {
 	__u32 vfwmark;		/* firewall mark of service */
 };
 
+struct ip_vs_dest_snat {
+	struct ip_vs_dest dest;
+
+	/* snat rule */
+	union nf_inet_addr saddr;
+	union nf_inet_addr smask;
+	union nf_inet_addr daddr;
+	union nf_inet_addr dmask;
+	union nf_inet_addr minip, maxip; /* snat ip */
+	u8 ip_sel_algo;
+	union nf_inet_addr new_gateway;
+	char out_dev[IP_VS_IFNAME_MAXLEN];
+	unsigned char out_dev_mask[IP_VS_IFNAME_MAXLEN];
+	struct list_head rule_list;
+};
+
+#define IS_SNAT_CP(cp) ((cp)->dest && \
+			 (cp)->dest->svc && \
+			 (cp)->dest->svc->fwmark == 1)
+
+#define NOT_SNAT_CP(cp) (!(cp)->dest || \
+			  !(cp)->dest->svc || \
+			  (cp)->dest->svc->fwmark != 1)
+
+#define IS_SNAT_SVC(svc) ((svc)->fwmark == 1)
+#define NOT_SNAT_SVC(svc) ((svc)->fwmark != 1)
+
 /*
  *	Local ip address object, now only used in FULL NAT model
  */
@@ -707,10 +751,15 @@ enum {
 	DEFENCE_UDP_DROP,
 	FAST_XMIT_REJECT,
 	FAST_XMIT_PASS,
+	FAST_XMIT_FAILED,
 	FAST_XMIT_SKB_COPY,
 	FAST_XMIT_NO_MAC,
 	FAST_XMIT_SYNPROXY_SAVE,
 	FAST_XMIT_DEV_LOST,
+	FAST_XMIT_REJECT_INSIDE,
+	FAST_XMIT_PASS_INSIDE,
+	FAST_XMIT_FAILED_INSIDE,
+	FAST_XMIT_SYNPROXY_SAVE_INSIDE,
 	RST_IN_SYN_SENT,
 	RST_OUT_SYN_SENT,
 	RST_IN_ESTABLISHED,
@@ -955,6 +1004,7 @@ extern int sysctl_ip_vs_tcp_drop_entry;
 extern int sysctl_ip_vs_udp_drop_entry;
 extern int sysctl_ip_vs_conn_expire_tcp_rst;
 extern int sysctl_ip_vs_fast_xmit;
+extern int sysctl_ip_vs_fast_xmit_inside;
 
 extern struct ip_vs_service *ip_vs_service_get(int af, __u32 fwmark,
 					       __u16 protocol,
@@ -1056,6 +1106,9 @@ extern int ip_vs_fnat_response_icmp_xmit(struct sk_buff *skb,
 					 struct ip_vs_protocol *pp,
 					 struct ip_vs_conn *cp, int offset);
 
+extern int ip_vs_snat_out_xmit
+	(struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
+
 #ifdef CONFIG_IP_VS_IPV6
 extern int ip_vs_bypass_xmit_v6
     (struct sk_buff *skb, struct ip_vs_conn *cp, struct ip_vs_protocol *pp);

kernel/net/netfilter/ipvs/Kconfig

@@ -100,6 +100,12 @@ config	IP_VS_PROTO_AH
 	  This option enables support for load balancing AH (Authentication
 	  Header) transport protocol. Say Y if unsure.
 
+config	IP_VS_PROTO_ICMP
+	bool "ICMP snat gateway support"
+	---help---
+	  This option enables support for snat gateway ICMP transport
+	  protocol. Say Y if unsure.
+
 comment "IPVS scheduler"
 
 config	IP_VS_RR
@@ -222,6 +228,14 @@ config	IP_VS_NQ
 	  If you want to compile it in kernel, say Y. To compile it as a
 	  module, choose M here. If unsure, say N.
 
+config	IP_VS_SNAT_SCHED
+	tristate "snat gateway scheduling"
+	---help---
+	  The snat-gateway scheduling match rules like iptables`s rules. 
+
+	  If you want to compile it in kernel, say Y. To compile it as a
+	  module, choose M here. If unsure, say N.
+
 comment 'IPVS application helper'
 
 config	IP_VS_FTP

kernel/net/netfilter/ipvs/Makefile

@@ -4,6 +4,7 @@
 
 # IPVS transport protocol load balancing support
 ip_vs_proto-objs-y :=
+ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_ICMP) += ip_vs_proto_icmp.o
 ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_TCP) += ip_vs_proto_tcp.o
 ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_UDP) += ip_vs_proto_udp.o
 ip_vs_proto-objs-$(CONFIG_IP_VS_PROTO_AH_ESP) += ip_vs_proto_ah_esp.o
@@ -29,6 +30,7 @@ obj-$(CONFIG_IP_VS_DH) += ip_vs_dh.o
 obj-$(CONFIG_IP_VS_SH) += ip_vs_sh.o
 obj-$(CONFIG_IP_VS_SED) += ip_vs_sed.o
 obj-$(CONFIG_IP_VS_NQ) += ip_vs_nq.o
+obj-$(CONFIG_IP_VS_SNAT_SCHED) += ip_vs_snat_sched.o
 
 # IPVS application helpers
 obj-$(CONFIG_IP_VS_FTP) += ip_vs_ftp.o