3 重要数据结构
这里重点介绍其中用到的三个数据结构,
3.1 ip_vs_conn
- /*
- * IP_VS structure allocated for each dynamically scheduled connection每一个动态的连接会
- 有一个ip_vs_conn结构,它包含客户端,IPVS,RealServer的地址和端口信息*/
- struct ip_vs_conn {
- struct list_head c_list; /* hashed list heads */
- /* Protocol, addresses and port numbers */
- u16 af; /* address family */
- union nf_inet_addr caddr; /* client address */
- union nf_inet_addr vaddr; /* virtual address */
- union nf_inet_addr daddr; /* destination address */
- __be16 cport; /*客户端的端口*/
- __be16 vport; /*IPVS的端口*/
- __be16 dport; /*RS的端口*/
- __u16 protocol; /* Which protocol (TCP/UDP)协议号 */
- /* counter and timer ip_vs_conn对象的使用计数。其初值为1,__ip_vs_conn_in_get/__ip_vs_conn_put成对调用 */
- atomic_t refcnt; /* reference count */
- struct timer_list timer; /* Expiration timerip_vs_conn对象的生存期,当timer到期时,对象被销毁 */
- volatile unsigned long timeout; /* timeoutip_vs_conn对象动态的超时时间,每当对象操作完毕,timeout值用来更新timer,以延长对象的生存期。timeout受连接状态等的影响 */
- /* Flags and state transition */
- spinlock_t lock; /* lock for state transition */
- volatile __u16 flags; /* status flags */
- volatile __u16 state; /* state info */
- volatile __u16 old_state; /* old state, to be used for
- * state transition triggerd
- * synchronization
- */
- /* Control members */
- struct ip_vs_conn *control; /* Master control connection */
- atomic_t n_control; /* Number of controlled ones */
- struct ip_vs_dest *dest; /* real server 指向此连接对象对应的ip_vs_dest对象*/
- atomic_t in_pkts; /* incoming packet counter */
- /* packet transmitter for different forwarding methods. If it
- mangles the packet, it must return NF_DROP or better NF_STOLEN,
- otherwise this must be changed to a sk_buff **.
- */
- int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp,
- struct ip_vs_protocol *pp); /*不同的发包函数,三种模式对应三个不同的发包函数*/
- /* Note: we can group the following members into a structure,
- in order to save more space, and the following members are
- only used in VS/NAT anyway */
- struct ip_vs_app *app; /* bound ip_vs_app object */
- void *app_data; /* Application private data */
- struct ip_vs_seq in_seq; /* incoming seq. struct */
- struct ip_vs_seq out_seq; /* outgoing seq. struct */
- };
3.2 ip_vs_dest
- /*
- * The real server destination forwarding entry
- * with ip address, port number, and so on.该结构体主要描述的是real server的相关信息,也是ipvsdm配置的到内核的相关信息
- */
- struct ip_vs_dest {
- struct list_head n_list; /* for the dests in the service */
- struct list_head d_list; /* for table with all the dests t是全局hash链表ip_vs_rtable的一个节点*/
- u16 af; /* address family 地址的协议族 AF_INET/AF_INET6 */
- union nf_inet_addr addr; /* IP address of the server Real Server 的地址 */
- __be16 port; /* port number of the server Real Server 端口号 */
- /*ip_vs_dest对象的状态标志位,IP_VS_DEST_F_AVAILABLE表示此真实服务器可用,IP_VS_DEST_F_OVERLOAD表示此真实服务器超负荷。*/
- volatile unsigned flags; /* dest status flags */
- /*ip_vs_dest对象的连接标志位。这些标志位本身不是用来标示 ip_vs_dest对象的,而是由ip_vs_dest对象创建ip_vs_conn对象时,赋给后者的。IP_VS_CONN_F_MASQ、 IP_VS_CONN_F_TUNNEL和IP_VS_CONN_F_DROUTE,分别代表NAT、TUN和DR三种模式*/
- atomic_t conn_flags; /* flags to copy to conn */
- atomic_t weight; /* server weight 权重用于调度*/
- /*ip_vs_dest对象的引用计数,初值为0,当对象被加入链表或从链表删除,或者被ip_vs_conn对象引用时,refcnt相应地增或减1*/
- atomic_t refcnt; /* reference counter */
- struct ip_vs_stats stats; /* statistics */
- /* connection counters and thresholds 连接的统计和阈值 */
- atomic_t activeconns; /* active connections */
- atomic_t inactconns; /* inactive connections */
- atomic_t persistconns; /* persistent connections */
- __u32 u_threshold; /* upper threshold */
- __u32 l_threshold; /* lower threshold */
- /* for destination cache */
- spinlock_t dst_lock; /* lock of dst_cache */
- struct dst_entry *dst_cache; /* destination cache entry */
- u32 dst_rtos; /* RT_TOS(tos) for dst */
- /* for virtual service LVS的相关信息*/
- struct ip_vs_service *svc; /* service it belongs to */
- __u16 protocol; /* which protocol (TCP/UDP) */
- union nf_inet_addr vaddr; /* virtual IP address */
- __be16 vport; /* virtual port number */
- __u32 vfwmark; /* firewall mark of service 防火墙标志*/
- };
3. 3 ip_vs_service_user_kern
下面这个结构体主要是用户空间向内核空间发送IPVS Server的相关配置。- struct ip_vs_service_user_kern {
- /* virtual service addresses */
- u16 af;
- u16 protocol;
- union nf_inet_addr addr; /* virtual ip address */
- u16 port;
- u32 fwmark; /* firwall mark of service */
- /* virtual service options */
- char *sched_name;
- unsigned flags; /* virtual service flags */
- unsigned timeout; /* persistent timeout in sec */
- u32 netmask; /* persistent netmask */
- };
3.4 ip_vs_dest_user_kern
下面这个结构主要是用户空间向内核空间发送Real Server的相关数据使用。点击(此处)折叠或打开
- struct ip_vs_dest_user_kern {
- /* destination server address */
- union nf_inet_addr addr;
- u16 port;
- /* real server options */
- unsigned conn_flags; /* connection flags */
- int weight; /* destination weight */
- /* thresholds for active connections */
- u32 u_threshold; /* upper threshold */
- u32 l_threshold; /* lower threshold */
- };
3.5 ip_vs_service
点击(此处)折叠或打开
- /*
- * The information about the virtual service offered to the net
- * and the forwarding entries
- */
- struct ip_vs_service {
- /*s_list是全局hash链表ip_vs_svc_table的一个节点 static struct list_head ip_vs_svc_table[IP_VS_SVC_TAB_SIZE]; 它是一个数组,每个成员是一个链表头。将ip_vs_service对象的协议类型、地址和端口进行hash,hash值作为数组下标,然后将此对象置入数组成员对应的链表中。*/
- struct list_head s_list; /* for normal service table */
- struct list_head f_list; /* for fwmark-based service table */
- /*refcnt和usecnt分别是ip_vs_service对象的引用计数和使用计数。它们是atomic_t类型的变量。refcnt在对象新建时为0,当ip_vs_service对象被加入链表或从链表删除,或者被 ip_vs_dest对象引用时,refcnt相应地增或减1。usecnt初始化为1*/
- atomic_t refcnt; /* reference counter */
- atomic_t usecnt; /* use counter */
- u16 af; /* address family 地址族*/
- __u16 protocol; /* which protocol (TCP/UDP) */
- union nf_inet_addr addr; /* IP address for virtual service 虚拟服务器的地址 */
- __be16 port; /* port number for the service 虚拟服务器的端口号*/
- __u32 fwmark; /* firewall mark of the service */
- /*ip_vs_service对象的状态标志位,可以取IP_VS_SVC_F_PERSISTENT和 IP_VS_SVC_F_HASHED。前者表示IPVS服务使用了基于IP地址的会话保持,即同一IP地址发起的连接将被负载到同一台真实服务器上。后 者表示ip_vs_service对象已被加入到ip_vs_svc_table链表中*/
- unsigned flags; /* service status flags */
- /*timeout和netmask只有在IP_VS_SVC_F_PERSISTENT标志位被设置时才有效, timeout是会话的超时时间,超过 此时间后,会话将不再有效。同一IP地址发起的两个连接,如果间隔超过此时间,则未必会被负载到同一台真实服务器上*/
- unsigned timeout; /* persistent timeout in ticks */
- /*netmask可以将会话保持设置成 基于IP网段的,即同一网段发起的连接将被负载到同一台真实服务器上。*/
- __be32 netmask; /* grouping granularity */
- /*destinations是ip_vs_dest对象链表,它代指了IPVS服务对应的真实服务器列表。num_dests是服务器个数*/
- struct list_head destinations; /* real server d-linked list */
- __u32 num_dests; /* number of servers */
- struct ip_vs_stats stats; /* statistics for the service */
- struct ip_vs_app *inc; /* bind conns to this app inc */
- /* for scheduling 指向了一个ip_vs_scheduler对象,它代指一种调度算法*/
- struct ip_vs_scheduler *scheduler; /* bound scheduler object */
- rwlock_t sched_lock; /* lock sched_data */
- void *sched_data; /* scheduler application data */
- };
3.6 ip_vs_dest_user_kern
用户空间真实服务器信息点击(此处)折叠或打开
- struct ip_vs_dest_user_kern {
- /* destination server address */
- union nf_inet_addr addr;
- __be16 port;
- /* real server options */
- unsigned int conn_flags; /* connection flags */
- int weight; /* destination weight */
- /* thresholds for active connections */
- u32 u_threshold; /* upper threshold */
- u32 l_threshold; /* lower threshold */
- /* Address family of addr */
- u16 af;
- };
3.7 ip_vs_service_user_kern
用户空间虚拟服务器信息点击(此处)折叠或打开
- struct ip_vs_service_user_kern {
- /* virtual service addresses */
- u16 af;
- u16 protocol;
- union nf_inet_addr addr; /* virtual ip address */
- __be16 port;
- u32 fwmark; /* firwall mark of service */
- /* virtual service options */
- char *sched_name;
- char *pe_name;
- unsigned int flags; /* virtual service flags */
- unsigned int timeout; /* persistent timeout in sec */
- __be32 netmask; /* persistent netmask or plen */
- };
3.8 ip_vs_protocol
点击(此处)折叠或打开
- struct ip_vs_protocol {
- struct ip_vs_protocol *next;
- /*协议的名字*/
- char *name;
- /*协议号*/
- u16 protocol;
- u16 num_states;
- int dont_defrag;
- void (*init)(struct ip_vs_protocol *pp);
- void (*exit)(struct ip_vs_protocol *pp);
- int (*init_netns)(struct net *net, struct ip_vs_proto_data *pd);
- void (*exit_netns)(struct net *net, struct ip_vs_proto_data *pd);
- /*协议调度函数*/
- int (*conn_schedule)(int af, struct sk_buff *skb,
- struct ip_vs_proto_data *pd,
- int *verdict, struct ip_vs_conn **cpp,
- struct ip_vs_iphdr *iph);
- /*查in方向的IPVS*/
- struct ip_vs_conn *
- (*conn_in_get)(int af,
- const struct sk_buff *skb,
- const struct ip_vs_iphdr *iph,
- int inverse);
- /*查out方向的IPVS*/
- struct ip_vs_conn *
- (*conn_out_get)(int af,
- const struct sk_buff *skb,
- const struct ip_vs_iphdr *iph,
- int inverse);
- /*SNAT处理函数*/
- int (*snat_handler)(struct sk_buff *skb, struct ip_vs_protocol *pp,
- struct ip_vs_conn *cp, struct ip_vs_iphdr *iph);
- /*DNAT处理函数*/
- int (*dnat_handler)(struct sk_buff *skb, struct ip_vs_protocol *pp,
- struct ip_vs_conn *cp, struct ip_vs_iphdr *iph);
- /*校验和处理函数*/
- int (*csum_check)(int af, struct sk_buff *skb,
- struct ip_vs_protocol *pp);
- const char *(*state_name)(int state);
- /*状态转换函数*/
- void (*state_transition)(struct ip_vs_conn *cp, int direction,
- const struct sk_buff *skb,
- struct ip_vs_proto_data *pd);
- int (*register_app)(struct net *net, struct ip_vs_app *inc);
- void (*unregister_app)(struct net *net, struct ip_vs_app *inc);
- /*多连接的应用绑定函数*/
- int (*app_conn_bind)(struct ip_vs_conn *cp);
- void (*debug_packet)(int af, struct ip_vs_protocol *pp,
- const struct sk_buff *skb,
- int offset,
- const char *msg);
- void (*timeout_change)(struct ip_vs_proto_data *pd, int flags);
- };