[IPV4]: Add the defense timer for IPVS.

include/net/ip_vs.h

@@ -887,7 +887,6 @@ extern int sysctl_ip_vs_cache_bypass;
 extern int sysctl_ip_vs_expire_nodest_conn;
 extern int sysctl_ip_vs_sync_threshold[2];
 extern int sysctl_ip_vs_nat_icmp_send;
-extern atomic_t ip_vs_dropentry;
 extern struct ip_vs_stats ip_vs_stats;
 
 extern struct ip_vs_service *
@@ -902,7 +901,6 @@ extern struct ip_vs_dest *
 ip_vs_lookup_real_service(__u16 protocol, __u32 daddr, __u16 dport);
 extern int ip_vs_use_count_inc(void);
 extern void ip_vs_use_count_dec(void);
-extern void update_defense_level(void);
 extern int ip_vs_control_init(void);
 extern void ip_vs_control_cleanup(void);
 

net/ipv4/ipvs/ip_vs_ctl.c

@@ -93,7 +93,7 @@ int ip_vs_get_debug_level(void)
 /*
  *	update_defense_level is called from timer bh and from sysctl.
  */
-void update_defense_level(void)
+static void update_defense_level(void)
 {
 	struct sysinfo i;
 	static int old_secure_tcp = 0;
@@ -210,6 +210,22 @@ void update_defense_level(void)
 }
 
 
+/*
+ *	Timer for checking the defense
+ */
+static struct timer_list defense_timer;
+#define DEFENSE_TIMER_PERIOD	1*HZ
+
+static void defense_timer_handler(unsigned long data)
+{
+	update_defense_level();
+	if (atomic_read(&ip_vs_dropentry))
+		ip_vs_random_dropentry();
+
+	mod_timer(&defense_timer, jiffies + DEFENSE_TIMER_PERIOD);
+}
+
+
 int
 ip_vs_use_count_inc(void)
 {
@@ -2187,6 +2203,12 @@ int ip_vs_control_init(void)
 	ip_vs_stats.lock = SPIN_LOCK_UNLOCKED;
 	ip_vs_new_estimator(&ip_vs_stats);
 
+	/* Hook the defense timer */
+	init_timer(&defense_timer);
+	defense_timer.function = defense_timer_handler;
+	defense_timer.expires = jiffies + DEFENSE_TIMER_PERIOD;
+	add_timer(&defense_timer);
+
 	LeaveFunction(2);
 	return 0;
 }
@@ -2196,6 +2218,7 @@ void ip_vs_control_cleanup(void)
 {
 	EnterFunction(2);
 	ip_vs_trash_cleanup();
+	del_timer_sync(&defense_timer);
 	ip_vs_kill_estimator(&ip_vs_stats);
 	unregister_sysctl_table(ipv4_vs_table.sysctl_header);
 	proc_net_remove("ip_vs_stats");